/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file reasons.c
* \brief Convert circuit, stream, and orconn error reasons to and/or from
* strings and errno values.
*
* This module is just a bunch of functions full of case statements that
* convert from one representation of our error codes to another. These are
* mainly used in generating log messages, in sending messages to the
* controller in control.c, and in converting errors from one protocol layer
* to another.
**/
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/or/reasons.h"
#include "feature/nodelist/node_select.h"
#include "lib/tls/tortls.h"
/***************************** Edge (stream) reasons **********************/
/** Convert the reason for ending a stream reason into the format used
* in STREAM events. Return NULL if the reason is unrecognized. */
const char *
stream_end_reason_to_control_string(int reason)
{
reason &= END_STREAM_REASON_MASK;
switch (reason) {
case END_STREAM_REASON_MISC: return "MISC";
case END_STREAM_REASON_RESOLVEFAILED: return "RESOLVEFAILED";
case END_STREAM_REASON_CONNECTREFUSED: return "CONNECTREFUSED";
case END_STREAM_REASON_EXITPOLICY: return "EXITPOLICY";
case END_STREAM_REASON_DESTROY: return "DESTROY";
case END_STREAM_REASON_DONE: return "DONE";
case END_STREAM_REASON_TIMEOUT: return "TIMEOUT";
case END_STREAM_REASON_NOROUTE: return "NOROUTE";
case END_STREAM_REASON_HIBERNATING: return "HIBERNATING";
case END_STREAM_REASON_INTERNAL: return "INTERNAL";
case END_STREAM_REASON_RESOURCELIMIT: return "RESOURCELIMIT";
case END_STREAM_REASON_CONNRESET: return "CONNRESET";
case END_STREAM_REASON_TORPROTOCOL: return "TORPROTOCOL";
case END_STREAM_REASON_NOTDIRECTORY: return "NOTDIRECTORY";
case END_STREAM_REASON_CANT_ATTACH: return "CANT_ATTACH";
case END_STREAM_REASON_NET_UNREACHABLE: return "NET_UNREACHABLE";
case END_STREAM_REASON_SOCKSPROTOCOL: return "SOCKS_PROTOCOL";
// XXXX Controlspec
case END_STREAM_REASON_HTTPPROTOCOL: return "HTTP_PROTOCOL";
case END_STREAM_REASON_PRIVATE_ADDR: return "PRIVATE_ADDR";
default: return NULL;
}
}
/** Translate reason, which came from a relay 'end' cell,
* into a static const string describing why the stream is closing.
* reason is -1 if no reason was provided.
*/
const char *
stream_end_reason_to_string(int reason)
{
switch (reason) {
case -1:
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"End cell arrived with length 0. Should be at least 1.");
return "MALFORMED";
case END_STREAM_REASON_MISC: return "misc error";
case END_STREAM_REASON_RESOLVEFAILED: return "resolve failed";
case END_STREAM_REASON_CONNECTREFUSED: return "connection refused";
case END_STREAM_REASON_EXITPOLICY: return "exit policy failed";
case END_STREAM_REASON_DESTROY: return "destroyed";
case END_STREAM_REASON_DONE: return "closed normally";
case END_STREAM_REASON_TIMEOUT: return "gave up (timeout)";
case END_STREAM_REASON_NOROUTE: return "no route to host";
case END_STREAM_REASON_HIBERNATING: return "server is hibernating";
case END_STREAM_REASON_INTERNAL: return "internal error at server";
case END_STREAM_REASON_RESOURCELIMIT: return "server out of resources";
case END_STREAM_REASON_CONNRESET: return "connection reset";
case END_STREAM_REASON_TORPROTOCOL: return "Tor protocol error";
case END_STREAM_REASON_NOTDIRECTORY: return "not a directory";
default:
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Reason for ending (%d) not recognized.",reason);
return "unknown";
}
}
/** Translate reason (as from a relay 'end' cell) into an
* appropriate SOCKS5 reply code.
*
* A reason of 0 means that we're not actually expecting to send
* this code back to the socks client; we just call it 'succeeded'
* to keep things simple.
