summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/cc/compat_compiler.h11
-rw-r--r--src/lib/compress/compress.h4
-rw-r--r--src/lib/crypt_ops/crypto_curve25519.h11
-rw-r--r--src/lib/crypt_ops/crypto_dh.c4
-rw-r--r--src/lib/crypt_ops/crypto_dh.h5
-rw-r--r--src/lib/crypt_ops/crypto_ed25519.h14
-rw-r--r--src/lib/crypt_ops/crypto_format.h20
-rw-r--r--src/lib/defs/dh_sizes.h13
-rw-r--r--src/lib/defs/include.am6
-rw-r--r--src/lib/defs/x25519_sizes.h27
-rw-r--r--src/lib/fs/mmap.h4
-rw-r--r--src/lib/malloc/util_malloc.h8
-rw-r--r--src/lib/string/compat_string.h4
-rw-r--r--src/lib/string/printf.h4
-rw-r--r--src/lib/string/util_string.h24
-rw-r--r--src/or/addr_policy_st.h46
-rw-r--r--src/or/addressmap.c4
-rw-r--r--src/or/bridges.h4
-rw-r--r--src/or/cell_queue_st.h3
-rw-r--r--src/or/channel.c2
-rw-r--r--src/or/channel.h158
-rw-r--r--src/or/channelpadding.c2
-rw-r--r--src/or/channeltls.c3
-rw-r--r--src/or/channeltls.h6
-rw-r--r--src/or/circpathbias.h3
-rw-r--r--src/or/circuit_st.h14
-rw-r--r--src/or/circuitbuild.h14
-rw-r--r--src/or/circuitlist.c4
-rw-r--r--src/or/circuitlist.h142
-rw-r--r--src/or/circuitmux_ewma.c2
-rw-r--r--src/or/circuitstats.c2
-rw-r--r--src/or/circuitstats.h87
-rw-r--r--src/or/config.c14
-rw-r--r--src/or/config.h20
-rw-r--r--src/or/confparse.c1
-rw-r--r--src/or/confparse.h11
-rw-r--r--src/or/connection.c10
-rw-r--r--src/or/connection.h89
-rw-r--r--src/or/connection_edge.c2
-rw-r--r--src/or/connection_edge.h49
-rw-r--r--src/or/connection_or.c5
-rw-r--r--src/or/connection_or.h56
-rw-r--r--src/or/connection_st.h18
-rw-r--r--src/or/conscache.c2
-rw-r--r--src/or/conscache.h9
-rw-r--r--src/or/consdiffmgr.c4
-rw-r--r--src/or/consdiffmgr.h7
-rw-r--r--src/or/control.c10
-rw-r--r--src/or/control.h91
-rw-r--r--src/or/crypt_path_st.h18
-rw-r--r--src/or/desc_store_st.h7
-rw-r--r--src/or/dir_connection_st.h5
-rw-r--r--src/or/dirauth/dirvote.c2
-rw-r--r--src/or/dirauth/shared_random_state.c4
-rw-r--r--src/or/dirauth/shared_random_state.h7
-rw-r--r--src/or/directory.c13
-rw-r--r--src/or/directory.h88
-rw-r--r--src/or/dirserv.c3
-rw-r--r--src/or/dirserv.h20
-rw-r--r--src/or/dns.c6
-rw-r--r--src/or/dnsserv.c2
-rw-r--r--src/or/dos.c2
-rw-r--r--src/or/entrynodes.c2
-rw-r--r--src/or/entrynodes.h3
-rw-r--r--src/or/ext_orport.h20
-rw-r--r--src/or/extend_info_st.h4
-rw-r--r--src/or/geoip.h59
-rw-r--r--src/or/hibernate.c7
-rw-r--r--src/or/hs_cache.c2
-rw-r--r--src/or/hs_cache.h24
-rw-r--r--src/or/hs_circuit.c12
-rw-r--r--src/or/hs_circuitmap.c1
-rw-r--r--src/or/hs_circuitmap.h5
-rw-r--r--src/or/hs_client.c3
-rw-r--r--src/or/hs_common.c1
-rw-r--r--src/or/hs_common.h34
-rw-r--r--src/or/hs_config.c3
-rw-r--r--src/or/hs_control.c2
-rw-r--r--src/or/hs_descriptor.c3
-rw-r--r--src/or/hs_descriptor.h4
-rw-r--r--src/or/hs_intropoint.c2
-rw-r--r--src/or/hs_ntor.c3
-rw-r--r--src/or/hs_ntor.h44
-rw-r--r--src/or/hs_service.c12
-rw-r--r--src/or/include.am5
-rw-r--r--src/or/main.c9
-rw-r--r--src/or/main.h7
-rw-r--r--src/or/microdesc.c7
-rw-r--r--src/or/microdesc_st.h13
-rw-r--r--src/or/networkstatus.c6
-rw-r--r--src/or/networkstatus_st.h8
-rw-r--r--src/or/node_st.h2
-rw-r--r--src/or/nodelist.h15
-rw-r--r--src/or/ntmain.c1
-rw-r--r--src/or/onion.c6
-rw-r--r--src/or/onion.h11
-rw-r--r--src/or/onion_fast.c2
-rw-r--r--src/or/onion_ntor.c2
-rw-r--r--src/or/onion_ntor.h22
-rw-r--r--src/or/onion_tap.c20
-rw-r--r--src/or/onion_tap.h18
-rw-r--r--src/or/or.h2315
-rw-r--r--src/or/or_connection_st.h6
-rw-r--r--src/or/or_handshake_certs_st.h9
-rw-r--r--src/or/or_options_st.h1077
-rw-r--r--src/or/or_state_st.h86
-rw-r--r--src/or/origin_circuit_st.h57
-rw-r--r--src/or/parsecommon.c2
-rw-r--r--src/or/parsecommon.h11
-rw-r--r--src/or/periodic.c2
-rw-r--r--src/or/policies.c3
-rw-r--r--src/or/policies.h37
-rw-r--r--src/or/proto_ext_or.h9
-rw-r--r--src/or/proto_socks.c2
-rw-r--r--src/or/proto_socks.h1
-rw-r--r--src/or/reasons.c3
-rw-r--r--src/or/reasons.h1
-rw-r--r--src/or/relay_crypto.c2
-rw-r--r--src/or/relay_crypto_st.h14
-rw-r--r--src/or/rend_intro_point_st.h10
-rw-r--r--src/or/rendclient.c9
-rw-r--r--src/or/rendcommon.c2
-rw-r--r--src/or/rendmid.c4
-rw-r--r--src/or/rendservice.c29
-rw-r--r--src/or/rendservice.h10
-rw-r--r--src/or/rephist.c5
-rw-r--r--src/or/replaycache.h5
-rw-r--r--src/or/router.c4
-rw-r--r--src/or/router.h14
-rw-r--r--src/or/routerinfo_st.h5
-rw-r--r--src/or/routerkeys.c11
-rw-r--r--src/or/routerlist.c6
-rw-r--r--src/or/routerlist.h85
-rw-r--r--src/or/routerparse.c5
-rw-r--r--src/or/routerparse.h21
-rw-r--r--src/or/routerset.c1
-rw-r--r--src/or/scheduler.c2
-rw-r--r--src/or/scheduler_kist.c4
-rw-r--r--src/or/socks_request_st.h18
-rw-r--r--src/or/statefile.c8
-rw-r--r--src/or/statefile.h4
-rw-r--r--src/or/status.c3
-rw-r--r--src/or/torcert.c2
-rw-r--r--src/or/torcert.h9
-rw-r--r--src/or/transports.c1
-rw-r--r--src/or/vote_routerstatus_st.h2
-rw-r--r--src/test/bench.c13
-rw-r--r--src/test/fuzz/fuzz_consensus.c3
-rw-r--r--src/test/fuzz/fuzz_hsdescv2.c2
-rw-r--r--src/test/fuzz/fuzz_iptsv2.c2
-rw-r--r--src/test/fuzz/fuzz_microdesc.c3
-rw-r--r--src/test/fuzz/fuzz_vrs.c2
-rw-r--r--src/test/fuzz/fuzzing_common.c2
-rw-r--r--src/test/hs_ntor_ref.py7
-rwxr-xr-xsrc/test/ntor_ref.py9
-rw-r--r--src/test/test.c6
-rw-r--r--src/test/test_accounting.c3
-rw-r--r--src/test/test_addr.c5
-rw-r--r--src/test/test_bt_cl.c5
-rw-r--r--src/test/test_buffers.c3
-rw-r--r--src/test/test_cell_formats.c1
-rw-r--r--src/test/test_channelpadding.c4
-rw-r--r--src/test/test_channeltls.c2
-rw-r--r--src/test/test_checkdir.c5
-rw-r--r--src/test/test_circuitbuild.c2
-rw-r--r--src/test/test_config.c8
-rw-r--r--src/test/test_conscache.c2
-rw-r--r--src/test/test_consdiffmgr.c3
-rw-r--r--src/test/test_controller.c2
-rw-r--r--src/test/test_controller_events.c2
-rw-r--r--src/test/test_crypto.c93
-rw-r--r--src/test/test_crypto_slow.c3
-rw-r--r--src/test/test_dir.c8
-rw-r--r--src/test/test_dns.c2
-rw-r--r--src/test/test_entryconn.c3
-rw-r--r--src/test/test_entrynodes.c2
-rw-r--r--src/test/test_extorport.c5
-rw-r--r--src/test/test_helpers.c2
-rw-r--r--src/test/test_hs.c6
-rw-r--r--src/test/test_hs_cache.c2
-rw-r--r--src/test/test_hs_client.c10
-rw-r--r--src/test/test_hs_common.c3
-rw-r--r--src/test/test_hs_control.c2
-rw-r--r--src/test/test_hs_descriptor.c2
-rw-r--r--src/test/test_hs_ntor.c3
-rw-r--r--src/test/test_hs_ntor_cl.c3
-rw-r--r--src/test/test_hs_service.c3
-rw-r--r--src/test/test_link_handshake.c2
-rw-r--r--src/test/test_logging.c4
-rw-r--r--src/test/test_microdesc.c5
-rw-r--r--src/test/test_oos.c2
-rw-r--r--src/test/test_options.c1
-rw-r--r--src/test/test_policy.c3
-rw-r--r--src/test/test_pt.c3
-rw-r--r--src/test/test_relay.c2
-rw-r--r--src/test/test_routerkeys.c9
-rw-r--r--src/test/test_routerlist.c5
-rw-r--r--src/test/test_routerset.c2
-rw-r--r--src/test/test_shared_random.c6
-rw-r--r--src/test/test_socks.c1
-rw-r--r--src/test/test_status.c3
-rw-r--r--src/test/test_storagedir.c2
-rw-r--r--src/test/test_switch_id.c3
-rw-r--r--src/test/test_tortls.c1
-rw-r--r--src/test/test_util.c13
-rw-r--r--src/test/testing_common.c10
206 files changed, 3103 insertions, 2772 deletions
diff --git a/src/lib/cc/compat_compiler.h b/src/lib/cc/compat_compiler.h
index c631a7e821..084923eb09 100644
--- a/src/lib/cc/compat_compiler.h
+++ b/src/lib/cc/compat_compiler.h
@@ -125,16 +125,6 @@
#define ATTR_MALLOC __attribute__((malloc))
#define ATTR_NORETURN __attribute__((noreturn))
#define ATTR_WUR __attribute__((warn_unused_result))
-/* Alas, nonnull is not at present a good idea for us. We'd like to get
- * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
- * spottily), but we don't want to tell the compiler to make optimizations
- * with the assumption that the argument can't be NULL (since this would make
- * many of our checks go away, and make our code less robust against
- * programming errors). Unfortunately, nonnull currently does both of these
- * things, and there's no good way to split them up.
- *
- * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */
-#define ATTR_NONNULL(x)
#define ATTR_UNUSED __attribute__ ((unused))
/** Macro: Evaluates to <b>exp</b> and hints the compiler that the value
@@ -158,7 +148,6 @@
#define ATTR_CONST
#define ATTR_MALLOC
#define ATTR_NORETURN
-#define ATTR_NONNULL(x)
#define ATTR_UNUSED
#define ATTR_WUR
#define PREDICT_LIKELY(exp) (exp)
diff --git a/src/lib/compress/compress.h b/src/lib/compress/compress.h
index ae98e1aaef..4466e27c4d 100644
--- a/src/lib/compress/compress.h
+++ b/src/lib/compress/compress.h
@@ -18,7 +18,7 @@
* GZIP_METHOD is guaranteed to be supported by the compress/uncompress
* functions here. Call tor_compress_supports_method() to check if a given
* compression schema is supported by Tor. */
-typedef enum {
+typedef enum compress_method_t {
NO_METHOD=0, // This method must be first.
GZIP_METHOD=1,
ZLIB_METHOD=2,
@@ -32,7 +32,7 @@ typedef enum {
* BEST_COMPRESSION saves the most bandwidth; LOW_COMPRESSION saves the most
* memory.
**/
-typedef enum {
+typedef enum compression_level_t {
BEST_COMPRESSION, HIGH_COMPRESSION, MEDIUM_COMPRESSION, LOW_COMPRESSION
} compression_level_t;
diff --git a/src/lib/crypt_ops/crypto_curve25519.h b/src/lib/crypt_ops/crypto_curve25519.h
index 2e614848e4..acb36fde3b 100644
--- a/src/lib/crypt_ops/crypto_curve25519.h
+++ b/src/lib/crypt_ops/crypto_curve25519.h
@@ -8,13 +8,7 @@
#include "lib/cc/torint.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_openssl_mgt.h"
-
-/** Length of a curve25519 public key when encoded. */
-#define CURVE25519_PUBKEY_LEN 32
-/** Length of a curve25519 secret key when encoded. */
-#define CURVE25519_SECKEY_LEN 32
-/** Length of the result of a curve25519 handshake. */
-#define CURVE25519_OUTPUT_LEN 32
+#include "lib/defs/x25519_sizes.h"
/** Wrapper type for a curve25519 public key.
*
@@ -75,8 +69,6 @@ STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret);
#endif /* defined(CRYPTO_CURVE25519_PRIVATE) */
-#define CURVE25519_BASE64_PADDED_LEN 44
-
int curve25519_public_from_base64(curve25519_public_key_t *pkey,
const char *input);
int curve25519_public_to_base64(char *output,
@@ -86,4 +78,3 @@ void curve25519_set_impl_params(int use_ed);
void curve25519_init(void);
#endif /* !defined(TOR_CRYPTO_CURVE25519_H) */
-
diff --git a/src/lib/crypt_ops/crypto_dh.c b/src/lib/crypt_ops/crypto_dh.c
index a2622cfc2f..c37e286daf 100644
--- a/src/lib/crypt_ops/crypto_dh.c
+++ b/src/lib/crypt_ops/crypto_dh.c
@@ -344,7 +344,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
/** Generate g^x as necessary, and write the g^x for the key exchange
* as a <b>pubkey_len</b>-byte value into <b>pubkey</b>. Return 0 on
- * success, -1 on failure. <b>pubkey_len</b> must be \>= DH_BYTES.
+ * success, -1 on failure. <b>pubkey_len</b> must be \>= DH1024_KEY_LEN.
*/
int
crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
@@ -378,7 +378,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
tor_assert(bytes >= 0);
if (pubkey_len < (size_t)bytes) {
log_warn(LD_CRYPTO,
- "Weird! pubkey_len (%d) was smaller than DH_BYTES (%d)",
+ "Weird! pubkey_len (%d) was smaller than DH1024_KEY_LEN (%d)",
(int) pubkey_len, bytes);
return -1;
}
diff --git a/src/lib/crypt_ops/crypto_dh.h b/src/lib/crypt_ops/crypto_dh.h
index 7b03e128a2..88e8a919a8 100644
--- a/src/lib/crypt_ops/crypto_dh.h
+++ b/src/lib/crypt_ops/crypto_dh.h
@@ -14,9 +14,8 @@
#define TOR_CRYPTO_DH_H
#include "orconfig.h"
-
-/** Length of our DH keys. */
-#define DH_BYTES (1024/8)
+#include "lib/cc/torint.h"
+#include "lib/defs/dh_sizes.h"
typedef struct crypto_dh_t crypto_dh_t;
diff --git a/src/lib/crypt_ops/crypto_ed25519.h b/src/lib/crypt_ops/crypto_ed25519.h
index 7255a3ec9b..5ecd4530d8 100644
--- a/src/lib/crypt_ops/crypto_ed25519.h
+++ b/src/lib/crypt_ops/crypto_ed25519.h
@@ -7,24 +7,20 @@
#include "lib/testsupport/testsupport.h"
#include "lib/cc/torint.h"
#include "lib/crypt_ops/crypto_curve25519.h"
-
-#define ED25519_PUBKEY_LEN 32
-#define ED25519_SECKEY_LEN 64
-#define ED25519_SECKEY_SEED_LEN 32
-#define ED25519_SIG_LEN 64
+#include "lib/defs/x25519_sizes.h"
/** An Ed25519 signature. */
-typedef struct {
+typedef struct ed25519_signature_t {
uint8_t sig[ED25519_SIG_LEN];
} ed25519_signature_t;
/** An Ed25519 public key */
-typedef struct {
+typedef struct ed25519_public_key_t {
uint8_t pubkey[ED25519_PUBKEY_LEN];
} ed25519_public_key_t;
/** An Ed25519 secret key */
-typedef struct {
+typedef struct ed25519_secret_key_t {
/** Note that we store secret keys in an expanded format that doesn't match
* the format from standard ed25519. Ed25519 stores a 32-byte value k and
* expands it into a 64-byte H(k), using the first 32 bytes for a multiplier
@@ -35,7 +31,7 @@ typedef struct {
} ed25519_secret_key_t;
/** An Ed25519 keypair. */
-typedef struct {
+typedef struct ed25519_keypair_t {
ed25519_public_key_t pubkey;
ed25519_secret_key_t seckey;
} ed25519_keypair_t;
diff --git a/src/lib/crypt_ops/crypto_format.h b/src/lib/crypt_ops/crypto_format.h
index 77983f2161..4a29b07b3b 100644
--- a/src/lib/crypt_ops/crypto_format.h
+++ b/src/lib/crypt_ops/crypto_format.h
@@ -9,7 +9,10 @@
#include "lib/testsupport/testsupport.h"
#include "lib/cc/torint.h"
-#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/defs/x25519_sizes.h"
+
+struct ed25519_public_key_t;
+struct ed25519_signature_t;
int crypto_write_tagged_contents_to_file(const char *fname,
const char *typestring,
@@ -23,20 +26,16 @@ ssize_t crypto_read_tagged_contents_from_file(const char *fname,
uint8_t *data_out,
ssize_t data_out_len);
-#define ED25519_BASE64_LEN 43
-int ed25519_public_from_base64(ed25519_public_key_t *pkey,
+int ed25519_public_from_base64(struct ed25519_public_key_t *pkey,
const char *input);
int ed25519_public_to_base64(char *output,
- const ed25519_public_key_t *pkey);
-const char *ed25519_fmt(const ed25519_public_key_t *pkey);
-
-/* XXXX move these to crypto_format.h */
-#define ED25519_SIG_BASE64_LEN 86
+ const struct ed25519_public_key_t *pkey);
+const char *ed25519_fmt(const struct ed25519_public_key_t *pkey);
-int ed25519_signature_from_base64(ed25519_signature_t *sig,
+int ed25519_signature_from_base64(struct ed25519_signature_t *sig,
const char *input);
int ed25519_signature_to_base64(char *output,
- const ed25519_signature_t *sig);
+ const struct ed25519_signature_t *sig);
int digest_to_base64(char *d64, const char *digest);
int digest_from_base64(char *digest, const char *d64);
@@ -44,4 +43,3 @@ int digest256_to_base64(char *d64, const char *digest);
int digest256_from_base64(char *digest, const char *d64);
#endif /* !defined(TOR_CRYPTO_FORMAT_H) */
-
diff --git a/src/lib/defs/dh_sizes.h b/src/lib/defs/dh_sizes.h
new file mode 100644
index 0000000000..b60957281c
--- /dev/null
+++ b/src/lib/defs/dh_sizes.h
@@ -0,0 +1,13 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_DH_SIZES_H
+#define TOR_DH_SIZES_H
+
+/** Length of our legacy DH keys. */
+#define DH1024_KEY_LEN (1024/8)
+
+#endif
diff --git a/src/lib/defs/include.am b/src/lib/defs/include.am
index ff48cff07c..48ee7f29fc 100644
--- a/src/lib/defs/include.am
+++ b/src/lib/defs/include.am
@@ -1,3 +1,5 @@
-noinst_HEADERS += \
- src/lib/defs/digest_sizes.h
+noinst_HEADERS += \
+ src/lib/defs/dh_sizes.h \
+ src/lib/defs/digest_sizes.h \
+ src/lib/defs/x25519_sizes.h
diff --git a/src/lib/defs/x25519_sizes.h b/src/lib/defs/x25519_sizes.h
new file mode 100644
index 0000000000..adaaab8c4d
--- /dev/null
+++ b/src/lib/defs/x25519_sizes.h
@@ -0,0 +1,27 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_X25519_SIZES_H
+#define TOR_X25519_SIZES_H
+
+/** Length of a curve25519 public key when encoded. */
+#define CURVE25519_PUBKEY_LEN 32
+/** Length of a curve25519 secret key when encoded. */
+#define CURVE25519_SECKEY_LEN 32
+/** Length of the result of a curve25519 handshake. */
+#define CURVE25519_OUTPUT_LEN 32
+
+#define ED25519_PUBKEY_LEN 32
+#define ED25519_SECKEY_LEN 64
+#define ED25519_SECKEY_SEED_LEN 32
+#define ED25519_SIG_LEN 64
+
+#define CURVE25519_BASE64_PADDED_LEN 44
+
+#define ED25519_BASE64_LEN 43
+#define ED25519_SIG_BASE64_LEN 86
+
+#endif
diff --git a/src/lib/fs/mmap.h b/src/lib/fs/mmap.h
index 125f368802..8d6ca9a0e2 100644
--- a/src/lib/fs/mmap.h
+++ b/src/lib/fs/mmap.h
@@ -35,7 +35,7 @@ typedef struct tor_mmap_t {
} tor_mmap_t;
-tor_mmap_t *tor_mmap_file(const char *filename) ATTR_NONNULL((1));
-int tor_munmap_file(tor_mmap_t *handle) ATTR_NONNULL((1));
+tor_mmap_t *tor_mmap_file(const char *filename);
+int tor_munmap_file(tor_mmap_t *handle);
#endif
diff --git a/src/lib/malloc/util_malloc.h b/src/lib/malloc/util_malloc.h
index 88ecc04530..a1e9531176 100644
--- a/src/lib/malloc/util_malloc.h
+++ b/src/lib/malloc/util_malloc.h
@@ -21,13 +21,13 @@ void *tor_malloc_zero_(size_t size) ATTR_MALLOC;
void *tor_calloc_(size_t nmemb, size_t size) ATTR_MALLOC;
void *tor_realloc_(void *ptr, size_t size);
void *tor_reallocarray_(void *ptr, size_t size1, size_t size2);
-char *tor_strdup_(const char *s) ATTR_MALLOC ATTR_NONNULL((1));
+char *tor_strdup_(const char *s) ATTR_MALLOC;
char *tor_strndup_(const char *s, size_t n)
- ATTR_MALLOC ATTR_NONNULL((1));
+ ATTR_MALLOC;
void *tor_memdup_(const void *mem, size_t len)
- ATTR_MALLOC ATTR_NONNULL((1));
+ ATTR_MALLOC;
void *tor_memdup_nulterm_(const void *mem, size_t len)
- ATTR_MALLOC ATTR_NONNULL((1));
+ ATTR_MALLOC;
void tor_free_(void *mem);
/** Release memory allocated by tor_malloc, tor_realloc, tor_strdup,
diff --git a/src/lib/string/compat_string.h b/src/lib/string/compat_string.h
index 0a4ce01755..34490bce07 100644
--- a/src/lib/string/compat_string.h
+++ b/src/lib/string/compat_string.h
@@ -41,10 +41,10 @@ static inline int strcasecmp(const char *a, const char *b, size_t n) {
#endif /* defined __APPLE__ */
#ifndef HAVE_STRLCAT
-size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
+size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRLCPY
-size_t strlcpy(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
+size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
char *tor_strtok_r_impl(char *str, const char *sep, char **lasts);
diff --git a/src/lib/string/printf.h b/src/lib/string/printf.h
index 2f46206545..69b724379a 100644
--- a/src/lib/string/printf.h
+++ b/src/lib/string/printf.h
@@ -13,9 +13,9 @@
#include <stddef.h>
int tor_snprintf(char *str, size_t size, const char *format, ...)
- CHECK_PRINTF(3,4) ATTR_NONNULL((1,3));
+ CHECK_PRINTF(3,4);
int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
- CHECK_PRINTF(3,0) ATTR_NONNULL((1,3));
+ CHECK_PRINTF(3,0);
int tor_asprintf(char **strp, const char *fmt, ...)
CHECK_PRINTF(2,3);
diff --git a/src/lib/string/util_string.h b/src/lib/string/util_string.h
index bdc2e77cea..75407d5ffa 100644
--- a/src/lib/string/util_string.h
+++ b/src/lib/string/util_string.h
@@ -12,29 +12,29 @@
#include <stddef.h>
const void *tor_memmem(const void *haystack, size_t hlen, const void *needle,
- size_t nlen) ATTR_NONNULL((1,3));
+ size_t nlen);
const void *tor_memstr(const void *haystack, size_t hlen,
- const char *needle) ATTR_NONNULL((1,3));
+ const char *needle);
int tor_mem_is_zero(const char *mem, size_t len);
int tor_digest_is_zero(const char *digest);
int tor_digest256_is_zero(const char *digest);
/** Allowable characters in a hexadecimal string. */
#define HEX_CHARACTERS "0123456789ABCDEFabcdef"
-void tor_strlower(char *s) ATTR_NONNULL((1));
-void tor_strupper(char *s) ATTR_NONNULL((1));
-int tor_strisprint(const char *s) ATTR_NONNULL((1));
-int tor_strisnonupper(const char *s) ATTR_NONNULL((1));
+void tor_strlower(char *s);
+void tor_strupper(char *s);
+int tor_strisprint(const char *s);
+int tor_strisnonupper(const char *s);
int tor_strisspace(const char *s);
int strcmp_opt(const char *s1, const char *s2);
-int strcmpstart(const char *s1, const char *s2) ATTR_NONNULL((1,2));
-int strcmp_len(const char *s1, const char *s2, size_t len) ATTR_NONNULL((1,2));
-int strcasecmpstart(const char *s1, const char *s2) ATTR_NONNULL((1,2));
-int strcmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
-int strcasecmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
+int strcmpstart(const char *s1, const char *s2);
+int strcmp_len(const char *s1, const char *s2, size_t len);
+int strcasecmpstart(const char *s1, const char *s2);
+int strcmpend(const char *s1, const char *s2);
+int strcasecmpend(const char *s1, const char *s2);
int fast_memcmpstart(const void *mem, size_t memlen, const char *prefix);
-void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2));
+void tor_strstrip(char *s, const char *strip);
const char *eat_whitespace(const char *s);
const char *eat_whitespace_eos(const char *s, const char *eos);
diff --git a/src/or/addr_policy_st.h b/src/or/addr_policy_st.h
new file mode 100644
index 0000000000..be3e9d8f01
--- /dev/null
+++ b/src/or/addr_policy_st.h
@@ -0,0 +1,46 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_ADDR_POLICY_ST_H
+#define TOR_ADDR_POLICY_ST_H
+
+#include "lib/cc/torint.h"
+#include "lib/net/address.h"
+
+/** What action type does an address policy indicate: accept or reject? */
+typedef enum {
+ ADDR_POLICY_ACCEPT=1,
+ ADDR_POLICY_REJECT=2,
+} addr_policy_action_t;
+#define addr_policy_action_bitfield_t ENUM_BF(addr_policy_action_t)
+
+/** A reference-counted address policy rule. */
+typedef struct addr_policy_t {
+ int refcnt; /**< Reference count */
+ /** What to do when the policy matches.*/
+ addr_policy_action_bitfield_t policy_type:2;
+ unsigned int is_private:1; /**< True iff this is the pseudo-address,
+ * "private". */
+ unsigned int is_canonical:1; /**< True iff this policy is the canonical
+ * copy (stored in a hash table to avoid
+ * duplication of common policies) */
+ maskbits_t maskbits; /**< Accept/reject all addresses <b>a</b> such that the
+ * first <b>maskbits</b> bits of <b>a</b> match
+ * <b>addr</b>. */
+ /** Base address to accept or reject.
+ *
+ * Note that wildcards are treated
+ * differntly depending on address family. An AF_UNSPEC address means
+ * "All addresses, IPv4 or IPv6." An AF_INET address with maskbits==0 means
+ * "All IPv4 addresses" and an AF_INET6 address with maskbits == 0 means
+ * "All IPv6 addresses".
+ **/
+ tor_addr_t addr;
+ uint16_t prt_min; /**< Lowest port number to accept/reject. */
+ uint16_t prt_max; /**< Highest port number to accept/reject. */
+} addr_policy_t;
+
+#endif
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index a0df5c9865..f622be4d09 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -15,13 +15,14 @@
#define ADDRESSMAP_PRIVATE
+#include "lib/crypt_ops/crypto_rand.h"
+
#include "or/or.h"
#include "or/addressmap.h"
#include "or/circuituse.h"
#include "or/config.h"
#include "or/connection_edge.h"
#include "or/control.h"
-#include "lib/crypt_ops/crypto_rand.h"
#include "or/dns.h"
#include "or/nodelist.h"
#include "or/routerset.h"
@@ -1153,4 +1154,3 @@ addressmap_get_mappings(smartlist_t *sl, time_t min_expires,
iter = strmap_iter_next(addressmap,iter);
}
}
-
diff --git a/src/or/bridges.h b/src/or/bridges.h
index d6fec4b46d..70588c1b91 100644
--- a/src/or/bridges.h
+++ b/src/or/bridges.h
@@ -13,6 +13,7 @@
#define TOR_BRIDGES_H
struct bridge_line_t;
+struct ed25519_public_key_t;
/* Opaque handle to a configured bridge */
typedef struct bridge_info_t bridge_info_t;
@@ -38,7 +39,7 @@ int routerinfo_is_a_configured_bridge(const routerinfo_t *ri);
int node_is_a_configured_bridge(const node_t *node);
void learned_router_identity(const tor_addr_t *addr, uint16_t port,
const char *digest,
- const ed25519_public_key_t *ed_id);
+ const struct ed25519_public_key_t *ed_id);
void bridge_add_from_config(struct bridge_line_t *bridge_line);
void retry_bridge_descriptor_fetch_directly(const char *digest);
@@ -77,4 +78,3 @@ STATIC void bridge_resolve_conflicts(const tor_addr_t *addr,
#endif /* defined(TOR_BRIDGES_PRIVATE) */
#endif /* !defined(TOR_BRIDGES_H) */
-
diff --git a/src/or/cell_queue_st.h b/src/or/cell_queue_st.h
index 4ad98dafbf..40110019bc 100644
--- a/src/or/cell_queue_st.h
+++ b/src/or/cell_queue_st.h
@@ -7,6 +7,8 @@
#ifndef PACKED_CELL_ST_H
#define PACKED_CELL_ST_H
+#include "tor_queue.h"
+
/** A cell as packed for writing to the network. */
struct packed_cell_t {
/** Next cell queued on this circuit. */
@@ -25,4 +27,3 @@ struct cell_queue_t {
};
#endif
-
diff --git a/src/or/channel.c b/src/or/channel.c
index ac1960ae03..981f9aecff 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -79,6 +79,7 @@
#include "lib/time/compat_time.h"
#include "or/networkstatus.h"
#include "or/rendservice.h"
+#include "common/timers.h"
#include "or/cell_queue_st.h"
@@ -3477,4 +3478,3 @@ channel_update_bad_for_new_circs(const char *digest, int force)
channel_rsa_id_group_set_badness(&(*iter)->channel_list, force);
}
}
-
diff --git a/src/or/channel.h b/src/or/channel.h
index 44b752e2c5..010a8aa5bc 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -11,8 +11,13 @@
#include "or/or.h"
#include "or/circuitmux.h"
-#include "common/timers.h"
#include "common/handles.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
+#include "tor_queue.h"
+
+#define tor_timer_t timeout
+struct tor_timer_t;
/* Channel handler function pointer typedefs */
typedef void (*channel_listener_fn_ptr)(channel_listener_t *, channel_t *);
@@ -30,6 +35,141 @@ typedef enum {
CHANNEL_USED_FOR_USER_TRAFFIC,
} channel_usage_info_t;
+/** Possible rules for generating circuit IDs on an OR connection. */
+typedef enum {
+ CIRC_ID_TYPE_LOWER=0, /**< Pick from 0..1<<15-1. */
+ CIRC_ID_TYPE_HIGHER=1, /**< Pick from 1<<15..1<<16-1. */
+ /** The other side of a connection is an OP: never create circuits to it,
+ * and let it use any circuit ID it wants. */
+ CIRC_ID_TYPE_NEITHER=2
+} circ_id_type_t;
+#define circ_id_type_bitfield_t ENUM_BF(circ_id_type_t)
+
+/* channel states for channel_t */
+
+typedef enum {
+ /*
+ * Closed state - channel is inactive
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_CLOSING
+ * Permitted transitions to:
+ * - CHANNEL_STATE_OPENING
+ */
+ CHANNEL_STATE_CLOSED = 0,
+ /*
+ * Opening state - channel is trying to connect
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_CLOSED
+ * Permitted transitions to:
+ * - CHANNEL_STATE_CLOSING
+ * - CHANNEL_STATE_ERROR
+ * - CHANNEL_STATE_OPEN
+ */
+ CHANNEL_STATE_OPENING,
+ /*
+ * Open state - channel is active and ready for use
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_MAINT
+ * - CHANNEL_STATE_OPENING
+ * Permitted transitions to:
+ * - CHANNEL_STATE_CLOSING
+ * - CHANNEL_STATE_ERROR
+ * - CHANNEL_STATE_MAINT
+ */
+ CHANNEL_STATE_OPEN,
+ /*
+ * Maintenance state - channel is temporarily offline for subclass specific
+ * maintenance activities such as TLS renegotiation.
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_OPEN
+ * Permitted transitions to:
+ * - CHANNEL_STATE_CLOSING
+ * - CHANNEL_STATE_ERROR
+ * - CHANNEL_STATE_OPEN
+ */
+ CHANNEL_STATE_MAINT,
+ /*
+ * Closing state - channel is shutting down
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_MAINT
+ * - CHANNEL_STATE_OPEN
+ * Permitted transitions to:
+ * - CHANNEL_STATE_CLOSED,
+ * - CHANNEL_STATE_ERROR
+ */
+ CHANNEL_STATE_CLOSING,
+ /*
+ * Error state - channel has experienced a permanent error
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_CLOSING
+ * - CHANNEL_STATE_MAINT
+ * - CHANNEL_STATE_OPENING
+ * - CHANNEL_STATE_OPEN
+ * Permitted transitions to:
+ * - None
+ */
+ CHANNEL_STATE_ERROR,
+ /*
+ * Placeholder for maximum state value
+ */
+ CHANNEL_STATE_LAST
+} channel_state_t;
+
+/* channel listener states for channel_listener_t */
+
+typedef enum {
+ /*
+ * Closed state - channel listener is inactive
+ *
+ * Permitted transitions from:
+ * - CHANNEL_LISTENER_STATE_CLOSING
+ * Permitted transitions to:
+ * - CHANNEL_LISTENER_STATE_LISTENING
+ */
+ CHANNEL_LISTENER_STATE_CLOSED = 0,
+ /*
+ * Listening state - channel listener is listening for incoming
+ * connections
+ *
+ * Permitted transitions from:
+ * - CHANNEL_LISTENER_STATE_CLOSED
+ * Permitted transitions to:
+ * - CHANNEL_LISTENER_STATE_CLOSING
+ * - CHANNEL_LISTENER_STATE_ERROR
+ */
+ CHANNEL_LISTENER_STATE_LISTENING,
+ /*
+ * Closing state - channel listener is shutting down
+ *
+ * Permitted transitions from:
+ * - CHANNEL_LISTENER_STATE_LISTENING
+ * Permitted transitions to:
+ * - CHANNEL_LISTENER_STATE_CLOSED,
+ * - CHANNEL_LISTENER_STATE_ERROR
+ */
+ CHANNEL_LISTENER_STATE_CLOSING,
+ /*
+ * Error state - channel listener has experienced a permanent error
+ *
+ * Permitted transitions from:
+ * - CHANNEL_STATE_CLOSING
+ * - CHANNEL_STATE_LISTENING
+ * Permitted transitions to:
+ * - None
+ */
+ CHANNEL_LISTENER_STATE_ERROR,
+ /*
+ * Placeholder for maximum state value
+ */
+ CHANNEL_LISTENER_STATE_LAST
+} channel_listener_state_t;
+
/**
* Channel struct; see the channel_t typedef in or.h. A channel is an
* abstract interface for the OR-to-OR connection, similar to connection_or_t,
@@ -92,7 +232,7 @@ struct channel_s {
monotime_coarse_t next_padding_time;
/** The callback pointer for the padding callbacks */
- tor_timer_t *padding_timer;
+ struct tor_timer_t *padding_timer;
/** The handle to this channel (to free on canceled timers) */
struct channel_handle_t *timer_handle;
@@ -251,7 +391,7 @@ struct channel_s {
* necessarily its true identity. Don't believe this identity unless
* authentication has happened.
*/
- ed25519_public_key_t ed25519_identity;
+ struct ed25519_public_key_t ed25519_identity;
/**
* Linked list of channels with the same RSA identity digest, for use with
@@ -470,8 +610,8 @@ void channel_mark_incoming(channel_t *chan);
void channel_mark_outgoing(channel_t *chan);
void channel_mark_remote(channel_t *chan);
void channel_set_identity_digest(channel_t *chan,
- const char *identity_digest,
- const ed25519_public_key_t *ed_identity);
+ const char *identity_digest,
+ const struct ed25519_public_key_t *ed_identity);
void channel_listener_change_state(channel_listener_t *chan_l,
channel_listener_state_t to_state);
@@ -521,10 +661,10 @@ int channel_send_destroy(circid_t circ_id, channel_t *chan,
channel_t * channel_connect(const tor_addr_t *addr, uint16_t port,
const char *rsa_id_digest,
- const ed25519_public_key_t *ed_id);
+ const struct ed25519_public_key_t *ed_id);
channel_t * channel_get_for_extend(const char *rsa_id_digest,
- const ed25519_public_key_t *ed_id,
+ const struct ed25519_public_key_t *ed_id,
const tor_addr_t *target_addr,
const char **msg_out,
int *launch_out);
@@ -537,7 +677,7 @@ int channel_is_better(channel_t *a, channel_t *b);
channel_t * channel_find_by_global_id(uint64_t global_identifier);
channel_t * channel_find_by_remote_identity(const char *rsa_id_digest,
- const ed25519_public_key_t *ed_id);
+ const struct ed25519_public_key_t *ed_id);
/** For things returned by channel_find_by_remote_digest(), walk the list.
* The RSA key will match for all returned elements; the Ed25519 key might not.
@@ -635,6 +775,6 @@ int packed_cell_is_destroy(channel_t *chan,
HANDLE_DECL(channel, channel_s,)
#define channel_handle_free(h) \
FREE_AND_NULL(channel_handle_t, channel_handle_free_, (h))
+#undef tor_timer_t
#endif /* !defined(TOR_CHANNEL_H) */
-
diff --git a/src/or/channelpadding.c b/src/or/channelpadding.c
index 6bef4d8b3d..fa957c6c6a 100644
--- a/src/or/channelpadding.c
+++ b/src/or/channelpadding.c
@@ -22,6 +22,7 @@
#include "or/router.h"
#include "lib/time/compat_time.h"
#include "or/rendservice.h"
+#include "common/timers.h"
#include "or/cell_st.h"
#include "or/or_connection_st.h"
@@ -797,4 +798,3 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_PADLATER;
}
}
-
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 5258935aee..b2cab0f550 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -69,6 +69,8 @@
#include "or/routerinfo_st.h"
#include "or/var_cell_st.h"
+#include "lib/tls/tortls.h"
+
/** How many CELL_PADDING cells have we received, ever? */
uint64_t stats_n_padding_cells_processed = 0;
/** How many CELL_VERSIONS cells have we received, ever? */
@@ -2454,4 +2456,3 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
#undef ERR
}
-
diff --git a/src/or/channeltls.h b/src/or/channeltls.h
index be74127c9a..1ab899af96 100644
--- a/src/or/channeltls.h
+++ b/src/or/channeltls.h
@@ -12,6 +12,9 @@
#include "or/or.h"
#include "or/channel.h"
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
#define BASE_CHAN_TO_TLS(c) (channel_tls_from_base((c)))
#define TLS_CHAN_TO_BASE(c) (channel_tls_to_base((c)))
@@ -30,7 +33,7 @@ struct channel_tls_s {
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port,
const char *id_digest,
- const ed25519_public_key_t *ed_id);
+ const struct ed25519_public_key_t *ed_id);
channel_listener_t * channel_tls_get_listener(void);
channel_listener_t * channel_tls_start_listener(void);
channel_t * channel_tls_handle_incoming(or_connection_t *orconn);
@@ -72,4 +75,3 @@ STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell,
#endif /* defined(CHANNELTLS_PRIVATE) */
#endif /* !defined(TOR_CHANNELTLS_H) */
-
diff --git a/src/or/circpathbias.h b/src/or/circpathbias.h
index 09162c40e5..c99d1277bb 100644
--- a/src/or/circpathbias.h
+++ b/src/or/circpathbias.h
@@ -23,7 +23,6 @@ int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell);
void pathbias_count_use_attempt(origin_circuit_t *circ);
void pathbias_mark_use_success(origin_circuit_t *circ);
void pathbias_mark_use_rollback(origin_circuit_t *circ);
-const char *pathbias_state_to_string(path_state_t state);
+const char *pathbias_state_to_string(enum path_state_t state);
#endif /* !defined(TOR_CIRCPATHBIAS_H) */
-
diff --git a/src/or/circuit_st.h b/src/or/circuit_st.h
index 0ace64f3ee..8453efa633 100644
--- a/src/or/circuit_st.h
+++ b/src/or/circuit_st.h
@@ -11,6 +11,17 @@
#include "or/cell_queue_st.h"
+struct hs_token_t;
+
+/** "magic" value for an origin_circuit_t */
+#define ORIGIN_CIRCUIT_MAGIC 0x35315243u
+/** "magic" value for an or_circuit_t */
+#define OR_CIRCUIT_MAGIC 0x98ABC04Fu
+/** "magic" value for a circuit that would have been freed by circuit_free,
+ * but which we're keeping around until a cpuworker reply arrives. See
+ * circuit_free() for more documentation. */
+#define DEAD_CIRCUIT_MAGIC 0xdeadc14c
+
/**
* A circuit is a path over the onion routing
* network. Applications can connect to one end of the circuit, and can
@@ -162,11 +173,10 @@ struct circuit_t {
/** If set, points to an HS token that this circuit might be carrying.
* Used by the HS circuitmap. */
- hs_token_t *hs_token;
+ struct hs_token_t *hs_token;
/** Hashtable node: used to look up the circuit by its HS token using the HS
circuitmap. */
HT_ENTRY(circuit_t) hs_circuitmap_node;
};
#endif
-
diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h
index ffbb31e0d8..9f5d99c2a5 100644
--- a/src/or/circuitbuild.h
+++ b/src/or/circuitbuild.h
@@ -12,6 +12,9 @@
#ifndef TOR_CIRCUITBUILD_H
#define TOR_CIRCUITBUILD_H
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
int route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei);
char *circuit_list_path(origin_circuit_t *circ, int verbose);
char *circuit_list_path_for_controller(origin_circuit_t *circ);
@@ -52,9 +55,9 @@ int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *info);
void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop);
extend_info_t *extend_info_new(const char *nickname,
const char *rsa_id_digest,
- const ed25519_public_key_t *ed_id,
+ const struct ed25519_public_key_t *ed_id,
crypto_pk_t *onion_key,
- const curve25519_public_key_t *ntor_key,
+ const struct curve25519_public_key_t *ntor_key,
const tor_addr_t *addr, uint16_t port);
extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect);
extend_info_t *extend_info_dup(extend_info_t *info);
@@ -91,8 +94,10 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
int is_hs_v3_rp_circuit);
#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-STATIC const node_t *pick_tor2web_rendezvous_node(router_crn_flags_t flags,
- const or_options_t *options);
+enum router_crn_flags_t;
+STATIC const node_t *pick_tor2web_rendezvous_node(
+ enum router_crn_flags_t flags,
+ const or_options_t *options);
unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
@@ -100,4 +105,3 @@ unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
#endif /* defined(CIRCUITBUILD_PRIVATE) */
#endif /* !defined(TOR_CIRCUITBUILD_H) */
-
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index a696533ae4..f0a7446c93 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -67,6 +67,7 @@
#include "or/control.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "or/directory.h"
#include "or/entrynodes.h"
#include "or/main.h"
@@ -86,9 +87,11 @@
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/channelpadding.h"
+#include "lib/compress/compress.h"
#include "lib/compress/compress_lzma.h"
#include "lib/compress/compress_zlib.h"
#include "lib/compress/compress_zstd.h"
+#include "lib/container/buffers.h"
#include "ht.h"
@@ -2737,4 +2740,3 @@ assert_circuit_ok,(const circuit_t *c))
tor_assert(!or_circ || !or_circ->rend_splice);
}
}
-
diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h
index 8b41424eeb..7c9bc0199a 100644
--- a/src/or/circuitlist.h
+++ b/src/or/circuitlist.h
@@ -15,6 +15,147 @@
#include "lib/testsupport/testsupport.h"
#include "or/hs_ident.h"
+/** Circuit state: I'm the origin, still haven't done all my handshakes. */
+#define CIRCUIT_STATE_BUILDING 0
+/** Circuit state: Waiting to process the onionskin. */
+#define CIRCUIT_STATE_ONIONSKIN_PENDING 1
+/** Circuit state: I'd like to deliver a create, but my n_chan is still
+ * connecting. */
+#define CIRCUIT_STATE_CHAN_WAIT 2
+/** Circuit state: the circuit is open but we don't want to actually use it
+ * until we find out if a better guard will be available.
