Back to index

tor  0.2.3.19-rc
or.h
Go to the documentation of this file.
00001 /* Copyright (c) 2001 Matej Pfajfar.
00002  * Copyright (c) 2001-2004, Roger Dingledine.
00003  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
00004  * Copyright (c) 2007-2012, The Tor Project, Inc. */
00005 /* See LICENSE for licensing information */
00006 
00012 #ifndef _TOR_OR_H
00013 #define _TOR_OR_H
00014 
00015 #include "orconfig.h"
00016 
00017 #ifdef __COVERITY__
00018 /* If we're building for a static analysis, turn on all the off-by-default
00019  * features. */
00020 #ifndef INSTRUMENT_DOWNLOADS
00021 #define INSTRUMENT_DOWNLOADS 1
00022 #endif
00023 #endif
00024 
00025 #ifdef _WIN32
00026 #ifndef _WIN32_WINNT
00027 #define _WIN32_WINNT 0x0501
00028 #endif
00029 #define WIN32_LEAN_AND_MEAN
00030 #endif
00031 
00032 #ifdef HAVE_UNISTD_H
00033 #include <unistd.h>
00034 #endif
00035 #ifdef HAVE_SIGNAL_H
00036 #include <signal.h>
00037 #endif
00038 #ifdef HAVE_NETDB_H
00039 #include <netdb.h>
00040 #endif
00041 #ifdef HAVE_SYS_PARAM_H
00042 #include <sys/param.h> /* FreeBSD needs this to know what version it is */
00043 #endif
00044 #include "torint.h"
00045 #ifdef HAVE_SYS_WAIT_H
00046 #include <sys/wait.h>
00047 #endif
00048 #ifdef HAVE_SYS_FCNTL_H
00049 #include <sys/fcntl.h>
00050 #endif
00051 #ifdef HAVE_FCNTL_H
00052 #include <fcntl.h>
00053 #endif
00054 #ifdef HAVE_SYS_IOCTL_H
00055 #include <sys/ioctl.h>
00056 #endif
00057 #ifdef HAVE_SYS_UN_H
00058 #include <sys/un.h>
00059 #endif
00060 #ifdef HAVE_SYS_STAT_H
00061 #include <sys/stat.h>
00062 #endif
00063 #ifdef HAVE_NETINET_IN_H
00064 #include <netinet/in.h>
00065 #endif
00066 #ifdef HAVE_ARPA_INET_H
00067 #include <arpa/inet.h>
00068 #endif
00069 #ifdef HAVE_ERRNO_H
00070 #include <errno.h>
00071 #endif
00072 #ifdef HAVE_ASSERT_H
00073 #include <assert.h>
00074 #endif
00075 #ifdef HAVE_TIME_H
00076 #include <time.h>
00077 #endif
00078 
00079 #ifdef _WIN32
00080 #include <io.h>
00081 #include <process.h>
00082 #include <direct.h>
00083 #include <windows.h>
00084 #define snprintf _snprintf
00085 #endif
00086 
00087 #ifdef USE_BUFFEREVENTS
00088 #include <event2/bufferevent.h>
00089 #include <event2/buffer.h>
00090 #include <event2/util.h>
00091 #endif
00092 
00093 #include "crypto.h"
00094 #include "tortls.h"
00095 #include "../common/torlog.h"
00096 #include "container.h"
00097 #include "torgzip.h"
00098 #include "address.h"
00099 #include "compat_libevent.h"
00100 #include "ht.h"
00101 
00102 /* These signals are defined to help handle_control_signal work.
00103  */
00104 #ifndef SIGHUP
00105 #define SIGHUP 1
00106 #endif
00107 #ifndef SIGINT
00108 #define SIGINT 2
00109 #endif
00110 #ifndef SIGUSR1
00111 #define SIGUSR1 10
00112 #endif
00113 #ifndef SIGUSR2
00114 #define SIGUSR2 12
00115 #endif
00116 #ifndef SIGTERM
00117 #define SIGTERM 15
00118 #endif
00119 /* Controller signals start at a high number so we don't
00120  * conflict with system-defined signals. */
00121 #define SIGNEWNYM 129
00122 #define SIGCLEARDNSCACHE 130
00123 
00124 #if (SIZEOF_CELL_T != 0)
00125 /* On Irix, stdlib.h defines a cell_t type, so we need to make sure
00126  * that our stuff always calls cell_t something different. */
00127 #define cell_t tor_cell_t
00128 #endif
00129 
00130 #ifdef ENABLE_TOR2WEB_MODE
00131 #define NON_ANONYMOUS_MODE_ENABLED 1
00132 #endif
00133 
00135 #define MAX_NICKNAME_LEN 19
00136 
00138 #define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
00139 
00141 #define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)
00142 
00144 #define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */
00145 
00146 #define MAX_DIR_DL_SIZE MAX_BUF_SIZE
00147 
00150 #define MAX_HEADERS_SIZE 50000
00151 
00153 #define MAX_DIR_UL_SIZE MAX_BUF_SIZE
00154 
00158 #define MAX_DESCRIPTOR_UPLOAD_SIZE 20000
00159 
00161 #define MAX_EXTRAINFO_UPLOAD_SIZE 50000
00162 
00165 #define MAX_DNS_ENTRY_AGE (30*60)
00166 
00168 #define DEFAULT_DNS_TTL (30*60)
00169 
00170 #define MAX_DNS_TTL (3*60*60)
00171 
00173 #define MIN_DNS_TTL 60
00174 
00176 #define MIN_ONION_KEY_LIFETIME (7*24*60*60)
00177 
00178 #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
00179 
00180 #define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60)
00181 
00184 #define ROUTER_MAX_AGE (60*60*48)
00185 
00187 #define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)
00188 
00189 #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
00190 
00192 typedef enum {
00193   CIRC_ID_TYPE_LOWER=0, 
00194   CIRC_ID_TYPE_HIGHER=1, 
00197   CIRC_ID_TYPE_NEITHER=2
00198 } circ_id_type_t;
00199 
00200 #define _CONN_TYPE_MIN 3
00201 
00202 #define CONN_TYPE_OR_LISTENER 3
00203 
00205 #define CONN_TYPE_OR 4
00206 
00207 #define CONN_TYPE_EXIT 5
00208 
00209 #define CONN_TYPE_AP_LISTENER 6
00210 
00212 #define CONN_TYPE_AP 7
00213 
00214 #define CONN_TYPE_DIR_LISTENER 8
00215 
00216 #define CONN_TYPE_DIR 9
00217 
00218 #define CONN_TYPE_CPUWORKER 10
00219 
00220 #define CONN_TYPE_CONTROL_LISTENER 11
00221 
00222 #define CONN_TYPE_CONTROL 12
00223 
00225 #define CONN_TYPE_AP_TRANS_LISTENER 13
00226 
00228 #define CONN_TYPE_AP_NATD_LISTENER 14
00229 
00230 #define CONN_TYPE_AP_DNS_LISTENER 15
00231 #define _CONN_TYPE_MAX 15
00232 /* !!!! If _CONN_TYPE_MAX is ever over 15, we must grow the type field in
00233  * connection_t. */
00234 
00235 /* Proxy client types */
00236 #define PROXY_NONE 0
00237 #define PROXY_CONNECT 1
00238 #define PROXY_SOCKS4 2
00239 #define PROXY_SOCKS5 3
00240 /* !!!! If there is ever a PROXY_* type over 2, we must grow the proxy_type
00241  * field in or_connection_t */
00242 /* pluggable transports proxy type */
00243 #define PROXY_PLUGGABLE 4
00244 
00245 /* Proxy client handshake states */
00246 /* We use a proxy but we haven't even connected to it yet. */
00247 #define PROXY_INFANT 1
00248 /* We use an HTTP proxy and we've sent the CONNECT command. */
00249 #define PROXY_HTTPS_WANT_CONNECT_OK 2
00250 /* We use a SOCKS4 proxy and we've sent the CONNECT command. */
00251 #define PROXY_SOCKS4_WANT_CONNECT_OK 3
00252 /* We use a SOCKS5 proxy and we try to negotiate without
00253    any authentication . */
00254 #define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4
00255 /* We use a SOCKS5 proxy and we try to negotiate with
00256    Username/Password authentication . */
00257 #define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5
00258 /* We use a SOCKS5 proxy and we just sent our credentials. */
00259 #define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6
00260 /* We use a SOCKS5 proxy and we just sent our CONNECT command. */
00261 #define PROXY_SOCKS5_WANT_CONNECT_OK 7
00262 /* We use a proxy and we CONNECTed successfully!. */
00263 #define PROXY_CONNECTED 8
00264 
00266 #define CONN_IS_EDGE(x) \
00267   ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)
00268 
00270 #define LISTENER_STATE_READY 0
00271 
00272 #define _CPUWORKER_STATE_MIN 1
00273 
00274 #define CPUWORKER_STATE_IDLE 1
00275 
00277 #define CPUWORKER_STATE_BUSY_ONION 2
00278 #define _CPUWORKER_STATE_MAX 2
00279 
00280 #define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
00281 
00282 #define _OR_CONN_STATE_MIN 1
00283 
00284 #define OR_CONN_STATE_CONNECTING 1
00285 
00286 #define OR_CONN_STATE_PROXY_HANDSHAKING 2
00287 
00289 #define OR_CONN_STATE_TLS_HANDSHAKING 3
00290 
00292 #define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4
00293 
00296 #define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5
00297 
00300 #define OR_CONN_STATE_OR_HANDSHAKING_V2 6
00301 
00304 #define OR_CONN_STATE_OR_HANDSHAKING_V3 7
00305 
00306 #define OR_CONN_STATE_OPEN 8
00307 #define _OR_CONN_STATE_MAX 8
00308 
00309 #define _EXIT_CONN_STATE_MIN 1
00310 
00311 #define EXIT_CONN_STATE_RESOLVING 1
00312 
00313 #define EXIT_CONN_STATE_CONNECTING 2
00314 
00315 #define EXIT_CONN_STATE_OPEN 3
00316 
00317 #define EXIT_CONN_STATE_RESOLVEFAILED 4
00318 #define _EXIT_CONN_STATE_MAX 4
00319 
00320 /* The AP state values must be disjoint from the EXIT state values. */
00321 #define _AP_CONN_STATE_MIN 5
00322 
00323 #define AP_CONN_STATE_SOCKS_WAIT 5
00324 
00326 #define AP_CONN_STATE_RENDDESC_WAIT 6
00327 
00329 #define AP_CONN_STATE_CONTROLLER_WAIT 7
00330 
00331 #define AP_CONN_STATE_CIRCUIT_WAIT 8
00332 
00333 #define AP_CONN_STATE_CONNECT_WAIT 9
00334 
00335 #define AP_CONN_STATE_RESOLVE_WAIT 10
00336 
00337 #define AP_CONN_STATE_OPEN 11
00338 
00340 #define AP_CONN_STATE_NATD_WAIT 12
00341 #define _AP_CONN_STATE_MAX 12
00342 
