/** Process a 'destroy' <b>cell</b> that just arrived from
* <b>conn</b>. Find the circ that it refers to (if any).
*
* If the circ is in state
* onionskin_pending, then call onion_pending_remove() to remove it
* from the pending onion list (note that if it's already being
* processed by the cpuworker, it won't be in the list anymore; but
* when the cpuworker returns it, the circuit will be gone, and the
* cpuworker response will be dropped).
*
* Then mark the circuit for close (which marks all edges for close,
* and passes the destroy cell onward if necessary).
*/
static void
command_process_destroy_cell(cell_t *cell, or_connection_t *conn)
{
circuit_t *circ;
int reason;
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
reason = (uint8_t)cell->payload[0];
if (!circ) {
log_info(LD_OR,"unknown circuit %d on connection from %s:%d. Dropping.",
cell->circ_id, conn->_base.address, conn->_base.port);
return;
}
log_debug(LD_OR,"Received for circID %d.",cell->circ_id);
if (!CIRCUIT_IS_ORIGIN(circ) &&
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
/* the destroy came from behind */
circuit_set_p_circid_orconn(TO_OR_CIRCUIT(circ), 0, NULL);
circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
} else { /* the destroy came from ahead */
circuit_set_n_circid_orconn(circ, 0, NULL);
if (CIRCUIT_IS_ORIGIN(circ)) {
circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
} else {
char payload[1];
log_debug(LD_OR, "Delivering 'truncated' back.");
payload[0] = (char)reason;
relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
payload, sizeof(payload), NULL);
}
}
}
/** Process a 'relay' or 'relay_early' <b>cell</b> that just arrived from
* <b>conn</b>. Make sure it came in with a recognized circ_id. Pass it on to
* circuit_receive_relay_cell() for actual processing.
*/
static void
command_process_relay_cell(cell_t *cell, or_connection_t *conn)
{
circuit_t *circ;
int reason, direction;
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
if (!circ) {
log_debug(LD_OR,
"unknown circuit %d on connection from %s:%d. Dropping.",
cell->circ_id, conn->_base.address, conn->_base.port);
return;
}
if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit in create_wait. Closing.");
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
return;
}
if (CIRCUIT_IS_ORIGIN(circ)) {
/* if we're a relay and treating connections with recent local
* traffic better, then this is one of them. */
conn->client_used = time(NULL);
}
if (!CIRCUIT_IS_ORIGIN(circ) &&
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)
direction = CELL_DIRECTION_OUT;
else
direction = CELL_DIRECTION_IN;
/* If we have a relay_early cell, make sure that it's outbound, and we've
* gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
if (cell->command == CELL_RELAY_EARLY) {
if (direction == CELL_DIRECTION_IN) {
/* XXX Allow an unlimited number of inbound relay_early cells for
* now, for hidden service compatibility. See bug 1038. -RD */
} else {
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
if (or_circ->remaining_relay_early_cells == 0) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received too many RELAY_EARLY cells on circ %d from %s:%d."
" Closing circuit.",
cell->circ_id, safe_str(conn->_base.address), conn->_base.port);
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
return;
}
--or_circ->remaining_relay_early_cells;
}
}
if ((reason = circuit_receive_relay_cell(cell, circ, direction)) < 0) {
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit_receive_relay_cell "
"(%s) failed. Closing.",
direction==CELL_DIRECTION_OUT?"forward":"backward");
circuit_mark_for_close(circ, -reason);
}
}
/** Log, at severity <b>severity</b>, information about each circuit
* that is connected to <b>conn</b>.
*/
void
circuit_dump_by_conn(connection_t *conn, int severity)
{
circuit_t *circ;
edge_connection_t *tmpconn;
for (circ=global_circuitlist;circ;circ = circ->next) {
circid_t n_circ_id = circ->n_circ_id, p_circ_id = 0;
if (circ->marked_for_close)
continue;
if (! CIRCUIT_IS_ORIGIN(circ))
p_circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
if (! CIRCUIT_IS_ORIGIN(circ) && TO_OR_CIRCUIT(circ)->p_conn &&
TO_CONN(TO_OR_CIRCUIT(circ)->p_conn) == conn)
circuit_dump_details(severity, circ, conn->conn_array_index, "App-ward",
p_circ_id, n_circ_id);
if (CIRCUIT_IS_ORIGIN(circ)) {
for (tmpconn=TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
tmpconn=tmpconn->next_stream) {
if (TO_CONN(tmpconn) == conn) {
circuit_dump_details(severity, circ, conn->conn_array_index,
"App-ward", p_circ_id, n_circ_id);
}
}
}
if (circ->n_conn && TO_CONN(circ->n_conn) == conn)
circuit_dump_details(severity, circ, conn->conn_array_index, "Exit-ward",
n_circ_id, p_circ_id);
if (! CIRCUIT_IS_ORIGIN(circ)) {
for (tmpconn=TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
tmpconn=tmpconn->next_stream) {
if (TO_CONN(tmpconn) == conn) {
circuit_dump_details(severity, circ, conn->conn_array_index,
"Exit-ward", n_circ_id, p_circ_id);
}
}
}
if (!circ->n_conn && circ->n_hop &&
tor_addr_eq(&circ->n_hop->addr, &conn->addr) &&
circ->n_hop->port == conn->port &&
conn->type == CONN_TYPE_OR &&
!memcmp(TO_OR_CONN(conn)->identity_digest,
circ->n_hop->identity_digest, DIGEST_LEN)) {
circuit_dump_details(severity, circ, conn->conn_array_index,
(circ->state == CIRCUIT_STATE_OPEN &&
!CIRCUIT_IS_ORIGIN(circ)) ?