+ */
+#define CIRCUIT_STATE_GUARD_WAIT 3
+/** Circuit state: onionskin(s) processed, ready to send/receive cells. */
+#define CIRCUIT_STATE_OPEN 4
+
+#define CIRCUIT_PURPOSE_MIN_ 1
+
+/* these circuits were initiated elsewhere */
+#define CIRCUIT_PURPOSE_OR_MIN_ 1
+/** OR-side circuit purpose: normal circuit, at OR. */
+#define CIRCUIT_PURPOSE_OR 1
+/** OR-side circuit purpose: At OR, from the service, waiting for intro from
+ * clients. */
+#define CIRCUIT_PURPOSE_INTRO_POINT 2
+/** OR-side circuit purpose: At OR, from the client, waiting for the service.
+ */
+#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
+/** OR-side circuit purpose: At OR, both circuits have this purpose. */
+#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
+#define CIRCUIT_PURPOSE_OR_MAX_ 4
+
+/* these circuits originate at this node */
+
+/* here's how circ client-side purposes work:
+ * normal circuits are C_GENERAL.
+ * circuits that are c_introducing are either on their way to
+ * becoming open, or they are open and waiting for a
+ * suitable rendcirc before they send the intro.
+ * circuits that are c_introduce_ack_wait have sent the intro,
+ * but haven't gotten a response yet.
+ * circuits that are c_establish_rend are either on their way
+ * to becoming open, or they are open and have sent the
+ * establish_rendezvous cell but haven't received an ack.
+ * circuits that are c_rend_ready are open and have received a
+ * rend ack, but haven't heard from the service yet. if they have a
+ * buildstate->pending_final_cpath then they're expecting a
+ * cell from the service, else they're not.
+ * circuits that are c_rend_ready_intro_acked are open, and
+ * some intro circ has sent its intro and received an ack.
+ * circuits that are c_rend_joined are open, have heard from
+ * the service, and are talking to it.
+ */
+/** Client-side circuit purpose: Normal circuit, with cpath. */
+#define CIRCUIT_PURPOSE_C_GENERAL 5
+#define CIRCUIT_PURPOSE_C_HS_MIN_ 6
+/** Client-side circuit purpose: at the client, connecting to intro point. */
+#define CIRCUIT_PURPOSE_C_INTRODUCING 6
+/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point,
+ * waiting for ACK/NAK. */
+#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
+/** Client-side circuit purpose: at the client, introduced and acked, closing.
+ */
+#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
+/** Client-side circuit purpose: at the client, waiting for ack. */
+#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
+/** Client-side circuit purpose: at the client, waiting for the service. */
+#define CIRCUIT_PURPOSE_C_REND_READY 10
+/** Client-side circuit purpose: at the client, waiting for the service,
+ * INTRODUCE has been acknowledged. */
+#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
+/** Client-side circuit purpose: at the client, rendezvous established. */
+#define CIRCUIT_PURPOSE_C_REND_JOINED 12
+/** This circuit is used for getting hsdirs */
+#define CIRCUIT_PURPOSE_C_HSDIR_GET 13
+#define CIRCUIT_PURPOSE_C_HS_MAX_ 13
+/** This circuit is used for build time measurement only */
+#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14
+#define CIRCUIT_PURPOSE_C_MAX_ 14
+
+#define CIRCUIT_PURPOSE_S_HS_MIN_ 15
+/** Hidden-service-side circuit purpose: at the service, waiting for
+ * introductions. */
+#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15
+/** Hidden-service-side circuit purpose: at the service, successfully
+ * established intro. */
+#define CIRCUIT_PURPOSE_S_INTRO 16
+/** Hidden-service-side circuit purpose: at the service, connecting to rend
+ * point. */
+#define CIRCUIT_PURPOSE_S_CONNECT_REND 17
+/** Hidden-service-side circuit purpose: at the service, rendezvous
+ * established. */
+#define CIRCUIT_PURPOSE_S_REND_JOINED 18
+/** This circuit is used for uploading hsdirs */
+#define CIRCUIT_PURPOSE_S_HSDIR_POST 19
+#define CIRCUIT_PURPOSE_S_HS_MAX_ 19
+
+/** A testing circuit; not meant to be used for actual traffic. */
+#define CIRCUIT_PURPOSE_TESTING 20
+/** A controller made this circuit and Tor should not use it. */
+#define CIRCUIT_PURPOSE_CONTROLLER 21
+/** This circuit is used for path bias probing only */
+#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22
+
+/** This circuit is used for vanguards/restricted paths.
+ *
+ * This type of circuit is *only* created preemptively and never
+ * on-demand. When an HS operation needs to take place (e.g. connect to an
+ * intro point), these circuits are then cannibalized and repurposed to the
+ * actual needed HS purpose. */
+#define CIRCUIT_PURPOSE_HS_VANGUARDS 23
+
+#define CIRCUIT_PURPOSE_MAX_ 23
+/** A catch-all for unrecognized purposes. Currently we don't expect
+ * to make or see any circuits with this purpose. */
+#define CIRCUIT_PURPOSE_UNKNOWN 255
+
+/** True iff the circuit purpose <b>p</b> is for a circuit that
+ * originated at this node. */
+#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_)
+/** True iff the circuit purpose <b>p</b> is for a circuit that originated
+ * here to serve as a client. (Hidden services don't count here.) */
+#define CIRCUIT_PURPOSE_IS_CLIENT(p) \
+ ((p)> CIRCUIT_PURPOSE_OR_MAX_ && \
+ (p)<=CIRCUIT_PURPOSE_C_MAX_)
+/** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */
+#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
+/** True iff the circuit purpose <b>p</b> is for an established rendezvous
+ * circuit. */
+#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
+ ((p) == CIRCUIT_PURPOSE_C_REND_JOINED || \
+ (p) == CIRCUIT_PURPOSE_S_REND_JOINED)
+/** True iff the circuit_t c is actually an or_circuit_t */
+#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC)
+
+/** True iff this circuit purpose should count towards the global
+ * pending rate limit (set by MaxClientCircuitsPending). We count all
+ * general purpose circuits, as well as the first step of client onion
+ * service connections (HSDir gets). */
+#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \
+ ((p) == CIRCUIT_PURPOSE_C_GENERAL || \
+ (p) == CIRCUIT_PURPOSE_C_HSDIR_GET)
+
/** Convert a circuit_t* to a pointer to the enclosing or_circuit_t. Assert
* if the cast is impossible. */
or_circuit_t *TO_OR_CIRCUIT(circuit_t *);
@@ -104,4 +245,3 @@ STATIC uint32_t circuit_max_queued_item_age(const circuit_t *c, uint32_t now);
#endif /* defined(CIRCUITLIST_PRIVATE) */
#endif /* !defined(TOR_CIRCUITLIST_H) */
-
diff --git a/src/or/circuitmux_ewma.c b/src/or/circuitmux_ewma.c
index 1ee5f1f621..d600602a7e 100644
--- a/src/or/circuitmux_ewma.c
+++ b/src/or/circuitmux_ewma.c
@@ -39,6 +39,7 @@
#include "or/circuitmux_ewma.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/networkstatus.h"
+#include "or/or_options_st.h"
/*** EWMA parameter #defines ***/
@@ -826,4 +827,3 @@ circuitmux_ewma_free_all(void)
{
ewma_ticks_initialized = 0;
}
-
diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c
index c2abb2d14b..32584c26d5 100644
--- a/src/or/circuitstats.c
+++ b/src/or/circuitstats.c
@@ -42,9 +42,11 @@
#include "or/circuituse.h"
#include "lib/math/fp.h"
#include "lib/time/tvdiff.h"
+#include "lib/encoding/confline.h"
#include "or/crypt_path_st.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#undef log
#include <math.h>
diff --git a/src/or/circuitstats.h b/src/or/circuitstats.h
index d7d1012ce8..174730d035 100644
--- a/src/or/circuitstats.h
+++ b/src/or/circuitstats.h
@@ -21,6 +21,9 @@ int circuit_build_times_disabled(const or_options_t *options);
int circuit_build_times_disabled_(const or_options_t *options,
int ignore_consensus);
+/** A build_time_t is milliseconds */
+typedef uint32_t build_time_t;
+
int circuit_build_times_enough_to_compute(const circuit_build_times_t *cbt);
void circuit_build_times_update_state(const circuit_build_times_t *cbt,
or_state_t *state);
@@ -47,6 +50,89 @@ double circuit_build_times_close_rate(const circuit_build_times_t *cbt);
void circuit_build_times_update_last_circ(circuit_build_times_t *cbt);
void circuit_build_times_mark_circ_as_measurement_only(origin_circuit_t *circ);
+/** Total size of the circuit timeout history to accumulate.
+ * 1000 is approx 2.5 days worth of continual-use circuits. */
+#define CBT_NCIRCUITS_TO_OBSERVE 1000
+
+/** Width of the histogram bins in milliseconds */
+#define CBT_BIN_WIDTH ((build_time_t)50)
+
+/** Number of modes to use in the weighted-avg computation of Xm */
+#define CBT_DEFAULT_NUM_XM_MODES 3
+#define CBT_MIN_NUM_XM_MODES 1
+#define CBT_MAX_NUM_XM_MODES 20
+
+/**
+ * CBT_BUILD_ABANDONED is our flag value to represent a force-closed
+ * circuit (Aka a 'right-censored' pareto value).
+ */
+#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1))
+#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX))
+
+/** Save state every 10 circuits */
+#define CBT_SAVE_STATE_EVERY 10
+
+/* Circuit build times consensus parameters */
+
+/**
+ * How long to wait before actually closing circuits that take too long to
+ * build in terms of CDF quantile.
+ */
+#define CBT_DEFAULT_CLOSE_QUANTILE 95
+#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF
+#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF
+
+/**
+ * How many circuits count as recent when considering if the
+ * connection has gone gimpy or changed.
+ */
+#define CBT_DEFAULT_RECENT_CIRCUITS 20
+#define CBT_MIN_RECENT_CIRCUITS 3
+#define CBT_MAX_RECENT_CIRCUITS 1000
+
+/**
+ * Maximum count of timeouts that finish the first hop in the past
+ * RECENT_CIRCUITS before calculating a new timeout.
+ *
+ * This tells us whether to abandon timeout history and set
+ * the timeout back to whatever circuit_build_times_get_initial_timeout()
+ * gives us.
+ */
+#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10)
+#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3
+#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000
+
+/** Minimum circuits before estimating a timeout */
+#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100
+#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1
+#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000
+
+/** Cutoff percentile on the CDF for our timeout estimation. */
+#define CBT_DEFAULT_QUANTILE_CUTOFF 80
+#define CBT_MIN_QUANTILE_CUTOFF 10
+#define CBT_MAX_QUANTILE_CUTOFF 99
+double circuit_build_times_quantile_cutoff(void);
+
+/** How often in seconds should we build a test circuit */
+#define CBT_DEFAULT_TEST_FREQUENCY 10
+#define CBT_MIN_TEST_FREQUENCY 1
+#define CBT_MAX_TEST_FREQUENCY INT32_MAX
+
+/** Lowest allowable value for CircuitBuildTimeout in milliseconds */
+#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500)
+#define CBT_MIN_TIMEOUT_MIN_VALUE 500
+#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX
+
+/** Initial circuit build timeout in milliseconds */
+#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000)
+#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE
+#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX
+int32_t circuit_build_times_initial_timeout(void);
+
+#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT
+#error "RECENT_CIRCUITS is set too low."
+#endif
+
#ifdef CIRCUITSTATS_PRIVATE
STATIC double circuit_build_times_calculate_timeout(circuit_build_times_t *cbt,
double quantile);
@@ -125,4 +211,3 @@ struct circuit_build_times_s {
#endif /* defined(CIRCUITSTATS_PRIVATE) */
#endif /* !defined(TOR_CIRCUITSTATS_H) */
-
diff --git a/src/or/config.c b/src/or/config.c
index e3a4faa311..a29958c579 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -71,6 +71,7 @@
#include "or/circuitstats.h"
#include "lib/compress/compress.h"
#include "or/config.h"
+#include "lib/encoding/confline.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
@@ -109,6 +110,15 @@
#ifdef _WIN32
#include <shlobj.h>
#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#include "lib/meminfo/meminfo.h"
#include "lib/osinfo/uname.h"
@@ -146,6 +156,10 @@ static const char unix_socket_prefix[] = "unix:";
* configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
+/* limits for TCP send and recv buffer size used for constrained sockets */
+#define MIN_CONSTRAINED_TCP_BUFFER 2048
+#define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */
+
/** macro to help with the bulk rename of *DownloadSchedule to
* *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
diff --git a/src/or/config.h b/src/or/config.h
index d2faf6c512..5fdf7862ec 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -12,6 +12,7 @@
#ifndef TOR_CONFIG_H
#define TOR_CONFIG_H
+#include "or/or_options_st.h"
#include "lib/testsupport/testsupport.h"
#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(DARWIN)
@@ -42,7 +43,16 @@ void init_protocol_warning_severity_level(void);
int get_protocol_warning_severity_level(void);
const char *get_version(void);
const char *get_short_version(void);
-setopt_err_t options_trial_assign(config_line_t *list, unsigned flags,
+
+/** An error from options_trial_assign() or options_init_from_string(). */
+typedef enum setopt_err_t {
+ SETOPT_OK = 0,
+ SETOPT_ERR_MISC = -1,
+ SETOPT_ERR_PARSE = -2,
+ SETOPT_ERR_TRANSITION = -3,
+ SETOPT_ERR_SETTING = -4,
+} setopt_err_t;
+setopt_err_t options_trial_assign(struct config_line_t *list, unsigned flags,
char **msg);
uint32_t get_last_resolved_addr(void);
@@ -62,7 +72,7 @@ setopt_err_t options_init_from_string(const char *cf_defaults, const char *cf,
int command, const char *command_arg, char **msg);
int option_is_recognized(const char *key);
const char *option_get_canonical_name(const char *key);
-config_line_t *option_get_assignment(const or_options_t *options,
+struct config_line_t *option_get_assignment(const or_options_t *options,
const char *key);
int options_save_current(void);
const char *get_torrc_fname(int defaults_fname);
@@ -180,8 +190,8 @@ int init_cookie_authentication(const char *fname, const char *header,
or_options_t *options_new(void);
int config_parse_commandline(int argc, char **argv, int ignore_errors,
- config_line_t **result,
- config_line_t **cmdline_result);
+ struct config_line_t **result,
+ struct config_line_t **cmdline_result);
void config_register_addressmaps(const or_options_t *options);
/* XXXX move to connection_edge.h */
@@ -260,7 +270,7 @@ STATIC int parse_dir_fallback_line(const char *line, int validate_only);
STATIC int have_enough_mem_for_dircache(const or_options_t *options,
size_t total_mem, char **msg);
STATIC int parse_port_config(smartlist_t *out,
- const config_line_t *ports,
+ const struct config_line_t *ports,
const char *portname,
int listener_type,
const char *defaultaddr,
diff --git a/src/or/confparse.c b/src/or/confparse.c
index b38e06c6a2..60ab32ef82 100644
--- a/src/or/confparse.c
+++ b/src/or/confparse.c
@@ -26,6 +26,7 @@
#include "or/routerset.h"
#include "lib/container/bitarray.h"
+#include "lib/encoding/confline.h"
static uint64_t config_parse_memunit(const char *s, int *ok);
static int config_parse_msec_interval(const char *s, int *ok);
diff --git a/src/or/confparse.h b/src/or/confparse.h
index be9785ac18..cbd2ea88e2 100644
--- a/src/or/confparse.h
+++ b/src/or/confparse.h
@@ -65,9 +65,9 @@ typedef union {
time_t *ISOTIME;
smartlist_t **CSV;
int *CSV_INTERVAL;
- config_line_t **LINELIST;
- config_line_t **LINELIST_S;
- config_line_t **LINELIST_V;
+ struct config_line_t **LINELIST;
+ struct config_line_t **LINELIST_S;
+ struct config_line_t **LINELIST_V;
routerset_t **ROUTERSET;
} confparse_dummy_values_t;
#endif /* defined(TOR_UNIT_TESTS) */
@@ -185,7 +185,7 @@ void config_free_(const config_format_t *fmt, void *options);
(options) = NULL; \
} while (0)
-config_line_t *config_get_assigned_option(const config_format_t *fmt,
+struct config_line_t *config_get_assigned_option(const config_format_t *fmt,
const void *options, const char *key,
int escape_val);
int config_is_same(const config_format_t *fmt,
@@ -197,7 +197,7 @@ char *config_dump(const config_format_t *fmt, const void *default_options,
const void *options, int minimal,
int comment_defaults);
int config_assign(const config_format_t *fmt, void *options,
- config_line_t *list,
+ struct config_line_t *list,
unsigned flags, char **msg);
config_var_t *config_find_option_mutable(config_format_t *fmt,
const char *key);
@@ -219,4 +219,3 @@ void warn_deprecated_option(const char *what, const char *why);
#define CFG_EQ_ROUTERSET(a,b,opt) routerset_equal((a)->opt, (b)->opt)
#endif /* !defined(TOR_CONFPARSE_H) */
-
diff --git a/src/or/connection.c b/src/or/connection.c
index e3e9c313ae..66ccc51b5e 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -104,11 +104,21 @@
#include "or/routerparse.h"
#include "lib/sandbox/sandbox.h"
#include "lib/net/buffers_net.h"
+#include "lib/tls/tortls.h"
+#include "common/compat_libevent.h"
+#include "lib/compress/compress.h"
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
#ifdef HAVE_SYS_UN_H
#include <sys/socket.h>
#include <sys/un.h>
diff --git a/src/or/connection.h b/src/or/connection.h
index 1bbe17bffd..3419ee65e8 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -14,8 +14,72 @@
listener_connection_t *TO_LISTENER_CONN(connection_t *);
-/* XXXX For buf_datalen in inline function */
-#include "lib/container/buffers.h"
+struct buf_t;
+
+#define CONN_TYPE_MIN_ 3
+/** Type for sockets listening for OR connections. */
+#define CONN_TYPE_OR_LISTENER 3
+/** A bidirectional TLS connection transmitting a sequence of cells.
+ * May be from an OR to an OR, or from an OP to an OR. */
+#define CONN_TYPE_OR 4
+/** A TCP connection from an onion router to a stream's destination. */
+#define CONN_TYPE_EXIT 5
+/** Type for sockets listening for SOCKS connections. */
+#define CONN_TYPE_AP_LISTENER 6
+/** A SOCKS proxy connection from the user application to the onion
+ * proxy. */
+#define CONN_TYPE_AP 7
+/** Type for sockets listening for HTTP connections to the directory server. */
+#define CONN_TYPE_DIR_LISTENER 8
+/** Type for HTTP connections to the directory server. */
+#define CONN_TYPE_DIR 9
+/* Type 10 is unused. */
+/** Type for listening for connections from user interface process. */
+#define CONN_TYPE_CONTROL_LISTENER 11
+/** Type for connections from user interface process. */
+#define CONN_TYPE_CONTROL 12
+/** Type for sockets listening for transparent connections redirected by pf or
+ * netfilter. */
+#define CONN_TYPE_AP_TRANS_LISTENER 13
+/** Type for sockets listening for transparent connections redirected by
+ * natd. */
+#define CONN_TYPE_AP_NATD_LISTENER 14
+/** Type for sockets listening for DNS requests. */
+#define CONN_TYPE_AP_DNS_LISTENER 15
+
+/** Type for connections from the Extended ORPort. */
+#define CONN_TYPE_EXT_OR 16
+/** Type for sockets listening for Extended ORPort connections. */
+#define CONN_TYPE_EXT_OR_LISTENER 17
+/** Type for sockets listening for HTTP CONNECT tunnel connections. */
+#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18
+
+#define CONN_TYPE_MAX_ 19
+/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in
+ * connection_t. */
+
+/* Proxy client handshake states */
+/* We use a proxy but we haven't even connected to it yet. */
+#define PROXY_INFANT 1
+/* We use an HTTP proxy and we've sent the CONNECT command. */
+#define PROXY_HTTPS_WANT_CONNECT_OK 2
+/* We use a SOCKS4 proxy and we've sent the CONNECT command. */
+#define PROXY_SOCKS4_WANT_CONNECT_OK 3
+/* We use a SOCKS5 proxy and we try to negotiate without
+ any authentication . */
+#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4
+/* We use a SOCKS5 proxy and we try to negotiate with
+ Username/Password authentication . */
+#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5
+/* We use a SOCKS5 proxy and we just sent our credentials. */
+#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6
+/* We use a SOCKS5 proxy and we just sent our CONNECT command. */
+#define PROXY_SOCKS5_WANT_CONNECT_OK 7
+/* We use a proxy and we CONNECTed successfully!. */
+#define PROXY_CONNECTED 8
+
+/** State for any listener connection. */
+#define LISTENER_STATE_READY 0
const char *conn_type_to_string(int type);
const char *conn_state_to_string(int type, int state);
@@ -159,7 +223,7 @@ connection_buf_add(const char *string, size_t len, connection_t *conn)
}
void connection_buf_add_compress(const char *string, size_t len,
dir_connection_t *conn, int done);
-void connection_buf_add_buf(connection_t *conn, buf_t *buf);
+void connection_buf_add_buf(connection_t *conn, struct buf_t *buf);
size_t connection_get_inbuf_len(connection_t *conn);
size_t connection_get_outbuf_len(connection_t *conn);
@@ -242,6 +306,24 @@ MOCK_DECL(void, clock_skew_warning,
int connection_is_moribund(connection_t *conn);
void connection_check_oos(int n_socks, int failed);
+/** Execute the statement <b>stmt</b>, which may log events concerning the
+ * connection <b>conn</b>. To prevent infinite loops, disable log messages
+ * being sent to controllers if <b>conn</b> is a control connection.
+ *
+ * Stmt must not contain any return or goto statements.
+ */
+#define CONN_LOG_PROTECT(conn, stmt) \
+ STMT_BEGIN \
+ int _log_conn_is_control; \
+ tor_assert(conn); \
+ _log_conn_is_control = (conn->type == CONN_TYPE_CONTROL); \
+ if (_log_conn_is_control) \
+ disable_control_logging(); \
+ STMT_BEGIN stmt; STMT_END; \
+ if (_log_conn_is_control) \
+ enable_control_logging(); \
+ STMT_END
+
#ifdef CONNECTION_PRIVATE
STATIC void connection_free_minimal(connection_t *conn);
@@ -259,4 +341,3 @@ MOCK_DECL(STATIC smartlist_t *, pick_oos_victims, (int n));
#endif /* defined(CONNECTION_PRIVATE) */
#endif /* !defined(TOR_CONNECTION_H) */
-
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index e8185a5faa..c3c934417f 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -106,6 +106,7 @@
#include "or/or_circuit_st.h"
#include "or/origin_circuit_st.h"
#include "or/socks_request_st.h"
+#include "common/compat_libevent.h"
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
@@ -4221,4 +4222,3 @@ connection_edge_free_all(void)
pending_entry_connections = NULL;
mainloop_event_free(attach_pending_entry_connections_ev);
}
-
diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h
index d6774668d8..24968b2778 100644
--- a/src/or/connection_edge.h
+++ b/src/or/connection_edge.h
@@ -18,6 +18,54 @@ edge_connection_t *TO_EDGE_CONN(connection_t *);
entry_connection_t *TO_ENTRY_CONN(connection_t *);
entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *);
+#define EXIT_CONN_STATE_MIN_ 1
+/** State for an exit connection: waiting for response from DNS farm. */
+#define EXIT_CONN_STATE_RESOLVING 1
+/** State for an exit connection: waiting for connect() to finish. */
+#define EXIT_CONN_STATE_CONNECTING 2
+/** State for an exit connection: open and ready to transmit data. */
+#define EXIT_CONN_STATE_OPEN 3
+/** State for an exit connection: waiting to be removed. */
+#define EXIT_CONN_STATE_RESOLVEFAILED 4
+#define EXIT_CONN_STATE_MAX_ 4
+
+/* The AP state values must be disjoint from the EXIT state values. */
+#define AP_CONN_STATE_MIN_ 5
+/** State for a SOCKS connection: waiting for SOCKS request. */
+#define AP_CONN_STATE_SOCKS_WAIT 5
+/** State for a SOCKS connection: got a y.onion URL; waiting to receive
+ * rendezvous descriptor. */
+#define AP_CONN_STATE_RENDDESC_WAIT 6
+/** The controller will attach this connection to a circuit; it isn't our
+ * job to do so. */
+#define AP_CONN_STATE_CONTROLLER_WAIT 7
+/** State for a SOCKS connection: waiting for a completed circuit. */
+#define AP_CONN_STATE_CIRCUIT_WAIT 8
+/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
+#define AP_CONN_STATE_CONNECT_WAIT 9
+/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
+#define AP_CONN_STATE_RESOLVE_WAIT 10
+/** State for a SOCKS connection: ready to send and receive. */
+#define AP_CONN_STATE_OPEN 11
+/** State for a transparent natd connection: waiting for original
+ * destination. */
+#define AP_CONN_STATE_NATD_WAIT 12
+/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */
+#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
+#define AP_CONN_STATE_MAX_ 13
+
+#define EXIT_PURPOSE_MIN_ 1
+/** This exit stream wants to do an ordinary connect. */
+#define EXIT_PURPOSE_CONNECT 1
+/** This exit stream wants to do a resolve (either normal or reverse). */
+#define EXIT_PURPOSE_RESOLVE 2
+#define EXIT_PURPOSE_MAX_ 2
+
+/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
+ * edge connection is not attached to any circuit. */
+#define AP_CONN_STATE_IS_UNATTACHED(s) \
+ ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
+
#define connection_mark_unattached_ap(conn, endreason) \
connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__)
@@ -198,4 +246,3 @@ STATIC int connection_ap_process_http_connect(entry_connection_t *conn);
#endif /* defined(CONNECTION_EDGE_PRIVATE) */
#endif /* !defined(TOR_CONNECTION_EDGE_H) */
-
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 9692e5d676..b3021edf16 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -66,8 +66,12 @@
#include "or/or_connection_st.h"
#include "or/or_handshake_certs_st.h"
#include "or/or_handshake_state_st.h"
+#include "or/or_state_st.h"
#include "or/routerinfo_st.h"
#include "or/var_cell_st.h"
+#include "lib/crypt_ops/crypto_format.h"
+
+#include "lib/tls/tortls.h"
static int connection_tls_finish_handshake(or_connection_t *conn);
static int connection_or_launch_v3_or_handshake(or_connection_t *conn);
@@ -2990,4 +2994,3 @@ connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
return 0;
}
-
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 41abc199d3..2d95fdea18 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -12,8 +12,38 @@
#ifndef TOR_CONNECTION_OR_H
#define TOR_CONNECTION_OR_H
+struct ed25519_public_key_t;
+struct ed25519_keypair_t;
+
or_connection_t *TO_OR_CONN(connection_t *);
+#define OR_CONN_STATE_MIN_ 1
+/** State for a connection to an OR: waiting for connect() to finish. */
+#define OR_CONN_STATE_CONNECTING 1
+/** State for a connection to an OR: waiting for proxy handshake to complete */
+#define OR_CONN_STATE_PROXY_HANDSHAKING 2
+/** State for an OR connection client: SSL is handshaking, not done
+ * yet. */
+#define OR_CONN_STATE_TLS_HANDSHAKING 3
+/** State for a connection to an OR: We're doing a second SSL handshake for
+ * renegotiation purposes. (V2 handshake only.) */
+#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4
+/** State for a connection at an OR: We're waiting for the client to
+ * renegotiate (to indicate a v2 handshake) or send a versions cell (to
+ * indicate a v3 handshake) */
+#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5
+/** State for an OR connection: We're done with our SSL handshake, we've done
+ * renegotiation, but we haven't yet negotiated link protocol versions and
+ * sent a netinfo cell. */
+#define OR_CONN_STATE_OR_HANDSHAKING_V2 6
+/** State for an OR connection: We're done with our SSL handshake, but we
+ * haven't yet negotiated link protocol versions, done a V3 handshake, and
+ * sent a netinfo cell. */
+#define OR_CONN_STATE_OR_HANDSHAKING_V3 7
+/** State for an OR connection: Ready to send/receive cells. */
+#define OR_CONN_STATE_OPEN 8
+#define OR_CONN_STATE_MAX_ 8
+
void connection_or_clear_identity(or_connection_t *conn);
void connection_or_clear_identity_map(void);
void clear_broken_connection_map(int disable);
@@ -42,7 +72,7 @@ MOCK_DECL(or_connection_t *,
connection_or_connect,
(const tor_addr_t *addr, uint16_t port,
const char *id_digest,
- const ed25519_public_key_t *ed_id,
+ const struct ed25519_public_key_t *ed_id,
channel_tls_t *chan));
void connection_or_close_normally(or_connection_t *orconn, int flush);
@@ -60,14 +90,14 @@ void connection_or_set_canonical(or_connection_t *or_conn,
int connection_init_or_handshake_state(or_connection_t *conn,
int started_here);
void connection_or_init_conn_from_address(or_connection_t *conn,
- const tor_addr_t *addr,
- uint16_t port,
- const char *rsa_id_digest,
- const ed25519_public_key_t *ed_id,
- int started_here);
+ const tor_addr_t *addr,
+ uint16_t port,
+ const char *rsa_id_digest,
+ const struct ed25519_public_key_t *ed_id,
+ int started_here);
int connection_or_client_learned_peer_id(or_connection_t *conn,
const uint8_t *rsa_peer_id,
- const ed25519_public_key_t *ed_peer_id);
+ const struct ed25519_public_key_t *ed_peer_id);
time_t connection_or_client_used(or_connection_t *conn);
MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn));
void or_handshake_state_free_(or_handshake_state_t *state);
@@ -94,11 +124,12 @@ int connection_or_send_auth_challenge_cell(or_connection_t *conn);
int authchallenge_type_is_supported(uint16_t challenge_type);
int authchallenge_type_is_better(uint16_t challenge_type_a,
uint16_t challenge_type_b);
-var_cell_t *connection_or_compute_authenticate_cell_body(or_connection_t *conn,
- const int authtype,
- crypto_pk_t *signing_key,
- const ed25519_keypair_t *ed_signing_key,
- int server);
+var_cell_t *connection_or_compute_authenticate_cell_body(
+ or_connection_t *conn,
+ const int authtype,
+ crypto_pk_t *signing_key,
+ const struct ed25519_keypair_t *ed_signing_key,
+ int server);
MOCK_DECL(int,connection_or_send_authenticate_cell,
(or_connection_t *conn, int type));
@@ -132,4 +163,3 @@ extern int certs_cell_ed25519_disabled_for_testing;
#endif
#endif /* !defined(TOR_CONNECTION_OR_H) */
-
diff --git a/src/or/connection_st.h b/src/or/connection_st.h
index 2e785c6e6e..6c22478689 100644
--- a/src/or/connection_st.h
+++ b/src/or/connection_st.h
@@ -9,6 +9,16 @@
struct buf_t;
+/* Values for connection_t.magic: used to make sure that downcasts (casts from
+* connection_t to foo_connection_t) are safe. */
+#define BASE_CONNECTION_MAGIC 0x7C3C304Eu
+#define OR_CONNECTION_MAGIC 0x7D31FF03u
+#define EDGE_CONNECTION_MAGIC 0xF0374013u
+#define ENTRY_CONNECTION_MAGIC 0xbb4a5703
+#define DIR_CONNECTION_MAGIC 0x9988ffeeu
+#define CONTROL_CONNECTION_MAGIC 0x8abc765du
+#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u
+
/** Description of a connection to another host or process, and associated
* data.
*
@@ -128,4 +138,12 @@ struct connection_t {
uint32_t n_written_conn_bw;
};
+/** True iff <b>x</b> is an edge connection. */
+#define CONN_IS_EDGE(x) \
+ ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)
+
+/** True iff the purpose of <b>conn</b> means that it's a server-side
+ * directory connection. */
+#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)
+
#endif
diff --git a/src/or/conscache.c b/src/or/conscache.c
index bc3a09509d..bc5928ff23 100644
--- a/src/or/conscache.c
+++ b/src/or/conscache.c
@@ -7,6 +7,7 @@
#include "or/conscache.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/fs/storagedir.h"
+#include "lib/encoding/confline.h"
#define CCE_MAGIC 0x17162253
@@ -624,4 +625,3 @@ consensus_cache_entry_is_mapped(consensus_cache_entry_t *ent)
}
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/conscache.h b/src/or/conscache.h
index 20af6402c5..c46b824235 100644
--- a/src/or/conscache.h
+++ b/src/or/conscache.h
@@ -27,9 +27,9 @@ void consensus_cache_delete_pending(consensus_cache_t *cache,
int force);
int consensus_cache_get_n_filenames_available(consensus_cache_t *cache);
consensus_cache_entry_t *consensus_cache_add(consensus_cache_t *cache,
- const config_line_t *labels,
- const uint8_t *data,
- size_t datalen);
+ const struct config_line_t *labels,
+ const uint8_t *data,
+ size_t datalen);
consensus_cache_entry_t *consensus_cache_find_first(
consensus_cache_t *cache,
@@ -46,7 +46,7 @@ void consensus_cache_filter_list(smartlist_t *lst,
const char *consensus_cache_entry_get_value(const consensus_cache_entry_t *ent,
const char *key);
-const config_line_t *consensus_cache_entry_get_labels(
+const struct config_line_t *consensus_cache_entry_get_labels(
const consensus_cache_entry_t *ent);
void consensus_cache_entry_incref(consensus_cache_entry_t *ent);
@@ -64,4 +64,3 @@ int consensus_cache_entry_is_mapped(consensus_cache_entry_t *ent);
#endif
#endif /* !defined(TOR_CONSCACHE_H) */
-
diff --git a/src/or/consdiffmgr.c b/src/or/consdiffmgr.c
index 7732cd1093..c75b59c1f5 100644
--- a/src/or/consdiffmgr.c
+++ b/src/or/consdiffmgr.c
@@ -21,7 +21,10 @@
#include "or/cpuworker.h"
#include "or/networkstatus.h"
#include "or/routerparse.h"
+#include "common/compat_libevent.h"
#include "common/workqueue.h"
+#include "lib/compress/compress.h"
+#include "lib/encoding/confline.h"
#include "or/networkstatus_st.h"
#include "or/networkstatus_voter_info_st.h"
@@ -1940,4 +1943,3 @@ consensus_cache_entry_get_valid_after(const consensus_cache_entry_t *ent,
else
return 0;
}
-
diff --git a/src/or/consdiffmgr.h b/src/or/consdiffmgr.h
index d793a7ef1d..66c3d65002 100644
--- a/src/or/consdiffmgr.h
+++ b/src/or/consdiffmgr.h
@@ -4,6 +4,8 @@
#ifndef TOR_CONSDIFFMGR_H
#define TOR_CONSDIFFMGR_H
+enum compress_method_t;
+
/**
* Possible outcomes from trying to look up a given consensus diff.
*/
@@ -25,7 +27,7 @@ int consdiffmgr_add_consensus(const char *consensus,
consdiff_status_t consdiffmgr_find_consensus(
struct consensus_cache_entry_t **entry_out,
consensus_flavor_t flavor,
- compress_method_t method);
+ enum compress_method_t method);
consdiff_status_t consdiffmgr_find_diff_from(
struct consensus_cache_entry_t **entry_out,
@@ -33,7 +35,7 @@ consdiff_status_t consdiffmgr_find_diff_from(
int digest_type,
const uint8_t *digest,
size_t digestlen,
- compress_method_t method);
+ enum compress_method_t method);
int consensus_cache_entry_get_voter_id_digests(
const struct consensus_cache_entry_t *ent,
@@ -71,4 +73,3 @@ STATIC int uncompress_or_copy(char **out, size_t *outlen,
#endif /* defined(CONSDIFFMGR_PRIVATE) */
#endif /* !defined(TOR_CONSDIFFMGR_H) */
-
diff --git a/src/or/control.c b/src/or/control.c
index af052f756c..67d1a0c686 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -80,6 +80,7 @@
#include "or/routerlist.h"
#include "or/routerparse.h"
#include "or/shared_random_client.h"
+#include "lib/encoding/confline.h"
#include "or/cached_dir_st.h"
#include "or/control_connection_st.h"
@@ -99,6 +100,13 @@
#include "or/routerlist_st.h"
#include "or/socks_request_st.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
#ifndef _WIN32
#include <pwd.h>
#include <sys/resource.h>
@@ -106,6 +114,7 @@
#include "lib/crypt_ops/crypto_s2k.h"
#include "common/procmon.h"
+#include "common/compat_libevent.h"
/** Yield true iff <b>s</b> is the state of a control_connection_t that has
* finished authentication and is accepting commands. */
@@ -7791,4 +7800,3 @@ control_testing_set_global_event_mask(uint64_t mask)
global_event_mask = mask;
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/control.h b/src/or/control.h
index 200a88bf62..5c5fe8a917 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -12,8 +12,93 @@
#ifndef TOR_CONTROL_H
#define TOR_CONTROL_H
+/** Used to indicate the type of a circuit event passed to the controller.
+ * The various types are defined in control-spec.txt */
+typedef enum circuit_status_event_t {
+ CIRC_EVENT_LAUNCHED = 0,
+ CIRC_EVENT_BUILT = 1,
+ CIRC_EVENT_EXTENDED = 2,
+ CIRC_EVENT_FAILED = 3,
+ CIRC_EVENT_CLOSED = 4,
+} circuit_status_event_t;
+
+/** Used to indicate the type of a CIRC_MINOR event passed to the controller.
+ * The various types are defined in control-spec.txt . */
+typedef enum circuit_status_minor_event_t {
+ CIRC_MINOR_EVENT_PURPOSE_CHANGED,
+ CIRC_MINOR_EVENT_CANNIBALIZED,
+} circuit_status_minor_event_t;
+
+/** Used to indicate the type of a stream event passed to the controller.
+ * The various types are defined in control-spec.txt */
+typedef enum stream_status_event_t {
+ STREAM_EVENT_SENT_CONNECT = 0,
+ STREAM_EVENT_SENT_RESOLVE = 1,
+ STREAM_EVENT_SUCCEEDED = 2,
+ STREAM_EVENT_FAILED = 3,
+ STREAM_EVENT_CLOSED = 4,
+ STREAM_EVENT_NEW = 5,
+ STREAM_EVENT_NEW_RESOLVE = 6,
+ STREAM_EVENT_FAILED_RETRIABLE = 7,
+ STREAM_EVENT_REMAP = 8
+} stream_status_event_t;
+
+/** Used to indicate the type of an OR connection event passed to the
+ * controller. The various types are defined in control-spec.txt */
+typedef enum or_conn_status_event_t {
+ OR_CONN_EVENT_LAUNCHED = 0,
+ OR_CONN_EVENT_CONNECTED = 1,
+ OR_CONN_EVENT_FAILED = 2,
+ OR_CONN_EVENT_CLOSED = 3,
+ OR_CONN_EVENT_NEW = 4,
+} or_conn_status_event_t;
+
+/** Used to indicate the type of a buildtime event */
+typedef enum buildtimeout_set_event_t {
+ BUILDTIMEOUT_SET_EVENT_COMPUTED = 0,
+ BUILDTIMEOUT_SET_EVENT_RESET = 1,
+ BUILDTIMEOUT_SET_EVENT_SUSPENDED = 2,
+ BUILDTIMEOUT_SET_EVENT_DISCARD = 3,
+ BUILDTIMEOUT_SET_EVENT_RESUME = 4
+} buildtimeout_set_event_t;
+
+/** Enum describing various stages of bootstrapping, for use with controller
+ * bootstrap status events. The values range from 0 to 100. */
+typedef enum {
+ BOOTSTRAP_STATUS_UNDEF=-1,
+ BOOTSTRAP_STATUS_STARTING=0,
+ BOOTSTRAP_STATUS_CONN_DIR=5,
+ BOOTSTRAP_STATUS_HANDSHAKE=-2,
+ BOOTSTRAP_STATUS_HANDSHAKE_DIR=10,
+ BOOTSTRAP_STATUS_ONEHOP_CREATE=15,
+ BOOTSTRAP_STATUS_REQUESTING_STATUS=20,
+ BOOTSTRAP_STATUS_LOADING_STATUS=25,
+ BOOTSTRAP_STATUS_LOADING_KEYS=40,
+ BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS=45,
+ BOOTSTRAP_STATUS_LOADING_DESCRIPTORS=50,
+ BOOTSTRAP_STATUS_CONN_OR=80,
+ BOOTSTRAP_STATUS_HANDSHAKE_OR=85,
+ BOOTSTRAP_STATUS_CIRCUIT_CREATE=90,
+ BOOTSTRAP_STATUS_DONE=100
+} bootstrap_status_t;
+
control_connection_t *TO_CONTROL_CONN(connection_t *);
+#define CONTROL_CONN_STATE_MIN_ 1
+/** State for a control connection: Authenticated and accepting v1 commands. */
+#define CONTROL_CONN_STATE_OPEN 1
+/** State for a control connection: Waiting for authentication; speaking
+ * protocol v1. */
+#define CONTROL_CONN_STATE_NEEDAUTH 2
+#define CONTROL_CONN_STATE_MAX_ 2
+
+/** Reason for remapping an AP connection's address: we have a cached
+ * answer. */
+#define REMAP_STREAM_SOURCE_CACHE 1
+/** Reason for remapping an AP connection's address: the exit node told us an
+ * answer. */
+#define REMAP_STREAM_SOURCE_EXIT 2
+
void control_initialize_event_queue(void);
void control_update_global_event_mask(void);
@@ -99,7 +184,8 @@ int control_event_signal(uintptr_t signal);
int init_control_cookie_authentication(int enabled);
char *get_controller_cookie_file_name(void);
-smartlist_t *decode_hashed_passwords(config_line_t *passwords);
+struct config_line_t;
+smartlist_t *decode_hashed_passwords(struct config_line_t *passwords);
void disable_control_logging(void);
void enable_control_logging(void);
@@ -162,6 +248,8 @@ void control_event_hs_descriptor_content(const char *onion_address,
void control_free_all(void);
#ifdef CONTROL_PRIVATE
+#include "lib/crypt_ops/crypto_ed25519.h"
+
/* Recognized asynchronous event types. It's okay to expand this list
* because it is used both as a list of v0 event types, and as indices
* into the bitfield to determine which controllers want which events.