00345 #define AP_CONN_STATE_IS_UNATTACHED(s) \
00346   ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
00347 
00348 #define _DIR_CONN_STATE_MIN 1
00349 
00350 #define DIR_CONN_STATE_CONNECTING 1
00351 
00352 #define DIR_CONN_STATE_CLIENT_SENDING 2
00353 
00354 #define DIR_CONN_STATE_CLIENT_READING 3
00355 
00356 #define DIR_CONN_STATE_CLIENT_FINISHED 4
00357 
00358 #define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5
00359 
00360 #define DIR_CONN_STATE_SERVER_WRITING 6
00361 #define _DIR_CONN_STATE_MAX 6
00362 
00365 #define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)
00366 
00367 #define _CONTROL_CONN_STATE_MIN 1
00368 
00369 #define CONTROL_CONN_STATE_OPEN 1
00370 
00372 #define CONTROL_CONN_STATE_NEEDAUTH 2
00373 #define _CONTROL_CONN_STATE_MAX 2
00374 
00375 #define _DIR_PURPOSE_MIN 3
00376 
00378 #define DIR_PURPOSE_FETCH_RENDDESC 3
00379 
00381 #define DIR_PURPOSE_HAS_FETCHED_RENDDESC 4
00382 
00384 #define DIR_PURPOSE_FETCH_V2_NETWORKSTATUS 5
00385 
00387 #define DIR_PURPOSE_FETCH_SERVERDESC 6
00388 
00390 #define DIR_PURPOSE_FETCH_EXTRAINFO 7
00391 
00392 #define DIR_PURPOSE_UPLOAD_DIR 8
00393 
00395 #define DIR_PURPOSE_UPLOAD_RENDDESC 9
00396 
00397 #define DIR_PURPOSE_UPLOAD_VOTE 10
00398 
00399 #define DIR_PURPOSE_UPLOAD_SIGNATURES 11
00400 
00402 #define DIR_PURPOSE_FETCH_STATUS_VOTE 12
00403 
00405 #define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13
00406 
00408 #define DIR_PURPOSE_FETCH_CONSENSUS 14
00409 
00411 #define DIR_PURPOSE_FETCH_CERTIFICATE 15
00412 
00414 #define DIR_PURPOSE_SERVER 16
00415 
00417 #define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17
00418 
00420 #define DIR_PURPOSE_FETCH_RENDDESC_V2 18
00421 
00422 #define DIR_PURPOSE_FETCH_MICRODESC 19
00423 #define _DIR_PURPOSE_MAX 19
00424 
00427 #define DIR_PURPOSE_IS_UPLOAD(p)                \
00428   ((p)==DIR_PURPOSE_UPLOAD_DIR ||               \
00429    (p)==DIR_PURPOSE_UPLOAD_RENDDESC ||          \
00430    (p)==DIR_PURPOSE_UPLOAD_VOTE ||              \
00431    (p)==DIR_PURPOSE_UPLOAD_SIGNATURES)
00432 
00433 #define _EXIT_PURPOSE_MIN 1
00434 
00435 #define EXIT_PURPOSE_CONNECT 1
00436 
00437 #define EXIT_PURPOSE_RESOLVE 2
00438 #define _EXIT_PURPOSE_MAX 2
00439 
00440 /* !!!! If any connection purpose is ever over 31, we must grow the type
00441  * field in connection_t. */
00442 
00444 #define CIRCUIT_STATE_BUILDING 0
00445 
00446 #define CIRCUIT_STATE_ONIONSKIN_PENDING 1
00447 
00449 #define CIRCUIT_STATE_OR_WAIT 2
00450 
00451 #define CIRCUIT_STATE_OPEN 3
00452 
00453 #define _CIRCUIT_PURPOSE_MIN 1
00454 
00455 /* these circuits were initiated elsewhere */
00456 #define _CIRCUIT_PURPOSE_OR_MIN 1
00457 
00458 #define CIRCUIT_PURPOSE_OR 1
00459 
00460 #define CIRCUIT_PURPOSE_INTRO_POINT 2
00461 
00462 #define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
00463 
00464 #define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
00465 #define _CIRCUIT_PURPOSE_OR_MAX 4
00466 
00467 /* these circuits originate at this node */
00468 
00469 /* here's how circ client-side purposes work:
00470  *   normal circuits are C_GENERAL.
00471  *   circuits that are c_introducing are either on their way to
00472  *     becoming open, or they are open and waiting for a
00473  *     suitable rendcirc before they send the intro.
00474  *   circuits that are c_introduce_ack_wait have sent the intro,
00475  *     but haven't gotten a response yet.
00476  *   circuits that are c_establish_rend are either on their way
00477  *     to becoming open, or they are open and have sent the
00478  *     establish_rendezvous cell but haven't received an ack.
00479  *   circuits that are c_rend_ready are open and have received a
00480  *     rend ack, but haven't heard from bob yet. if they have a
00481  *     buildstate->pending_final_cpath then they're expecting a
00482  *     cell from bob, else they're not.
00483  *   circuits that are c_rend_ready_intro_acked are open, and
00484  *     some intro circ has sent its intro and received an ack.
00485  *   circuits that are c_rend_joined are open, have heard from
00486  *     bob, and are talking to him.
00487  */
00489 #define CIRCUIT_PURPOSE_C_GENERAL 5
00490 
00491 #define CIRCUIT_PURPOSE_C_INTRODUCING 6
00492 
00494 #define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
00495 
00496 #define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
00497 
00498 #define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
00499 
00500 #define CIRCUIT_PURPOSE_C_REND_READY 10
00501 
00503 #define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
00504 
00505 #define CIRCUIT_PURPOSE_C_REND_JOINED 12
00506 
00507 #define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 13
00508 #define _CIRCUIT_PURPOSE_C_MAX 13
00509 
00510 #define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 14
00511 
00513 #define CIRCUIT_PURPOSE_S_INTRO 15
00514 
00515 #define CIRCUIT_PURPOSE_S_CONNECT_REND 16
00516 
00517 #define CIRCUIT_PURPOSE_S_REND_JOINED 17
00518 
00519 #define CIRCUIT_PURPOSE_TESTING 18
00520 
00521 #define CIRCUIT_PURPOSE_CONTROLLER 19
00522 #define _CIRCUIT_PURPOSE_MAX 19
00523 
00525 #define CIRCUIT_PURPOSE_UNKNOWN 255
00526 
00529 #define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>_CIRCUIT_PURPOSE_OR_MAX)
00530 
00532 #define CIRCUIT_PURPOSE_IS_CLIENT(p)  \
00533   ((p)> _CIRCUIT_PURPOSE_OR_MAX &&    \
00534    (p)<=_CIRCUIT_PURPOSE_C_MAX)
00535 
00536 #define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
00537 
00539 #define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
00540   ((p) == CIRCUIT_PURPOSE_C_REND_JOINED ||     \
00541    (p) == CIRCUIT_PURPOSE_S_REND_JOINED)
00542 
00545 #define MIN_CIRCUITS_HANDLING_STREAM 2
00546 
00547 /* These RELAY_COMMAND constants define values for relay cell commands, and
00548 * must match those defined in tor-spec.txt. */
00549 #define RELAY_COMMAND_BEGIN 1
00550 #define RELAY_COMMAND_DATA 2
00551 #define RELAY_COMMAND_END 3
00552 #define RELAY_COMMAND_CONNECTED 4
00553 #define RELAY_COMMAND_SENDME 5
00554 #define RELAY_COMMAND_EXTEND 6
00555 #define RELAY_COMMAND_EXTENDED 7
00556 #define RELAY_COMMAND_TRUNCATE 8
00557 #define RELAY_COMMAND_TRUNCATED 9
00558 #define RELAY_COMMAND_DROP 10
00559 #define RELAY_COMMAND_RESOLVE 11
00560 #define RELAY_COMMAND_RESOLVED 12
00561 #define RELAY_COMMAND_BEGIN_DIR 13
00562 
00563 #define RELAY_COMMAND_ESTABLISH_INTRO 32
00564 #define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
00565 #define RELAY_COMMAND_INTRODUCE1 34
00566 #define RELAY_COMMAND_INTRODUCE2 35
00567 #define RELAY_COMMAND_RENDEZVOUS1 36
00568 #define RELAY_COMMAND_RENDEZVOUS2 37
00569 #define RELAY_COMMAND_INTRO_ESTABLISHED 38
00570 #define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
00571 #define RELAY_COMMAND_INTRODUCE_ACK 40
00572 
00573 /* Reasons why an OR connection is closed. */
00574 #define END_OR_CONN_REASON_DONE           1
00575 #define END_OR_CONN_REASON_REFUSED        2 /* connection refused */
00576 #define END_OR_CONN_REASON_OR_IDENTITY    3
00577 #define END_OR_CONN_REASON_CONNRESET      4 /* connection reset by peer */
00578 #define END_OR_CONN_REASON_TIMEOUT        5
00579 #define END_OR_CONN_REASON_NO_ROUTE       6 /* no route to host/net */
00580 #define END_OR_CONN_REASON_IO_ERROR       7 /* read/write error */
00581 #define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
00582 #define END_OR_CONN_REASON_MISC           9
00583 
00584 /* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
00585  * documentation of these.  The values must match. */
00586 #define END_STREAM_REASON_MISC 1
00587 #define END_STREAM_REASON_RESOLVEFAILED 2
00588 #define END_STREAM_REASON_CONNECTREFUSED 3
00589 #define END_STREAM_REASON_EXITPOLICY 4
00590 #define END_STREAM_REASON_DESTROY 5
00591 #define END_STREAM_REASON_DONE 6
00592 #define END_STREAM_REASON_TIMEOUT 7
00593 #define END_STREAM_REASON_NOROUTE 8
00594 #define END_STREAM_REASON_HIBERNATING 9
00595 #define END_STREAM_REASON_INTERNAL 10
00596 #define END_STREAM_REASON_RESOURCELIMIT 11
00597 #define END_STREAM_REASON_CONNRESET 12
00598 #define END_STREAM_REASON_TORPROTOCOL 13
00599 #define END_STREAM_REASON_NOTDIRECTORY 14
00600 #define END_STREAM_REASON_ENTRYPOLICY 15
00601 
00602 /* These high-numbered end reasons are not part of the official spec,
00603  * and are not intended to be put in relay end cells. They are here
00604  * to be more informative when sending back socks replies to the
00605  * application. */
00606 /* XXXX 256 is no longer used; feel free to reuse it. */