"Endpoint" : "Pending",
n_circ_id, p_circ_id);
}
}
}
/** Return the first OR circuit in the global list whose purpose is
* <b>purpose</b>, and whose rend_token is the <b>len</b>-byte
* <b>token</b>. */
static or_circuit_t *
circuit_get_by_rend_token_and_purpose(uint8_t purpose, const char *token,
size_t len)
{
circuit_t *circ;
for (circ = global_circuitlist; circ; circ = circ->next) {
if (! circ->marked_for_close &&
circ->purpose == purpose &&
! memcmp(TO_OR_CIRCUIT(circ)->rend_token, token, len))
return TO_OR_CIRCUIT(circ);
}
return NULL;
}
/* Note the cell digest in the circuit sendme last digests FIFO if applicable.
* It is safe to pass a circuit that isn't meant to track those digests. */
void
sendme_record_cell_digest(circuit_t *circ)
{
const uint8_t *digest;
tor_assert(circ);
/* We only keep the cell digest if we are the Exit on that circuit and if
* this cell is the last one before the client should send a SENDME. */
if (CIRCUIT_IS_ORIGIN(circ)) {
return;
}
/* Is this the last cell before a SENDME? The idea is that if the
* package_window reaches a multiple of the increment, after this cell, we
* should expect a SENDME. */
if (!sendme_circuit_cell_is_next(circ->package_window)) {
return;
}
/* Add the digest to the last seen list in the circuit. */
digest = relay_crypto_get_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto);
if (circ->sendme_last_digests == NULL) {
circ->sendme_last_digests = smartlist_new();
}
smartlist_add(circ->sendme_last_digests, tor_memdup(digest, DIGEST_LEN));
}
/* Helper function: Query circuitmap for OR circuit with <b>token</b> of size
* <b>token_len</b> and <b>type</b>. Only returns a circuit with purpose equal
* to the <b>wanted_circ_purpose</b> parameter and if it is NOT marked for
* close. Return NULL if no such circuit is found. */
static or_circuit_t *
hs_circuitmap_get_or_circuit(hs_token_type_t type,
size_t token_len,
const uint8_t *token,
uint8_t wanted_circ_purpose)
{
circuit_t *circ;
tor_assert(token);
tor_assert(!CIRCUIT_PURPOSE_IS_ORIGIN(wanted_circ_purpose));
circ = hs_circuitmap_get_circuit_impl(type, token_len, token,
wanted_circ_purpose);
if (!circ) {
return NULL;
}
tor_assert(CIRCUIT_IS_ORCIRC(circ));
return TO_OR_CIRCUIT(circ);
}
/** Return a circ such that:
* - circ-\>n_circ_id or circ-\>p_circ_id is equal to <b>circ_id</b>, and
* - circ is attached to <b>conn</b>, either as p_conn or n_conn.
* Return NULL if no such circuit exists.
*/
static INLINE circuit_t *
circuit_get_by_circid_orconn_impl(circid_t circ_id, or_connection_t *conn)
{
orconn_circid_circuit_map_t search;
orconn_circid_circuit_map_t *found;
if (_last_circid_orconn_ent &&
circ_id == _last_circid_orconn_ent->circ_id &&
conn == _last_circid_orconn_ent->or_conn) {
found = _last_circid_orconn_ent;
} else {
search.circ_id = circ_id;
search.or_conn = conn;
found = HT_FIND(orconn_circid_map, &orconn_circid_circuit_map, &search);
_last_circid_orconn_ent = found;
}
if (found && found->circuit)
return found->circuit;
return NULL;
/* The rest of this checks for bugs. Disabled by default. */
{
circuit_t *circ;
for (circ=global_circuitlist;circ;circ = circ->next) {
if (! CIRCUIT_IS_ORIGIN(circ)) {
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
if (or_circ->p_conn == conn && or_circ->p_circ_id == circ_id) {
log_warn(LD_BUG,
"circuit matches p_conn, but not in hash table (Bug!)");
return circ;
}
}
if (circ->n_conn == conn && circ->n_circ_id == circ_id) {
log_warn(LD_BUG,
"circuit matches n_conn, but not in hash table (Bug!)");
return circ;
}
}
return NULL;
}
}
/** Check if the deliver_window for circuit <b>circ</b> (at hop
* <b>layer_hint</b> if it's defined) is low enough that we should
* send a circuit-level sendme back down the circuit. If so, send
* enough sendmes that the window would be overfull if we sent any
* more.