@@ -325,4 +413,3 @@ STATIC int getinfo_helper_current_time(
#endif /* defined(CONTROL_PRIVATE) */
#endif /* !defined(TOR_CONTROL_H) */
-
diff --git a/src/or/crypt_path_st.h b/src/or/crypt_path_st.h
index 88b4085acb..0fde1fab0e 100644
--- a/src/or/crypt_path_st.h
+++ b/src/or/crypt_path_st.h
@@ -8,6 +8,21 @@
#define CRYPT_PATH_ST_H
#include "or/relay_crypto_st.h"
+struct crypto_dh_t;
+
+#define CRYPT_PATH_MAGIC 0x70127012u
+
+struct fast_handshake_state_t;
+struct ntor_handshake_state_t;
+struct crypto_dh_t;
+struct onion_handshake_state_t {
+ uint16_t tag;
+ union {
+ struct fast_handshake_state_t *fast;
+ struct crypto_dh_t *tap;
+ struct ntor_handshake_state_t *ntor;
+ } u;
+};
/** Holds accounting information for a single step in the layered encryption
* performed by a circuit. Used only at the client edge of a circuit. */
@@ -23,7 +38,7 @@ struct crypt_path_t {
onion_handshake_state_t handshake_state;
/** Diffie-hellman handshake state for performing an introduction
* operations */
- crypto_dh_t *rend_dh_handshake_state;
+ struct crypto_dh_t *rend_dh_handshake_state;
/** Negotiated key material shared with the OR at this step. */
char rend_circ_nonce[DIGEST_LEN];/* KH in tor-spec.txt */
@@ -53,4 +68,3 @@ struct crypt_path_t {
};
#endif
-
diff --git a/src/or/desc_store_st.h b/src/or/desc_store_st.h
index c070e354c5..168a83b230 100644
--- a/src/or/desc_store_st.h
+++ b/src/or/desc_store_st.h
@@ -7,6 +7,12 @@
#ifndef DESC_STORE_ST_H
#define DESC_STORE_ST_H
+/** Allowable types of desc_store_t. */
+typedef enum store_type_t {
+ ROUTER_STORE = 0,
+ EXTRAINFO_STORE = 1
+} store_type_t;
+
/** A 'store' is a set of descriptors saved on disk, with accompanying
* journal, mmaped as needed, rebuilt as needed. */
struct desc_store_t {
@@ -31,4 +37,3 @@ struct desc_store_t {
};
#endif
-
diff --git a/src/or/dir_connection_st.h b/src/or/dir_connection_st.h
index f68266ca2e..1282f82d64 100644
--- a/src/or/dir_connection_st.h
+++ b/src/or/dir_connection_st.h
@@ -9,6 +9,8 @@
#include "or/connection_st.h"
+struct tor_compress_state_t;
+
/** Subtype of connection_t for an "directory connection" -- that is, an HTTP
* connection to retrieve or serve directory material. */
struct dir_connection_t {
@@ -31,7 +33,7 @@ struct dir_connection_t {
* it from back to front. */
smartlist_t *spool;
/** The compression object doing on-the-fly compression for spooled data. */
- tor_compress_state_t *compress_state;
+ struct tor_compress_state_t *compress_state;
/** What rendezvous service are we querying for? */
rend_data_t *rend_data;
@@ -63,4 +65,3 @@ struct dir_connection_t {
};
#endif
-
diff --git a/src/or/dirauth/dirvote.c b/src/or/dirauth/dirvote.c
index 85a0d3e707..5d6b39ea86 100644
--- a/src/or/dirauth/dirvote.c
+++ b/src/or/dirauth/dirvote.c
@@ -44,6 +44,8 @@
#include "or/vote_timing_st.h"
#include "lib/container/order.h"
+#include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
/**
* \file dirvote.c
diff --git a/src/or/dirauth/shared_random_state.c b/src/or/dirauth/shared_random_state.c
index c30a024425..87ddcc0736 100644
--- a/src/or/dirauth/shared_random_state.c
+++ b/src/or/dirauth/shared_random_state.c
@@ -21,6 +21,9 @@
#include "or/shared_random_client.h"
#include "or/dirauth/shared_random_state.h"
#include "or/voting_schedule.h"
+#include "lib/encoding/confline.h"
+
+#include "or/or_state_st.h"
/* Default filename of the shared random state on disk. */
static const char default_fname[] = "sr-state";
@@ -1321,4 +1324,3 @@ get_sr_state(void)
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/dirauth/shared_random_state.h b/src/or/dirauth/shared_random_state.h
index a8ac0134cc..f99874872b 100644
--- a/src/or/dirauth/shared_random_state.h
+++ b/src/or/dirauth/shared_random_state.h
@@ -85,11 +85,11 @@ typedef struct sr_disk_state_t {
/* State valid until? */
time_t ValidUntil;
/* All commits seen that are valid. */
- config_line_t *Commit;
+ struct config_line_t *Commit;
/* Previous and current shared random value. */
- config_line_t *SharedRandValues;
+ struct config_line_t *SharedRandValues;
/* Extra Lines for configuration we might not know. */
- config_line_t *ExtraLines;
+ struct config_line_t *ExtraLines;
} sr_disk_state_t;
/* API */
@@ -144,4 +144,3 @@ STATIC sr_state_t *get_sr_state(void);
#endif /* defined(TOR_UNIT_TESTS) */
#endif /* !defined(TOR_SHARED_RANDOM_STATE_H) */
-
diff --git a/src/or/directory.c b/src/or/directory.c
index 6b8885e121..ca925ed857 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -17,6 +17,7 @@
#include "or/consdiff.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
+#include "lib/compress/compress.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/directory.h"
@@ -42,6 +43,8 @@
#include "or/routerlist.h"
#include "or/routerparse.h"
#include "or/routerset.h"
+#include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
#if defined(EXPORTMALLINFO) && defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO)
#if !defined(OpenBSD)
@@ -141,6 +144,15 @@ static void connection_dir_close_consensus_fetches(
/********* START VARIABLES **********/
+/** Maximum size, in bytes, for resized buffers. */
+#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */
+/** Maximum size, in bytes, for any directory object that we've downloaded. */
+#define MAX_DIR_DL_SIZE MAX_BUF_SIZE
+
+/** Maximum size, in bytes, for any directory object that we're accepting
+ * as an upload. */
+#define MAX_DIR_UL_SIZE MAX_BUF_SIZE
+
/** How far in the future do we allow a directory server to tell us it is
* before deciding that one of us has the wrong time? */
#define ALLOW_DIRECTORY_TIME_SKEW (30*60)
@@ -5952,4 +5964,3 @@ dir_split_resource_into_spoolable(const char *resource,
smartlist_free(fingerprints);
return r;
}
-
diff --git a/src/or/directory.h b/src/or/directory.h
index 5cf8892ace..992ff618fb 100644
--- a/src/or/directory.h
+++ b/src/or/directory.h
@@ -13,8 +13,82 @@
#define TOR_DIRECTORY_H
#include "or/hs_ident.h"
+enum compress_method_t;
dir_connection_t *TO_DIR_CONN(connection_t *c);
+
+#define DIR_CONN_STATE_MIN_ 1
+/** State for connection to directory server: waiting for connect(). */
+#define DIR_CONN_STATE_CONNECTING 1
+/** State for connection to directory server: sending HTTP request. */
+#define DIR_CONN_STATE_CLIENT_SENDING 2
+/** State for connection to directory server: reading HTTP response. */
+#define DIR_CONN_STATE_CLIENT_READING 3
+/** State for connection to directory server: happy and finished. */
+#define DIR_CONN_STATE_CLIENT_FINISHED 4
+/** State for connection at directory server: waiting for HTTP request. */
+#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5
+/** State for connection at directory server: sending HTTP response. */
+#define DIR_CONN_STATE_SERVER_WRITING 6
+#define DIR_CONN_STATE_MAX_ 6
+
+#define DIR_PURPOSE_MIN_ 4
+/** A connection to a directory server: set after a v2 rendezvous
+ * descriptor is downloaded. */
+#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4
+/** A connection to a directory server: download one or more server
+ * descriptors. */
+#define DIR_PURPOSE_FETCH_SERVERDESC 6
+/** A connection to a directory server: download one or more extra-info
+ * documents. */
+#define DIR_PURPOSE_FETCH_EXTRAINFO 7
+/** A connection to a directory server: upload a server descriptor. */
+#define DIR_PURPOSE_UPLOAD_DIR 8
+/** A connection to a directory server: upload a v3 networkstatus vote. */
+#define DIR_PURPOSE_UPLOAD_VOTE 10
+/** A connection to a directory server: upload a v3 consensus signature */
+#define DIR_PURPOSE_UPLOAD_SIGNATURES 11
+/** A connection to a directory server: download one or more v3 networkstatus
+ * votes. */
+#define DIR_PURPOSE_FETCH_STATUS_VOTE 12
+/** A connection to a directory server: download a v3 detached signatures
+ * object for a consensus. */
+#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13
+/** A connection to a directory server: download a v3 networkstatus
+ * consensus. */
+#define DIR_PURPOSE_FETCH_CONSENSUS 14
+/** A connection to a directory server: download one or more directory
+ * authority certificates. */
+#define DIR_PURPOSE_FETCH_CERTIFICATE 15
+
+/** Purpose for connection at a directory server. */
+#define DIR_PURPOSE_SERVER 16
+/** A connection to a hidden service directory server: upload a v2 rendezvous
+ * descriptor. */
+#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17
+/** A connection to a hidden service directory server: download a v2 rendezvous
+ * descriptor. */
+#define DIR_PURPOSE_FETCH_RENDDESC_V2 18
+/** A connection to a directory server: download a microdescriptor. */
+#define DIR_PURPOSE_FETCH_MICRODESC 19
+/** A connection to a hidden service directory: upload a v3 descriptor. */
+#define DIR_PURPOSE_UPLOAD_HSDESC 20
+/** A connection to a hidden service directory: fetch a v3 descriptor. */
+#define DIR_PURPOSE_FETCH_HSDESC 21
+/** A connection to a directory server: set after a hidden service descriptor
+ * is downloaded. */
+#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22
+#define DIR_PURPOSE_MAX_ 22
+
+/** True iff <b>p</b> is a purpose corresponding to uploading
+ * data to a directory server. */
+#define DIR_PURPOSE_IS_UPLOAD(p) \
+ ((p)==DIR_PURPOSE_UPLOAD_DIR || \
+ (p)==DIR_PURPOSE_UPLOAD_VOTE || \
+ (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \
+ (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \
+ (p)==DIR_PURPOSE_UPLOAD_HSDESC)
+
int directories_have_accepted_server_descriptor(void);
void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
dirinfo_type_t type, const char *payload,
@@ -90,7 +164,7 @@ void directory_request_add_header(directory_request_t *req,
MOCK_DECL(void, directory_initiate_request, (directory_request_t *request));
int parse_http_response(const char *headers, int *code, time_t *date,
- compress_method_t *compression, char **response);
+ enum compress_method_t *compression, char **response);
int parse_http_command(const char *headers,
char **command_out, char **url_out);
char *http_get_header(const char *headers, const char *which);
@@ -189,7 +263,7 @@ struct directory_request_t {
/** Hidden-service-specific information v2. */
const rend_data_t *rend_query;
/** Extra headers to append to the request */
- config_line_t *additional_headers;
+ struct config_line_t *additional_headers;
/** Hidden-service-specific information for v3+. */
const hs_ident_dir_conn_t *hs_ident;
/** Used internally to directory.c: gets informed when the attempt to
@@ -203,8 +277,10 @@ STATIC int handle_get_hs_descriptor_v3(dir_connection_t *conn,
const struct get_handler_args_t *args);
STATIC int directory_handle_command(dir_connection_t *conn);
STATIC char *accept_encoding_header(void);
-STATIC int allowed_anonymous_connection_compression_method(compress_method_t);
-STATIC void warn_disallowed_anonymous_compression_method(compress_method_t);
+STATIC int allowed_anonymous_connection_compression_method(
+ enum compress_method_t);
+STATIC void warn_disallowed_anonymous_compression_method(
+ enum compress_method_t);
STATIC int handle_response_fetch_hsdesc_v3(dir_connection_t *conn,
const response_handler_args_t *args);
@@ -239,7 +315,8 @@ STATIC int handle_post_hs_descriptor(const char *url, const char *body);
STATIC char* authdir_type_to_string(dirinfo_type_t auth);
STATIC const char * dir_conn_purpose_to_string(int purpose);
STATIC int should_use_directory_guards(const or_options_t *options);
-STATIC compression_level_t choose_compression_level(ssize_t n_bytes);
+enum compression_level_t;
+STATIC enum compression_level_t choose_compression_level(ssize_t n_bytes);
STATIC int find_dl_min_delay(const download_status_t *dls,
const or_options_t *options);
@@ -268,4 +345,3 @@ STATIC unsigned parse_accept_encoding_header(const char *h);
#endif /* defined(TOR_UNIT_TESTS) || defined(DIRECTORY_PRIVATE) */
#endif /* !defined(TOR_DIRECTORY_H) */
-
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 62d4e73223..2980d63f0a 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -46,7 +46,10 @@
#include "or/tor_version_st.h"
#include "or/vote_routerstatus_st.h"
+#include "lib/compress/compress.h"
#include "lib/container/order.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/encoding/confline.h"
/**
* \file dirserv.c
diff --git a/src/or/dirserv.h b/src/or/dirserv.h
index 757eba7ba2..3b4a646094 100644
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@@ -12,8 +12,25 @@
#ifndef TOR_DIRSERV_H
#define TOR_DIRSERV_H
+struct ed25519_public_key_t;
+
#include "lib/testsupport/testsupport.h"
+/** An enum to describe what format we're generating a routerstatus line in.
+ */
+typedef enum {
+ /** For use in a v2 opinion */
+ NS_V2,
+ /** For use in a consensus networkstatus document (ns flavor) */
+ NS_V3_CONSENSUS,
+ /** For use in a vote networkstatus document */
+ NS_V3_VOTE,
+ /** For passing to the controlport in response to a GETINFO request */
+ NS_CONTROL_PORT,
+ /** For use in a consensus networkstatus document (microdesc flavor) */
+ NS_V3_CONSENSUS_MICRODESC
+} routerstatus_format_type_t;
+
/** What fraction (1 over this number) of the relay ID space do we
* (as a directory authority) launch connections to at each reachability
* test? */
@@ -138,7 +155,7 @@ int dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
void dirserv_orconn_tls_done(const tor_addr_t *addr,
uint16_t or_port,
const char *digest_rcvd,
- const ed25519_public_key_t *ed_id_rcvd);
+ const struct ed25519_public_key_t *ed_id_rcvd);
int dirserv_should_launch_reachability_test(const routerinfo_t *ri,
const routerinfo_t *ri_old);
void dirserv_single_reachability_test(time_t now, routerinfo_t *router);
@@ -220,4 +237,3 @@ void dirserv_spool_sort(dir_connection_t *conn);
void dir_conn_clear_spool(dir_connection_t *conn);
#endif /* !defined(TOR_DIRSERV_H) */
-
diff --git a/src/or/dns.c b/src/or/dns.c
index ddb50d1964..45c4384eb1 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -64,10 +64,15 @@
#include "or/router.h"
#include "ht.h"
#include "lib/sandbox/sandbox.h"
+#include "common/compat_libevent.h"
#include "or/edge_connection_st.h"
#include "or/or_circuit_st.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
#include <event2/event.h>
#include <event2/dns.h>
@@ -2136,4 +2141,3 @@ dns_insert_cache_entry(cached_resolve_t *new_entry)
{
HT_INSERT(cache_map, &cache_root, new_entry);
}
-
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index ce1746fe27..d2ef4a496e 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -34,6 +34,7 @@
#include "or/entry_connection_st.h"
#include "or/listener_connection_st.h"
#include "or/socks_request_st.h"
+#include "common/compat_libevent.h"
#include <event2/dns.h>
#include <event2/dns_compat.h>
@@ -412,4 +413,3 @@ dnsserv_close_listener(connection_t *conn)
listener_conn->dns_server_port = NULL;
}
}
-
diff --git a/src/or/dos.c b/src/or/dos.c
index 02bdbcf35d..d86ede02cb 100644
--- a/src/or/dos.c
+++ b/src/or/dos.c
@@ -11,6 +11,7 @@
#include "or/or.h"
#include "or/channel.h"
#include "or/config.h"
+#include "or/connection.h"
#include "or/connection_or.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/geoip.h"
@@ -798,4 +799,3 @@ dos_init(void)
/* To initialize, we only need to get the parameters. */
set_dos_parameters(NULL);
}
-
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 1919336223..ba9c30f8b3 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -139,9 +139,11 @@
#include "or/transports.h"
#include "or/statefile.h"
#include "lib/math/fp.h"
+#include "lib/encoding/confline.h"
#include "or/node_st.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#include "lib/crypt_ops/digestset.h"
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index e56d4632b6..56b961e9a0 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -64,6 +64,8 @@ typedef struct guard_pathbias_t {
} guard_pathbias_t;
#if defined(ENTRYNODES_PRIVATE)
+#include "lib/crypt_ops/crypto_ed25519.h"
+
/**
* @name values for entry_guard_t.is_reachable.
*
@@ -635,4 +637,3 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
uint32_t guardfraction_percentage);
#endif /* !defined(TOR_ENTRYNODES_H) */
-
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index c235b076e7..7eebfdb25b 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -7,6 +7,25 @@
#ifndef EXT_ORPORT_H
#define EXT_ORPORT_H
+/** States of the Extended ORPort protocol. Be careful before changing
+ * the numbers: they matter. */
+#define EXT_OR_CONN_STATE_MIN_ 1
+/** Extended ORPort authentication is waiting for the authentication
+ * type selected by the client. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1
+/** Extended ORPort authentication is waiting for the client nonce. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2
+/** Extended ORPort authentication is waiting for the client hash. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
+#define EXT_OR_CONN_STATE_AUTH_MAX 3
+/** Authentication finished and the Extended ORPort is now accepting
+ * traffic. */
+#define EXT_OR_CONN_STATE_OPEN 4
+/** Extended ORPort is flushing its last messages and preparing to
+ * start accepting OR connections. */
+#define EXT_OR_CONN_STATE_FLUSHING 5
+#define EXT_OR_CONN_STATE_MAX_ 5
+
int connection_ext_or_start_auth(or_connection_t *or_conn);
ext_or_cmd_t *ext_or_cmd_new(uint16_t len);
@@ -43,4 +62,3 @@ extern int ext_or_auth_cookie_is_set;
#endif /* defined(EXT_ORPORT_PRIVATE) */
#endif /* !defined(EXT_ORPORT_H) */
-
diff --git a/src/or/extend_info_st.h b/src/or/extend_info_st.h
index 36eb3cd135..277766c4d6 100644
--- a/src/or/extend_info_st.h
+++ b/src/or/extend_info_st.h
@@ -7,6 +7,9 @@
#ifndef EXTEND_INFO_ST_H
#define EXTEND_INFO_ST_H
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
/** Information on router used when extending a circuit. We don't need a
* full routerinfo_t to extend: we only need addr:port:keyid to build an OR
* connection, and onion_key to create the onionskin. Note that for onehop
@@ -25,4 +28,3 @@ struct extend_info_t {
};
#endif
-
diff --git a/src/or/geoip.h b/src/or/geoip.h
index 3a991038af..fd19b7560a 100644
--- a/src/or/geoip.h
+++ b/src/or/geoip.h
@@ -15,6 +15,64 @@
#include "lib/testsupport/testsupport.h"
#include "or/dos.h"
+/** Indicates an action that we might be noting geoip statistics on.
+ * Note that if we're noticing CONNECT, we're a bridge, and if we're noticing
+ * the others, we're not.
+ */
+typedef enum {
+ /** We've noticed a connection as a bridge relay or entry guard. */
+ GEOIP_CLIENT_CONNECT = 0,
+ /** We've served a networkstatus consensus as a directory server. */
+ GEOIP_CLIENT_NETWORKSTATUS = 1,
+} geoip_client_action_t;
+/** Indicates either a positive reply or a reason for rejectng a network
+ * status request that will be included in geoip statistics. */
+typedef enum {
+ /** Request is answered successfully. */
+ GEOIP_SUCCESS = 0,
+ /** V3 network status is not signed by a sufficient number of requested
+ * authorities. */
+ GEOIP_REJECT_NOT_ENOUGH_SIGS = 1,
+ /** Requested network status object is unavailable. */
+ GEOIP_REJECT_UNAVAILABLE = 2,
+ /** Requested network status not found. */
+ GEOIP_REJECT_NOT_FOUND = 3,
+ /** Network status has not been modified since If-Modified-Since time. */
+ GEOIP_REJECT_NOT_MODIFIED = 4,
+ /** Directory is busy. */
+ GEOIP_REJECT_BUSY = 5,
+} geoip_ns_response_t;
+#define GEOIP_NS_RESPONSE_NUM 6
+
+/** Directory requests that we are measuring can be either direct or
+ * tunneled. */
+typedef enum {
+ DIRREQ_DIRECT = 0,
+ DIRREQ_TUNNELED = 1,
+} dirreq_type_t;
+
+/** Possible states for either direct or tunneled directory requests that
+ * are relevant for determining network status download times. */
+typedef enum {
+ /** Found that the client requests a network status; applies to both
+ * direct and tunneled requests; initial state of a request that we are
+ * measuring. */
+ DIRREQ_IS_FOR_NETWORK_STATUS = 0,
+ /** Finished writing a network status to the directory connection;
+ * applies to both direct and tunneled requests; completes a direct
+ * request. */
+ DIRREQ_FLUSHING_DIR_CONN_FINISHED = 1,
+ /** END cell sent to circuit that initiated a tunneled request. */
+ DIRREQ_END_CELL_SENT = 2,
+ /** Flushed last cell from queue of the circuit that initiated a
+ * tunneled request to the outbuf of the OR connection. */
+ DIRREQ_CIRC_QUEUE_FLUSHED = 3,
+ /** Flushed last byte from buffer of the channel belonging to the
+ * circuit that initiated a tunneled request; completes a tunneled
+ * request. */
+ DIRREQ_CHANNEL_BUFFER_FLUSHED = 4
+} dirreq_state_t;
+
#ifdef GEOIP_PRIVATE
STATIC int geoip_parse_entry(const char *line, sa_family_t family);
STATIC int geoip_get_country_by_ipv4(uint32_t ipaddr);
@@ -97,4 +155,3 @@ char *geoip_get_bridge_stats_controller(time_t);
char *format_client_stats_heartbeat(time_t now);
#endif /* !defined(TOR_GEOIP_H) */
-
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index 12264f758f..c44e974fc1 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -41,8 +41,14 @@ hibernating, phase 2:
#include "or/main.h"
#include "or/router.h"
#include "or/statefile.h"
+#include "common/compat_libevent.h"
#include "or/or_connection_st.h"
+#include "or/or_state_st.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
/** Are we currently awake, asleep, running out of bandwidth, or shutting
* down? */
@@ -1227,4 +1233,3 @@ hibernate_set_state_for_testing_(hibernate_state_t newstate)
hibernate_state = newstate;
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/hs_cache.c b/src/or/hs_cache.c
index a42fe6b1a3..3772e0c0ed 100644
--- a/src/or/hs_cache.c
+++ b/src/or/hs_cache.c
@@ -11,6 +11,7 @@
#include "or/or.h"
#include "or/config.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/hs_ident.h"
#include "or/hs_common.h"
@@ -976,4 +977,3 @@ hs_cache_free_all(void)
cache_client_intro_state_free_void);
hs_cache_client_intro_state = NULL;
}
-
diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h
index 78ed81b6e0..1e479700fa 100644
--- a/src/or/hs_cache.h
+++ b/src/or/hs_cache.h
@@ -11,12 +11,13 @@
#include <stdint.h>
-#include "lib/crypt_ops/crypto_ed25519.h"
#include "or/hs_common.h"
#include "or/hs_descriptor.h"
#include "or/rendcommon.h"
#include "or/torcert.h"
+struct ed25519_public_key_t;
+
/* This is the maximum time an introduction point state object can stay in the
* client cache in seconds (2 mins or 120 seconds). */
#define HS_CACHE_CLIENT_INTRO_STATE_MAX_AGE (2 * 60)
@@ -79,30 +80,32 @@ int hs_cache_lookup_as_dir(uint32_t version, const char *query,
const char **desc_out);
const hs_descriptor_t *
-hs_cache_lookup_as_client(const ed25519_public_key_t *key);
+hs_cache_lookup_as_client(const struct ed25519_public_key_t *key);
const char *
-hs_cache_lookup_encoded_as_client(const ed25519_public_key_t *key);
+hs_cache_lookup_encoded_as_client(const struct ed25519_public_key_t *key);
int hs_cache_store_as_client(const char *desc_str,
- const ed25519_public_key_t *identity_pk);
+ const struct ed25519_public_key_t *identity_pk);
void hs_cache_clean_as_client(time_t now);
void hs_cache_purge_as_client(void);
/* Client failure cache. */
-void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk,
- const ed25519_public_key_t *auth_key,
- rend_intro_point_failure_t failure);
+void hs_cache_client_intro_state_note(
+ const struct ed25519_public_key_t *service_pk,
+ const struct ed25519_public_key_t *auth_key,
+ rend_intro_point_failure_t failure);
const hs_cache_intro_state_t *hs_cache_client_intro_state_find(
- const ed25519_public_key_t *service_pk,
- const ed25519_public_key_t *auth_key);
+ const struct ed25519_public_key_t *service_pk,
+ const struct ed25519_public_key_t *auth_key);
void hs_cache_client_intro_state_clean(time_t now);
void hs_cache_client_intro_state_purge(void);
#ifdef HS_CACHE_PRIVATE
+#include "lib/crypt_ops/crypto_ed25519.h"
/** Represents a locally cached HS descriptor on a hidden service client. */
typedef struct hs_cache_client_descriptor_t {
/* This object is indexed using the service identity public key */
- ed25519_public_key_t key;
+ struct ed25519_public_key_t key;
/* When will this entry expire? We expire cached client descriptors in the
* start of the next time period, since that's when clients need to start
@@ -125,4 +128,3 @@ lookup_v3_desc_as_client(const uint8_t *key);
#endif /* defined(HS_CACHE_PRIVATE) */
#endif /* !defined(TOR_HS_CACHE_H) */
-
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 9fcb30ecc6..5a2c7e4e42 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -13,6 +13,7 @@
#include "or/circuitlist.h"
#include "or/circuituse.h"
#include "or/config.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/nodelist.h"
@@ -23,6 +24,7 @@
#include "or/router.h"
#include "or/hs_cell.h"
+#include "or/hs_circuitmap.h"
#include "or/hs_ident.h"
#include "or/hs_ntor.h"
#include "or/hs_service.h"
@@ -102,7 +104,8 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
/* We are a v2 legacy HS client: Create and return a crypt path for the hidden
* service on the other side of the rendezvous circuit <b>circ</b>. Initialize
* the crypt path crypto using the body of the RENDEZVOUS1 cell at
- * <b>rend_cell_body</b> (which must be at least DH_KEY_LEN+DIGEST_LEN bytes).
+ * <b>rend_cell_body</b> (which must be at least DH1024_KEY_LEN+DIGEST_LEN
+ * bytes).
*/
static crypt_path_t *
create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
@@ -110,7 +113,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
crypt_path_t *hop = NULL;
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
- /* first DH_KEY_LEN bytes are g^y from the service. Finish the dh
+ /* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh
* handshake...*/
tor_assert(circ->build_state);
tor_assert(circ->build_state->pending_final_cpath);
@@ -118,7 +121,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
tor_assert(hop->rend_dh_handshake_state);
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
- (char*)rend_cell_body, DH_KEY_LEN,
+ (char*)rend_cell_body, DH1024_KEY_LEN,
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
goto err;
@@ -130,7 +133,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
goto err;
/* Check whether the digest is right... */
- if (tor_memneq(keys, rend_cell_body+DH_KEY_LEN, DIGEST_LEN)) {
+ if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) {
log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
goto err;
}
@@ -1244,4 +1247,3 @@ hs_circ_cleanup(circuit_t *circ)
hs_circuitmap_remove_circuit(circ);
}
}
-
diff --git a/src/or/hs_circuitmap.c b/src/or/hs_circuitmap.c
index 21db652492..c4bf9fab43 100644
--- a/src/or/hs_circuitmap.c
+++ b/src/or/hs_circuitmap.c
@@ -583,4 +583,3 @@ hs_circuitmap_free_all(void)
tor_free(the_hs_circuitmap);
}
}
-
diff --git a/src/or/hs_circuitmap.h b/src/or/hs_circuitmap.h
index 2118a6414a..c39a37c052 100644
--- a/src/or/hs_circuitmap.h
+++ b/src/or/hs_circuitmap.h
@@ -11,7 +11,7 @@
typedef HT_HEAD(hs_circuitmap_ht, circuit_t) hs_circuitmap_ht;
-typedef struct hs_token_s hs_token_t;
+typedef struct hs_token_t hs_token_t;
struct or_circuit_t;
struct origin_circuit_t;
@@ -90,7 +90,7 @@ typedef enum {
/** Represents a token used in the HS protocol. Each such token maps to a
* specific introduction or rendezvous circuit. */
-struct hs_token_s {
+struct hs_token_t {
/* Type of HS token. */
hs_token_type_t type;
@@ -110,4 +110,3 @@ hs_circuitmap_ht *get_hs_circuitmap(void);
#endif /* TOR_UNIT_TESTS */
#endif /* !defined(TOR_HS_CIRCUITMAP_H) */
-
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 8fddd51a47..cc461e368d 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -16,12 +16,14 @@
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/directory.h"
#include "or/hs_cache.h"
#include "or/hs_cell.h"
#include "or/hs_circuit.h"
+#include "or/hs_circuitmap.h"
#include "or/hs_client.h"
#include "or/hs_control.h"
#include "or/hs_descriptor.h"
@@ -1619,4 +1621,3 @@ hs_client_dir_info_changed(void)
* AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
retry_all_socks_conn_waiting_for_desc();
}
-
diff --git a/src/or/hs_common.c b/src/or/hs_common.c
index e88a04620e..d91f45a639 100644
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -1823,4 +1823,3 @@ hs_inc_rdv_stream_counter(origin_circuit_t *circ)
tor_assert_nonfatal_unreached();
}
}
-
diff --git a/src/or/hs_common.h b/src/or/hs_common.h
index 6d60d7799f..24f5f3a20f 100644
--- a/src/or/hs_common.h
+++ b/src/or/hs_common.h
@@ -10,6 +10,11 @@
#define TOR_HS_COMMON_H
#include "or/or.h"
+#include "lib/defs/x25519_sizes.h"
+
+struct curve25519_public_key_t;
+struct ed25519_public_key_t;
+struct ed25519_keypair_t;
/* Trunnel */
#include "trunnel/ed25519_cert.h"
@@ -122,7 +127,7 @@
* bigger than the 84 bytes needed for version 3 so we need to pad up to that
* length so it is indistinguishable between versions. */
#define HS_LEGACY_RENDEZVOUS_CELL_SIZE \
- (REND_COOKIE_LEN + DH_KEY_LEN + DIGEST_LEN)
+ (REND_COOKIE_LEN + DH1024_KEY_LEN + DIGEST_LEN)
/* Type of authentication key used by an introduction point. */
typedef enum {
@@ -167,20 +172,20 @@ int hs_check_service_private_dir(const char *username, const char *path,
int hs_get_service_max_rend_failures(void);
char *hs_path_from_filename(const char *directory, const char *filename);
-void hs_build_address(const ed25519_public_key_t *key, uint8_t version,
+void hs_build_address(const struct ed25519_public_key_t *key, uint8_t version,
char *addr_out);
int hs_address_is_valid(const char *address);
-int hs_parse_address(const char *address, ed25519_public_key_t *key_out,
+int hs_parse_address(const char *address, struct ed25519_public_key_t *key_out,
uint8_t *checksum_out, uint8_t *version_out);
-void hs_build_blinded_pubkey(const ed25519_public_key_t *pubkey,
+void hs_build_blinded_pubkey(const struct ed25519_public_key_t *pubkey,
const uint8_t *secret, size_t secret_len,
uint64_t time_period_num,
- ed25519_public_key_t *pubkey_out);
-void hs_build_blinded_keypair(const ed25519_keypair_t *kp,
+ struct ed25519_public_key_t *pubkey_out);
+void hs_build_blinded_keypair(const struct ed25519_keypair_t *kp,
const uint8_t *secret, size_t secret_len,
uint64_t time_period_num,
- ed25519_keypair_t *kp_out);
+ struct ed25519_keypair_t *kp_out);
int hs_service_requires_uptime_circ(const smartlist_t *ports);
void rend_data_free_(rend_data_t *data);
@@ -203,8 +208,8 @@ const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data,
routerstatus_t *pick_hsdir(const char *desc_id, const char *desc_id_base32);
-void hs_get_subcredential(const ed25519_public_key_t *identity_pk,
- const ed25519_public_key_t *blinded_pk,
+void hs_get_subcredential(const struct ed25519_public_key_t *identity_pk,
+ const struct ed25519_public_key_t *blinded_pk,
uint8_t *subcred_out);
uint64_t hs_get_previous_time_period_num(time_t now);
@@ -222,18 +227,18 @@ uint8_t *hs_get_current_srv(uint64_t time_period_num,
uint8_t *hs_get_previous_srv(uint64_t time_period_num,
const networkstatus_t *ns);
-void hs_build_hsdir_index(const ed25519_public_key_t *identity_pk,
+void hs_build_hsdir_index(const struct ed25519_public_key_t *identity_pk,
const uint8_t *srv, uint64_t period_num,
uint8_t *hsdir_index_out);
void hs_build_hs_index(uint64_t replica,
- const ed25519_public_key_t *blinded_pk,
+ const struct ed25519_public_key_t *blinded_pk,
uint64_t period_num, uint8_t *hs_index_out);
int32_t hs_get_hsdir_n_replicas(void);
int32_t hs_get_hsdir_spread_fetch(void);
int32_t hs_get_hsdir_spread_store(void);
-void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
+void hs_get_responsible_hsdirs(const struct ed25519_public_key_t *blinded_pk,
uint64_t time_period_num,
int use_second_hsdir_index,
int for_fetching, smartlist_t *responsible_dirs);
@@ -254,8 +259,8 @@ void hs_inc_rdv_stream_counter(origin_circuit_t *circ);
void hs_dec_rdv_stream_counter(origin_circuit_t *circ);
extend_info_t *hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
- const curve25519_public_key_t *onion_key,
- int direct_conn);
+ const struct curve25519_public_key_t *onion_key,
+ int direct_conn);
#ifdef HS_COMMON_PRIVATE
@@ -281,4 +286,3 @@ STATIC uint8_t *get_second_cached_disaster_srv(void);
#endif /* defined(HS_COMMON_PRIVATE) */
#endif /* !defined(TOR_HS_COMMON_H) */
-
diff --git a/src/or/hs_config.c b/src/or/hs_config.c
index c8ce5b43fa..cb55faa9d5 100644
--- a/src/or/hs_config.c
+++ b/src/or/hs_config.c
@@ -29,6 +29,8 @@
#include "or/hs_config.h"
#include "or/hs_service.h"
#include "or/rendservice.h"
+#include "lib/encoding/confline.h"
+#include "or/or_options_st.h"
/* Using the given list of services, stage them into our global state. Every
* service version are handled. This function can remove entries in the given
@@ -587,4 +589,3 @@ hs_config_service_all(const or_options_t *options, int validate_only)
/* Tor main should call the free all function on error. */
return ret;
}
-
diff --git a/src/or/hs_control.c b/src/or/hs_control.c
index 76c40918bb..be456e8da4 100644
--- a/src/or/hs_control.c
+++ b/src/or/hs_control.c
@@ -8,6 +8,7 @@
#include "or/or.h"
#include "or/control.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/hs_common.h"
#include "or/hs_control.h"
@@ -258,4 +259,3 @@ hs_control_hspost_command(const char *body, const char *onion_address,
smartlist_free(hsdirs);
return ret;
}
-
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 8971ec59f3..5fd8971dc0 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -66,6 +66,8 @@
#include "or/hs_cache.h"
#include "or/hs_config.h"
#include "or/torcert.h" /* tor_cert_encode_ed22519() */
+#include "lib/memarea/memarea.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "or/extend_info_st.h"
@@ -2607,4 +2609,3 @@ hs_desc_lspec_to_trunnel(const hs_desc_link_specifier_t *spec)
return ls;
}
-
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index d16234969d..7a4010cd3b 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -12,9 +12,6 @@
#include <stdint.h>
#include "or/or.h"
-#include "lib/net/address.h"
-#include "lib/crypt_ops/crypto.h"
-#include "lib/crypt_ops/crypto_ed25519.h"
#include "trunnel/ed25519_cert.h" /* needed for trunnel */
#include "or/torcert.h"
@@ -281,4 +278,3 @@ MOCK_DECL(STATIC size_t, decrypt_desc_layer,(const hs_descriptor_t *desc,
#endif /* defined(HS_DESCRIPTOR_PRIVATE) */
#endif /* !defined(TOR_HS_DESCRIPTOR_H) */
-
diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c
index 6c0729b050..2594058679 100644
--- a/src/or/hs_intropoint.c
+++ b/src/or/hs_intropoint.c
@@ -15,6 +15,7 @@
#include "or/relay.h"
#include "or/rendmid.h"
#include "or/rephist.h"
+#include "lib/crypt_ops/crypto_format.h"
/* Trunnel */
#include "trunnel/ed25519_cert.h"
@@ -611,4 +612,3 @@ hs_intropoint_clear(hs_intropoint_t *ip)
smartlist_free(ip->link_specifiers);
memset(ip, 0, sizeof(hs_intropoint_t));
}
-
diff --git a/src/or/hs_ntor.c b/src/or/hs_ntor.c
index a8a76ed54d..b5007545db 100644
--- a/src/or/hs_ntor.c
+++ b/src/or/hs_ntor.c
@@ -26,6 +26,8 @@
#include "or/or.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "or/hs_ntor.h"
/* String constants used by the ntor HS protocol */
@@ -616,4 +618,3 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
return 0;
}
-
diff --git a/src/or/hs_ntor.h b/src/or/hs_ntor.h
index cc4afd536b..67a9573436 100644
--- a/src/or/hs_ntor.h
+++ b/src/or/hs_ntor.h
@@ -5,6 +5,9 @@
#define TOR_HS_NTOR_H
#include "or/or.h"
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+struct curve25519_keypair_t;
/* Output length of KDF for key expansion */
#define HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN \
@@ -28,32 +31,32 @@ typedef struct {
} hs_ntor_rend_cell_keys_t;
int hs_ntor_client_get_introduce1_keys(
- const ed25519_public_key_t *intro_auth_pubkey,
- const curve25519_public_key_t *intro_enc_pubkey,
- const curve25519_keypair_t *client_ephemeral_enc_keypair,
- const uint8_t *subcredential,
- hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
+ const struct ed25519_public_key_t *intro_auth_pubkey,
+ const struct curve25519_public_key_t *intro_enc_pubkey,
+ const struct curve25519_keypair_t *client_ephemeral_enc_keypair,
+ const uint8_t *subcredential,
+ hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
int hs_ntor_client_get_rendezvous1_keys(
- const ed25519_public_key_t *intro_auth_pubkey,
- const curve25519_keypair_t *client_ephemeral_enc_keypair,
- const curve25519_public_key_t *intro_enc_pubkey,
- const curve25519_public_key_t *service_ephemeral_rend_pubkey,
- hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
+ const struct ed25519_public_key_t *intro_auth_pubkey,
+ const struct curve25519_keypair_t *client_ephemeral_enc_keypair,
+ const struct curve25519_public_key_t *intro_enc_pubkey,
+ const struct curve25519_public_key_t *service_ephemeral_rend_pubkey,
+ hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
int hs_ntor_service_get_introduce1_keys(
- const ed25519_public_key_t *intro_auth_pubkey,
- const curve25519_keypair_t *intro_enc_keypair,
- const curve25519_public_key_t *client_ephemeral_enc_pubkey,
- const uint8_t *subcredential,
- hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
+ const struct ed25519_public_key_t *intro_auth_pubkey,
+ const struct curve25519_keypair_t *intro_enc_keypair,
+ const struct curve25519_public_key_t *client_ephemeral_enc_pubkey,
+ const uint8_t *subcredential,
+ hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
int hs_ntor_service_get_rendezvous1_keys(
- const ed25519_public_key_t *intro_auth_pubkey,
- const curve25519_keypair_t *intro_enc_keypair,
- const curve25519_keypair_t *service_ephemeral_rend_keypair,
- const curve25519_public_key_t *client_ephemeral_enc_pubkey,
- hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
+ const struct ed25519_public_key_t *intro_auth_pubkey,
+ const struct curve25519_keypair_t *intro_enc_keypair,
+ const struct curve25519_keypair_t *service_ephemeral_rend_keypair,
+ const struct curve25519_public_key_t *client_ephemeral_enc_pubkey,
+ hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed,
size_t seed_len,
@@ -64,4 +67,3 @@ int hs_ntor_client_rendezvous2_mac_is_good(
const uint8_t *rcvd_mac);
#endif /* !defined(TOR_HS_NTOR_H) */
-
diff --git a/src/or/hs_service.c b/src/or/hs_service.c
index b5649e2636..6cb01b57c9 100644
--- a/src/or/hs_service.c
+++ b/src/or/hs_service.c
@@ -45,13 +45,24 @@
#include "or/networkstatus_st.h"
#include "or/node_st.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#include "or/routerstatus_st.h"
+#include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
+
/* Trunnel */
#include "trunnel/ed25519_cert.h"
#include "trunnel/hs/cell_common.h"
#include "trunnel/hs/cell_establish_intro.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
/* Helper macro. Iterate over every service in the global map. The var is the
* name of the service pointer. */
#define FOR_EACH_SERVICE_BEGIN(var) \
@@ -3631,4 +3642,3 @@ get_first_service(void)
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/include.am b/src/or/include.am
index 491341374d..9b5f7c1f60 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -75,7 +75,7 @@ LIBTOR_APP_A_SOURCES = \
src/or/onion_fast.c \
src/or/onion_tap.c \
src/or/transports.c \
- src/or/parsecommon.c \
+ src/or/parsecommon.c \
src/or/periodic.c \
src/or/protover.c \
src/or/protover_rust.c \
@@ -180,6 +180,7 @@ endif
ORHEADERS = \
src/or/addressmap.h \
+ src/or/addr_policy_st.h \
src/or/authority_cert_st.h \
src/or/auth_dirs.inc \
src/or/bridges.h \
@@ -274,6 +275,8 @@ ORHEADERS = \
src/or/or_connection_st.h \
src/or/or_handshake_certs_st.h \
src/or/or_handshake_state_st.h \
+ src/or/or_options_st.h \
+ src/or/or_state_st.h \
src/or/origin_circuit_st.h \
src/or/transports.h \
src/or/parsecommon.h \
diff --git a/src/or/main.c b/src/or/main.c
index 81a8cfbee9..b48c0b813b 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -116,6 +116,10 @@
#include "lib/sandbox/sandbox.h"
#include "lib/fs/lockfile.h"
#include "lib/net/buffers_net.h"
+#include "lib/tls/tortls.h"
+#include "common/compat_libevent.h"
+#include "lib/encoding/confline.h"
+#include "common/timers.h"
#include <event2/event.h>
@@ -127,10 +131,15 @@
#include "or/entry_connection_st.h"
#include "or/networkstatus_st.h"
#include "or/or_connection_st.h"
+#include "or/or_state_st.h"
#include "or/port_cfg_st.h"
#include "or/routerinfo_st.h"
#include "or/socks_request_st.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
#ifdef HAVE_SYSTEMD
# if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
diff --git a/src/or/main.h b/src/or/main.h
index 214a9b3b0a..90146f4bd4 100644
--- a/src/or/main.h
+++ b/src/or/main.h
@@ -96,10 +96,12 @@ uint64_t get_main_loop_idle_count(void);
void periodic_events_on_new_options(const or_options_t *options);
void reschedule_per_second_timer(void);
+struct token_bucket_rw_t;
+
extern time_t time_of_process_start;
extern int quiet_level;
-extern token_bucket_rw_t global_bucket;
-extern token_bucket_rw_t global_relayed_bucket;
+extern struct token_bucket_rw_t global_bucket;
+extern struct token_bucket_rw_t global_relayed_bucket;
#ifdef MAIN_PRIVATE
STATIC void init_connection_lists(void);
@@ -118,4 +120,3 @@ extern periodic_event_item_t periodic_events[];
#endif /* defined(MAIN_PRIVATE) */
#endif /* !defined(TOR_MAIN_H) */
-
diff --git a/src/or/microdesc.c b/src/or/microdesc.c
index 838c966a20..a0e95b66b2 100644
--- a/src/or/microdesc.c
+++ b/src/or/microdesc.c
@@ -30,6 +30,13 @@
#include "or/node_st.h"
#include "or/routerstatus_st.h"
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
/** A data structure to hold a bunch of cached microdescriptors. There are
* two active files in the cache: a "cache file" that we mmap, and a "journal
* file" that we append to. Periodically, we rebuild the cache file to hold
diff --git a/src/or/microdesc_st.h b/src/or/microdesc_st.h
index 256659e679..e9dc3e0174 100644
--- a/src/or/microdesc_st.h
+++ b/src/or/microdesc_st.h
@@ -7,6 +7,10 @@
#ifndef MICRODESC_ST_H
#define MICRODESC_ST_H
+struct curve25519_public_key_t;
+struct ed25519_public_key_t;
+struct short_policy_t;
+
/** A microdescriptor is the smallest amount of information needed to build a
* circuit through a router. They are generated by the directory authorities,
* using information from the uploaded routerinfo documents. They are not
@@ -52,9 +56,9 @@ struct microdesc_t {
/** As routerinfo_t.onion_pkey */
crypto_pk_t *onion_pkey;
/** As routerinfo_t.onion_curve25519_pkey */
- curve25519_public_key_t *onion_curve25519_pkey;
+ struct curve25519_public_key_t *onion_curve25519_pkey;
/** Ed25519 identity key, if included. */
- ed25519_public_key_t *ed25519_identity_pkey;
+ struct ed25519_public_key_t *ed25519_identity_pkey;
/** As routerinfo_t.ipv6_addr */
tor_addr_t ipv6_addr;
/** As routerinfo_t.ipv6_orport */
@@ -62,10 +66,9 @@ struct microdesc_t {
/** As routerinfo_t.family */
smartlist_t *family;
/** IPv4 exit policy summary */
- short_policy_t *exit_policy;
+ struct short_policy_t *exit_policy;
/** IPv6 exit policy summary */
- short_policy_t *ipv6_exit_policy;
+ struct short_policy_t *ipv6_exit_policy;
};
#endif
-
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index b12846197c..f91e46cdd7 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -45,6 +45,7 @@
#include "or/circuitstats.h"
#include "or/config.h"
#include "or/connection.h"
+#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
@@ -87,6 +88,10 @@
#include "or/vote_microdesc_hash_st.h"
#include "or/vote_routerstatus_st.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
/** Most recently received and validated v3 "ns"-flavored consensus network
* status. */
STATIC networkstatus_t *current_ns_consensus = NULL;
@@ -2719,4 +2724,3 @@ networkstatus_free_all(void)
tor_free(waiting->body);
}
}
-
diff --git a/src/or/networkstatus_st.h b/src/or/networkstatus_st.h
index 4fc04a5aa7..4a193ad149 100644
--- a/src/or/networkstatus_st.h
+++ b/src/or/networkstatus_st.h
@@ -9,6 +9,13 @@
#include "or/networkstatus_sr_info_st.h"
+/** Enumerates the possible seriousness values of a networkstatus document. */
+typedef enum networkstatus_type_t {
+ NS_TYPE_VOTE,
+ NS_TYPE_CONSENSUS,
+ NS_TYPE_OPINION,
+} networkstatus_type_t;
+
/** A common structure to hold a v3 network status vote, or a v3 network
* status consensus. */
struct networkstatus_t {
@@ -92,4 +99,3 @@ struct networkstatus_t {
};
#endif
-
diff --git a/src/or/node_st.h b/src/or/node_st.h
index cc777003d8..d56ce27884 100644
--- a/src/or/node_st.h
+++ b/src/or/node_st.h
@@ -8,6 +8,7 @@
#define NODE_ST_H
#include "or/hsdir_index_st.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
/** A node_t represents a Tor router.