00608 /* XXXX the ways we use this one don't make a lot of sense. */
00609 #define END_STREAM_REASON_CANT_ATTACH 257
00610 
00612 #define END_STREAM_REASON_NET_UNREACHABLE 258
00613 
00615 #define END_STREAM_REASON_SOCKSPROTOCOL 259
00616 
00618 #define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260
00619 
00621 #define END_STREAM_REASON_INVALID_NATD_DEST 261
00622 
00624 #define END_STREAM_REASON_PRIVATE_ADDR 262
00625 
00627 #define END_STREAM_REASON_MASK 511
00628 
00631 #define END_STREAM_REASON_FLAG_REMOTE 512
00632 
00634 #define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024
00635 
00638 #define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
00639 
00642 #define REMAP_STREAM_SOURCE_CACHE 1
00643 
00645 #define REMAP_STREAM_SOURCE_EXIT 2
00646 
00647 /* 'type' values to use in RESOLVED cells.  Specified in tor-spec.txt. */
00648 #define RESOLVED_TYPE_HOSTNAME 0
00649 #define RESOLVED_TYPE_IPV4 4
00650 #define RESOLVED_TYPE_IPV6 6
00651 #define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
00652 #define RESOLVED_TYPE_ERROR 0xF1
00653 
00654 /* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
00655  * call; they only go to the controller for tracking  */
00658 #define END_CIRC_REASON_MEASUREMENT_EXPIRED -3
00659 
00661 #define END_CIRC_REASON_NOPATH          -2
00662 
00663 #define END_CIRC_AT_ORIGIN              -1
00664 
00665 /* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt for
00666  * documentation of these. */
00667 #define _END_CIRC_REASON_MIN            0
00668 #define END_CIRC_REASON_NONE            0
00669 #define END_CIRC_REASON_TORPROTOCOL     1
00670 #define END_CIRC_REASON_INTERNAL        2
00671 #define END_CIRC_REASON_REQUESTED       3
00672 #define END_CIRC_REASON_HIBERNATING     4
00673 #define END_CIRC_REASON_RESOURCELIMIT   5
00674 #define END_CIRC_REASON_CONNECTFAILED   6
00675 #define END_CIRC_REASON_OR_IDENTITY     7
00676 #define END_CIRC_REASON_OR_CONN_CLOSED  8
00677 #define END_CIRC_REASON_FINISHED        9
00678 #define END_CIRC_REASON_TIMEOUT         10
00679 #define END_CIRC_REASON_DESTROYED       11
00680 #define END_CIRC_REASON_NOSUCHSERVICE   12
00681 #define _END_CIRC_REASON_MAX            12
00682 
00686 #define END_CIRC_REASON_FLAG_REMOTE     512
00687 
00689 #define REND_SERVICE_ID_LEN_BASE32 16
00690 
00692 #define REND_SERVICE_ADDRESS_LEN (16+1+5)
00693 
00695 #define REND_SERVICE_ID_LEN 10
00696 
00698 #define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)
00699 
00702 #define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS (60*60)
00703 
00706 #define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS 2
00707 
00709 #define REND_NUMBER_OF_CONSECUTIVE_REPLICAS 3
00710 
00712 #define REND_DESC_ID_V2_LEN_BASE32 32
00713 
00716 #define REND_SECRET_ID_PART_LEN_BASE32 32
00717 
00720 #define REND_INTRO_POINT_ID_LEN_BASE32 32
00721 
00724 #define REND_DESC_COOKIE_LEN 16
00725 
00728 #define REND_DESC_COOKIE_LEN_BASE64 22
00729 
00732 #define REND_BASIC_AUTH_CLIENT_ID_LEN 4
00733 
00737 #define REND_BASIC_AUTH_CLIENT_MULTIPLE 16
00738 
00741 #define REND_BASIC_AUTH_CLIENT_ENTRY_LEN (REND_BASIC_AUTH_CLIENT_ID_LEN \
00742                                           + CIPHER_KEY_LEN)
00743 
00745 #define REND_DESC_MAX_SIZE (20 * 1024)
00746 
00749 #define REND_LEGAL_CLIENTNAME_CHARACTERS \
00750   "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-_"
00751 
00753 #define REND_CLIENTNAME_MAX_LEN 16
00754 
00757 #define REND_COOKIE_LEN DIGEST_LEN
00758 
00760 typedef enum rend_auth_type_t {
00761   REND_NO_AUTH      = 0,
00762   REND_BASIC_AUTH   = 1,
00763   REND_STEALTH_AUTH = 2,
00764 } rend_auth_type_t;
00765 
00767 typedef struct rend_service_authorization_t {
00768   char descriptor_cookie[REND_DESC_COOKIE_LEN];
00769   char onion_address[REND_SERVICE_ADDRESS_LEN+1];
00770   rend_auth_type_t auth_type;
00771 } rend_service_authorization_t;
00772 
00776 typedef struct rend_data_t {
00778   char onion_address[REND_SERVICE_ID_LEN_BASE32+1];
00779 
00781   char descriptor_cookie[REND_DESC_COOKIE_LEN];
00782 
00784   rend_auth_type_t auth_type;
00785 
00787   char rend_pk_digest[DIGEST_LEN];
00788 
00790   char rend_cookie[REND_COOKIE_LEN];
00791 } rend_data_t;
00792 
00796 #define REND_REPLAY_TIME_INTERVAL (5 * 60)
00797 
00799 typedef enum {
00800   CELL_DIRECTION_IN=1, 
00801   CELL_DIRECTION_OUT=2, 
00802 } cell_direction_t;
00803 
00806 #define CIRCWINDOW_START 1000
00807 #define CIRCWINDOW_START_MIN 100
00808 #define CIRCWINDOW_START_MAX 1000
00809 
00810 #define CIRCWINDOW_INCREMENT 100
00811 
00813 #define STREAMWINDOW_START 500
00814 
00815 #define STREAMWINDOW_INCREMENT 50
00816 
00817 /* Cell commands.  These values are defined in tor-spec.txt. */
00818 #define CELL_PADDING 0
00819 #define CELL_CREATE 1
00820 #define CELL_CREATED 2
00821 #define CELL_RELAY 3
00822 #define CELL_DESTROY 4
00823 #define CELL_CREATE_FAST 5
00824 #define CELL_CREATED_FAST 6
00825 #define CELL_VERSIONS 7
00826 #define CELL_NETINFO 8
00827 #define CELL_RELAY_EARLY 9
00828 
00829 #define CELL_VPADDING 128
00830 #define CELL_CERTS 129
00831 #define CELL_AUTH_CHALLENGE 130
00832 #define CELL_AUTHENTICATE 131
00833 #define CELL_AUTHORIZE 132
00834 
00836 #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
00837 
00839 #define LEGAL_NICKNAME_CHARACTERS \
00840   "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
00841 
00844 #define DEFAULT_CLIENT_NICKNAME "client"
00845 
00847 #define UNNAMED_ROUTER_NICKNAME "Unnamed"
00848 
00850 #define SOCKS4_NETWORK_LEN 8
00851 
00852 /*
00853  * Relay payload:
00854  *         Relay command           [1 byte]
00855  *         Recognized              [2 bytes]
00856  *         Stream ID               [2 bytes]
00857  *         Partial SHA-1           [4 bytes]
00858  *         Length                  [2 bytes]
00859  *         Relay payload           [498 bytes]
00860  */
00861 
00863 #define CELL_PAYLOAD_SIZE 509
00864 
00865 #define CELL_NETWORK_SIZE 512
00866 
00868 #define VAR_CELL_HEADER_SIZE 5
00869 
00872 #define RELAY_HEADER_SIZE (1+2+2+4+2)
00873 
00874 #define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)
00875 
00877 typedef uint16_t circid_t;
00879 typedef uint16_t streamid_t;
00880 
00883 typedef struct cell_t {
00884   circid_t circ_id; 
00885   uint8_t command; 
00887   uint8_t payload[CELL_PAYLOAD_SIZE]; 
00888 } cell_t;
00889 
00891 typedef struct var_cell_t {
00893   uint8_t command;
00895   circid_t circ_id;
00897   uint16_t payload_len;
00899   uint8_t payload[FLEXIBLE_ARRAY_MEMBER];
00900 } var_cell_t;
00901 
00903 typedef struct packed_cell_t {
00904   struct packed_cell_t *next; 
00905   char body[CELL_NETWORK_SIZE]; 
00906 } packed_cell_t;
00907 
00910 typedef struct insertion_time_elem_t {
00911   struct insertion_time_elem_t *next; 
00912   uint32_t insertion_time; 
00914   unsigned counter; 
00915 } insertion_time_elem_t;
00916 
00918 typedef struct insertion_time_queue_t {
00919   struct insertion_time_elem_t *first; 
00920   struct insertion_time_elem_t *last; 
00921 } insertion_time_queue_t;
00922 
00925 typedef struct cell_queue_t {
00926   packed_cell_t *head; 
00927   packed_cell_t *tail; 
00928   int n; 
00929   insertion_time_queue_t *insertion_times; 
00930 } cell_queue_t;
00931 
00933 typedef struct {
00934   uint8_t command; 
00935   uint16_t recognized; 
00936   streamid_t stream_id; 
00937   char integrity[4]; 
00938   uint16_t length; 
00939 } relay_header_t;
00940 
00941 typedef struct buf_t buf_t;
00942 typedef struct socks_request_t socks_request_t;
00943 #ifdef USE_BUFFEREVENTS
00944 #define generic_buffer_t struct evbuffer
00945 #else
00946 #define generic_buffer_t buf_t
00947 #endif
00948 
00949 /* Values for connection_t.magic: used to make sure that downcasts (casts from
00950 * connection_t to foo_connection_t) are safe. */
00951 #define BASE_CONNECTION_MAGIC 0x7C3C304Eu
00952 #define OR_CONNECTION_MAGIC 0x7D31FF03u
00953 #define EDGE_CONNECTION_MAGIC 0xF0374013u
00954 #define ENTRY_CONNECTION_MAGIC 0xbb4a5703
00955 #define DIR_CONNECTION_MAGIC 0x9988ffeeu
00956 #define CONTROL_CONNECTION_MAGIC 0x8abc765du
00957 #define LISTENER_CONNECTION_MAGIC 0x1a1ac741u
00958 
00977 typedef struct connection_t {
00978   uint32_t magic; 
00981   uint8_t state; 
00982   unsigned int type:4; 
00983   unsigned int purpose:5; 
00985   /* The next fields are all one-bit booleans. Some are only applicable to
00986    * connection subtypes, but we hold them here anyway, to save space.
