Back to index

tor  0.2.3.18-rc
connection.c
Go to the documentation of this file.
00001 /* Copyright (c) 2001 Matej Pfajfar.
00002  * Copyright (c) 2001-2004, Roger Dingledine.
00003  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
00004  * Copyright (c) 2007-2012, The Tor Project, Inc. */
00005 /* See LICENSE for licensing information */
00006 
00013 #include "or.h"
00014 #include "buffers.h"
00015 #include "circuitbuild.h"
00016 #include "circuitlist.h"
00017 #include "circuituse.h"
00018 #include "config.h"
00019 #include "connection.h"
00020 #include "connection_edge.h"
00021 #include "connection_or.h"
00022 #include "control.h"
00023 #include "cpuworker.h"
00024 #include "directory.h"
00025 #include "dirserv.h"
00026 #include "dns.h"
00027 #include "dnsserv.h"
00028 #include "geoip.h"
00029 #include "main.h"
00030 #include "policies.h"
00031 #include "reasons.h"
00032 #include "relay.h"
00033 #include "rendclient.h"
00034 #include "rendcommon.h"
00035 #include "rephist.h"
00036 #include "router.h"
00037 #include "routerparse.h"
00038 
00039 #ifdef USE_BUFFEREVENTS
00040 #include <event2/event.h>
00041 #endif
00042 
00043 #ifdef HAVE_PWD_H
00044 #include <pwd.h>
00045 #endif
00046 
00047 static connection_t *connection_listener_new(
00048                                const struct sockaddr *listensockaddr,
00049                                socklen_t listensocklen, int type,
00050                                const char *address,
00051                                const port_cfg_t *portcfg);
00052 static void connection_init(time_t now, connection_t *conn, int type,
00053                             int socket_family);
00054 static int connection_init_accepted_conn(connection_t *conn,
00055                           const listener_connection_t *listener);
00056 static int connection_handle_listener_read(connection_t *conn, int new_type);
00057 #ifndef USE_BUFFEREVENTS
00058 static int connection_bucket_should_increase(int bucket,
00059                                              or_connection_t *conn);
00060 #endif
00061 static int connection_finished_flushing(connection_t *conn);
00062 static int connection_flushed_some(connection_t *conn);
00063 static int connection_finished_connecting(connection_t *conn);
00064 static int connection_reached_eof(connection_t *conn);
00065 static int connection_read_to_buf(connection_t *conn, ssize_t *max_to_read,
00066                                   int *socket_error);
00067 static int connection_process_inbuf(connection_t *conn, int package_partial);
00068 static void client_check_address_changed(tor_socket_t sock);
00069 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
00070 
00071 static const char *connection_proxy_state_to_string(int state);
00072 static int connection_read_https_proxy_response(connection_t *conn);
00073 static void connection_send_socks5_connect(connection_t *conn);
00074 static const char *proxy_type_to_string(int proxy_type);
00075 static int get_proxy_type(void);
00076 
00082 static tor_addr_t *last_interface_ipv4 = NULL;
00083 /* DOCDOC last_interface_ipv6 */
00084 static tor_addr_t *last_interface_ipv6 = NULL;
00087 static smartlist_t *outgoing_addrs = NULL;
00088 
00089 #define CASE_ANY_LISTENER_TYPE \
00090     case CONN_TYPE_OR_LISTENER: \
00091     case CONN_TYPE_AP_LISTENER: \
00092     case CONN_TYPE_DIR_LISTENER: \
00093     case CONN_TYPE_CONTROL_LISTENER: \
00094     case CONN_TYPE_AP_TRANS_LISTENER: \
00095     case CONN_TYPE_AP_NATD_LISTENER: \
00096     case CONN_TYPE_AP_DNS_LISTENER
00097 
00098 /**************************************************************/
00099 
00103 const char *
00104 conn_type_to_string(int type)
00105 {
00106   static char buf[64];
00107   switch (type) {
00108     case CONN_TYPE_OR_LISTENER: return "OR listener";
00109     case CONN_TYPE_OR: return "OR";
00110     case CONN_TYPE_EXIT: return "Exit";
00111     case CONN_TYPE_AP_LISTENER: return "Socks listener";
00112     case CONN_TYPE_AP_TRANS_LISTENER:
00113       return "Transparent pf/netfilter listener";
00114     case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
00115     case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
00116     case CONN_TYPE_AP: return "Socks";
00117     case CONN_TYPE_DIR_LISTENER: return "Directory listener";
00118     case CONN_TYPE_DIR: return "Directory";
00119     case CONN_TYPE_CPUWORKER: return "CPU worker";
00120     case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
00121     case CONN_TYPE_CONTROL: return "Control";
00122     default:
00123       log_warn(LD_BUG, "unknown connection type %d", type);
00124       tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
00125       return buf;
00126   }
00127 }
00128 
00133 const char *
00134 conn_state_to_string(int type, int state)
00135 {
00136   static char buf[96];
00137   switch (type) {
00138     CASE_ANY_LISTENER_TYPE:
00139       if (state == LISTENER_STATE_READY)
00140         return "ready";
00141       break;
00142     case CONN_TYPE_OR:
00143       switch (state) {
00144         case OR_CONN_STATE_CONNECTING: return "connect()ing";
00145         case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
00146         case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
00147         case OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING:
00148           return "renegotiating (TLS, v2 handshake)";
00149         case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
00150           return "waiting for renegotiation or V3 handshake";
00151         case OR_CONN_STATE_OR_HANDSHAKING_V2:
00152           return "handshaking (Tor, v2 handshake)";
00153         case OR_CONN_STATE_OR_HANDSHAKING_V3:
00154           return "handshaking (Tor, v3 handshake)";
00155         case OR_CONN_STATE_OPEN: return "open";
00156       }
00157       break;
00158     case CONN_TYPE_EXIT:
00159       switch (state) {
00160         case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
00161         case EXIT_CONN_STATE_CONNECTING: return "connecting";
00162         case EXIT_CONN_STATE_OPEN: return "open";
00163         case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
00164       }
00165       break;
00166     case CONN_TYPE_AP:
00167       switch (state) {
00168         case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
00169         case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
00170         case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
00171         case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
00172         case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
00173         case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
00174         case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
00175         case AP_CONN_STATE_OPEN: return "open";
00176       }
00177       break;
00178     case CONN_TYPE_DIR:
00179       switch (state) {
00180         case DIR_CONN_STATE_CONNECTING: return "connecting";
00181         case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
00182         case DIR_CONN_STATE_CLIENT_READING: return "client reading";
00183         case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
00184         case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
00185         case DIR_CONN_STATE_SERVER_WRITING: return "writing";
00186       }
00187       break;
00188     case CONN_TYPE_CPUWORKER:
00189       switch (state) {
00190         case CPUWORKER_STATE_IDLE: return "idle";
00191         case CPUWORKER_STATE_BUSY_ONION: return "busy with onion";
00192       }
00193       break;
00194     case CONN_TYPE_CONTROL:
00195       switch (state) {
00196         case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
00197         case CONTROL_CONN_STATE_NEEDAUTH:
00198           return "waiting for authentication (protocol v1)";
00199       }
00200       break;
00201   }
00202 
00203   log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
00204   tor_snprintf(buf, sizeof(buf),
00205                "unknown state [%d] on unknown [%s] connection",
00206                state, conn_type_to_string(type));
00207   return buf;
00208 }
00209 
00210 #ifdef USE_BUFFEREVENTS
00211 
00213 int
00214 connection_type_uses_bufferevent(connection_t *conn)
00215 {
00216   switch (conn->type) {
00217     case CONN_TYPE_AP:
00218     case CONN_TYPE_EXIT:
00219     case CONN_TYPE_DIR:
00220     case CONN_TYPE_CONTROL:
00221     case CONN_TYPE_OR:
00222     case CONN_TYPE_CPUWORKER:
00223       return 1;
00224     default:
00225       return 0;
00226   }
00227 }
00228 #endif
00229 
00232 dir_connection_t *
00233 dir_connection_new(int socket_family)
00234 {
00235   dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
00236   connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
00237   return dir_conn;
00238 }
00239 
00242 or_connection_t *
00243 or_connection_new(int socket_family)
00244 {
00245   or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
00246   time_t now = time(NULL);
00247   connection_init(now, TO_CONN(or_conn), CONN_TYPE_OR, socket_family);
00248 
00249   or_conn->timestamp_last_added_nonpadding = time(NULL);
00250   or_conn->next_circ_id = crypto_rand_int(1<<15);
00251 
00252   or_conn->active_circuit_pqueue = smartlist_new();
00253   or_conn->active_circuit_pqueue_last_recalibrated = cell_ewma_get_tick();
00254 
00255   return or_conn;
00256 }
00257 
00260 entry_connection_t *
00261 entry_connection_new(int type, int socket_family)
00262 {
00263   entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
00264   tor_assert(type == CONN_TYPE_AP);
00265   connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
00266   entry_conn->socks_request = socks_request_new();
00267   return entry_conn;
00268 }
00269 
00272 edge_connection_t *
00273 edge_connection_new(int type, int socket_family)
00274 {
00275   edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
00276   tor_assert(type == CONN_TYPE_EXIT);
00277   connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
00278   return edge_conn;
00279 }
00280 
00283 control_connection_t *
00284 control_connection_new(int socket_family)
00285 {
00286   control_connection_t *control_conn =
00287     tor_malloc_zero(sizeof(control_connection_t));
00288   connection_init(time(NULL),
00289                   TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
00290   log_notice(LD_CONTROL, "New control connection opened.");
00291   return control_conn;
00292 }
00293 
00296 listener_connection_t *
00297 listener_connection_new(int type, int socket_family)
00298 {
00299   listener_connection_t *listener_conn =
00300     tor_malloc_zero(sizeof(listener_connection_t));
00301   connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
00302   return listener_conn;
00303 }
00304 
00308 connection_t *
00309 connection_new(int type, int socket_family)
00310 {
00311   switch (type) {
00312     case CONN_TYPE_OR:
00313       return TO_CONN(or_connection_new(socket_family));
00314 
00315     case CONN_TYPE_EXIT:
00316       return TO_CONN(edge_connection_new(type, socket_family));
00317 
00318     case CONN_TYPE_AP:
00319       return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
00320 
00321     case CONN_TYPE_DIR:
00322       return TO_CONN(dir_connection_new(socket_family));
00323 
00324     case CONN_TYPE_CONTROL:
00325       return TO_CONN(control_connection_new(socket_family));
00326 
00327     CASE_ANY_LISTENER_TYPE:
00328       return TO_CONN(listener_connection_new(type, socket_family));
00329 
00330     default: {
00331       connection_t *conn = tor_malloc_zero(sizeof(connection_t));
00332       connection_init(time(NULL), conn, type, socket_family);
00333       return conn;
00334     }
00335   }
00336 }
00337 
00351 static void
00352 connection_init(time_t now, connection_t *conn, int type, int socket_family)
00353 {
00354   static uint64_t n_connections_allocated = 1;
00355 
00356   switch (type) {
00357     case CONN_TYPE_OR:
00358       conn->magic = OR_CONNECTION_MAGIC;
00359       break;
00360     case CONN_TYPE_EXIT:
00361       conn->magic = EDGE_CONNECTION_MAGIC;
00362       break;
00363     case CONN_TYPE_AP:
00364       conn->magic = ENTRY_CONNECTION_MAGIC;
00365       break;
00366     case CONN_TYPE_DIR:
00367       conn->magic = DIR_CONNECTION_MAGIC;
00368       break;
00369     case CONN_TYPE_CONTROL:
00370       conn->magic = CONTROL_CONNECTION_MAGIC;
00371       break;
00372     CASE_ANY_LISTENER_TYPE:
00373       conn->magic = LISTENER_CONNECTION_MAGIC;
00374       break;
00375     default:
00376       conn->magic = BASE_CONNECTION_MAGIC;
00377       break;
00378   }
00379 
00380   conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
00381   conn->conn_array_index = -1; /* also default to 'not used' */
00382   conn->global_identifier = n_connections_allocated++;
00383 
00384   conn->type = type;
00385   conn->socket_family = socket_family;
00386 #ifndef USE_BUFFEREVENTS
00387   if (!connection_is_listener(conn)) {
00388     /* listeners never use their buf */
00389     conn->inbuf = buf_new();
00390     conn->outbuf = buf_new();
00391   }
00392 #endif
00393 
00394   conn->timestamp_created = now;
00395   conn->timestamp_lastread = now;
00396   conn->timestamp_lastwritten = now;
00397 }
00398 
00400 void
00401 connection_link_connections(connection_t *conn_a, connection_t *conn_b)
00402 {
00403   tor_assert(! SOCKET_OK(conn_a->s));
00404   tor_assert(! SOCKET_OK(conn_b->s));
00405 
00406   conn_a->linked = 1;
00407   conn_b->linked = 1;
00408   conn_a->linked_conn = conn_b;
00409   conn_b->linked_conn = conn_a;
00410 }
00411 
00416 static void
00417 _connection_free(connection_t *conn)
00418 {
00419   void *mem;
00420   size_t memlen;
00421   if (!conn)
00422     return;
00423 
00424   switch (conn->type) {
00425     case CONN_TYPE_OR:
00426       tor_assert(conn->magic == OR_CONNECTION_MAGIC);
00427       mem = TO_OR_CONN(conn);
00428       memlen = sizeof(or_connection_t);
00429       break;
00430     case CONN_TYPE_AP:
00431       tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
00432       mem = TO_ENTRY_CONN(conn);
00433       memlen = sizeof(entry_connection_t);
00434       break;
00435     case CONN_TYPE_EXIT:
00436       tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
00437       mem = TO_EDGE_CONN(conn);
00438       memlen = sizeof(edge_connection_t);
00439       break;
00440     case CONN_TYPE_DIR:
00441       tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
00442       mem = TO_DIR_CONN(conn);
00443       memlen = sizeof(dir_connection_t);
00444       break;
00445     case CONN_TYPE_CONTROL:
00446       tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
00447       mem = TO_CONTROL_CONN(conn);
00448       memlen = sizeof(control_connection_t);
00449       break;
00450     CASE_ANY_LISTENER_TYPE:
00451       tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
00452       mem = TO_LISTENER_CONN(conn);
00453       memlen = sizeof(listener_connection_t);
00454       break;
00455     default:
00456       tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
00457       mem = conn;
00458       memlen = sizeof(connection_t);
00459       break;
00460   }
00461 
00462   if (conn->linked) {
00463     log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
00464              "bytes on inbuf, %d on outbuf.",
00465              conn_type_to_string(conn->type),
00466              conn_state_to_string(conn->type, conn->state),
00467              (int)connection_get_inbuf_len(conn),
00468              (int)connection_get_outbuf_len(conn));
00469   }
00470 
00471   if (!connection_is_listener(conn)) {
00472     buf_free(conn->inbuf);
00473     buf_free(conn->outbuf);
00474   } else {
00475     if (conn->socket_family == AF_UNIX) {
00476       /* For now only control ports can be Unix domain sockets
00477        * and listeners at the same time */
00478       tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
00479 
00480       if (unlink(conn->address) < 0 && errno != ENOENT) {
00481         log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
00482                          strerror(errno));
00483       }
00484     }
00485   }
00486 
00487   tor_free(conn->address);
00488 
00489   if (connection_speaks_cells(conn)) {
00490     or_connection_t *or_conn = TO_OR_CONN(conn);
00491     tor_tls_free(or_conn->tls);
00492     or_conn->tls = NULL;
00493     or_handshake_state_free(or_conn->handshake_state);
00494     or_conn->handshake_state = NULL;
00495     smartlist_free(or_conn->active_circuit_pqueue);
00496     tor_free(or_conn->nickname);
00497   }
00498   if (conn->type == CONN_TYPE_AP) {
00499     entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
00500     tor_free(entry_conn->chosen_exit_name);
00501     tor_free(entry_conn->original_dest_address);
00502     if (entry_conn->socks_request)
00503       socks_request_free(entry_conn->socks_request);
00504     if (entry_conn->pending_optimistic_data) {
00505       generic_buffer_free(entry_conn->pending_optimistic_data);
00506     }
00507     if (entry_conn->sending_optimistic_data) {
00508       generic_buffer_free(entry_conn->sending_optimistic_data);
00509     }
00510   }
00511   if (CONN_IS_EDGE(conn)) {
00512     rend_data_free(TO_EDGE_CONN(conn)->rend_data);
00513   }
00514   if (conn->type == CONN_TYPE_CONTROL) {
00515     control_connection_t *control_conn = TO_CONTROL_CONN(conn);
00516     tor_free(control_conn->safecookie_client_hash);
00517     tor_free(control_conn->incoming_cmd);
00518   }
00519 
00520   tor_free(conn->read_event); /* Probably already freed by connection_free. */
00521   tor_free(conn->write_event); /* Probably already freed by connection_free. */
00522   IF_HAS_BUFFEREVENT(conn, {
00523       /* This was a workaround to handle bugs in some old versions of libevent
00524        * where callbacks can occur after calling bufferevent_free().  Setting
00525        * the callbacks to NULL prevented this.  It shouldn't be necessary any
00526        * more, but let's not tempt fate for now.  */
00527       bufferevent_setcb(conn->bufev, NULL, NULL, NULL, NULL);
00528       bufferevent_free(conn->bufev);
00529       conn->bufev = NULL;
00530   });
00531 
00532   if (conn->type == CONN_TYPE_DIR) {
00533     dir_connection_t *dir_conn = TO_DIR_CONN(conn);
00534     tor_free(dir_conn->requested_resource);
00535 
00536     tor_zlib_free(dir_conn->zlib_state);
00537     if (dir_conn->fingerprint_stack) {
00538       SMARTLIST_FOREACH(dir_conn->fingerprint_stack, char *, cp, tor_free(cp));
00539       smartlist_free(dir_conn->fingerprint_stack);
00540     }
00541 
00542     cached_dir_decref(dir_conn->cached_dir);
00543     rend_data_free(dir_conn->rend_data);
00544   }
00545 
00546   if (SOCKET_OK(conn->s)) {
00547     log_debug(LD_NET,"closing fd %d.",(int)conn->s);
00548     tor_close_socket(conn->s);
00549     conn->s = TOR_INVALID_SOCKET;
00550   }
00551 
00552   if (conn->type == CONN_TYPE_OR &&
00553       !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
00554     log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
00555     connection_or_remove_from_identity_map(TO_OR_CONN(conn));
00556   }
00557 #ifdef USE_BUFFEREVENTS
00558   if (conn->type == CONN_TYPE_OR && TO_OR_CONN(conn)->bucket_cfg) {
00559     ev_token_bucket_cfg_free(TO_OR_CONN(conn)->bucket_cfg);
00560     TO_OR_CONN(conn)->bucket_cfg = NULL;
00561   }
00562 #endif
00563 
00564   memset(mem, 0xCC, memlen); /* poison memory */
00565   tor_free(mem);
00566 }
00567 
00570 void
00571 connection_free(connection_t *conn)
00572 {
00573   if (!conn)
00574     return;
00575   tor_assert(!connection_is_on_closeable_list(conn));
00576   tor_assert(!connection_in_array(conn));
00577   if (conn->linked_conn) {
00578     log_err(LD_BUG, "Called with conn->linked_conn still set.");
00579     tor_fragile_assert();
00580     conn->linked_conn->linked_conn = NULL;
00581     if (! conn->linked_conn->marked_for_close &&
00582         conn->linked_conn->reading_from_linked_conn)
00583       connection_start_reading(conn->linked_conn);
00584     conn->linked_conn = NULL;
00585   }
00586   if (connection_speaks_cells(conn)) {
00587     if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
00588       connection_or_remove_from_identity_map(TO_OR_CONN(conn));
00589     }
00590   }
00591   if (conn->type == CONN_TYPE_CONTROL) {
00592     connection_control_closed(TO_CONTROL_CONN(conn));
00593   }
00594   connection_unregister_events(conn);
00595   _connection_free(conn);
00596 }
00597 
00610 void
00611 connection_about_to_close_connection(connection_t *conn)
00612 {
00613   tor_assert(conn->marked_for_close);
00614 
00615   switch (conn->type) {
00616     case CONN_TYPE_DIR:
00617       connection_dir_about_to_close(TO_DIR_CONN(conn));
00618       break;
00619     case CONN_TYPE_OR:
00620       connection_or_about_to_close(TO_OR_CONN(conn));
00621       break;
00622     case CONN_TYPE_AP:
00623       connection_ap_about_to_close(TO_ENTRY_CONN(conn));
00624       break;
00625     case CONN_TYPE_EXIT:
00626       connection_exit_about_to_close(TO_EDGE_CONN(conn));
00627       break;
00628   }
00629 }
00630 
00633 #define CONN_IS_CLOSED(c) \
00634   ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
00635 
00640 void
00641 connection_close_immediate(connection_t *conn)
00642 {
00643   assert_connection_ok(conn,0);
00644   if (CONN_IS_CLOSED(conn)) {
00645     log_err(LD_BUG,"Attempt to close already-closed connection.");
00646     tor_fragile_assert();
00647     return;
00648   }
00649   if (conn->outbuf_flushlen) {
00650     log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
00651              (int)conn->s, conn_type_to_string(conn->type),
00652              conn_state_to_string(conn->type, conn->state),
00653              (int)conn->outbuf_flushlen);
00654   }
00655 
00656   connection_unregister_events(conn);
00657 
00658   if (SOCKET_OK(conn->s))
00659     tor_close_socket(conn->s);
00660   conn->s = TOR_INVALID_SOCKET;
00661   if (conn->linked)
00662     conn->linked_conn_is_closed = 1;
00663   if (conn->outbuf)
00664     buf_clear(conn->outbuf);
00665   conn->outbuf_flushlen = 0;
00666 }
00667 
00670 void
00671 _connection_mark_for_close(connection_t *conn, int line, const char *file)
00672 {
00673   assert_connection_ok(conn,0);
00674   tor_assert(line);
00675   tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
00676   tor_assert(file);
00677 
00678   if (conn->marked_for_close) {
00679     log(LOG_WARN,LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
00680         " (first at %s:%d)", file, line, conn->marked_for_close_file,
00681         conn->marked_for_close);
00682     tor_fragile_assert();
00683     return;
00684   }
00685 
00686   conn->marked_for_close = line;
00687   conn->marked_for_close_file = file;
00688   add_connection_to_closeable_list(conn);
00689 
00690   /* in case we're going to be held-open-til-flushed, reset
00691    * the number of seconds since last successful write, so
00692    * we get our whole 15 seconds */
00693   conn->timestamp_lastwritten = time(NULL);
00694 }
00695 
00701 void
00702 connection_expire_held_open(void)
00703 {
00704   time_t now;
00705   smartlist_t *conns = get_connection_array();
00706 
00707   now = time(NULL);
00708 
00709   SMARTLIST_FOREACH(conns, connection_t *, conn,
00710   {
00711     /* If we've been holding the connection open, but we haven't written
00712      * for 15 seconds...