*/
socks5_reply_status_t
stream_end_reason_to_socks5_response(int reason)
{
switch (reason & END_STREAM_REASON_MASK) {
case 0:
return SOCKS5_SUCCEEDED;
case END_STREAM_REASON_MISC:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_RESOLVEFAILED:
return SOCKS5_HOST_UNREACHABLE;
case END_STREAM_REASON_CONNECTREFUSED:
return SOCKS5_CONNECTION_REFUSED;
case END_STREAM_REASON_ENTRYPOLICY:
return SOCKS5_NOT_ALLOWED;
case END_STREAM_REASON_EXITPOLICY:
return SOCKS5_NOT_ALLOWED;
case END_STREAM_REASON_DESTROY:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_DONE:
/* Note that 'DONE' usually indicates a successful close from the other
* side of the stream... but if we receive it before a connected cell --
* that is, before we have sent a SOCKS reply -- that means that the
* other side of the circuit closed the connection before telling us it
* was complete. */
return SOCKS5_CONNECTION_REFUSED;
case END_STREAM_REASON_TIMEOUT:
return SOCKS5_TTL_EXPIRED;
case END_STREAM_REASON_NOROUTE:
return SOCKS5_HOST_UNREACHABLE;
case END_STREAM_REASON_RESOURCELIMIT:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_HIBERNATING:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_INTERNAL:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_CONNRESET:
return SOCKS5_CONNECTION_REFUSED;
case END_STREAM_REASON_TORPROTOCOL:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_CANT_ATTACH:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_NET_UNREACHABLE:
return SOCKS5_NET_UNREACHABLE;
case END_STREAM_REASON_SOCKSPROTOCOL:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_HTTPPROTOCOL:
// LCOV_EXCL_START
tor_assert_nonfatal_unreached();
return SOCKS5_GENERAL_ERROR;
// LCOV_EXCL_STOP
case END_STREAM_REASON_PRIVATE_ADDR:
return SOCKS5_GENERAL_ERROR;
default:
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Reason for ending (%d) not recognized; "
"sending generic socks error.", reason);
return SOCKS5_GENERAL_ERROR;
}
}
/* We need to use a few macros to deal with the fact that Windows
* decided that their sockets interface should be a permakludge.
* E_CASE is for errors where windows has both a EFOO and a WSAEFOO
* version, and S_CASE is for errors where windows has only a WSAEFOO
* version. (The E is for 'error', the S is for 'socket'). */
#ifdef _WIN32
#define E_CASE(s) case s: case WSA ## s
#define S_CASE(s) case WSA ## s
#else
#define E_CASE(s) case s
#define S_CASE(s) case s
#endif /* defined(_WIN32) */
/** Given an errno from a failed exit connection, return a reason code
* appropriate for use in a RELAY END cell. */
uint8_t
errno_to_stream_end_reason(int e)
{
/* To add new errors here, find out if they exist on Windows, and if a WSA*
* equivalent exists on windows. Add a case, an S_CASE, or an E_CASE as
* appropriate. */
switch (e) {
case EPIPE:
return END_STREAM_REASON_DONE;
E_CASE(EBADF):
E_CASE(EFAULT):
E_CASE(EINVAL):
S_CASE(EISCONN):
S_CASE(ENOTSOCK):
S_CASE(EPROTONOSUPPORT):
S_CASE(EAFNOSUPPORT):
S_CASE(ENOTCONN):
return END_STREAM_REASON_INTERNAL;
S_CASE(ENETUNREACH):
S_CASE(EHOSTUNREACH):
E_CASE(EACCES):
case EPERM:
return END_STREAM_REASON_NOROUTE;
S_CASE(ECONNREFUSED):
return END_STREAM_REASON_CONNECTREFUSED;
S_CASE(ECONNRESET):
return END_STREAM_REASON_CONNRESET;
S_CASE(ETIMEDOUT):
return END_STREAM_REASON_TIMEOUT;
S_CASE(ENOBUFS):
case ENOMEM:
case ENFILE:
S_CASE(EADDRINUSE):
S_CASE(EADDRNOTAVAIL):
E_CASE(EMFILE):
return END_STREAM_REASON_RESOURCELIMIT;
default:
log_info(LD_EXIT, "Didn't recognize errno %d (%s); telling the client "
"that we are ending a stream for 'misc' reason.",
e, tor_socket_strerror(e));
return END_STREAM_REASON_MISC;
}
}
/***************************** ORConn reasons *****************************/
/** Convert the reason for ending an OR connection r into the format
* used in ORCONN events. Return "UNKNOWN" if the reason is unrecognized. */
const char *
orconn_end_reason_to_control_string(int r)
{
/* To add new errors here, find out if they exist on Windows, and if a WSA*