00987    */
00988   unsigned int read_blocked_on_bw:1; 
00990   unsigned int write_blocked_on_bw:1; 
00993   unsigned int hold_open_until_flushed:1; 
00996   unsigned int inbuf_reached_eof:1; 
01000   unsigned int in_flushed_some:1;
01001 
01002   /* For linked connections:
01003    */
01004   unsigned int linked:1; 
01007   unsigned int reading_from_linked_conn:1;
01009   unsigned int writing_to_linked_conn:1;
01012   unsigned int active_on_link:1;
01015   unsigned int linked_conn_is_closed:1;
01016 
01018   unsigned int proxy_state:4;
01019 
01022   tor_socket_t s;
01023   int conn_array_index; 
01025   struct event *read_event; 
01026   struct event *write_event; 
01027   buf_t *inbuf; 
01028   buf_t *outbuf; 
01029   size_t outbuf_flushlen; 
01031   time_t timestamp_lastread; 
01033   time_t timestamp_lastwritten; 
01036 #ifdef USE_BUFFEREVENTS
01037   struct bufferevent *bufev; 
01038 #endif
01039 
01040   time_t timestamp_created; 
01042   /* XXXX_IP6 make this IPv6-capable */
01043   int socket_family; 
01046   tor_addr_t addr; 
01048   uint16_t port; 
01050   uint16_t marked_for_close; 
01054   const char *marked_for_close_file; 
01056   char *address; 
01059   struct connection_t *linked_conn;
01060 
01062   uint64_t global_identifier;
01063 
01065   uint64_t dirreq_id;
01066 } connection_t;
01067 
01069 typedef struct listener_connection_t {
01070   connection_t _base;
01071 
01074   struct evdns_server_port *dns_server_port;
01075 
01084   int session_group;
01086   uint8_t isolation_flags;
01089 } listener_connection_t;
01090 
01092 #define OR_AUTH_CHALLENGE_LEN 32
01093 
01104 #define OR_CERT_TYPE_TLS_LINK 1
01105 
01107 #define OR_CERT_TYPE_ID_1024 2
01108 
01111 #define OR_CERT_TYPE_AUTH_1024 3
01112 
01120 #define AUTHTYPE_RSA_SHA256_TLSSECRET 1
01121 
01126 #define V3_AUTH_FIXED_PART_LEN (8+(32*6))
01127 
01129 #define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16)
01130 
01134 typedef struct or_handshake_state_t {
01137   time_t sent_versions_at;
01139   unsigned int started_here : 1;
01141   unsigned int received_versions : 1;
01143   unsigned int received_auth_challenge : 1;
01145   unsigned int received_certs_cell : 1;
01147   unsigned int received_authenticate : 1;
01148 
01149   /* True iff we've received valid authentication to some identity. */
01150   unsigned int authenticated : 1;
01151 
01161   unsigned int digest_sent_data : 1;
01162   unsigned int digest_received_data : 1;
01167   uint8_t authenticated_peer_id[DIGEST_LEN];
01168 
01174   crypto_digest_t *digest_sent;
01175   crypto_digest_t *digest_received;
01184   tor_cert_t *auth_cert;
01186   tor_cert_t *id_cert;
01188 } or_handshake_state_t;
01189 
01192 typedef struct or_connection_t {
01193   connection_t _base;
01194 
01197   char identity_digest[DIGEST_LEN];
01198   char *nickname; 
01200   tor_tls_t *tls; 
01201   int tls_error; 
01204   time_t client_used;
01205 
01206   tor_addr_t real_addr; 
01211   circ_id_type_t circ_id_type:2; 
01219   unsigned int is_canonical:1;
01226   unsigned int is_bad_for_new_circs:1;
01230   unsigned int is_connection_with_client:1;
01232   unsigned int is_outgoing:1;
01233   unsigned int proxy_type:2; 
01234   uint8_t link_proto; 
01236   circid_t next_circ_id; 
01240   or_handshake_state_t *handshake_state; 
01242   time_t timestamp_lastempty; 
01243   time_t timestamp_last_added_nonpadding; 
01246   /* bandwidth* and *_bucket only used by ORs in OPEN state: */
01247   int bandwidthrate; 
01248   int bandwidthburst; 
01249 #ifndef USE_BUFFEREVENTS
01250   int read_bucket; 
01253   int write_bucket; 
01254 #else
01255 
01257   /* XXXX we could share this among all connections. */
01258   struct ev_token_bucket_cfg *bucket_cfg;
01259 #endif
01260   int n_circuits; 
01266   struct circuit_t *active_circuits;
01274   smartlist_t *active_circuit_pqueue;
01277   unsigned active_circuit_pqueue_last_recalibrated;
01278   struct or_connection_t *next_with_same_id; 
01280 } or_connection_t;
01281 
01284 typedef struct edge_connection_t {
01285   connection_t _base;
01286 
01287   struct edge_connection_t *next_stream; 
01289   int package_window; 
01291   int deliver_window; 
01293   struct circuit_t *on_circuit; 
01298   struct crypt_path_t *cpath_layer;
01301   rend_data_t *rend_data;
01302 
01303   uint32_t address_ttl; 
01306   streamid_t stream_id; 
01310   uint16_t end_reason;
01311 
01313   uint32_t n_read;
01314 
01316   uint32_t n_written;
01317 
01319   unsigned int is_dns_request:1;
01320 
01321   unsigned int edge_has_sent_end:1; 
01327   unsigned int edge_blocked_on_circ:1;
01328 
01329 } edge_connection_t;
01330 
01333 typedef struct entry_connection_t {
01334   edge_connection_t _edge;
01335 
01337   char *chosen_exit_name;
01338 
01339   socks_request_t *socks_request; 
01342   /* === Isolation related, AP only. === */
01344   uint8_t isolation_flags;
01346   int session_group;
01348   unsigned nym_epoch;
01350   char *original_dest_address;
01351   /* Other fields to isolate on already exist.  The ClientAddr is addr.  The
01352      ClientProtocol is a combination of type and socks_request->
01353      socks_version.  SocksAuth is socks_request->username/password.
01354      DestAddr is in socks_request->address. */
01355 
01359   uint8_t num_socks_retries;
01360 
01364   generic_buffer_t *pending_optimistic_data;
01365   /* For AP connections only: buffer for data that we previously sent
01366   * optimistically which we are currently re-sending as we retry this
01367   * connection. */
01368   generic_buffer_t *sending_optimistic_data;
01369 
01372   struct evdns_server_request *dns_server_request;
01373 
01374 #define NUM_CIRCUITS_LAUNCHED_THRESHOLD 10
01375 
01379   unsigned int num_circuits_launched:4;
01380 
01383   unsigned int want_onehop:1;
01386   unsigned int use_begindir:1;
01387 
01390   unsigned int chosen_exit_optional:1;
01395   unsigned int chosen_exit_retries:3;
01396 
01399   unsigned int is_transparent_ap:1;
01400 
01405   unsigned int may_use_optimistic_data : 1;
01406 
01407 } entry_connection_t;
01408 
01411 typedef struct dir_connection_t {
01412   connection_t _base;
01413 
01420   char *requested_resource;
01421   unsigned int dirconn_direct:1; 
01423   /* Used only for server sides of some dir connections, to implement
01424    * "spooling" of directory material to the outbuf.  Otherwise, we'd have
01425    * to append everything to the outbuf in one enormous chunk. */
01427   enum {
01428     DIR_SPOOL_NONE=0, DIR_SPOOL_SERVER_BY_DIGEST, DIR_SPOOL_SERVER_BY_FP,
01429     DIR_SPOOL_EXTRA_BY_DIGEST, DIR_SPOOL_EXTRA_BY_FP,
01430     DIR_SPOOL_CACHED_DIR, DIR_SPOOL_NETWORKSTATUS,
01431     DIR_SPOOL_MICRODESC, /* NOTE: if we add another entry, add another bit. */
01432   } dir_spool_src : 3;
01435   uint8_t router_purpose;
01437   smartlist_t *fingerprint_stack;
01439   struct cached_dir_t *cached_dir;
01441   off_t cached_dir_offset;
01443   tor_zlib_state_t *zlib_state;
01444 
01446   rend_data_t *rend_data;
01447 
01448   char identity_digest[DIGEST_LEN]; 
01451 } dir_connection_t;
01452 
01454 typedef struct control_connection_t {
01455   connection_t _base;
01456 
01457   uint32_t event_mask; 
01461   unsigned int have_sent_protocolinfo:1;
01464   unsigned int is_owning_control_connection:1;
01465 
01470   char *safecookie_client_hash;
01471 
01473   uint32_t incoming_cmd_len;
01475   uint32_t incoming_cmd_cur_len;
01478   char *incoming_cmd;
01479 } control_connection_t;
01480 
01482 #define TO_CONN(c) (&(((c)->_base)))
01483 
01484 #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, _base))
01485 
01487 #define ENTRY_TO_EDGE_CONN(c) (&(((c))->_edge))
01488 
01489 #define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))
01490 
01493 static or_connection_t *TO_OR_CONN(connection_t *);
01496 static dir_connection_t *TO_DIR_CONN(connection_t *);
01499 static edge_connection_t *TO_EDGE_CONN(connection_t *);
01502 static entry_connection_t *TO_ENTRY_CONN(connection_t *);
01505 static entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *);
01508 static control_connection_t *TO_CONTROL_CONN(connection_t *);
01511 static listener_connection_t *TO_LISTENER_CONN(connection_t *);
01512 
01513 static INLINE or_connection_t *TO_OR_CONN(connection_t *c)
01514 {
01515   tor_assert(c->magic == OR_CONNECTION_MAGIC);
01516   return DOWNCAST(or_connection_t, c);
01517 }
01518 static INLINE dir_connection_t *TO_DIR_CONN(connection_t *c)
01519 {
01520   tor_assert(c->magic == DIR_CONNECTION_MAGIC);
01521   return DOWNCAST(dir_connection_t, c);
01522 }
01523 static INLINE edge_connection_t *TO_EDGE_CONN(connection_t *c)
01524 {
01525   tor_assert(c->magic == EDGE_CONNECTION_MAGIC ||
01526              c->magic == ENTRY_CONNECTION_MAGIC);
01527   return DOWNCAST(edge_connection_t, c);
01528 }
01529 static INLINE entry_connection_t *TO_ENTRY_CONN(connection_t *c)
01530 {
01531   tor_assert(c->magic == ENTRY_CONNECTION_MAGIC);
01532   return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, _edge._base);
01533 }
01534 static INLINE entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *c)
01535 {
01536   tor_assert(c->_base.magic == ENTRY_CONNECTION_MAGIC);
01537   return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, _edge);
01538 }
01539 static INLINE control_connection_t *TO_CONTROL_CONN(connection_t *c)
01540 {
01541   tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
01542   return DOWNCAST(control_connection_t, c);
01543 }
01544 static INLINE listener_connection_t *TO_LISTENER_CONN(connection_t *c)
01545 {
01546   tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
01547   return DOWNCAST(listener_connection_t, c);
01548 }
01549 
01550 /* Conditional macros to help write code that works whether bufferevents are
01551    disabled or not.
