aboutsummaryrefslogtreecommitdiff
path: root/src/or/channeltls.c
AgeCommit message (Collapse)Author
2018-07-05Move literally everything out of src/orNick Mathewson
This commit won't build yet -- it just puts everything in a slightly more logical place. The reasoning here is that "src/core" will hold the stuff that every (or nearly every) tor instance will need in order to do onion routing. Other features (including some necessary ones) will live in "src/feature". The "src/app" directory will hold the stuff needed to have Tor be an application you can actually run. This commit DOES NOT refactor the former contents of src/or into a logical set of acyclic libraries, or change any code at all. That will have to come in the future. We will continue to move things around and split them in the future, but I hope this lays a reasonable groundwork for doing so.
2018-07-03Merge remote-tracking branch 'github/ticket26626'Nick Mathewson
2018-07-03Return U64_PRINTF_ARG and U64_FORMATNick Mathewson
The standard is printf("%"PRIu64, x);
2018-07-01Remove needless includes from or.hNick Mathewson
or.h should really include only the minimum of stuff from or/*, common/*, and lib/*.
2018-06-20Run rectify_include_paths.pyNick Mathewson
2018-06-20Update copyrights to 2018.Nick Mathewson
2018-06-15Move extend_info_t into its own header.Nick Mathewson
2018-06-15Extract cell type and their queues into new headersNick Mathewson
Since packed_cell and destroy_cell exist only to be queued, they go in the same headers as the queues.
2018-06-15Extract routerinfo_t into its own header.Nick Mathewson
I was expecting this to be much worse.
2018-06-15Split or_handshake_{certs,state}_t into their own headers.Nick Mathewson
2018-06-15Move or_connection_t to its own header.Nick Mathewson
2018-02-15cmux: Make EWMA policy mandatoryDavid Goulet
To achieve this, a default value for the CircuitPriorityHalflife option was needed. We still look in the options and then the consensus but in case no value can be found, the default CircuitPriorityHalflifeMsec=30000 is used. It it the value we've been using since 0.2.4.4-alpha. This means that EWMA, our only policy, can not be disabled anymore fallbacking to the round robin algorithm. Unneeded code to control that is removed in this commit. Part of #25268 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-07remove blank line between function-comment and functionRoger Dingledine
also be more consistent about punctuation in doxygen comments
2018-02-07more fixes for typos, grammar, whitespace, etcRoger Dingledine
some of these ought to have been noticed by the "misspell" tool, so if anybody is debugging it, here are some bug reports :)
2018-01-31Merge remote-tracking branch 'dgoulet/ticket24902_029_05'Nick Mathewson
2018-01-31channel_tls_get_remote_addr_method now returns real_addr.Fernando Fernandez Mancera
The accurate address of a connection is real_addr, not the addr member. channel_tls_get_remote_addr_method() now returns real_addr instead. Fixes #24952; bugfix on 707c1e2 in 0.2.4.11-alpha. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2017-12-08chan: Do not re-queue after a fail cell writeDavid Goulet
Couple things happen in this commit. First, we do not re-queue a cell back in the circuit queue if the write packed cell failed. Currently, it is close to impossible to have it failed but just in case, the channel is mark as closed and we move on. The second thing is that the channel_write_packed_cell() always took ownership of the cell whatever the outcome. This means, on success or failure, it needs to free it. It turns out that that we were using the wrong free function in one case and not freeing it in an other possible code path. So, this commit makes sure we only free it in one place that is at the very end of channel_write_packed_cell() which is the top layer of the channel abstraction. This makes also channel_tls_write_packed_cell_method() return a negative value on error. Two unit tests had to be fixed (quite trivial) due to a double free of the packed cell in the test since now we do free it in all cases correctly. Part of #23709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22channel: Remove incoming/outgoing queueDavid Goulet
For the rationale, see ticket #23709. This is a pretty massive commit. Those queues were everywhere in channel.c and it turns out that it was used by lots of dead code. The channel subsystem *never* handles variable size cell (var_cell_t) or unpacked cells (cell_t). The variable ones are only handled in channeltls and outbound cells are always packed from the circuit queue so this commit removes code related to variable and unpacked cells. However, inbound cells are unpacked (cell_t), that is untouched and is handled via channel_process_cell() function. In order to make the commit compile, test have been modified but not passing at this commit. Also, many tests have been removed but better improved ones get added in future commits. This commit also adds a XXX: which indicates that the handling process of outbound cells isn't fully working. This as well is fixed in a future commit. Finally, at this commit, more dead code remains, it will be cleanup in future commits. Fixes #23709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20Fix a comment that misunderstood is_canonicalNick Mathewson
is_canonical doesn't mean "am I connected to the one true address of this relay"; it means "does this relay tell me that the address I'm connected to belong to it." The point is to prevent TCP-based MITM, not to prevent the relay from multi-homing. Related to 22890.
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-09-15Merge branch 'maint-0.3.1'Nick Mathewson
Resolve conflict with 23532 code.
2017-09-15Make NETINFO clock skew detection work on clientsTaylor Yu
An unnecessary routerlist check in the NETINFO clock skew detection in channel_tls_process_netinfo_cell() was preventing clients from reporting NETINFO clock skew to controllers.
2017-09-15Refactor channeltls.c lightlyTaylor Yu
Refactor some repetitive deep indirections in several functions in channeltls.c into local variables.
2017-09-15Fix several places where md-using relays would get wrong behavior.Nick Mathewson
This patch replaces a few calls to router_get_by_id_digest ("do we have a routerinfo?") with connection_or_digest_is_known_relay ("do we know this relay to be in the consensus, or have been there some time recently?"). Found while doing the 21585 audit; fixes bug 23533. Bugfix on 0.3.0.1-alpha.