*/
void
sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
{
const uint8_t *digest;
while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <=
CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
log_debug(LD_CIRC,"Queuing circuit sendme.");
if (layer_hint) {
layer_hint->deliver_window += CIRCWINDOW_INCREMENT;
digest = relay_crypto_get_sendme_digest(&layer_hint->crypto);
} else {
circ->deliver_window += CIRCWINDOW_INCREMENT;
digest = relay_crypto_get_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto);
}
if (send_circuit_level_sendme(circ, layer_hint, digest) < 0) {
return; /* The circuit's closed, don't continue */
}
}
}
static edge_connection_t *
dummy_edge_conn_new(circuit_t *circ,
int type, size_t in_bytes, size_t out_bytes)
{
edge_connection_t *conn;
generic_buffer_t *inbuf, *outbuf;
if (type == CONN_TYPE_EXIT)
conn = edge_connection_new(type, AF_INET);
else
conn = ENTRY_TO_EDGE_CONN(entry_connection_new(type, AF_INET));
#ifdef USE_BUFFEREVENTS
inbuf = bufferevent_get_input(TO_CONN(conn)->bufev);
outbuf = bufferevent_get_output(TO_CONN(conn)->bufev);
#else
inbuf = TO_CONN(conn)->inbuf;
outbuf = TO_CONN(conn)->outbuf;
#endif
/* We add these bytes directly to the buffers, to avoid all the
* edge connection read/write machinery. */
add_bytes_to_buf(inbuf, in_bytes);
add_bytes_to_buf(outbuf, out_bytes);
conn->on_circuit = circ;
if (type == CONN_TYPE_EXIT) {
or_circuit_t *oc = TO_OR_CIRCUIT(circ);
conn->next_stream = oc->n_streams;
oc->n_streams = conn;
} else {
origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
conn->next_stream = oc->p_streams;
oc->p_streams = conn;
}
return conn;
}
/** Release all storage held by circuits. */
void
circuit_free_all(void)
{
circuit_t *next;
while (global_circuitlist) {
next = global_circuitlist->next;
if (! CIRCUIT_IS_ORIGIN(global_circuitlist)) {
or_circuit_t *or_circ = TO_OR_CIRCUIT(global_circuitlist);
while (or_circ->resolving_streams) {
edge_connection_t *next_conn;
next_conn = or_circ->resolving_streams->next_stream;
connection_free(TO_CONN(or_circ->resolving_streams));
or_circ->resolving_streams = next_conn;
}
}
circuit_free(global_circuitlist);
global_circuitlist = next;
}
if (circuits_pending_or_conns) {
smartlist_free(circuits_pending_or_conns);
circuits_pending_or_conns = NULL;
}
HT_CLEAR(orconn_circid_map, &orconn_circid_circuit_map);
}
/** For each circuit that has <b>conn</b> as n_conn or p_conn, unlink the
* circuit from the orconn,circid map, and mark it for close if it hasn't
* been marked already.
*/
void
circuit_unlink_all_from_or_conn(or_connection_t *conn, int reason)
{
circuit_t *circ;
connection_or_unlink_all_active_circs(conn);
for (circ = global_circuitlist; circ; circ = circ->next) {
int mark = 0;
if (circ->n_conn == conn) {
circuit_set_n_circid_orconn(circ, 0, NULL);
mark = 1;
}
if (! CIRCUIT_IS_ORIGIN(circ)) {
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
if (or_circ->p_conn == conn) {
circuit_set_p_circid_orconn(or_circ, 0, NULL);
mark = 1;
}
}
if (mark && !circ->marked_for_close)
circuit_mark_for_close(circ, reason);
}
}
/** Do the appropriate en/decryptions for <b>cell</b> arriving on
* <b>circ</b> in direction <b>cell_direction</b>.
*
* If cell_direction == CELL_DIRECTION_IN:
* - If we're at the origin (we're the OP), for hops 1..N,
* decrypt cell. If recognized, stop.
* - Else (we're not the OP), encrypt one hop. Cell is not recognized.
*
* If cell_direction == CELL_DIRECTION_OUT:
* - decrypt one hop. Check if recognized.
*
* If cell is recognized, set *recognized to 1, and set
* *layer_hint to the hop that recognized it.
*
* Return -1 to indicate that we should mark the circuit for close,
* else return 0.
*/
int
relay_decrypt_cell(circuit_t *circ, cell_t *cell,
cell_direction_t cell_direction,
crypt_path_t **layer_hint, char *recognized)
{
relay_header_t rh;
tor_assert(circ);
tor_assert(cell);
tor_assert(recognized);
tor_assert(cell_direction == CELL_DIRECTION_IN ||
cell_direction == CELL_DIRECTION_OUT);
if (cell_direction == CELL_DIRECTION_IN) {
if (CIRCUIT_IS_ORIGIN(circ)) { /* We're at the beginning of the circuit.