01552 
01553    We can't just write:
01554       if (conn->bufev) {
01555         do bufferevent stuff;
01556       } else {
01557         do other stuff;
01558       }
01559    because the bufferevent stuff won't even compile unless we have a fairly
01560    new version of Libevent.  Instead, we say:
01561       IF_HAS_BUFFEREVENT(conn, { do_bufferevent_stuff } );
01562    or:
01563       IF_HAS_BUFFEREVENT(conn, {
01564         do bufferevent stuff;
01565       }) ELSE_IF_NO_BUFFEREVENT {
01566         do non-bufferevent stuff;
01567       }
01568    If we're compiling with bufferevent support, then the macros expand more or
01569    less to:
01570       if (conn->bufev) {
01571         do_bufferevent_stuff;
01572       } else {
01573         do non-bufferevent stuff;
01574       }
01575    and if we aren't using bufferevents, they expand more or less to:
01576       { do non-bufferevent stuff; }
01577 */
01578 #ifdef USE_BUFFEREVENTS
01579 #define HAS_BUFFEREVENT(c) (((c)->bufev) != NULL)
01580 #define IF_HAS_BUFFEREVENT(c, stmt)                \
01581   if ((c)->bufev) do {                             \
01582       stmt ;                                       \
01583   } while (0)
01584 #define ELSE_IF_NO_BUFFEREVENT ; else
01585 #define IF_HAS_NO_BUFFEREVENT(c)                   \
01586   if (NULL == (c)->bufev)
01587 #else
01588 #define HAS_BUFFEREVENT(c) (0)
01589 #define IF_HAS_BUFFEREVENT(c, stmt) (void)0
01590 #define ELSE_IF_NO_BUFFEREVENT ;
01591 #define IF_HAS_NO_BUFFEREVENT(c)                \
01592   if (1)
01593 #endif
01594 
01596 typedef enum {
01597   ADDR_POLICY_ACCEPT=1,
01598   ADDR_POLICY_REJECT=2,
01599 } addr_policy_action_t;
01600 
01602 typedef struct addr_policy_t {
01603   int refcnt; 
01604   addr_policy_action_t policy_type:2;
01605   unsigned int is_private:1; 
01607   unsigned int is_canonical:1; 
01610   maskbits_t maskbits; 
01613   tor_addr_t addr; 
01614   uint16_t prt_min; 
01615   uint16_t prt_max; 
01616 } addr_policy_t;
01617 
01620 typedef struct cached_dir_t {
01621   char *dir; 
01622   char *dir_z; 
01623   size_t dir_len; 
01624   size_t dir_z_len; 
01625   time_t published; 
01626   digests_t digests; 
01627   int refcnt; 
01628 } cached_dir_t;
01629 
01632 typedef enum {
01635   SAVED_NOWHERE=0,
01639   SAVED_IN_CACHE,
01642   /* FFFF (We could also mmap the file and grow the mmap as needed, or
01643    * lazy-load the descriptor text by using seek and read.  We don't, for
01644    * now.)
01645    */
01646   SAVED_IN_JOURNAL
01647 } saved_location_t;
01648 
01651 typedef enum {
01652   DL_SCHED_GENERIC = 0,
01653   DL_SCHED_CONSENSUS = 1,
01654   DL_SCHED_BRIDGE = 2,
01655 } download_schedule_t;
01656 
01659 typedef struct download_status_t {
01660   time_t next_attempt_at; 
01662   uint8_t n_download_failures; 
01664   download_schedule_t schedule : 8;
01665 } download_status_t;
01666 
01668 #define IMPOSSIBLE_TO_DOWNLOAD 255
01669 
01673 #define ROUTER_ANNOTATION_BUF_LEN 256
01674 
01676 typedef struct signed_descriptor_t {
01680   char *signed_descriptor_body;
01682   size_t annotations_len;
01684   size_t signed_descriptor_len;
01687   char signed_descriptor_digest[DIGEST_LEN];
01689   char identity_digest[DIGEST_LEN];
01691   time_t published_on;
01693   char extra_info_digest[DIGEST_LEN];
01696   download_status_t ei_dl_status;
01698   saved_location_t saved_location;
01701   off_t saved_offset;
01704   int routerlist_index;
01709   time_t last_listed_as_valid_until;
01710   /* If true, we do not ever try to save this object in the cache. */
01711   unsigned int do_not_cache : 1;
01712   /* If true, this item is meant to represent an extrainfo. */
01713   unsigned int is_extrainfo : 1;
01714   /* If true, we got an extrainfo for this item, and the digest was right,
01715    * but it was incompatible. */
01716   unsigned int extrainfo_is_bogus : 1;
01717   /* If true, we are willing to transmit this item unencrypted. */
01718   unsigned int send_unencrypted : 1;
01719 } signed_descriptor_t;
01720 
01722 typedef int16_t country_t;
01723 
01725 typedef struct {
01726   signed_descriptor_t cache_info;
01727   char *address; 
01728   char *nickname; 
01730   uint32_t addr; 
01731   uint16_t or_port; 
01732   uint16_t dir_port; 
01735   /* XXXXX187 Actually these should probably be part of a list of addresses,
01736    * not just a special case.  Use abstractions to access these; don't do it
01737    * directly. */
01738   tor_addr_t ipv6_addr;
01739   uint16_t ipv6_orport;
01740 
01741   crypto_pk_t *onion_pkey; 
01742   crypto_pk_t *identity_pkey;  
01744   char *platform; 
01746   /* link info */
01747   uint32_t bandwidthrate; 
01749   uint32_t bandwidthburst; 
01751   uint32_t bandwidthcapacity;
01752   smartlist_t *exit_policy; 
01754   long uptime; 
01755   smartlist_t *declared_family; 
01757   char *contact_info; 
01758   unsigned int is_hibernating:1; 
01760   unsigned int caches_extra_info:1; 
01762   unsigned int allow_single_hop_exits:1;  
01765   unsigned int wants_to_be_hs_dir:1; 
01767   unsigned int policy_is_reject_star:1; 
01771   unsigned int needs_retest_if_added:1;
01773   unsigned int ipv6_preferred:1;
01774 
01778 #define ROUTER_PURPOSE_GENERAL 0
01779 
01782 #define ROUTER_PURPOSE_CONTROLLER 1
01783 
01786 #define ROUTER_PURPOSE_BRIDGE 2
01787 
01789 #define ROUTER_PURPOSE_UNKNOWN 255
01790 
01791   /* In what way did we find out about this router?  One of ROUTER_PURPOSE_*.
01792    * Routers of different purposes are kept segregated and used for different
01793    * things; see notes on ROUTER_PURPOSE_* macros above.