* equivalent exists on windows. Add a case, an S_CASE, or an E_CASE as
* appropriate. */
switch (r) {
case END_OR_CONN_REASON_DONE:
return "DONE";
case END_OR_CONN_REASON_REFUSED:
return "CONNECTREFUSED";
case END_OR_CONN_REASON_OR_IDENTITY:
return "IDENTITY";
case END_OR_CONN_REASON_CONNRESET:
return "CONNECTRESET";
case END_OR_CONN_REASON_TIMEOUT:
return "TIMEOUT";
case END_OR_CONN_REASON_NO_ROUTE:
return "NOROUTE";
case END_OR_CONN_REASON_IO_ERROR:
return "IOERROR";
case END_OR_CONN_REASON_RESOURCE_LIMIT:
return "RESOURCELIMIT";
case END_OR_CONN_REASON_TLS_ERROR:
return "TLS_ERROR";
case END_OR_CONN_REASON_MISC:
return "MISC";
case END_OR_CONN_REASON_PT_MISSING:
return "PT_MISSING";
case 0:
return "";
default:
log_warn(LD_BUG, "Unrecognized or_conn reason code %d", r);
return "UNKNOWN";
}
}
/** Convert a TOR_TLS_* error code into an END_OR_CONN_* reason. */
int
tls_error_to_orconn_end_reason(int e)
{
switch (e) {
case TOR_TLS_ERROR_IO:
return END_OR_CONN_REASON_IO_ERROR;
case TOR_TLS_ERROR_CONNREFUSED:
return END_OR_CONN_REASON_REFUSED;
case TOR_TLS_ERROR_CONNRESET:
return END_OR_CONN_REASON_CONNRESET;
case TOR_TLS_ERROR_NO_ROUTE:
return END_OR_CONN_REASON_NO_ROUTE;
case TOR_TLS_ERROR_TIMEOUT:
return END_OR_CONN_REASON_TIMEOUT;
case TOR_TLS_WANTREAD:
case TOR_TLS_WANTWRITE:
case TOR_TLS_CLOSE:
case TOR_TLS_DONE:
return END_OR_CONN_REASON_DONE;
case TOR_TLS_ERROR_MISC:
return END_OR_CONN_REASON_TLS_ERROR;
default:
return END_OR_CONN_REASON_MISC;
}
}
/** Given an errno from a failed ORConn connection, return a reason code
* appropriate for use in the controller orconn events. */
int
errno_to_orconn_end_reason(int e)
{
switch (e) {
case EPIPE:
return END_OR_CONN_REASON_DONE;
S_CASE(ENOTCONN):
S_CASE(ENETUNREACH):
S_CASE(ENETDOWN):
S_CASE(EHOSTUNREACH):
return END_OR_CONN_REASON_NO_ROUTE;
S_CASE(ECONNREFUSED):
return END_OR_CONN_REASON_REFUSED;
S_CASE(ECONNRESET):
return END_OR_CONN_REASON_CONNRESET;
S_CASE(ETIMEDOUT):
return END_OR_CONN_REASON_TIMEOUT;
S_CASE(ENOBUFS):
case ENOMEM:
case ENFILE:
E_CASE(EMFILE):
E_CASE(EACCES):
E_CASE(EBADF):
E_CASE(EFAULT):
E_CASE(EINVAL):
return END_OR_CONN_REASON_RESOURCE_LIMIT;
default:
log_info(LD_OR, "Didn't recognize errno %d (%s).",
e, tor_socket_strerror(e));
return END_OR_CONN_REASON_MISC;
}
}
/***************************** Circuit reasons *****************************/
/** Convert a numeric reason for destroying a circuit into a string for a
* CIRCUIT event. */
const char *
circuit_end_reason_to_control_string(int reason)
{
int is_remote = 0;
if (reason >= 0 && reason & END_CIRC_REASON_FLAG_REMOTE) {
reason &= ~END_CIRC_REASON_FLAG_REMOTE;
is_remote = 1;
}
switch (reason) {
case END_CIRC_AT_ORIGIN:
/* This shouldn't get passed here; it's a catch-all reason. */
return "ORIGIN";
case END_CIRC_REASON_NONE:
/* This shouldn't get passed here; it's a catch-all reason. */
return "NONE";
case END_CIRC_REASON_TORPROTOCOL:
return "TORPROTOCOL";
case END_CIRC_REASON_INTERNAL:
return "INTERNAL";
case END_CIRC_REASON_REQUESTED:
return "REQUESTED";
case END_CIRC_REASON_HIBERNATING:
return "HIBERNATING";
case END_CIRC_REASON_RESOURCELIMIT:
return "RESOURCELIMIT";
case END_CIRC_REASON_CONNECTFAILED:
return "CONNECTFAILED";
case END_CIRC_REASON_OR_IDENTITY:
return "OR_IDENTITY";
case END_CIRC_REASON_CHANNEL_CLOSED:
return "CHANNEL_CLOSED";
case END_CIRC_REASON_FINISHED:
return "FINISHED";
case END_CIRC_REASON_TIMEOUT:
return "TIMEOUT";
case END_CIRC_REASON_DESTROYED:
return "DESTROYED";
case END_CIRC_REASON_NOPATH:
return "NOPATH";
case END_CIRC_REASON_NOSUCHSERVICE:
return "NOSUCHSERVICE";
case END_CIRC_REASON_MEASUREMENT_EXPIRED:
return "MEASUREMENT_EXPIRED";
case END_CIRC_REASON_IP_NOW_REDUNDANT:
return "IP_NOW_REDUNDANT";
default:
if (is_remote) {
/*
* If it's remote, it's not a bug *here*, so don't use LD_BUG, but
* do note that the someone we're talking to is speaking the Tor
* protocol with a weird accent.