* We'll want to do layered decrypts. */
crypt_path_t *thishop, *cpath = TO_ORIGIN_CIRCUIT(circ)->cpath;
thishop = cpath;
if (thishop->state != CPATH_STATE_OPEN) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Relay cell before first created cell? Closing.");
return -1;
}
do { /* Remember: cpath is in forward order, that is, first hop first. */
tor_assert(thishop);
/* decrypt one layer */
relay_crypt_one_payload(thishop->crypto.b_crypto, cell->payload);
relay_header_unpack(&rh, cell->payload);
if (rh.recognized == 0) {
/* it's possibly recognized. have to check digest to be sure. */
if (relay_digest_matches(thishop->crypto.b_digest, cell)) {
*recognized = 1;
*layer_hint = thishop;
return 0;
}
}
thishop = thishop->next;
} while (thishop != cpath && thishop->state == CPATH_STATE_OPEN);
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Incoming cell at client not recognized. Closing.");
return -1;
} else {
relay_crypto_t *crypto = &TO_OR_CIRCUIT(circ)->crypto;
/* We're in the middle. Encrypt one layer. */
relay_crypt_one_payload(crypto->b_crypto, cell->payload);
}
} else /* cell_direction == CELL_DIRECTION_OUT */ {
/* We're in the middle. Decrypt one layer. */
relay_crypto_t *crypto = &TO_OR_CIRCUIT(circ)->crypto;
relay_crypt_one_payload(crypto->f_crypto, cell->payload);
relay_header_unpack(&rh, cell->payload);
if (rh.recognized == 0) {
/* it's possibly recognized. have to check digest to be sure. */
if (relay_digest_matches(crypto->f_digest, cell)) {
*recognized = 1;
return 0;
}
}
}
return 0;
}
/** Process a 'relay' or 'relay_early' <b>cell</b> that just arrived from
* <b>conn</b>. Make sure it came in with a recognized circ_id. Pass it on to
* circuit_receive_relay_cell() for actual processing.
*/
static void
command_process_relay_cell(cell_t *cell, channel_t *chan)
{
circuit_t *circ;
int reason, direction;
circ = circuit_get_by_circid_channel(cell->circ_id, chan);
if (!circ) {
log_debug(LD_OR,
"unknown circuit %u on connection from %s. Dropping.",
(unsigned)cell->circ_id,
channel_get_canonical_remote_descr(chan));
return;
}
if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit in create_wait. Closing.");
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
return;
}
if (CIRCUIT_IS_ORIGIN(circ)) {
/* if we're a relay and treating connections with recent local
* traffic better, then this is one of them. */
channel_timestamp_client(chan);
}
if (!CIRCUIT_IS_ORIGIN(circ) &&
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)
direction = CELL_DIRECTION_OUT;
else
direction = CELL_DIRECTION_IN;
/* If we have a relay_early cell, make sure that it's outbound, and we've
* gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
if (cell->command == CELL_RELAY_EARLY) {
if (direction == CELL_DIRECTION_IN) {
/* Allow an unlimited number of inbound relay_early cells,
* for hidden service compatibility. There isn't any way to make
* a long circuit through inbound relay_early cells anyway. See
* bug 1038. -RD */
} else {
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
if (or_circ->remaining_relay_early_cells == 0) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received too many RELAY_EARLY cells on circ %u from %s."
" Closing circuit.",
(unsigned)cell->circ_id,
safe_str(channel_get_canonical_remote_descr(chan)));
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
return;
}
--or_circ->remaining_relay_early_cells;
}
}
if ((reason = circuit_receive_relay_cell(cell, circ, direction)) < 0) {
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit_receive_relay_cell "
"(%s) failed. Closing.",
direction==CELL_DIRECTION_OUT?"forward":"backward");
circuit_mark_for_close(circ, -reason);
}
}
/** Called when we get data from a cpuworker. If the answer is not complete,
* wait for a complete answer. If the answer is complete,
* process it as appropriate.
*/
int
connection_cpu_process_inbuf(connection_t *conn)
{
uint64_t chan_id;
circid_t circ_id;
channel_t *p_chan = NULL;
circuit_t *circ;
tor_assert(conn);
tor_assert(conn->type == CONN_TYPE_CPUWORKER);
if (!connection_get_inbuf_len(conn))
return 0;
if (conn->state == CPUWORKER_STATE_BUSY_ONION) {
cpuworker_reply_t rpl;
if (connection_get_inbuf_len(conn) < sizeof(cpuworker_reply_t))
return 0; /* not yet */
tor_assert(connection_get_inbuf_len(conn) == sizeof(cpuworker_reply_t));
connection_fetch_from_buf((void*)&rpl,sizeof(cpuworker_reply_t),conn);
tor_assert(rpl.magic == CPUWORKER_REPLY_MAGIC);
if (rpl.timed && rpl.success &&
rpl.handshake_type <= MAX_ONION_HANDSHAKE_TYPE) {
/* Time how long this request took. The handshake_type check should be
needless, but let's leave it in to be safe. */
struct timeval tv_end, tv_diff;
int64_t usec_roundtrip;
tor_gettimeofday(&tv_end);
timersub(&tv_end, &rpl.started_at, &tv_diff);
usec_roundtrip = ((int64_t)tv_diff.tv_sec)*1000000 + tv_diff.tv_usec;
if (usec_roundtrip >= 0 &&
usec_roundtrip < MAX_BELIEVABLE_ONIONSKIN_DELAY) {
++onionskins_n_processed[rpl.handshake_type];
onionskins_usec_internal[rpl.handshake_type] += rpl.n_usec;
onionskins_usec_roundtrip[rpl.handshake_type] += usec_roundtrip;
if (onionskins_n_processed[rpl.handshake_type] >= 500000) {
/* Scale down every 500000 handshakes. On a busy server, that's
* less impressive than it sounds. */
onionskins_n_processed[rpl.handshake_type] /= 2;
onionskins_usec_internal[rpl.handshake_type] /= 2;
onionskins_usec_roundtrip[rpl.handshake_type] /= 2;
}
}
}
/* parse out the circ it was talking about */
tag_unpack(rpl.tag, &chan_id, &circ_id);
circ = NULL;
log_debug(LD_OR,
"Unpacking cpuworker reply, chan_id is " U64_FORMAT
", circ_id is %u",
U64_PRINTF_ARG(chan_id), (unsigned)circ_id);
p_chan = channel_find_by_global_id(chan_id);
if (p_chan)
circ = circuit_get_by_circid_channel(circ_id, p_chan);
if (rpl.success == 0) {
log_debug(LD_OR,
"decoding onionskin failed. "
"(Old key or bad software.) Closing.");
if (circ)
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
goto done_processing;
}
if (!circ) {
/* This happens because somebody sends us a destroy cell and the
* circuit goes away, while the cpuworker is working. This is also
* why our tag doesn't include a pointer to the circ, because we'd
* never know if it's still valid.