*
@@ -99,4 +100,3 @@ struct node_t {
};
#endif
-
diff --git a/src/or/nodelist.h b/src/or/nodelist.h
index 06aec0bad5..ed3a542971 100644
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -12,15 +12,19 @@
#ifndef TOR_NODELIST_H
#define TOR_NODELIST_H
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
#define node_assert_ok(n) STMT_BEGIN { \
tor_assert((n)->ri || (n)->rs); \
} STMT_END
MOCK_DECL(node_t *, node_get_mutable_by_id,(const char *identity_digest));
MOCK_DECL(const node_t *, node_get_by_id, (const char *identity_digest));
-node_t *node_get_mutable_by_ed25519_id(const ed25519_public_key_t *ed_id);
+node_t *node_get_mutable_by_ed25519_id(
+ const struct ed25519_public_key_t *ed_id);
MOCK_DECL(const node_t *, node_get_by_ed25519_id,
- (const ed25519_public_key_t *ed_id));
+ (const struct ed25519_public_key_t *ed_id));
#define NNF_NO_WARN_UNNAMED (1u<<0)
@@ -65,9 +69,9 @@ uint32_t node_get_prim_addr_ipv4h(const node_t *node);
void node_get_address_string(const node_t *node, char *cp, size_t len);
long node_get_declared_uptime(const node_t *node);
const smartlist_t *node_get_declared_family(const node_t *node);
-const ed25519_public_key_t *node_get_ed25519_id(const node_t *node);
+const struct ed25519_public_key_t *node_get_ed25519_id(const node_t *node);
int node_ed25519_id_matches(const node_t *node,
- const ed25519_public_key_t *id);
+ const struct ed25519_public_key_t *id);
int node_supports_ed25519_link_authentication(const node_t *node,
int compatible_with_us);
int node_supports_v3_hsdir(const node_t *node);
@@ -89,7 +93,7 @@ void node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_dirport(const node_t *node, tor_addr_port_t *ap_out);
void node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out);
int node_has_curve25519_onion_key(const node_t *node);
-const curve25519_public_key_t *node_get_curve25519_onion_key(
+const struct curve25519_public_key_t *node_get_curve25519_onion_key(
const node_t *node);
MOCK_DECL(smartlist_t *, nodelist_get_list, (void));
@@ -162,4 +166,3 @@ node_set_hsdir_index(node_t *node, const networkstatus_t *ns);
MOCK_DECL(int, get_estimated_address_per_node, (void));
#endif /* !defined(TOR_NODELIST_H) */
-
diff --git a/src/or/ntmain.c b/src/or/ntmain.c
index e23a41fb83..99e77a285e 100644
--- a/src/or/ntmain.c
+++ b/src/or/ntmain.c
@@ -25,6 +25,7 @@
#include "or/ntmain.h"
#include "lib/log/win32err.h"
#include "lib/fs/winlib.h"
+#include "common/compat_libevent.h"
#include <windows.h>
#define GENSRV_SERVICENAME "tor"
diff --git a/src/or/onion.c b/src/or/onion.c
index 776aacbf78..80d8e1a8b1 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -68,6 +68,7 @@
#include "or/config.h"
#include "or/cpuworker.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "or/networkstatus.h"
#include "or/onion.h"
#include "or/onion_fast.h"
@@ -558,7 +559,7 @@ onion_skin_server_handshake(int type,
(char*)keys_out, keys_out_len)<0)
return -1;
r = TAP_ONIONSKIN_REPLY_LEN;
- memcpy(rend_nonce_out, reply_out+DH_KEY_LEN, DIGEST_LEN);
+ memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_FAST:
if (onionskin_len != CREATE_FAST_LEN)
@@ -635,7 +636,7 @@ onion_skin_client_handshake(int type,
msg_out) < 0)
return -1;
- memcpy(rend_authenticator_out, reply+DH_KEY_LEN, DIGEST_LEN);
+ memcpy(rend_authenticator_out, reply+DH1024_KEY_LEN, DIGEST_LEN);
return 0;
case ONION_HANDSHAKE_TYPE_FAST:
@@ -1343,4 +1344,3 @@ extended_cell_format(uint8_t *command_out, uint16_t *len_out,
return 0;
}
-
diff --git a/src/or/onion.h b/src/or/onion.h
index 57224f629e..ff70f299d5 100644
--- a/src/or/onion.h
+++ b/src/or/onion.h
@@ -13,6 +13,10 @@
#define TOR_ONION_H
struct create_cell_t;
+struct curve25519_keypair_t;
+struct curve25519_public_key_t;
+#include "lib/crypt_ops/crypto_ed25519.h"
+
int onion_pending_add(or_circuit_t *circ, struct create_cell_t *onionskin);
or_circuit_t *onion_next_task(struct create_cell_t **onionskin_out);
int onion_num_pending(uint16_t handshake_type);
@@ -23,8 +27,8 @@ typedef struct server_onion_keys_t {
uint8_t my_identity[DIGEST_LEN];
crypto_pk_t *onion_key;
crypto_pk_t *last_onion_key;
- di_digest256_map_t *curve25519_key_map;
- curve25519_keypair_t *junk_keypair;
+ struct di_digest256_map_t *curve25519_key_map;
+ struct curve25519_keypair_t *junk_keypair;
} server_onion_keys_t;
#define MAX_ONIONSKIN_CHALLENGE_LEN 255
@@ -88,7 +92,7 @@ typedef struct extend_cell_t {
/** Identity fingerprint of the node we're conecting to.*/
uint8_t node_id[DIGEST_LEN];
/** Ed25519 public identity key. Zero if not set. */
- ed25519_public_key_t ed_pubkey;
+ struct ed25519_public_key_t ed_pubkey;
/** The "create cell" embedded in this extend cell. Note that unlike the
* create cells we generate ourself, this once can have a handshake type we
* don't recognize. */
@@ -122,4 +126,3 @@ int extended_cell_format(uint8_t *command_out, uint16_t *len_out,
uint8_t *payload_out, const extended_cell_t *cell_in);
#endif /* !defined(TOR_ONION_H) */
-
diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c
index 7d555c26e7..6e834ccf95 100644
--- a/src/or/onion_fast.c
+++ b/src/or/onion_fast.c
@@ -29,6 +29,7 @@
#include "or/or.h"
#include "or/onion_fast.h"
+#include "lib/crypt_ops/crypto_hkdf.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
@@ -141,4 +142,3 @@ fast_client_handshake(const fast_handshake_state_t *handshake_state,
tor_free(out);
return r;
}
-
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index 3a60d1b7ec..34b1112020 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -27,6 +27,7 @@
#include "lib/crypt_ops/crypto_util.h"
#include "or/onion_ntor.h"
#include "lib/log/torlog.h"
+#include "lib/ctime/di_ops.h"
#include "common/util.h"
/** Free storage held in an ntor handshake state. */
@@ -335,4 +336,3 @@ onion_skin_ntor_client_handshake(
return bad ? -1 : 0;
}
-
diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h
index b4da3a8d79..0ba4abe49e 100644
--- a/src/or/onion_ntor.h
+++ b/src/or/onion_ntor.h
@@ -5,8 +5,10 @@
#define TOR_ONION_NTOR_H
#include "lib/cc/torint.h"
-#include "lib/crypt_ops/crypto_curve25519.h"
-#include "lib/ctime/di_ops.h"
+
+struct di_digest256_map_t;
+struct curve25519_public_key_t;
+struct curve25519_keypair_t;
/** State to be maintained by a client between sending an ntor onionskin
* and receiving a reply. */
@@ -22,17 +24,17 @@ void ntor_handshake_state_free_(ntor_handshake_state_t *state);
FREE_AND_NULL(ntor_handshake_state_t, ntor_handshake_state_free_, (state))
int onion_skin_ntor_create(const uint8_t *router_id,
- const curve25519_public_key_t *router_key,
+ const struct curve25519_public_key_t *router_key,
ntor_handshake_state_t **handshake_state_out,
uint8_t *onion_skin_out);
int onion_skin_ntor_server_handshake(const uint8_t *onion_skin,
- const di_digest256_map_t *private_keys,
- const curve25519_keypair_t *junk_keypair,
- const uint8_t *my_node_id,
- uint8_t *handshake_reply_out,
- uint8_t *key_out,
- size_t key_out_len);
+ const struct di_digest256_map_t *private_keys,
+ const struct curve25519_keypair_t *junk_keypair,
+ const uint8_t *my_node_id,
+ uint8_t *handshake_reply_out,
+ uint8_t *key_out,
+ size_t key_out_len);
int onion_skin_ntor_client_handshake(
const ntor_handshake_state_t *handshake_state,
@@ -42,6 +44,7 @@ int onion_skin_ntor_client_handshake(
const char **msg_out);
#ifdef ONION_NTOR_PRIVATE
+#include "lib/crypt_ops/crypto_curve25519.h"
/** Storage held by a client while waiting for an ntor reply from a server. */
struct ntor_handshake_state_t {
@@ -60,4 +63,3 @@ struct ntor_handshake_state_t {
#endif /* defined(ONION_NTOR_PRIVATE) */
#endif /* !defined(TOR_ONION_NTOR_H) */
-
diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c
index cf5963b19e..05bcce2e87 100644
--- a/src/or/onion_tap.c
+++ b/src/or/onion_tap.c
@@ -29,6 +29,7 @@
#include "or/or.h"
#include "or/config.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/onion_tap.h"
@@ -53,7 +54,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
crypto_dh_t **handshake_state_out,
char *onion_skin_out) /* TAP_ONIONSKIN_CHALLENGE_LEN bytes */
{
- char challenge[DH_KEY_LEN];
+ char challenge[DH1024_KEY_LEN];
crypto_dh_t *dh = NULL;
int dhbytes, pkbytes;
@@ -77,7 +78,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
if (crypto_pk_obsolete_public_hybrid_encrypt(dest_router_key, onion_skin_out,
TAP_ONIONSKIN_CHALLENGE_LEN,
- challenge, DH_KEY_LEN,
+ challenge, DH1024_KEY_LEN,
PK_PKCS1_OAEP_PADDING, 1)<0)
goto err;
@@ -136,7 +137,7 @@ onion_skin_TAP_server_handshake(
log_info(LD_PROTOCOL,
"Couldn't decrypt onionskin: client may be using old onion key");
goto err;
- } else if (len != DH_KEY_LEN) {
+ } else if (len != DH1024_KEY_LEN) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Unexpected onionskin length after decryption: %ld",
(long)len);
@@ -152,7 +153,7 @@ onion_skin_TAP_server_handshake(
goto err;
/* LCOV_EXCL_STOP */
}
- if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
+ if (crypto_dh_get_public(dh, handshake_reply_out, DH1024_KEY_LEN)) {
/* LCOV_EXCL_START
* This can only fail if the length of the key we just allocated is too
* big. That should be impossible. */
@@ -164,7 +165,7 @@ onion_skin_TAP_server_handshake(
key_material_len = DIGEST_LEN+key_out_len;
key_material = tor_malloc(key_material_len);
len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, challenge,
- DH_KEY_LEN, key_material,
+ DH1024_KEY_LEN, key_material,
key_material_len);
if (len < 0) {
log_info(LD_GENERAL, "crypto_dh_compute_secret failed.");
@@ -172,7 +173,7 @@ onion_skin_TAP_server_handshake(
}
/* send back H(K|0) as proof that we learned K. */
- memcpy(handshake_reply_out+DH_KEY_LEN, key_material, DIGEST_LEN);
+ memcpy(handshake_reply_out+DH1024_KEY_LEN, key_material, DIGEST_LEN);
/* use the rest of the key material for our shared keys, digests, etc */
memcpy(key_out, key_material+DIGEST_LEN, key_out_len);
@@ -212,12 +213,12 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
ssize_t len;
char *key_material=NULL;
size_t key_material_len;
- tor_assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
+ tor_assert(crypto_dh_get_bytes(handshake_state) == DH1024_KEY_LEN);
key_material_len = DIGEST_LEN + key_out_len;
key_material = tor_malloc(key_material_len);
len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, handshake_state,
- handshake_reply, DH_KEY_LEN, key_material,
+ handshake_reply, DH1024_KEY_LEN, key_material,
key_material_len);
if (len < 0) {
if (msg_out)
@@ -225,7 +226,7 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
goto err;
}
- if (tor_memneq(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) {
+ if (tor_memneq(key_material, handshake_reply+DH1024_KEY_LEN, DIGEST_LEN)) {
/* H(K) does *not* match. Something fishy. */
if (msg_out)
*msg_out = "Digest DOES NOT MATCH on onion handshake. Bug or attack.";
@@ -243,4 +244,3 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
tor_free(key_material);
return -1;
}
-
diff --git a/src/or/onion_tap.h b/src/or/onion_tap.h
index fdc2ce9123..9a3df684d6 100644
--- a/src/or/onion_tap.h
+++ b/src/or/onion_tap.h
@@ -14,25 +14,27 @@
#define TAP_ONIONSKIN_CHALLENGE_LEN (PKCS1_OAEP_PADDING_OVERHEAD+\
CIPHER_KEY_LEN+\
- DH_KEY_LEN)
-#define TAP_ONIONSKIN_REPLY_LEN (DH_KEY_LEN+DIGEST_LEN)
+ DH1024_KEY_LEN)
+#define TAP_ONIONSKIN_REPLY_LEN (DH1024_KEY_LEN+DIGEST_LEN)
-int onion_skin_TAP_create(crypto_pk_t *router_key,
- crypto_dh_t **handshake_state_out,
+struct crypto_dh_t;
+struct crypto_pk_t;
+
+int onion_skin_TAP_create(struct crypto_pk_t *router_key,
+ struct crypto_dh_t **handshake_state_out,
char *onion_skin_out);
int onion_skin_TAP_server_handshake(const char *onion_skin,
- crypto_pk_t *private_key,
- crypto_pk_t *prev_private_key,
+ struct crypto_pk_t *private_key,
+ struct crypto_pk_t *prev_private_key,
char *handshake_reply_out,
char *key_out,
size_t key_out_len);
-int onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
+int onion_skin_TAP_client_handshake(struct crypto_dh_t *handshake_state,
const char *handshake_reply,
char *key_out,
size_t key_out_len,
const char **msg_out);
#endif /* !defined(TOR_ONION_TAP_H) */
-
diff --git a/src/or/or.h b/src/or/or.h
index 63349cffbb..b0340ed1a0 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -13,82 +13,33 @@
#define TOR_OR_H
#include "orconfig.h"
+#include "lib/cc/torint.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h> /* FreeBSD needs this to know what version it is */
-#endif
-#include "lib/cc/torint.h"
-#ifdef HAVE_SYS_FCNTL_H
-#include <sys/fcntl.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_IOCTL_H
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif
-#ifdef _WIN32
-#include <winsock2.h>
-#include <io.h>
-#include <process.h>
-#include <direct.h>
-#include <windows.h>
-#endif /* defined(_WIN32) */
+#include "common/util.h"
-#include "lib/crypt_ops/crypto.h"
-#include "lib/crypt_ops/crypto_format.h"
-#include "lib/crypt_ops/crypto_dh.h"
-#include "lib/crypt_ops/crypto_hkdf.h"
-#include "lib/tls/tortls.h"
-#include "lib/log/torlog.h"
-#include "lib/container/smartlist.h"
#include "lib/container/map.h"
-#include "lib/compress/compress.h"
+#include "lib/container/smartlist.h"
+#include "lib/crypt_ops/crypto.h"
+#include "lib/defs/dh_sizes.h"
+#include "lib/encoding/binascii.h"
#include "lib/net/address.h"
-#include "common/compat_libevent.h"
+
#include "ht.h"
-#include "lib/encoding/confline.h"
-#include "or/replaycache.h"
-#include "lib/crypt_ops/crypto_curve25519.h"
-#include "lib/crypt_ops/crypto_ed25519.h"
-#include "tor_queue.h"
-#include "common/token_bucket.h"
-#include "lib/encoding/binascii.h"
-#include "or/hs_circuitmap.h"
-#include "common/util.h"
// These, more than other includes, are for keeping the other struct
// definitions working. We should remove them when we minimize our includes.
#include "or/entry_port_cfg_st.h"
+struct ed25519_public_key_t;
+struct curve25519_public_key_t;
+
/* These signals are defined to help handle_control_signal work.
*/
#ifndef SIGHUP
@@ -134,17 +85,9 @@
* equal sign or tilde, nickname. */
#define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)
-/** Maximum size, in bytes, for resized buffers. */
-#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */
-/** Maximum size, in bytes, for any directory object that we've downloaded. */
-#define MAX_DIR_DL_SIZE MAX_BUF_SIZE
-
/** For HTTP parsing: Maximum number of bytes we'll accept in the headers
* of an HTTP request or response. */
#define MAX_HEADERS_SIZE 50000
-/** Maximum size, in bytes, for any directory object that we're accepting
- * as an upload. */
-#define MAX_DIR_UL_SIZE MAX_BUF_SIZE
/** Maximum size, in bytes, of a single router descriptor uploaded to us
* as a directory authority. Caches and clients fetch whatever descriptors
@@ -187,58 +130,6 @@
/** How old do we let a saved descriptor get before force-removing it? */
#define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
-/** Possible rules for generating circuit IDs on an OR connection. */
-typedef enum {
- CIRC_ID_TYPE_LOWER=0, /**< Pick from 0..1<<15-1. */
- CIRC_ID_TYPE_HIGHER=1, /**< Pick from 1<<15..1<<16-1. */
- /** The other side of a connection is an OP: never create circuits to it,
- * and let it use any circuit ID it wants. */
- CIRC_ID_TYPE_NEITHER=2
-} circ_id_type_t;
-#define circ_id_type_bitfield_t ENUM_BF(circ_id_type_t)
-
-#define CONN_TYPE_MIN_ 3
-/** Type for sockets listening for OR connections. */
-#define CONN_TYPE_OR_LISTENER 3
-/** A bidirectional TLS connection transmitting a sequence of cells.
- * May be from an OR to an OR, or from an OP to an OR. */
-#define CONN_TYPE_OR 4
-/** A TCP connection from an onion router to a stream's destination. */
-#define CONN_TYPE_EXIT 5
-/** Type for sockets listening for SOCKS connections. */
-#define CONN_TYPE_AP_LISTENER 6
-/** A SOCKS proxy connection from the user application to the onion
- * proxy. */
-#define CONN_TYPE_AP 7
-/** Type for sockets listening for HTTP connections to the directory server. */
-#define CONN_TYPE_DIR_LISTENER 8
-/** Type for HTTP connections to the directory server. */
-#define CONN_TYPE_DIR 9
-/* Type 10 is unused. */
-/** Type for listening for connections from user interface process. */
-#define CONN_TYPE_CONTROL_LISTENER 11
-/** Type for connections from user interface process. */
-#define CONN_TYPE_CONTROL 12
-/** Type for sockets listening for transparent connections redirected by pf or
- * netfilter. */
-#define CONN_TYPE_AP_TRANS_LISTENER 13
-/** Type for sockets listening for transparent connections redirected by
- * natd. */
-#define CONN_TYPE_AP_NATD_LISTENER 14
-/** Type for sockets listening for DNS requests. */
-#define CONN_TYPE_AP_DNS_LISTENER 15
-
-/** Type for connections from the Extended ORPort. */
-#define CONN_TYPE_EXT_OR 16
-/** Type for sockets listening for Extended ORPort connections. */
-#define CONN_TYPE_EXT_OR_LISTENER 17
-/** Type for sockets listening for HTTP CONNECT tunnel connections. */
-#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18
-
-#define CONN_TYPE_MAX_ 19
-/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in
- * connection_t. */
-
/* Proxy client types */
#define PROXY_NONE 0
#define PROXY_CONNECT 1
@@ -251,355 +142,6 @@ typedef enum {
* instead use the actual underlying proxy type (see above). */
#define PROXY_PLUGGABLE 4
-/* Proxy client handshake states */
-/* We use a proxy but we haven't even connected to it yet. */
-#define PROXY_INFANT 1
-/* We use an HTTP proxy and we've sent the CONNECT command. */
-#define PROXY_HTTPS_WANT_CONNECT_OK 2
-/* We use a SOCKS4 proxy and we've sent the CONNECT command. */
-#define PROXY_SOCKS4_WANT_CONNECT_OK 3
-/* We use a SOCKS5 proxy and we try to negotiate without
- any authentication . */
-#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4
-/* We use a SOCKS5 proxy and we try to negotiate with
- Username/Password authentication . */
-#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5
-/* We use a SOCKS5 proxy and we just sent our credentials. */
-#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6
-/* We use a SOCKS5 proxy and we just sent our CONNECT command. */
-#define PROXY_SOCKS5_WANT_CONNECT_OK 7
-/* We use a proxy and we CONNECTed successfully!. */
-#define PROXY_CONNECTED 8
-
-/** True iff <b>x</b> is an edge connection. */
-#define CONN_IS_EDGE(x) \
- ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)
-
-/** State for any listener connection. */
-#define LISTENER_STATE_READY 0
-
-#define OR_CONN_STATE_MIN_ 1
-/** State for a connection to an OR: waiting for connect() to finish. */
-#define OR_CONN_STATE_CONNECTING 1
-/** State for a connection to an OR: waiting for proxy handshake to complete */
-#define OR_CONN_STATE_PROXY_HANDSHAKING 2
-/** State for an OR connection client: SSL is handshaking, not done
- * yet. */
-#define OR_CONN_STATE_TLS_HANDSHAKING 3
-/** State for a connection to an OR: We're doing a second SSL handshake for
- * renegotiation purposes. (V2 handshake only.) */
-#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4
-/** State for a connection at an OR: We're waiting for the client to
- * renegotiate (to indicate a v2 handshake) or send a versions cell (to
- * indicate a v3 handshake) */
-#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5
-/** State for an OR connection: We're done with our SSL handshake, we've done
- * renegotiation, but we haven't yet negotiated link protocol versions and
- * sent a netinfo cell. */
-#define OR_CONN_STATE_OR_HANDSHAKING_V2 6
-/** State for an OR connection: We're done with our SSL handshake, but we
- * haven't yet negotiated link protocol versions, done a V3 handshake, and
- * sent a netinfo cell. */
-#define OR_CONN_STATE_OR_HANDSHAKING_V3 7
-/** State for an OR connection: Ready to send/receive cells. */
-#define OR_CONN_STATE_OPEN 8
-#define OR_CONN_STATE_MAX_ 8
-
-/** States of the Extended ORPort protocol. Be careful before changing
- * the numbers: they matter. */
-#define EXT_OR_CONN_STATE_MIN_ 1
-/** Extended ORPort authentication is waiting for the authentication
- * type selected by the client. */
-#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1
-/** Extended ORPort authentication is waiting for the client nonce. */
-#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2
-/** Extended ORPort authentication is waiting for the client hash. */
-#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
-#define EXT_OR_CONN_STATE_AUTH_MAX 3
-/** Authentication finished and the Extended ORPort is now accepting
- * traffic. */
-#define EXT_OR_CONN_STATE_OPEN 4
-/** Extended ORPort is flushing its last messages and preparing to
- * start accepting OR connections. */
-#define EXT_OR_CONN_STATE_FLUSHING 5
-#define EXT_OR_CONN_STATE_MAX_ 5
-
-#define EXIT_CONN_STATE_MIN_ 1
-/** State for an exit connection: waiting for response from DNS farm. */
-#define EXIT_CONN_STATE_RESOLVING 1
-/** State for an exit connection: waiting for connect() to finish. */
-#define EXIT_CONN_STATE_CONNECTING 2
-/** State for an exit connection: open and ready to transmit data. */
-#define EXIT_CONN_STATE_OPEN 3
-/** State for an exit connection: waiting to be removed. */
-#define EXIT_CONN_STATE_RESOLVEFAILED 4
-#define EXIT_CONN_STATE_MAX_ 4
-
-/* The AP state values must be disjoint from the EXIT state values. */
-#define AP_CONN_STATE_MIN_ 5
-/** State for a SOCKS connection: waiting for SOCKS request. */
-#define AP_CONN_STATE_SOCKS_WAIT 5
-/** State for a SOCKS connection: got a y.onion URL; waiting to receive
- * rendezvous descriptor. */
-#define AP_CONN_STATE_RENDDESC_WAIT 6
-/** The controller will attach this connection to a circuit; it isn't our
- * job to do so. */
-#define AP_CONN_STATE_CONTROLLER_WAIT 7
-/** State for a SOCKS connection: waiting for a completed circuit. */
-#define AP_CONN_STATE_CIRCUIT_WAIT 8
-/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
-#define AP_CONN_STATE_CONNECT_WAIT 9
-/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
-#define AP_CONN_STATE_RESOLVE_WAIT 10
-/** State for a SOCKS connection: ready to send and receive. */
-#define AP_CONN_STATE_OPEN 11
-/** State for a transparent natd connection: waiting for original
- * destination. */
-#define AP_CONN_STATE_NATD_WAIT 12
-/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */
-#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
-#define AP_CONN_STATE_MAX_ 13
-
-/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
- * edge connection is not attached to any circuit. */
-#define AP_CONN_STATE_IS_UNATTACHED(s) \
- ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
-
-#define DIR_CONN_STATE_MIN_ 1
-/** State for connection to directory server: waiting for connect(). */
-#define DIR_CONN_STATE_CONNECTING 1
-/** State for connection to directory server: sending HTTP request. */
-#define DIR_CONN_STATE_CLIENT_SENDING 2
-/** State for connection to directory server: reading HTTP response. */
-#define DIR_CONN_STATE_CLIENT_READING 3
-/** State for connection to directory server: happy and finished. */
-#define DIR_CONN_STATE_CLIENT_FINISHED 4
-/** State for connection at directory server: waiting for HTTP request. */
-#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5
-/** State for connection at directory server: sending HTTP response. */
-#define DIR_CONN_STATE_SERVER_WRITING 6
-#define DIR_CONN_STATE_MAX_ 6
-
-/** True iff the purpose of <b>conn</b> means that it's a server-side
- * directory connection. */
-#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)
-
-#define CONTROL_CONN_STATE_MIN_ 1
-/** State for a control connection: Authenticated and accepting v1 commands. */
-#define CONTROL_CONN_STATE_OPEN 1
-/** State for a control connection: Waiting for authentication; speaking
- * protocol v1. */
-#define CONTROL_CONN_STATE_NEEDAUTH 2
-#define CONTROL_CONN_STATE_MAX_ 2
-
-#define DIR_PURPOSE_MIN_ 4
-/** A connection to a directory server: set after a v2 rendezvous
- * descriptor is downloaded. */
-#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4
-/** A connection to a directory server: download one or more server
- * descriptors. */
-#define DIR_PURPOSE_FETCH_SERVERDESC 6
-/** A connection to a directory server: download one or more extra-info
- * documents. */
-#define DIR_PURPOSE_FETCH_EXTRAINFO 7
-/** A connection to a directory server: upload a server descriptor. */
-#define DIR_PURPOSE_UPLOAD_DIR 8
-/** A connection to a directory server: upload a v3 networkstatus vote. */
-#define DIR_PURPOSE_UPLOAD_VOTE 10
-/** A connection to a directory server: upload a v3 consensus signature */
-#define DIR_PURPOSE_UPLOAD_SIGNATURES 11
-/** A connection to a directory server: download one or more v3 networkstatus
- * votes. */
-#define DIR_PURPOSE_FETCH_STATUS_VOTE 12
-/** A connection to a directory server: download a v3 detached signatures
- * object for a consensus. */
-#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13
-/** A connection to a directory server: download a v3 networkstatus
- * consensus. */
-#define DIR_PURPOSE_FETCH_CONSENSUS 14
-/** A connection to a directory server: download one or more directory
- * authority certificates. */
-#define DIR_PURPOSE_FETCH_CERTIFICATE 15
-
-/** Purpose for connection at a directory server. */
-#define DIR_PURPOSE_SERVER 16
-/** A connection to a hidden service directory server: upload a v2 rendezvous
- * descriptor. */
-#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17
-/** A connection to a hidden service directory server: download a v2 rendezvous
- * descriptor. */
-#define DIR_PURPOSE_FETCH_RENDDESC_V2 18
-/** A connection to a directory server: download a microdescriptor. */
-#define DIR_PURPOSE_FETCH_MICRODESC 19
-/** A connection to a hidden service directory: upload a v3 descriptor. */
-#define DIR_PURPOSE_UPLOAD_HSDESC 20
-/** A connection to a hidden service directory: fetch a v3 descriptor. */
-#define DIR_PURPOSE_FETCH_HSDESC 21
-/** A connection to a directory server: set after a hidden service descriptor
- * is downloaded. */
-#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22
-#define DIR_PURPOSE_MAX_ 22
-
-/** True iff <b>p</b> is a purpose corresponding to uploading
- * data to a directory server. */
-#define DIR_PURPOSE_IS_UPLOAD(p) \
- ((p)==DIR_PURPOSE_UPLOAD_DIR || \
- (p)==DIR_PURPOSE_UPLOAD_VOTE || \
- (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \
- (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \
- (p)==DIR_PURPOSE_UPLOAD_HSDESC)
-
-#define EXIT_PURPOSE_MIN_ 1
-/** This exit stream wants to do an ordinary connect. */
-#define EXIT_PURPOSE_CONNECT 1
-/** This exit stream wants to do a resolve (either normal or reverse). */
-#define EXIT_PURPOSE_RESOLVE 2
-#define EXIT_PURPOSE_MAX_ 2
-
-/* !!!! If any connection purpose is ever over 31, we must grow the type
- * field in connection_t. */
-
-/** Circuit state: I'm the origin, still haven't done all my handshakes. */
-#define CIRCUIT_STATE_BUILDING 0
-/** Circuit state: Waiting to process the onionskin. */
-#define CIRCUIT_STATE_ONIONSKIN_PENDING 1
-/** Circuit state: I'd like to deliver a create, but my n_chan is still
- * connecting. */
-#define CIRCUIT_STATE_CHAN_WAIT 2
-/** Circuit state: the circuit is open but we don't want to actually use it
- * until we find out if a better guard will be available.
- */
-#define CIRCUIT_STATE_GUARD_WAIT 3
-/** Circuit state: onionskin(s) processed, ready to send/receive cells. */
-#define CIRCUIT_STATE_OPEN 4
-
-#define CIRCUIT_PURPOSE_MIN_ 1
-
-/* these circuits were initiated elsewhere */
-#define CIRCUIT_PURPOSE_OR_MIN_ 1
-/** OR-side circuit purpose: normal circuit, at OR. */
-#define CIRCUIT_PURPOSE_OR 1
-/** OR-side circuit purpose: At OR, from the service, waiting for intro from
- * clients. */
-#define CIRCUIT_PURPOSE_INTRO_POINT 2
-/** OR-side circuit purpose: At OR, from the client, waiting for the service.
- */
-#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
-/** OR-side circuit purpose: At OR, both circuits have this purpose. */
-#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
-#define CIRCUIT_PURPOSE_OR_MAX_ 4
-
-/* these circuits originate at this node */
-
-/* here's how circ client-side purposes work:
- * normal circuits are C_GENERAL.
- * circuits that are c_introducing are either on their way to
- * becoming open, or they are open and waiting for a
- * suitable rendcirc before they send the intro.
- * circuits that are c_introduce_ack_wait have sent the intro,
- * but haven't gotten a response yet.
- * circuits that are c_establish_rend are either on their way
- * to becoming open, or they are open and have sent the
- * establish_rendezvous cell but haven't received an ack.
- * circuits that are c_rend_ready are open and have received a
- * rend ack, but haven't heard from the service yet. if they have a
- * buildstate->pending_final_cpath then they're expecting a
- * cell from the service, else they're not.
- * circuits that are c_rend_ready_intro_acked are open, and
- * some intro circ has sent its intro and received an ack.
- * circuits that are c_rend_joined are open, have heard from
- * the service, and are talking to it.
- */
-/** Client-side circuit purpose: Normal circuit, with cpath. */
-#define CIRCUIT_PURPOSE_C_GENERAL 5
-#define CIRCUIT_PURPOSE_C_HS_MIN_ 6
-/** Client-side circuit purpose: at the client, connecting to intro point. */
-#define CIRCUIT_PURPOSE_C_INTRODUCING 6
-/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point,
- * waiting for ACK/NAK. */
-#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
-/** Client-side circuit purpose: at the client, introduced and acked, closing.
- */
-#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
-/** Client-side circuit purpose: at the client, waiting for ack. */
-#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
-/** Client-side circuit purpose: at the client, waiting for the service. */
-#define CIRCUIT_PURPOSE_C_REND_READY 10
-/** Client-side circuit purpose: at the client, waiting for the service,
- * INTRODUCE has been acknowledged. */
-#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
-/** Client-side circuit purpose: at the client, rendezvous established. */
-#define CIRCUIT_PURPOSE_C_REND_JOINED 12
-/** This circuit is used for getting hsdirs */
-#define CIRCUIT_PURPOSE_C_HSDIR_GET 13
-#define CIRCUIT_PURPOSE_C_HS_MAX_ 13
-/** This circuit is used for build time measurement only */
-#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14
-#define CIRCUIT_PURPOSE_C_MAX_ 14
-
-#define CIRCUIT_PURPOSE_S_HS_MIN_ 15
-/** Hidden-service-side circuit purpose: at the service, waiting for
- * introductions. */
-#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15
-/** Hidden-service-side circuit purpose: at the service, successfully
- * established intro. */
-#define CIRCUIT_PURPOSE_S_INTRO 16
-/** Hidden-service-side circuit purpose: at the service, connecting to rend
- * point. */
-#define CIRCUIT_PURPOSE_S_CONNECT_REND 17
-/** Hidden-service-side circuit purpose: at the service, rendezvous
- * established. */
-#define CIRCUIT_PURPOSE_S_REND_JOINED 18
-/** This circuit is used for uploading hsdirs */
-#define CIRCUIT_PURPOSE_S_HSDIR_POST 19
-#define CIRCUIT_PURPOSE_S_HS_MAX_ 19
-
-/** A testing circuit; not meant to be used for actual traffic. */
-#define CIRCUIT_PURPOSE_TESTING 20
-/** A controller made this circuit and Tor should not use it. */
-#define CIRCUIT_PURPOSE_CONTROLLER 21
-/** This circuit is used for path bias probing only */
-#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22
-
-/** This circuit is used for vanguards/restricted paths.
- *
- * This type of circuit is *only* created preemptively and never
- * on-demand. When an HS operation needs to take place (e.g. connect to an
- * intro point), these circuits are then cannibalized and repurposed to the
- * actual needed HS purpose. */
-#define CIRCUIT_PURPOSE_HS_VANGUARDS 23
-
-#define CIRCUIT_PURPOSE_MAX_ 23
-/** A catch-all for unrecognized purposes. Currently we don't expect
- * to make or see any circuits with this purpose. */
-#define CIRCUIT_PURPOSE_UNKNOWN 255
-
-/** True iff the circuit purpose <b>p</b> is for a circuit that
- * originated at this node. */
-#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_)
-/** True iff the circuit purpose <b>p</b> is for a circuit that originated
- * here to serve as a client. (Hidden services don't count here.) */
-#define CIRCUIT_PURPOSE_IS_CLIENT(p) \
- ((p)> CIRCUIT_PURPOSE_OR_MAX_ && \
- (p)<=CIRCUIT_PURPOSE_C_MAX_)
-/** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */
-#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
-/** True iff the circuit purpose <b>p</b> is for an established rendezvous
- * circuit. */
-#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
- ((p) == CIRCUIT_PURPOSE_C_REND_JOINED || \
- (p) == CIRCUIT_PURPOSE_S_REND_JOINED)
-/** True iff the circuit_t c is actually an or_circuit_t */
-#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC)
-
-/** True iff this circuit purpose should count towards the global
- * pending rate limit (set by MaxClientCircuitsPending). We count all
- * general purpose circuits, as well as the first step of client onion
- * service connections (HSDir gets). */
-#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \
- ((p) == CIRCUIT_PURPOSE_C_GENERAL || \
- (p) == CIRCUIT_PURPOSE_C_HSDIR_GET)
-
/** How many circuits do we want simultaneously in-progress to handle
* a given stream? */
#define MIN_CIRCUITS_HANDLING_STREAM 2
@@ -704,13 +246,6 @@ typedef enum {
* connection_mark_unattached_ap(). */
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
-/** Reason for remapping an AP connection's address: we have a cached
- * answer. */
-#define REMAP_STREAM_SOURCE_CACHE 1
-/** Reason for remapping an AP connection's address: the exit node told us an
- * answer. */
-#define REMAP_STREAM_SOURCE_EXIT 2
-
/* 'type' values to use in RESOLVED cells. Specified in tor-spec.txt. */
#define RESOLVED_TYPE_HOSTNAME 0
#define RESOLVED_TYPE_IPV4 4
@@ -1034,131 +569,6 @@ typedef struct channel_s channel_t;
typedef struct channel_listener_s channel_listener_t;
-/* channel states for channel_t */
-
-typedef enum {
- /*
- * Closed state - channel is inactive
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_CLOSING
- * Permitted transitions to:
- * - CHANNEL_STATE_OPENING
- */
- CHANNEL_STATE_CLOSED = 0,
- /*
- * Opening state - channel is trying to connect
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_CLOSED
- * Permitted transitions to:
- * - CHANNEL_STATE_CLOSING
- * - CHANNEL_STATE_ERROR
- * - CHANNEL_STATE_OPEN
- */
- CHANNEL_STATE_OPENING,
- /*
- * Open state - channel is active and ready for use
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_MAINT
- * - CHANNEL_STATE_OPENING
- * Permitted transitions to:
- * - CHANNEL_STATE_CLOSING
- * - CHANNEL_STATE_ERROR
- * - CHANNEL_STATE_MAINT
- */
- CHANNEL_STATE_OPEN,
- /*
- * Maintenance state - channel is temporarily offline for subclass specific
- * maintenance activities such as TLS renegotiation.
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_OPEN
- * Permitted transitions to:
- * - CHANNEL_STATE_CLOSING
- * - CHANNEL_STATE_ERROR
- * - CHANNEL_STATE_OPEN
- */
- CHANNEL_STATE_MAINT,
- /*
- * Closing state - channel is shutting down
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_MAINT
- * - CHANNEL_STATE_OPEN
- * Permitted transitions to:
- * - CHANNEL_STATE_CLOSED,
- * - CHANNEL_STATE_ERROR
- */
- CHANNEL_STATE_CLOSING,
- /*
- * Error state - channel has experienced a permanent error
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_CLOSING
- * - CHANNEL_STATE_MAINT
- * - CHANNEL_STATE_OPENING
- * - CHANNEL_STATE_OPEN
- * Permitted transitions to:
- * - None
- */
- CHANNEL_STATE_ERROR,
- /*
- * Placeholder for maximum state value
- */
- CHANNEL_STATE_LAST
-} channel_state_t;
-
-/* channel listener states for channel_listener_t */
-
-typedef enum {
- /*
- * Closed state - channel listener is inactive
- *
- * Permitted transitions from:
- * - CHANNEL_LISTENER_STATE_CLOSING
- * Permitted transitions to:
- * - CHANNEL_LISTENER_STATE_LISTENING
- */
- CHANNEL_LISTENER_STATE_CLOSED = 0,
- /*
- * Listening state - channel listener is listening for incoming
- * connections
- *
- * Permitted transitions from:
- * - CHANNEL_LISTENER_STATE_CLOSED
- * Permitted transitions to:
- * - CHANNEL_LISTENER_STATE_CLOSING
- * - CHANNEL_LISTENER_STATE_ERROR
- */
- CHANNEL_LISTENER_STATE_LISTENING,
- /*
- * Closing state - channel listener is shutting down
- *
- * Permitted transitions from:
- * - CHANNEL_LISTENER_STATE_LISTENING
- * Permitted transitions to:
- * - CHANNEL_LISTENER_STATE_CLOSED,
- * - CHANNEL_LISTENER_STATE_ERROR
- */
- CHANNEL_LISTENER_STATE_CLOSING,
- /*
- * Error state - channel listener has experienced a permanent error
- *
- * Permitted transitions from:
- * - CHANNEL_STATE_CLOSING
- * - CHANNEL_STATE_LISTENING
- * Permitted transitions to:
- * - None
- */
- CHANNEL_LISTENER_STATE_ERROR,
- /*
- * Placeholder for maximum state value
- */
- CHANNEL_LISTENER_STATE_LAST
-} channel_listener_state_t;
-
/* TLS channel stuff */
typedef struct channel_tls_s channel_tls_t;
@@ -1173,13 +583,7 @@ typedef struct packed_cell_t packed_cell_t;
typedef struct cell_queue_t cell_queue_t;
typedef struct destroy_cell_t destroy_cell_t;
typedef struct destroy_cell_queue_t destroy_cell_queue_t;
-
-/** A parsed Extended ORPort message. */
-typedef struct ext_or_cmd_t {
- uint16_t cmd; /** Command type */
- uint16_t len; /** Body length */
- char body[FLEXIBLE_ARRAY_MEMBER]; /** Message body */
-} ext_or_cmd_t;
+typedef struct ext_or_cmd_t ext_or_cmd_t;
/** Beginning of a RELAY cell payload. */
typedef struct {
@@ -1194,16 +598,6 @@ typedef struct socks_request_t socks_request_t;
typedef struct entry_port_cfg_t entry_port_cfg_t;
typedef struct server_port_cfg_t server_port_cfg_t;
-/* Values for connection_t.magic: used to make sure that downcasts (casts from
-* connection_t to foo_connection_t) are safe. */
-#define BASE_CONNECTION_MAGIC 0x7C3C304Eu
-#define OR_CONNECTION_MAGIC 0x7D31FF03u
-#define EDGE_CONNECTION_MAGIC 0xF0374013u
-#define ENTRY_CONNECTION_MAGIC 0xbb4a5703
-#define DIR_CONNECTION_MAGIC 0x9988ffeeu
-#define CONTROL_CONNECTION_MAGIC 0x8abc765du
-#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u
-
/** Minimum length of the random part of an AUTH_CHALLENGE cell. */
#define OR_AUTH_CHALLENGE_LEN 32
@@ -1295,38 +689,7 @@ typedef struct or_connection_t or_connection_t;
/** Cast a entry_connection_t subtype pointer to a connection_t **/
#define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))
-/** What action type does an address policy indicate: accept or reject? */
-typedef enum {
- ADDR_POLICY_ACCEPT=1,
- ADDR_POLICY_REJECT=2,
-} addr_policy_action_t;
-#define addr_policy_action_bitfield_t ENUM_BF(addr_policy_action_t)
-
-/** A reference-counted address policy rule. */
-typedef struct addr_policy_t {
- int refcnt; /**< Reference count */
- /** What to do when the policy matches.*/
- addr_policy_action_bitfield_t policy_type:2;
- unsigned int is_private:1; /**< True iff this is the pseudo-address,
- * "private". */
- unsigned int is_canonical:1; /**< True iff this policy is the canonical
- * copy (stored in a hash table to avoid
- * duplication of common policies) */
- maskbits_t maskbits; /**< Accept/reject all addresses <b>a</b> such that the
- * first <b>maskbits</b> bits of <b>a</b> match
- * <b>addr</b>. */
- /** Base address to accept or reject.
- *
- * Note that wildcards are treated
- * differntly depending on address family. An AF_UNSPEC address means
- * "All addresses, IPv4 or IPv6." An AF_INET address with maskbits==0 means
- * "All IPv4 addresses" and an AF_INET6 address with maskbits == 0 means
- * "All IPv6 addresses".
- **/
- tor_addr_t addr;
- uint16_t prt_min; /**< Lowest port number to accept/reject. */
- uint16_t prt_max; /**< Highest port number to accept/reject. */
-} addr_policy_t;
+typedef struct addr_policy_t addr_policy_t;
typedef struct cached_dir_t cached_dir_t;
@@ -1437,25 +800,6 @@ typedef struct routerinfo_t routerinfo_t;
typedef struct extrainfo_t extrainfo_t;
typedef struct routerstatus_t routerstatus_t;
-/** A single entry in a parsed policy summary, describing a range of ports. */
-typedef struct short_policy_entry_t {
- uint16_t min_port, max_port;
-} short_policy_entry_t;
-
-/** A short_poliy_t is the parsed version of a policy summary. */
-typedef struct short_policy_t {
- /** True if the members of 'entries' are port ranges to accept; false if
- * they are port ranges to reject */
- unsigned int is_accept : 1;
- /** The actual number of values in 'entries'. */
- unsigned int n_entries : 31;
- /** An array of 0 or more short_policy_entry_t values, each describing a
- * range of ports that this policy accepts or rejects (depending on the
- * value of is_accept).
- */
- short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER];
-} short_policy_t;
-
typedef struct microdesc_t microdesc_t;
typedef struct node_t node_t;
typedef struct vote_microdesc_hash_t vote_microdesc_hash_t;
@@ -1464,13 +808,6 @@ typedef struct document_signature_t document_signature_t;
typedef struct networkstatus_voter_info_t networkstatus_voter_info_t;
typedef struct networkstatus_sr_info_t networkstatus_sr_info_t;
-/** Enumerates the possible seriousness values of a networkstatus document. */
-typedef enum {
- NS_TYPE_VOTE,
- NS_TYPE_CONSENSUS,
- NS_TYPE_OPINION,
-} networkstatus_type_t;
-
/** Enumerates recognized flavors of a consensus networkstatus document. All
* flavors of a consensus are generated from the same set of votes, but they
* present different types information to different versions of Tor. */
@@ -1484,13 +821,6 @@ typedef enum {
typedef struct networkstatus_t networkstatus_t;
typedef struct ns_detached_signatures_t ns_detached_signatures_t;
-
-/** Allowable types of desc_store_t. */
-typedef enum store_type_t {
- ROUTER_STORE = 0,
- EXTRAINFO_STORE = 1
-} store_type_t;
-
typedef struct desc_store_t desc_store_t;
typedef struct routerlist_t routerlist_t;
typedef struct extend_info_t extend_info_t;
@@ -1519,42 +849,20 @@ typedef enum {
#define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))
-#define CRYPT_PATH_MAGIC 0x70127012u
-
-struct fast_handshake_state_t;
-struct ntor_handshake_state_t;
#define ONION_HANDSHAKE_TYPE_TAP 0x0000
#define ONION_HANDSHAKE_TYPE_FAST 0x0001
#define ONION_HANDSHAKE_TYPE_NTOR 0x0002
#define MAX_ONION_HANDSHAKE_TYPE 0x0002
-typedef struct {
- uint16_t tag;
- union {
- struct fast_handshake_state_t *fast;
- crypto_dh_t *tap;
- struct ntor_handshake_state_t *ntor;
- } u;
-} onion_handshake_state_t;
+typedef struct onion_handshake_state_t onion_handshake_state_t;
typedef struct relay_crypto_t relay_crypto_t;
typedef struct crypt_path_t crypt_path_t;
typedef struct crypt_path_reference_t crypt_path_reference_t;
#define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
-#define DH_KEY_LEN DH_BYTES
-
typedef struct cpath_build_state_t cpath_build_state_t;
-/** "magic" value for an origin_circuit_t */
-#define ORIGIN_CIRCUIT_MAGIC 0x35315243u
-/** "magic" value for an or_circuit_t */
-#define OR_CIRCUIT_MAGIC 0x98ABC04Fu
-/** "magic" value for a circuit that would have been freed by circuit_free,
- * but which we're keeping around until a cpuworker reply arrives. See
- * circuit_free() for more documentation. */
-#define DEAD_CIRCUIT_MAGIC 0xdeadc14c
-
struct create_cell_t;
/** Entry in the cell stats list of a circuit; used only if CELL_STATS
@@ -1578,61 +886,7 @@ typedef struct or_circuit_t or_circuit_t;
* circuit. */
#define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8
-/**
- * Describes the circuit building process in simplified terms based
- * on the path bias accounting state for a circuit.
- *
- * NOTE: These state values are enumerated in the order for which we
- * expect circuits to transition through them. If you add states,
- * you need to preserve this overall ordering. The various pathbias
- * state transition and accounting functions (pathbias_mark_* and
- * pathbias_count_*) contain ordinal comparisons to enforce proper
- * state transitions for corrections.
- *
- * This state machine and the associated logic was created to prevent
- * miscounting due to unknown cases of circuit reuse. See also tickets
- * #6475 and #7802.
- */
-typedef enum {
- /** This circuit is "new". It has not yet completed a first hop
- * or been counted by the path bias code. */
- PATH_STATE_NEW_CIRC = 0,
- /** This circuit has completed one/two hops, and has been counted by
- * the path bias logic. */
- PATH_STATE_BUILD_ATTEMPTED = 1,
- /** This circuit has been completely built */
- PATH_STATE_BUILD_SUCCEEDED = 2,
- /** Did we try to attach any SOCKS streams or hidserv introductions to
- * this circuit?
- *
- * Note: If we ever implement end-to-end stream timing through test
- * stream probes (#5707), we must *not* set this for those probes
- * (or any other automatic streams) because the adversary could
- * just tag at a later point.
- */
- PATH_STATE_USE_ATTEMPTED = 3,
- /** Did any SOCKS streams or hidserv introductions actually succeed on
- * this circuit?