00713      */
00714     if (conn->hold_open_until_flushed) {
00715       tor_assert(conn->marked_for_close);
00716       if (now - conn->timestamp_lastwritten >= 15) {
00717         int severity;
00718         if (conn->type == CONN_TYPE_EXIT ||
00719             (conn->type == CONN_TYPE_DIR &&
00720              conn->purpose == DIR_PURPOSE_SERVER))
00721           severity = LOG_INFO;
00722         else
00723           severity = LOG_NOTICE;
00724         log_fn(severity, LD_NET,
00725                "Giving up on marked_for_close conn that's been flushing "
00726                "for 15s (fd %d, type %s, state %s).",
00727                (int)conn->s, conn_type_to_string(conn->type),
00728                conn_state_to_string(conn->type, conn->state));
00729         conn->hold_open_until_flushed = 0;
00730       }
00731     }
00732   });
00733 }
00734 
00735 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
00736 
00749 static struct sockaddr_un *
00750 create_unix_sockaddr(const char *listenaddress, char **readable_address,
00751                      socklen_t *len_out)
00752 {
00753   struct sockaddr_un *sockaddr = NULL;
00754 
00755   sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
00756   sockaddr->sun_family = AF_UNIX;
00757   if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
00758       >= sizeof(sockaddr->sun_path)) {
00759     log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
00760              escaped(listenaddress));
00761     tor_free(sockaddr);
00762     return NULL;
00763   }
00764 
00765   if (readable_address)
00766     *readable_address = tor_strdup(listenaddress);
00767 
00768   *len_out = sizeof(struct sockaddr_un);
00769   return sockaddr;
00770 }
00771 #else
00772 static struct sockaddr *
00773 create_unix_sockaddr(const char *listenaddress, char **readable_address,
00774                      socklen_t *len_out)
00775 {
00776   (void)listenaddress;
00777   (void)readable_address;
00778   log_fn(LOG_ERR, LD_BUG,
00779          "Unix domain sockets not supported, yet we tried to create one.");
00780   *len_out = 0;
00781   tor_fragile_assert();
00782   return NULL;
00783 }
00784 #endif /* HAVE_SYS_UN_H */
00785 
00789 static void
00790 warn_too_many_conns(void)
00791 {
00792 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
00793   static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
00794   char *m;
00795   if ((m = rate_limit_log(&last_warned, approx_time()))) {
00796     int n_conns = get_n_open_sockets();
00797     log_warn(LD_NET,"Failing because we have %d connections already. Please "
00798              "raise your ulimit -n.%s", n_conns, m);
00799     tor_free(m);
00800     control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
00801                                  n_conns);
00802   }
00803 }
00804 
00805 #ifdef HAVE_SYS_UN_H
00806 
00808 static int
00809 check_location_for_unix_socket(const or_options_t *options, const char *path)
00810 {
00811   int r = -1;
00812   char *p = tor_strdup(path);
00813   cpd_check_t flags = CPD_CHECK_MODE_ONLY;
00814   if (get_parent_directory(p)<0)
00815     goto done;
00816 
00817   if (options->ControlSocketsGroupWritable)
00818     flags |= CPD_GROUP_OK;
00819 
00820   if (check_private_dir(p, flags, options->User) < 0) {
00821     char *escpath, *escdir;
00822     escpath = esc_for_log(path);
00823     escdir = esc_for_log(p);
00824     log_warn(LD_GENERAL, "Before Tor can create a control socket in %s, the "
00825              "directory %s needs to exist, and to be accessible only by the "
00826              "user%s account that is running Tor.  (On some Unix systems, "
00827              "anybody who can list a socket can connect to it, so Tor is "
00828              "being careful.)", escpath, escdir,
00829              options->ControlSocketsGroupWritable ? " and group" : "");
00830     tor_free(escpath);
00831     tor_free(escdir);
00832     goto done;
00833   }
00834 
00835   r = 0;
00836  done:
00837   tor_free(p);
00838   return r;
00839 }
00840 #endif
00841 
00844 static void
00845 make_socket_reuseable(tor_socket_t sock)
00846 {
00847 #ifdef _WIN32
00848   (void) sock;
00849 #else
00850   int one=1;
00851 
00852   /* REUSEADDR on normal places means you can rebind to the port
00853    * right after somebody else has let it go. But REUSEADDR on win32
00854    * means you can bind to the port _even when somebody else
00855    * already has it bound_. So, don't do that on Win32. */
00856   setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
00857              (socklen_t)sizeof(one));
00858 #endif
00859 }
00860 
00867 static connection_t *
00868 connection_listener_new(const struct sockaddr *listensockaddr,
00869                            socklen_t socklen,
00870                            int type, const char *address,
00871                            const port_cfg_t *port_cfg)
00872 {
00873   listener_connection_t *lis_conn;
00874   connection_t *conn;
00875   tor_socket_t s; /* the socket we're going to make */
00876   or_options_t const *options = get_options();
00877 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
00878   struct passwd *pw = NULL;
00879 #endif
00880   uint16_t usePort = 0, gotPort = 0;
00881   int start_reading = 0;
00882   static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
00883   tor_addr_t addr;
00884 
00885   if (get_n_open_sockets() >= get_options()->_ConnLimit-1) {
00886     warn_too_many_conns();
00887     return NULL;
00888   }
00889 
00890   if (listensockaddr->sa_family == AF_INET ||
00891       listensockaddr->sa_family == AF_INET6) {
00892     int is_tcp = (type != CONN_TYPE_AP_DNS_LISTENER);
00893     if (is_tcp)
00894       start_reading = 1;
00895 
00896     tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
00897 
00898     log_notice(LD_NET, "Opening %s on %s:%d",
00899                conn_type_to_string(type), fmt_addr(&addr), usePort);
00900 
00901     s = tor_open_socket(tor_addr_family(&addr),
00902                         is_tcp ? SOCK_STREAM : SOCK_DGRAM,
00903                         is_tcp ? IPPROTO_TCP: IPPROTO_UDP);
00904     if (!SOCKET_OK(s)) {
00905       log_warn(LD_NET,"Socket creation failed: %s",
00906                tor_socket_strerror(tor_socket_errno(-1)));
00907       goto err;
00908     }
00909 
00910     make_socket_reuseable(s);
00911 
00912 #ifdef IPV6_V6ONLY
00913     if (listensockaddr->sa_family == AF_INET6) {
00914 #ifdef _WIN32
00915       /* In Redmond, this kind of thing passes for standards-conformance. */
00916       DWORD one = 1;
00917 #else
00918       int one = 1;
00919 #endif
00920       /* We need to set IPV6_V6ONLY so that this socket can't get used for
00921        * IPv4 connections. */
00922       if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
00923                      (void*)&one, sizeof(one))<0) {
00924         int e = tor_socket_errno(s);
00925         log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
00926                  tor_socket_strerror(e));
00927         /* Keep going; probably not harmful. */
00928       }
00929     }
00930 #endif
00931 
00932     if (bind(s,listensockaddr,socklen) < 0) {
00933       const char *helpfulhint = "";
00934       int e = tor_socket_errno(s);
00935       if (ERRNO_IS_EADDRINUSE(e))
00936         helpfulhint = ". Is Tor already running?";
00937       log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
00938                tor_socket_strerror(e), helpfulhint);
00939       tor_close_socket(s);
00940       goto err;
00941     }
00942 
00943     if (is_tcp) {
00944       if (listen(s,SOMAXCONN) < 0) {
00945         log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
00946                  tor_socket_strerror(tor_socket_errno(s)));
00947         tor_close_socket(s);
00948         goto err;
00949       }
00950     }
00951 
00952     if (usePort != 0) {
00953       gotPort = usePort;
00954     } else {
00955       tor_addr_t addr2;
00956       struct sockaddr_storage ss;
00957       socklen_t ss_len=sizeof(ss);
00958       if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
00959         log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
00960                  conn_type_to_string(type),
00961                  tor_socket_strerror(tor_socket_errno(s)));
00962         gotPort = 0;
00963       }
00964       tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
00965     }
00966 #ifdef HAVE_SYS_UN_H
00967   } else if (listensockaddr->sa_family == AF_UNIX) {
00968     start_reading = 1;
00969 
00970     /* For now only control ports can be Unix domain sockets
00971      * and listeners at the same time */
00972     tor_assert(type == CONN_TYPE_CONTROL_LISTENER);
00973 
00974     if (check_location_for_unix_socket(options, address) < 0)
00975       goto err;
00976 
00977     log_notice(LD_NET, "Opening %s on %s",
00978                conn_type_to_string(type), address);
00979 
00980     tor_addr_make_unspec(&addr);
00981 
00982     if (unlink(address) < 0 && errno != ENOENT) {
00983       log_warn(LD_NET, "Could not unlink %s: %s", address,
00984                        strerror(errno));
00985       goto err;
00986     }
00987     s = tor_open_socket(AF_UNIX, SOCK_STREAM, 0);
00988     if (! SOCKET_OK(s)) {
00989       log_warn(LD_NET,"Socket creation failed: %s.", strerror(errno));
00990       goto err;
00991     }
00992 
00993     if (bind(s, listensockaddr, (socklen_t)sizeof(struct sockaddr_un)) == -1) {
00994       log_warn(LD_NET,"Bind to %s failed: %s.", address,
00995                tor_socket_strerror(tor_socket_errno(s)));
00996       goto err;
00997     }
00998 #ifdef HAVE_PWD_H
00999     if (options->User) {
01000       pw = getpwnam(options->User);
01001       if (pw == NULL) {
01002         log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
01003                  address, options->User);
01004       } else if (chown(address, pw->pw_uid, pw->pw_gid) < 0) {
01005         log_warn(LD_NET,"Unable to chown() %s socket: %s.",
01006                  address, strerror(errno));
01007         goto err;
01008       }
01009     }
01010 #endif
01011     if (options->ControlSocketsGroupWritable) {
01012       /* We need to use chmod; fchmod doesn't work on sockets on all
01013        * platforms. */
01014       if (chmod(address, 0660) < 0) {
01015         log_warn(LD_FS,"Unable to make %s group-writable.", address);
01016         tor_close_socket(s);
01017         goto err;
01018       }
01019     }
01020 
01021     if (listen(s,SOMAXCONN) < 0) {
01022       log_warn(LD_NET, "Could not listen on %s: %s", address,
01023                tor_socket_strerror(tor_socket_errno(s)));
01024       tor_close_socket(s);
01025       goto err;
01026     }
01027 #else
01028     (void)options;
01029 #endif /* HAVE_SYS_UN_H */
01030   } else {
01031       log_err(LD_BUG,"Got unexpected address family %d.",
01032               listensockaddr->sa_family);
01033       tor_assert(0);
01034   }
01035 
01036   set_socket_nonblocking(s);
01037 
01038   lis_conn = listener_connection_new(type, listensockaddr->sa_family);
01039   conn = TO_CONN(lis_conn);
01040   conn->socket_family = listensockaddr->sa_family;
01041   conn->s = s;
01042   conn->address = tor_strdup(address);
01043   conn->port = gotPort;
01044   tor_addr_copy(&conn->addr, &addr);
01045 
01046   if (port_cfg->isolation_flags) {
01047     lis_conn->isolation_flags = port_cfg->isolation_flags;
01048     if (port_cfg->session_group >= 0) {
01049       lis_conn->session_group = port_cfg->session_group;
01050     } else {
01051       /* This can wrap after around INT_MAX listeners are opened.  But I don't
01052        * believe that matters, since you would need to open a ridiculous
01053        * number of listeners while keeping the early ones open before you ever
01054        * hit this.  An OR with a dozen ports open, for example, would have to
01055        * close and re-open its listeners every second for 4 years nonstop.