2017-09-05Repair buffer API so everything starts with buf_.Nick Mathewson
Our convention is that functions which manipulate a type T should be named T_foo. But the buffer functions were super old, and followed all kinds of conventions. Now they're uniform. Here's the perl I used to do this: \#!/usr/bin/perl -w -i -p s/read_to_buf\(/buf_read_from_socket\(/; s/flush_buf\(/buf_flush_to_socket\(/; s/read_to_buf_tls\(/buf_read_from_tls\(/; s/flush_buf_tls\(/buf_flush_to_tls\(/; s/write_to_buf\(/buf_add\(/; s/write_to_buf_compress\(/buf_add_compress\(/; s/move_buf_to_buf\(/buf_move_to_buf\(/; s/peek_from_buf\(/buf_peek\(/; s/fetch_from_buf\(/buf_get_bytes\(/; s/fetch_from_buf_line\(/buf_get_line\(/; s/fetch_from_buf_line\(/buf_get_line\(/; s/buf_remove_from_front\(/buf_drain\(/; s/peek_buf_startswith\(/buf_peek_startswith\(/; s/assert_buf_ok\(/buf_assert_ok\(/;
2017-07-01general formatting / whitespace / typo fixesRoger Dingledine
2017-06-21Merge branch 'callgraph_reduction_v2'Nick Mathewson
2017-06-21Extract channel_do_open_actions() from non-open _change_state casesNick Mathewson
This reduces the size of the largest SCC in the callgraph by 30 functions, from 58 to 28.
2017-05-08whitespace fixesNick Mathewson
2017-05-08Merge branch 'netflow_padding-v6-rebased2-squashed'Nick Mathewson
2017-05-08Fix issues from dgoulet's code review.Mike Perry
https://gitlab.com/dgoulet/tor/merge_requests/24
2017-05-08Bug 17604: Converge on only one long-lived TLS conn between relays.Mike Perry
Accomplished via the following: 1. Use NETINFO cells to determine if both peers will agree on canonical status. Prefer connections where they agree to those where they do not. 2. Alter channel_is_better() to prefer older orconns in the case of multiple canonical connections, and use the orconn with more circuits on it in case of age ties. Also perform some hourly accounting on how many of these types of connections there are and log it at info or notice level.
2017-05-08Netflow record collapsing defense.Mike Perry
This defense will cause Cisco, Juniper, Fortinet, and other routers operating in the default configuration to collapse netflow records that would normally be split due to the 15 second flow idle timeout. Collapsing these records should greatly reduce the utility of default netflow data for correlation attacks, since all client-side records should become 30 minute chunks of total bytes sent/received, rather than creating multiple separate records for every webpage load/ssh command interaction/XMPP chat/whatever else happens to be inactive for more than 15 seconds. The defense adds consensus parameters to govern the range of timeout values for sending padding packets, as well as for keeping connections open. The defense only sends padding when connections are otherwise inactive, and it does not pad connections used solely for directory traffic at all. By default it also doesn't pad inter-relay connections. Statistics on the total padding in the last 24 hours are exported to the extra-info descriptors.
2017-05-02Merge branch 'teor_connection-with-client-v2_squashed'Nick Mathewson
2017-05-02Accurately identify client connections by their lack of peer authenticationteor
This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
2017-03-15Run the copyright update script.Nick Mathewson
2016-12-16Merge branch 'prop271_030_v1_squashed'Nick Mathewson
2016-12-08Add a few more debug/info-level logs for ed25519 link handshake stuffNick Mathewson
2016-12-08Add a bunch of work-in-progress comments for 15056 planningNick Mathewson
2016-12-08When attempting to find a channel by ID, consider Ed ID.Nick Mathewson
Right now, there's only a mechanism to look for a channel where the RSA ID matches *and* the ED ID matches. We can add a separate map later if we want.
2016-11-30New function to tell the guard module "We're on the net!"Nick Mathewson
(Call it whenever we read a cell.)
2016-11-03Replace some assert(1)s with nonfatal_unreached_once().Nick Mathewson
These were probably supposed to be assert(0).
2016-11-03whitespace fixesNick Mathewson
2016-11-03Merge branch 'feature_15055_v2'Nick Mathewson
2016-11-03Audit use of tor_tls_cert_get_key().Nick Mathewson
This function is allowed to return NULL if the certified key isn't RSA. But in a couple of places we were treating this as a bug or internal error, and in one other place we weren't checking for it at all! Caught by Isis during code review for #15055. The serious bug was only on the 15055 branch, thank goodness.
2016-11-03Clean up comments, mark more branches as BUG.Nick Mathewson
2016-11-03Unit tests for cert-chain-processing, including failed casesNick Mathewson
Check out the coverage!
2016-11-03Send and receive AUTHENTICATE cells correctly with ED keys.Nick Mathewson
Includes updated test for authchallenge cells
2016-11-03Verify ed25519 link handshake certificatesNick Mathewson
This code stores the ed certs as appropriate, and tries to check them. The Ed25519 result is not yet used, and (because of its behavior) this will break RSA authenticate cells. That will get fixed as we go, however. This should implement 19157, but it needs tests, and it needs to get wired in.
2016-11-03Add "Ed ID" arguments to a bunch of connection-ID-related fns.Nick Mathewson
In particular, these functions are the ones that set the identity of a given connection or channel, and/or confirm that we have learned said IDs. There's a lot of stub code here: we don't actually need to use the new keys till we start looking up connections/channels by Ed25519 IDs. Still, we want to start passing the Ed25519 IDs in now, so it makes sense to add these stubs as part of 15055.