01794    */
01795   uint8_t purpose;
01796 
01797   /* The below items are used only by authdirservers for
01798    * reachability testing. */
01799 
01801   time_t last_reachable;
01803   time_t testing_since;
01804 
01805 } routerinfo_t;
01806 
01808 typedef struct extrainfo_t {
01809   signed_descriptor_t cache_info;
01811   char nickname[MAX_NICKNAME_LEN+1];
01814   unsigned int bad_sig : 1;
01817   char *pending_sig;
01819   size_t pending_sig_len;
01820 } extrainfo_t;
01821 
01824 typedef struct routerstatus_t {
01825   time_t published_on; 
01826   char nickname[MAX_NICKNAME_LEN+1]; 
01828   char identity_digest[DIGEST_LEN]; 
01832   char descriptor_digest[DIGEST256_LEN];
01833   uint32_t addr; 
01834   uint16_t or_port; 
01835   uint16_t dir_port; 
01836   unsigned int is_authority:1; 
01837   unsigned int is_exit:1; 
01838   unsigned int is_stable:1; 
01839   unsigned int is_fast:1; 
01844   unsigned int is_flagged_running:1;
01845   unsigned int is_named:1; 
01846   unsigned int is_unnamed:1; 
01848   unsigned int is_valid:1; 
01849   unsigned int is_v2_dir:1; 
01853   unsigned int is_possible_guard:1; 
01855   unsigned int is_bad_exit:1; 
01857   unsigned int is_bad_directory:1; 
01859   unsigned int is_hs_dir:1; 
01864   unsigned int version_known:1;
01866   unsigned int version_supports_begindir:1;
01869   unsigned int version_supports_conditional_consensus:1;
01871   unsigned int version_supports_extrainfo_upload:1;
01874   unsigned int version_supports_v3_dir:1;
01877   unsigned int version_supports_microdesc_cache:1;
01880   unsigned int version_supports_optimistic_data:1;
01881 
01882   unsigned int has_bandwidth:1; 
01883   unsigned int has_exitsummary:1; 
01884   unsigned int has_measured_bw:1; 
01886   uint32_t measured_bw; 
01888   uint32_t bandwidth; 
01890   char *exitsummary; 
01893   /* ---- The fields below aren't derived from the networkstatus; they
01894    * hold local information only. */
01895 
01901   unsigned int need_to_mirror:1;
01902   time_t last_dir_503_at; 
01904   download_status_t dl_status;
01905 
01906 } routerstatus_t;
01907 
01909 typedef struct short_policy_entry_t {
01910   uint16_t min_port, max_port;
01911 } short_policy_entry_t;
01912 
01914 typedef struct short_policy_t {
01917   unsigned int is_accept : 1;
01919   unsigned int n_entries : 31;
01924   short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER];
01925 } short_policy_t;
01926 
01932 typedef struct microdesc_t {
01934   HT_ENTRY(microdesc_t) node;
01935 
01936   /* Cache information */
01937 
01941   time_t last_listed;
01943   saved_location_t saved_location : 3;
01945   unsigned int no_save : 1;
01947   unsigned int held_in_map : 1;
01949   unsigned int held_by_nodes;
01950 
01953   off_t off;
01954 
01955   /* The string containing the microdesc. */
01956 
01961   char *body;
01963   size_t bodylen;
01965   char digest[DIGEST256_LEN];
01966 
01967   /* Fields in the microdescriptor. */
01968 
01970   crypto_pk_t *onion_pkey;
01972   smartlist_t *family;
01974   short_policy_t *exit_policy;
01975 } microdesc_t;
01976 
01992 typedef struct node_t {
01993   /* Indexing information */
01994 
01996   HT_ENTRY(node_t) ht_ent;
01998   int nodelist_idx;
01999 
02002   char identity[DIGEST_LEN];
02003 
02004   microdesc_t *md;
02005   routerinfo_t *ri;
02006   routerstatus_t *rs;
02007 
02008   /* local info: copied from routerstatus, then possibly frobbed based
02009    * on experience.  Authorities set this stuff directly. */
02010 
02011   unsigned int is_running:1; 
02013   unsigned int is_valid:1; 
02016   unsigned int is_fast:1; 
02017   unsigned int is_stable:1; 
02018   unsigned int is_possible_guard:1; 
02019   unsigned int is_exit:1; 
02020   unsigned int is_bad_exit:1; 
02022   unsigned int is_bad_directory:1; 
02024   unsigned int is_hs_dir:1; 
02027   /* Local info: warning state. */
02028 
02029   unsigned int name_lookup_warned:1; 
02034   unsigned int rejects_all:1;
02035 
02036   /* Local info: derived. */
02037 
02039   country_t country;
02040 } node_t;
02041 
02044 #define MAX_ROUTERDESC_DOWNLOAD_FAILURES 8
02045 
02048 #define MAX_MICRODESC_DOWNLOAD_FAILURES 8
02049 
02051 typedef struct networkstatus_v2_t {
02053   time_t received_on;
02054 
02056   char networkstatus_digest[DIGEST_LEN];
02057 
02058   /* These fields come from the actual network-status document.*/
02059   time_t published_on; 
02061   char *source_address; 
02062   uint32_t source_addr; 
02063   uint16_t source_dirport; 
02065   unsigned int binds_names:1; 
02067   unsigned int recommends_versions:1; 
02070   unsigned int lists_bad_exits:1; 
02074   unsigned int lists_bad_directories:1;
02075 
02076   char identity_digest[DIGEST_LEN]; 
02077   char *contact; 
02078   crypto_pk_t *signing_key; 
02079   char *client_versions; 
02081   char *server_versions; 
02084   smartlist_t *entries; 
02086 } networkstatus_v2_t;
02087 
02091 typedef struct vote_microdesc_hash_t {
02093   struct vote_microdesc_hash_t *next;
02095   char *microdesc_hash_line;
02096 } vote_microdesc_hash_t;
02097 
02099 typedef struct vote_routerstatus_t {
02100   routerstatus_t status; 
02102   uint64_t flags; 
02104   char *version; 
02107   vote_microdesc_hash_t *microdesc;
02108 } vote_routerstatus_t;
02109 
02111 typedef struct document_signature_t {
02113   char identity_digest[DIGEST_LEN];
02115   char signing_key_digest[DIGEST_LEN];
02117   digest_algorithm_t alg;
02119   char *signature;
02121   int signature_len;
02122   unsigned int bad_signature : 1; 
02124   unsigned int good_signature : 1; 
02126 } document_signature_t;
02127 
02129 typedef struct networkstatus_voter_info_t {
02131   char identity_digest[DIGEST_LEN];
02132   char *nickname; 
02135   char legacy_id_digest[DIGEST_LEN];
02136   char *address; 
02137   uint32_t addr; 
02138   uint16_t dir_port; 
02139   uint16_t or_port; 
02140   char *contact; 
02141   char vote_digest[DIGEST_LEN]; 
02143   /* Nothing from here on is signed. */
02145   smartlist_t *sigs;
02146 } networkstatus_voter_info_t;
02147 
02149 typedef enum {
02150   NS_TYPE_VOTE,
02151   NS_TYPE_CONSENSUS,
02152   NS_TYPE_OPINION,
02153 } networkstatus_type_t;
02154 
02158 typedef enum {
02159   FLAV_NS = 0,
02160   FLAV_MICRODESC = 1,
02161 } consensus_flavor_t;
02162 
02164 #define N_CONSENSUS_FLAVORS ((int)(FLAV_MICRODESC)+1)
02165 
02168 typedef struct networkstatus_t {
02169   networkstatus_type_t type : 8; 
02170   consensus_flavor_t flavor : 8; 
02171   time_t published; 
02172   time_t valid_after; 
02173   time_t fresh_until; 
02175   time_t valid_until; 
02179   int consensus_method;
02181   smartlist_t *supported_methods;
02182 
02185   int vote_seconds;
02188   int dist_seconds;
02189 
02192   char *client_versions;
02193   char *server_versions;
02196   smartlist_t *known_flags;
02197 
02200   smartlist_t *net_params;
02201 
02204   smartlist_t *weight_params;
02205 
02209   smartlist_t *voters;
02210 
02211   struct authority_cert_t *cert; 
02214   digests_t digests;
02215 
02219   smartlist_t *routerstatus_list;
02220 
02223   digestmap_t *desc_digest_map;
02224 } networkstatus_t;
02225 
02228 typedef struct ns_detached_signatures_t {
02229   time_t valid_after;
02230   time_t fresh_until;
02231   time_t valid_until;
02232   strmap_t *digests; 
02233   strmap_t *signatures; 
02235 } ns_detached_signatures_t;
02236 
02238 typedef enum store_type_t {
02239   ROUTER_STORE = 0,
02240   EXTRAINFO_STORE = 1
02241 } store_type_t;
02242 
02245 typedef struct desc_store_t {
02249   const char *fname_base;
02253   const char *fname_alt_base;
02255   const char *description;
02256 
02257   tor_mmap_t *mmap; 
02259   store_type_t type; 
02262   size_t journal_len;
02264   size_t store_len;
02267   size_t bytes_dropped;
02268 } desc_store_t;
02269 
02271 typedef struct {
02273   struct digest_ri_map_t *identity_map;
02276   struct digest_sd_map_t *desc_digest_map;
02279   struct digest_ei_map_t *extra_info_map;
02283   struct digest_sd_map_t *desc_by_eid_map;
02285   smartlist_t *routers;
02288   smartlist_t *old_routers;
02292   desc_store_t desc_store;
02294   desc_store_t extrainfo_store;
02295 } routerlist_t;
02296 
02301 typedef struct extend_info_t {
02302   char nickname[MAX_HEX_NICKNAME_LEN+1]; 
02304   char identity_digest[DIGEST_LEN]; 
02305   uint16_t port; 
02306   tor_addr_t addr; 
02307   crypto_pk_t *onion_key; 
02308 } extend_info_t;
02309 
02312 typedef struct authority_cert_t {
02314   signed_descriptor_t cache_info;
02316   crypto_pk_t *identity_key;
02318   crypto_pk_t *signing_key;
02320   char signing_key_digest[DIGEST_LEN];
02322   time_t expires;
02324   uint32_t addr;
02326   uint16_t dir_port;
02329   uint8_t is_cross_certified;
02330 } authority_cert_t;
02331 
02341 typedef enum {
02342   NO_DIRINFO      = 0,
02345   V1_DIRINFO      = 1 << 0,
02347   V2_DIRINFO      = 1 << 1,
02349   V3_DIRINFO      = 1 << 2,
02351   HIDSERV_DIRINFO = 1 << 3,
02353   BRIDGE_DIRINFO  = 1 << 4,
02355   EXTRAINFO_DIRINFO=1 << 5,
02357   MICRODESC_DIRINFO=1 << 6,
02358 } dirinfo_type_t;
02359 
02360 #define CRYPT_PATH_MAGIC 0x70127012u
02361 
02364 typedef struct crypt_path_t {
02365   uint32_t magic;
02366 
02367   /* crypto environments */
02370   crypto_cipher_t *f_crypto;
02373   crypto_cipher_t *b_crypto;
02374 
02376   crypto_digest_t *f_digest; /* for integrity checking */
02378   crypto_digest_t *b_digest;
02379 
02382   crypto_dh_t *dh_handshake_state;