- *
- * If any streams detatch/fail from this circuit, the code transitions
- * the circuit back to PATH_STATE_USE_ATTEMPTED to ensure we probe. See
- * pathbias_mark_use_rollback() for that.
- */
- PATH_STATE_USE_SUCCEEDED = 4,
-
- /**
- * This is a special state to indicate that we got a corrupted
- * relay cell on a circuit and we don't intend to probe it.
- */
- PATH_STATE_USE_FAILED = 5,
-
- /**
- * This is a special state to indicate that we already counted
- * the circuit. Used to guard against potential state machine
- * violations.
- */
- PATH_STATE_ALREADY_COUNTED = 6,
-} path_state_t;
+typedef enum path_state_t path_state_t;
#define path_state_bitfield_t ENUM_BF(path_state_t)
#if REND_COOKIE_LEN != DIGEST_LEN
@@ -1643,10 +897,6 @@ typedef enum {
/** Convert a circuit subtype to a circuit_t. */
#define TO_CIRCUIT(x) (&((x)->base_))
-/* limits for TCP send and recv buffer size used for constrained sockets */
-#define MIN_CONSTRAINED_TCP_BUFFER 2048
-#define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */
-
/** @name Isolation flags
Ways to isolate client streams
@@ -1690,1152 +940,13 @@ typedef struct routerset_t routerset_t;
* to pick its own port. */
#define CFG_AUTO_PORT 0xc4005e
-/** Enumeration of outbound address configuration types:
- * Exit-only, OR-only, or both */
-typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR,
- OUTBOUND_ADDR_EXIT_AND_OR,
- OUTBOUND_ADDR_MAX} outbound_addr_t;
-
-/** Configuration options for a Tor process. */
-typedef struct {
- uint32_t magic_;
-
- /** What should the tor process actually do? */
- enum {
- CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD,
- CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG,
- CMD_KEYGEN,
- CMD_KEY_EXPIRATION,
- } command;
- char *command_arg; /**< Argument for command-line option. */
-
- config_line_t *Logs; /**< New-style list of configuration lines
- * for logs */
- int LogTimeGranularity; /**< Log resolution in milliseconds. */
-
- int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which
- * each log message occurs? */
- int TruncateLogFile; /**< Boolean: Should we truncate the log file
- before we start writing? */
- char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
- char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */
-
- char *DebugLogFile; /**< Where to send verbose log messages. */
- char *DataDirectory_option; /**< Where to store long-term data, as
- * configured by the user. */
- char *DataDirectory; /**< Where to store long-term data, as modified. */
- int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
-
- char *KeyDirectory_option; /**< Where to store keys, as
- * configured by the user. */
- char *KeyDirectory; /**< Where to store keys data, as modified. */
- int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
-
- char *CacheDirectory_option; /**< Where to store cached data, as
- * configured by the user. */
- char *CacheDirectory; /**< Where to store cached data, as modified. */
- int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
-
- char *Nickname; /**< OR only: nickname of this onion router. */
- char *Address; /**< OR only: configured address for this onion router. */
- char *PidFile; /**< Where to store PID of Tor process. */
-
- routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
- * country codes and IP address patterns of ORs to
- * consider as exits. */
- routerset_t *EntryNodes;/**< Structure containing nicknames, digests,
- * country codes and IP address patterns of ORs to
- * consider as entry points. */
- int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes
- * are up, or we need to access a node in ExcludeNodes,
- * do we just fail instead? */
- routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests,
- * country codes and IP address patterns of ORs
- * not to use in circuits. But see StrictNodes
- * above. */
- routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests,
- * country codes and IP address patterns of
- * ORs not to consider as exits. */
-
- /** Union of ExcludeNodes and ExcludeExitNodes */
- routerset_t *ExcludeExitNodesUnion_;
-
- int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our
- * process for all current and future memory. */
-
- config_line_t *ExitPolicy; /**< Lists of exit policy components. */
- int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private
- * addresses, and our own published addresses?
- */
- int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local
- * interface addresses?
- * Includes OutboundBindAddresses and
- * configured ports. */
- int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
- config_line_t *SocksPolicy; /**< Lists of socks policy components */
- config_line_t *DirPolicy; /**< Lists of dir policy components */
- /** Local address to bind outbound sockets */
- config_line_t *OutboundBindAddress;
- /** Local address to bind outbound relay sockets */
- config_line_t *OutboundBindAddressOR;
- /** Local address to bind outbound exit sockets */
- config_line_t *OutboundBindAddressExit;
- /** Addresses derived from the various OutboundBindAddress lines.
- * [][0] is IPv4, [][1] is IPv6
- */
- tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2];
- /** Directory server only: which versions of
- * Tor should we tell users to run? */
- config_line_t *RecommendedVersions;
- config_line_t *RecommendedClientVersions;
- config_line_t *RecommendedServerVersions;
- config_line_t *RecommendedPackages;
- /** Whether dirservers allow router descriptors with private IPs. */
- int DirAllowPrivateAddresses;
- /** Whether routers accept EXTEND cells to routers with private IPs. */
- int ExtendAllowPrivateAddresses;
- char *User; /**< Name of user to run Tor as. */
- config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */
- /** Ports to listen on for extended OR connections. */
- config_line_t *ExtORPort_lines;
- /** Ports to listen on for SOCKS connections. */
- config_line_t *SocksPort_lines;
- /** Ports to listen on for transparent pf/netfilter connections. */
- config_line_t *TransPort_lines;
- char *TransProxyType; /**< What kind of transparent proxy
- * implementation are we using? */
- /** Parsed value of TransProxyType. */
- enum {
- TPT_DEFAULT,
- TPT_PF_DIVERT,
- TPT_IPFW,
- TPT_TPROXY,
- } TransProxyType_parsed;
- config_line_t *NATDPort_lines; /**< Ports to listen on for transparent natd
- * connections. */
- /** Ports to listen on for HTTP Tunnel connections. */
- config_line_t *HTTPTunnelPort_lines;
- config_line_t *ControlPort_lines; /**< Ports to listen on for control
- * connections. */
- config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on
- * for control connections. */
-
- int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
- int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */
- /** Ports to listen on for directory connections. */
- config_line_t *DirPort_lines;
- config_line_t *DNSPort_lines; /**< Ports to listen on for DNS requests. */
-
- /* MaxMemInQueues value as input by the user. We clean this up to be
- * MaxMemInQueues. */
- uint64_t MaxMemInQueues_raw;
- uint64_t MaxMemInQueues;/**< If we have more memory than this allocated
- * for queues and buffers, run the OOM handler */
- /** Above this value, consider ourselves low on RAM. */
- uint64_t MaxMemInQueues_low_threshold;
-
- /** @name port booleans
- *
- * Derived booleans: For server ports and ControlPort, true iff there is a
- * non-listener port on an AF_INET or AF_INET6 address of the given type
- * configured in one of the _lines options above.
- * For client ports, also true if there is a unix socket configured.
- * If you are checking for client ports, you may want to use:
- * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
- * HTTPTunnelPort_set
- * rather than SocksPort_set.
- *
- * @{
- */
- unsigned int ORPort_set : 1;
- unsigned int SocksPort_set : 1;
- unsigned int TransPort_set : 1;
- unsigned int NATDPort_set : 1;
- unsigned int ControlPort_set : 1;
- unsigned int DirPort_set : 1;
- unsigned int DNSPort_set : 1;
- unsigned int ExtORPort_set : 1;
- unsigned int HTTPTunnelPort_set : 1;
- /**@}*/
-
- int AssumeReachable; /**< Whether to publish our descriptor regardless. */
- int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
- int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
- * for version 3 directories? */
- int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
- * directory that's willing to recommend
- * versions? */
- int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory
- * that aggregates bridge descriptors? */
-
- /** If set on a bridge relay, it will include this value on a new
- * "bridge-distribution-request" line in its bridge descriptor. */
- char *BridgeDistribution;
-
- /** If set on a bridge authority, it will answer requests on its dirport
- * for bridge statuses -- but only if the requests use this password. */
- char *BridgePassword;
- /** If BridgePassword is set, this is a SHA256 digest of the basic http
- * authenticator for it. Used so we can do a time-independent comparison. */
- char *BridgePassword_AuthDigest_;
-
- int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
- config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
-
- config_line_t *ClientTransportPlugin; /**< List of client
- transport plugins. */
-
- config_line_t *ServerTransportPlugin; /**< List of client
- transport plugins. */
-
- /** List of TCP/IP addresses that transports should listen at. */
- config_line_t *ServerTransportListenAddr;
-
- /** List of options that must be passed to pluggable transports. */
- config_line_t *ServerTransportOptions;
-
- int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make
- * this explicit so we can change how we behave in the
- * future. */
-
- /** Boolean: if we know the bridge's digest, should we get new
- * descriptors from the bridge authorities or from the bridge itself? */
- int UpdateBridgesFromAuthority;
-
- int AvoidDiskWrites; /**< Boolean: should we never cache things to disk?
- * Not used yet. */
- int ClientOnly; /**< Boolean: should we never evolve into a server role? */
-
- int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections
- open shorter and pad them less against
- connection-level traffic analysis? */
- /** Autobool: if auto, then connection padding will be negotiated by client
- * and server. If 0, it will be fully disabled. If 1, the client will still
- * pad to the server regardless of server support. */
- int ConnectionPadding;
-
- /** To what authority types do we publish our descriptor? Choices are
- * "v1", "v2", "v3", "bridge", or "". */
- smartlist_t *PublishServerDescriptor;
- /** A bitfield of authority types, derived from PublishServerDescriptor. */
- dirinfo_type_t PublishServerDescriptor_;
- /** Boolean: do we publish hidden service descriptors to the HS auths? */
- int PublishHidServDescriptors;
- int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */
- int FetchHidServDescriptors; /**< and hidden service descriptors? */
-
- int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden
- * service directories after what time? */
-
- int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */
- int AllDirActionsPrivate; /**< Should every directory action be sent
- * through a Tor circuit? */
-
- /** Run in 'tor2web mode'? (I.e. only make client connections to hidden
- * services, and use a single hop for all hidden-service-related
- * circuits.) */
- int Tor2webMode;
-
- /** A routerset that should be used when picking RPs for HS circuits. */
- routerset_t *Tor2webRendezvousPoints;
-
- /** A routerset that should be used when picking middle nodes for HS
- * circuits. */
- routerset_t *HSLayer2Nodes;
-
- /** A routerset that should be used when picking third-hop nodes for HS
- * circuits. */
- routerset_t *HSLayer3Nodes;
-
- /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
- * circuits between the onion service server, and the introduction and
- * rendezvous points. (Onion service descriptors are still posted using
- * 3-hop paths, to avoid onion service directories blocking the service.)
- * This option makes every hidden service instance hosted by
- * this tor instance a Single Onion Service.
- * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
- * set to 1.
- * Use rend_service_allow_non_anonymous_connection() or
- * rend_service_reveal_startup_time() instead of using this option directly.
- */
- int HiddenServiceSingleHopMode;
- /* Makes hidden service clients and servers non-anonymous on this tor
- * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
- * non-anonymous behaviour in the hidden service protocol.
- * Use rend_service_non_anonymous_mode_enabled() instead of using this option
- * directly.
- */
- int HiddenServiceNonAnonymousMode;
-
- int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
- int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */
- int ConnLimit_high_thresh; /**< start trying to lower socket usage if we
- * have this many. */
- int ConnLimit_low_thresh; /**< try to get down to here after socket
- * exhaustion. */
- int RunAsDaemon; /**< If true, run in the background. (Unix only) */
- int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
- smartlist_t *FirewallPorts; /**< Which ports our firewall allows
- * (strings). */
- config_line_t *ReachableAddresses; /**< IP:ports our firewall allows. */
- config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */
- config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */
-
- int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */
- uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */
-
- /** Whether we should drop exit streams from Tors that we don't know are
- * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
- * what the consensus says, defaulting to 'refuse' if the consensus says
- * nothing). */
- int RefuseUnknownExits;
-
- /** Application ports that require all nodes in circ to have sufficient
- * uptime. */
- smartlist_t *LongLivedPorts;
- /** Application ports that are likely to be unencrypted and
- * unauthenticated; we reject requests for them to prevent the
- * user from screwing up and leaking plaintext secrets to an
- * observer somewhere on the Internet. */
- smartlist_t *RejectPlaintextPorts;
- /** Related to RejectPlaintextPorts above, except this config option
- * controls whether we warn (in the log and via a controller status
- * event) every time a risky connection is attempted. */
- smartlist_t *WarnPlaintextPorts;
- /** Should we try to reuse the same exit node for a given host */
- smartlist_t *TrackHostExits;
- int TrackHostExitsExpire; /**< Number of seconds until we expire an
- * addressmap */
- config_line_t *AddressMap; /**< List of address map directives. */
- int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a
- * hostname ending with one of the suffixes in
- * <b>AutomapHostsSuffixes</b>, map it to a
- * virtual address. */
- /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
- * "." means "match everything." */
- smartlist_t *AutomapHostsSuffixes;
- int RendPostPeriod; /**< How often do we post each rendezvous service
- * descriptor? Remember to publish them independently. */
- int KeepalivePeriod; /**< How often do we send padding cells to keep
- * connections alive? */
- int SocksTimeout; /**< How long do we let a socks connection wait
- * unattached before we fail it? */
- int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value
- * for CircuitBuildTimeout based on timeout
- * history. Use circuit_build_times_disabled()
- * rather than checking this value directly. */
- int CircuitBuildTimeout; /**< Cull non-open circuits that were born at
- * least this many seconds ago. Used until
- * adaptive algorithm learns a new value. */
- int CircuitsAvailableTimeout; /**< Try to have an open circuit for at
- least this long after last activity */
- int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits
- * and try a new circuit if the stream has been
- * waiting for this many seconds. If zero, use
- * our default internal timeout schedule. */
- int MaxOnionQueueDelay; /*< DOCDOC */
- int NewCircuitPeriod; /**< How long do we use a circuit before building
- * a new one? */
- int MaxCircuitDirtiness; /**< Never use circs that were first used more than
- this interval ago. */
- uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing
- * to use in a second? */
- uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing
- * to use in a second? */
- uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to
- * tell other nodes we have? */
- uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we
- * willing to use for all relayed conns? */
- uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we
- * use in a second for all relayed conns? */
- uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */
- uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */
- int NumCPUs; /**< How many CPUs should we try to use? */
- config_line_t *RendConfigLines; /**< List of configuration lines
- * for rendezvous services. */
- config_line_t *HidServAuth; /**< List of configuration lines for client-side
- * authorizations for hidden services */
- char *ContactInfo; /**< Contact info to be published in the directory. */
-
- int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds
- * have passed. */
- int MainloopStats; /**< Log main loop statistics as part of the
- * heartbeat messages. */
-
- char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */
- tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */
- uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */
- char *HTTPProxyAuthenticator; /**< username:password string, if any. */
-
- char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */
- tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */
- uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */
- char *HTTPSProxyAuthenticator; /**< username:password string, if any. */
-
- char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */
- tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */
- uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */
-
- char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */
- tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */
- uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */
- char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */
- char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */
-
- /** List of configuration lines for replacement directory authorities.
- * If you just want to replace one class of authority at a time,
- * use the "Alternate*Authority" options below instead. */
- config_line_t *DirAuthorities;
-
- /** List of fallback directory servers */
- config_line_t *FallbackDir;
- /** Whether to use the default hard-coded FallbackDirs */
- int UseDefaultFallbackDirs;
-
- /** Weight to apply to all directory authority rates if considering them
- * along with fallbackdirs */
- double DirAuthorityFallbackRate;
-
- /** If set, use these main (currently v3) directory authorities and
- * not the default ones. */
- config_line_t *AlternateDirAuthority;
-
- /** If set, use these bridge authorities and not the default one. */
- config_line_t *AlternateBridgeAuthority;
-
- config_line_t *MyFamily_lines; /**< Declared family for this OR. */
- config_line_t *MyFamily; /**< Declared family for this OR, normalized */
- config_line_t *NodeFamilies; /**< List of config lines for
- * node families */
- smartlist_t *NodeFamilySets; /**< List of parsed NodeFamilies values. */
- config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
- * mark as bad exits. */
- config_line_t *AuthDirReject; /**< Address policy for descriptors to
- * reject. */
- config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
- * never mark as valid. */
- /** @name AuthDir...CC
- *
- * Lists of country codes to mark as BadExit, or Invalid, or to
- * reject entirely.
- *
- * @{
- */
- smartlist_t *AuthDirBadExitCCs;
- smartlist_t *AuthDirInvalidCCs;
- smartlist_t *AuthDirRejectCCs;
- /**@}*/
-
- int AuthDirListBadExits; /**< True iff we should list bad exits,
- * and vote for all other exits as good. */
- int AuthDirMaxServersPerAddr; /**< Do not permit more than this
- * number of servers per IP address. */
- int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
- int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
-
- /** If non-zero, always vote the Fast flag for any relay advertising
- * this amount of capacity or more. */
- uint64_t AuthDirFastGuarantee;
-
- /** If non-zero, this advertised capacity or more is always sufficient
- * to satisfy the bandwidth requirement for the Guard flag. */
- uint64_t AuthDirGuardBWGuarantee;
-
- char *AccountingStart; /**< How long is the accounting interval, and when
- * does it start? */
- uint64_t AccountingMax; /**< How many bytes do we allow per accounting
- * interval before hibernation? 0 for "never
- * hibernate." */
- /** How do we determine when our AccountingMax has been reached?
- * "max" for when in or out reaches AccountingMax
- * "sum" for when in plus out reaches AccountingMax
- * "in" for when in reaches AccountingMax
- * "out" for when out reaches AccountingMax */
- char *AccountingRule_option;
- enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;
-
- /** Base64-encoded hash of accepted passwords for the control system. */
- config_line_t *HashedControlPassword;
- /** As HashedControlPassword, but not saved. */
- config_line_t *HashedControlSessionPassword;
-
- int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
- * the control system? */
- char *CookieAuthFile; /**< Filesystem location of a ControlPort
- * authentication cookie. */
- char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
- * ORPort authentication cookie. */
- int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
- int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
- * ExtORPortCookieAuthFile g+r? */
- int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
- * circuits itself (0), or does it expect a controller
- * to cope? (1) */
- int DisablePredictedCircuits; /**< Boolean: does Tor preemptively
- * make circuits in the background (0),
- * or not (1)? */
-
- /** Process specifier for a controller that ‘owns’ this Tor
- * instance. Tor will terminate if its owning controller does. */
- char *OwningControllerProcess;
- /** FD specifier for a controller that owns this Tor instance. */
- int OwningControllerFD;
-
- int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how
- * long do we wait before exiting? */
- char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
-
- /* Derived from SafeLogging */
- enum {
- SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
- } SafeLogging_;
-
- int Sandbox; /**< Boolean: should sandboxing be enabled? */
- int SafeSocks; /**< Boolean: should we outright refuse application
- * connections that use socks4 or socks5-with-local-dns? */
- int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
- * protocol, is it a warn or an info in our logs? */
- int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
- * log whether it was DNS-leaking or not? */
- int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware
- * acceleration where available? */
- /** Token Bucket Refill resolution in milliseconds. */
- int TokenBucketRefillInterval;
- char *AccelName; /**< Optional hardware acceleration engine name. */
- char *AccelDir; /**< Optional hardware acceleration engine search dir. */
-
- /** Boolean: Do we try to enter from a smallish number
- * of fixed nodes? */
- int UseEntryGuards_option;
- /** Internal variable to remember whether we're actually acting on
- * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or
- * Single Onion Service, it is always false, otherwise we use the value of
- * UseEntryGuards_option. */
- int UseEntryGuards;
-
- int NumEntryGuards; /**< How many entry guards do we try to establish? */
-
- /** If 1, we use any guardfraction information we see in the
- * consensus. If 0, we don't. If -1, let the consensus parameter
- * decide. */
- int UseGuardFraction;
-
- int NumDirectoryGuards; /**< How many dir guards do we try to establish?
- * If 0, use value from NumEntryGuards. */
- int NumPrimaryGuards; /**< How many primary guards do we want? */
-
- int RephistTrackTime; /**< How many seconds do we keep rephist info? */
- /** Should we always fetch our dir info on the mirror schedule (which
- * means directly from the authorities) no matter our other config? */
- int FetchDirInfoEarly;
-
- /** Should we fetch our dir info at the start of the consensus period? */
- int FetchDirInfoExtraEarly;
-
- int DirCache; /**< Cache all directory documents and accept requests via
- * tunnelled dir conns from clients. If 1, enabled (default);
- * If 0, disabled. */
-
- char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual
- * MAPADDRESS requests for IPv4 addresses */
- char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual
- * MAPADDRESS requests for IPv6 addresses */
- int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit
- * addresses to be FQDNs, but rather search for them in
- * the local domains. */
- int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
- * hijacking. */
- int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent
- * DNS poisoning attacks. */
- char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
- * resolver from the file here rather than from
- * /etc/resolv.conf (Unix) or the registry (Windows). */
- char *DirPortFrontPage; /**< This is a full path to a file with an html
- disclaimer. This allows a server administrator to show
- that they're running Tor and anyone visiting their server
- will know this without any specialized knowledge. */
- int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to
- disable ptrace; needs BSD testing. */
- /** Boolean: if set, we start even if our resolv.conf file is missing
- * or broken. */
- int ServerDNSAllowBrokenConfig;
- /** Boolean: if set, then even connections to private addresses will get
- * rate-limited. */
- int CountPrivateBandwidth;
- smartlist_t *ServerDNSTestAddresses; /**< A list of addresses that definitely
- * should be resolvable. Used for
- * testing our DNS server. */
- int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
- * same network zone in the same circuit. */
- int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
- * with weird characters. */
- /** If true, we try resolving hostnames with weird characters. */
- int ServerDNSAllowNonRFC953Hostnames;
-
- /** If true, we try to download extra-info documents (and we serve them,
- * if we are a cache). For authorities, this is always true. */
- int DownloadExtraInfo;
-
- /** If true, we're configured to collect statistics on clients
- * requesting network statuses from us as directory. */
- int DirReqStatistics_option;
- /** Internal variable to remember whether we're actually acting on
- * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
- int DirReqStatistics;
-
- /** If true, the user wants us to collect statistics on port usage. */
- int ExitPortStatistics;
-
- /** If true, the user wants us to collect connection statistics. */
- int ConnDirectionStatistics;
-
- /** If true, the user wants us to collect cell statistics. */
- int CellStatistics;
-
- /** If true, the user wants us to collect padding statistics. */
- int PaddingStatistics;
-
- /** If true, the user wants us to collect statistics as entry node. */
- int EntryStatistics;
-
- /** If true, the user wants us to collect statistics as hidden service
- * directory, introduction point, or rendezvous point. */
- int HiddenServiceStatistics_option;
- /** Internal variable to remember whether we're actually acting on
- * HiddenServiceStatistics_option -- yes if it's set and we're a server,
- * else no. */
- int HiddenServiceStatistics;
-
- /** If true, include statistics file contents in extra-info documents. */
- int ExtraInfoStatistics;
-
- /** If true, do not believe anybody who tells us that a domain resolves
- * to an internal address, or that an internal address has a PTR mapping.
- * Helps avoid some cross-site attacks. */
- int ClientDNSRejectInternalAddresses;
-
- /** If true, do not accept any requests to connect to internal addresses
- * over randomly chosen exits. */
- int ClientRejectInternalAddresses;
-
- /** If true, clients may connect over IPv4. If false, they will avoid
- * connecting over IPv4. We enforce this for OR and Dir connections. */
- int ClientUseIPv4;
- /** If true, clients may connect over IPv6. If false, they will avoid
- * connecting over IPv4. We enforce this for OR and Dir connections.
- * Use fascist_firewall_use_ipv6() instead of accessing this value
- * directly. */
- int ClientUseIPv6;
- /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
- * connections. If auto, bridge clients prefer IPv6, and other clients
- * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
- * directly. */
- int ClientPreferIPv6ORPort;
- /** If true, prefer an IPv6 directory port over an IPv4 one for direct
- * directory connections. If auto, bridge clients prefer IPv6, and other
- * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of
- * accessing this value directly. */
- int ClientPreferIPv6DirPort;
-
- /** The length of time that we think a consensus should be fresh. */
- int V3AuthVotingInterval;
- /** The length of time we think it will take to distribute votes. */
- int V3AuthVoteDelay;
- /** The length of time we think it will take to distribute signatures. */
- int V3AuthDistDelay;
- /** The number of intervals we think a consensus should be valid. */
- int V3AuthNIntervalsValid;
-
- /** Should advertise and sign consensuses with a legacy key, for key
- * migration purposes? */
- int V3AuthUseLegacyKey;
-
- /** Location of bandwidth measurement file */
- char *V3BandwidthsFile;
-
- /** Location of guardfraction file */
- char *GuardfractionFile;
-
- /** Authority only: key=value pairs that we add to our networkstatus
- * consensus vote on the 'params' line. */
- char *ConsensusParams;
-
- /** Authority only: minimum number of measured bandwidths we must see
- * before we only believe measured bandwidths to assign flags. */
- int MinMeasuredBWsForAuthToIgnoreAdvertised;
-
- /** The length of time that we think an initial consensus should be fresh.
- * Only altered on testing networks. */
- int TestingV3AuthInitialVotingInterval;
-
- /** The length of time we think it will take to distribute initial votes.
- * Only altered on testing networks. */
- int TestingV3AuthInitialVoteDelay;
-
- /** The length of time we think it will take to distribute initial
- * signatures. Only altered on testing networks.*/
- int TestingV3AuthInitialDistDelay;
-
- /** Offset in seconds added to the starting time for consensus
- voting. Only altered on testing networks. */
- int TestingV3AuthVotingStartOffset;
-
- /** If an authority has been around for less than this amount of time, it
- * does not believe its reachability information is accurate. Only
- * altered on testing networks. */
- int TestingAuthDirTimeToLearnReachability;
-
- /** Clients don't download any descriptor this recent, since it will
- * probably not have propagated to enough caches. Only altered on testing
- * networks. */
- int TestingEstimatedDescriptorPropagationTime;
-
- /** Schedule for when servers should download things in general. Only
- * altered on testing networks. */
- int TestingServerDownloadInitialDelay;
-
- /** Schedule for when clients should download things in general. Only
- * altered on testing networks. */
- int TestingClientDownloadInitialDelay;
-
- /** Schedule for when servers should download consensuses. Only altered
- * on testing networks. */
- int TestingServerConsensusDownloadInitialDelay;
-
- /** Schedule for when clients should download consensuses. Only altered
- * on testing networks. */
- int TestingClientConsensusDownloadInitialDelay;
-
- /** Schedule for when clients should download consensuses from authorities
- * if they are bootstrapping (that is, they don't have a usable, reasonably
- * live consensus). Only used by clients fetching from a list of fallback
- * directory mirrors.
- *
- * This schedule is incremented by (potentially concurrent) connection
- * attempts, unlike other schedules, which are incremented by connection
- * failures. Only altered on testing networks. */
- int ClientBootstrapConsensusAuthorityDownloadInitialDelay;
-
- /** Schedule for when clients should download consensuses from fallback
- * directory mirrors if they are bootstrapping (that is, they don't have a
- * usable, reasonably live consensus). Only used by clients fetching from a
- * list of fallback directory mirrors.
- *
- * This schedule is incremented by (potentially concurrent) connection
- * attempts, unlike other schedules, which are incremented by connection
- * failures. Only altered on testing networks. */
- int ClientBootstrapConsensusFallbackDownloadInitialDelay;
-
- /** Schedule for when clients should download consensuses from authorities
- * if they are bootstrapping (that is, they don't have a usable, reasonably
- * live consensus). Only used by clients which don't have or won't fetch
- * from a list of fallback directory mirrors.
- *
- * This schedule is incremented by (potentially concurrent) connection
- * attempts, unlike other schedules, which are incremented by connection
- * failures. Only altered on testing networks. */
- int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay;
-
- /** Schedule for when clients should download bridge descriptors. Only
- * altered on testing networks. */
- int TestingBridgeDownloadInitialDelay;
-
- /** Schedule for when clients should download bridge descriptors when they
- * have no running bridges. Only altered on testing networks. */
- int TestingBridgeBootstrapDownloadInitialDelay;
-
- /** When directory clients have only a few descriptors to request, they
- * batch them until they have more, or until this amount of time has
- * passed. Only altered on testing networks. */
- int TestingClientMaxIntervalWithoutRequest;
-
- /** How long do we let a directory connection stall before expiring
- * it? Only altered on testing networks. */
- int TestingDirConnectionMaxStall;
-
- /** How many simultaneous in-progress connections will we make when trying
- * to fetch a consensus before we wait for one to complete, timeout, or
- * error out? Only altered on testing networks. */
- int ClientBootstrapConsensusMaxInProgressTries;
-
- /** If true, we take part in a testing network. Change the defaults of a
- * couple of other configuration options and allow to change the values
- * of certain configuration options. */
- int TestingTorNetwork;
-
- /** Minimum value for the Exit flag threshold on testing networks. */
- uint64_t TestingMinExitFlagThreshold;
-
- /** Minimum value for the Fast flag threshold on testing networks. */
- uint64_t TestingMinFastFlagThreshold;
-
- /** Relays in a testing network which should be voted Exit
- * regardless of exit policy. */
- routerset_t *TestingDirAuthVoteExit;
- int TestingDirAuthVoteExitIsStrict;
-
- /** Relays in a testing network which should be voted Guard
- * regardless of uptime and bandwidth. */
- routerset_t *TestingDirAuthVoteGuard;
- int TestingDirAuthVoteGuardIsStrict;
-
- /** Relays in a testing network which should be voted HSDir
- * regardless of uptime and DirPort. */
- routerset_t *TestingDirAuthVoteHSDir;
- int TestingDirAuthVoteHSDirIsStrict;
-
- /** Enable CONN_BW events. Only altered on testing networks. */
- int TestingEnableConnBwEvent;
-
- /** Enable CELL_STATS events. Only altered on testing networks. */
- int TestingEnableCellStatsEvent;
-
- /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
- * count of how many client addresses have contacted us so that we can help
- * the bridge authority guess which countries have blocked access to us. */
- int BridgeRecordUsageByCountry;
-
- /** Optionally, IPv4 and IPv6 GeoIP data. */
- char *GeoIPFile;
- char *GeoIPv6File;
-
- /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
- * country code will exclude all nodes in ?? and A1. If true, all nodes in
- * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
- int GeoIPExcludeUnknown;
-
- /** If true, SIGHUP should reload the torrc. Sometimes controllers want
- * to make this false. */
- int ReloadTorrcOnSIGHUP;
-
- /* The main parameter for picking circuits within a connection.
- *
- * If this value is positive, when picking a cell to relay on a connection,
- * we always relay from the circuit whose weighted cell count is lowest.
- * Cells are weighted exponentially such that if one cell is sent
- * 'CircuitPriorityHalflife' seconds before another, it counts for half as
- * much.
- *
- * If this value is zero, we're disabling the cell-EWMA algorithm.
- *
- * If this value is negative, we're using the default approach
- * according to either Tor or a parameter set in the consensus.
- */
- double CircuitPriorityHalflife;
-
- /** Set to true if the TestingTorNetwork configuration option is set.
- * This is used so that options_validate() has a chance to realize that
- * the defaults have changed. */
- int UsingTestNetworkDefaults_;
-
- /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
- * If -1, Tor decides. */
- int UseMicrodescriptors;
-
- /** File where we should write the ControlPort. */
- char *ControlPortWriteToFile;
- /** Should that file be group-readable? */
- int ControlPortFileGroupReadable;
-
-#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
- /** Maximum number of non-open general-purpose origin circuits to allow at
- * once. */
- int MaxClientCircuitsPending;
-
- /** If 1, we always send optimistic data when it's supported. If 0, we
- * never use it. If -1, we do what the consensus says. */
- int OptimisticData;
-
- /** If 1, we accept and launch no external network connections, except on
- * control ports. */
- int DisableNetwork;
-
- /**
- * Parameters for path-bias detection.
- * @{
- * These options override the default behavior of Tor's (**currently
- * experimental**) path bias detection algorithm. To try to find broken or
- * misbehaving guard nodes, Tor looks for nodes where more than a certain
- * fraction of circuits through that guard fail to get built.
- *
- * The PathBiasCircThreshold option controls how many circuits we need to
- * build through a guard before we make these checks. The
- * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
- * control what fraction of circuits must succeed through a guard so we
- * won't write log messages. If less than PathBiasExtremeRate circuits
- * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
- * guard.
- *
- * When we have seen more than PathBiasScaleThreshold circuits through a
- * guard, we scale our observations by 0.5 (governed by the consensus) so
- * that new observations don't get swamped by old ones.
- *
- * By default, or if a negative value is provided for one of these options,
- * Tor uses reasonable defaults from the networkstatus consensus document.
- * If no defaults are available there, these options default to 150, .70,
- * .50, .30, 0, and 300 respectively.
- */
- int PathBiasCircThreshold;
- double PathBiasNoticeRate;
- double PathBiasWarnRate;
- double PathBiasExtremeRate;
- int PathBiasDropGuards;
- int PathBiasScaleThreshold;
- /** @} */
-
- /**
- * Parameters for path-bias use detection
- * @{
- * Similar to the above options, these options override the default behavior
- * of Tor's (**currently experimental**) path use bias detection algorithm.
- *
- * Where as the path bias parameters govern thresholds for successfully
- * building circuits, these four path use bias parameters govern thresholds
- * only for circuit usage. Circuits which receive no stream usage are not
- * counted by this detection algorithm. A used circuit is considered
- * successful if it is capable of carrying streams or otherwise receiving
- * well-formed responses to RELAY cells.
- *
- * By default, or if a negative value is provided for one of these options,
- * Tor uses reasonable defaults from the networkstatus consensus document.
- * If no defaults are available there, these options default to 20, .80,
- * .60, and 100, respectively.
- */
- int PathBiasUseThreshold;
- double PathBiasNoticeUseRate;
- double PathBiasExtremeUseRate;
- int PathBiasScaleUseThreshold;
- /** @} */
-
- int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */
-
- /** Fraction: */
- double PathsNeededToBuildCircuits;
-
- /** What expiry time shall we place on our SSL certs? "0" means we
- * should guess a suitable value. */
- int SSLKeyLifetime;
-
- /** How long (seconds) do we keep a guard before picking a new one? */
- int GuardLifetime;
-
- /** Is this an exit node? This is a tristate, where "1" means "yes, and use
- * the default exit policy if none is given" and "0" means "no; exit policy
- * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
- *
- * XXXX Eventually, the default will be 0. */
- int ExitRelay;
-
- /** For how long (seconds) do we declare our signing keys to be valid? */
- int SigningKeyLifetime;
- /** For how long (seconds) do we declare our link keys to be valid? */
- int TestingLinkCertLifetime;
- /** For how long (seconds) do we declare our auth keys to be valid? */
- int TestingAuthKeyLifetime;
-
- /** How long before signing keys expire will we try to make a new one? */
- int TestingSigningKeySlop;
- /** How long before link keys expire will we try to make a new one? */
- int TestingLinkKeySlop;
- /** How long before auth keys expire will we try to make a new one? */
- int TestingAuthKeySlop;
-
- /** Force use of offline master key features: never generate a master
- * ed25519 identity key except from tor --keygen */
- int OfflineMasterKey;
-
- enum {
- FORCE_PASSPHRASE_AUTO=0,
- FORCE_PASSPHRASE_ON,
- FORCE_PASSPHRASE_OFF
- } keygen_force_passphrase;
- int use_keygen_passphrase_fd;
- int keygen_passphrase_fd;
- int change_key_passphrase;
- char *master_key_fname;
-
- /** Autobool: Do we try to retain capabilities if we can? */
- int KeepBindCapabilities;
-
- /** Maximum total size of unparseable descriptors to log during the
- * lifetime of this Tor process.
- */
- uint64_t MaxUnparseableDescSizeToLog;
-
- /** Bool (default: 1): Switch for the shared random protocol. Only
- * relevant to a directory authority. If off, the authority won't
- * participate in the protocol. If on (default), a flag is added to the
- * vote indicating participation. */
- int AuthDirSharedRandomness;
-
- /** If 1, we skip all OOS checks. */
- int DisableOOSCheck;
-
- /** Autobool: Should we include Ed25519 identities in extend2 cells?
- * If -1, we should do whatever the consensus parameter says. */
- int ExtendByEd25519ID;
-
- /** Bool (default: 1): When testing routerinfos as a directory authority,
- * do we enforce Ed25519 identity match? */
- /* NOTE: remove this option someday. */
- int AuthDirTestEd25519LinkKeys;
-
- /** Bool (default: 0): Tells if a %include was used on torrc */
- int IncludeUsed;
-
- /** The seconds after expiration which we as a relay should keep old
- * consensuses around so that we can generate diffs from them. If 0,
- * use the default. */
- int MaxConsensusAgeForDiffs;
-
- /** Bool (default: 0). Tells Tor to never try to exec another program.
- */
- int NoExec;
-
- /** Have the KIST scheduler run every X milliseconds. If less than zero, do
- * not use the KIST scheduler but use the old vanilla scheduler instead. If
- * zero, do what the consensus says and fall back to using KIST as if this is
- * set to "10 msec" if the consensus doesn't say anything. */
- int KISTSchedRunInterval;
-
- /** A multiplier for the KIST per-socket limit calculation. */
- double KISTSockBufSizeFactor;
-
- /** The list of scheduler type string ordered by priority that is first one
- * has to be tried first. Default: KIST,KISTLite,Vanilla */
- smartlist_t *Schedulers;
- /* An ordered list of scheduler_types mapped from Schedulers. */
- smartlist_t *SchedulerTypes_;
-
- /** List of files that were opened by %include in torrc and torrc-defaults */
- smartlist_t *FilesOpenedByIncludes;
-
- /** If true, Tor shouldn't install any posix signal handlers, since it is
- * running embedded inside another process.
- */
- int DisableSignalHandlers;
-
- /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
- int DoSCircuitCreationEnabled;
- /** Minimum concurrent connection needed from one single address before any
- * defense is used. */
- int DoSCircuitCreationMinConnections;
- /** Circuit rate used to refill the token bucket. */
- int DoSCircuitCreationRate;
- /** Maximum allowed burst of circuits. Reaching that value, the address is
- * detected as malicious and a defense might be used. */
- int DoSCircuitCreationBurst;
- /** When an address is marked as malicous, what defense should be used
- * against it. See the dos_cc_defense_type_t enum. */
- int DoSCircuitCreationDefenseType;
- /** For how much time (in seconds) the defense is applicable for a malicious
- * address. A random time delta is added to the defense time of an address
- * which will be between 1 second and half of this value. */
- int DoSCircuitCreationDefenseTimePeriod;
-
- /** Autobool: Is the DoS connection mitigation subsystem enabled? */
- int DoSConnectionEnabled;
- /** Maximum concurrent connection allowed per address. */
- int DoSConnectionMaxConcurrentCount;
- /** When an address is reaches the maximum count, what defense should be
- * used against it. See the dos_conn_defense_type_t enum. */
- int DoSConnectionDefenseType;
-
- /** Autobool: Do we refuse single hop client rendezvous? */
- int DoSRefuseSingleHopClientRendezvous;
-} or_options_t;
+typedef struct or_options_t or_options_t;
#define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level())
-/** Persistent state for an onion router, as saved to disk. */
-typedef struct {
- uint32_t magic_;
- /** The time at which we next plan to write the state to the disk. Equal to
- * TIME_MAX if there are no savable changes, 0 if there are changes that
- * should be saved right away. */
- time_t next_write;
-
- /** When was the state last written to disk? */
- time_t LastWritten;
-
- /** Fields for accounting bandwidth use. */
- time_t AccountingIntervalStart;
- uint64_t AccountingBytesReadInInterval;
- uint64_t AccountingBytesWrittenInInterval;
- int AccountingSecondsActive;
- int AccountingSecondsToReachSoftLimit;
- time_t AccountingSoftLimitHitAt;
- uint64_t AccountingBytesAtSoftLimit;
- uint64_t AccountingExpectedUsage;
-
- /** A list of Entry Guard-related configuration lines. (pre-prop271) */
- config_line_t *EntryGuards;
-
- /** A list of guard-related configuration lines. (post-prop271) */
- config_line_t *Guard;
-
- config_line_t *TransportProxies;
-
- /** Cached revision counters for active hidden services on this host */
- config_line_t *HidServRevCounter;
-
- /** These fields hold information on the history of bandwidth usage for
- * servers. The "Ends" fields hold the time when we last updated the
- * bandwidth usage. The "Interval" fields hold the granularity, in seconds,
- * of the entries of Values. The "Values" lists hold decimal string
- * representations of the number of bytes read or written in each
- * interval. The "Maxima" list holds decimal strings describing the highest
- * rate achieved during the interval.
- */
- time_t BWHistoryReadEnds;
- int BWHistoryReadInterval;
- smartlist_t *BWHistoryReadValues;
- smartlist_t *BWHistoryReadMaxima;
- time_t BWHistoryWriteEnds;
- int BWHistoryWriteInterval;
- smartlist_t *BWHistoryWriteValues;
- smartlist_t *BWHistoryWriteMaxima;
- time_t BWHistoryDirReadEnds;
- int BWHistoryDirReadInterval;
- smartlist_t *BWHistoryDirReadValues;
- smartlist_t *BWHistoryDirReadMaxima;
- time_t BWHistoryDirWriteEnds;
- int BWHistoryDirWriteInterval;
- smartlist_t *BWHistoryDirWriteValues;
- smartlist_t *BWHistoryDirWriteMaxima;
-
- /** Build time histogram */
- config_line_t * BuildtimeHistogram;
- int TotalBuildTimes;
- int CircuitBuildAbandonedCount;
-
- /** What version of Tor wrote this state file? */
- char *TorVersion;
-
- /** Holds any unrecognized values we found in the state file, in the order
- * in which we found them. */
- config_line_t *ExtraLines;
-
- /** When did we last rotate our onion key? "0" for 'no idea'. */
- time_t LastRotatedOnionKey;
-} or_state_t;
-
-#define MAX_SOCKS_REPLY_LEN 1024
-#define MAX_SOCKS_ADDR_LEN 256
-#define SOCKS_NO_AUTH 0x00
-#define SOCKS_USER_PASS 0x02
-
-/** Please open a TCP connection to this addr:port. */
-#define SOCKS_COMMAND_CONNECT 0x01
-/** Please turn this FQDN into an IP address, privately. */
-#define SOCKS_COMMAND_RESOLVE 0xF0
-/** Please turn this IP address into an FQDN, privately. */
-#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
+typedef struct or_state_t or_state_t;
-/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
-#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0)
-#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \
- (c)==SOCKS_COMMAND_RESOLVE_PTR)
+#define MAX_SOCKS_ADDR_LEN 256
/********************************* circuitbuild.c **********************/
@@ -2849,105 +960,10 @@ typedef struct {
#define BW_MIN_WEIGHT_SCALE 1
#define BW_MAX_WEIGHT_SCALE INT32_MAX
-/** Total size of the circuit timeout history to accumulate.
- * 1000 is approx 2.5 days worth of continual-use circuits. */
-#define CBT_NCIRCUITS_TO_OBSERVE 1000
-
-/** Width of the histogram bins in milliseconds */
-#define CBT_BIN_WIDTH ((build_time_t)50)
-
-/** Number of modes to use in the weighted-avg computation of Xm */
-#define CBT_DEFAULT_NUM_XM_MODES 3
-#define CBT_MIN_NUM_XM_MODES 1
-#define CBT_MAX_NUM_XM_MODES 20
-
-/** A build_time_t is milliseconds */
-typedef uint32_t build_time_t;
-
-/**
- * CBT_BUILD_ABANDONED is our flag value to represent a force-closed
- * circuit (Aka a 'right-censored' pareto value).
- */
-#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1))
-#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX))
-
-/** Save state every 10 circuits */
-#define CBT_SAVE_STATE_EVERY 10
-
-/* Circuit build times consensus parameters */
-
-/**
- * How long to wait before actually closing circuits that take too long to
- * build in terms of CDF quantile.
- */
-#define CBT_DEFAULT_CLOSE_QUANTILE 95
-#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF
-#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF
-
-/**
- * How many circuits count as recent when considering if the
- * connection has gone gimpy or changed.
- */
-#define CBT_DEFAULT_RECENT_CIRCUITS 20
-#define CBT_MIN_RECENT_CIRCUITS 3
-#define CBT_MAX_RECENT_CIRCUITS 1000
-
-/**
- * Maximum count of timeouts that finish the first hop in the past
- * RECENT_CIRCUITS before calculating a new timeout.
- *
- * This tells us whether to abandon timeout history and set
- * the timeout back to whatever circuit_build_times_get_initial_timeout()
- * gives us.
- */
-#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10)
-#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3
-#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000
-
-/** Minimum circuits before estimating a timeout */
-#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100
-#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1
-#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000
-
-/** Cutoff percentile on the CDF for our timeout estimation. */
-#define CBT_DEFAULT_QUANTILE_CUTOFF 80
-#define CBT_MIN_QUANTILE_CUTOFF 10
-#define CBT_MAX_QUANTILE_CUTOFF 99
-double circuit_build_times_quantile_cutoff(void);
-
-/** How often in seconds should we build a test circuit */
-#define CBT_DEFAULT_TEST_FREQUENCY 10
-#define CBT_MIN_TEST_FREQUENCY 1
-#define CBT_MAX_TEST_FREQUENCY INT32_MAX
-
-/** Lowest allowable value for CircuitBuildTimeout in milliseconds */
-#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500)
-#define CBT_MIN_TIMEOUT_MIN_VALUE 500
-#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX
-
-/** Initial circuit build timeout in milliseconds */
-#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000)
-#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE
-#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX
-int32_t circuit_build_times_initial_timeout(void);
-
-#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT
-#error "RECENT_CIRCUITS is set too low."
-#endif
-
typedef struct circuit_build_times_s circuit_build_times_t;
/********************************* config.c ***************************/
-/** An error from options_trial_assign() or options_init_from_string(). */
-typedef enum setopt_err_t {
- SETOPT_OK = 0,
- SETOPT_ERR_MISC = -1,
- SETOPT_ERR_PARSE = -2,
- SETOPT_ERR_TRANSITION = -3,
- SETOPT_ERR_SETTING = -4,
-} setopt_err_t;
-
/********************************* connection_edge.c *************************/
/** Enumerates possible origins of a client-side address mapping. */
@@ -2974,227 +990,16 @@ typedef enum {
} addressmap_entry_source_t;
#define addressmap_entry_source_bitfield_t ENUM_BF(addressmap_entry_source_t)
-/********************************* control.c ***************************/
-
-/** Used to indicate the type of a circuit event passed to the controller.