01056        */
01057       lis_conn->session_group = global_next_session_group--;
01058     }
01059   }
01060 
01061   if (connection_add(conn) < 0) { /* no space, forget it */
01062     log_warn(LD_NET,"connection_add for listener failed. Giving up.");
01063     connection_free(conn);
01064     goto err;
01065   }
01066 
01067   log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
01068          "%s listening on port %u.",
01069          conn_type_to_string(type), gotPort);
01070 
01071   conn->state = LISTENER_STATE_READY;
01072   if (start_reading) {
01073     connection_start_reading(conn);
01074   } else {
01075     tor_assert(type == CONN_TYPE_AP_DNS_LISTENER);
01076     dnsserv_configure_listener(conn);
01077   }
01078 
01079   return conn;
01080 
01081  err:
01082   return NULL;
01083 }
01084 
01092 static int
01093 check_sockaddr(struct sockaddr *sa, int len, int level)
01094 {
01095   int ok = 1;
01096 
01097   if (sa->sa_family == AF_INET) {
01098     struct sockaddr_in *sin=(struct sockaddr_in*)sa;
01099     if (len != sizeof(struct sockaddr_in)) {
01100       log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
01101              len,(int)sizeof(struct sockaddr_in));
01102       ok = 0;
01103     }
01104     if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
01105       log_fn(level, LD_NET,
01106              "Address for new connection has address/port equal to zero.");
01107       ok = 0;
01108     }
01109   } else if (sa->sa_family == AF_INET6) {
01110     struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
01111     if (len != sizeof(struct sockaddr_in6)) {
01112       log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
01113              len,(int)sizeof(struct sockaddr_in6));
01114       ok = 0;
01115     }
01116     if (tor_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
01117         sin6->sin6_port == 0) {
01118       log_fn(level, LD_NET,
01119              "Address for new connection has address/port equal to zero.");
01120       ok = 0;
01121     }
01122   } else {
01123     ok = 0;
01124   }
01125   return ok ? 0 : -1;
01126 }
01127 
01133 static int
01134 check_sockaddr_family_match(sa_family_t got, connection_t *listener)
01135 {
01136   if (got != listener->socket_family) {
01137     log_info(LD_BUG, "A listener connection returned a socket with a "
01138              "mismatched family. %s for addr_family %d gave us a socket "
01139              "with address family %d.  Dropping.",
01140              conn_type_to_string(listener->type),
01141              (int)listener->socket_family,
01142              (int)got);
01143     return -1;
01144   }
01145   return 0;
01146 }
01147 
01151 static int
01152 connection_handle_listener_read(connection_t *conn, int new_type)
01153 {
01154   tor_socket_t news; /* the new socket */
01155   connection_t *newconn;
01156   /* information about the remote peer when connecting to other routers */
01157   struct sockaddr_storage addrbuf;
01158   struct sockaddr *remote = (struct sockaddr*)&addrbuf;
01159   /* length of the remote address. Must be whatever accept() needs. */
01160   socklen_t remotelen = (socklen_t)sizeof(addrbuf);
01161   const or_options_t *options = get_options();
01162 
01163   tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
01164   memset(&addrbuf, 0, sizeof(addrbuf));
01165 
01166   news = tor_accept_socket(conn->s,remote,&remotelen);
01167   if (!SOCKET_OK(news)) { /* accept() error */
01168     int e = tor_socket_errno(conn->s);
01169     if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
01170       return 0; /* he hung up before we could accept(). that's fine. */
01171     } else if (ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e)) {
01172       warn_too_many_conns();
01173       return 0;
01174     }
01175     /* else there was a real error. */
01176     log_warn(LD_NET,"accept() failed: %s. Closing listener.",
01177              tor_socket_strerror(e));
01178     connection_mark_for_close(conn);
01179     return -1;
01180   }
01181   log_debug(LD_NET,
01182             "Connection accepted on socket %d (child of fd %d).",
01183             (int)news,(int)conn->s);
01184 
01185   make_socket_reuseable(news);
01186   set_socket_nonblocking(news);
01187 
01188   if (options->ConstrainedSockets)
01189     set_constrained_socket_buffers(news, (int)options->ConstrainedSockSize);
01190 
01191   if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
01192     tor_close_socket(news);
01193     return 0;
01194   }
01195 
01196   if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6) {
01197     tor_addr_t addr;
01198     uint16_t port;
01199     if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
01200       log_info(LD_NET,
01201                "accept() returned a strange address; closing connection.");
01202       tor_close_socket(news);
01203       return 0;
01204     }
01205 
01206     if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
01207       tor_close_socket(news);
01208       return 0;
01209     }
01210 
01211     tor_addr_from_sockaddr(&addr, remote, &port);
01212 
01213     /* process entrance policies here, before we even create the connection */
01214     if (new_type == CONN_TYPE_AP) {
01215       /* check sockspolicy to see if we should accept it */
01216       if (socks_policy_permits_address(&addr) == 0) {
01217         log_notice(LD_APP,
01218                    "Denying socks connection from untrusted address %s.",
01219                    fmt_addr(&addr));
01220         tor_close_socket(news);
01221         return 0;
01222       }
01223     }
01224     if (new_type == CONN_TYPE_DIR) {
01225       /* check dirpolicy to see if we should accept it */
01226       if (dir_policy_permits_address(&addr) == 0) {
01227         log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
01228                    fmt_addr(&addr));
01229         tor_close_socket(news);
01230         return 0;
01231       }
01232     }
01233 
01234     newconn = connection_new(new_type, conn->socket_family);
01235     newconn->s = news;
01236 
01237     /* remember the remote address */
01238     tor_addr_copy(&newconn->addr, &addr);
01239     newconn->port = port;
01240     newconn->address = tor_dup_addr(&addr);
01241 
01242   } else if (conn->socket_family == AF_UNIX) {
01243     /* For now only control ports can be Unix domain sockets
01244      * and listeners at the same time */
01245     tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
01246 
01247     newconn = connection_new(new_type, conn->socket_family);
01248     newconn->s = news;
01249 
01250     /* remember the remote address -- do we have anything sane to put here? */
01251     tor_addr_make_unspec(&newconn->addr);
01252     newconn->port = 1;
01253     newconn->address = tor_strdup(conn->address);
01254   } else {
01255     tor_assert(0);
01256   };
01257 
01258   if (connection_add(newconn) < 0) { /* no space, forget it */
01259     connection_free(newconn);
01260     return 0; /* no need to tear down the parent */
01261   }
01262 
01263   if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
01264     if (! newconn->marked_for_close)
01265       connection_mark_for_close(newconn);
01266     return 0;
01267   }
01268   return 0;
01269 }
01270 
01276 static int
01277 connection_init_accepted_conn(connection_t *conn,
01278                               const listener_connection_t *listener)
01279 {
01280   connection_start_reading(conn);
01281 
01282   switch (conn->type) {
01283     case CONN_TYPE_OR:
01284       control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
01285       return connection_tls_start_handshake(TO_OR_CONN(conn), 1);
01286     case CONN_TYPE_AP:
01287       TO_ENTRY_CONN(conn)->isolation_flags = listener->isolation_flags;
01288       TO_ENTRY_CONN(conn)->session_group = listener->session_group;
01289       TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
01290       TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->_base.type;
01291       switch (TO_CONN(listener)->type) {
01292         case CONN_TYPE_AP_LISTENER:
01293           conn->state = AP_CONN_STATE_SOCKS_WAIT;
01294           break;
01295         case CONN_TYPE_AP_TRANS_LISTENER:
01296           TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
01297           conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
01298           return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
01299         case CONN_TYPE_AP_NATD_LISTENER:
01300           TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
01301           conn->state = AP_CONN_STATE_NATD_WAIT;
01302           break;
01303       }
01304       break;
01305     case CONN_TYPE_DIR:
01306       conn->purpose = DIR_PURPOSE_SERVER;
01307       conn->state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
01308       break;
01309     case CONN_TYPE_CONTROL:
01310       conn->state = CONTROL_CONN_STATE_NEEDAUTH;
01311       break;
01312   }
01313   return 0;
01314 }
01315 
01325 int
01326 connection_connect(connection_t *conn, const char *address,
01327                    const tor_addr_t *addr, uint16_t port, int *socket_error)
01328 {
01329   tor_socket_t s;
01330   int inprogress = 0;
01331   struct sockaddr_storage addrbuf;
01332   struct sockaddr *dest_addr;
01333   int dest_addr_len;
01334   const or_options_t *options = get_options();
01335   int protocol_family;
01336 
01337   if (get_n_open_sockets() >= get_options()->_ConnLimit-1) {
01338     warn_too_many_conns();
01339     *socket_error = ENOBUFS;
01340     return -1;
01341   }
01342 
01343   if (tor_addr_family(addr) == AF_INET6)
01344     protocol_family = PF_INET6;
01345   else
01346     protocol_family = PF_INET;
01347 
01348   if (get_options()->DisableNetwork) {
01349     /* We should never even try to connect anyplace if DisableNetwork is set.
01350      * Warn if we do, and refuse to make the connection. */
01351     static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
01352     char *m;
01353 #ifdef _WIN32
01354     *socket_error = WSAENETUNREACH;
01355 #else
01356     *socket_error = ENETUNREACH;
01357 #endif
01358     if ((m = rate_limit_log(&disablenet_violated, approx_time()))) {
01359       log_warn(LD_BUG, "Tried to open a socket with DisableNetwork set.%s", m);
01360       tor_free(m);
01361     }
01362     tor_fragile_assert();
01363     return -1;
01364   }
01365 
01366   s = tor_open_socket(protocol_family,SOCK_STREAM,IPPROTO_TCP);
01367   if (! SOCKET_OK(s)) {
01368     *socket_error = tor_socket_errno(-1);
01369     log_warn(LD_NET,"Error creating network socket: %s",
01370              tor_socket_strerror(*socket_error));
01371     return -1;
01372   }
01373 
01374   make_socket_reuseable(s);
01375 
01376   if (options->OutboundBindAddress && !tor_addr_is_loopback(addr)) {
01377     struct sockaddr_in ext_addr;
01378 
01379     memset(&ext_addr, 0, sizeof(ext_addr));
01380     ext_addr.sin_family = AF_INET;
01381     ext_addr.sin_port = 0;
01382     if (!tor_inet_aton(options->OutboundBindAddress, &ext_addr.sin_addr)) {
01383       log_warn(LD_CONFIG,"Outbound bind address '%s' didn't parse. Ignoring.",
01384                options->OutboundBindAddress);
01385     } else {
01386       if (bind(s, (struct sockaddr*)&ext_addr,
01387                (socklen_t)sizeof(ext_addr)) < 0) {
01388         *socket_error = tor_socket_errno(s);
01389         log_warn(LD_NET,"Error binding network socket: %s",
01390                  tor_socket_strerror(*socket_error));
01391         tor_close_socket(s);
01392         return -1;
01393       }
01394     }
01395   }
01396 
01397   set_socket_nonblocking(s);
01398 
01399   if (options->ConstrainedSockets)
01400     set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize);
01401 
01402   memset(&addrbuf,0,sizeof(addrbuf));
01403   dest_addr = (struct sockaddr*) &addrbuf;
01404   dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
01405   tor_assert(dest_addr_len > 0);
01406 
01407   log_debug(LD_NET, "Connecting to %s:%u.",
01408             escaped_safe_str_client(address), port);
01409 
01410   if (connect(s, dest_addr, (socklen_t)dest_addr_len) < 0) {
01411     int e = tor_socket_errno(s);
01412     if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
01413       /* yuck. kill it. */
01414       *socket_error = e;
01415       log_info(LD_NET,
01416                "connect() to %s:%u failed: %s",
01417                escaped_safe_str_client(address),
01418                port, tor_socket_strerror(e));
01419       tor_close_socket(s);
01420       return -1;
01421     } else {
01422       inprogress = 1;
01423     }
01424   }
01425 
01426   /* it succeeded. we're connected. */
01427   log_fn(inprogress?LOG_DEBUG:LOG_INFO, LD_NET,
01428          "Connection to %s:%u %s (sock %d).",
01429          escaped_safe_str_client(address),
01430          port, inprogress?"in progress":"established", s);
01431   conn->s = s;
01432   if (connection_add_connecting(conn) < 0) {
01433     /* no space, forget it */
01434     *socket_error = ENOBUFS;
01435     return -1;
01436   }
01437   return inprogress ? 0 : 1;
01438 }
01439 
01442 static const char *
01443 connection_proxy_state_to_string(int state)
01444 {
01445   static const char *unknown = "???";
01446   static const char *states[] = {
01447     "PROXY_NONE",
01448     "PROXY_INFANT",
01449     "PROXY_HTTPS_WANT_CONNECT_OK",
01450     "PROXY_SOCKS4_WANT_CONNECT_OK",
01451     "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
01452     "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
01453     "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
01454     "PROXY_SOCKS5_WANT_CONNECT_OK",
01455     "PROXY_CONNECTED",
01456   };
01457 
01458   if (state < PROXY_NONE || state > PROXY_CONNECTED)
01459     return unknown;
01460 
01461   return states[state];
01462 }
01463 
01474 int
01475 connection_proxy_connect(connection_t *conn, int type)
01476 {
01477   const or_options_t *options;
01478 
01479   tor_assert(conn);
01480 
01481   options = get_options();
01482 
01483   switch (type) {
01484     case PROXY_CONNECT: {
01485       char buf[1024];
01486       char *base64_authenticator=NULL;
01487       const char *authenticator = options->HTTPSProxyAuthenticator;
01488 
01489       /* Send HTTP CONNECT and authentication (if available) in
01490        * one request */
01491 
01492       if (authenticator) {
01493         base64_authenticator = alloc_http_authenticator(authenticator);
01494         if (!base64_authenticator)
01495           log_warn(LD_OR, "Encoding https authenticator failed");
01496       }
01497 
01498       if (base64_authenticator) {
01499         const char *addr = fmt_addr(&conn->addr);
01500         tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n"
01501                      "Host: %s:%d\r\n"
01502                      "Proxy-Authorization: Basic %s\r\n\r\n",
01503                      addr, conn->port,
01504                      addr, conn->port,
01505                      base64_authenticator);
01506         tor_free(base64_authenticator);
01507       } else {
01508         tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.0\r\n\r\n",
01509                      fmt_addr(&conn->addr), conn->port);
01510       }
01511 
01512       connection_write_to_buf(buf, strlen(buf), conn);
01513       conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
01514       break;
01515     }
01516 
01517     case PROXY_SOCKS4: {
01518       unsigned char buf[9];
01519       uint16_t portn;
01520       uint32_t ip4addr;
01521 
01522       /* Send a SOCKS4 connect request with empty user id */
01523 
01524       if (tor_addr_family(&conn->addr) != AF_INET) {
01525         log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
01526         return -1;
01527       }
01528 
01529       ip4addr = tor_addr_to_ipv4n(&conn->addr);
01530       portn = htons(conn->port);
01531 
01532       buf[0] = 4; /* version */
01533       buf[1] = SOCKS_COMMAND_CONNECT; /* command */
01534       memcpy(buf + 2, &portn, 2); /* port */
01535       memcpy(buf + 4, &ip4addr, 4); /* addr */
01536       buf[8] = 0; /* userid (empty) */
01537 
01538       connection_write_to_buf((char *)buf, sizeof(buf), conn);
01539       conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
01540       break;
01541     }
01542 
01543     case PROXY_SOCKS5: {
01544       unsigned char buf[4]; /* fields: vers, num methods, method list */
01545 
01546       /* Send a SOCKS5 greeting (connect request must wait) */
01547 
01548       buf[0] = 5; /* version */
01549 
01550       /* number of auth methods */
01551       if (options->Socks5ProxyUsername) {
01552         buf[1] = 2;
01553         buf[2] = 0x00; /* no authentication */
01554         buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
01555         conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
01556       } else {
01557         buf[1] = 1;
01558         buf[2] = 0x00; /* no authentication */
01559         conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
01560       }
01561 
01562       connection_write_to_buf((char *)buf, 2 + buf[1], conn);
01563       break;
01564     }
01565 
01566     default:
01567       log_err(LD_BUG, "Invalid proxy protocol, %d", type);
01568       tor_fragile_assert();
01569       return -1;
01570   }
01571 
01572   log_debug(LD_NET, "set state %s",
01573             connection_proxy_state_to_string(conn->proxy_state));
01574 
01575   return 0;
01576 }
01577 
01582 static int
01583 connection_read_https_proxy_response(connection_t *conn)
01584 {
01585   char *headers;
01586   char *reason=NULL;
01587   int status_code;
01588   time_t date_header;
01589 
01590   switch (fetch_from_buf_http(conn->inbuf,
01591                               &headers, MAX_HEADERS_SIZE,
01592                               NULL, NULL, 10000, 0)) {
01593     case -1: /* overflow */
01594       log_warn(LD_PROTOCOL,
01595                "Your https proxy sent back an oversized response. Closing.");
01596       return -1;
01597     case 0:
01598       log_info(LD_NET,"https proxy response not all here yet. Waiting.");
01599       return 0;
01600     /* case 1, fall through */
01601   }
01602 
01603   if (parse_http_response(headers, &status_code, &date_header,
01604                           NULL, &reason) < 0) {
01605     log_warn(LD_NET,
01606              "Unparseable headers from proxy (connecting to '%s'). Closing.",
01607              conn->address);
01608     tor_free(headers);
01609     return -1;
01610   }
01611   if (!reason) reason = tor_strdup("[no reason given]");
01612 
01613   if (status_code == 200) {
01614     log_info(LD_NET,
01615              "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
01616              conn->address, escaped(reason));
01617     tor_free(reason);
01618     return 1;
01619   }
01620   /* else, bad news on the status code */
01621   switch (status_code) {
01622     case 403:
01623       log_warn(LD_NET,
01624              "The https proxy refused to allow connection to %s "
01625              "(status code %d, %s). Closing.",