02388   uint8_t fast_handshake_state[DIGEST_LEN];
02390   char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
02391 
02393   extend_info_t *extend_info;
02394 
02400   uint8_t state;
02401 #define CPATH_STATE_CLOSED 0
02402 #define CPATH_STATE_AWAITING_KEYS 1
02403 #define CPATH_STATE_OPEN 2
02404   struct crypt_path_t *next; 
02407   struct crypt_path_t *prev; 
02410   int package_window; 
02412   int deliver_window; 
02414 } crypt_path_t;
02415 
02420 typedef struct {
02422   unsigned int refcount;
02425   crypt_path_t *cpath;
02426 } crypt_path_reference_t;
02427 
02428 #define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
02429 
02430 #define DH_KEY_LEN DH_BYTES
02431 #define ONIONSKIN_CHALLENGE_LEN (PKCS1_OAEP_PADDING_OVERHEAD+\
02432                                  CIPHER_KEY_LEN+\
02433                                  DH_KEY_LEN)
02434 #define ONIONSKIN_REPLY_LEN (DH_KEY_LEN+DIGEST_LEN)
02435 
02437 typedef struct {
02439   int desired_path_len;
02441   extend_info_t *chosen_exit;
02443   unsigned int need_uptime : 1;
02445   unsigned int need_capacity : 1;
02447   unsigned int is_internal : 1;
02451   unsigned int onehop_tunnel : 1;
02453   crypt_path_t *pending_final_cpath;
02456   crypt_path_reference_t *service_pending_final_cpath_ref;
02458   int failure_count;
02460   time_t expiry_time;
02461 } cpath_build_state_t;
02462 
02469 typedef struct {
02475   unsigned last_adjusted_tick;
02477   double cell_count;
02480   unsigned int is_for_p_conn : 1;
02483   int heap_index;
02484 } cell_ewma_t;
02485 
02486 #define ORIGIN_CIRCUIT_MAGIC 0x35315243u
02487 #define OR_CIRCUIT_MAGIC 0x98ABC04Fu
02488 
02512 typedef struct circuit_t {
02513   uint32_t magic; 
02517   cell_queue_t n_conn_cells;
02519   or_connection_t *n_conn;
02521   circid_t n_circ_id;
02522 
02525   extend_info_t *n_hop;
02526 
02529   unsigned int streams_blocked_on_n_conn : 1;
02532   unsigned int streams_blocked_on_p_conn : 1;
02533 
02534   uint8_t state; 
02535   uint8_t purpose; 
02540   int package_window;
02545   int deliver_window;
02546 
02550   char *n_conn_onionskin;
02551 
02555   struct timeval timestamp_created;
02568   time_t timestamp_dirty;
02569 
02570   uint16_t marked_for_close; 
02573   const char *marked_for_close_file; 
02579   struct circuit_t *next_active_on_n_conn;
02583   struct circuit_t *prev_active_on_n_conn;
02584   struct circuit_t *next; 
02587   uint64_t dirreq_id;
02588 
02592   cell_ewma_t n_cell_ewma;
02593 } circuit_t;
02594 
02597 #define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8
02598 
02601 typedef struct origin_circuit_t {
02602   circuit_t _base;
02603 
02606   edge_connection_t *p_streams;
02610   cpath_build_state_t *build_state;
02616   crypt_path_t *cpath;
02617 
02619   rend_data_t *rend_data;
02620 
02623   unsigned int remaining_relay_early_cells : 4;
02624 
02626   unsigned int is_ancient : 1;
02627 
02630   unsigned int has_opened : 1;
02631 
02646   unsigned int hs_circ_has_timed_out : 1;
02647 
02654   unsigned int hs_service_side_rend_circ_has_been_relaunched : 1;
02655 
02658   uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT];
02659 
02662   int relay_early_cells_sent;
02663 
02666   streamid_t next_stream_id;
02667 
02668   /* The intro key replaces the hidden service's public key if purpose is
02669    * S_ESTABLISH_INTRO or S_INTRO, provided that no unversioned rendezvous
02670    * descriptor is used. */
02671   crypto_pk_t *intro_key;
02672 
02674   /* XXXX NM This can get re-used after 2**32 circuits. */
02675   uint32_t global_identifier;
02676 
02682   unsigned int isolation_values_set : 1;
02688   unsigned int isolation_any_streams_attached : 1;
02689 
02693   uint8_t isolation_flags_mixed;
02694 
02708   uint8_t client_proto_type;
02709   uint8_t client_proto_socksver;
02710   uint16_t dest_port;
02711   tor_addr_t client_addr;
02712   char *dest_address;
02713   int session_group;
02714   unsigned nym_epoch;
02715   size_t socks_username_len;
02716   uint8_t socks_password_len;
02717   /* Note that the next two values are NOT NUL-terminated; see
02718      socks_username_len and socks_password_len for their lengths. */
02719   char *socks_username;
02720   char *socks_password;
02723   uint64_t associated_isolated_stream_global_id;
02726 } origin_circuit_t;
02727 
02730 typedef struct or_circuit_t {
02731   circuit_t _base;
02732 
02736   struct circuit_t *next_active_on_p_conn;
02740   struct circuit_t *prev_active_on_p_conn;
02741 
02743   circid_t p_circ_id;
02745   cell_queue_t p_conn_cells;
02747   or_connection_t *p_conn;
02749   edge_connection_t *n_streams;
02752   edge_connection_t *resolving_streams;
02755   crypto_cipher_t *p_crypto;
02758   crypto_cipher_t *n_crypto;
02759 
02763   crypto_digest_t *p_digest;
02767   crypto_digest_t *n_digest;
02768 
02771   struct or_circuit_t *rend_splice;
02772 
02773 #if REND_COOKIE_LEN >= DIGEST_LEN
02774 #define REND_TOKEN_LEN REND_COOKIE_LEN
02775 #else
02776 #define REND_TOKEN_LEN DIGEST_LEN
02777 #endif
02778 
02784   char rend_token[REND_TOKEN_LEN];
02785 
02786   /* ???? move to a subtype or adjunct structure? Wastes 20 bytes -NM */
02787   char handshake_digest[DIGEST_LEN]; 
02791   unsigned int remaining_relay_early_cells : 4;
02792 
02794   unsigned int is_first_hop : 1;
02795 
02798   uint32_t processed_cells;
02799 
02803   uint64_t total_cell_waiting_time;
02804 
02807   cell_ewma_t p_cell_ewma;
02808 } or_circuit_t;
02809 
02811 #define TO_CIRCUIT(x)  (&((x)->_base))
02812 
02815 static or_circuit_t *TO_OR_CIRCUIT(circuit_t *);
02818 static origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *);
02819 
02820 static INLINE or_circuit_t *TO_OR_CIRCUIT(circuit_t *x)
02821 {
02822   tor_assert(x->magic == OR_CIRCUIT_MAGIC);
02823   return DOWNCAST(or_circuit_t, x);
02824 }
02825 static INLINE origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *x)
02826 {
02827   tor_assert(x->magic == ORIGIN_CIRCUIT_MAGIC);
02828   return DOWNCAST(origin_circuit_t, x);
02829 }
02830 
02832 typedef enum invalid_router_usage_t {
02833   ALLOW_INVALID_ENTRY       =1,
02834   ALLOW_INVALID_EXIT        =2,
02835   ALLOW_INVALID_MIDDLE      =4,
02836   ALLOW_INVALID_RENDEZVOUS  =8,
02837   ALLOW_INVALID_INTRODUCTION=16,
02838 } invalid_router_usage_t;
02839 
02840 /* limits for TCP send and recv buffer size used for constrained sockets */
02841 #define MIN_CONSTRAINED_TCP_BUFFER 2048
02842 #define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */
02843 
02851 #define ISO_DESTPORT    (1u<<0)
02852 
02853 #define ISO_DESTADDR    (1u<<1)
02854 
02855 #define ISO_SOCKSAUTH   (1u<<2)
02856 
02857 #define ISO_CLIENTPROTO (1u<<3)
02858 
02859 #define ISO_CLIENTADDR  (1u<<4)
02860 
02861 #define ISO_SESSIONGRP  (1u<<5)
02862 
02863 #define ISO_NYM_EPOCH   (1u<<6)
02864 
02865 #define ISO_STREAM      (1u<<7)
02866 
02869 #define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)
02870 
02872 #define SESSION_GROUP_UNSET -1
02873 
02874 #define SESSION_GROUP_DIRCONN -2
02875 
02876 #define SESSION_GROUP_CONTROL_RESOLVE -3
02877 
02878 #define SESSION_GROUP_FIRST_AUTO -4
02879 
02881 typedef struct port_cfg_t {
02882   tor_addr_t addr; 
02883   int port; 
02885   uint8_t type; 
02886   unsigned is_unix_addr : 1; 
02888   /* Client port types (socks, dns, trans, natd) only: */
02889   uint8_t isolation_flags; 
02890   int session_group; 
02893   /* Server port types (or, dir) only: */
02894   unsigned int no_advertise : 1;
02895   unsigned int no_listen : 1;
02896   unsigned int all_addrs : 1;
02897   unsigned int ipv4_only : 1;
02898   unsigned int ipv6_only : 1;
02899 
02900   /* Unix sockets only: */
02902   char unix_addr[FLEXIBLE_ARRAY_MEMBER];
02903 } port_cfg_t;
02904 
02906 #define CONFIG_LINE_NORMAL 0
02907 
02909 #define CONFIG_LINE_APPEND 1
02910 /* Removes all previous configuration for an option. */
02911 #define CONFIG_LINE_CLEAR 2
02912 
02914 typedef struct config_line_t {
02915   char *key;
02916   char *value;
02917   struct config_line_t *next;
02919   unsigned int command:2;
02923   unsigned int fragile:1;
02924 } config_line_t;
02925 
02926 typedef struct routerset_t routerset_t;
02927 
02930 #define CFG_AUTO_PORT 0xc4005e
02931 
02933 typedef struct {
02934   uint32_t _magic;
02935 
02937   enum {
02938     CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD,
02939     CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS
02940   } command;
02941   const char *command_arg; 
02943   config_line_t *Logs; 
02945   int LogTimeGranularity; 
02947   int LogMessageDomains; 
02950   char *DebugLogFile; 
02951   char *DataDirectory; 
02952   char *Nickname; 
02953   char *Address; 
02954   char *PidFile; 
02956   int DynamicDHGroups; 
02958   routerset_t *ExitNodes; 
02961   routerset_t *EntryNodes;
02964   int StrictNodes; 
02967   routerset_t *ExcludeNodes;
02971   routerset_t *ExcludeExitNodes;
02976   routerset_t *_ExcludeExitNodesUnion;
02977 
02978   int DisableAllSwap; 
02982   smartlist_t *AllowInvalidNodes;
02984   invalid_router_usage_t _AllowInvalid;
02985   config_line_t *ExitPolicy; 
02986   int ExitPolicyRejectPrivate; 
02987   config_line_t *SocksPolicy; 
02988   config_line_t *DirPolicy; 
02990   config_line_t *SocksListenAddress;
02993   config_line_t *TransListenAddress;
02995   config_line_t *NATDListenAddress;
02997   config_line_t *DNSListenAddress;
02999   config_line_t *ORListenAddress;