- * The various types are defined in control-spec.txt */
-typedef enum circuit_status_event_t {
- CIRC_EVENT_LAUNCHED = 0,
- CIRC_EVENT_BUILT = 1,
- CIRC_EVENT_EXTENDED = 2,
- CIRC_EVENT_FAILED = 3,
- CIRC_EVENT_CLOSED = 4,
-} circuit_status_event_t;
-
-/** Used to indicate the type of a CIRC_MINOR event passed to the controller.
- * The various types are defined in control-spec.txt . */
-typedef enum circuit_status_minor_event_t {
- CIRC_MINOR_EVENT_PURPOSE_CHANGED,
- CIRC_MINOR_EVENT_CANNIBALIZED,
-} circuit_status_minor_event_t;
-
-/** Used to indicate the type of a stream event passed to the controller.
- * The various types are defined in control-spec.txt */
-typedef enum stream_status_event_t {
- STREAM_EVENT_SENT_CONNECT = 0,
- STREAM_EVENT_SENT_RESOLVE = 1,
- STREAM_EVENT_SUCCEEDED = 2,
- STREAM_EVENT_FAILED = 3,
- STREAM_EVENT_CLOSED = 4,
- STREAM_EVENT_NEW = 5,
- STREAM_EVENT_NEW_RESOLVE = 6,
- STREAM_EVENT_FAILED_RETRIABLE = 7,
- STREAM_EVENT_REMAP = 8
-} stream_status_event_t;
-
-/** Used to indicate the type of an OR connection event passed to the
- * controller. The various types are defined in control-spec.txt */
-typedef enum or_conn_status_event_t {
- OR_CONN_EVENT_LAUNCHED = 0,
- OR_CONN_EVENT_CONNECTED = 1,
- OR_CONN_EVENT_FAILED = 2,
- OR_CONN_EVENT_CLOSED = 3,
- OR_CONN_EVENT_NEW = 4,
-} or_conn_status_event_t;
-
-/** Used to indicate the type of a buildtime event */
-typedef enum buildtimeout_set_event_t {
- BUILDTIMEOUT_SET_EVENT_COMPUTED = 0,
- BUILDTIMEOUT_SET_EVENT_RESET = 1,
- BUILDTIMEOUT_SET_EVENT_SUSPENDED = 2,
- BUILDTIMEOUT_SET_EVENT_DISCARD = 3,
- BUILDTIMEOUT_SET_EVENT_RESUME = 4
-} buildtimeout_set_event_t;
-
-/** Execute the statement <b>stmt</b>, which may log events concerning the
- * connection <b>conn</b>. To prevent infinite loops, disable log messages
- * being sent to controllers if <b>conn</b> is a control connection.
- *
- * Stmt must not contain any return or goto statements.
- */
-#define CONN_LOG_PROTECT(conn, stmt) \
- STMT_BEGIN \
- int _log_conn_is_control; \
- tor_assert(conn); \
- _log_conn_is_control = (conn->type == CONN_TYPE_CONTROL); \
- if (_log_conn_is_control) \
- disable_control_logging(); \
- STMT_BEGIN stmt; STMT_END; \
- if (_log_conn_is_control) \
- enable_control_logging(); \
- STMT_END
-
-/** Enum describing various stages of bootstrapping, for use with controller
- * bootstrap status events. The values range from 0 to 100. */
-typedef enum {
- BOOTSTRAP_STATUS_UNDEF=-1,
- BOOTSTRAP_STATUS_STARTING=0,
- BOOTSTRAP_STATUS_CONN_DIR=5,
- BOOTSTRAP_STATUS_HANDSHAKE=-2,
- BOOTSTRAP_STATUS_HANDSHAKE_DIR=10,
- BOOTSTRAP_STATUS_ONEHOP_CREATE=15,
- BOOTSTRAP_STATUS_REQUESTING_STATUS=20,
- BOOTSTRAP_STATUS_LOADING_STATUS=25,
- BOOTSTRAP_STATUS_LOADING_KEYS=40,
- BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS=45,
- BOOTSTRAP_STATUS_LOADING_DESCRIPTORS=50,
- BOOTSTRAP_STATUS_CONN_OR=80,
- BOOTSTRAP_STATUS_HANDSHAKE_OR=85,
- BOOTSTRAP_STATUS_CIRCUIT_CREATE=90,
- BOOTSTRAP_STATUS_DONE=100
-} bootstrap_status_t;
-
-/********************************* dirserv.c ***************************/
-
-/** An enum to describe what format we're generating a routerstatus line in.
- */
-typedef enum {
- /** For use in a v2 opinion */
- NS_V2,
- /** For use in a consensus networkstatus document (ns flavor) */
- NS_V3_CONSENSUS,
- /** For use in a vote networkstatus document */
- NS_V3_VOTE,
- /** For passing to the controlport in response to a GETINFO request */
- NS_CONTROL_PORT,
- /** For use in a consensus networkstatus document (microdesc flavor) */
- NS_V3_CONSENSUS_MICRODESC
-} routerstatus_format_type_t;
+#define WRITE_STATS_INTERVAL (24*60*60)
/********************************* dirvote.c ************************/
typedef struct vote_timing_t vote_timing_t;
-/********************************* geoip.c **************************/
-
-/** Indicates an action that we might be noting geoip statistics on.
- * Note that if we're noticing CONNECT, we're a bridge, and if we're noticing
- * the others, we're not.
- */
-typedef enum {
- /** We've noticed a connection as a bridge relay or entry guard. */
- GEOIP_CLIENT_CONNECT = 0,
- /** We've served a networkstatus consensus as a directory server. */
- GEOIP_CLIENT_NETWORKSTATUS = 1,
-} geoip_client_action_t;
-/** Indicates either a positive reply or a reason for rejectng a network
- * status request that will be included in geoip statistics. */
-typedef enum {
- /** Request is answered successfully. */
- GEOIP_SUCCESS = 0,
- /** V3 network status is not signed by a sufficient number of requested
- * authorities. */
- GEOIP_REJECT_NOT_ENOUGH_SIGS = 1,
- /** Requested network status object is unavailable. */
- GEOIP_REJECT_UNAVAILABLE = 2,
- /** Requested network status not found. */
- GEOIP_REJECT_NOT_FOUND = 3,
- /** Network status has not been modified since If-Modified-Since time. */
- GEOIP_REJECT_NOT_MODIFIED = 4,
- /** Directory is busy. */
- GEOIP_REJECT_BUSY = 5,
-} geoip_ns_response_t;
-#define GEOIP_NS_RESPONSE_NUM 6
-
-/** Directory requests that we are measuring can be either direct or
- * tunneled. */
-typedef enum {
- DIRREQ_DIRECT = 0,
- DIRREQ_TUNNELED = 1,
-} dirreq_type_t;
-
-/** Possible states for either direct or tunneled directory requests that
- * are relevant for determining network status download times. */
-typedef enum {
- /** Found that the client requests a network status; applies to both
- * direct and tunneled requests; initial state of a request that we are
- * measuring. */
- DIRREQ_IS_FOR_NETWORK_STATUS = 0,
- /** Finished writing a network status to the directory connection;
- * applies to both direct and tunneled requests; completes a direct
- * request. */
- DIRREQ_FLUSHING_DIR_CONN_FINISHED = 1,
- /** END cell sent to circuit that initiated a tunneled request. */
- DIRREQ_END_CELL_SENT = 2,
- /** Flushed last cell from queue of the circuit that initiated a
- * tunneled request to the outbuf of the OR connection. */
- DIRREQ_CIRC_QUEUE_FLUSHED = 3,
- /** Flushed last byte from buffer of the channel belonging to the
- * circuit that initiated a tunneled request; completes a tunneled
- * request. */
- DIRREQ_CHANNEL_BUFFER_FLUSHED = 4
-} dirreq_state_t;
-
-#define WRITE_STATS_INTERVAL (24*60*60)
-
/********************************* microdesc.c *************************/
typedef struct microdesc_cache_t microdesc_cache_t;
-/********************************* networkstatus.c *********************/
-
-/** Possible statuses of a version of Tor, given opinions from the directory
- * servers. */
-typedef enum version_status_t {
- VS_RECOMMENDED=0, /**< This version is listed as recommended. */
- VS_OLD=1, /**< This version is older than any recommended version. */
- VS_NEW=2, /**< This version is newer than any recommended version. */
- VS_NEW_IN_SERIES=3, /**< This version is newer than any recommended version
- * in its series, but later recommended versions exist.
- */
- VS_UNRECOMMENDED=4, /**< This version is not recommended (general case). */
- VS_EMPTY=5, /**< The version list was empty; no agreed-on versions. */
- VS_UNKNOWN, /**< We have no idea. */
-} version_status_t;
-
-/********************************* policies.c ************************/
-
-/** Outcome of applying an address policy to an address. */
-typedef enum {
- /** The address was accepted */
- ADDR_POLICY_ACCEPTED=0,
- /** The address was rejected */
- ADDR_POLICY_REJECTED=-1,
- /** Part of the address was unknown, but as far as we can tell, it was
- * accepted. */
- ADDR_POLICY_PROBABLY_ACCEPTED=1,
- /** Part of the address was unknown, but as far as we can tell, it was
- * rejected. */
- ADDR_POLICY_PROBABLY_REJECTED=2,
-} addr_policy_result_t;
-
-/********************************* rephist.c ***************************/
-
-/** Possible public/private key operations in Tor: used to keep track of where
- * we're spending our time. */
-typedef enum {
- SIGN_DIR, SIGN_RTR,
- VERIFY_DIR, VERIFY_RTR,
- ENC_ONIONSKIN, DEC_ONIONSKIN,
- TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
- REND_CLIENT, REND_MID, REND_SERVER,
-} pk_op_t;
-
/********************************* rendcommon.c ***************************/
typedef struct rend_authorized_client_t rend_authorized_client_t;
@@ -3244,90 +1049,6 @@ typedef struct dir_server_t dir_server_t;
#define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX
-/* Flags for pick_directory_server() and pick_trusteddirserver(). */
-/** Flag to indicate that we should not automatically be willing to use
- * ourself to answer a directory request.
- * Passed to router_pick_directory_server (et al).*/
-#define PDS_ALLOW_SELF (1<<0)
-/** Flag to indicate that if no servers seem to be up, we should mark all
- * directory servers as up and try again.
- * Passed to router_pick_directory_server (et al).*/
-#define PDS_RETRY_IF_NO_SERVERS (1<<1)
-/** Flag to indicate that we should not exclude directory servers that
- * our ReachableAddress settings would exclude. This usually means that
- * we're going to connect to the server over Tor, and so we don't need to
- * worry about our firewall telling us we can't.
- * Passed to router_pick_directory_server (et al).*/
-#define PDS_IGNORE_FASCISTFIREWALL (1<<2)
-/** Flag to indicate that we should not use any directory authority to which
- * we have an existing directory connection for downloading server descriptors
- * or extrainfo documents.
- *
- * Passed to router_pick_directory_server (et al)
- */
-#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3)
-/** Flag to indicate that we should not use any directory authority to which
- * we have an existing directory connection for downloading microdescs.
- *
- * Passed to router_pick_directory_server (et al)
- */
-#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4)
-
-/** Possible ways to weight routers when choosing one randomly. See
- * routerlist_sl_choose_by_bandwidth() for more information.*/
-typedef enum bandwidth_weight_rule_t {
- NO_WEIGHTING, WEIGHT_FOR_EXIT, WEIGHT_FOR_MID, WEIGHT_FOR_GUARD,
- WEIGHT_FOR_DIR
-} bandwidth_weight_rule_t;
-
-/** Flags to be passed to control router_choose_random_node() to indicate what
- * kind of nodes to pick according to what algorithm. */
-typedef enum {
- CRN_NEED_UPTIME = 1<<0,
- CRN_NEED_CAPACITY = 1<<1,
- CRN_NEED_GUARD = 1<<2,
- /* XXXX not used, apparently. */
- CRN_WEIGHT_AS_EXIT = 1<<5,
- CRN_NEED_DESC = 1<<6,
- /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
- CRN_PREF_ADDR = 1<<7,
- /* On clients, only provide nodes that we can connect to directly, based on
- * our firewall rules */
- CRN_DIRECT_CONN = 1<<8,
- /* On clients, only provide nodes with HSRend >= 2 protocol version which
- * is required for hidden service version >= 3. */
- CRN_RENDEZVOUS_V3 = 1<<9,
-} router_crn_flags_t;
-
-/** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */
-typedef enum was_router_added_t {
- /* Router was added successfully. */
- ROUTER_ADDED_SUCCESSFULLY = 1,
- /* Extrainfo document was rejected because no corresponding router
- * descriptor was found OR router descriptor was rejected because
- * it was incompatible with its extrainfo document. */
- ROUTER_BAD_EI = -1,
- /* Router descriptor was rejected because it is already known. */
- ROUTER_IS_ALREADY_KNOWN = -2,
- /* General purpose router was rejected, because it was not listed
- * in consensus. */
- ROUTER_NOT_IN_CONSENSUS = -3,
- /* Router was neither in directory consensus nor in any of
- * networkstatus documents. Caching it to access later.
- * (Applies to fetched descriptors only.) */
- ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4,
- /* Router was rejected by directory authority. */
- ROUTER_AUTHDIR_REJECTS = -5,
- /* Bridge descriptor was rejected because such bridge was not one
- * of the bridges we have listed in our configuration. */
- ROUTER_WAS_NOT_WANTED = -6,
- /* Router descriptor was rejected because it was older than
- * OLD_ROUTER_DESC_MAX_AGE. */
- ROUTER_WAS_TOO_OLD = -7, /* note contrast with 'NOT_NEW' */
- /* DOCDOC */
- ROUTER_CERTS_EXPIRED = -8
-} was_router_added_t;
-
typedef struct tor_version_t tor_version_t;
#endif /* !defined(TOR_OR_H) */
diff --git a/src/or/or_connection_st.h b/src/or/or_connection_st.h
index eba2721c37..dbfe7528b0 100644
--- a/src/or/or_connection_st.h
+++ b/src/or/or_connection_st.h
@@ -8,6 +8,9 @@
#define OR_CONNECTION_ST_H
#include "or/connection_st.h"
+#include "common/token_bucket.h"
+
+struct tor_tls_t;
/** Subtype of connection_t for an "OR connection" -- that is, one that speaks
* cells over TLS. */
@@ -33,7 +36,7 @@ struct or_connection_t {
char *nickname; /**< Nickname of OR on other side (if any). */
- tor_tls_t *tls; /**< TLS connection state. */
+ struct tor_tls_t *tls; /**< TLS connection state. */
int tls_error; /**< Last tor_tls error code. */
/** When we last used this conn for any client traffic. If not
* recent, we can rate limit it further. */
@@ -87,4 +90,3 @@ struct or_connection_t {
};
#endif
-
diff --git a/src/or/or_handshake_certs_st.h b/src/or/or_handshake_certs_st.h
index f05dd92617..38e798b5e2 100644
--- a/src/or/or_handshake_certs_st.h
+++ b/src/or/or_handshake_certs_st.h
@@ -7,6 +7,8 @@
#ifndef OR_HANDSHAKE_CERTS_ST
#define OR_HANDSHAKE_CERTS_ST
+struct tor_x509_cert_t;
+
/** Structure to hold all the certificates we've received on an OR connection
*/
struct or_handshake_certs_t {
@@ -14,13 +16,13 @@ struct or_handshake_certs_t {
int started_here;
/** The cert for the 'auth' RSA key that's supposed to sign the AUTHENTICATE
* cell. Signed with the RSA identity key. */
- tor_x509_cert_t *auth_cert;
+ struct tor_x509_cert_t *auth_cert;
/** The cert for the 'link' RSA key that was used to negotiate the TLS
* connection. Signed with the RSA identity key. */
- tor_x509_cert_t *link_cert;
+ struct tor_x509_cert_t *link_cert;
/** A self-signed identity certificate: the RSA identity key signed
* with itself. */
- tor_x509_cert_t *id_cert;
+ struct tor_x509_cert_t *id_cert;
/** The Ed25519 signing key, signed with the Ed25519 identity key. */
struct tor_cert_st *ed_id_sign;
/** A digest of the X509 link certificate for the TLS connection, signed
@@ -36,4 +38,3 @@ struct or_handshake_certs_t {
};
#endif
-
diff --git a/src/or/or_options_st.h b/src/or/or_options_st.h
new file mode 100644
index 0000000000..0c0c5d32bb
--- /dev/null
+++ b/src/or/or_options_st.h
@@ -0,0 +1,1077 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_OR_OPTIONS_ST_H
+#define TOR_OR_OPTIONS_ST_H
+
+#include "lib/cc/torint.h"
+#include "lib/net/address.h"
+
+struct smartlist_t;
+struct config_line_t;
+
+/** Enumeration of outbound address configuration types:
+ * Exit-only, OR-only, or both */
+typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR,
+ OUTBOUND_ADDR_EXIT_AND_OR,
+ OUTBOUND_ADDR_MAX} outbound_addr_t;
+
+/** Configuration options for a Tor process. */
+struct or_options_t {
+ uint32_t magic_;
+
+ /** What should the tor process actually do? */
+ enum {
+ CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD,
+ CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG,
+ CMD_KEYGEN,
+ CMD_KEY_EXPIRATION,
+ } command;
+ char *command_arg; /**< Argument for command-line option. */
+
+ struct config_line_t *Logs; /**< New-style list of configuration lines
+ * for logs */
+ int LogTimeGranularity; /**< Log resolution in milliseconds. */
+
+ int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which
+ * each log message occurs? */
+ int TruncateLogFile; /**< Boolean: Should we truncate the log file
+ before we start writing? */
+ char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
+ char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */
+
+ char *DebugLogFile; /**< Where to send verbose log messages. */
+ char *DataDirectory_option; /**< Where to store long-term data, as
+ * configured by the user. */
+ char *DataDirectory; /**< Where to store long-term data, as modified. */
+ int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
+
+ char *KeyDirectory_option; /**< Where to store keys, as
+ * configured by the user. */
+ char *KeyDirectory; /**< Where to store keys data, as modified. */
+ int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
+
+ char *CacheDirectory_option; /**< Where to store cached data, as
+ * configured by the user. */
+ char *CacheDirectory; /**< Where to store cached data, as modified. */
+ int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
+
+ char *Nickname; /**< OR only: nickname of this onion router. */
+ char *Address; /**< OR only: configured address for this onion router. */
+ char *PidFile; /**< Where to store PID of Tor process. */
+
+ routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
+ * country codes and IP address patterns of ORs to
+ * consider as exits. */
+ routerset_t *EntryNodes;/**< Structure containing nicknames, digests,
+ * country codes and IP address patterns of ORs to
+ * consider as entry points. */
+ int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes
+ * are up, or we need to access a node in ExcludeNodes,
+ * do we just fail instead? */
+ routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests,
+ * country codes and IP address patterns of ORs
+ * not to use in circuits. But see StrictNodes
+ * above. */
+ routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests,
+ * country codes and IP address patterns of
+ * ORs not to consider as exits. */
+
+ /** Union of ExcludeNodes and ExcludeExitNodes */
+ routerset_t *ExcludeExitNodesUnion_;
+
+ int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our
+ * process for all current and future memory. */
+
+ struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */
+ int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private
+ * addresses, and our own published addresses?
+ */
+ int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local
+ * interface addresses?
+ * Includes OutboundBindAddresses and
+ * configured ports. */
+ int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
+ struct config_line_t *SocksPolicy; /**< Lists of socks policy components */
+ struct config_line_t *DirPolicy; /**< Lists of dir policy components */
+ /** Local address to bind outbound sockets */
+ struct config_line_t *OutboundBindAddress;
+ /** Local address to bind outbound relay sockets */
+ struct config_line_t *OutboundBindAddressOR;
+ /** Local address to bind outbound exit sockets */
+ struct config_line_t *OutboundBindAddressExit;
+ /** Addresses derived from the various OutboundBindAddress lines.
+ * [][0] is IPv4, [][1] is IPv6
+ */
+ tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2];
+ /** Directory server only: which versions of
+ * Tor should we tell users to run? */
+ struct config_line_t *RecommendedVersions;
+ struct config_line_t *RecommendedClientVersions;
+ struct config_line_t *RecommendedServerVersions;
+ struct config_line_t *RecommendedPackages;
+ /** Whether dirservers allow router descriptors with private IPs. */
+ int DirAllowPrivateAddresses;
+ /** Whether routers accept EXTEND cells to routers with private IPs. */
+ int ExtendAllowPrivateAddresses;
+ char *User; /**< Name of user to run Tor as. */
+ /** Ports to listen on for OR connections. */
+ struct config_line_t *ORPort_lines;
+ /** Ports to listen on for extended OR connections. */
+ struct config_line_t *ExtORPort_lines;
+ /** Ports to listen on for SOCKS connections. */
+ struct config_line_t *SocksPort_lines;
+ /** Ports to listen on for transparent pf/netfilter connections. */
+ struct config_line_t *TransPort_lines;
+ char *TransProxyType; /**< What kind of transparent proxy
+ * implementation are we using? */
+ /** Parsed value of TransProxyType. */
+ enum {
+ TPT_DEFAULT,
+ TPT_PF_DIVERT,
+ TPT_IPFW,
+ TPT_TPROXY,
+ } TransProxyType_parsed;
+ /** Ports to listen on for transparent natd connections. */
+ struct config_line_t *NATDPort_lines;
+ /** Ports to listen on for HTTP Tunnel connections. */
+ struct config_line_t *HTTPTunnelPort_lines;
+ struct config_line_t *ControlPort_lines; /**< Ports to listen on for control
+ * connections. */
+ /** List of Unix Domain Sockets to listen on for control connections. */
+ struct config_line_t *ControlSocket;
+
+ int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
+ int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */
+ /** Ports to listen on for directory connections. */
+ struct config_line_t *DirPort_lines;
+ /** Ports to listen on for DNS requests. */
+ struct config_line_t *DNSPort_lines;
+
+ /* MaxMemInQueues value as input by the user. We clean this up to be
+ * MaxMemInQueues. */
+ uint64_t MaxMemInQueues_raw;
+ uint64_t MaxMemInQueues;/**< If we have more memory than this allocated
+ * for queues and buffers, run the OOM handler */
+ /** Above this value, consider ourselves low on RAM. */
+ uint64_t MaxMemInQueues_low_threshold;
+
+ /** @name port booleans
+ *
+ * Derived booleans: For server ports and ControlPort, true iff there is a
+ * non-listener port on an AF_INET or AF_INET6 address of the given type
+ * configured in one of the _lines options above.
+ * For client ports, also true if there is a unix socket configured.
+ * If you are checking for client ports, you may want to use:
+ * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
+ * HTTPTunnelPort_set
+ * rather than SocksPort_set.
+ *
+ * @{
+ */
+ unsigned int ORPort_set : 1;
+ unsigned int SocksPort_set : 1;
+ unsigned int TransPort_set : 1;
+ unsigned int NATDPort_set : 1;
+ unsigned int ControlPort_set : 1;
+ unsigned int DirPort_set : 1;
+ unsigned int DNSPort_set : 1;
+ unsigned int ExtORPort_set : 1;
+ unsigned int HTTPTunnelPort_set : 1;
+ /**@}*/
+
+ int AssumeReachable; /**< Whether to publish our descriptor regardless. */
+ int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
+ int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
+ * for version 3 directories? */
+ int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
+ * directory that's willing to recommend
+ * versions? */
+ int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory
+ * that aggregates bridge descriptors? */
+
+ /** If set on a bridge relay, it will include this value on a new
+ * "bridge-distribution-request" line in its bridge descriptor. */
+ char *BridgeDistribution;
+
+ /** If set on a bridge authority, it will answer requests on its dirport
+ * for bridge statuses -- but only if the requests use this password. */
+ char *BridgePassword;
+ /** If BridgePassword is set, this is a SHA256 digest of the basic http
+ * authenticator for it. Used so we can do a time-independent comparison. */
+ char *BridgePassword_AuthDigest_;
+
+ int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
+ struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
+
+ struct config_line_t *ClientTransportPlugin; /**< List of client
+ transport plugins. */
+
+ struct config_line_t *ServerTransportPlugin; /**< List of client
+ transport plugins. */
+
+ /** List of TCP/IP addresses that transports should listen at. */
+ struct config_line_t *ServerTransportListenAddr;
+
+ /** List of options that must be passed to pluggable transports. */
+ struct config_line_t *ServerTransportOptions;
+
+ int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make
+ * this explicit so we can change how we behave in the
+ * future. */
+
+ /** Boolean: if we know the bridge's digest, should we get new
+ * descriptors from the bridge authorities or from the bridge itself? */
+ int UpdateBridgesFromAuthority;
+
+ int AvoidDiskWrites; /**< Boolean: should we never cache things to disk?
+ * Not used yet. */
+ int ClientOnly; /**< Boolean: should we never evolve into a server role? */
+
+ int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections
+ open shorter and pad them less against
+ connection-level traffic analysis? */
+ /** Autobool: if auto, then connection padding will be negotiated by client
+ * and server. If 0, it will be fully disabled. If 1, the client will still
+ * pad to the server regardless of server support. */
+ int ConnectionPadding;
+
+ /** To what authority types do we publish our descriptor? Choices are
+ * "v1", "v2", "v3", "bridge", or "". */
+ struct smartlist_t *PublishServerDescriptor;
+ /** A bitfield of authority types, derived from PublishServerDescriptor. */
+ dirinfo_type_t PublishServerDescriptor_;
+ /** Boolean: do we publish hidden service descriptors to the HS auths? */
+ int PublishHidServDescriptors;
+ int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */
+ int FetchHidServDescriptors; /**< and hidden service descriptors? */
+
+ int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden
+ * service directories after what time? */
+
+ int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */
+ int AllDirActionsPrivate; /**< Should every directory action be sent
+ * through a Tor circuit? */
+
+ /** Run in 'tor2web mode'? (I.e. only make client connections to hidden
+ * services, and use a single hop for all hidden-service-related
+ * circuits.) */
+ int Tor2webMode;
+
+ /** A routerset that should be used when picking RPs for HS circuits. */
+ routerset_t *Tor2webRendezvousPoints;
+
+ /** A routerset that should be used when picking middle nodes for HS
+ * circuits. */
+ routerset_t *HSLayer2Nodes;
+
+ /** A routerset that should be used when picking third-hop nodes for HS
+ * circuits. */
+ routerset_t *HSLayer3Nodes;
+
+ /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
+ * circuits between the onion service server, and the introduction and
+ * rendezvous points. (Onion service descriptors are still posted using
+ * 3-hop paths, to avoid onion service directories blocking the service.)
+ * This option makes every hidden service instance hosted by
+ * this tor instance a Single Onion Service.
+ * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
+ * set to 1.
+ * Use rend_service_allow_non_anonymous_connection() or
+ * rend_service_reveal_startup_time() instead of using this option directly.
+ */
+ int HiddenServiceSingleHopMode;
+ /* Makes hidden service clients and servers non-anonymous on this tor
+ * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
+ * non-anonymous behaviour in the hidden service protocol.
+ * Use rend_service_non_anonymous_mode_enabled() instead of using this option
+ * directly.
+ */
+ int HiddenServiceNonAnonymousMode;
+
+ int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
+ int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */
+ int ConnLimit_high_thresh; /**< start trying to lower socket usage if we
+ * have this many. */
+ int ConnLimit_low_thresh; /**< try to get down to here after socket
+ * exhaustion. */
+ int RunAsDaemon; /**< If true, run in the background. (Unix only) */
+ int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
+ struct smartlist_t *FirewallPorts; /**< Which ports our firewall allows
+ * (strings). */
+ /** IP:ports our firewall allows. */
+ struct config_line_t *ReachableAddresses;
+ struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */
+ struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */
+
+ int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */
+ uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */
+
+ /** Whether we should drop exit streams from Tors that we don't know are
+ * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
+ * what the consensus says, defaulting to 'refuse' if the consensus says
+ * nothing). */
+ int RefuseUnknownExits;
+
+ /** Application ports that require all nodes in circ to have sufficient
+ * uptime. */
+ struct smartlist_t *LongLivedPorts;
+ /** Application ports that are likely to be unencrypted and
+ * unauthenticated; we reject requests for them to prevent the
+ * user from screwing up and leaking plaintext secrets to an
+ * observer somewhere on the Internet. */
+ struct smartlist_t *RejectPlaintextPorts;
+ /** Related to RejectPlaintextPorts above, except this config option
+ * controls whether we warn (in the log and via a controller status
+ * event) every time a risky connection is attempted. */
+ struct smartlist_t *WarnPlaintextPorts;
+ /** Should we try to reuse the same exit node for a given host */
+ struct smartlist_t *TrackHostExits;
+ int TrackHostExitsExpire; /**< Number of seconds until we expire an
+ * addressmap */
+ struct config_line_t *AddressMap; /**< List of address map directives. */
+ int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a
+ * hostname ending with one of the suffixes in
+ * <b>AutomapHostsSuffixes</b>, map it to a
+ * virtual address. */
+ /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
+ * "." means "match everything." */
+ struct smartlist_t *AutomapHostsSuffixes;
+ int RendPostPeriod; /**< How often do we post each rendezvous service
+ * descriptor? Remember to publish them independently. */
+ int KeepalivePeriod; /**< How often do we send padding cells to keep
+ * connections alive? */
+ int SocksTimeout; /**< How long do we let a socks connection wait
+ * unattached before we fail it? */
+ int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value
+ * for CircuitBuildTimeout based on timeout
+ * history. Use circuit_build_times_disabled()
+ * rather than checking this value directly. */
+ int CircuitBuildTimeout; /**< Cull non-open circuits that were born at
+ * least this many seconds ago. Used until
+ * adaptive algorithm learns a new value. */
+ int CircuitsAvailableTimeout; /**< Try to have an open circuit for at
+ least this long after last activity */
+ int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits
+ * and try a new circuit if the stream has been
+ * waiting for this many seconds. If zero, use
+ * our default internal timeout schedule. */
+ int MaxOnionQueueDelay; /*< DOCDOC */
+ int NewCircuitPeriod; /**< How long do we use a circuit before building
+ * a new one? */
+ int MaxCircuitDirtiness; /**< Never use circs that were first used more than
+ this interval ago. */
+ uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing
+ * to use in a second? */
+ uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing
+ * to use in a second? */
+ uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to
+ * tell other nodes we have? */
+ uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we
+ * willing to use for all relayed conns? */
+ uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we
+ * use in a second for all relayed conns? */
+ uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */
+ uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */
+ int NumCPUs; /**< How many CPUs should we try to use? */
+ struct config_line_t *RendConfigLines; /**< List of configuration lines
+ * for rendezvous services. */
+ struct config_line_t *HidServAuth; /**< List of configuration lines for
+ * client-side authorizations for hidden
+ * services */
+ char *ContactInfo; /**< Contact info to be published in the directory. */
+
+ int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds
+ * have passed. */
+ int MainloopStats; /**< Log main loop statistics as part of the
+ * heartbeat messages. */
+
+ char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */
+ tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */
+ uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */
+ char *HTTPProxyAuthenticator; /**< username:password string, if any. */
+
+ char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */
+ tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */
+ uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */
+ char *HTTPSProxyAuthenticator; /**< username:password string, if any. */
+
+ char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */
+ tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */
+ uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */
+
+ char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */
+ tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */
+ uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */
+ char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */
+ char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */
+
+ /** List of configuration lines for replacement directory authorities.
+ * If you just want to replace one class of authority at a time,
+ * use the "Alternate*Authority" options below instead. */
+ struct config_line_t *DirAuthorities;
+
+ /** List of fallback directory servers */
+ struct config_line_t *FallbackDir;
+ /** Whether to use the default hard-coded FallbackDirs */
+ int UseDefaultFallbackDirs;
+
+ /** Weight to apply to all directory authority rates if considering them
+ * along with fallbackdirs */
+ double DirAuthorityFallbackRate;
+
+ /** If set, use these main (currently v3) directory authorities and
+ * not the default ones. */
+ struct config_line_t *AlternateDirAuthority;
+
+ /** If set, use these bridge authorities and not the default one. */
+ struct config_line_t *AlternateBridgeAuthority;
+
+ struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */
+ struct config_line_t *MyFamily; /**< Declared family for this OR,
+ normalized */
+ struct config_line_t *NodeFamilies; /**< List of config lines for
+ * node families */
+ /** List of parsed NodeFamilies values. */
+ struct smartlist_t *NodeFamilySets;
+ struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
+ * mark as bad exits. */
+ struct config_line_t *AuthDirReject; /**< Address policy for descriptors to
+ * reject. */
+ struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
+ * never mark as valid. */
+ /** @name AuthDir...CC
+ *
+ * Lists of country codes to mark as BadExit, or Invalid, or to
+ * reject entirely.
+ *
+ * @{
+ */
+ struct smartlist_t *AuthDirBadExitCCs;
+ struct smartlist_t *AuthDirInvalidCCs;
+ struct smartlist_t *AuthDirRejectCCs;
+ /**@}*/
+
+ int AuthDirListBadExits; /**< True iff we should list bad exits,
+ * and vote for all other exits as good. */
+ int AuthDirMaxServersPerAddr; /**< Do not permit more than this
+ * number of servers per IP address. */
+ int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
+ int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
+
+ /** If non-zero, always vote the Fast flag for any relay advertising
+ * this amount of capacity or more. */
+ uint64_t AuthDirFastGuarantee;
+
+ /** If non-zero, this advertised capacity or more is always sufficient
+ * to satisfy the bandwidth requirement for the Guard flag. */
+ uint64_t AuthDirGuardBWGuarantee;
+
+ char *AccountingStart; /**< How long is the accounting interval, and when
+ * does it start? */
+ uint64_t AccountingMax; /**< How many bytes do we allow per accounting
+ * interval before hibernation? 0 for "never
+ * hibernate." */
+ /** How do we determine when our AccountingMax has been reached?
+ * "max" for when in or out reaches AccountingMax
+ * "sum" for when in plus out reaches AccountingMax
+ * "in" for when in reaches AccountingMax
+ * "out" for when out reaches AccountingMax */
+ char *AccountingRule_option;
+ enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;
+
+ /** Base64-encoded hash of accepted passwords for the control system. */
+ struct config_line_t *HashedControlPassword;
+ /** As HashedControlPassword, but not saved. */
+ struct config_line_t *HashedControlSessionPassword;
+
+ int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
+ * the control system? */
+ char *CookieAuthFile; /**< Filesystem location of a ControlPort
+ * authentication cookie. */
+ char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
+ * ORPort authentication cookie. */
+ int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
+ int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
+ * ExtORPortCookieAuthFile g+r? */
+ int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
+ * circuits itself (0), or does it expect a controller
+ * to cope? (1) */
+ int DisablePredictedCircuits; /**< Boolean: does Tor preemptively
+ * make circuits in the background (0),
+ * or not (1)? */
+
+ /** Process specifier for a controller that ‘owns’ this Tor
+ * instance. Tor will terminate if its owning controller does. */
+ char *OwningControllerProcess;
+ /** FD specifier for a controller that owns this Tor instance. */
+ int OwningControllerFD;
+
+ int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how
+ * long do we wait before exiting? */
+ char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
+
+ /* Derived from SafeLogging */
+ enum {
+ SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
+ } SafeLogging_;
+
+ int Sandbox; /**< Boolean: should sandboxing be enabled? */
+ int SafeSocks; /**< Boolean: should we outright refuse application
+ * connections that use socks4 or socks5-with-local-dns? */
+ int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
+ * protocol, is it a warn or an info in our logs? */
+ int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
+ * log whether it was DNS-leaking or not? */
+ int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware
+ * acceleration where available? */
+ /** Token Bucket Refill resolution in milliseconds. */
+ int TokenBucketRefillInterval;
+ char *AccelName; /**< Optional hardware acceleration engine name. */
+ char *AccelDir; /**< Optional hardware acceleration engine search dir. */
+
+ /** Boolean: Do we try to enter from a smallish number
+ * of fixed nodes? */
+ int UseEntryGuards_option;
+ /** Internal variable to remember whether we're actually acting on
+ * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or
+ * Single Onion Service, it is always false, otherwise we use the value of
+ * UseEntryGuards_option. */
+ int UseEntryGuards;
+
+ int NumEntryGuards; /**< How many entry guards do we try to establish? */
+
+ /** If 1, we use any guardfraction information we see in the
+ * consensus. If 0, we don't. If -1, let the consensus parameter
+ * decide. */
+ int UseGuardFraction;
+
+ int NumDirectoryGuards; /**< How many dir guards do we try to establish?
+ * If 0, use value from NumEntryGuards. */
+ int NumPrimaryGuards; /**< How many primary guards do we want? */
+
+ int RephistTrackTime; /**< How many seconds do we keep rephist info? */
+ /** Should we always fetch our dir info on the mirror schedule (which
+ * means directly from the authorities) no matter our other config? */
+ int FetchDirInfoEarly;
+
+ /** Should we fetch our dir info at the start of the consensus period? */
+ int FetchDirInfoExtraEarly;
+
+ int DirCache; /**< Cache all directory documents and accept requests via
+ * tunnelled dir conns from clients. If 1, enabled (default);
+ * If 0, disabled. */
+
+ char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual
+ * MAPADDRESS requests for IPv4 addresses */
+ char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual
+ * MAPADDRESS requests for IPv6 addresses */
+ int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit
+ * addresses to be FQDNs, but rather search for them in
+ * the local domains. */
+ int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
+ * hijacking. */
+ int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent
+ * DNS poisoning attacks. */
+ char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
+ * resolver from the file here rather than from
+ * /etc/resolv.conf (Unix) or the registry (Windows). */
+ char *DirPortFrontPage; /**< This is a full path to a file with an html
+ disclaimer. This allows a server administrator to show
+ that they're running Tor and anyone visiting their server
+ will know this without any specialized knowledge. */
+ int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to
+ disable ptrace; needs BSD testing. */
+ /** Boolean: if set, we start even if our resolv.conf file is missing
+ * or broken. */
+ int ServerDNSAllowBrokenConfig;
+ /** Boolean: if set, then even connections to private addresses will get
+ * rate-limited. */
+ int CountPrivateBandwidth;
+ /** A list of addresses that definitely should be resolvable. Used for
+ * testing our DNS server. */
+ struct smartlist_t *ServerDNSTestAddresses;
+ int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
+ * same network zone in the same circuit. */
+ int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
+ * with weird characters. */
+ /** If true, we try resolving hostnames with weird characters. */
+ int ServerDNSAllowNonRFC953Hostnames;
+
+ /** If true, we try to download extra-info documents (and we serve them,
+ * if we are a cache). For authorities, this is always true. */
+ int DownloadExtraInfo;
+
+ /** If true, we're configured to collect statistics on clients
+ * requesting network statuses from us as directory. */
+ int DirReqStatistics_option;
+ /** Internal variable to remember whether we're actually acting on
+ * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
+ int DirReqStatistics;
+
+ /** If true, the user wants us to collect statistics on port usage. */
+ int ExitPortStatistics;
+
+ /** If true, the user wants us to collect connection statistics. */
+ int ConnDirectionStatistics;
+
+ /** If true, the user wants us to collect cell statistics. */
+ int CellStatistics;
+
+ /** If true, the user wants us to collect padding statistics. */
+ int PaddingStatistics;
+
+ /** If true, the user wants us to collect statistics as entry node. */
+ int EntryStatistics;
+
+ /** If true, the user wants us to collect statistics as hidden service
+ * directory, introduction point, or rendezvous point. */
+ int HiddenServiceStatistics_option;
+ /** Internal variable to remember whether we're actually acting on
+ * HiddenServiceStatistics_option -- yes if it's set and we're a server,
+ * else no. */
+ int HiddenServiceStatistics;
+
+ /** If true, include statistics file contents in extra-info documents. */
+ int ExtraInfoStatistics;
+
+ /** If true, do not believe anybody who tells us that a domain resolves
+ * to an internal address, or that an internal address has a PTR mapping.
+ * Helps avoid some cross-site attacks. */
+ int ClientDNSRejectInternalAddresses;
+
+ /** If true, do not accept any requests to connect to internal addresses
+ * over randomly chosen exits. */
+ int ClientRejectInternalAddresses;
+
+ /** If true, clients may connect over IPv4. If false, they will avoid
+ * connecting over IPv4. We enforce this for OR and Dir connections. */
+ int ClientUseIPv4;
+ /** If true, clients may connect over IPv6. If false, they will avoid
+ * connecting over IPv4. We enforce this for OR and Dir connections.
+ * Use fascist_firewall_use_ipv6() instead of accessing this value
+ * directly. */
+ int ClientUseIPv6;
+ /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
+ * connections. If auto, bridge clients prefer IPv6, and other clients
+ * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
+ * directly. */
+ int ClientPreferIPv6ORPort;
+ /** If true, prefer an IPv6 directory port over an IPv4 one for direct
+ * directory connections. If auto, bridge clients prefer IPv6, and other
+ * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of
+ * accessing this value directly. */
+ int ClientPreferIPv6DirPort;
+
+ /** The length of time that we think a consensus should be fresh. */
+ int V3AuthVotingInterval;
+ /** The length of time we think it will take to distribute votes. */
+ int V3AuthVoteDelay;
+ /** The length of time we think it will take to distribute signatures. */
+ int V3AuthDistDelay;
+ /** The number of intervals we think a consensus should be valid. */
+ int V3AuthNIntervalsValid;
+
+ /** Should advertise and sign consensuses with a legacy key, for key
+ * migration purposes? */
+ int V3AuthUseLegacyKey;
+
+ /** Location of bandwidth measurement file */
+ char *V3BandwidthsFile;
+
+ /** Location of guardfraction file */
+ char *GuardfractionFile;
+
+ /** Authority only: key=value pairs that we add to our networkstatus
+ * consensus vote on the 'params' line. */
+ char *ConsensusParams;
+
+ /** Authority only: minimum number of measured bandwidths we must see
+ * before we only believe measured bandwidths to assign flags. */
+ int MinMeasuredBWsForAuthToIgnoreAdvertised;
+
+ /** The length of time that we think an initial consensus should be fresh.
+ * Only altered on testing networks. */
+ int TestingV3AuthInitialVotingInterval;
+
+ /** The length of time we think it will take to distribute initial votes.
+ * Only altered on testing networks. */
+ int TestingV3AuthInitialVoteDelay;
+
+ /** The length of time we think it will take to distribute initial
+ * signatures. Only altered on testing networks.*/
+ int TestingV3AuthInitialDistDelay;
+
+ /** Offset in seconds added to the starting time for consensus
+ voting. Only altered on testing networks. */
+ int TestingV3AuthVotingStartOffset;
+
+ /** If an authority has been around for less than this amount of time, it
+ * does not believe its reachability information is accurate. Only
+ * altered on testing networks. */
+ int TestingAuthDirTimeToLearnReachability;
+
+ /** Clients don't download any descriptor this recent, since it will
+ * probably not have propagated to enough caches. Only altered on testing
+ * networks. */
+ int TestingEstimatedDescriptorPropagationTime;
+
+ /** Schedule for when servers should download things in general. Only
+ * altered on testing networks. */
+ int TestingServerDownloadInitialDelay;
+
+ /** Schedule for when clients should download things in general. Only
+ * altered on testing networks. */
+ int TestingClientDownloadInitialDelay;
+
+ /** Schedule for when servers should download consensuses. Only altered
+ * on testing networks. */
+ int TestingServerConsensusDownloadInitialDelay;
+
+ /** Schedule for when clients should download consensuses. Only altered
+ * on testing networks. */
+ int TestingClientConsensusDownloadInitialDelay;
+
+ /** Schedule for when clients should download consensuses from authorities
+ * if they are bootstrapping (that is, they don't have a usable, reasonably
+ * live consensus). Only used by clients fetching from a list of fallback
+ * directory mirrors.
+ *
+ * This schedule is incremented by (potentially concurrent) connection
+ * attempts, unlike other schedules, which are incremented by connection
+ * failures. Only altered on testing networks. */
+ int ClientBootstrapConsensusAuthorityDownloadInitialDelay;
+
+ /** Schedule for when clients should download consensuses from fallback
+ * directory mirrors if they are bootstrapping (that is, they don't have a
+ * usable, reasonably live consensus). Only used by clients fetching from a
+ * list of fallback directory mirrors.
+ *
+ * This schedule is incremented by (potentially concurrent) connection
+ * attempts, unlike other schedules, which are incremented by connection
+ * failures. Only altered on testing networks. */
+ int ClientBootstrapConsensusFallbackDownloadInitialDelay;
+
+ /** Schedule for when clients should download consensuses from authorities
+ * if they are bootstrapping (that is, they don't have a usable, reasonably
+ * live consensus). Only used by clients which don't have or won't fetch
+ * from a list of fallback directory mirrors.