*/
log_debug(LD_OR,"processed onion for a circ that's gone. Dropping.");
goto done_processing;
}
tor_assert(! CIRCUIT_IS_ORIGIN(circ));
if (onionskin_answer(TO_OR_CIRCUIT(circ),
&rpl.created_cell,
(const char*)rpl.keys,
rpl.rend_auth_material) < 0) {
log_warn(LD_OR,"onionskin_answer failed. Closing.");
circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
goto done_processing;
}
log_debug(LD_OR,"onionskin_answer succeeded. Yay.");
} else {
tor_assert(0); /* don't ask me to do handshakes yet */
}
done_processing:
conn->state = CPUWORKER_STATE_IDLE;
num_cpuworkers_busy--;
if (conn->timestamp_created < last_rotation_time) {
connection_mark_for_close(conn);
num_cpuworkers--;
spawn_enough_cpuworkers();
} else {
process_pending_task(conn);
}
return 0;
}
/** Called when we get data from a cpuworker. If the answer is not complete,
* wait for a complete answer. If the answer is complete,
* process it as appropriate.
*/
int
connection_cpu_process_inbuf(connection_t *conn)
{
char success;
char buf[LEN_ONION_RESPONSE];
uint64_t conn_id;
circid_t circ_id;
connection_t *tmp_conn;
or_connection_t *p_conn = NULL;
circuit_t *circ;
tor_assert(conn);
tor_assert(conn->type == CONN_TYPE_CPUWORKER);
if (!buf_datalen(conn->inbuf))
return 0;
if (conn->state == CPUWORKER_STATE_BUSY_ONION) {
if (buf_datalen(conn->inbuf) < LEN_ONION_RESPONSE) /* answer available? */
return 0; /* not yet */
tor_assert(buf_datalen(conn->inbuf) == LEN_ONION_RESPONSE);
connection_fetch_from_buf(&success,1,conn);
connection_fetch_from_buf(buf,LEN_ONION_RESPONSE-1,conn);
/* parse out the circ it was talking about */
tag_unpack(buf, &conn_id, &circ_id);
circ = NULL;
tmp_conn = connection_get_by_global_id(conn_id);
if (tmp_conn && !tmp_conn->marked_for_close &&
tmp_conn->type == CONN_TYPE_OR)
p_conn = TO_OR_CONN(tmp_conn);
if (p_conn)
circ = circuit_get_by_circid_orconn(circ_id, p_conn);
if (success == 0) {
log_debug(LD_OR,
"decoding onionskin failed. "
"(Old key or bad software.) Closing.");
if (circ)
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
goto done_processing;
}
if (!circ) {
/* This happens because somebody sends us a destroy cell and the
* circuit goes away, while the cpuworker is working. This is also
* why our tag doesn't include a pointer to the circ, because we'd
* never know if it's still valid.
*/
log_debug(LD_OR,"processed onion for a circ that's gone. Dropping.");
goto done_processing;
}
tor_assert(! CIRCUIT_IS_ORIGIN(circ));
if (onionskin_answer(TO_OR_CIRCUIT(circ), CELL_CREATED, buf+TAG_LEN,
buf+TAG_LEN+ONIONSKIN_REPLY_LEN) < 0) {
log_warn(LD_OR,"onionskin_answer failed. Closing.");
circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
goto done_processing;
}
log_debug(LD_OR,"onionskin_answer succeeded. Yay.");
} else {
tor_assert(0); /* don't ask me to do handshakes yet */
}
done_processing:
conn->state = CPUWORKER_STATE_IDLE;
num_cpuworkers_busy--;
if (conn->timestamp_created < last_rotation_time) {
connection_mark_for_close(conn);
num_cpuworkers--;
spawn_enough_cpuworkers();
} else {
process_pending_task(conn);
}
return 0;
}
/** Deallocate space associated with circ.