01626              conn->address, status_code, escaped(reason));
01627       break;
01628     default:
01629       log_warn(LD_NET,
01630              "The https proxy sent back an unexpected status code %d (%s). "
01631              "Closing.",
01632              status_code, escaped(reason));
01633       break;
01634   }
01635   tor_free(reason);
01636   return -1;
01637 }
01638 
01642 static void
01643 connection_send_socks5_connect(connection_t *conn)
01644 {
01645   unsigned char buf[1024];
01646   size_t reqsize = 6;
01647   uint16_t port = htons(conn->port);
01648 
01649   buf[0] = 5; /* version */
01650   buf[1] = SOCKS_COMMAND_CONNECT; /* command */
01651   buf[2] = 0; /* reserved */
01652 
01653   if (tor_addr_family(&conn->addr) == AF_INET) {
01654     uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
01655 
01656     buf[3] = 1;
01657     reqsize += 4;
01658     memcpy(buf + 4, &addr, 4);
01659     memcpy(buf + 8, &port, 2);
01660   } else { /* AF_INET6 */
01661     buf[3] = 4;
01662     reqsize += 16;
01663     memcpy(buf + 4, tor_addr_to_in6(&conn->addr), 16);
01664     memcpy(buf + 20, &port, 2);
01665   }
01666 
01667   connection_write_to_buf((char *)buf, reqsize, conn);
01668 
01669   conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
01670 }
01671 
01674 static int
01675 connection_fetch_from_buf_socks_client(connection_t *conn,
01676                                        int state, char **reason)
01677 {
01678   IF_HAS_BUFFEREVENT(conn, {
01679     struct evbuffer *input = bufferevent_get_input(conn->bufev);
01680     return fetch_from_evbuffer_socks_client(input, state, reason);
01681   }) ELSE_IF_NO_BUFFEREVENT {
01682     return fetch_from_buf_socks_client(conn->inbuf, state, reason);
01683   }
01684 }
01685 
01696 int
01697 connection_read_proxy_handshake(connection_t *conn)
01698 {
01699   int ret = 0;
01700   char *reason = NULL;
01701 
01702   log_debug(LD_NET, "enter state %s",
01703             connection_proxy_state_to_string(conn->proxy_state));
01704 
01705   switch (conn->proxy_state) {
01706     case PROXY_HTTPS_WANT_CONNECT_OK:
01707       ret = connection_read_https_proxy_response(conn);
01708       if (ret == 1)
01709         conn->proxy_state = PROXY_CONNECTED;
01710       break;
01711 
01712     case PROXY_SOCKS4_WANT_CONNECT_OK:
01713       ret = connection_fetch_from_buf_socks_client(conn,
01714                                                    conn->proxy_state,
01715                                                    &reason);
01716       if (ret == 1)
01717         conn->proxy_state = PROXY_CONNECTED;
01718       break;
01719 
01720     case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
01721       ret = connection_fetch_from_buf_socks_client(conn,
01722                                                    conn->proxy_state,
01723                                                    &reason);
01724       /* no auth needed, do connect */
01725       if (ret == 1) {
01726         connection_send_socks5_connect(conn);
01727         ret = 0;
01728       }
01729       break;
01730 
01731     case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
01732       ret = connection_fetch_from_buf_socks_client(conn,
01733                                                    conn->proxy_state,
01734                                                    &reason);
01735 
01736       /* send auth if needed, otherwise do connect */
01737       if (ret == 1) {
01738         connection_send_socks5_connect(conn);
01739         ret = 0;
01740       } else if (ret == 2) {
01741         unsigned char buf[1024];
01742         size_t reqsize, usize, psize;
01743         const char *user, *pass;
01744 
01745         user = get_options()->Socks5ProxyUsername;
01746         pass = get_options()->Socks5ProxyPassword;
01747         tor_assert(user && pass);
01748 
01749         /* XXX len of user and pass must be <= 255 !!! */
01750         usize = strlen(user);
01751         psize = strlen(pass);
01752         tor_assert(usize <= 255 && psize <= 255);
01753         reqsize = 3 + usize + psize;
01754 
01755         buf[0] = 1; /* negotiation version */
01756         buf[1] = usize;
01757         memcpy(buf + 2, user, usize);
01758         buf[2 + usize] = psize;
01759         memcpy(buf + 3 + usize, pass, psize);
01760 
01761         connection_write_to_buf((char *)buf, reqsize, conn);
01762 
01763         conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
01764         ret = 0;
01765       }
01766       break;
01767 
01768     case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
01769       ret = connection_fetch_from_buf_socks_client(conn,
01770                                                    conn->proxy_state,
01771                                                    &reason);
01772       /* send the connect request */
01773       if (ret == 1) {
01774         connection_send_socks5_connect(conn);
01775         ret = 0;
01776       }
01777       break;
01778 
01779     case PROXY_SOCKS5_WANT_CONNECT_OK:
01780       ret = connection_fetch_from_buf_socks_client(conn,
01781                                                    conn->proxy_state,
01782                                                    &reason);
01783       if (ret == 1)
01784         conn->proxy_state = PROXY_CONNECTED;
01785       break;
01786 
01787     default:
01788       log_err(LD_BUG, "Invalid proxy_state for reading, %d",
01789               conn->proxy_state);
01790       tor_fragile_assert();
01791       ret = -1;
01792       break;
01793   }
01794 
01795   log_debug(LD_NET, "leaving state %s",
01796             connection_proxy_state_to_string(conn->proxy_state));
01797 
01798   if (ret < 0) {
01799     if (reason) {
01800       log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d (%s)",
01801                 conn->address, conn->port, escaped(reason));
01802       tor_free(reason);
01803     } else {
01804       log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d",
01805                 conn->address, conn->port);
01806     }
01807   } else if (ret == 1) {
01808     log_info(LD_NET, "Proxy Client: connection to %s:%d successful",
01809               conn->address, conn->port);
01810   }
01811 
01812   return ret;
01813 }
01814 
01828 static int
01829 retry_listener_ports(smartlist_t *old_conns,
01830                      const smartlist_t *ports,
01831                      smartlist_t *new_conns,
01832                      int control_listeners_only)
01833 {
01834   smartlist_t *launch = smartlist_new();
01835   int r = 0;
01836 
01837   if (control_listeners_only) {
01838     SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
01839         if (p->type == CONN_TYPE_CONTROL_LISTENER)
01840           smartlist_add(launch, p);
01841     });
01842   } else {
01843     smartlist_add_all(launch, ports);
01844   }
01845 
01846   /* Iterate through old_conns, comparing it to launch: remove from both lists
01847    * each pair of elements that corresponds to the same port. */
01848   SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
01849     const port_cfg_t *found_port = NULL;
01850 
01851     /* Okay, so this is a listener.  Is it configured? */
01852     SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
01853       if (conn->type != wanted->type)
01854         continue;
01855       if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
01856           (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
01857         continue;
01858 
01859       if (wanted->no_listen)
01860         continue; /* We don't want to open a listener for this one */
01861 
01862       if (wanted->is_unix_addr) {
01863         if (conn->socket_family == AF_UNIX &&
01864             !strcmp(wanted->unix_addr, conn->address)) {
01865           found_port = wanted;
01866           break;
01867         }
01868       } else {
01869         int port_matches;
01870         if (wanted->port == CFG_AUTO_PORT) {
01871           port_matches = 1;
01872         } else {
01873           port_matches = (wanted->port == conn->port);
01874         }
01875         if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
01876           found_port = wanted;
01877           break;
01878         }
01879       }
01880     } SMARTLIST_FOREACH_END(wanted);
01881 
01882     if (found_port) {
01883       /* This listener is already running; we don't need to launch it. */
01884       //log_debug(LD_NET, "Already have %s on %s:%d",
01885       //    conn_type_to_string(found_port->type), conn->address, conn->port);
01886       smartlist_remove(launch, found_port);
01887       /* And we can remove the connection from old_conns too. */
01888       SMARTLIST_DEL_CURRENT(old_conns, conn);
01889     }
01890   } SMARTLIST_FOREACH_END(conn);
01891 
01892   /* Now open all the listeners that are configured but not opened. */
01893   SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
01894     struct sockaddr *listensockaddr;
01895     socklen_t listensocklen = 0;
01896     char *address=NULL;
01897     connection_t *conn;
01898     int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
01899     tor_assert(real_port <= UINT16_MAX);
01900     if (port->no_listen)
01901       continue;
01902 
01903     if (port->is_unix_addr) {
01904       listensockaddr = (struct sockaddr *)
01905         create_unix_sockaddr(port->unix_addr,
01906                              &address, &listensocklen);
01907     } else {
01908       listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
01909       listensocklen = tor_addr_to_sockaddr(&port->addr,
01910                                            real_port,
01911                                            listensockaddr,
01912                                            sizeof(struct sockaddr_storage));
01913       address = tor_dup_addr(&port->addr);
01914     }
01915 
01916     if (listensockaddr) {
01917       conn = connection_listener_new(listensockaddr, listensocklen,
01918                                         port->type, address, port);
01919       tor_free(listensockaddr);
01920       tor_free(address);
01921     } else {
01922       conn = NULL;
01923     }
01924 
01925     if (!conn) {
01926       r = -1;
01927     } else {
01928       if (new_conns)
01929         smartlist_add(new_conns, conn);
01930     }
01931   } SMARTLIST_FOREACH_END(port);
01932 
01933   smartlist_free(launch);
01934 
01935   return r;
01936 }
01937 
01948 int
01949 retry_all_listeners(smartlist_t *replaced_conns,
01950                     smartlist_t *new_conns, int close_all_noncontrol)
01951 {
01952   smartlist_t *listeners = smartlist_new();
01953   const or_options_t *options = get_options();
01954   int retval = 0;
01955   const uint16_t old_or_port = router_get_advertised_or_port(options);
01956   const uint16_t old_dir_port = router_get_advertised_dir_port(options, 0);
01957 
01958   SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
01959     if (connection_is_listener(conn) && !conn->marked_for_close)
01960       smartlist_add(listeners, conn);
01961   } SMARTLIST_FOREACH_END(conn);
01962 
01963   if (retry_listener_ports(listeners,
01964                            get_configured_ports(),
01965                            new_conns,
01966                            close_all_noncontrol) < 0)
01967     retval = -1;
01968 
01969   /* Any members that were still in 'listeners' don't correspond to
01970    * any configured port.  Kill 'em. */
01971   SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
01972     log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
01973                conn_type_to_string(conn->type), conn->address, conn->port);
01974     if (replaced_conns) {
01975       smartlist_add(replaced_conns, conn);
01976     } else {
01977       connection_close_immediate(conn);
01978       connection_mark_for_close(conn);
01979     }
01980   } SMARTLIST_FOREACH_END(conn);
01981 
01982   smartlist_free(listeners);
01983 
01984   /* XXXprop186 should take all advertised ports into account */
01985   if (old_or_port != router_get_advertised_or_port(options) ||
01986       old_dir_port != router_get_advertised_dir_port(options, 0)) {
01987     /* Our chosen ORPort or DirPort is not what it used to be: the
01988      * descriptor we had (if any) should be regenerated.  (We won't
01989      * automatically notice this because of changes in the option,
01990      * since the value could be "auto".) */
01991     mark_my_descriptor_dirty("Chosen Or/DirPort changed");
01992   }
01993 
01994   return retval;
01995 }
01996 
01998 void
01999 connection_mark_all_noncontrol_listeners(void)
02000 {
02001   SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
02002     if (conn->marked_for_close)
02003       continue;
02004     if (conn->type == CONN_TYPE_CONTROL_LISTENER)
02005       continue;
02006     if (connection_is_listener(conn))
02007       connection_mark_for_close(conn);
02008   } SMARTLIST_FOREACH_END(conn);
02009 }
02010 
02012 void
02013 connection_mark_all_noncontrol_connections(void)
02014 {
02015   SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
02016     if (conn->marked_for_close)
02017       continue;
02018     switch (conn->type) {
02019       case CONN_TYPE_CPUWORKER:
02020       case CONN_TYPE_CONTROL_LISTENER:
02021       case CONN_TYPE_CONTROL:
02022         break;
02023       case CONN_TYPE_AP:
02024         connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
02025                                       END_STREAM_REASON_HIBERNATING);
02026         break;
02027       default:
02028         connection_mark_for_close(conn);
02029         break;
02030     }
02031   } SMARTLIST_FOREACH_END(conn);
02032 }
02033 
02040 static int
02041 connection_is_rate_limited(connection_t *conn)
02042 {
02043   const or_options_t *options = get_options();
02044   if (conn->linked)
02045     return 0; /* Internal connection */
02046   else if (! options->CountPrivateBandwidth &&
02047            (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
02048             tor_addr_is_internal(&conn->addr, 0)))
02049     return 0; /* Internal address */
02050   else
02051     return 1;
02052 }
02053 
02054 #ifdef USE_BUFFEREVENTS
02055 static struct bufferevent_rate_limit_group *global_rate_limit = NULL;
02056 #else
02057 extern int global_read_bucket, global_write_bucket;
02058 extern int global_relayed_read_bucket, global_relayed_write_bucket;
02059 
02063 static int write_buckets_empty_last_second = 0;
02064 #endif
02065 
02068 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
02069 
02070 #ifndef USE_BUFFEREVENTS
02071 
02075 static int
02076 connection_counts_as_relayed_traffic(connection_t *conn, time_t now)
02077 {
02078   if (conn->type == CONN_TYPE_OR &&
02079       TO_OR_CONN(conn)->client_used + CLIENT_IDLE_TIME_FOR_PRIORITY < now)
02080     return 1;
02081   if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
02082     return 1;
02083   return 0;
02084 }
02085 
02091 static ssize_t
02092 connection_bucket_round_robin(int base, int priority,
02093                               ssize_t global_bucket, ssize_t conn_bucket)
02094 {
02095   ssize_t at_most;
02096   ssize_t num_bytes_high = (priority ? 32 : 16) * base;
02097   ssize_t num_bytes_low = (priority ? 4 : 2) * base;
02098 
02099   /* Do a rudimentary round-robin so one circuit can't hog a connection.
02100    * Pick at most 32 cells, at least 4 cells if possible, and if we're in
02101    * the middle pick 1/8 of the available bandwidth. */
02102   at_most = global_bucket / 8;
02103   at_most -= (at_most % base); /* round down */
02104   if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
02105     at_most = num_bytes_high;
02106   else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
02107     at_most = num_bytes_low;
02108 
02109   if (at_most > global_bucket)
02110     at_most = global_bucket;
02111 
02112   if (conn_bucket >= 0 && at_most > conn_bucket)
02113     at_most = conn_bucket;
02114 
02115   if (at_most < 0)
02116     return 0;
02117   return at_most;
02118 }
02119 
02121 static ssize_t
02122 connection_bucket_read_limit(connection_t *conn, time_t now)
02123 {
02124   int base = connection_speaks_cells(conn) ?
02125                CELL_NETWORK_SIZE : RELAY_PAYLOAD_SIZE;
02126   int priority = conn->type != CONN_TYPE_DIR;
02127   int conn_bucket = -1;
02128   int global_bucket = global_read_bucket;
02129 
02130   if (connection_speaks_cells(conn)) {
02131     or_connection_t *or_conn = TO_OR_CONN(conn);
02132     if (conn->state == OR_CONN_STATE_OPEN)
02133       conn_bucket = or_conn->read_bucket;
02134   }
02135 
02136   if (!connection_is_rate_limited(conn)) {
02137     /* be willing to read on local conns even if our buckets are empty */
02138     return conn_bucket>=0 ? conn_bucket : 1<<14;
02139   }
02140 
02141   if (connection_counts_as_relayed_traffic(conn, now) &&
02142       global_relayed_read_bucket <= global_read_bucket)
02143     global_bucket = global_relayed_read_bucket;
02144 
02145   return connection_bucket_round_robin(base, priority,
02146                                        global_bucket, conn_bucket);
02147 }
02148 
02150 ssize_t
02151 connection_bucket_write_limit(connection_t *conn, time_t now)
02152 {
02153   int base = connection_speaks_cells(conn) ?
02154                CELL_NETWORK_SIZE : RELAY_PAYLOAD_SIZE;
02155   int priority = conn->type != CONN_TYPE_DIR;
02156   int conn_bucket = (int)conn->outbuf_flushlen;
02157   int global_bucket = global_write_bucket;
02158 
02159   if (!connection_is_rate_limited(conn)) {
02160     /* be willing to write to local conns even if our buckets are empty */
02161     return conn->outbuf_flushlen;
02162   }
02163 
02164   if (connection_speaks_cells(conn)) {
02165     /* use the per-conn write limit if it's lower, but if it's less
02166      * than zero just use zero */
02167     or_connection_t *or_conn = TO_OR_CONN(conn);
02168     if (conn->state == OR_CONN_STATE_OPEN)
02169       if (or_conn->write_bucket < conn_bucket)
02170         conn_bucket = or_conn->write_bucket >= 0 ?
02171                         or_conn->write_bucket : 0;
02172   }
02173 
02174   if (connection_counts_as_relayed_traffic(conn, now) &&
02175       global_relayed_write_bucket <= global_write_bucket)
02176     global_bucket = global_relayed_write_bucket;
02177 
02178   return connection_bucket_round_robin(base, priority,
02179                                        global_bucket, conn_bucket);
02180 }
02181 #else
02182 static ssize_t
02183 connection_bucket_read_limit(connection_t *conn, time_t now)
02184 {
02185   (void) now;
02186   return bufferevent_get_max_to_read(conn->bufev);
02187 }
02188 ssize_t
02189 connection_bucket_write_limit(connection_t *conn, time_t now)
02190 {
02191   (void) now;
02192   return bufferevent_get_max_to_write(conn->bufev);
02193 }
02194 #endif
02195 
02216 int
02217 global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
02218 {
02219 #ifdef USE_BUFFEREVENTS
02220   ssize_t smaller_bucket = bufferevent_get_max_to_write(conn->bufev);
02221 #else
02222   int smaller_bucket = global_write_bucket < global_relayed_write_bucket ?