+ *
+ * This schedule is incremented by (potentially concurrent) connection
+ * attempts, unlike other schedules, which are incremented by connection
+ * failures. Only altered on testing networks. */
+ int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay;
+
+ /** Schedule for when clients should download bridge descriptors. Only
+ * altered on testing networks. */
+ int TestingBridgeDownloadInitialDelay;
+
+ /** Schedule for when clients should download bridge descriptors when they
+ * have no running bridges. Only altered on testing networks. */
+ int TestingBridgeBootstrapDownloadInitialDelay;
+
+ /** When directory clients have only a few descriptors to request, they
+ * batch them until they have more, or until this amount of time has
+ * passed. Only altered on testing networks. */
+ int TestingClientMaxIntervalWithoutRequest;
+
+ /** How long do we let a directory connection stall before expiring
+ * it? Only altered on testing networks. */
+ int TestingDirConnectionMaxStall;
+
+ /** How many simultaneous in-progress connections will we make when trying
+ * to fetch a consensus before we wait for one to complete, timeout, or
+ * error out? Only altered on testing networks. */
+ int ClientBootstrapConsensusMaxInProgressTries;
+
+ /** If true, we take part in a testing network. Change the defaults of a
+ * couple of other configuration options and allow to change the values
+ * of certain configuration options. */
+ int TestingTorNetwork;
+
+ /** Minimum value for the Exit flag threshold on testing networks. */
+ uint64_t TestingMinExitFlagThreshold;
+
+ /** Minimum value for the Fast flag threshold on testing networks. */
+ uint64_t TestingMinFastFlagThreshold;
+
+ /** Relays in a testing network which should be voted Exit
+ * regardless of exit policy. */
+ routerset_t *TestingDirAuthVoteExit;
+ int TestingDirAuthVoteExitIsStrict;
+
+ /** Relays in a testing network which should be voted Guard
+ * regardless of uptime and bandwidth. */
+ routerset_t *TestingDirAuthVoteGuard;
+ int TestingDirAuthVoteGuardIsStrict;
+
+ /** Relays in a testing network which should be voted HSDir
+ * regardless of uptime and DirPort. */
+ routerset_t *TestingDirAuthVoteHSDir;
+ int TestingDirAuthVoteHSDirIsStrict;
+
+ /** Enable CONN_BW events. Only altered on testing networks. */
+ int TestingEnableConnBwEvent;
+
+ /** Enable CELL_STATS events. Only altered on testing networks. */
+ int TestingEnableCellStatsEvent;
+
+ /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
+ * count of how many client addresses have contacted us so that we can help
+ * the bridge authority guess which countries have blocked access to us. */
+ int BridgeRecordUsageByCountry;
+
+ /** Optionally, IPv4 and IPv6 GeoIP data. */
+ char *GeoIPFile;
+ char *GeoIPv6File;
+
+ /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
+ * country code will exclude all nodes in ?? and A1. If true, all nodes in
+ * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
+ int GeoIPExcludeUnknown;
+
+ /** If true, SIGHUP should reload the torrc. Sometimes controllers want
+ * to make this false. */
+ int ReloadTorrcOnSIGHUP;
+
+ /* The main parameter for picking circuits within a connection.
+ *
+ * If this value is positive, when picking a cell to relay on a connection,
+ * we always relay from the circuit whose weighted cell count is lowest.
+ * Cells are weighted exponentially such that if one cell is sent
+ * 'CircuitPriorityHalflife' seconds before another, it counts for half as
+ * much.
+ *
+ * If this value is zero, we're disabling the cell-EWMA algorithm.
+ *
+ * If this value is negative, we're using the default approach
+ * according to either Tor or a parameter set in the consensus.
+ */
+ double CircuitPriorityHalflife;
+
+ /** Set to true if the TestingTorNetwork configuration option is set.
+ * This is used so that options_validate() has a chance to realize that
+ * the defaults have changed. */
+ int UsingTestNetworkDefaults_;
+
+ /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
+ * If -1, Tor decides. */
+ int UseMicrodescriptors;
+
+ /** File where we should write the ControlPort. */
+ char *ControlPortWriteToFile;
+ /** Should that file be group-readable? */
+ int ControlPortFileGroupReadable;
+
+#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
+ /** Maximum number of non-open general-purpose origin circuits to allow at
+ * once. */
+ int MaxClientCircuitsPending;
+
+ /** If 1, we always send optimistic data when it's supported. If 0, we
+ * never use it. If -1, we do what the consensus says. */
+ int OptimisticData;
+
+ /** If 1, we accept and launch no external network connections, except on
+ * control ports. */
+ int DisableNetwork;
+
+ /**
+ * Parameters for path-bias detection.
+ * @{
+ * These options override the default behavior of Tor's (**currently
+ * experimental**) path bias detection algorithm. To try to find broken or
+ * misbehaving guard nodes, Tor looks for nodes where more than a certain
+ * fraction of circuits through that guard fail to get built.
+ *
+ * The PathBiasCircThreshold option controls how many circuits we need to
+ * build through a guard before we make these checks. The
+ * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
+ * control what fraction of circuits must succeed through a guard so we
+ * won't write log messages. If less than PathBiasExtremeRate circuits
+ * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
+ * guard.
+ *
+ * When we have seen more than PathBiasScaleThreshold circuits through a
+ * guard, we scale our observations by 0.5 (governed by the consensus) so
+ * that new observations don't get swamped by old ones.
+ *
+ * By default, or if a negative value is provided for one of these options,
+ * Tor uses reasonable defaults from the networkstatus consensus document.
+ * If no defaults are available there, these options default to 150, .70,
+ * .50, .30, 0, and 300 respectively.
+ */
+ int PathBiasCircThreshold;
+ double PathBiasNoticeRate;
+ double PathBiasWarnRate;
+ double PathBiasExtremeRate;
+ int PathBiasDropGuards;
+ int PathBiasScaleThreshold;
+ /** @} */
+
+ /**
+ * Parameters for path-bias use detection
+ * @{
+ * Similar to the above options, these options override the default behavior
+ * of Tor's (**currently experimental**) path use bias detection algorithm.
+ *
+ * Where as the path bias parameters govern thresholds for successfully
+ * building circuits, these four path use bias parameters govern thresholds
+ * only for circuit usage. Circuits which receive no stream usage are not
+ * counted by this detection algorithm. A used circuit is considered
+ * successful if it is capable of carrying streams or otherwise receiving
+ * well-formed responses to RELAY cells.
+ *
+ * By default, or if a negative value is provided for one of these options,
+ * Tor uses reasonable defaults from the networkstatus consensus document.
+ * If no defaults are available there, these options default to 20, .80,
+ * .60, and 100, respectively.
+ */
+ int PathBiasUseThreshold;
+ double PathBiasNoticeUseRate;
+ double PathBiasExtremeUseRate;
+ int PathBiasScaleUseThreshold;
+ /** @} */
+
+ int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */
+
+ /** Fraction: */
+ double PathsNeededToBuildCircuits;
+
+ /** What expiry time shall we place on our SSL certs? "0" means we
+ * should guess a suitable value. */
+ int SSLKeyLifetime;
+
+ /** How long (seconds) do we keep a guard before picking a new one? */
+ int GuardLifetime;
+
+ /** Is this an exit node? This is a tristate, where "1" means "yes, and use
+ * the default exit policy if none is given" and "0" means "no; exit policy
+ * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
+ *
+ * XXXX Eventually, the default will be 0. */
+ int ExitRelay;
+
+ /** For how long (seconds) do we declare our signing keys to be valid? */
+ int SigningKeyLifetime;
+ /** For how long (seconds) do we declare our link keys to be valid? */
+ int TestingLinkCertLifetime;
+ /** For how long (seconds) do we declare our auth keys to be valid? */
+ int TestingAuthKeyLifetime;
+
+ /** How long before signing keys expire will we try to make a new one? */
+ int TestingSigningKeySlop;
+ /** How long before link keys expire will we try to make a new one? */
+ int TestingLinkKeySlop;
+ /** How long before auth keys expire will we try to make a new one? */
+ int TestingAuthKeySlop;
+
+ /** Force use of offline master key features: never generate a master
+ * ed25519 identity key except from tor --keygen */
+ int OfflineMasterKey;
+
+ enum {
+ FORCE_PASSPHRASE_AUTO=0,
+ FORCE_PASSPHRASE_ON,
+ FORCE_PASSPHRASE_OFF
+ } keygen_force_passphrase;
+ int use_keygen_passphrase_fd;
+ int keygen_passphrase_fd;
+ int change_key_passphrase;
+ char *master_key_fname;
+
+ /** Autobool: Do we try to retain capabilities if we can? */
+ int KeepBindCapabilities;
+
+ /** Maximum total size of unparseable descriptors to log during the
+ * lifetime of this Tor process.
+ */
+ uint64_t MaxUnparseableDescSizeToLog;
+
+ /** Bool (default: 1): Switch for the shared random protocol. Only
+ * relevant to a directory authority. If off, the authority won't
+ * participate in the protocol. If on (default), a flag is added to the
+ * vote indicating participation. */
+ int AuthDirSharedRandomness;
+
+ /** If 1, we skip all OOS checks. */
+ int DisableOOSCheck;
+
+ /** Autobool: Should we include Ed25519 identities in extend2 cells?
+ * If -1, we should do whatever the consensus parameter says. */
+ int ExtendByEd25519ID;
+
+ /** Bool (default: 1): When testing routerinfos as a directory authority,
+ * do we enforce Ed25519 identity match? */
+ /* NOTE: remove this option someday. */
+ int AuthDirTestEd25519LinkKeys;
+
+ /** Bool (default: 0): Tells if a %include was used on torrc */
+ int IncludeUsed;
+
+ /** The seconds after expiration which we as a relay should keep old
+ * consensuses around so that we can generate diffs from them. If 0,
+ * use the default. */
+ int MaxConsensusAgeForDiffs;
+
+ /** Bool (default: 0). Tells Tor to never try to exec another program.
+ */
+ int NoExec;
+
+ /** Have the KIST scheduler run every X milliseconds. If less than zero, do
+ * not use the KIST scheduler but use the old vanilla scheduler instead. If
+ * zero, do what the consensus says and fall back to using KIST as if this is
+ * set to "10 msec" if the consensus doesn't say anything. */
+ int KISTSchedRunInterval;
+
+ /** A multiplier for the KIST per-socket limit calculation. */
+ double KISTSockBufSizeFactor;
+
+ /** The list of scheduler type string ordered by priority that is first one
+ * has to be tried first. Default: KIST,KISTLite,Vanilla */
+ struct smartlist_t *Schedulers;
+ /* An ordered list of scheduler_types mapped from Schedulers. */
+ struct smartlist_t *SchedulerTypes_;
+
+ /** List of files that were opened by %include in torrc and torrc-defaults */
+ struct smartlist_t *FilesOpenedByIncludes;
+
+ /** If true, Tor shouldn't install any posix signal handlers, since it is
+ * running embedded inside another process.
+ */
+ int DisableSignalHandlers;
+
+ /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
+ int DoSCircuitCreationEnabled;
+ /** Minimum concurrent connection needed from one single address before any
+ * defense is used. */
+ int DoSCircuitCreationMinConnections;
+ /** Circuit rate used to refill the token bucket. */
+ int DoSCircuitCreationRate;
+ /** Maximum allowed burst of circuits. Reaching that value, the address is
+ * detected as malicious and a defense might be used. */
+ int DoSCircuitCreationBurst;
+ /** When an address is marked as malicous, what defense should be used
+ * against it. See the dos_cc_defense_type_t enum. */
+ int DoSCircuitCreationDefenseType;
+ /** For how much time (in seconds) the defense is applicable for a malicious
+ * address. A random time delta is added to the defense time of an address
+ * which will be between 1 second and half of this value. */
+ int DoSCircuitCreationDefenseTimePeriod;
+
+ /** Autobool: Is the DoS connection mitigation subsystem enabled? */
+ int DoSConnectionEnabled;
+ /** Maximum concurrent connection allowed per address. */
+ int DoSConnectionMaxConcurrentCount;
+ /** When an address is reaches the maximum count, what defense should be
+ * used against it. See the dos_conn_defense_type_t enum. */
+ int DoSConnectionDefenseType;
+
+ /** Autobool: Do we refuse single hop client rendezvous? */
+ int DoSRefuseSingleHopClientRendezvous;
+};
+
+#endif
diff --git a/src/or/or_state_st.h b/src/or/or_state_st.h
new file mode 100644
index 0000000000..f1d5f981f1
--- /dev/null
+++ b/src/or/or_state_st.h
@@ -0,0 +1,86 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_OR_STATE_ST_H
+#define TOR_OR_STATE_ST_H
+
+#include "lib/cc/torint.h"
+struct smartlist_t;
+
+/** Persistent state for an onion router, as saved to disk. */
+struct or_state_t {
+ uint32_t magic_;
+ /** The time at which we next plan to write the state to the disk. Equal to
+ * TIME_MAX if there are no savable changes, 0 if there are changes that
+ * should be saved right away. */
+ time_t next_write;
+
+ /** When was the state last written to disk? */
+ time_t LastWritten;
+
+ /** Fields for accounting bandwidth use. */
+ time_t AccountingIntervalStart;
+ uint64_t AccountingBytesReadInInterval;
+ uint64_t AccountingBytesWrittenInInterval;
+ int AccountingSecondsActive;
+ int AccountingSecondsToReachSoftLimit;
+ time_t AccountingSoftLimitHitAt;
+ uint64_t AccountingBytesAtSoftLimit;
+ uint64_t AccountingExpectedUsage;
+
+ /** A list of Entry Guard-related configuration lines. (pre-prop271) */
+ struct config_line_t *EntryGuards;
+
+ /** A list of guard-related configuration lines. (post-prop271) */
+ struct config_line_t *Guard;
+
+ struct config_line_t *TransportProxies;
+
+ /** Cached revision counters for active hidden services on this host */
+ struct config_line_t *HidServRevCounter;
+
+ /** These fields hold information on the history of bandwidth usage for
+ * servers. The "Ends" fields hold the time when we last updated the
+ * bandwidth usage. The "Interval" fields hold the granularity, in seconds,
+ * of the entries of Values. The "Values" lists hold decimal string
+ * representations of the number of bytes read or written in each
+ * interval. The "Maxima" list holds decimal strings describing the highest
+ * rate achieved during the interval.
+ */
+ time_t BWHistoryReadEnds;
+ int BWHistoryReadInterval;
+ struct smartlist_t *BWHistoryReadValues;
+ struct smartlist_t *BWHistoryReadMaxima;
+ time_t BWHistoryWriteEnds;
+ int BWHistoryWriteInterval;
+ struct smartlist_t *BWHistoryWriteValues;
+ struct smartlist_t *BWHistoryWriteMaxima;
+ time_t BWHistoryDirReadEnds;
+ int BWHistoryDirReadInterval;
+ struct smartlist_t *BWHistoryDirReadValues;
+ struct smartlist_t *BWHistoryDirReadMaxima;
+ time_t BWHistoryDirWriteEnds;
+ int BWHistoryDirWriteInterval;
+ struct smartlist_t *BWHistoryDirWriteValues;
+ struct smartlist_t *BWHistoryDirWriteMaxima;
+
+ /** Build time histogram */
+ struct config_line_t * BuildtimeHistogram;
+ int TotalBuildTimes;
+ int CircuitBuildAbandonedCount;
+
+ /** What version of Tor wrote this state file? */
+ char *TorVersion;
+
+ /** Holds any unrecognized values we found in the state file, in the order
+ * in which we found them. */
+ struct config_line_t *ExtraLines;
+
+ /** When did we last rotate our onion key? "0" for 'no idea'. */
+ time_t LastRotatedOnionKey;
+};
+
+#endif
diff --git a/src/or/origin_circuit_st.h b/src/or/origin_circuit_st.h
index fa41214d41..b885725edb 100644
--- a/src/or/origin_circuit_st.h
+++ b/src/or/origin_circuit_st.h
@@ -13,6 +13,62 @@
struct onion_queue_t;
+/**
+ * Describes the circuit building process in simplified terms based
+ * on the path bias accounting state for a circuit.
+ *
+ * NOTE: These state values are enumerated in the order for which we
+ * expect circuits to transition through them. If you add states,
+ * you need to preserve this overall ordering. The various pathbias
+ * state transition and accounting functions (pathbias_mark_* and
+ * pathbias_count_*) contain ordinal comparisons to enforce proper
+ * state transitions for corrections.
+ *
+ * This state machine and the associated logic was created to prevent
+ * miscounting due to unknown cases of circuit reuse. See also tickets
+ * #6475 and #7802.
+ */
+enum path_state_t {
+ /** This circuit is "new". It has not yet completed a first hop
+ * or been counted by the path bias code. */
+ PATH_STATE_NEW_CIRC = 0,
+ /** This circuit has completed one/two hops, and has been counted by
+ * the path bias logic. */
+ PATH_STATE_BUILD_ATTEMPTED = 1,
+ /** This circuit has been completely built */
+ PATH_STATE_BUILD_SUCCEEDED = 2,
+ /** Did we try to attach any SOCKS streams or hidserv introductions to
+ * this circuit?
+ *
+ * Note: If we ever implement end-to-end stream timing through test
+ * stream probes (#5707), we must *not* set this for those probes
+ * (or any other automatic streams) because the adversary could
+ * just tag at a later point.
+ */
+ PATH_STATE_USE_ATTEMPTED = 3,
+ /** Did any SOCKS streams or hidserv introductions actually succeed on
+ * this circuit?
+ *
+ * If any streams detatch/fail from this circuit, the code transitions
+ * the circuit back to PATH_STATE_USE_ATTEMPTED to ensure we probe. See
+ * pathbias_mark_use_rollback() for that.
+ */
+ PATH_STATE_USE_SUCCEEDED = 4,
+
+ /**
+ * This is a special state to indicate that we got a corrupted
+ * relay cell on a circuit and we don't intend to probe it.
+ */
+ PATH_STATE_USE_FAILED = 5,
+
+ /**
+ * This is a special state to indicate that we already counted
+ * the circuit. Used to guard against potential state machine
+ * violations.
+ */
+ PATH_STATE_ALREADY_COUNTED = 6,
+};
+
/** An origin_circuit_t holds data necessary to build and use a circuit.
*/
struct origin_circuit_t {
@@ -232,4 +288,3 @@ struct origin_circuit_t {
};
#endif
-
diff --git a/src/or/parsecommon.c b/src/or/parsecommon.c
index 7c9cf88f95..4340f28225 100644
--- a/src/or/parsecommon.c
+++ b/src/or/parsecommon.c
@@ -13,6 +13,8 @@
#include "lib/container/smartlist.h"
#include "lib/string/util_string.h"
#include "lib/string/printf.h"
+#include "lib/memarea/memarea.h"
+#include "lib/crypt_ops/crypto.h"
#include <string.h>
diff --git a/src/or/parsecommon.h b/src/or/parsecommon.h
index 7fe192c2a5..d0f3810c0b 100644
--- a/src/or/parsecommon.h
+++ b/src/or/parsecommon.h
@@ -9,10 +9,11 @@
#ifndef TOR_PARSECOMMON_H
#define TOR_PARSECOMMON_H
-#include "lib/crypt_ops/crypto.h"
-#include "lib/memarea/memarea.h"
+#include <stddef.h>
struct smartlist_t;
+struct crypto_pk_t;
+struct memarea_t;
/** Enumeration of possible token types. The ones starting with K_ correspond
* to directory 'keywords'. A_ is for an annotation, R or C is related to
@@ -206,7 +207,7 @@ typedef struct directory_token_t {
size_t object_size; /**< Bytes in object_body */
char *object_body; /**< Contents of object, base64-decoded. */
- crypto_pk_t *key; /**< For public keys only. Heap-allocated. */
+ struct crypto_pk_t *key; /**< For public keys only. Heap-allocated. */
char *error; /**< For ERR_ tokens only. */
} directory_token_t;
@@ -298,12 +299,12 @@ typedef struct token_rule_t {
void token_clear(directory_token_t *tok);
-int tokenize_string(memarea_t *area,
+int tokenize_string(struct memarea_t *area,
const char *start, const char *end,
struct smartlist_t *out,
token_rule_t *table,
int flags);
-directory_token_t *get_next_token(memarea_t *area,
+directory_token_t *get_next_token(struct memarea_t *area,
const char **s,
const char *eos,
token_rule_t *table);
diff --git a/src/or/periodic.c b/src/or/periodic.c
index d379325f50..0cbf359b2e 100644
--- a/src/or/periodic.c
+++ b/src/or/periodic.c
@@ -16,6 +16,7 @@
#include "or/config.h"
#include "or/main.h"
#include "or/periodic.h"
+#include "common/compat_libevent.h"
/** We disable any interval greater than this number of seconds, on the
* grounds that it is probably an absolute time mistakenly passed in as a
@@ -169,4 +170,3 @@ periodic_event_disable(periodic_event_item_t *event)
mainloop_event_cancel(event->ev);
event->enabled = 0;
}
-
diff --git a/src/or/policies.c b/src/or/policies.c
index 0f52d6bf15..749b163cf4 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -29,7 +29,9 @@
#include "or/routerparse.h"
#include "or/geoip.h"
#include "ht.h"
+#include "lib/encoding/confline.h"
+#include "or/addr_policy_st.h"
#include "or/dir_server_st.h"
#include "or/microdesc_st.h"
#include "or/node_st.h"
@@ -3143,4 +3145,3 @@ policies_free_all(void)
}
HT_CLEAR(policy_map, &policy_root);
}
-
diff --git a/src/or/policies.h b/src/or/policies.h
index d4379c0e7a..7da3ba031f 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -34,6 +34,39 @@ typedef enum firewall_connection_t {
typedef int exit_policy_parser_cfg_t;
+/** Outcome of applying an address policy to an address. */
+typedef enum {
+ /** The address was accepted */
+ ADDR_POLICY_ACCEPTED=0,
+ /** The address was rejected */
+ ADDR_POLICY_REJECTED=-1,
+ /** Part of the address was unknown, but as far as we can tell, it was
+ * accepted. */
+ ADDR_POLICY_PROBABLY_ACCEPTED=1,
+ /** Part of the address was unknown, but as far as we can tell, it was
+ * rejected. */
+ ADDR_POLICY_PROBABLY_REJECTED=2,
+} addr_policy_result_t;
+
+/** A single entry in a parsed policy summary, describing a range of ports. */
+typedef struct short_policy_entry_t {
+ uint16_t min_port, max_port;
+} short_policy_entry_t;
+
+/** A short_poliy_t is the parsed version of a policy summary. */
+typedef struct short_policy_t {
+ /** True if the members of 'entries' are port ranges to accept; false if
+ * they are port ranges to reject */
+ unsigned int is_accept : 1;
+ /** The actual number of values in 'entries'. */
+ unsigned int n_entries : 31;
+ /** An array of 0 or more short_policy_entry_t values, each describing a
+ * range of ports that this policy accepts or rejects (depending on the
+ * value of is_accept).
+ */
+ short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER];
+} short_policy_t;
+
int firewall_is_fascist_or(void);
int firewall_is_fascist_dir(void);
int fascist_firewall_use_ipv6(const or_options_t *options);
@@ -88,7 +121,8 @@ int policies_parse_exit_policy_from_options(
uint32_t local_address,
const tor_addr_t *ipv6_local_address,
smartlist_t **result);
-int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
+struct config_line_t;
+int policies_parse_exit_policy(struct config_line_t *cfg, smartlist_t **dest,
exit_policy_parser_cfg_t options,
const smartlist_t *configured_addresses);
void policies_parse_exit_policy_reject_private(
@@ -151,4 +185,3 @@ STATIC const tor_addr_port_t * fascist_firewall_choose_address(
#endif /* defined(POLICIES_PRIVATE) */
#endif /* !defined(TOR_POLICIES_H) */
-
diff --git a/src/or/proto_ext_or.h b/src/or/proto_ext_or.h
index 5366ec4471..708a45974b 100644
--- a/src/or/proto_ext_or.h
+++ b/src/or/proto_ext_or.h
@@ -8,10 +8,15 @@
#define TOR_PROTO_EXT_OR_H
struct buf_t;
-struct ext_or_cmt_t;
+
+/** A parsed Extended ORPort message. */
+typedef struct ext_or_cmd_t {
+ uint16_t cmd; /** Command type */
+ uint16_t len; /** Body length */
+ char body[FLEXIBLE_ARRAY_MEMBER]; /** Message body */
+} ext_or_cmd_t;
int fetch_ext_or_command_from_buf(struct buf_t *buf,
struct ext_or_cmd_t **out);
#endif /* !defined(TOR_PROTO_EXT_OR_H) */
-
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 94603c2609..f5e6ce581b 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -7,6 +7,7 @@
#include "or/or.h"
#include "or/addressmap.h"
#include "lib/container/buffers.h"
+#include "or/connection.h"
#include "or/control.h"
#include "or/config.h"
#include "lib/crypt_ops/crypto_util.h"
@@ -710,4 +711,3 @@ parse_socks_client(const uint8_t *data, size_t datalen,
return -1;
/* LCOV_EXCL_STOP */
}
-
diff --git a/src/or/proto_socks.h b/src/or/proto_socks.h
index 1624d7b060..53de288f65 100644
--- a/src/or/proto_socks.h
+++ b/src/or/proto_socks.h
@@ -19,4 +19,3 @@ int fetch_from_buf_socks(struct buf_t *buf, socks_request_t *req,
int fetch_from_buf_socks_client(buf_t *buf, int state, char **reason);
#endif /* !defined(TOR_PROTO_SOCKS_H) */
-
diff --git a/src/or/reasons.c b/src/or/reasons.c
index b9b7a7db8b..7d8dcf374c 100644
--- a/src/or/reasons.c
+++ b/src/or/reasons.c
@@ -17,6 +17,8 @@
#include "or/or.h"
#include "or/config.h"
#include "or/reasons.h"
+#include "or/routerlist.h"
+#include "lib/tls/tortls.h"
/***************************** Edge (stream) reasons **********************/
@@ -493,4 +495,3 @@ end_reason_to_http_connect_response_line(int endreason)
return "HTTP/1.0 500 Internal Server Error (weird end reason)\r\n\r\n";
}
}
-
diff --git a/src/or/reasons.h b/src/or/reasons.h
index 8f4d7c6bcc..b815463b74 100644
--- a/src/or/reasons.h
+++ b/src/or/reasons.h
@@ -13,6 +13,7 @@
#define TOR_REASONS_H
#include "common/socks5_status.h"
+enum bandwidth_weight_rule_t;
const char *stream_end_reason_to_control_string(int reason);
const char *stream_end_reason_to_string(int reason);
diff --git a/src/or/relay_crypto.c b/src/or/relay_crypto.c
index 6682cd86f4..1fcfae0b3a 100644
--- a/src/or/relay_crypto.c
+++ b/src/or/relay_crypto.c
@@ -7,6 +7,7 @@
#include "or/or.h"
#include "or/circuitlist.h"
#include "or/config.h"
+#include "lib/crypt_ops/crypto.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/hs_ntor.h" // for HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN
#include "or/relay.h"
@@ -329,4 +330,3 @@ relay_crypto_assert_ok(const relay_crypto_t *crypto)
tor_assert(crypto->f_digest);
tor_assert(crypto->b_digest);
}
-
diff --git a/src/or/relay_crypto_st.h b/src/or/relay_crypto_st.h
index 4e23f4e404..f186e182f0 100644
--- a/src/or/relay_crypto_st.h
+++ b/src/or/relay_crypto_st.h
@@ -7,21 +7,25 @@
#ifndef RELAY_CRYPTO_ST_H
#define RELAY_CRYPTO_ST_H
+#define crypto_cipher_t aes_cnt_cipher
+struct crypto_cipher_t;
+struct crypto_digest_t;
+
struct relay_crypto_t {
/* crypto environments */
/** Encryption key and counter for cells heading towards the OR at this
* step. */
- crypto_cipher_t *f_crypto;
+ struct crypto_cipher_t *f_crypto;
/** Encryption key and counter for cells heading back from the OR at this
* step. */
- crypto_cipher_t *b_crypto;
+ struct crypto_cipher_t *b_crypto;
/** Digest state for cells heading towards the OR at this step. */
- crypto_digest_t *f_digest; /* for integrity checking */
+ struct crypto_digest_t *f_digest; /* for integrity checking */
/** Digest state for cells heading away from the OR at this step. */
- crypto_digest_t *b_digest;
+ struct crypto_digest_t *b_digest;
};
+#undef crypto_cipher_t
#endif
-
diff --git a/src/or/rend_intro_point_st.h b/src/or/rend_intro_point_st.h
index f707c7aaaf..89fe5ef2b3 100644
--- a/src/or/rend_intro_point_st.h
+++ b/src/or/rend_intro_point_st.h
@@ -7,14 +7,17 @@
#ifndef REND_INTRO_POINT_ST_H
#define REND_INTRO_POINT_ST_H
+struct replaycache_t;
+struct crypto_pk_t;
+
/** Introduction point information. Used both in rend_service_t (on
* the service side) and in rend_service_descriptor_t (on both the
* client and service side). */
struct rend_intro_point_t {
extend_info_t *extend_info; /**< Extend info for connecting to this
* introduction point via a multi-hop path. */
- crypto_pk_t *intro_key; /**< Introduction key that replaces the service
- * key, if this descriptor is V2. */
+ struct crypto_pk_t *intro_key; /**< Introduction key that replaces the
+ * service key, if this descriptor is V2. */
/** (Client side only) Flag indicating that a timeout has occurred
* after sending an INTRODUCE cell to this intro point. After a
@@ -35,7 +38,7 @@ struct rend_intro_point_t {
/** (Service side only) A replay cache recording the RSA-encrypted parts
* of INTRODUCE2 cells this intro point's circuit has received. This is
* used to prevent replay attacks. */
- replaycache_t *accepted_intro_rsa_parts;
+ struct replaycache_t *accepted_intro_rsa_parts;
/** (Service side only) Count of INTRODUCE2 cells accepted from this
* intro point.
@@ -71,4 +74,3 @@ struct rend_intro_point_t {
};
#endif
-
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 1da695706c..d4262f2f38 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -16,6 +16,7 @@
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/control.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/directory.h"
@@ -32,6 +33,7 @@
#include "or/router.h"
#include "or/routerlist.h"
#include "or/routerset.h"
+#include "lib/encoding/confline.h"
#include "or/cpath_build_state_st.h"
#include "or/crypt_path_st.h"
@@ -258,7 +260,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
}
if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
- DH_KEY_LEN)<0) {
+ DH1024_KEY_LEN)<0) {
log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
status = -2;
goto perm_err;
@@ -269,7 +271,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
sizeof(payload)-DIGEST_LEN,
tmp,
- (int)(dh_offset+DH_KEY_LEN),
+ (int)(dh_offset+DH1024_KEY_LEN),
PK_PKCS1_OAEP_PADDING, 0);
if (r<0) {
log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
@@ -874,7 +876,7 @@ int
rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
- if (request_len != DH_KEY_LEN+DIGEST_LEN) {
+ if (request_len != DH1024_KEY_LEN+DIGEST_LEN) {
log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
(int)request_len);
goto err;
@@ -1253,4 +1255,3 @@ rend_client_non_anonymous_mode_enabled(const or_options_t *options)
return 0;
#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */
}
-
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 1eadbd602c..928dda0128 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -27,6 +27,7 @@
#include "or/rendmid.h"
#include "or/rendservice.h"
#include "or/rephist.h"
+#include "or/replaycache.h"
#include "or/router.h"
#include "or/routerlist.h"
#include "or/routerparse.h"
@@ -1053,4 +1054,3 @@ rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc,
match:
return 1;
}
-
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index 56b65079ab..38c1c52e43 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -157,7 +157,8 @@ rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request,
* to revise this protocol anyway.
*/
if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
- DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
+ DH1024_KEY_LEN+CIPHER_KEY_LEN+
+ PKCS1_OAEP_PADDING_OVERHEAD)) {
log_warn(LD_PROTOCOL, "Impossibly short INTRODUCE1 cell on circuit %u; "
"responding with nack.",
(unsigned)circ->p_circ_id);
@@ -367,4 +368,3 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
circuit_mark_for_close(TO_CIRCUIT(circ), reason);
return -1;
}
-
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index b2023c72cb..8e094b593c 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -16,6 +16,7 @@
#include "or/circuituse.h"
#include "or/config.h"
#include "or/control.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/directory.h"
@@ -35,6 +36,7 @@
#include "or/routerlist.h"
#include "or/routerparse.h"
#include "or/routerset.h"
+#include "lib/encoding/confline.h"
#include "or/cpath_build_state_st.h"
#include "or/crypt_path_st.h"
@@ -49,6 +51,16 @@
#include "or/rend_service_descriptor_st.h"
#include "or/routerstatus_st.h"
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
struct rend_service_t;
static origin_circuit_t *find_intro_circuit(rend_intro_point_t *intro,
const char *pk_digest);
@@ -2005,7 +2017,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
* part 1. */
replay = replaycache_add_test_and_elapsed(
service->accepted_intro_dh_parts,
- parsed_req->dh, DH_KEY_LEN,
+ parsed_req->dh, DH1024_KEY_LEN,
&elapsed);
if (replay) {
@@ -2055,7 +2067,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
}
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh,
(char *)(parsed_req->dh),
- DH_KEY_LEN, keys,
+ DH1024_KEY_LEN, keys,
DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
log_warn(LD_BUG, "Internal error: couldn't complete DH handshake");
reason = END_CIRC_REASON_INTERNAL;
@@ -2336,7 +2348,7 @@ rend_service_begin_parse_intro(const uint8_t *request,
/* min key length plus digest length plus nickname length */
if (request_len <
(DIGEST_LEN + REND_COOKIE_LEN + (MAX_NICKNAME_LEN + 1) +
- DH_KEY_LEN + 42)) {
+ DH1024_KEY_LEN + 42)) {
if (err_msg_out) {
tor_asprintf(&err_msg,
"got a truncated INTRODUCE%d cell",
@@ -2872,14 +2884,14 @@ rend_service_parse_intro_plaintext(
*/
ver_invariant_len = intro->plaintext_len - ver_specific_len;
- if (ver_invariant_len < REND_COOKIE_LEN + DH_KEY_LEN) {
+ if (ver_invariant_len < REND_COOKIE_LEN + DH1024_KEY_LEN) {
tor_asprintf(&err_msg,
"decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
(int)(intro->type),
(long)(intro->plaintext_len));
status = -5;
goto err;
- } else if (ver_invariant_len > REND_COOKIE_LEN + DH_KEY_LEN) {
+ } else if (ver_invariant_len > REND_COOKIE_LEN + DH1024_KEY_LEN) {
tor_asprintf(&err_msg,
"decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
(int)(intro->type),
@@ -2892,7 +2904,7 @@ rend_service_parse_intro_plaintext(
REND_COOKIE_LEN);
memcpy(intro->dh,
intro->plaintext + ver_specific_len + REND_COOKIE_LEN,
- DH_KEY_LEN);
+ DH1024_KEY_LEN);
}
/* Flag it as being fully parsed */
@@ -3449,12 +3461,12 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
/* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
memcpy(buf, rend_cookie, REND_COOKIE_LEN);
if (crypto_dh_get_public(hop->rend_dh_handshake_state,
- buf+REND_COOKIE_LEN, DH_KEY_LEN)<0) {
+ buf+REND_COOKIE_LEN, DH1024_KEY_LEN)<0) {
log_warn(LD_GENERAL,"Couldn't get DH public key.");
reason = END_CIRC_REASON_INTERNAL;
goto err;
}
- memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->rend_circ_nonce,
+ memcpy(buf+REND_COOKIE_LEN+DH1024_KEY_LEN, hop->rend_circ_nonce,
DIGEST_LEN);
/* Send the cell */
@@ -4437,4 +4449,3 @@ set_rend_rend_service_staging_list(smartlist_t *new_list)
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/rendservice.h b/src/or/rendservice.h
index b2644d8b40..35962df7f3 100644
--- a/src/or/rendservice.h
+++ b/src/or/rendservice.h
@@ -15,11 +15,12 @@
#include "or/or.h"
#include "or/hs_service.h"
-typedef struct rend_intro_cell_s rend_intro_cell_t;
+typedef struct rend_intro_cell_t rend_intro_cell_t;
+struct config_line_t;
/* This can be used for both INTRODUCE1 and INTRODUCE2 */
-struct rend_intro_cell_s {
+struct rend_intro_cell_t {
/* Is this an INTRODUCE1 or INTRODUCE2? (set to 1 or 2) */
uint8_t type;
/* Public key digest */
@@ -58,7 +59,7 @@ struct rend_intro_cell_s {
/* Rendezvous cookie */
uint8_t rc[REND_COOKIE_LEN];
/* Diffie-Hellman data */
- uint8_t dh[DH_KEY_LEN];
+ uint8_t dh[DH1024_KEY_LEN];
};
#ifdef RENDSERVICE_PRIVATE
@@ -138,7 +139,7 @@ STATIC void rend_service_prune_list_impl_(void);
#endif /* defined(RENDSERVICE_PRIVATE) */
int rend_num_services(void);
-int rend_config_service(const config_line_t *line_,
+int rend_config_service(const struct config_line_t *line_,
const or_options_t *options,
hs_service_config_t *config);
void rend_service_prune_list(void);
@@ -218,4 +219,3 @@ int rend_service_reveal_startup_time(const or_options_t *options);
int rend_service_non_anonymous_mode_enabled(const or_options_t *options);
#endif /* !defined(TOR_RENDSERVICE_H) */
-
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 907b01d68e..a74a952ce2 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -91,12 +91,17 @@
#include "or/networkstatus_st.h"
#include "or/or_circuit_st.h"
+#include "or/or_state_st.h"
#include "lib/container/bloomfilt.h"
#include "lib/container/order.h"
#include "lib/math/fp.h"
#include "lib/math/laplace.h"
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
static void bw_arrays_init(void);
static void predicted_ports_alloc(void);
diff --git a/src/or/replaycache.h b/src/or/replaycache.h
index d8a9929120..3118a88a1a 100644
--- a/src/or/replaycache.h
+++ b/src/or/replaycache.h
@@ -9,11 +9,11 @@
#ifndef TOR_REPLAYCACHE_H
#define TOR_REPLAYCACHE_H
-typedef struct replaycache_s replaycache_t;
+typedef struct replaycache_t replaycache_t;
#ifdef REPLAYCACHE_PRIVATE
-struct replaycache_s {
+struct replaycache_t {
/* Scrub interval */
time_t scrub_interval;
/* Last scrubbed */
@@ -65,4 +65,3 @@ int replaycache_add_test_and_elapsed(
void replaycache_scrub_if_needed(replaycache_t *r);
#endif /* !defined(TOR_REPLAYCACHE_H) */
-
diff --git a/src/or/router.c b/src/or/router.c
index c7fed1f021..6420f1e5d1 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -47,10 +47,14 @@
#include "or/extrainfo_st.h"
#include "or/node_st.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#include "or/port_cfg_st.h"
#include "or/routerinfo_st.h"
#include "lib/osinfo/uname.h"
+#include "lib/tls/tortls.h"
+#include "lib/encoding/confline.h"
+#include "lib/crypt_ops/crypto_format.h"
/**
* \file router.c
diff --git a/src/or/router.h b/src/or/router.h
index 54f61c45a6..51ac365798 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -14,6 +14,9 @@
#include "lib/testsupport/testsupport.h"
+struct curve25519_keypair_t;
+struct ed25519_keypair_t;
+
#define TOR_ROUTERINFO_ERROR_NO_EXT_ADDR (-1)
#define TOR_ROUTERINFO_ERROR_CANNOT_PARSE (-2)
#define TOR_ROUTERINFO_ERROR_NOT_A_SERVER (-3)
@@ -107,10 +110,10 @@ MOCK_DECL(int,router_pick_published_address,(const or_options_t *options,
int router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e);
int router_rebuild_descriptor(int force);
char *router_dump_router_to_string(routerinfo_t *router,
- const crypto_pk_t *ident_key,
- const crypto_pk_t *tap_key,
- const curve25519_keypair_t *ntor_keypair,
- const ed25519_keypair_t *signing_keypair);
+ const crypto_pk_t *ident_key,
+ const crypto_pk_t *tap_key,
+ const struct curve25519_keypair_t *ntor_keypair,
+ const struct ed25519_keypair_t *signing_keypair);
char *router_dump_exit_policy_to_string(const routerinfo_t *router,
int include_ipv4,
int include_ipv6);
@@ -126,7 +129,7 @@ int router_has_orport(const routerinfo_t *router,
const tor_addr_port_t *orport);
int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo,
crypto_pk_t *ident_key,
- const ed25519_keypair_t *signing_keypair);
+ const struct ed25519_keypair_t *signing_keypair);
int is_legal_nickname(const char *s);
int is_legal_nickname_or_hexdigest(const char *s);
int is_legal_hexdigest(const char *s);
@@ -156,4 +159,3 @@ STATIC int router_write_fingerprint(int hashed);
#endif
#endif /* !defined(TOR_ROUTER_H) */
-
diff --git a/src/or/routerinfo_st.h b/src/or/routerinfo_st.h
index feb3b41fc6..89a7702b30 100644
--- a/src/or/routerinfo_st.h
+++ b/src/or/routerinfo_st.h
@@ -9,6 +9,8 @@
#include "or/signed_descriptor_st.h"
+struct curve25519_public_key_t;
+
/** Information about another onion router in the network. */
struct routerinfo_t {
signed_descriptor_t cache_info;
@@ -28,7 +30,7 @@ struct routerinfo_t {
crypto_pk_t *onion_pkey; /**< Public RSA key for onions. */
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
/** Public curve25519 key for onions */
- curve25519_public_key_t *onion_curve25519_pkey;
+ struct curve25519_public_key_t *onion_curve25519_pkey;
/** What's the earliest expiration time on all the certs in this
* routerinfo? */
time_t cert_expiration_time;
@@ -104,4 +106,3 @@ struct routerinfo_t {
};
#endif
-
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index b6d4d83d6e..bb04a8b220 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -16,16 +16,23 @@
#include "or/or.h"
#include "or/config.h"
-#include "lib/crypt_ops/crypto_util.h"
#include "or/router.h"
-#include "lib/crypt_ops/crypto_pwbox.h"
#include "or/routerkeys.h"
#include "or/torcert.h"
+
+#include "lib/crypt_ops/crypto_pwbox.h"
+#include "lib/crypt_ops/crypto_util.h"
#include "lib/term/getpass.h"
+#include "lib/tls/tortls.h"
+#include "lib/crypt_ops/crypto_format.h"
#define ENC_KEY_HEADER "Boxed Ed25519 key"
#define ENC_KEY_TAG "master"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
/* DOCDOC */
static ssize_t
do_getpass(const char *prompt, char *buf, size_t buflen,
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index ad6555fe19..164b0bf865 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -95,6 +95,7 @@
#include "lib/err/backtrace.h"
#include "or/bridges.h"
#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "or/circuitstats.h"
#include "or/config.h"
#include "or/connection.h"
@@ -140,6 +141,10 @@
#include "lib/crypt_ops/digestset.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
// #define DEBUG_ROUTERLIST
/****************************************************************************/
@@ -5841,4 +5846,3 @@ refresh_all_country_info(void)
nodelist_refresh_countries();
}
-
diff --git a/src/or/routerlist.h b/src/or/routerlist.h
index 6d1e2a0b8a..4b7406364f 100644
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@ -13,6 +13,90 @@
#include "lib/testsupport/testsupport.h"
+/** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */
+typedef enum was_router_added_t {
+ /* Router was added successfully. */
+ ROUTER_ADDED_SUCCESSFULLY = 1,
+ /* Extrainfo document was rejected because no corresponding router
+ * descriptor was found OR router descriptor was rejected because
+ * it was incompatible with its extrainfo document. */
+ ROUTER_BAD_EI = -1,
+ /* Router descriptor was rejected because it is already known. */
+ ROUTER_IS_ALREADY_KNOWN = -2,
+ /* General purpose router was rejected, because it was not listed
+ * in consensus. */
+ ROUTER_NOT_IN_CONSENSUS = -3,
+ /* Router was neither in directory consensus nor in any of
+ * networkstatus documents. Caching it to access later.
+ * (Applies to fetched descriptors only.) */
+ ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4,
+ /* Router was rejected by directory authority. */
+ ROUTER_AUTHDIR_REJECTS = -5,
+ /* Bridge descriptor was rejected because such bridge was not one
+ * of the bridges we have listed in our configuration. */
+ ROUTER_WAS_NOT_WANTED = -6,
+ /* Router descriptor was rejected because it was older than
+ * OLD_ROUTER_DESC_MAX_AGE. */
+ ROUTER_WAS_TOO_OLD = -7, /* note contrast with 'NOT_NEW' */
+ /* DOCDOC */
+ ROUTER_CERTS_EXPIRED = -8
+} was_router_added_t;
+
+/** Flags to be passed to control router_choose_random_node() to indicate what
+ * kind of nodes to pick according to what algorithm. */
+typedef enum router_crn_flags_t {
+ CRN_NEED_UPTIME = 1<<0,
+ CRN_NEED_CAPACITY = 1<<1,
+ CRN_NEED_GUARD = 1<<2,
+ /* XXXX not used, apparently. */
+ CRN_WEIGHT_AS_EXIT = 1<<5,
+ CRN_NEED_DESC = 1<<6,
+ /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
+ CRN_PREF_ADDR = 1<<7,
+ /* On clients, only provide nodes that we can connect to directly, based on
+ * our firewall rules */
+ CRN_DIRECT_CONN = 1<<8,
+ /* On clients, only provide nodes with HSRend >= 2 protocol version which
+ * is required for hidden service version >= 3. */
+ CRN_RENDEZVOUS_V3 = 1<<9,
+} router_crn_flags_t;
+
+/** Possible ways to weight routers when choosing one randomly. See
+ * routerlist_sl_choose_by_bandwidth() for more information.*/
+typedef enum bandwidth_weight_rule_t {
+ NO_WEIGHTING, WEIGHT_FOR_EXIT, WEIGHT_FOR_MID, WEIGHT_FOR_GUARD,
+ WEIGHT_FOR_DIR
+} bandwidth_weight_rule_t;
+
+/* Flags for pick_directory_server() and pick_trusteddirserver(). */
+/** Flag to indicate that we should not automatically be willing to use
+ * ourself to answer a directory request.
+ * Passed to router_pick_directory_server (et al).*/
+#define PDS_ALLOW_SELF (1<<0)
+/** Flag to indicate that if no servers seem to be up, we should mark all
+ * directory servers as up and try again.
+ * Passed to router_pick_directory_server (et al).*/
+#define PDS_RETRY_IF_NO_SERVERS (1<<1)
+/** Flag to indicate that we should not exclude directory servers that
+ * our ReachableAddress settings would exclude. This usually means that
+ * we're going to connect to the server over Tor, and so we don't need to
+ * worry about our firewall telling us we can't.
+ * Passed to router_pick_directory_server (et al).*/
+#define PDS_IGNORE_FASCISTFIREWALL (1<<2)
+/** Flag to indicate that we should not use any directory authority to which
+ * we have an existing directory connection for downloading server descriptors
+ * or extrainfo documents.
+ *
+ * Passed to router_pick_directory_server (et al)
+ */
+#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3)
+/** Flag to indicate that we should not use any directory authority to which
+ * we have an existing directory connection for downloading microdescs.
