1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2020, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* @file or_connection_st.h
* @brief OR connection structure.
**/
#ifndef OR_CONNECTION_ST_H
#define OR_CONNECTION_ST_H
#include "core/or/connection_st.h"
#include "lib/evloop/token_bucket.h"
struct tor_tls_t;
/** Subtype of connection_t for an "OR connection" -- that is, one that speaks
* cells over TLS. */
struct or_connection_t {
connection_t base_;
/** Hash of the public RSA key for the other side's identity key, or zeroes
* if the other side hasn't shown us a valid identity key. */
char identity_digest[DIGEST_LEN];
/** Extended ORPort connection identifier. */
char *ext_or_conn_id;
/** This is the ClientHash value we expect to receive from the
* client during the Extended ORPort authentication protocol. We
* compute it upon receiving the ClientNoce from the client, and we
* compare it with the acual ClientHash value sent by the
* client. */
char *ext_or_auth_correct_client_hash;
/** String carrying the name of the pluggable transport
* (e.g. "obfs2") that is obfuscating this connection. If no
* pluggable transports are used, it's NULL. */
char *ext_or_transport;
char *nickname; /**< Nickname of OR on other side (if any). */
struct tor_tls_t *tls; /**< TLS connection state. */
int tls_error; /**< Last tor_tls error code. */
/** When we last used this conn for any client traffic. If not
* recent, we can rate limit it further. */
/* Channel using this connection */
channel_tls_t *chan;
/**
* The "canonical" address and port for this relay's ORPort, if this is
* a known relay.
*
* An ORPort is "canonical" in this sense only if it is the same ORPort
* that is listed for this identity in the consensus we have.
*
* This field may be set on outbound connections for _any_ relay, and on
* inbound connections after authentication. If we don't know the relay's
* identity, or if we don't have the relay's identity in our consensus, we
* leave this address as UNSPEC.
**/
tor_addr_port_t canonical_orport;
/** Should this connection be used for extending circuits to the server
* matching the <b>identity_digest</b> field? Set to true if we're pretty
* sure we aren't getting MITMed, either because we're connected to an
* address listed in a server descriptor, or because an authenticated
* NETINFO cell listed the address we're connected to as recognized. */
unsigned int is_canonical:1;
/** True iff this is an outgoing connection. */
unsigned int is_outgoing:1;
unsigned int proxy_type:3; /**< One of PROXY_NONE...PROXY_HAPROXY */
unsigned int wide_circ_ids:1;
/** True iff a failure on this connection indicates a posssible
* bootstrapping problem. We set this as true if we notice that this
* connection could handle a pending origin circuit, or if we launch it to
* handle an origin circuit. */
unsigned int potentially_used_for_bootstrapping:1;
/** True iff this connection has had its bootstrap failure logged with
* control_event_bootstrap_problem. */
unsigned int have_noted_bootstrap_problem:1;
/** True iff this is a client connection and its address has been put in the
* geoip cache and handled by the DoS mitigation subsystem. We use this to
* insure we have a coherent count of concurrent connection. */
unsigned int tracked_for_dos_mitigation : 1;
/** True iff this connection is using a pluggable transport */
unsigned int is_pt : 1;
uint16_t link_proto; /**< What protocol version are we using? 0 for
* "none negotiated yet." */
uint16_t idle_timeout; /**< How long can this connection sit with no
* circuits on it before we close it? Based on
* IDLE_CIRCUIT_TIMEOUT_{NON,}CANONICAL and
* on is_canonical, randomized. */
or_handshake_state_t *handshake_state; /**< If we are setting this connection
* up, state information to do so. */
time_t timestamp_lastempty; /**< When was the outbuf last completely empty?*/
token_bucket_rw_t bucket; /**< Used for rate limiting when the connection is
* in state CONN_OPEN. */
/*
* Count the number of bytes flushed out on this orconn, and the number of
* bytes TLS actually sent - used for overhead estimation for scheduling.
*/
uint64_t bytes_xmitted, bytes_xmitted_by_tls;
};
#endif /* !defined(OR_CONNECTION_ST_H) */
|
