From 6f46316c319277d68ac44697221f1f9881c1d197 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 16 Sep 2003 20:57:09 +0000 Subject: bugfixes and refactorings svn:r468 --- src/or/circuit.c | 14 ++++++++------ src/or/connection.c | 2 +- src/or/connection_edge.c | 17 ++++++++++++++++- src/or/directory.c | 4 ++-- src/or/main.c | 2 +- src/or/onion.c | 5 +++++ src/or/or.h | 47 +++++++++++++---------------------------------- 7 files changed, 46 insertions(+), 45 deletions(-) diff --git a/src/or/circuit.c b/src/or/circuit.c index dbaf7c59c4..50d0591345 100644 --- a/src/or/circuit.c +++ b/src/or/circuit.c @@ -127,11 +127,13 @@ static aci_t get_unique_aci_by_addr_port(uint32_t addr, uint16_t port, int aci_t high_bit = (aci_type == ACI_TYPE_HIGHER) ? 1<<15 : 0; conn = connection_exact_get_by_addr_port(addr,port); if (!conn) - return 1; /* No connection exists; conflict is impossible. */ + return (1|high_bit); /* No connection exists; conflict is impossible. */ do { /* Sequentially iterate over test_aci=1...1<<15-1 until we find an * aci such that (high_bit|test_aci) is not already used. */ + /* XXX Will loop forever if all aci's in our range are used. + * This matters because it's an external DoS vulnerability. */ test_aci = conn->next_aci++; if (test_aci == 0 || test_aci >= 1<<15) { test_aci = 1; @@ -225,13 +227,13 @@ circuit_t *circuit_get_by_conn(connection_t *conn) { return NULL; } -circuit_t *circuit_get_newest_ap(void) { +circuit_t *circuit_get_newest_open(void) { circuit_t *circ, *bestcirc=NULL; for(circ=global_circuitlist;circ;circ = circ->next) { - if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && (!bestcirc || + if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && circ->n_conn && (!bestcirc || bestcirc->timestamp_created < circ->timestamp_created)) { - log_fn(LOG_DEBUG,"Choosing n_aci %d.", circ->n_aci); + log_fn(LOG_DEBUG,"Choosing circuit %s:%d:%d.", circ->n_conn->address, circ->n_port, circ->n_aci); assert(circ->n_aci); bestcirc = circ; } @@ -501,7 +503,7 @@ void circuit_close(circuit_t *circ) { assert(circ); if(options.APPort) { - youngest = circuit_get_newest_ap(); + youngest = circuit_get_newest_open(); log_fn(LOG_DEBUG,"youngest %d, circ %d.",(int)youngest, (int)circ); } circuit_remove(circ); @@ -610,7 +612,7 @@ void circuit_expire_unused_circuits(void) { circuit_t *circ, *tmpcirc; circuit_t *youngest; - youngest = circuit_get_newest_ap(); + youngest = circuit_get_newest_open(); circ = global_circuitlist; while(circ) { diff --git a/src/or/connection.c b/src/or/connection.c index 790d31db36..86eea5fbda 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -848,7 +848,7 @@ void assert_connection_ok(connection_t *conn, time_t now) conn->state <= _EXIT_CONN_STATE_MAX); break; case CONN_TYPE_AP: - assert(conn->state >= _EXIT_CONN_STATE_MIN && + assert(conn->state >= _AP_CONN_STATE_MIN && conn->state <= _AP_CONN_STATE_MAX); break; case CONN_TYPE_DIR: diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index e47983a127..cb53b8efce 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -12,6 +12,21 @@ static int connection_ap_handshake_socks_reply(connection_t *conn, char result); static int connection_exit_begin_conn(cell_t *cell, circuit_t *circ); +#define SOCKS4_REQUEST_GRANTED 90 +#define SOCKS4_REQUEST_REJECT 91 +#define SOCKS4_REQUEST_IDENT_FAILED 92 +#define SOCKS4_REQUEST_IDENT_CONFLICT 93 + +/* structure of a socks client operation */ +typedef