+ *
+ * Passed to router_pick_directory_server (et al)
+ */
+#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4)
+
int get_n_authorities(dirinfo_type_t type);
int trusted_dirs_reload_certs(void);
@@ -261,4 +345,3 @@ STATIC int router_is_already_dir_fetching(const tor_addr_port_t *ap,
#endif /* defined(ROUTERLIST_PRIVATE) */
#endif /* !defined(TOR_ROUTERLIST_H) */
-
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index dfc298286b..29eb483212 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -58,6 +58,7 @@
#include "or/or.h"
#include "or/circuitstats.h"
#include "or/config.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_util.h"
#include "or/dirauth/shared_random.h"
#include "or/dirserv.h"
@@ -81,6 +82,7 @@
#include "or/dirauth/dirvote.h"
+#include "or/addr_policy_st.h"
#include "or/authority_cert_st.h"
#include "or/document_signature_st.h"
#include "or/extend_info_st.h"
@@ -102,6 +104,9 @@
#undef log
#include <math.h>
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
/****************************************************************************/
diff --git a/src/or/routerparse.h b/src/or/routerparse.h
index 314c81dcd1..87c2a75aa5 100644
--- a/src/or/routerparse.h
+++ b/src/or/routerparse.h
@@ -12,6 +12,22 @@
#ifndef TOR_ROUTERPARSE_H
#define TOR_ROUTERPARSE_H
+/** Possible statuses of a version of Tor, given opinions from the directory
+ * servers. */
+typedef enum version_status_t {
+ VS_RECOMMENDED=0, /**< This version is listed as recommended. */
+ VS_OLD=1, /**< This version is older than any recommended version. */
+ VS_NEW=2, /**< This version is newer than any recommended version. */
+ VS_NEW_IN_SERIES=3, /**< This version is newer than any recommended version
+ * in its series, but later recommended versions exist.
+ */
+ VS_UNRECOMMENDED=4, /**< This version is not recommended (general case). */
+ VS_EMPTY=5, /**< The version list was empty; no agreed-on versions. */
+ VS_UNKNOWN, /**< We have no idea. */
+} version_status_t;
+
+enum networkstatus_type_t;
+
int router_get_router_hash(const char *s, size_t s_len, char *digest);
int router_get_dir_hash(const char *s, char *digest);
int router_get_networkstatus_v3_hashes(const char *s,
@@ -65,8 +81,8 @@ void dump_distinct_digest_count(int severity);
int compare_vote_routerstatus_entries(const void **_a, const void **_b);
int networkstatus_verify_bw_weights(networkstatus_t *ns, int);
networkstatus_t *networkstatus_parse_vote_from_string(const char *s,
- const char **eos_out,
- networkstatus_type_t ns_type);
+ const char **eos_out,
+ enum networkstatus_type_t ns_type);
ns_detached_signatures_t *networkstatus_parse_detached_signatures(
const char *s, const char *eos);
@@ -143,4 +159,3 @@ STATIC void summarize_protover_flags(protover_summary_flags_t *out,
#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"
#endif /* !defined(TOR_ROUTERPARSE_H) */
-
diff --git a/src/or/routerset.c b/src/or/routerset.c
index 61b7dc121e..285ef9d821 100644
--- a/src/or/routerset.c
+++ b/src/or/routerset.c
@@ -36,6 +36,7 @@ n * Copyright (c) 2001-2004, Roger Dingledine.
#include "or/routerparse.h"
#include "or/routerset.h"
+#include "or/addr_policy_st.h"
#include "or/extend_info_st.h"
#include "or/node_st.h"
#include "or/routerinfo_st.h"
diff --git a/src/or/scheduler.c b/src/or/scheduler.c
index 960972de86..7c423064c7 100644
--- a/src/or/scheduler.c
+++ b/src/or/scheduler.c
@@ -12,6 +12,7 @@
#include "lib/container/buffers.h"
#define TOR_CHANNEL_INTERNAL_
#include "or/channeltls.h"
+#include "common/compat_libevent.h"
#include "or/or_connection_st.h"
@@ -765,4 +766,3 @@ scheduler_touch_channel(channel_t *chan)
}
#endif /* defined(TOR_UNIT_TESTS) */
-
diff --git a/src/or/scheduler_kist.c b/src/or/scheduler_kist.c
index 3059952b92..5a45ccab88 100644
--- a/src/or/scheduler_kist.c
+++ b/src/or/scheduler_kist.c
@@ -19,6 +19,10 @@
#define TLS_PER_CELL_OVERHEAD 29
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
#ifdef HAVE_KIST_SUPPORT
/* Kernel interface needed for KIST. */
#include <netinet/tcp.h>
diff --git a/src/or/socks_request_st.h b/src/or/socks_request_st.h
index c650a57739..d7b979c3eb 100644
--- a/src/or/socks_request_st.h
+++ b/src/or/socks_request_st.h
@@ -7,6 +7,23 @@
#ifndef SOCKS_REQUEST_ST_H
#define SOCKS_REQUEST_ST_H
+#define MAX_SOCKS_REPLY_LEN 1024
+
+#define SOCKS_NO_AUTH 0x00
+#define SOCKS_USER_PASS 0x02
+
+/** Please open a TCP connection to this addr:port. */
+#define SOCKS_COMMAND_CONNECT 0x01
+/** Please turn this FQDN into an IP address, privately. */
+#define SOCKS_COMMAND_RESOLVE 0xF0
+/** Please turn this IP address into an FQDN, privately. */
+#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
+
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0)
+#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \
+ (c)==SOCKS_COMMAND_RESOLVE_PTR)
+
/** State of a SOCKS request from a user to an OP. Also used to encode other
* information for non-socks user request (such as those on TransPort and
* DNSPort) */
@@ -56,4 +73,3 @@ struct socks_request_t {
};
#endif
-
diff --git a/src/or/statefile.c b/src/or/statefile.c
index 80c56b2d52..e9db1ff069 100644
--- a/src/or/statefile.c
+++ b/src/or/statefile.c
@@ -42,6 +42,13 @@
#include "or/router.h"
#include "lib/sandbox/sandbox.h"
#include "or/statefile.h"
+#include "lib/encoding/confline.h"
+
+#include "or/or_state_st.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
/** A list of state-file "abbreviations," for compatibility. */
static config_abbrev_t state_abbrevs_[] = {
@@ -708,4 +715,3 @@ or_state_free_all(void)
or_state_free(global_state);
global_state = NULL;
}
-
diff --git a/src/or/statefile.h b/src/or/statefile.h
index ed21dd14e7..e996d5b6e6 100644
--- a/src/or/statefile.h
+++ b/src/or/statefile.h
@@ -20,11 +20,11 @@ void or_state_free_all(void);
void or_state_mark_dirty(or_state_t *state, time_t when);
#ifdef STATEFILE_PRIVATE
-STATIC config_line_t *get_transport_in_state_by_name(const char *transport);
+STATIC struct config_line_t *get_transport_in_state_by_name(
+ const char *transport);
STATIC void or_state_free_(or_state_t *state);
#define or_state_free(st) FREE_AND_NULL(or_state_t, or_state_free_, (st))
STATIC or_state_t *or_state_new(void);
#endif
#endif /* !defined(TOR_STATEFILE_H) */
-
diff --git a/src/or/status.c b/src/or/status.c
index d0b3bc5536..80b56ac1a8 100644
--- a/src/or/status.c
+++ b/src/or/status.c
@@ -30,7 +30,9 @@
#include "or/hs_service.h"
#include "or/dos.h"
+#include "or/or_state_st.h"
#include "or/routerinfo_st.h"
+#include "lib/tls/tortls.h"
static void log_accounting(const time_t now, const or_options_t *options);
#include "or/geoip.h"
@@ -247,4 +249,3 @@ log_accounting(const time_t now, const or_options_t *options)
tor_free(acc_max);
tor_free(remaining);
}
-
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 785132c174..27bdb34331 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -33,6 +33,7 @@
#include "lib/log/torlog.h"
#include "common/util.h"
#include "trunnel/link_handshake.h"
+#include "lib/tls/tortls.h"
#include "or/or_handshake_certs_st.h"
@@ -723,4 +724,3 @@ tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out)
tor_free(ed_cert_b64);
return ret;
}
-
diff --git a/src/or/torcert.h b/src/or/torcert.h
index ba5787934b..5fa97679df 100644
--- a/src/or/torcert.h
+++ b/src/or/torcert.h
@@ -49,6 +49,8 @@ typedef struct tor_cert_st {
unsigned cert_valid : 1;
} tor_cert_t;
+struct tor_tls_t;
+
tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
uint8_t cert_type,
const ed25519_public_key_t *signed_key,
@@ -90,15 +92,15 @@ void or_handshake_certs_free_(or_handshake_certs_t *certs);
FREE_AND_NULL(or_handshake_certs_t, or_handshake_certs_free_, (certs))
int or_handshake_certs_rsa_ok(int severity,
or_handshake_certs_t *certs,
- tor_tls_t *tls,
+ struct tor_tls_t *tls,
time_t now);
int or_handshake_certs_ed25519_ok(int severity,
or_handshake_certs_t *certs,
- tor_tls_t *tls,
+ struct tor_tls_t *tls,
time_t now);
void or_handshake_certs_check_both(int severity,
or_handshake_certs_t *certs,
- tor_tls_t *tls,
+ struct tor_tls_t *tls,
time_t now,
const ed25519_public_key_t **ed_id_out,
const common_digests_t **rsa_id_out);
@@ -106,4 +108,3 @@ void or_handshake_certs_check_both(int severity,
int tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out);
#endif /* !defined(TORCERT_H_INCLUDED) */
-
diff --git a/src/or/transports.c b/src/or/transports.c
index 34161fd16e..ff51ff00eb 100644
--- a/src/or/transports.c
+++ b/src/or/transports.c
@@ -93,6 +93,7 @@
#include "or/or.h"
#include "or/bridges.h"
#include "or/config.h"
+#include "or/connection.h"
#include "or/circuitbuild.h"
#include "or/transports.h"
#include "common/util.h"
diff --git a/src/or/vote_routerstatus_st.h b/src/or/vote_routerstatus_st.h
index 7ec0c962fe..1b85737df8 100644
--- a/src/or/vote_routerstatus_st.h
+++ b/src/or/vote_routerstatus_st.h
@@ -8,6 +8,7 @@
#define VOTE_ROUTERSTATUS_ST_H
#include "or/routerstatus_st.h"
+#include "lib/defs/x25519_sizes.h"
/** The claim about a single router, made in a vote. */
struct vote_routerstatus_t {
@@ -38,4 +39,3 @@ struct vote_routerstatus_t {
};
#endif
-
diff --git a/src/test/bench.c b/src/test/bench.c
index 6653f4942f..ced04fffd7 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -19,12 +19,15 @@
#include <openssl/ecdh.h>
#include <openssl/obj_mac.h>
+#include "or/circuitlist.h"
#include "or/config.h"
#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "or/onion_ntor.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/consdiff.h"
+#include "lib/compress/compress.h"
#include "or/cell_st.h"
#include "or/or_circuit_st.h"
@@ -551,8 +554,8 @@ bench_dh(void)
reset_perftime();
start = perftime();
for (i = 0; i < iters; ++i) {
- char dh_pubkey_a[DH_BYTES], dh_pubkey_b[DH_BYTES];
- char secret_a[DH_BYTES], secret_b[DH_BYTES];
+ char dh_pubkey_a[DH1024_KEY_LEN], dh_pubkey_b[DH1024_KEY_LEN];
+ char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
ssize_t slen_a, slen_b;
crypto_dh_t *dh_a = crypto_dh_new(DH_TYPE_TLS);
crypto_dh_t *dh_b = crypto_dh_new(DH_TYPE_TLS);
@@ -586,7 +589,7 @@ bench_ecdh_impl(int nid, const char *name)
reset_perftime();
start = perftime();
for (i = 0; i < iters; ++i) {
- char secret_a[DH_BYTES], secret_b[DH_BYTES];
+ char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
ssize_t slen_a, slen_b;
EC_KEY *dh_a = EC_KEY_new_by_curve_name(nid);
EC_KEY *dh_b = EC_KEY_new_by_curve_name(nid);
@@ -597,10 +600,10 @@ bench_ecdh_impl(int nid, const char *name)
EC_KEY_generate_key(dh_a);
EC_KEY_generate_key(dh_b);
- slen_a = ECDH_compute_key(secret_a, DH_BYTES,
+ slen_a = ECDH_compute_key(secret_a, DH1024_KEY_LEN,
EC_KEY_get0_public_key(dh_b), dh_a,
NULL);
- slen_b = ECDH_compute_key(secret_b, DH_BYTES,
+ slen_b = ECDH_compute_key(secret_b, DH1024_KEY_LEN,
EC_KEY_get0_public_key(dh_a), dh_b,
NULL);
diff --git a/src/test/fuzz/fuzz_consensus.c b/src/test/fuzz/fuzz_consensus.c
index de54da61b8..81a3101545 100644
--- a/src/test/fuzz/fuzz_consensus.c
+++ b/src/test/fuzz/fuzz_consensus.c
@@ -4,6 +4,8 @@
#include "or/or.h"
#include "or/routerparse.h"
#include "or/networkstatus.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "or/networkstatus_st.h"
#include "test/fuzz/fuzzing.h"
static void
@@ -75,4 +77,3 @@ fuzz_main(const uint8_t *data, size_t sz)
tor_free(str);
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_hsdescv2.c b/src/test/fuzz/fuzz_hsdescv2.c
index 5cf2cffb88..7fd86f40b1 100644
--- a/src/test/fuzz/fuzz_hsdescv2.c
+++ b/src/test/fuzz/fuzz_hsdescv2.c
@@ -4,6 +4,7 @@
#include "or/or.h"
#include "or/routerparse.h"
#include "or/rendcommon.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "test/fuzz/fuzzing.h"
static void
@@ -49,4 +50,3 @@ fuzz_main(const uint8_t *data, size_t sz)
tor_free(str);
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_iptsv2.c b/src/test/fuzz/fuzz_iptsv2.c
index 7bf4d1282e..e4ec7fffce 100644
--- a/src/test/fuzz/fuzz_iptsv2.c
+++ b/src/test/fuzz/fuzz_iptsv2.c
@@ -4,6 +4,7 @@
#include "or/or.h"
#include "or/routerparse.h"
#include "or/rendcommon.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "or/rend_service_descriptor_st.h"
@@ -46,4 +47,3 @@ fuzz_main(const uint8_t *data, size_t sz)
rend_service_descriptor_free(desc);
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_microdesc.c b/src/test/fuzz/fuzz_microdesc.c
index 74e0ef4f46..a7fe1bb66d 100644
--- a/src/test/fuzz/fuzz_microdesc.c
+++ b/src/test/fuzz/fuzz_microdesc.c
@@ -4,6 +4,8 @@
#include "or/or.h"
#include "or/routerparse.h"
#include "or/microdesc.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+
#include "test/fuzz/fuzzing.h"
static void
@@ -44,4 +46,3 @@ fuzz_main(const uint8_t *data, size_t sz)
}
return 0;
}
-
diff --git a/src/test/fuzz/fuzz_vrs.c b/src/test/fuzz/fuzz_vrs.c
index 0713f99c35..7d28ef1c7a 100644
--- a/src/test/fuzz/fuzz_vrs.c
+++ b/src/test/fuzz/fuzz_vrs.c
@@ -10,6 +10,7 @@
#include "or/networkstatus_st.h"
#include "or/vote_routerstatus_st.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "test/fuzz/fuzzing.h"
@@ -83,4 +84,3 @@ fuzz_main(const uint8_t *data, size_t sz)
tor_free(str);
return 0;
}
-
diff --git a/src/test/fuzz/fuzzing_common.c b/src/test/fuzz/fuzzing_common.c
index 9e736ea69d..c947ebfceb 100644
--- a/src/test/fuzz/fuzzing_common.c
+++ b/src/test/fuzz/fuzzing_common.c
@@ -6,6 +6,7 @@
#include "lib/err/backtrace.h"
#include "or/config.h"
#include "test/fuzz/fuzzing.h"
+#include "lib/compress/compress.h"
#include "lib/crypt_ops/crypto.h"
#include "lib/crypt_ops/crypto_ed25519.h"
@@ -189,4 +190,3 @@ main(int argc, char **argv)
}
#endif
-
diff --git a/src/test/hs_ntor_ref.py b/src/test/hs_ntor_ref.py
index f892cd8f84..0c5756ad73 100644
--- a/src/test/hs_ntor_ref.py
+++ b/src/test/hs_ntor_ref.py
@@ -234,8 +234,11 @@ Utilities for communicating with the little-t-tor ntor wrapper to conduct the
integration tests
"""
-PROG = b"./src/test/test-hs-ntor-cl"
-enhex=lambda s: binascii.b2a_hex(s)
+PROG = "./src/test/test-hs-ntor-cl"
+if sys.version_info[0] >= 3:
+ enhex=lambda s: binascii.b2a_hex(s).decode("ascii")
+else:
+ enhex=lambda s: binascii.b2a_hex(s)
dehex=lambda s: binascii.a2b_hex(s.strip())
def tor_client1(intro_auth_pubkey_str, intro_enc_pubkey,
diff --git a/src/test/ntor_ref.py b/src/test/ntor_ref.py
index 9294827e13..56e97ece36 100755
--- a/src/test/ntor_ref.py
+++ b/src/test/ntor_ref.py
@@ -336,13 +336,16 @@ def test_tor():
Call the test-ntor-cl command-line program to make sure we can
interoperate with Tor's ntor program
"""
- enhex=lambda s: binascii.b2a_hex(s)
+ if sys.version_info[0] >= 3:
+ enhex=lambda s: binascii.b2a_hex(s).decode("ascii")
+ else:
+ enhex=lambda s: binascii.b2a_hex(s)
dehex=lambda s: binascii.a2b_hex(s.strip())
- PROG = b"./src/test/test-ntor-cl"
+ PROG = "./src/test/test-ntor-cl"
def tor_client1(node_id, pubkey_B):
" returns (msg, state) "
- p = subprocess.Popen([PROG, b"client1", enhex(node_id),
+ p = subprocess.Popen([PROG, "client1", enhex(node_id),
enhex(pubkey_B.serialize())],
stdout=subprocess.PIPE)
return map(dehex, p.stdout.readlines())
diff --git a/src/test/test.c b/src/test/test.c
index e3121293c3..d6be5ea2e7 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -9,8 +9,11 @@
**/
#include "orconfig.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
+#include "or/or_state_st.h"
+
#include <stdio.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
@@ -148,7 +151,8 @@ test_bad_onion_handshake(void *arg)
memset(junk_buf, 0, sizeof(junk_buf));
crypto_pk_obsolete_public_hybrid_encrypt(pk,
junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
- junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1);
+ junk_buf, DH1024_KEY_LEN,
+ PK_PKCS1_OAEP_PADDING, 1);
tt_int_op(-1, OP_EQ,
onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
s_buf, s_keys, 40));
diff --git a/src/test/test_accounting.c b/src/test/test_accounting.c
index ce8e08f7c9..7b9511dc20 100644
--- a/src/test/test_accounting.c
+++ b/src/test/test_accounting.c
@@ -9,6 +9,8 @@
#define STATEFILE_PRIVATE
#include "or/statefile.h"
+#include "or/or_state_st.h"
+
#define NS_MODULE accounting
#define NS_SUBMODULE limits
@@ -102,4 +104,3 @@ struct testcase_t accounting_tests[] = {
{ "bwlimits", test_accounting_limits, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index 0a3212adbc..1069e25b43 100644
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -11,6 +11,10 @@
#include "or/addressmap.h"
#include "test/log_test_helpers.h"
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
/** Mocking replacement: only handles localhost. */
static int
mock_tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out)
@@ -1257,4 +1261,3 @@ struct testcase_t addr_tests[] = {
{ "make_null", test_addr_make_null, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_bt_cl.c b/src/test/test_bt_cl.c
index c64ca8e2b3..8a8221f190 100644
--- a/src/test/test_bt_cl.c
+++ b/src/test/test_bt_cl.c
@@ -12,6 +12,10 @@
#include "lib/err/backtrace.h"
#include "lib/log/torlog.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
/* -1: no crash.
* 0: crash with a segmentation fault.
* 1x: crash with an assertion failure. */
@@ -118,4 +122,3 @@ main(int argc, char **argv)
return 0;
}
-
diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c
index 66ee997225..604f1422c1 100644
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@@ -8,6 +8,8 @@
#include "or/or.h"
#include "lib/container/buffers.h"
#include "lib/tls/buffers_tls.h"
+#include "lib/tls/tortls.h"
+#include "lib/compress/compress.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/proto_http.h"
#include "or/proto_socks.h"
@@ -819,4 +821,3 @@ struct testcase_t buffer_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c
index 844fa4a16c..da5e5defd1 100644
--- a/src/test/test_cell_formats.c
+++ b/src/test/test_cell_formats.c
@@ -1302,4 +1302,3 @@ struct testcase_t cell_format_tests[] = {
TEST(is_destroy, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c
index 4ae7e16361..7e0c33f63b 100644
--- a/src/test/test_channelpadding.c
+++ b/src/test/test_channelpadding.c
@@ -19,6 +19,9 @@
#include "or/main.h"
#include "or/networkstatus.h"
#include "test/log_test_helpers.h"
+#include "lib/tls/tortls.h"
+#include "common/timers.h"
+#include "lib/container/buffers.h"
#include "or/cell_st.h"
#include "or/networkstatus_st.h"
@@ -1168,4 +1171,3 @@ struct testcase_t channelpadding_tests[] = {
TEST_CHANNELPADDING(channelpadding_timers, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c
index aed766fc00..ad2b443cf2 100644
--- a/src/test/test_channeltls.c
+++ b/src/test/test_channeltls.c
@@ -11,6 +11,7 @@
#include "lib/container/buffers.h"
#include "or/channel.h"
#include "or/channeltls.h"
+#include "or/connection.h"
#include "or/connection_or.h"
#include "or/config.h"
/* For init/free stuff */
@@ -336,4 +337,3 @@ struct testcase_t channeltls_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c
index d0c899a07e..09688cf0a9 100644
--- a/src/test/test_checkdir.c
+++ b/src/test/test_checkdir.c
@@ -14,6 +14,10 @@
#include "test/test.h"
#include "common/util.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
#ifdef _WIN32
#define mkdir(a,b) mkdir(a)
#define tt_int_op_nowin(a,op,b) do { (void)(a); (void)(b); } while (0)
@@ -146,4 +150,3 @@ struct testcase_t checkdir_tests[] = {
CHECKDIR(perms, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c
index d17a04614c..c09133c549 100644
--- a/src/test/test_circuitbuild.c
+++ b/src/test/test_circuitbuild.c
@@ -11,6 +11,7 @@
#include "test/log_test_helpers.h"
#include "or/config.h"
#include "or/circuitbuild.h"
+#include "or/circuitlist.h"
#include "or/extend_info_st.h"
@@ -132,4 +133,3 @@ struct testcase_t circuitbuild_tests[] = {
{ "unhandled_exit", test_new_route_len_unhandled_exit, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_config.c b/src/test/test_config.c
index 1138989826..25199454e4 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -51,6 +51,14 @@
#include "lib/fs/conffile.h"
#include "lib/meminfo/meminfo.h"
#include "lib/net/gethostname.h"
+#include "lib/encoding/confline.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
static void
test_config_addressmap(void *arg)
diff --git a/src/test/test_conscache.c b/src/test/test_conscache.c
index e3a617fe3e..3d3a50297b 100644
--- a/src/test/test_conscache.c
+++ b/src/test/test_conscache.c
@@ -4,6 +4,7 @@
#include "or/or.h"
#include "or/config.h"
#include "or/conscache.h"
+#include "lib/encoding/confline.h"
#include "test/test.h"
#ifdef HAVE_UTIME_H
@@ -337,4 +338,3 @@ struct testcase_t conscache_tests[] = {
ENT(filter),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_consdiffmgr.c b/src/test/test_consdiffmgr.c
index c09586afcc..a0dfe95d35 100644
--- a/src/test/test_consdiffmgr.c
+++ b/src/test/test_consdiffmgr.c
@@ -13,6 +13,8 @@
#include "or/networkstatus.h"
#include "or/routerparse.h"
#include "common/workqueue.h"
+#include "lib/compress/compress.h"
+#include "lib/encoding/confline.h"
#include "or/networkstatus_st.h"
@@ -896,4 +898,3 @@ struct testcase_t consdiffmgr_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
index de8e4630cd..54c2e0a2ec 100644
--- a/src/test/test_controller.c
+++ b/src/test/test_controller.c
@@ -3,6 +3,7 @@
#define CONTROL_PRIVATE
#include "or/or.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "or/bridges.h"
#include "or/control.h"
#include "or/entrynodes.h"
@@ -1625,4 +1626,3 @@ struct testcase_t controller_tests[] = {
{ "getinfo_md_all", test_getinfo_md_all, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c
index b642a37d22..33a45a99cc 100644
--- a/src/test/test_controller_events.c
+++ b/src/test/test_controller_events.c
@@ -7,6 +7,7 @@
#include "or/or.h"
#include "or/channel.h"
#include "or/channeltls.h"
+#include "or/circuitlist.h"
#include "or/connection.h"
#include "or/control.h"
#include "test/test.h"
@@ -331,4 +332,3 @@ struct testcase_t controller_event_tests[] = {
TEST(event_mask, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index e8a2efe597..194c54e857 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -12,10 +12,20 @@
#include "common/util.h"
#include "siphash.h"
#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/crypt_ops/crypto_hkdf.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "ed25519_vectors.inc"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
/** Run unit tests for Diffie-Hellman functionality. */
static void
test_crypto_dh(void *arg)
@@ -23,38 +33,39 @@ test_crypto_dh(void *arg)
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
crypto_dh_t *dh1_dup = NULL;
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
- char p1[DH_BYTES];
- char p2[DH_BYTES];
- char s1[DH_BYTES];
- char s2[DH_BYTES];
+ char p1[DH1024_KEY_LEN];
+ char p2[DH1024_KEY_LEN];
+ char s1[DH1024_KEY_LEN];
+ char s2[DH1024_KEY_LEN];
ssize_t s1len, s2len;
(void)arg;
- tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH_BYTES);
- tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH_BYTES);
+ tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH1024_KEY_LEN);
+ tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH1024_KEY_LEN);
- memset(p1, 0, DH_BYTES);
- memset(p2, 0, DH_BYTES);
- tt_mem_op(p1,OP_EQ, p2, DH_BYTES);
+ memset(p1, 0, DH1024_KEY_LEN);
+ memset(p2, 0, DH1024_KEY_LEN);
+ tt_mem_op(p1,OP_EQ, p2, DH1024_KEY_LEN);
tt_int_op(-1, OP_EQ, crypto_dh_get_public(dh1, p1, 6)); /* too short */
- tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
- tt_mem_op(p1,OP_NE, p2, DH_BYTES);
- tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
- tt_mem_op(p1,OP_NE, p2, DH_BYTES);
+ tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
+ tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
+ tt_assert(! crypto_dh_get_public(dh2, p2, DH1024_KEY_LEN));
+ tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
- memset(s1, 0, DH_BYTES);
- memset(s2, 0xFF, DH_BYTES);
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
- s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
+ memset(s1, 0, DH1024_KEY_LEN);
+ memset(s2, 0xFF, DH1024_KEY_LEN);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH1024_KEY_LEN, s1, 50);
+ s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH1024_KEY_LEN, s2, 50);
tt_assert(s1len > 0);
tt_int_op(s1len,OP_EQ, s2len);
tt_mem_op(s1,OP_EQ, s2, s1len);
/* test dh_dup; make sure it works the same. */
dh1_dup = crypto_dh_dup(dh1);
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH_BYTES, s1, 50);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH1024_KEY_LEN,
+ s1, 50);
tt_mem_op(s1,OP_EQ, s2, s1len);
{
@@ -67,12 +78,14 @@ test_crypto_dh(void *arg)
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- memset(p1, 0, DH_BYTES); /* 0 with padding. */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ memset(p1, 0, DH1024_KEY_LEN); /* 0 with padding. */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 1; /* 1 with padding*/
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 1; /* 1 with padding*/
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
/* 2 is okay, though weird. */
@@ -89,15 +102,18 @@ test_crypto_dh(void *arg)
/* p-1, p, and so on are not okay. */
base16_decode(p1, sizeof(p1), P, strlen(P));
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0xFE; /* p-1 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0xFE; /* p-1 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0xFD; /* p-2 works fine */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0xFD; /* p-2 works fine */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(50, OP_EQ, s1len);
const char P_plus_one[] =
@@ -109,31 +125,35 @@ test_crypto_dh(void *arg)
base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0x01; /* p+2 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0x01; /* p+2 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- p1[DH_BYTES-1] = 0xff; /* p+256 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ p1[DH1024_KEY_LEN-1] = 0xff; /* p+256 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
- memset(p1, 0xff, DH_BYTES), /* 2^1024-1 */
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+ memset(p1, 0xff, DH1024_KEY_LEN), /* 2^1024-1 */
+ s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+ s1, 50);
tt_int_op(-1, OP_EQ, s1len);
}
{
/* provoke an error in the openssl DH_compute_key function; make sure we
* survive. */
- tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
+ tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
crypto_dh_free(dh2);
dh2= crypto_dh_new(DH_TYPE_CIRCUIT); /* no private key set */
s1len = crypto_dh_compute_secret(LOG_WARN, dh2,
- p1, DH_BYTES,
+ p1, DH1024_KEY_LEN,
s1, 50);
tt_int_op(s1len, OP_EQ, -1);
}
@@ -3063,4 +3083,3 @@ struct testcase_t crypto_tests[] = {
{ "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c
index 9878a0d026..7c1dfa0a93 100644
--- a/src/test/test_crypto_slow.c
+++ b/src/test/test_crypto_slow.c
@@ -7,6 +7,8 @@
#define CRYPTO_S2K_PRIVATE
#include "or/or.h"
#include "test/test.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/crypt_ops/crypto_s2k.h"
#include "lib/crypt_ops/crypto_pwbox.h"
#include "lib/crypt_ops/crypto_rand.h"
@@ -615,4 +617,3 @@ struct testcase_t slow_crypto_tests[] = {
ED25519_TEST(fuzz_donna, TT_FORK),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 498ecf942e..5adfb95706 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -19,10 +19,12 @@
#include "or/or.h"
#include "or/bridges.h"
+#include "or/connection.h"
#include "or/confparse.h"
#include "or/config.h"
#include "or/control.h"
#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/directory.h"
#include "or/dirserv.h"
@@ -45,7 +47,9 @@
#include "or/relay.h"
#include "test/log_test_helpers.h"
#include "or/voting_schedule.h"
+#include "lib/compress/compress.h"
+#include "or/addr_policy_st.h"
#include "or/authority_cert_st.h"
#include "or/document_signature_st.h"
#include "or/extrainfo_st.h"
@@ -59,6 +63,10 @@
#include "or/vote_microdesc_hash_st.h"
#include "or/vote_routerstatus_st.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
#define NS_MODULE dir
static void
diff --git a/src/test/test_dns.c b/src/test/test_dns.c
index 3bcef0aa7c..1407a5c47e 100644
--- a/src/test/test_dns.c
+++ b/src/test/test_dns.c
@@ -8,6 +8,7 @@
#include "or/dns.h"
#include "or/connection.h"
+#include "or/connection_edge.h"
#include "or/router.h"
#include "or/edge_connection_st.h"
@@ -748,4 +749,3 @@ struct testcase_t dns_tests[] = {
};
#undef NS_MODULE
-
diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c
index d6ac5e1d38..b23f12087e 100644
--- a/src/test/test_entryconn.c
+++ b/src/test/test_entryconn.c
@@ -22,6 +22,8 @@
#include "or/entry_connection_st.h"
#include "or/socks_request_st.h"
+#include "lib/encoding/confline.h"
+
static void *
entryconn_rewrite_setup(const struct testcase_t *tc)
{
@@ -833,4 +835,3 @@ struct testcase_t entryconn_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index 4d37d0fe88..262e2fa680 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -37,6 +37,7 @@
#include "or/networkstatus_st.h"
#include "or/node_st.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#include "or/routerinfo_st.h"
#include "or/routerstatus_st.h"
@@ -44,6 +45,7 @@
#include "test/log_test_helpers.h"
#include "lib/container/bloomfilt.h"
+#include "lib/encoding/confline.h"
/* TODO:
* choose_random_entry() test with state set.
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index 0032ef5b78..4ddef4e43b 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -18,6 +18,10 @@
#include "test/test.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
/* Test connection_or_remove_from_ext_or_id_map and
* connection_or_set_ext_or_identifier */
static void
@@ -610,4 +614,3 @@ struct testcase_t extorport_tests[] = {
{ "handshake", test_ext_or_handshake, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index ba279c790b..6d410af526 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -23,6 +23,7 @@
#include "or/nodelist.h"
#include "or/relay.h"
#include "or/routerlist.h"
+#include "lib/encoding/confline.h"
#include "or/cell_st.h"
#include "or/connection_st.h"
@@ -282,4 +283,3 @@ helper_parse_options(const char *conf)
}
return opt;
}
-
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 84598d9cc4..b17e8cf21f 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -19,6 +19,7 @@
#include "or/hs_common.h"
#include "or/rendcommon.h"
#include "or/rendservice.h"
+#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/circuitbuild.h"
@@ -29,6 +30,10 @@
#include "test/test_helpers.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
/* mock ID digest and longname for node that's in nodelist */
#define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
@@ -1061,4 +1066,3 @@ struct testcase_t hs_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c
index ccad3062b7..c22cc46386 100644
--- a/src/test/test_hs_cache.c
+++ b/src/test/test_hs_cache.c
@@ -17,6 +17,7 @@
#include "or/networkstatus.h"
#include "or/connection.h"
#include "or/proto_http.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "or/dir_connection_st.h"
#include "or/networkstatus_st.h"
@@ -561,4 +562,3 @@ struct testcase_t hs_cache[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 58002d6292..1458c358d2 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -22,12 +22,15 @@
#include "or/config.h"
#include "lib/crypt_ops/crypto.h"
+#include "lib/crypt_ops/crypto_dh.h"
#include "or/channeltls.h"
+#include "or/directory.h"
#include "or/main.h"
#include "or/nodelist.h"
#include "or/routerset.h"
#include "or/hs_circuit.h"
+#include "or/hs_circuitmap.h"
#include "or/hs_client.h"
#include "or/hs_ident.h"
#include "or/hs_cache.h"
@@ -197,17 +200,17 @@ test_e2e_rend_circuit_setup_legacy(void *arg)
/* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange
* digest verification... */
- uint8_t rend_cell_body[DH_KEY_LEN+DIGEST_LEN] = {2};
+ uint8_t rend_cell_body[DH1024_KEY_LEN+DIGEST_LEN] = {2};
{
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
crypto_dh_t *dh_state =
or_circ->build_state->pending_final_cpath->rend_dh_handshake_state;
/* compute and overwrite digest of cell body with the right value */
retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state,
- (char*)rend_cell_body, DH_KEY_LEN,
+ (char*)rend_cell_body, DH1024_KEY_LEN,
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN);
tt_int_op(retval, OP_GT, 0);
- memcpy(rend_cell_body+DH_KEY_LEN, keys, DIGEST_LEN);
+ memcpy(rend_cell_body+DH1024_KEY_LEN, keys, DIGEST_LEN);
}
/* Setup the circuit */
@@ -609,4 +612,3 @@ struct testcase_t hs_client_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c
index 934b26450d..28c6316bd0 100644
--- a/src/test/test_hs_common.c
+++ b/src/test/test_hs_common.c
@@ -17,6 +17,7 @@
#include "test/hs_test_helpers.h"
#include "or/connection_edge.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/hs_common.h"
#include "or/hs_client.h"
@@ -36,6 +37,7 @@
#include "or/microdesc_st.h"
#include "or/networkstatus_st.h"
#include "or/node_st.h"
+#include "or/or_state_st.h"
#include "or/routerinfo_st.h"
#include "or/routerstatus_st.h"
@@ -1832,4 +1834,3 @@ struct testcase_t hs_common_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c
index f5beced45f..6e5e783372 100644
--- a/src/test/test_hs_control.c
+++ b/src/test/test_hs_control.c
@@ -18,6 +18,7 @@
#include "or/node_st.h"
#include "or/routerstatus_st.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "test/test_helpers.h"
@@ -191,4 +192,3 @@ struct testcase_t hs_control_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 43d4955905..a017facd2c 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -9,6 +9,7 @@
#define HS_DESCRIPTOR_PRIVATE
#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "trunnel/ed25519_cert.h"
@@ -896,4 +897,3 @@ struct testcase_t hs_descriptor[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_ntor.c b/src/test/test_hs_ntor.c
index 51373af645..c524409003 100644
--- a/src/test/test_hs_ntor.c
+++ b/src/test/test_hs_ntor.c
@@ -9,6 +9,8 @@
#include "test/test.h"
#include "test/test_helpers.h"
#include "test/log_test_helpers.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "or/hs_ntor.h"
@@ -111,4 +113,3 @@ struct testcase_t hs_ntor_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_hs_ntor_cl.c b/src/test/test_hs_ntor_cl.c
index 5475f3b38c..6bf11560b4 100644
--- a/src/test/test_hs_ntor_cl.c
+++ b/src/test/test_hs_ntor_cl.c
@@ -17,6 +17,8 @@
#include "common/util.h"
#include "lib/crypt_ops/crypto.h"
#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "or/hs_ntor.h"
#include "or/onion_ntor.h"
@@ -251,4 +253,3 @@ main(int argc, char **argv)
return 1;
}
}
-
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index 684ac98f42..e81a5eff4f 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -45,6 +45,7 @@
#include "or/hs_intropoint.h"
#include "or/hs_ntor.h"
#include "or/hs_circuit.h"
+#include "or/hs_circuitmap.h"
#include "or/hs_service.h"
#include "or/hs_client.h"
#include "or/main.h"
@@ -58,6 +59,7 @@
#include "or/networkstatus_st.h"
#include "or/node_st.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#include "or/routerinfo_st.h"
/* Trunnel */
@@ -1634,4 +1636,3 @@ struct testcase_t hs_service_tests[] = {
END_OF_TESTCASES
};
-
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index ffb6c47b1e..515fdc50a7 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -24,6 +24,8 @@
#include "or/or_handshake_state_st.h"
#include "or/var_cell_st.h"
+#include "lib/tls/tortls.h"
+
#include "test/test.h"
#include "test/log_test_helpers.h"
diff --git a/src/test/test_logging.c b/src/test/test_logging.c
index d979411469..48cdf2e6bc 100644
--- a/src/test/test_logging.c
+++ b/src/test/test_logging.c
@@ -11,6 +11,10 @@
#include "test/test.h"
#include "lib/process/subprocess.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
static void
dummy_cb_fn(int severity, uint32_t domain, const char *msg)
{
diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c
index 1b680c02c5..2038f54984 100644
--- a/src/test/test_microdesc.c
+++ b/src/test/test_microdesc.c
@@ -20,6 +20,10 @@
#include "test/test.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
#ifdef _WIN32
/* For mkdir() */
#include <direct.h>
@@ -815,4 +819,3 @@ struct testcase_t microdesc_tests[] = {
{ "corrupt_desc", test_md_corrupt_desc, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_oos.c b/src/test/test_oos.c
index 6ecb1a0786..f101390d67 100644
--- a/src/test/test_oos.c
+++ b/src/test/test_oos.c
@@ -9,6 +9,7 @@
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_or.h"
+#include "or/directory.h"
#include "or/main.h"
#include "test/test.h"
@@ -456,4 +457,3 @@ struct testcase_t oos_tests[] = {
{ "pick_oos_victims", test_oos_pick_oos_victims, TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_options.c b/src/test/test_options.c
index ab8727c3db..76d95349cd 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -18,6 +18,7 @@
#include "lib/sandbox/sandbox.h"
#include "lib/memarea/memarea.h"
#include "lib/osinfo/uname.h"
+#include "lib/encoding/confline.h"
#include "or/policies.h"
#include "test/test_helpers.h"
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index 2c29bbb16a..a6906af41f 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -8,8 +8,10 @@
#include "or/routerparse.h"
#define POLICIES_PRIVATE
#include "or/policies.h"
+#include "lib/encoding/confline.h"
#include "test/test.h"
+#include "or/addr_policy_st.h"
#include "or/node_st.h"
#include "or/port_cfg_st.h"
#include "or/routerinfo_st.h"
@@ -2450,4 +2452,3 @@ struct testcase_t policy_tests[] = {
test_policies_fascist_firewall_choose_address, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_pt.c b/src/test/test_pt.c
index c2c4e19897..e685ab50de 100644
--- a/src/test/test_pt.c
+++ b/src/test/test_pt.c
@@ -19,6 +19,9 @@
#include "or/statefile.h"
#include "test/test.h"
#include "lib/process/subprocess.h"
+#include "lib/encoding/confline.h"
+
+#include "or/or_state_st.h"
static void
reset_mp(managed_proxy_t *mp)
diff --git a/src/test/test_relay.c b/src/test/test_relay.c
index 777153d11b..fe5795d11d 100644
--- a/src/test/test_relay.c
+++ b/src/test/test_relay.c
@@ -4,6 +4,7 @@
#include "or/or.h"
#define CIRCUITBUILD_PRIVATE
#include "or/circuitbuild.h"
+#include "or/circuitlist.h"
#define RELAY_PRIVATE
#include "or/relay.h"
/* For init/free stuff */
@@ -130,4 +131,3 @@ struct testcase_t relay_tests[] = {
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c
index 948cf0d60c..8c2be30a8f 100644
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -11,6 +11,7 @@
#include "or/routerkeys.h"
#include "common/util.h"
#include "lib/crypt_ops/crypto.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "or/torcert.h"
#include "test/test.h"
@@ -19,6 +20,13 @@
#include <direct.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
static void
test_routerkeys_write_fingerprint(void *arg)
{
@@ -695,4 +703,3 @@ struct testcase_t routerkeys_tests[] = {
TEST(rsa_ed_crosscert, 0),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c
index 5da42c1339..b25a0be9a4 100644
--- a/src/test/test_routerlist.c
+++ b/src/test/test_routerlist.c
@@ -37,8 +37,12 @@
#include "or/dir_connection_st.h"
#include "or/networkstatus_st.h"
#include "or/node_st.h"
+#include "or/or_state_st.h"
#include "or/routerstatus_st.h"
+#include "lib/encoding/confline.h"
+#include "lib/container/buffers.h"
+
#include "test/test.h"
#include "test/test_dir_common.h"
#include "test/log_test_helpers.h"
@@ -782,4 +786,3 @@ struct testcase_t routerlist_tests[] = {
{ "warn_early_consensus", test_warn_early_consensus, 0, NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_routerset.c b/src/test/test_routerset.c
index e64c24e89e..ea8b43498e 100644
--- a/src/test/test_routerset.c
+++ b/src/test/test_routerset.c
@@ -10,6 +10,7 @@
#include "or/policies.h"
#include "or/nodelist.h"
+#include "or/addr_policy_st.h"
#include "or/extend_info_st.h"
#include "or/node_st.h"
#include "or/routerinfo_st.h"
@@ -2227,4 +2228,3 @@ struct testcase_t routerset_tests[] = {
TEST_CASE(routerset_free),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c
index 91ae20bff8..1b4fdc8992 100644
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@@ -24,6 +24,11 @@
#include "or/dir_server_st.h"
#include "or/networkstatus_st.h"
+#include "or/or_state_st.h"
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
static authority_cert_t *mock_cert;
@@ -1393,4 +1398,3 @@ struct testcase_t sr_tests[] = {
NULL, NULL },
END_OF_TESTCASES
};
-
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 3e4528af27..046ed35978 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -6,6 +6,7 @@
#include "or/or.h"
#include "lib/container/buffers.h"
#include "or/config.h"
+#include "or/connection.h"
#include "or/proto_socks.h"
#include "test/test.h"
#include "test/log_test_helpers.h"
diff --git a/src/test/test_status.c b/src/test/test_status.c
index 09b9662b4c..6c694be57e 100644
--- a/src/test/test_status.c
+++ b/src/test/test_status.c
@@ -24,8 +24,10 @@
#include "or/main.h"
#include "or/nodelist.h"
#include "or/statefile.h"
+#include "lib/tls/tortls.h"
#include "or/origin_circuit_st.h"
+#include "or/or_state_st.h"
#include "or/routerinfo_st.h"
#include "test/test.h"
@@ -1097,4 +1099,3 @@ struct testcase_t status_tests[] = {
TEST_CASE_ASPECT(log_heartbeat, tls_write_overhead),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_storagedir.c b/src/test/test_storagedir.c
index d07d35e096..efb6a0027a 100644
--- a/src/test/test_storagedir.c
+++ b/src/test/test_storagedir.c
@@ -4,6 +4,7 @@
#include "or/or.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/fs/storagedir.h"
+#include "lib/encoding/confline.h"
#include "test/test.h"
#ifdef HAVE_UTIME_H
@@ -373,4 +374,3 @@ struct testcase_t storagedir_tests[] = {
ENT(read_labeled),
END_OF_TESTCASES
};
-
diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c
index 11fe53b7c5..95801822f9 100644
--- a/src/test/test_switch_id.c
+++ b/src/test/test_switch_id.c
@@ -7,6 +7,9 @@
#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#define TEST_BUILT_WITH_CAPS 0
#define TEST_HAVE_CAPS 1
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index b456734684..9ae9d4dfbd 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -34,6 +34,7 @@ ENABLE_GCC_WARNING(redundant-decls)
#include "lib/log/torlog.h"
#include "or/config.h"
#include "lib/tls/tortls.h"
+#include "or/or_state_st.h"
#include "test/test.h"
#include "test/log_test_helpers.h"
diff --git a/src/test/test_util.c b/src/test/test_util.c
index 7f37a2ab9c..3c0b4f77fc 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -17,11 +17,13 @@
#include "or/config.h"
#include "or/control.h"
#include "or/transports.h"
+#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "test/test.h"
#include "lib/memarea/memarea.h"
#include "lib/process/waitpid.h"
#include "test/log_test_helpers.h"
+#include "lib/compress/compress.h"
#include "lib/compress/compress_zstd.h"
#include "lib/encoding/keyval.h"
#include "lib/fdio/fdio.h"
@@ -35,6 +37,7 @@
#include "lib/math/laplace.h"
#include "lib/meminfo/meminfo.h"
#include "lib/time/tvdiff.h"
+#include "lib/encoding/confline.h"
#ifdef HAVE_PWD_H
#include <pwd.h>
@@ -45,6 +48,16 @@
#ifdef HAVE_UTIME_H
#include <utime.h>
#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
#ifdef _WIN32
#include <tchar.h>
#endif
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index 3baeb98031..ace564d0fe 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -13,17 +13,27 @@
#include "or/or.h"
#include "or/control.h"
#include "or/config.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/rephist.h"
#include "lib/err/backtrace.h"
#include "test/test.h"
#include "or/channelpadding.h"
#include "or/main.h"
+#include "lib/compress/compress.h"
+#include "common/compat_libevent.h"
#include <stdio.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#ifdef _WIN32
/* For mkdir() */