02223                        global_write_bucket : global_relayed_write_bucket;
02224 #endif
02225   if (authdir_mode(get_options()) && priority>1)
02226     return 0; /* there's always room to answer v2 if we're an auth dir */
02227 
02228   if (!connection_is_rate_limited(conn))
02229     return 0; /* local conns don't get limited */
02230 
02231   if (smaller_bucket < (int)attempt)
02232     return 1; /* not enough space no matter the priority */
02233 
02234 #ifndef USE_BUFFEREVENTS
02235   if (write_buckets_empty_last_second)
02236     return 1; /* we're already hitting our limits, no more please */
02237 #endif
02238 
02239   if (priority == 1) { /* old-style v1 query */
02240     /* Could we handle *two* of these requests within the next two seconds? */
02241     const or_options_t *options = get_options();
02242     int64_t can_write = (int64_t)smaller_bucket
02243       + 2*(options->RelayBandwidthRate ? options->RelayBandwidthRate :
02244                                          options->BandwidthRate);
02245     if (can_write < 2*(int64_t)attempt)
02246       return 1;
02247   } else { /* v2 query */
02248     /* no further constraints yet */
02249   }
02250   return 0;
02251 }
02252 
02256 static void
02257 record_num_bytes_transferred_impl(connection_t *conn,
02258                              time_t now, size_t num_read, size_t num_written)
02259 {
02260   /* Count bytes of answering direct and tunneled directory requests */
02261   if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
02262     if (num_read > 0)
02263       rep_hist_note_dir_bytes_read(num_read, now);
02264     if (num_written > 0)
02265       rep_hist_note_dir_bytes_written(num_written, now);
02266   }
02267 
02268   if (!connection_is_rate_limited(conn))
02269     return; /* local IPs are free */
02270 
02271   if (conn->type == CONN_TYPE_OR)
02272     rep_hist_note_or_conn_bytes(conn->global_identifier, num_read,
02273                                 num_written, now);
02274 
02275   if (num_read > 0) {
02276     rep_hist_note_bytes_read(num_read, now);
02277   }
02278   if (num_written > 0) {
02279     rep_hist_note_bytes_written(num_written, now);
02280   }
02281   if (conn->type == CONN_TYPE_EXIT)
02282     rep_hist_note_exit_bytes(conn->port, num_written, num_read);
02283 }
02284 
02285 #ifdef USE_BUFFEREVENTS
02286 
02288 static void
02289 record_num_bytes_transferred(connection_t *conn,
02290                              time_t now, size_t num_read, size_t num_written)
02291 {
02292   /* XXX024 check if this is necessary */
02293   if (num_written >= INT_MAX || num_read >= INT_MAX) {
02294     log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
02295              "connection type=%s, state=%s",
02296              (unsigned long)num_read, (unsigned long)num_written,
02297              conn_type_to_string(conn->type),
02298              conn_state_to_string(conn->type, conn->state));
02299     if (num_written >= INT_MAX) num_written = 1;
02300     if (num_read >= INT_MAX) num_read = 1;
02301     tor_fragile_assert();
02302   }
02303 
02304   record_num_bytes_transferred_impl(conn,now,num_read,num_written);
02305 }
02306 #endif
02307 
02308 #ifndef USE_BUFFEREVENTS
02309 
02311 static void
02312 connection_buckets_decrement(connection_t *conn, time_t now,
02313                              size_t num_read, size_t num_written)
02314 {
02315   if (num_written >= INT_MAX || num_read >= INT_MAX) {
02316     log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
02317              "connection type=%s, state=%s",
02318              (unsigned long)num_read, (unsigned long)num_written,
02319              conn_type_to_string(conn->type),
02320              conn_state_to_string(conn->type, conn->state));
02321     if (num_written >= INT_MAX) num_written = 1;
02322     if (num_read >= INT_MAX) num_read = 1;
02323     tor_fragile_assert();
02324   }
02325 
02326   record_num_bytes_transferred_impl(conn, now, num_read, num_written);
02327 
02328   if (!connection_is_rate_limited(conn))
02329     return; /* local IPs are free */
02330 
02331   if (connection_counts_as_relayed_traffic(conn, now)) {
02332     global_relayed_read_bucket -= (int)num_read;
02333     global_relayed_write_bucket -= (int)num_written;
02334   }
02335   global_read_bucket -= (int)num_read;
02336   global_write_bucket -= (int)num_written;
02337   if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
02338     TO_OR_CONN(conn)->read_bucket -= (int)num_read;
02339     TO_OR_CONN(conn)->write_bucket -= (int)num_written;
02340   }
02341 }
02342 
02345 static void
02346 connection_consider_empty_read_buckets(connection_t *conn)
02347 {
02348   const char *reason;
02349 
02350   if (global_read_bucket <= 0) {
02351     reason = "global read bucket exhausted. Pausing.";
02352   } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
02353              global_relayed_read_bucket <= 0) {
02354     reason = "global relayed read bucket exhausted. Pausing.";
02355   } else if (connection_speaks_cells(conn) &&
02356              conn->state == OR_CONN_STATE_OPEN &&
02357              TO_OR_CONN(conn)->read_bucket <= 0) {
02358     reason = "connection read bucket exhausted. Pausing.";
02359   } else
02360     return; /* all good, no need to stop it */
02361 
02362   LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
02363   conn->read_blocked_on_bw = 1;
02364   connection_stop_reading(conn);
02365 }
02366 
02369 static void
02370 connection_consider_empty_write_buckets(connection_t *conn)
02371 {
02372   const char *reason;
02373 
02374   if (global_write_bucket <= 0) {
02375     reason = "global write bucket exhausted. Pausing.";
02376   } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
02377              global_relayed_write_bucket <= 0) {
02378     reason = "global relayed write bucket exhausted. Pausing.";
02379   } else if (connection_speaks_cells(conn) &&
02380              conn->state == OR_CONN_STATE_OPEN &&
02381              TO_OR_CONN(conn)->write_bucket <= 0) {
02382     reason = "connection write bucket exhausted. Pausing.";
02383   } else
02384     return; /* all good, no need to stop it */
02385 
02386   LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
02387   conn->write_blocked_on_bw = 1;
02388   connection_stop_writing(conn);
02389 }
02390 
02392 void
02393 connection_bucket_init(void)
02394 {
02395   const or_options_t *options = get_options();
02396   /* start it at max traffic */
02397   global_read_bucket = (int)options->BandwidthBurst;
02398   global_write_bucket = (int)options->BandwidthBurst;
02399   if (options->RelayBandwidthRate) {
02400     global_relayed_read_bucket = (int)options->RelayBandwidthBurst;
02401     global_relayed_write_bucket = (int)options->RelayBandwidthBurst;
02402   } else {
02403     global_relayed_read_bucket = (int)options->BandwidthBurst;
02404     global_relayed_write_bucket = (int)options->BandwidthBurst;
02405   }
02406 }
02407 
02412 static void
02413 connection_bucket_refill_helper(int *bucket, int rate, int burst,
02414                                 int milliseconds_elapsed,
02415                                 const char *name)
02416 {
02417   int starting_bucket = *bucket;
02418   if (starting_bucket < burst && milliseconds_elapsed > 0) {
02419     int64_t incr = (((int64_t)rate) * milliseconds_elapsed) / 1000;
02420     if ((burst - starting_bucket) < incr) {
02421       *bucket = burst;  /* We would overflow the bucket; just set it to
02422                          * the maximum. */
02423     } else {
02424       *bucket += (int)incr;
02425       if (*bucket > burst || *bucket < starting_bucket) {
02426         /* If we overflow the burst, or underflow our starting bucket,
02427          * cap the bucket value to burst. */
02428         /* XXXX this might be redundant now, but it doesn't show up
02429          * in profiles.  Remove it after analysis. */
02430         *bucket = burst;
02431       }
02432     }
02433     log(LOG_DEBUG, LD_NET,"%s now %d.", name, *bucket);
02434   }
02435 }
02436 
02438 void
02439 connection_bucket_refill(int milliseconds_elapsed, time_t now)
02440 {
02441   const or_options_t *options = get_options();
02442   smartlist_t *conns = get_connection_array();
02443   int bandwidthrate, bandwidthburst, relayrate, relayburst;
02444 
02445   bandwidthrate = (int)options->BandwidthRate;
02446   bandwidthburst = (int)options->BandwidthBurst;
02447 
02448   if (options->RelayBandwidthRate) {
02449     relayrate = (int)options->RelayBandwidthRate;
02450     relayburst = (int)options->RelayBandwidthBurst;
02451   } else {
02452     relayrate = bandwidthrate;
02453     relayburst = bandwidthburst;
02454   }
02455 
02456   tor_assert(milliseconds_elapsed >= 0);
02457 
02458   write_buckets_empty_last_second =
02459     global_relayed_write_bucket <= 0 || global_write_bucket <= 0;
02460 
02461   /* refill the global buckets */
02462   connection_bucket_refill_helper(&global_read_bucket,
02463                                   bandwidthrate, bandwidthburst,
02464                                   milliseconds_elapsed,
02465                                   "global_read_bucket");
02466   connection_bucket_refill_helper(&global_write_bucket,
02467                                   bandwidthrate, bandwidthburst,
02468                                   milliseconds_elapsed,
02469                                   "global_write_bucket");
02470   connection_bucket_refill_helper(&global_relayed_read_bucket,
02471                                   relayrate, relayburst,
02472                                   milliseconds_elapsed,
02473                                   "global_relayed_read_bucket");
02474   connection_bucket_refill_helper(&global_relayed_write_bucket,
02475                                   relayrate, relayburst,
02476                                   milliseconds_elapsed,
02477                                   "global_relayed_write_bucket");
02478 
02479   /* refill the per-connection buckets */
02480   SMARTLIST_FOREACH(conns, connection_t *, conn,
02481   {
02482     if (connection_speaks_cells(conn)) {
02483       or_connection_t *or_conn = TO_OR_CONN(conn);
02484       int orbandwidthrate = or_conn->bandwidthrate;
02485       int orbandwidthburst = or_conn->bandwidthburst;
02486       if (connection_bucket_should_increase(or_conn->read_bucket, or_conn)) {
02487         connection_bucket_refill_helper(&or_conn->read_bucket,
02488                                         orbandwidthrate,
02489                                         orbandwidthburst,
02490                                         milliseconds_elapsed,
02491                                         "or_conn->read_bucket");
02492       }
02493       if (connection_bucket_should_increase(or_conn->write_bucket, or_conn)) {
02494         connection_bucket_refill_helper(&or_conn->write_bucket,
02495                                         orbandwidthrate,
02496                                         orbandwidthburst,
02497                                         milliseconds_elapsed,
02498                                         "or_conn->write_bucket");
02499       }
02500     }
02501 
02502     if (conn->read_blocked_on_bw == 1 /* marked to turn reading back on now */
02503         && global_read_bucket > 0 /* and we're allowed to read */
02504         && (!connection_counts_as_relayed_traffic(conn, now) ||
02505             global_relayed_read_bucket > 0) /* even if we're relayed traffic */
02506         && (!connection_speaks_cells(conn) ||
02507             conn->state != OR_CONN_STATE_OPEN ||
02508             TO_OR_CONN(conn)->read_bucket > 0)) {
02509         /* and either a non-cell conn or a cell conn with non-empty bucket */
02510       LOG_FN_CONN(conn, (LOG_DEBUG,LD_NET,
02511                          "waking up conn (fd %d) for read", (int)conn->s));
02512       conn->read_blocked_on_bw = 0;
02513       connection_start_reading(conn);
02514     }
02515 
02516     if (conn->write_blocked_on_bw == 1
02517         && global_write_bucket > 0 /* and we're allowed to write */
02518         && (!connection_counts_as_relayed_traffic(conn, now) ||
02519             global_relayed_write_bucket > 0) /* even if it's relayed traffic */
02520         && (!connection_speaks_cells(conn) ||
02521             conn->state != OR_CONN_STATE_OPEN ||
02522             TO_OR_CONN(conn)->write_bucket > 0)) {
02523       LOG_FN_CONN(conn, (LOG_DEBUG,LD_NET,
02524                          "waking up conn (fd %d) for write", (int)conn->s));
02525       conn->write_blocked_on_bw = 0;
02526       connection_start_writing(conn);
02527     }
02528   });
02529 }
02530 
02534 static int
02535 connection_bucket_should_increase(int bucket, or_connection_t *conn)
02536 {
02537   tor_assert(conn);
02538 
02539   if (conn->_base.state != OR_CONN_STATE_OPEN)
02540     return 0; /* only open connections play the rate limiting game */
02541   if (bucket >= conn->bandwidthburst)
02542     return 0;
02543 
02544   return 1;
02545 }
02546 #else
02547 static void
02548 connection_buckets_decrement(connection_t *conn, time_t now,
02549                              size_t num_read, size_t num_written)
02550 {
02551   (void) conn;
02552   (void) now;
02553   (void) num_read;
02554   (void) num_written;
02555   /* Libevent does this for us. */
02556 }
02557 
02558 void
02559 connection_bucket_refill(int seconds_elapsed, time_t now)
02560 {
02561   (void) seconds_elapsed;
02562   (void) now;
02563   /* Libevent does this for us. */
02564 }
02565 void
02566 connection_bucket_init(void)
02567 {
02568   const or_options_t *options = get_options();
02569   const struct timeval *tick = tor_libevent_get_one_tick_timeout();
02570   struct ev_token_bucket_cfg *bucket_cfg;
02571 
02572   uint64_t rate, burst;
02573   if (options->RelayBandwidthRate) {
02574     rate = options->RelayBandwidthRate;
02575     burst = options->RelayBandwidthBurst;
02576   } else {
02577     rate = options->BandwidthRate;
02578     burst = options->BandwidthBurst;
02579   }
02580 
02581   /* This can't overflow, since TokenBucketRefillInterval <= 1000,
02582    * and rate started out less than INT32_MAX. */
02583   rate = (rate * options->TokenBucketRefillInterval) / 1000;
02584 
02585   bucket_cfg = ev_token_bucket_cfg_new((uint32_t)rate, (uint32_t)burst,
02586                                        (uint32_t)rate, (uint32_t)burst,
02587                                        tick);
02588 
02589   if (!global_rate_limit) {
02590     global_rate_limit =
02591       bufferevent_rate_limit_group_new(tor_libevent_get_base(), bucket_cfg);
02592   } else {
02593     bufferevent_rate_limit_group_set_cfg(global_rate_limit, bucket_cfg);
02594   }
02595   ev_token_bucket_cfg_free(bucket_cfg);
02596 }
02597 
02598 void
02599 connection_get_rate_limit_totals(uint64_t *read_out, uint64_t *written_out)
02600 {
02601   if (global_rate_limit == NULL) {
02602     *read_out = *written_out = 0;
02603   } else {
02604     bufferevent_rate_limit_group_get_totals(
02605       global_rate_limit, read_out, written_out);
02606   }
02607 }
02608 
02611 void
02612 connection_enable_rate_limiting(connection_t *conn)
02613 {
02614   if (conn->bufev) {
02615     if (!global_rate_limit)
02616       connection_bucket_init();
02617     tor_add_bufferevent_to_rate_limit_group(conn->bufev, global_rate_limit);
02618   }
02619 }
02620 
02621 static void
02622 connection_consider_empty_write_buckets(connection_t *conn)
02623 {
02624   (void) conn;
02625 }
02626 static void
02627 connection_consider_empty_read_buckets(connection_t *conn)
02628 {
02629   (void) conn;
02630 }
02631 #endif
02632 
02641 static int
02642 connection_handle_read_impl(connection_t *conn)
02643 {
02644   ssize_t max_to_read=-1, try_to_read;
02645   size_t before, n_read = 0;
02646   int socket_error = 0;
02647 
02648   if (conn->marked_for_close)
02649     return 0; /* do nothing */
02650 
02651   conn->timestamp_lastread = approx_time();
02652 
02653   switch (conn->type) {
02654     case CONN_TYPE_OR_LISTENER:
02655       return connection_handle_listener_read(conn, CONN_TYPE_OR);
02656     case CONN_TYPE_AP_LISTENER:
02657     case CONN_TYPE_AP_TRANS_LISTENER:
02658     case CONN_TYPE_AP_NATD_LISTENER:
02659       return connection_handle_listener_read(conn, CONN_TYPE_AP);
02660     case CONN_TYPE_DIR_LISTENER:
02661       return connection_handle_listener_read(conn, CONN_TYPE_DIR);
02662     case CONN_TYPE_CONTROL_LISTENER:
02663       return connection_handle_listener_read(conn, CONN_TYPE_CONTROL);
02664     case CONN_TYPE_AP_DNS_LISTENER:
02665       /* This should never happen; eventdns.c handles the reads here. */
02666       tor_fragile_assert();
02667       return 0;
02668   }
02669 
02670  loop_again:
02671   try_to_read = max_to_read;
02672   tor_assert(!conn->marked_for_close);
02673 
02674   before = buf_datalen(conn->inbuf);
02675   if (connection_read_to_buf(conn, &max_to_read, &socket_error) < 0) {
02676     /* There's a read error; kill the connection.*/
02677     if (conn->type == CONN_TYPE_OR &&
02678         conn->state == OR_CONN_STATE_CONNECTING) {
02679       connection_or_connect_failed(TO_OR_CONN(conn),
02680                                    errno_to_orconn_end_reason(socket_error),
02681                                    tor_socket_strerror(socket_error));
02682     }
02683     if (CONN_IS_EDGE(conn)) {
02684       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
02685       connection_edge_end_errno(edge_conn);
02686       if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
02687         /* broken, don't send a socks reply back */
02688         TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
02689       }
02690     }
02691     connection_close_immediate(conn); /* Don't flush; connection is dead. */
02692     connection_mark_for_close(conn);
02693     return -1;
02694   }
02695   n_read += buf_datalen(conn->inbuf) - before;
02696   if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
02697     /* instruct it not to try to package partial cells. */
02698     if (connection_process_inbuf(conn, 0) < 0) {
02699       return -1;
02700     }
02701     if (!conn->marked_for_close &&
02702         connection_is_reading(conn) &&
02703         !conn->inbuf_reached_eof &&
02704         max_to_read > 0)
02705       goto loop_again; /* try reading again, in case more is here now */
02706   }
02707   /* one last try, packaging partial cells and all. */
02708   if (!conn->marked_for_close &&
02709       connection_process_inbuf(conn, 1) < 0) {
02710     return -1;
02711   }
02712   if (conn->linked_conn) {
02713     /* The other side's handle_write() will never actually get called, so
02714      * we need to invoke the appropriate callbacks ourself. */
02715     connection_t *linked = conn->linked_conn;
02716 
02717     if (n_read) {