struct { + unsigned char version; /* socks version number */ + unsigned char command; /* command code */ + unsigned char destport[2]; /* destination port, network order */ + unsigned char destip[4]; /* destination address */ + /* userid follows, terminated by a NULL */ + /* dest host follows, terminated by a NULL */ +} socks4_t; + int connection_edge_process_inbuf(connection_t *conn) { assert(conn); @@ -509,7 +524,7 @@ static int connection_ap_handshake_process_socks(connection_t *conn) { } /* find the circuit that we should use, if there is one. */ - circ = circuit_get_newest_ap(); + circ = circuit_get_newest_open(); if(!circ) { log_fn(LOG_INFO,"No circuit ready. Closing."); diff --git a/src/or/directory.c b/src/or/directory.c index db2287b7c5..7d1d7d0f55 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -21,6 +21,7 @@ static int reading_headers=0; static int directory_dirty=1; static char getstring[] = "GET / HTTP/1.0\r\n\r\n"; +static char poststring[] = "POST / HTTP/1.0\r\n\r\n"; static char answerstring[] = "HTTP/1.0 200 OK\r\n\r\n"; /********* END VARIABLES ************/ @@ -132,7 +133,7 @@ int connection_dir_process_inbuf(connection_t *conn) { if(router_get_dir_from_string(the_directory, conn->pkey) < 0) { log_fn(LOG_DEBUG,"...but parsing failed. Ignoring."); } else { - log_fn(LOG_DEBUG,"and got a %s directory; updated routers.", + log_fn(LOG_DEBUG,"and got an %s directory; updated routers.", conn->pkey ? "authenticated" : "unauthenticated"); } @@ -235,7 +236,6 @@ int connection_dir_finished_flushing(connection_t *conn) { case DIR_CONN_STATE_CONNECTING: if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) { /* not yet */ if(!ERRNO_CONN_EINPROGRESS(errno)) { - /* yuck. kill it. */ log_fn(LOG_DEBUG,"in-progress connect failed. Removing."); router_forget_router(conn->addr, conn->port); /* don't try him again */ return -1; diff --git a/src/or/main.c b/src/or/main.c index 310ca3df69..0d6737f000 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -343,7 +343,7 @@ static int prepare_for_poll(void) { if(options.APPort && time_to_new_circuit < now.tv_sec) { circuit_expire_unused_circuits(); circuit_launch_new(-1); /* tell it to forget about previous failures */ - circ = circuit_get_newest_ap(); + circ = circuit_get_newest_open(); if(!circ || circ->dirty) { log(LOG_INFO,"prepare_for_poll(): Youngest circuit %s; launching replacement.", circ ? "dirty" : "missing"); circuit_launch_new(0); /* make an onion and lay the circuit */ diff --git a/src/or/onion.c b/src/or/onion.c index 5088fb59aa..1c6f605a89 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -21,6 +21,11 @@ int decide_aci_type(uint32_t local_addr, uint16_t local_port, return ACI_TYPE_LOWER; } +struct onion_queue_t { + circuit_t *circ; + struct onion_queue_t *next; +}; + /* global (within this file) variables used by the next few functions */ static struct onion_queue_t *ol_list=NULL; static struct onion_queue_t *ol_tail=NULL; diff --git a/src/or/or.h b/src/or/or.h index 2bea073025..7699ff93a8 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -105,8 +105,10 @@ #define MAX_BUF_SIZE (640*1024) #define DEFAULT_BANDWIDTH_OP (1024 * 1000) +#ifndef USE_TLS #define HANDSHAKE_AS_OP 1 #define HANDSHAKE_AS_OR 2 +#endif #define ACI_TYPE_LOWER 0 #define ACI_TYPE_HIGHER 1 @@ -136,7 +138,6 @@ #define _CPUWORKER_STATE_MAX 2 #define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION -#define CPUWORKER_TASK_HANDSHAKE