*/
static void
circuit_free(circuit_t *circ)
{
void *mem;
size_t memlen;
if (!circ)
return;
if (CIRCUIT_IS_ORIGIN(circ)) {
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
mem = ocirc;
memlen = sizeof(origin_circuit_t);
tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC);
if (ocirc->build_state) {
extend_info_free(ocirc->build_state->chosen_exit);
circuit_free_cpath_node(ocirc->build_state->pending_final_cpath);
cpath_ref_decref(ocirc->build_state->service_pending_final_cpath_ref);
}
tor_free(ocirc->build_state);
circuit_free_cpath(ocirc->cpath);
crypto_pk_free(ocirc->intro_key);
rend_data_free(ocirc->rend_data);
tor_free(ocirc->dest_address);
if (ocirc->socks_username) {
memwipe(ocirc->socks_username, 0x12, ocirc->socks_username_len);
tor_free(ocirc->socks_username);
}
if (ocirc->socks_password) {
memwipe(ocirc->socks_password, 0x06, ocirc->socks_password_len);
tor_free(ocirc->socks_password);
}
} else {
or_circuit_t *ocirc = TO_OR_CIRCUIT(circ);
/* Remember cell statistics for this circuit before deallocating. */
if (get_options()->CellStatistics)
rep_hist_buffer_stats_add_circ(circ, time(NULL));
mem = ocirc;
memlen = sizeof(or_circuit_t);
tor_assert(circ->magic == OR_CIRCUIT_MAGIC);
crypto_cipher_free(ocirc->p_crypto);
crypto_digest_free(ocirc->p_digest);
crypto_cipher_free(ocirc->n_crypto);
crypto_digest_free(ocirc->n_digest);
if (ocirc->rend_splice) {
or_circuit_t *other = ocirc->rend_splice;
tor_assert(other->_base.magic == OR_CIRCUIT_MAGIC);
other->rend_splice = NULL;
}
/* remove from map. */
circuit_set_p_circid_orconn(ocirc, 0, NULL);
/* Clear cell queue _after_ removing it from the map. Otherwise our
* "active" checks will be violated. */
cell_queue_clear(ô->p_conn_cells);
}
extend_info_free(circ->n_hop);
tor_free(circ->n_conn_onionskin);
/* Remove from map. */
circuit_set_n_circid_orconn(circ, 0, NULL);
/* Clear cell queue _after_ removing it from the map. Otherwise our
* "active" checks will be violated. */
cell_queue_clear(&circ->n_conn_cells);
memwipe(mem, 0xAA, memlen); /* poison memory */
tor_free(mem);
}
/** Implementation helper for circuit_set_{p,n}_circid_orconn: A circuit ID
* and/or or_connection for circ has just changed from <b>old_conn, old_id</b>
* to <b>conn, id</b>. Adjust the conn,circid map as appropriate, removing
* the old entry (if any) and adding a new one. If <b>active</b> is true,
* remove the circuit from the list of active circuits on old_conn and add it
* to the list of active circuits on conn.
* XXX "active" isn't an arg anymore */
static void
circuit_set_circid_orconn_helper(circuit_t *circ, int direction,
circid_t id,
or_connection_t *conn)
{
orconn_circid_circuit_map_t search;
orconn_circid_circuit_map_t *found;
or_connection_t *old_conn, **conn_ptr;
circid_t old_id, *circid_ptr;
int was_active, make_active;
if (direction == CELL_DIRECTION_OUT) {
conn_ptr = &circ->n_conn;
circid_ptr = &circ->n_circ_id;
was_active = circ->next_active_on_n_conn != NULL;
make_active = circ->n_conn_cells.n > 0;
} else {
or_circuit_t *c = TO_OR_CIRCUIT(circ);
conn_ptr = &c->p_conn;
circid_ptr = &c->p_circ_id;
was_active = c->next_active_on_p_conn != NULL;
make_active = c->p_conn_cells.n > 0;
}
old_conn = *conn_ptr;
old_id = *circid_ptr;
if (id == old_id && conn == old_conn)
return;
if (_last_circid_orconn_ent &&
((old_id == _last_circid_orconn_ent->circ_id &&
old_conn == _last_circid_orconn_ent->or_conn) ||
(id == _last_circid_orconn_ent->circ_id &&
conn == _last_circid_orconn_ent->or_conn))) {
_last_circid_orconn_ent = NULL;
}
if (old_conn) { /* we may need to remove it from the conn-circid map */
tor_assert(old_conn->_base.magic == OR_CONNECTION_MAGIC);
search.circ_id = old_id;
search.or_conn = old_conn;
found = HT_REMOVE(orconn_circid_map, &orconn_circid_circuit_map, &search);
if (found) {
tor_free(found);
--old_conn->n_circuits;
}
if (was_active && old_conn != conn)
make_circuit_inactive_on_conn(circ,old_conn);
}
/* Change the values only after we have possibly made the circuit inactive
* on the previous conn. */
*conn_ptr = conn;
*circid_ptr = id;
if (conn == NULL)
return;
/* now add the new one to the conn-circid map */
search.circ_id = id;
search.or_conn = conn;
found = HT_FIND(orconn_circid_map, &orconn_circid_circuit_map, &search);
if (found) {
found->circuit = circ;
} else {
found = tor_malloc_zero(sizeof(orconn_circid_circuit_map_t));
found->circ_id = id;
found->or_conn = conn;
found->circuit = circ;
HT_INSERT(orconn_circid_map, &orconn_circid_circuit_map, found);
}
if (make_active && old_conn != conn)
make_circuit_active_on_conn(circ,conn);
++conn->n_circuits;
}
/** Mark <b>circ</b> to be closed next time we call
* circuit_close_all_marked(). Do any cleanup needed:
* - If state is onionskin_pending, remove circ from the onion_pending
* list.
* - If circ isn't open yet: call circuit_build_failed() if we're
* the origin, and in either case call circuit_rep_hist_note_result()
* to note stats.