*/
log_warn(LD_PROTOCOL,
"Remote server sent bogus reason code %d", reason);
} else {
log_warn(LD_BUG,
"Unrecognized reason code %d", reason);
}
return NULL;
}
}
/** Return a string corresponding to a SOCKS4 response code. */
const char *
socks4_response_code_to_string(uint8_t code)
{
switch (code) {
case 0x5a:
return "connection accepted";
case 0x5b:
return "server rejected connection";
case 0x5c:
return "server cannot connect to identd on this client";
case 0x5d:
return "user id does not match identd";
default:
return "invalid SOCKS 4 response code";
}
}
/** Return a string corresponding to a SOCKS5 response code. */
const char *
socks5_response_code_to_string(uint8_t code)
{
switch (code) {
case 0x00:
return "connection accepted";
case 0x01:
return "general SOCKS server failure";
case 0x02:
return "connection not allowed by ruleset";
case 0x03:
return "Network unreachable";
case 0x04:
return "Host unreachable";
case 0x05:
return "Connection refused";
case 0x06:
return "TTL expired";
case 0x07:
return "Command not supported";
case 0x08:
return "Address type not supported";
default:
return "unknown reason";
}
}
/** Return a string corresponding to a bandwidth_weight_rule_t */
const char *
bandwidth_weight_rule_to_string(bandwidth_weight_rule_t rule)
{
switch (rule)
{
case NO_WEIGHTING:
return "no weighting";
case WEIGHT_FOR_EXIT:
return "weight as exit";
case WEIGHT_FOR_MID:
return "weight as middle node";
case WEIGHT_FOR_GUARD:
return "weight as guard";
case WEIGHT_FOR_DIR:
return "weight as directory";
default:
return "unknown rule";
}
}
/** Given a RELAY_END reason value, convert it to an HTTP response to be
* send over an HTTP tunnel connection. */
const char *
end_reason_to_http_connect_response_line(int endreason)
{
endreason &= END_STREAM_REASON_MASK;
/* XXXX these are probably all wrong. Should they all be 502? */
switch (endreason) {
case 0:
return "HTTP/1.0 200 OK\r\n\r\n";
case END_STREAM_REASON_MISC:
return "HTTP/1.0 500 Internal Server Error\r\n\r\n";
case END_STREAM_REASON_RESOLVEFAILED:
return "HTTP/1.0 404 Not Found (resolve failed)\r\n\r\n";
case END_STREAM_REASON_NOROUTE:
return "HTTP/1.0 404 Not Found (no route)\r\n\r\n";
case END_STREAM_REASON_CONNECTREFUSED:
return "HTTP/1.0 403 Forbidden (connection refused)\r\n\r\n";
case END_STREAM_REASON_EXITPOLICY:
return "HTTP/1.0 403 Forbidden (exit policy)\r\n\r\n";
case END_STREAM_REASON_DESTROY:
return "HTTP/1.0 502 Bad Gateway (destroy cell received)\r\n\r\n";
case END_STREAM_REASON_DONE:
return "HTTP/1.0 502 Bad Gateway (unexpected close)\r\n\r\n";
case END_STREAM_REASON_TIMEOUT:
return "HTTP/1.0 504 Gateway Timeout\r\n\r\n";
case END_STREAM_REASON_HIBERNATING:
return "HTTP/1.0 502 Bad Gateway (hibernating server)\r\n\r\n";
case END_STREAM_REASON_INTERNAL:
return "HTTP/1.0 502 Bad Gateway (internal error)\r\n\r\n";
case END_STREAM_REASON_RESOURCELIMIT:
return "HTTP/1.0 502 Bad Gateway (resource limit)\r\n\r\n";
case END_STREAM_REASON_CONNRESET:
return "HTTP/1.0 403 Forbidden (connection reset)\r\n\r\n";
case END_STREAM_REASON_TORPROTOCOL:
return "HTTP/1.0 502 Bad Gateway (tor protocol violation)\r\n\r\n";
case END_STREAM_REASON_ENTRYPOLICY:
return "HTTP/1.0 403 Forbidden (entry policy violation)\r\n\r\n";
case END_STREAM_REASON_NOTDIRECTORY: FALLTHROUGH;
default:
tor_assert_nonfatal_unreached();
return "HTTP/1.0 500 Internal Server Error (weird end reason)\r\n\r\n";
}
}