CPUWORKER_STATE_BUSY_HANDSHAKE #ifndef USE_TLS /* how to read these states: @@ -180,21 +181,17 @@ #define _AP_CONN_STATE_MAX 5 #define _DIR_CONN_STATE_MIN 0 -#define DIR_CONN_STATE_CONNECTING 0 -#define DIR_CONN_STATE_SENDING_COMMAND 1 -#define DIR_CONN_STATE_READING 2 -#define DIR_CONN_STATE_COMMAND_WAIT 3 -#define DIR_CONN_STATE_WRITING 4 +#define DIR_CONN_STATE_CONNECTING 0 /* client */ +#define DIR_CONN_STATE_SENDING_COMMAND 1 /* client */ +#define DIR_CONN_STATE_READING 2 /* client */ +#define DIR_CONN_STATE_COMMAND_WAIT 3 /* dirserver */ +#define DIR_CONN_STATE_WRITING 4 /* dirserver */ #define _DIR_CONN_STATE_MAX 4 #define CIRCUIT_STATE_BUILDING 0 /* I'm the OP, still haven't done all my handshakes */ -#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onion */ +#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onionskin */ #define CIRCUIT_STATE_OR_WAIT 2 /* I'm the OP, my firsthop is still connecting */ -#define CIRCUIT_STATE_OPEN 3 /* onion processed, ready to send data along the connection */ -//#define CIRCUIT_STATE_CLOSE_WAIT1 4 /* sent two "destroy" signals, waiting for acks */ -//#define CIRCUIT_STATE_CLOSE_WAIT2 5 /* received one ack, waiting for one more -// (or if just one was sent, waiting for that one */ -//#define CIRCUIT_STATE_CLOSE 4 /* both acks received, connection is dead */ /* NOT USED */ +#define CIRCUIT_STATE_OPEN 3 /* onionskin(s) processed, ready to send/receive cells */ #define RELAY_COMMAND_BEGIN 1 #define RELAY_COMMAND_DATA 2 @@ -212,8 +209,10 @@ #define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR /* Used to en/decrypt onion skins */ #define ONION_CIPHER DEFAULT_CIPHER +#ifndef USE_TLS /* Used to en/decrypt cells between ORs/OPs. */ #define CONNECTION_CIPHER DEFAULT_CIPHER +#endif /* Used to en/decrypt RELAY cells */ #define CIRCUIT_CIPHER DEFAULT_CIPHER @@ -260,21 +259,6 @@ typedef struct { #define ZERO_STREAM "\0\0\0\0\0\0\0\0" -#define SOCKS4_REQUEST_GRANTED 90 -#define SOCKS4_REQUEST_REJECT 91 -#define SOCKS4_REQUEST_IDENT_FAILED 92 -#define SOCKS4_REQUEST_IDENT_CONFLICT 93 - -/* structure of a socks client operation */ -typedef struct { - unsigned char version; /* socks version number */ - unsigned char command; /* command code */ - unsigned char destport[2]; /* destination port, network order */ - unsigned char destip[4]; /* destination address */ - /* userid follows, terminated by a NULL */ - /* dest host follows, terminated by a NULL */ -} socks4_t; - struct connection_t { uint8_t type; @@ -428,7 +412,7 @@ struct circuit_t { int package_window; int deliver_window; - aci_t p_aci; /* connection identifiers */ + aci_t p_aci; /* circuit identifiers */ aci_t n_aci; crypto_cipher_env_t *p_crypto; /* used only for intermediate hops */ @@ -447,11 +431,6 @@ struct circuit_t { typedef struct circuit_t circuit_t; -struct onion_queue_t { - circuit_t *circ; - struct onion_queue_t *next; -}; - typedef struct { char *LogLevel; char *RouterFile; @@ -507,7 +486,7 @@ void circuit_free(circuit_t *circ); circuit_t *circuit_enumerate_by_naddr_nport(circuit_t *start, uint32_t naddr, uint16_t nport); circuit_t *circuit_get_by_aci_conn(aci_t aci, connection_t *conn); circuit_t *circuit_get_by_conn(connection_t *conn); -circuit_t *circuit_get_newest_ap(void); +circuit_t *circuit_get_newest_open(void); int circuit_deliver_relay_cell(cell_t *cell, circuit_t *circ, int cell_direction, crypt_path_t *layer_hint); -- cgit v1.2.3-54-g00ecf