* - If purpose is C_INTRODUCE_ACK_WAIT, remove the intro point we
* just tried from our list of intro points for that service
* descriptor.
* - Send appropriate destroys and edge_destroys for conns and
* streams attached to circ.
* - If circ->rend_splice is set (we are the midpoint of a joined
* rendezvous stream), then mark the other circuit to close as well.
*/
void
_circuit_mark_for_close(circuit_t *circ, int reason, int line,
const char *file)
{
int orig_reason = reason; /* Passed to the controller */
assert_circuit_ok(circ);
tor_assert(line);
tor_assert(file);
if (circ->marked_for_close) {
log(LOG_WARN,LD_BUG,
"Duplicate call to circuit_mark_for_close at %s:%d"
" (first at %s:%d)", file, line,
circ->marked_for_close_file, circ->marked_for_close);
return;
}
if (reason == END_CIRC_AT_ORIGIN) {
if (!CIRCUIT_IS_ORIGIN(circ)) {
log_warn(LD_BUG, "Specified 'at-origin' non-reason for ending circuit, "
"but circuit was not at origin. (called %s:%d, purpose=%d)",
file, line, circ->purpose);
}
reason = END_CIRC_REASON_NONE;
}
if (CIRCUIT_IS_ORIGIN(circ)) {
/* We don't send reasons when closing circuits at the origin. */
reason = END_CIRC_REASON_NONE;
}
if (reason & END_CIRC_REASON_FLAG_REMOTE)
reason &= ~END_CIRC_REASON_FLAG_REMOTE;
if (reason < _END_CIRC_REASON_MIN || reason > _END_CIRC_REASON_MAX) {
if (!(orig_reason & END_CIRC_REASON_FLAG_REMOTE))
log_warn(LD_BUG, "Reason %d out of range at %s:%d", reason, file, line);
reason = END_CIRC_REASON_NONE;
}
if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
onion_pending_remove(TO_OR_CIRCUIT(circ));
}
/* If the circuit ever became OPEN, we sent it to the reputation history
* module then. If it isn't OPEN, we send it there now to remember which
* links worked and which didn't.
*/
if (circ->state != CIRCUIT_STATE_OPEN) {
if (CIRCUIT_IS_ORIGIN(circ)) {
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
circuit_build_failed(ocirc); /* take actions if necessary */
circuit_rep_hist_note_result(ocirc);
}
}
if (circ->state == CIRCUIT_STATE_OR_WAIT) {
if (circuits_pending_or_conns)
smartlist_remove(circuits_pending_or_conns, circ);
}
if (CIRCUIT_IS_ORIGIN(circ)) {
control_event_circuit_status(TO_ORIGIN_CIRCUIT(circ),
(circ->state == CIRCUIT_STATE_OPEN)?CIRC_EVENT_CLOSED:CIRC_EVENT_FAILED,
orig_reason);
}
if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
tor_assert(circ->state == CIRCUIT_STATE_OPEN);
tor_assert(ocirc->build_state->chosen_exit);
tor_assert(ocirc->rend_data);
/* treat this like getting a nack from it */
log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). "
"Removing from descriptor.",
safe_str(ocirc->rend_data->onion_address),
safe_str(build_state_get_exit_nickname(ocirc->build_state)));
rend_client_remove_intro_point(ocirc->build_state->chosen_exit,
ocirc->rend_data);
}
if (circ->n_conn)
connection_or_send_destroy(circ->n_circ_id, circ->n_conn, reason);
if (! CIRCUIT_IS_ORIGIN(circ)) {
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
edge_connection_t *conn;
for (conn=or_circ->n_streams; conn; conn=conn->next_stream)
connection_edge_destroy(or_circ->p_circ_id, conn);
while (or_circ->resolving_streams) {
conn = or_circ->resolving_streams;
or_circ->resolving_streams = conn->next_stream;
if (!conn->_base.marked_for_close) {
/* The client will see a DESTROY, and infer that the connections
* are closing because the circuit is getting torn down. No need
* to send an end cell. */
conn->edge_has_sent_end = 1;
conn->end_reason = END_STREAM_REASON_DESTROY;
conn->end_reason |= END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED;
connection_mark_for_close(TO_CONN(conn));
}
conn->on_circuit = NULL;
}
if (or_circ->p_conn)
connection_or_send_destroy(or_circ->p_circ_id, or_circ->p_conn, reason);
} else {
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
edge_connection_t *conn;
for (conn=ocirc->p_streams; conn; conn=conn->next_stream)
connection_edge_destroy(circ->n_circ_id, conn);
}
circ->marked_for_close = line;
circ->marked_for_close_file = file;
if (!CIRCUIT_IS_ORIGIN(circ)) {
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
if (or_circ->rend_splice) {
if (!or_circ->rend_splice->_base.marked_for_close) {
/* do this after marking this circuit, to avoid infinite recursion. */
circuit_mark_for_close(TO_CIRCUIT(or_circ->rend_splice), reason);
}
or_circ->rend_splice = NULL;
}
}
}
/** Verify that circuit <b>c</b> has all of its invariants
* correct. Trigger an assert if anything is invalid.