02718       /* Probably a no-op, since linked conns typically don't count for
02719        * bandwidth rate limiting. But do it anyway so we can keep stats
02720        * accurately. Note that since we read the bytes from conn, and
02721        * we're writing the bytes onto the linked connection, we count
02722        * these as <i>written</i> bytes. */
02723       connection_buckets_decrement(linked, approx_time(), 0, n_read);
02724 
02725       if (connection_flushed_some(linked) < 0)
02726         connection_mark_for_close(linked);
02727       if (!connection_wants_to_flush(linked))
02728         connection_finished_flushing(linked);
02729     }
02730 
02731     if (!buf_datalen(linked->outbuf) && conn->active_on_link)
02732       connection_stop_reading_from_linked_conn(conn);
02733   }
02734   /* If we hit the EOF, call connection_reached_eof(). */
02735   if (!conn->marked_for_close &&
02736       conn->inbuf_reached_eof &&
02737       connection_reached_eof(conn) < 0) {
02738     return -1;
02739   }
02740   return 0;
02741 }
02742 
02743 /* DOCDOC connection_handle_read */
02744 int
02745 connection_handle_read(connection_t *conn)
02746 {
02747   int res;
02748 
02749   tor_gettimeofday_cache_clear();
02750   res = connection_handle_read_impl(conn);
02751   return res;
02752 }
02753 
02764 static int
02765 connection_read_to_buf(connection_t *conn, ssize_t *max_to_read,
02766                        int *socket_error)
02767 {
02768   int result;
02769   ssize_t at_most = *max_to_read;
02770   size_t slack_in_buf, more_to_read;
02771   size_t n_read = 0, n_written = 0;
02772 
02773   if (at_most == -1) { /* we need to initialize it */
02774     /* how many bytes are we allowed to read? */
02775     at_most = connection_bucket_read_limit(conn, approx_time());
02776   }
02777 
02778   slack_in_buf = buf_slack(conn->inbuf);
02779  again:
02780   if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
02781     more_to_read = at_most - slack_in_buf;
02782     at_most = slack_in_buf;
02783   } else {
02784     more_to_read = 0;
02785   }
02786 
02787   if (connection_speaks_cells(conn) &&
02788       conn->state > OR_CONN_STATE_PROXY_HANDSHAKING) {
02789     int pending;
02790     or_connection_t *or_conn = TO_OR_CONN(conn);
02791     size_t initial_size;
02792     if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
02793         conn->state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) {
02794       /* continue handshaking even if global token bucket is empty */
02795       return connection_tls_continue_handshake(or_conn);
02796     }
02797 
02798     log_debug(LD_NET,
02799               "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
02800               " at_most %ld.",
02801               (int)conn->s,(long)buf_datalen(conn->inbuf),
02802               tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
02803 
02804     initial_size = buf_datalen(conn->inbuf);
02805     /* else open, or closing */
02806     result = read_to_buf_tls(or_conn->tls, at_most, conn->inbuf);
02807     if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
02808       or_conn->tls_error = result;
02809     else
02810       or_conn->tls_error = 0;
02811 
02812     switch (result) {
02813       case TOR_TLS_CLOSE:
02814       case TOR_TLS_ERROR_IO:
02815         log_debug(LD_NET,"TLS connection closed %son read. Closing. "
02816                  "(Nickname %s, address %s)",
02817                  result == TOR_TLS_CLOSE ? "cleanly " : "",
02818                  or_conn->nickname ? or_conn->nickname : "not set",
02819                  conn->address);
02820         return result;
02821       CASE_TOR_TLS_ERROR_ANY_NONIO:
02822         log_debug(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
02823                  tor_tls_err_to_string(result),
02824                  or_conn->nickname ? or_conn->nickname : "not set",
02825                  conn->address);
02826         return result;
02827       case TOR_TLS_WANTWRITE:
02828         connection_start_writing(conn);
02829         return 0;
02830       case TOR_TLS_WANTREAD: /* we're already reading */
02831       case TOR_TLS_DONE: /* no data read, so nothing to process */
02832         result = 0;
02833         break; /* so we call bucket_decrement below */
02834       default:
02835         break;
02836     }
02837     pending = tor_tls_get_pending_bytes(or_conn->tls);
02838     if (pending) {
02839       /* If we have any pending bytes, we read them now.  This *can*
02840        * take us over our read allotment, but really we shouldn't be
02841        * believing that SSL bytes are the same as TCP bytes anyway. */
02842       int r2 = read_to_buf_tls(or_conn->tls, pending, conn->inbuf);
02843       if (r2<0) {
02844         log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
02845         return -1;
02846       }
02847     }
02848     result = (int)(buf_datalen(conn->inbuf)-initial_size);
02849     tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
02850     log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
02851               result, (long)n_read, (long)n_written);
02852   } else if (conn->linked) {
02853     if (conn->linked_conn) {
02854       result = move_buf_to_buf(conn->inbuf, conn->linked_conn->outbuf,
02855                                &conn->linked_conn->outbuf_flushlen);
02856     } else {
02857       result = 0;
02858     }
02859     //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
02860     /* If the other side has disappeared, or if it's been marked for close and
02861      * we flushed its outbuf, then we should set our inbuf_reached_eof. */
02862     if (!conn->linked_conn ||
02863         (conn->linked_conn->marked_for_close &&
02864          buf_datalen(conn->linked_conn->outbuf) == 0))
02865       conn->inbuf_reached_eof = 1;
02866 
02867     n_read = (size_t) result;
02868   } else {
02869     /* !connection_speaks_cells, !conn->linked_conn. */
02870     int reached_eof = 0;
02871     CONN_LOG_PROTECT(conn,
02872         result = read_to_buf(conn->s, at_most, conn->inbuf, &reached_eof,
02873                              socket_error));
02874     if (reached_eof)
02875       conn->inbuf_reached_eof = 1;
02876 
02877 //  log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
02878 
02879     if (result < 0)
02880       return -1;
02881     n_read = (size_t) result;
02882   }
02883 
02884   if (n_read > 0) {
02885      /* change *max_to_read */
02886     *max_to_read = at_most - n_read;
02887 
02888     /* Update edge_conn->n_read */
02889     if (conn->type == CONN_TYPE_AP) {
02890       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
02891       /* Check for overflow: */
02892       if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
02893         edge_conn->n_read += (int)n_read;
02894       else
02895         edge_conn->n_read = UINT32_MAX;
02896     }
02897   }
02898 
02899   connection_buckets_decrement(conn, approx_time(), n_read, n_written);
02900 
02901   if (more_to_read && result == at_most) {
02902     slack_in_buf = buf_slack(conn->inbuf);
02903     at_most = more_to_read;
02904     goto again;
02905   }
02906 
02907   /* Call even if result is 0, since the global read bucket may
02908    * have reached 0 on a different conn, and this guy needs to
02909    * know to stop reading. */
02910   connection_consider_empty_read_buckets(conn);
02911   if (n_written > 0 && connection_is_writing(conn))
02912     connection_consider_empty_write_buckets(conn);
02913 
02914   return 0;
02915 }
02916 
02917 #ifdef USE_BUFFEREVENTS
02918 /* XXXX These generic versions could be simplified by making them
02919    type-specific */
02920 
02923 static void
02924 evbuffer_inbuf_callback(struct evbuffer *buf,
02925                         const struct evbuffer_cb_info *info, void *arg)
02926 {
02927   connection_t *conn = arg;
02928   (void) buf;
02929   /* XXXX These need to get real counts on the non-nested TLS case. - NM */
02930   if (info->n_added) {
02931     time_t now = approx_time();
02932     conn->timestamp_lastread = now;
02933     record_num_bytes_transferred(conn, now, info->n_added, 0);
02934     connection_consider_empty_read_buckets(conn);
02935     if (conn->type == CONN_TYPE_AP) {
02936       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
02937       /*XXXX024 check for overflow*/
02938       edge_conn->n_read += (int)info->n_added;
02939     }
02940   }
02941 }
02942 
02945 static void
02946 evbuffer_outbuf_callback(struct evbuffer *buf,
02947                          const struct evbuffer_cb_info *info, void *arg)
02948 {
02949   connection_t *conn = arg;
02950   (void)buf;
02951   if (info->n_deleted) {
02952     time_t now = approx_time();
02953     conn->timestamp_lastwritten = now;
02954     record_num_bytes_transferred(conn, now, 0, info->n_deleted);
02955     connection_consider_empty_write_buckets(conn);
02956     if (conn->type == CONN_TYPE_AP) {
02957       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
02958       /*XXXX024 check for overflow*/
02959       edge_conn->n_written += (int)info->n_deleted;
02960     }
02961   }
02962 }
02963 
02965 void
02966 connection_handle_read_cb(struct bufferevent *bufev, void *arg)
02967 {
02968   connection_t *conn = arg;
02969   (void) bufev;
02970   if (!conn->marked_for_close) {
02971     if (connection_process_inbuf(conn, 1)<0) /* XXXX Always 1? */
02972       if (!conn->marked_for_close)
02973         connection_mark_for_close(conn);
02974   }
02975 }
02976 
02978 void
02979 connection_handle_write_cb(struct bufferevent *bufev, void *arg)
02980 {
02981   connection_t *conn = arg;
02982   struct evbuffer *output;
02983   if (connection_flushed_some(conn)<0) {
02984     if (!conn->marked_for_close)
02985       connection_mark_for_close(conn);
02986     return;
02987   }
02988 
02989   output = bufferevent_get_output(bufev);
02990   if (!evbuffer_get_length(output)) {
02991     connection_finished_flushing(conn);
02992     if (conn->marked_for_close && conn->hold_open_until_flushed) {
02993       conn->hold_open_until_flushed = 0;
02994       if (conn->linked) {
02995         /* send eof */
02996         bufferevent_flush(conn->bufev, EV_WRITE, BEV_FINISHED);
02997       }
02998     }
02999   }
03000 }
03001 
03004 void
03005 connection_handle_event_cb(struct bufferevent *bufev, short event, void *arg)
03006 {
03007   connection_t *conn = arg;
03008   (void) bufev;
03009   if (conn->marked_for_close)
03010     return;
03011 
03012   if (event & BEV_EVENT_CONNECTED) {
03013     tor_assert(connection_state_is_connecting(conn));
03014     if (connection_finished_connecting(conn)<0)
03015       return;
03016   }
03017   if (event & BEV_EVENT_EOF) {
03018     if (!conn->marked_for_close) {
03019       conn->inbuf_reached_eof = 1;
03020       if (connection_reached_eof(conn)<0)
03021         return;
03022     }
03023   }
03024   if (event & BEV_EVENT_ERROR) {
03025     int socket_error = evutil_socket_geterror(conn->s);
03026     if (conn->type == CONN_TYPE_OR &&
03027         conn->state == OR_CONN_STATE_CONNECTING) {
03028       connection_or_connect_failed(TO_OR_CONN(conn),
03029                                    errno_to_orconn_end_reason(socket_error),
03030                                    tor_socket_strerror(socket_error));
03031     } else if (CONN_IS_EDGE(conn)) {
03032       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
03033       if (!edge_conn->edge_has_sent_end)
03034         connection_edge_end_errno(edge_conn);
03035       if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
03036         /* broken, don't send a socks reply back */
03037         TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
03038       }
03039     }
03040     connection_close_immediate(conn); /* Connection is dead. */
03041     if (!conn->marked_for_close)
03042       connection_mark_for_close(conn);
03043   }
03044 }
03045 
03047 void
03048 connection_configure_bufferevent_callbacks(connection_t *conn)
03049 {
03050   struct bufferevent *bufev;
03051   struct evbuffer *input, *output;
03052   tor_assert(conn->bufev);
03053   bufev = conn->bufev;
03054   bufferevent_setcb(bufev,
03055                     connection_handle_read_cb,
03056                     connection_handle_write_cb,
03057                     connection_handle_event_cb,
03058                     conn);
03059   /* Set a fairly high write low-watermark so that we get the write callback
03060      called whenever data is written to bring us under 128K.  Leave the
03061      high-watermark at 0.
03062   */
03063   bufferevent_setwatermark(bufev, EV_WRITE, 128*1024, 0);
03064 
03065   input = bufferevent_get_input(bufev);
03066   output = bufferevent_get_output(bufev);
03067   evbuffer_add_cb(input, evbuffer_inbuf_callback, conn);
03068   evbuffer_add_cb(output, evbuffer_outbuf_callback, conn);
03069 }
03070 #endif
03071 
03073 int
03074 connection_fetch_from_buf(char *string, size_t len, connection_t *conn)
03075 {
03076   IF_HAS_BUFFEREVENT(conn, {
03077     /* XXX overflow -seb */
03078     return (int)bufferevent_read(conn->bufev, string, len);
03079   }) ELSE_IF_NO_BUFFEREVENT {
03080     return fetch_from_buf(string, len, conn->inbuf);
03081   }
03082 }
03083 
03085 int
03086 connection_fetch_from_buf_line(connection_t *conn, char *data,
03087                                size_t *data_len)
03088 {
03089   IF_HAS_BUFFEREVENT(conn, {
03090     int r;
03091     size_t eol_len=0;
03092     struct evbuffer *input = bufferevent_get_input(conn->bufev);
03093     struct evbuffer_ptr ptr =
03094       evbuffer_search_eol(input, NULL, &eol_len, EVBUFFER_EOL_LF);
03095     if (ptr.pos == -1)
03096       return 0; /* No EOL found. */
03097     if ((size_t)ptr.pos+eol_len >= *data_len) {
03098       return -1; /* Too long */
03099     }
03100     *data_len = ptr.pos+eol_len;
03101     r = evbuffer_remove(input, data, ptr.pos+eol_len);
03102     tor_assert(r >= 0);
03103     data[ptr.pos+eol_len] = '\0';
03104     return 1;
03105   }) ELSE_IF_NO_BUFFEREVENT {
03106     return fetch_from_buf_line(conn->inbuf, data, data_len);
03107   }
03108 }
03109 
03112 int
03113 connection_fetch_from_buf_http(connection_t *conn,
03114                                char **headers_out, size_t max_headerlen,
03115                                char **body_out, size_t *body_used,
03116                                size_t max_bodylen, int force_complete)
03117 {
03118   IF_HAS_BUFFEREVENT(conn, {
03119     struct evbuffer *input = bufferevent_get_input(conn->bufev);
03120     return fetch_from_evbuffer_http(input, headers_out, max_headerlen,
03121                             body_out, body_used, max_bodylen, force_complete);
03122   }) ELSE_IF_NO_BUFFEREVENT {
03123     return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
03124                             body_out, body_used, max_bodylen, force_complete);
03125   }
03126 }
03127 
03130 int
03131 connection_wants_to_flush(connection_t *conn)
03132 {
03133   return conn->outbuf_flushlen > 0;
03134 }
03135 
03140 int
03141 connection_outbuf_too_full(connection_t *conn)
03142 {
03143   return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
03144 }
03145 
03164 static int
03165 connection_handle_write_impl(connection_t *conn, int force)
03166 {
03167   int e;
03168   socklen_t len=(socklen_t)sizeof(e);
03169   int result;
03170   ssize_t max_to_write;
03171   time_t now = approx_time();
03172   size_t n_read = 0, n_written = 0;
03173 
03174   tor_assert(!connection_is_listener(conn));
03175 
03176   if (conn->marked_for_close || !SOCKET_OK(conn->s))
03177     return 0; /* do nothing */
03178 
03179   if (conn->in_flushed_some) {
03180     log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
03181     return 0;
03182   }
03183 
03184   conn->timestamp_lastwritten = now;
03185 
03186   /* Sometimes, "writable" means "connected". */
03187   if (connection_state_is_connecting(conn)) {
03188     if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
03189       log_warn(LD_BUG, "getsockopt() syscall failed");
03190       if (CONN_IS_EDGE(conn))
03191         connection_edge_end_errno(TO_EDGE_CONN(conn));
03192       connection_mark_for_close(conn);
03193       return -1;
03194     }
03195     if (e) {
03196       /* some sort of error, but maybe just inprogress still */
03197       if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
03198         log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
03199                  tor_socket_strerror(e));
03200         if (CONN_IS_EDGE(conn))
03201           connection_edge_end_errno(TO_EDGE_CONN(conn));
03202         if (conn->type == CONN_TYPE_OR)
03203           connection_or_connect_failed(TO_OR_CONN(conn),
03204                                        errno_to_orconn_end_reason(e),
03205                                        tor_socket_strerror(e));
03206 
03207         connection_close_immediate(conn);
03208         connection_mark_for_close(conn);
03209         return -1;
03210       } else {
03211         return 0; /* no change, see if next time is better */
03212       }
03213     }
03214     /* The connection is successful. */
03215     if (connection_finished_connecting(conn)<0)
03216       return -1;
03217   }
03218 
03219   max_to_write = force ? (ssize_t)conn->outbuf_flushlen
03220     : connection_bucket_write_limit(conn, now);
03221 
03222   if (connection_speaks_cells(conn) &&
03223       conn->state > OR_CONN_STATE_PROXY_HANDSHAKING) {
03224     or_connection_t *or_conn = TO_OR_CONN(conn);
03225     if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
03226         conn->state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) {
03227       connection_stop_writing(conn);
03228       if (connection_tls_continue_handshake(or_conn) < 0) {
03229         /* Don't flush; connection is dead. */
03230         connection_close_immediate(conn);
03231         connection_mark_for_close(conn);
03232         return -1;
03233       }
03234       return 0;
03235     } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
03236       return connection_handle_read(conn);
03237     }
03238 
03239     /* else open, or closing */
03240     result = flush_buf_tls(or_conn->tls, conn->outbuf,
03241                            max_to_write, &conn->outbuf_flushlen);
03242 
03243     /* If we just flushed the last bytes, check if this tunneled dir
03244      * request is done. */
03245     /* XXXX move this to flushed_some or finished_flushing -NM */
03246     if (buf_datalen(conn->outbuf) == 0 && conn->dirreq_id)
03247       geoip_change_dirreq_state(conn->dirreq_id, DIRREQ_TUNNELED,
03248                                 DIRREQ_OR_CONN_BUFFER_FLUSHED);
03249 
03250     switch (result) {
03251       CASE_TOR_TLS_ERROR_ANY:
03252       case TOR_TLS_CLOSE:
03253         log_info(LD_NET,result!=TOR_TLS_CLOSE?
03254                  "tls error. breaking.":"TLS connection closed on flush");
03255         /* Don't flush; connection is dead. */
03256         connection_close_immediate(conn);
03257         connection_mark_for_close(conn);
03258         return -1;
03259       case TOR_TLS_WANTWRITE:
03260         log_debug(LD_NET,"wanted write.");
03261         /* we're already writing */
03262         return 0;
03263       case TOR_TLS_WANTREAD:
03264         /* Make sure to avoid a loop if the receive buckets are empty. */
03265         log_debug(LD_NET,"wanted read.");
03266         if (!connection_is_reading(conn)) {
03267           connection_stop_writing(conn);
03268           conn->write_blocked_on_bw = 1;
03269           /* we'll start reading again when we get more tokens in our
03270            * read bucket; then we'll start writing again too.
03271            */
03272         }
03273         /* else no problem, we're already reading */
03274         return 0;
03275       /* case TOR_TLS_DONE:
03276        * for TOR_TLS_DONE, fall through to check if the flushlen
03277        * is empty, so we can stop writing.
03278        */
03279     }
03280 
03281     tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
03282     log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
03283               result, (long)n_read, (long)n_written);
03284   } else {
03285     CONN_LOG_PROTECT(conn,
03286              result = flush_buf(conn->s, conn->outbuf,
03287                                 max_to_write, &conn->outbuf_flushlen));
03288     if (result < 0) {
03289       if (CONN_IS_EDGE(conn))
03290         connection_edge_end_errno(TO_EDGE_CONN(conn));
03291 
03292       connection_close_immediate(conn); /* Don't flush; connection is dead. */
03293       connection_mark_for_close(conn);
03294       return -1;
03295     }
03296     n_written = (size_t) result;
03297   }
03298 
03299   if (n_written && conn->type == CONN_TYPE_AP) {
03300     edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
03301 
03302     /* Check for overflow: */
03303     if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
03304       edge_conn->n_written += (int)n_written;
03305     else
03306       edge_conn->n_written = UINT32_MAX;
03307   }
03308 
03309   connection_buckets_decrement(conn, approx_time(), n_read, n_written);
03310 
03311   if (result > 0) {
03312     /* If we wrote any bytes from our buffer, then call the appropriate
03313      * functions. */
03314     if (connection_flushed_some(conn) < 0)
03315       connection_mark_for_close(conn);
03316   }
03317 
03318   if (!connection_wants_to_flush(conn)) { /* it's done flushing */
03319     if (connection_finished_flushing(conn) < 0) {
03320       /* already marked */
03321       return -1;
03322     }
03323     return 0;
03324   }
03325 
03326   /* Call even if result is 0, since the global write bucket may
03327    * have reached 0 on a different conn, and this guy needs to
03328    * know to stop writing. */
03329   connection_consider_empty_write_buckets(conn);
03330   if (n_read > 0 && connection_is_reading(conn))
03331     connection_consider_empty_read_buckets(conn);
03332 
03333   return 0;
03334 }
03335 
03336 /* DOCDOC connection_handle_write */
03337 int
03338 connection_handle_write(connection_t *conn, int force)
03339 {
03340     int res;
03341     tor_gettimeofday_cache_clear();
03342     res = connection_handle_write_impl(conn, force);
03343     return res;
03344 }
03345 
03355 int
03356 connection_flush(connection_t *conn)
03357 {
03358   IF_HAS_BUFFEREVENT(conn, {
03359       int r = bufferevent_flush(conn->bufev, EV_WRITE, BEV_FLUSH);
03360       return (r < 0) ? -1 : 0;
03361   });
03362   return connection_handle_write(conn, 1);
03363 }
03364 
03370 #define MIN_TLS_FLUSHLEN 15872
03371 
03385 void
03386 _connection_write_to_buf_impl(const char *string, size_t len,
03387                               connection_t *conn, int zlib)
03388 {
03389   /* XXXX This function really needs to return -1 on failure. */
03390   int r;
03391   size_t old_datalen;
03392   if (!len && !(zlib<0))
03393     return;
03394   /* if it's marked for close, only allow write if we mean to flush it */
03395   if (conn->marked_for_close && !conn->hold_open_until_flushed)
03396     return;
03397 
03398   IF_HAS_BUFFEREVENT(conn, {
03399     if (zlib) {
03400       int done = zlib < 0;
03401       r = write_to_evbuffer_zlib(bufferevent_get_output(conn->bufev),
03402                                  TO_DIR_CONN(conn)->zlib_state,
03403                                  string, len, done);
03404     } else {
03405       r = bufferevent_write(conn->bufev, string, len);
03406     }
03407     if (r < 0) {
03408       /* XXXX mark for close? */
03409       log_warn(LD_NET, "bufferevent_write failed! That shouldn't happen.");
03410     }
03411     return;
03412   });
03413 
03414   old_datalen = buf_datalen(conn->outbuf);
03415   if (zlib) {
03416     dir_connection_t *dir_conn = TO_DIR_CONN(conn);
03417     int done = zlib < 0;
03418     CONN_LOG_PROTECT(conn, r = write_to_buf_zlib(conn->outbuf,
03419                                                  dir_conn->zlib_state,
03420                                                  string, len, done));
03421   } else {
03422     CONN_LOG_PROTECT(conn, r = write_to_buf(string, len, conn->outbuf));
03423   }
03424   if (r < 0) {
03425     if (CONN_IS_EDGE(conn)) {
03426       /* if it failed, it means we have our package/delivery windows set
03427          wrong compared to our max outbuf size. close the whole circuit. */
03428       log_warn(LD_NET,
03429                "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
03430       circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
03431                              END_CIRC_REASON_INTERNAL);
03432     } else {
03433       log_warn(LD_NET,
03434                "write_to_buf failed. Closing connection (fd %d).",
03435                (int)conn->s);
03436       connection_mark_for_close(conn);
03437     }
03438     return;
03439   }
03440 
03441   /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
03442    * state, we don't want to try to write it right away, since
03443    * conn->write_event won't be set yet.  Otherwise, write data from
03444    * this conn as the socket is available. */
03445   if (conn->write_event) {
03446     connection_start_writing(conn);
03447   }
03448   if (zlib) {
03449     conn->outbuf_flushlen += buf_datalen(conn->outbuf) - old_datalen;
03450   } else {
03451     ssize_t extra = 0;
03452     conn->outbuf_flushlen += len;
03453 
03454     /* Should we try flushing the outbuf now? */
03455     if (conn->in_flushed_some) {
03456       /* Don't flush the outbuf when the reason we're writing more stuff is
03457        * _because_ we flushed the outbuf.  That's unfair. */
03458       return;
03459     }
03460 
03461     if (conn->type == CONN_TYPE_OR &&
03462         conn->outbuf_flushlen-len < MIN_TLS_FLUSHLEN &&
03463         conn->outbuf_flushlen >= MIN_TLS_FLUSHLEN) {
03464       /* We just pushed outbuf_flushlen to MIN_TLS_FLUSHLEN or above;
03465        * we can send out a full TLS frame now if we like. */
03466       extra = conn->outbuf_flushlen - MIN_TLS_FLUSHLEN;
03467       conn->outbuf_flushlen = MIN_TLS_FLUSHLEN;
03468     } else if (conn->type == CONN_TYPE_CONTROL &&
03469                !connection_is_rate_limited(conn) &&
03470                conn->outbuf_flushlen-len < 1<<16 &&
03471                conn->outbuf_flushlen >= 1<<16) {
03472       /* just try to flush all of it */
03473     } else
03474       return; /* no need to try flushing */
03475 
03476     if (connection_handle_write(conn, 0) < 0) {
03477       if (!conn->marked_for_close) {
03478         /* this connection is broken. remove it. */
03479         log_warn(LD_BUG, "unhandled error on write for "
03480                  "conn (type %d, fd %d); removing",
03481                  conn->type, (int)conn->s);
03482         tor_fragile_assert();
03483         /* do a close-immediate here, so we don't try to flush */
03484         connection_close_immediate(conn);
03485       }
03486       return;
03487     }
03488     if (extra) {
03489       conn->outbuf_flushlen += extra;
03490       connection_start_writing(conn);
03491     }
03492   }
03493 }
03494 
03497 connection_t *
03498 connection_get_by_type_addr_port_purpose(int type,
03499                                          const tor_addr_t *addr, uint16_t port,
03500                                          int purpose)
03501 {
03502   smartlist_t *conns = get_connection_array();
03503   SMARTLIST_FOREACH(conns, connection_t *, conn,
03504   {
03505     if (conn->type == type &&
03506         tor_addr_eq(&conn->addr, addr) &&
03507         conn->port == port &&
03508         conn->purpose == purpose &&
03509         !conn->marked_for_close)
03510       return conn;
03511   });
03512   return NULL;
03513 }
03514 
03518 connection_t *
03519 connection_get_by_global_id(uint64_t id)
03520 {
03521   smartlist_t *conns = get_connection_array();
03522   SMARTLIST_FOREACH(conns, connection_t *, conn,
03523   {
03524     if (conn->global_identifier == id)
03525       return conn;
03526   });
03527   return NULL;
03528 }
03529 
03532 connection_t *
03533 connection_get_by_type(int type)
03534 {
03535   smartlist_t *conns = get_connection_array();
03536   SMARTLIST_FOREACH(conns, connection_t *, conn,
03537   {
03538     if (conn->type == type && !conn->marked_for_close)
03539       return conn;
03540   });
03541   return NULL;
03542 }
03543 
03547 connection_t *
03548 connection_get_by_type_state(int type, int state)
03549 {
03550   smartlist_t *conns = get_connection_array();
03551   SMARTLIST_FOREACH(conns, connection_t *, conn,
03552   {
03553     if (conn->type == type && conn->state == state && !conn->marked_for_close)
03554       return conn;
03555   });
03556   return NULL;
03557 }
03558 
03563 connection_t *
03564 connection_get_by_type_state_rendquery(int type, int state,
03565                                        const char *rendquery)
03566 {
03567   smartlist_t *conns = get_connection_array();
03568 
03569   tor_assert(type == CONN_TYPE_DIR ||
03570              type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
03571   tor_assert(rendquery);
03572 
03573   SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
03574     if (conn->type == type &&
03575         !conn->marked_for_close &&
03576         (!state || state == conn->state)) {
03577       if (type == CONN_TYPE_DIR &&
03578           TO_DIR_CONN(conn)->rend_data &&
03579           !rend_cmp_service_ids(rendquery,
03580                                 TO_DIR_CONN(conn)->rend_data->onion_address))
03581         return conn;
03582       else if (CONN_IS_EDGE(conn) &&
03583                TO_EDGE_CONN(conn)->rend_data &&
03584                !rend_cmp_service_ids(rendquery,
03585                             TO_EDGE_CONN(conn)->rend_data->onion_address))
03586         return conn;
03587     }
03588   } SMARTLIST_FOREACH_END(conn);
03589   return NULL;
03590 }
03591 
03594 dir_connection_t *
03595 connection_dir_get_by_purpose_and_resource(int purpose,
03596                                            const char *resource)
03597 {
03598   smartlist_t *conns = get_connection_array();
03599 
03600   SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
03601     dir_connection_t *dirconn;
03602     if (conn->type != CONN_TYPE_DIR || conn->marked_for_close ||
03603         conn->purpose != purpose)
03604       continue;
03605     dirconn = TO_DIR_CONN(conn);
03606     if (dirconn->requested_resource == NULL) {
03607       if (resource == NULL)
03608         return dirconn;
03609     } else if (resource) {
03610       if (0 == strcmp(resource, dirconn->requested_resource))
03611         return dirconn;
03612     }
03613   } SMARTLIST_FOREACH_END(conn);
03614 
03615   return NULL;
03616 }
03617 
03620 connection_t *
03621 connection_get_by_type_purpose(int type, int purpose)
03622 {
03623   smartlist_t *conns = get_connection_array();
03624   SMARTLIST_FOREACH(conns, connection_t *, conn,
03625   {
03626     if (conn->type == type &&
03627         !conn->marked_for_close &&
03628         (purpose == conn->purpose))
03629       return conn;
03630   });
03631   return NULL;
03632 }
03633 
03635 int
03636 connection_is_listener(connection_t *conn)
03637 {
03638   if (conn->type == CONN_TYPE_OR_LISTENER ||
03639       conn->type == CONN_TYPE_AP_LISTENER ||
03640       conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
03641       conn->type == CONN_TYPE_AP_DNS_LISTENER ||
03642       conn->type == CONN_TYPE_AP_NATD_LISTENER ||
03643       conn->type == CONN_TYPE_DIR_LISTENER ||
03644       conn->type == CONN_TYPE_CONTROL_LISTENER)
03645     return 1;
03646   return 0;
03647 }
03648 
03652 int
03653 connection_state_is_open(connection_t *conn)
03654 {
03655   tor_assert(conn);
03656 
03657   if (conn->marked_for_close)
03658     return 0;
03659 
03660   if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
03661       (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
03662       (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
03663       (conn->type == CONN_TYPE_CONTROL &&
03664        conn->state == CONTROL_CONN_STATE_OPEN))
03665     return 1;
03666 
03667   return 0;
03668 }
03669 
03671 int
03672 connection_state_is_connecting(connection_t *conn)
03673 {
03674   tor_assert(conn);
03675 
03676   if (conn->marked_for_close)
03677     return 0;
03678   switch (conn->type)
03679     {
03680     case CONN_TYPE_OR:
03681       return conn->state == OR_CONN_STATE_CONNECTING;
03682     case CONN_TYPE_EXIT:
03683       return conn->state == EXIT_CONN_STATE_CONNECTING;
03684     case CONN_TYPE_DIR:
03685       return conn->state == DIR_CONN_STATE_CONNECTING;
03686     }
03687 
03688   return 0;
03689 }
03690 
03694 char *
03695 alloc_http_authenticator(const char *authenticator)
03696 {
03697   /* an authenticator in Basic authentication
03698    * is just the string "username:password" */
03699   const size_t authenticator_length = strlen(authenticator);
03700   /* The base64_encode function needs a minimum buffer length
03701    * of 66 bytes. */
03702   const size_t base64_authenticator_length = (authenticator_length/48+1)*66;
03703   char *base64_authenticator = tor_malloc(base64_authenticator_length);
03704   if (base64_encode(base64_authenticator, base64_authenticator_length,
03705                     authenticator, authenticator_length) < 0) {
03706     tor_free(base64_authenticator); /* free and set to null */
03707   } else {
03708     int i = 0, j = 0;
03709     ssize_t len = strlen(base64_authenticator);
03710 
03711     /* remove all newline occurrences within the string */
03712     for (i=0; i < len; ++i) {
03713       if ('\n' != base64_authenticator[i]) {
03714         base64_authenticator[j] = base64_authenticator[i];
03715         ++j;
03716       }
03717     }
03718     base64_authenticator[j]='\0';
03719   }
03720   return base64_authenticator;
03721 }
03722 
03728 static void
03729 client_check_address_changed(tor_socket_t sock)
03730 {
03731   struct sockaddr_storage out_sockaddr;
03732   socklen_t out_addr_len = (socklen_t) sizeof(out_sockaddr);
03733   tor_addr_t out_addr, iface_addr;
03734   tor_addr_t **last_interface_ip_ptr;
03735   sa_family_t family;
03736 
03737   if (!outgoing_addrs)
03738     outgoing_addrs = smartlist_new();
03739 
03740   if (getsockname(sock, (struct sockaddr*)&out_sockaddr, &out_addr_len)<0) {
03741     int e = tor_socket_errno(sock);
03742     log_warn(LD_NET, "getsockname() to check for address change failed: %s",
03743              tor_socket_strerror(e));
03744     return;
03745   }
03746   tor_addr_from_sockaddr(&out_addr, (struct sockaddr*)&out_sockaddr, NULL);
03747   family = tor_addr_family(&out_addr);
03748 
03749   if (family == AF_INET)
03750     last_interface_ip_ptr = &last_interface_ipv4;
03751   else if (family == AF_INET6)
03752     last_interface_ip_ptr = &last_interface_ipv6;
03753   else
03754     return;
03755 
03756   if (! *last_interface_ip_ptr) {
03757     tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
03758     if (get_interface_address6(LOG_INFO, family, a)==0) {
03759       *last_interface_ip_ptr = a;
03760     } else {
03761       tor_free(a);
03762     }
03763   }
03764 
03765   /* If we've used this address previously, we're okay. */
03766   SMARTLIST_FOREACH(outgoing_addrs, const tor_addr_t *, a_ptr,
03767                     if (tor_addr_eq(a_ptr, &out_addr))
03768                       return;
03769                     );
03770 
03771   /* Uh-oh.  We haven't connected from this address before. Has the interface
03772    * address changed? */
03773   if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
03774     return;
03775 
03776   if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
03777     /* Nope, it hasn't changed.  Add this address to the list. */
03778     smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
03779   } else {
03780     /* The interface changed.  We're a client, so we need to regenerate our
03781      * keys.  First, reset the state. */