*/
void
assert_circuit_ok(const circuit_t *c)
{
edge_connection_t *conn;
const or_circuit_t *or_circ = NULL;
const origin_circuit_t *origin_circ = NULL;
tor_assert(c);
tor_assert(c->magic == ORIGIN_CIRCUIT_MAGIC || c->magic == OR_CIRCUIT_MAGIC);
tor_assert(c->purpose >= _CIRCUIT_PURPOSE_MIN &&
c->purpose <= _CIRCUIT_PURPOSE_MAX);
{
/* Having a separate variable for this pleases GCC 4.2 in ways I hope I
* never understand. -NM. */
circuit_t *nonconst_circ = (circuit_t*) c;
if (CIRCUIT_IS_ORIGIN(c))
origin_circ = TO_ORIGIN_CIRCUIT(nonconst_circ);
else
or_circ = TO_OR_CIRCUIT(nonconst_circ);
}
if (c->n_conn) {
tor_assert(!c->n_hop);
if (c->n_circ_id) {
/* We use the _impl variant here to make sure we don't fail on marked
* circuits, which would not be returned by the regular function. */
circuit_t *c2 = circuit_get_by_circid_orconn_impl(c->n_circ_id,
c->n_conn);
tor_assert(c == c2);
}
}
if (or_circ && or_circ->p_conn) {
if (or_circ->p_circ_id) {
/* ibid */
circuit_t *c2 = circuit_get_by_circid_orconn_impl(or_circ->p_circ_id,
or_circ->p_conn);
tor_assert(c == c2);
}
}
#if 0 /* false now that rendezvous exits are attached to p_streams */
if (origin_circ)
for (conn = origin_circ->p_streams; conn; conn = conn->next_stream)
tor_assert(conn->_base.type == CONN_TYPE_AP);
#endif
if (or_circ)
for (conn = or_circ->n_streams; conn; conn = conn->next_stream)
tor_assert(conn->_base.type == CONN_TYPE_EXIT);
tor_assert(c->deliver_window >= 0);
tor_assert(c->package_window >= 0);
if (c->state == CIRCUIT_STATE_OPEN) {
tor_assert(!c->n_conn_onionskin);
if (or_circ) {
tor_assert(or_circ->n_crypto);
tor_assert(or_circ->p_crypto);
tor_assert(or_circ->n_digest);
tor_assert(or_circ->p_digest);
}
}
if (c->state == CIRCUIT_STATE_OR_WAIT && !c->marked_for_close) {
tor_assert(circuits_pending_or_conns &&
smartlist_isin(circuits_pending_or_conns, c));
} else {
tor_assert(!circuits_pending_or_conns ||
!smartlist_isin(circuits_pending_or_conns, c));
}
if (origin_circ && origin_circ->cpath) {
assert_cpath_ok(origin_circ->cpath);
}
if (c->purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED) {
tor_assert(or_circ);
if (!c->marked_for_close) {
tor_assert(or_circ->rend_splice);
tor_assert(or_circ->rend_splice->rend_splice == or_circ);
}
tor_assert(or_circ->rend_splice != or_circ);
} else {
tor_assert(!or_circ || !or_circ->rend_splice);
}
}
/** Deallocate space associated with circ.
*/
static void
circuit_free(circuit_t *circ)
{
void *mem;
size_t memlen;
tor_assert(circ);
if (CIRCUIT_IS_ORIGIN(circ)) {
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
mem = ocirc;
memlen = sizeof(origin_circuit_t);
tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC);
if (ocirc->build_state) {
if (ocirc->build_state->chosen_exit)
extend_info_free(ocirc->build_state->chosen_exit);
if (ocirc->build_state->pending_final_cpath)
circuit_free_cpath_node(ocirc->build_state->pending_final_cpath);
}
tor_free(ocirc->build_state);
circuit_free_cpath(ocirc->cpath);
if (ocirc->intro_key)
crypto_free_pk_env(ocirc->intro_key);
if (ocirc->rend_data)
rend_data_free(ocirc->rend_data);
} else {
or_circuit_t *ocirc = TO_OR_CIRCUIT(circ);
mem = ocirc;
memlen = sizeof(or_circuit_t);
tor_assert(circ->magic == OR_CIRCUIT_MAGIC);
if (ocirc->p_crypto)
crypto_free_cipher_env(ocirc->p_crypto);
if (ocirc->p_digest)
crypto_free_digest_env(ocirc->p_digest);
if (ocirc->n_crypto)
crypto_free_cipher_env(ocirc->n_crypto);
if (ocirc->n_digest)
crypto_free_digest_env(ocirc->n_digest);
if (ocirc->rend_splice) {
or_circuit_t *other = ocirc->rend_splice;
tor_assert(other->_base.magic == OR_CIRCUIT_MAGIC);
other->rend_splice = NULL;
}
/* remove from map. */
circuit_set_p_circid_orconn(ocirc, 0, NULL);
/* Clear cell queue _after_ removing it from the map. Otherwise our
* "active" checks will be violated. */
cell_queue_clear(ô->p_conn_cells);
}
if (circ->n_hop)
extend_info_free(circ->n_hop);
tor_free(circ->n_conn_onionskin);
/* Remove from map. */
circuit_set_n_circid_orconn(circ, 0, NULL);
/* Clear cell queue _after_ removing it from the map. Otherwise our
* "active" checks will be violated. */
cell_queue_clear(&circ->n_conn_cells);
memset(circ, 0xAA, memlen); /* poison memory */
tor_free(mem);
}