03782     log(LOG_NOTICE, LD_NET, "Our IP address has changed.  Rotating keys...");
03783     tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
03784     SMARTLIST_FOREACH(outgoing_addrs, tor_addr_t*, a_ptr, tor_free(a_ptr));
03785     smartlist_clear(outgoing_addrs);
03786     smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
03787     /* Okay, now change our keys. */
03788     ip_address_changed(1);
03789   }
03790 }
03791 
03799 static void
03800 set_constrained_socket_buffers(tor_socket_t sock, int size)
03801 {
03802   void *sz = (void*)&size;
03803   socklen_t sz_sz = (socklen_t) sizeof(size);
03804   if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
03805     int e = tor_socket_errno(sock);
03806     log_warn(LD_NET, "setsockopt() to constrain send "
03807              "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
03808   }
03809   if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
03810     int e = tor_socket_errno(sock);
03811     log_warn(LD_NET, "setsockopt() to constrain recv "
03812              "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
03813   }
03814 }
03815 
03822 static int
03823 connection_process_inbuf(connection_t *conn, int package_partial)
03824 {
03825   tor_assert(conn);
03826 
03827   switch (conn->type) {
03828     case CONN_TYPE_OR:
03829       return connection_or_process_inbuf(TO_OR_CONN(conn));
03830     case CONN_TYPE_EXIT:
03831     case CONN_TYPE_AP:
03832       return connection_edge_process_inbuf(TO_EDGE_CONN(conn),
03833                                            package_partial);
03834     case CONN_TYPE_DIR:
03835       return connection_dir_process_inbuf(TO_DIR_CONN(conn));
03836     case CONN_TYPE_CPUWORKER:
03837       return connection_cpu_process_inbuf(conn);
03838     case CONN_TYPE_CONTROL:
03839       return connection_control_process_inbuf(TO_CONTROL_CONN(conn));
03840     default:
03841       log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
03842       tor_fragile_assert();
03843       return -1;
03844   }
03845 }
03846 
03848 static int
03849 connection_flushed_some(connection_t *conn)
03850 {
03851   int r = 0;
03852   tor_assert(!conn->in_flushed_some);
03853   conn->in_flushed_some = 1;
03854   if (conn->type == CONN_TYPE_DIR &&
03855       conn->state == DIR_CONN_STATE_SERVER_WRITING) {
03856     r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
03857   } else if (conn->type == CONN_TYPE_OR) {
03858     r = connection_or_flushed_some(TO_OR_CONN(conn));
03859   } else if (CONN_IS_EDGE(conn)) {
03860     r = connection_edge_flushed_some(TO_EDGE_CONN(conn));
03861   }
03862   conn->in_flushed_some = 0;
03863   return r;
03864 }
03865 
03872 static int
03873 connection_finished_flushing(connection_t *conn)
03874 {
03875   tor_assert(conn);
03876 
03877   /* If the connection is closed, don't try to do anything more here. */
03878   if (CONN_IS_CLOSED(conn))
03879     return 0;
03880 
03881 //  log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
03882 
03883   IF_HAS_NO_BUFFEREVENT(conn)
03884     connection_stop_writing(conn);
03885 
03886   switch (conn->type) {
03887     case CONN_TYPE_OR:
03888       return connection_or_finished_flushing(TO_OR_CONN(conn));
03889     case CONN_TYPE_AP:
03890     case CONN_TYPE_EXIT:
03891       return connection_edge_finished_flushing(TO_EDGE_CONN(conn));
03892     case CONN_TYPE_DIR:
03893       return connection_dir_finished_flushing(TO_DIR_CONN(conn));
03894     case CONN_TYPE_CPUWORKER:
03895       return connection_cpu_finished_flushing(conn);
03896     case CONN_TYPE_CONTROL:
03897       return connection_control_finished_flushing(TO_CONTROL_CONN(conn));
03898     default:
03899       log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
03900       tor_fragile_assert();
03901       return -1;
03902   }
03903 }
03904 
03911 static int
03912 connection_finished_connecting(connection_t *conn)
03913 {
03914   tor_assert(conn);
03915 
03916   if (!server_mode(get_options())) {
03917     /* See whether getsockname() says our address changed.  We need to do this
03918      * now that the connection has finished, because getsockname() on Windows
03919      * won't work until then. */
03920     client_check_address_changed(conn->s);
03921   }
03922 
03923   switch (conn->type)
03924     {
03925     case CONN_TYPE_OR:
03926       return connection_or_finished_connecting(TO_OR_CONN(conn));
03927     case CONN_TYPE_EXIT:
03928       return connection_edge_finished_connecting(TO_EDGE_CONN(conn));
03929     case CONN_TYPE_DIR:
03930       return connection_dir_finished_connecting(TO_DIR_CONN(conn));
03931     default:
03932       log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
03933       tor_fragile_assert();
03934       return -1;
03935   }
03936 }
03937 
03939 static int
03940 connection_reached_eof(connection_t *conn)
03941 {
03942   switch (conn->type) {
03943     case CONN_TYPE_OR:
03944       return connection_or_reached_eof(TO_OR_CONN(conn));
03945     case CONN_TYPE_AP:
03946     case CONN_TYPE_EXIT:
03947       return connection_edge_reached_eof(TO_EDGE_CONN(conn));
03948     case CONN_TYPE_DIR:
03949       return connection_dir_reached_eof(TO_DIR_CONN(conn));
03950     case CONN_TYPE_CPUWORKER:
03951       return connection_cpu_reached_eof(conn);
03952     case CONN_TYPE_CONTROL:
03953       return connection_control_reached_eof(TO_CONTROL_CONN(conn));
03954     default:
03955       log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
03956       tor_fragile_assert();
03957       return -1;
03958   }
03959 }
03960 
03962 void
03963 connection_dump_buffer_mem_stats(int severity)
03964 {
03965   uint64_t used_by_type[_CONN_TYPE_MAX+1];
03966   uint64_t alloc_by_type[_CONN_TYPE_MAX+1];
03967   int n_conns_by_type[_CONN_TYPE_MAX+1];
03968   uint64_t total_alloc = 0;
03969   uint64_t total_used = 0;
03970   int i;
03971   smartlist_t *conns = get_connection_array();
03972 
03973   memset(used_by_type, 0, sizeof(used_by_type));
03974   memset(alloc_by_type, 0, sizeof(alloc_by_type));
03975   memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
03976 
03977   SMARTLIST_FOREACH(conns, connection_t *, c,
03978   {
03979     int tp = c->type;
03980     ++n_conns_by_type[tp];
03981     if (c->inbuf) {
03982       used_by_type[tp] += buf_datalen(c->inbuf);
03983       alloc_by_type[tp] += buf_allocation(c->inbuf);
03984     }
03985     if (c->outbuf) {
03986       used_by_type[tp] += buf_datalen(c->outbuf);
03987       alloc_by_type[tp] += buf_allocation(c->outbuf);
03988     }
03989   });
03990   for (i=0; i <= _CONN_TYPE_MAX; ++i) {
03991     total_used += used_by_type[i];
03992     total_alloc += alloc_by_type[i];
03993   }
03994 
03995   log(severity, LD_GENERAL,
03996      "In buffers for %d connections: "U64_FORMAT" used/"U64_FORMAT" allocated",
03997       smartlist_len(conns),
03998       U64_PRINTF_ARG(total_used), U64_PRINTF_ARG(total_alloc));
03999   for (i=_CONN_TYPE_MIN; i <= _CONN_TYPE_MAX; ++i) {
04000     if (!n_conns_by_type[i])
04001       continue;
04002     log(severity, LD_GENERAL,
04003         "  For %d %s connections: "U64_FORMAT" used/"U64_FORMAT" allocated",
04004         n_conns_by_type[i], conn_type_to_string(i),
04005         U64_PRINTF_ARG(used_by_type[i]), U64_PRINTF_ARG(alloc_by_type[i]));
04006   }
04007 }
04008 
04012 void
04013 assert_connection_ok(connection_t *conn, time_t now)
04014 {
04015   (void) now; /* XXXX unused. */
04016   tor_assert(conn);
04017   tor_assert(conn->type >= _CONN_TYPE_MIN);
04018   tor_assert(conn->type <= _CONN_TYPE_MAX);
04019 
04020 #ifdef USE_BUFFEREVENTS
04021   if (conn->bufev) {
04022     tor_assert(conn->read_event == NULL);
04023     tor_assert(conn->write_event == NULL);
04024     tor_assert(conn->inbuf == NULL);
04025     tor_assert(conn->outbuf == NULL);
04026   }
04027 #endif
04028 
04029   switch (conn->type) {
04030     case CONN_TYPE_OR:
04031       tor_assert(conn->magic == OR_CONNECTION_MAGIC);
04032       break;
04033     case CONN_TYPE_AP:
04034       tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
04035       break;
04036     case CONN_TYPE_EXIT:
04037       tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
04038       break;
04039     case CONN_TYPE_DIR:
04040       tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
04041       break;
04042     case CONN_TYPE_CONTROL:
04043       tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
04044       break;
04045     CASE_ANY_LISTENER_TYPE:
04046       tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
04047       break;
04048     default:
04049       tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
04050       break;
04051   }
04052 
04053   if (conn->linked_conn) {
04054     tor_assert(conn->linked_conn->linked_conn == conn);
04055     tor_assert(conn->linked);
04056   }
04057   if (conn->linked)
04058     tor_assert(!SOCKET_OK(conn->s));
04059 
04060   if (conn->outbuf_flushlen > 0) {
04061     /* With optimistic data, we may have queued data in
04062      * EXIT_CONN_STATE_RESOLVING while the conn is not yet marked to writing.
04063      * */
04064     tor_assert((conn->type == CONN_TYPE_EXIT &&
04065                 conn->state == EXIT_CONN_STATE_RESOLVING) ||
04066                connection_is_writing(conn) ||
04067                conn->write_blocked_on_bw ||
04068                (CONN_IS_EDGE(conn) &&
04069                 TO_EDGE_CONN(conn)->edge_blocked_on_circ));
04070   }
04071 
04072   if (conn->hold_open_until_flushed)
04073     tor_assert(conn->marked_for_close);
04074 
04075   /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
04076    * marked_for_close. */
04077 
04078   /* buffers */
04079   if (conn->inbuf)
04080     assert_buf_ok(conn->inbuf);
04081   if (conn->outbuf)
04082     assert_buf_ok(conn->outbuf);
04083 
04084   if (conn->type == CONN_TYPE_OR) {
04085     or_connection_t *or_conn = TO_OR_CONN(conn);
04086     if (conn->state == OR_CONN_STATE_OPEN) {
04087       /* tor_assert(conn->bandwidth > 0); */
04088       /* the above isn't necessarily true: if we just did a TLS
04089        * handshake but we didn't recognize the other peer, or it
04090        * gave a bad cert/etc, then we won't have assigned bandwidth,
04091        * yet it will be open. -RD
04092        */
04093 //      tor_assert(conn->read_bucket >= 0);
04094     }
04095 //    tor_assert(conn->addr && conn->port);
04096     tor_assert(conn->address);
04097     if (conn->state > OR_CONN_STATE_PROXY_HANDSHAKING)
04098       tor_assert(or_conn->tls);
04099   }
04100 
04101   if (CONN_IS_EDGE(conn)) {
04102     /* XXX unchecked: package window, deliver window. */
04103     if (conn->type == CONN_TYPE_AP) {
04104       entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
04105       if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
04106         tor_assert(entry_conn->chosen_exit_name);
04107 
04108       tor_assert(entry_conn->socks_request);
04109       if (conn->state == AP_CONN_STATE_OPEN) {
04110         tor_assert(entry_conn->socks_request->has_finished);
04111         if (!conn->marked_for_close) {
04112           tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
04113           assert_cpath_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
04114         }
04115       }
04116     }
04117     if (conn->type == CONN_TYPE_EXIT) {
04118       tor_assert(conn->purpose == EXIT_PURPOSE_CONNECT ||
04119                  conn->purpose == EXIT_PURPOSE_RESOLVE);
04120     }
04121   } else if (conn->type == CONN_TYPE_DIR) {
04122   } else {
04123     /* Purpose is only used for dir and exit types currently */
04124     tor_assert(!conn->purpose);
04125   }
04126 
04127   switch (conn->type)
04128     {
04129     CASE_ANY_LISTENER_TYPE:
04130       tor_assert(conn->state == LISTENER_STATE_READY);
04131       break;
04132     case CONN_TYPE_OR:
04133       tor_assert(conn->state >= _OR_CONN_STATE_MIN);
04134       tor_assert(conn->state <= _OR_CONN_STATE_MAX);
04135       tor_assert(TO_OR_CONN(conn)->n_circuits >= 0);
04136       break;
04137     case CONN_TYPE_EXIT:
04138       tor_assert(conn->state >= _EXIT_CONN_STATE_MIN);
04139       tor_assert(conn->state <= _EXIT_CONN_STATE_MAX);
04140       tor_assert(conn->purpose >= _EXIT_PURPOSE_MIN);
04141       tor_assert(conn->purpose <= _EXIT_PURPOSE_MAX);
04142       break;
04143     case CONN_TYPE_AP:
04144       tor_assert(conn->state >= _AP_CONN_STATE_MIN);
04145       tor_assert(conn->state <= _AP_CONN_STATE_MAX);
04146       tor_assert(TO_ENTRY_CONN(conn)->socks_request);
04147       break;
04148     case CONN_TYPE_DIR:
04149       tor_assert(conn->state >= _DIR_CONN_STATE_MIN);
04150       tor_assert(conn->state <= _DIR_CONN_STATE_MAX);
04151       tor_assert(conn->purpose >= _DIR_PURPOSE_MIN);
04152       tor_assert(conn->purpose <= _DIR_PURPOSE_MAX);
04153       break;
04154     case CONN_TYPE_CPUWORKER:
04155       tor_assert(conn->state >= _CPUWORKER_STATE_MIN);
04156       tor_assert(conn->state <= _CPUWORKER_STATE_MAX);
04157       break;
04158     case CONN_TYPE_CONTROL:
04159       tor_assert(conn->state >= _CONTROL_CONN_STATE_MIN);
04160       tor_assert(conn->state <= _CONTROL_CONN_STATE_MAX);
04161       break;
04162     default:
04163       tor_assert(0);
04164   }
04165 }
04166 
04173 int
04174 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
04175                    const connection_t *conn)
04176 {
04177   const or_options_t *options = get_options();
04178 
04179   if (options->HTTPSProxy) {
04180     tor_addr_copy(addr, &options->HTTPSProxyAddr);
04181     *port = options->HTTPSProxyPort;
04182     *proxy_type = PROXY_CONNECT;
04183     return 0;
04184   } else if (options->Socks4Proxy) {
04185     tor_addr_copy(addr, &options->Socks4ProxyAddr);
04186     *port = options->Socks4ProxyPort;
04187     *proxy_type = PROXY_SOCKS4;
04188     return 0;
04189   } else if (options->Socks5Proxy) {
04190     tor_addr_copy(addr, &options->Socks5ProxyAddr);
04191     *port = options->Socks5ProxyPort;
04192     *proxy_type = PROXY_SOCKS5;
04193     return 0;
04194   } else if (options->ClientTransportPlugin ||
04195              options->Bridges) {
04196     const transport_t *transport = NULL;
04197     int r;
04198     r = find_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
04199     if (r<0)
04200       return -1;
04201     if (transport) { /* transport found */
04202       tor_addr_copy(addr, &transport->addr);
04203       *port = transport->port;
04204       *proxy_type = transport->socks_version;
04205       return 0;
04206     }
04207   }
04208 
04209   *proxy_type = PROXY_NONE;
04210   return 0;
04211 }
04212 
04214 static int
04215 get_proxy_type(void)
04216 {
04217   const or_options_t *options = get_options();
04218 
04219   if (options->HTTPSProxy)
04220     return PROXY_CONNECT;
04221   else if (options->Socks4Proxy)
04222     return PROXY_SOCKS4;
04223   else if (options->Socks5Proxy)
04224     return PROXY_SOCKS5;
04225   else if (options->ClientTransportPlugin)
04226     return PROXY_PLUGGABLE;
04227   else
04228     return PROXY_NONE;
04229 }
04230 
04233 void
04234 log_failed_proxy_connection(connection_t *conn)
04235 {
04236   tor_addr_t proxy_addr;
04237   uint16_t proxy_port;
04238   int proxy_type;
04239 
04240   if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, conn) != 0)
04241     return; /* if we have no proxy set up, leave this function. */
04242 
04243   log_warn(LD_NET,
04244            "The connection to the %s proxy server at %s:%u just failed. "
04245            "Make sure that the proxy server is up and running.",
04246            proxy_type_to_string(get_proxy_type()), fmt_addr(&proxy_addr),
04247            proxy_port);
04248 }
04249 
04251 static const char *
04252 proxy_type_to_string(int proxy_type)
04253 {
04254   switch (proxy_type) {
04255   case PROXY_CONNECT:   return "HTTP";
04256   case PROXY_SOCKS4:    return "SOCKS4";
04257   case PROXY_SOCKS5:    return "SOCKS5";
04258   case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
04259   case PROXY_NONE:      return "NULL";
04260   default:              tor_assert(0);
04261   }
04262   return NULL; /*Unreached*/
04263 }
04264 
04273 void
04274 connection_free_all(void)
04275 {
04276   smartlist_t *conns = get_connection_array();
04277 
04278   /* We don't want to log any messages to controllers. */
04279   SMARTLIST_FOREACH(conns, connection_t *, conn,
04280     if (conn->type == CONN_TYPE_CONTROL)
04281       TO_CONTROL_CONN(conn)->event_mask = 0);
04282 
04283   control_update_global_event_mask();
04284 
04285   /* Unlink everything from the identity map. */
04286   connection_or_clear_identity_map();
04287 
04288   /* Clear out our list of broken connections */
04289   clear_broken_connection_map(0);
04290 
04291   SMARTLIST_FOREACH(conns, connection_t *, conn, _connection_free(conn));
04292 
04293   if (outgoing_addrs) {
04294     SMARTLIST_FOREACH(outgoing_addrs, tor_addr_t *, addr, tor_free(addr));
04295     smartlist_free(outgoing_addrs);
04296     outgoing_addrs = NULL;
04297   }
04298 
04299 #ifdef USE_BUFFEREVENTS
04300   if (global_rate_limit)
04301     bufferevent_rate_limit_group_free(global_rate_limit);
04302 #endif
04303 }
04304