03001   config_line_t *DirListenAddress;
03003   config_line_t *ControlListenAddress;
03005   char *OutboundBindAddress;
03008   config_line_t *RecommendedVersions;
03009   config_line_t *RecommendedClientVersions;
03010   config_line_t *RecommendedServerVersions;
03012   int DirAllowPrivateAddresses;
03013   char *User; 
03014   char *Group; 
03015   config_line_t *ORPort; 
03016   config_line_t *SocksPort; 
03018   config_line_t *TransPort;
03019   config_line_t *NATDPort; 
03021   config_line_t *ControlPort; 
03023   config_line_t *ControlSocket; 
03025   int ControlSocketsGroupWritable; 
03026   config_line_t *DirPort; 
03027   config_line_t *DNSPort; 
03028   int AssumeReachable; 
03029   int AuthoritativeDir; 
03030   int V1AuthoritativeDir; 
03032   int V2AuthoritativeDir; 
03034   int V3AuthoritativeDir; 
03036   int HSAuthoritativeDir; 
03038   int NamingAuthoritativeDir; 
03040   int VersioningAuthoritativeDir; 
03043   int BridgeAuthoritativeDir; 
03048   char *BridgePassword;
03051   char *_BridgePassword_AuthDigest;
03052 
03053   int UseBridges; 
03054   config_line_t *Bridges; 
03056   config_line_t *ClientTransportPlugin; 
03059   config_line_t *ServerTransportPlugin; 
03062   int BridgeRelay; 
03068   int UpdateBridgesFromAuthority;
03069 
03070   int AvoidDiskWrites; 
03072   int ClientOnly; 
03075   smartlist_t *PublishServerDescriptor;
03077   dirinfo_type_t _PublishServerDescriptor;
03079   int PublishHidServDescriptors;
03080   int FetchServerDescriptors; 
03081   int FetchHidServDescriptors; 
03082   int FetchV2Networkstatus; 
03084   int HidServDirectoryV2; 
03086   int VoteOnHidServDirectoriesV2; 
03088   int MinUptimeHidServDirectoryV2; 
03091   int FetchUselessDescriptors; 
03092   int AllDirActionsPrivate; 
03098   int Tor2webMode;
03099 
03103   int CloseHSClientCircuitsImmediatelyOnTimeout;
03104 
03107   int CloseHSServiceRendCircuitsImmediatelyOnTimeout;
03108 
03109   int ConnLimit; 
03110   int _ConnLimit; 
03111   int RunAsDaemon; 
03112   int FascistFirewall; 
03113   smartlist_t *FirewallPorts; 
03115   config_line_t *ReachableAddresses; 
03116   config_line_t *ReachableORAddresses; 
03117   config_line_t *ReachableDirAddresses; 
03119   int ConstrainedSockets; 
03120   uint64_t ConstrainedSockSize; 
03126   int RefuseUnknownExits;
03127 
03130   smartlist_t *LongLivedPorts;
03135   smartlist_t *RejectPlaintextPorts;
03139   smartlist_t *WarnPlaintextPorts;
03141   smartlist_t *TrackHostExits;
03142   int TrackHostExitsExpire; 
03144   config_line_t *AddressMap; 
03145   int AutomapHostsOnResolve; 
03149   smartlist_t *AutomapHostsSuffixes; 
03151   int RendPostPeriod; 
03153   int KeepalivePeriod; 
03155   int SocksTimeout; 
03157   int LearnCircuitBuildTimeout; 
03160   int CircuitBuildTimeout; 
03163   int CircuitIdleTimeout; 
03165   int CircuitStreamTimeout; 
03169   int MaxOnionsPending; 
03172   int NewCircuitPeriod; 
03174   int MaxCircuitDirtiness; 
03176   uint64_t BandwidthRate; 
03178   uint64_t BandwidthBurst; 
03180   uint64_t MaxAdvertisedBandwidth; 
03182   uint64_t RelayBandwidthRate; 
03184   uint64_t RelayBandwidthBurst; 
03186   uint64_t PerConnBWRate; 
03187   uint64_t PerConnBWBurst; 
03188   int NumCPUs; 
03189 //int RunTesting; /**< If true, create testing circuits to measure how well the
03190 //                 * other ORs are running. */
03191   config_line_t *RendConfigLines; 
03193   config_line_t *HidServAuth; 
03195   char *ContactInfo; 
03197   int HeartbeatPeriod; 
03200   char *HTTPProxy; 
03201   tor_addr_t HTTPProxyAddr; 
03202   uint16_t HTTPProxyPort; 
03203   char *HTTPProxyAuthenticator; 
03205   char *HTTPSProxy; 
03206   tor_addr_t HTTPSProxyAddr; 
03207   uint16_t HTTPSProxyPort; 
03208   char *HTTPSProxyAuthenticator; 
03210   char *Socks4Proxy; 
03211   tor_addr_t Socks4ProxyAddr; 
03212   uint16_t Socks4ProxyPort; 
03214   char *Socks5Proxy; 
03215   tor_addr_t Socks5ProxyAddr; 
03216   uint16_t Socks5ProxyPort; 
03217   char *Socks5ProxyUsername; 
03218   char *Socks5ProxyPassword; 
03223   config_line_t *DirServers;
03224 
03227   config_line_t *AlternateDirAuthority;
03228 
03230   config_line_t *AlternateBridgeAuthority;
03231 
03233   config_line_t *AlternateHSAuthority;
03234 
03235   char *MyFamily; 
03236   config_line_t *NodeFamilies; 
03238   smartlist_t *NodeFamilySets; 
03239   config_line_t *AuthDirBadDir; 
03241   config_line_t *AuthDirBadExit; 
03243   config_line_t *AuthDirReject; 
03245   config_line_t *AuthDirInvalid; 
03254   smartlist_t *AuthDirBadDirCCs;
03255   smartlist_t *AuthDirBadExitCCs;
03256   smartlist_t *AuthDirInvalidCCs;
03257   smartlist_t *AuthDirRejectCCs;
03260   int AuthDirListBadDirs; 
03262   int AuthDirListBadExits; 
03264   int AuthDirRejectUnlisted; 
03266   int AuthDirMaxServersPerAddr; 
03268   int AuthDirMaxServersPerAuthAddr; 
03274   uint64_t AuthDirFastGuarantee;
03275 
03278   uint64_t AuthDirGuardBWGuarantee;
03279 
03280   char *AccountingStart; 
03282   uint64_t AccountingMax; 
03287   config_line_t *HashedControlPassword;
03289   config_line_t *HashedControlSessionPassword;
03290 
03291   int CookieAuthentication; 
03293   char *CookieAuthFile; 
03294   int CookieAuthFileGroupReadable; 
03295   int LeaveStreamsUnattached; 
03298   int DisablePredictedCircuits; 
03304   char *OwningControllerProcess;
03305 
03306   int ShutdownWaitLength; 
03308   char *SafeLogging; 
03310   /* Derived from SafeLogging */
03311   enum {
03312     SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
03313   } _SafeLogging;
03314 
03315   int SafeSocks; 
03317 #define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? \
03318                            LOG_WARN : LOG_INFO)
03319   int ProtocolWarnings; 
03321   int TestSocks; 
03323   int HardwareAccel; 
03326   int TokenBucketRefillInterval;
03327   char *AccelName; 
03328   char *AccelDir; 
03329   int UseEntryGuards; 
03331   int NumEntryGuards; 
03332   int RephistTrackTime; 
03333   int FastFirstHopPK; 
03337   int FetchDirInfoEarly;
03338 
03340   int FetchDirInfoExtraEarly;
03341 
03342   char *VirtualAddrNetwork; 
03344   int ServerDNSSearchDomains; 
03347   int ServerDNSDetectHijacking; 
03349   int ServerDNSRandomizeCase; 
03351   char *ServerDNSResolvConfFile; 
03354   char *DirPortFrontPage; 
03358   int DisableDebuggerAttachment; 
03362   int ServerDNSAllowBrokenConfig;
03365   int CountPrivateBandwidth;
03366   smartlist_t *ServerDNSTestAddresses; 
03369   int EnforceDistinctSubnets; 
03371   int TunnelDirConns; 
03373   int PreferTunneledDirConns; 
03375   int PortForwarding; 
03377   char *PortForwardingHelper; 
03379   int AllowNonRFC953Hostnames; 
03382   int ServerDNSAllowNonRFC953Hostnames;
03383 
03386   int DownloadExtraInfo;
03387 
03390   int AllowSingleHopExits;
03393   int ExcludeSingleHopRelays;
03396   int AllowSingleHopCircuits;
03397 
03403   int AllowDotExit;
03404 
03407   int WarnUnsafeSocks;
03408 
03411   int DirReqStatistics;
03412 
03414   int ExitPortStatistics;
03415 
03417   int ConnDirectionStatistics;
03418 
03420   int CellStatistics;
03421 
03423   int EntryStatistics;
03424 
03426   int ExtraInfoStatistics;
03427 
03431   int ClientDNSRejectInternalAddresses;
03432 
03435   int ClientRejectInternalAddresses;
03436 
03438   int V3AuthVotingInterval;
03440   int V3AuthVoteDelay;
03442   int V3AuthDistDelay;
03444   int V3AuthNIntervalsValid;
03445 
03448   int V3AuthUseLegacyKey;
03449 
03451   char *V3BandwidthsFile;
03452 
03455   char *ConsensusParams;
03456 
03459   int TestingV3AuthInitialVotingInterval;
03460 
03463   int TestingV3AuthInitialVoteDelay;
03464 
03467   int TestingV3AuthInitialDistDelay;
03468 
03472   int TestingAuthDirTimeToLearnReachability;
03473 
03477   int TestingEstimatedDescriptorPropagationTime;
03478 
03482   int TestingTorNetwork;
03483 
03486   char *FallbackNetworkstatusFile;
03487 
03491   int BridgeRecordUsageByCountry;
03492 
03494   char *GeoIPFile;
03495 
03498   int ReloadTorrcOnSIGHUP;
03499 
03500   /* The main parameter for picking circuits within a connection.
03501    *
03502    * If this value is positive, when picking a cell to relay on a connection,
03503    * we always relay from the circuit whose weighted cell count is lowest.
03504    * Cells are weighted exponentially such that if one cell is sent
03505    * 'CircuitPriorityHalflife' seconds before another, it counts for half as
03506    * much.
03507    *
03508    * If this value is zero, we're disabling the cell-EWMA algorithm.
03509    *
03510    * If this value is negative, we're using the default approach
03511    * according to either Tor or a parameter set in the consensus.
03512    */
03513   double CircuitPriorityHalflife;
03514 
03517   int DisableIOCP;
03519   int _UseFilteringSSLBufferevents;
03520 
03524   int _UsingTestNetworkDefaults;
03525 
03528   int UseMicrodescriptors;
03529 
03531   char *ControlPortWriteToFile;
03533   int ControlPortFileGroupReadable;
03534 
03535 #define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
03536 
03538   int MaxClientCircuitsPending;
03539 
03542   int OptimisticData;
03543 
03547   int UserspaceIOCPBuffers;
03548 
03551   int DisableNetwork;
03552 
03557   int PathBiasCircThreshold;
03558   double PathBiasNoticeRate;
03559   double PathBiasDisableRate;
03560   int PathBiasScaleThreshold;
03561   int PathBiasScaleFactor;
03564 } or_options_t;
03565 
03567 typedef struct {
03568   uint32_t _magic;
03572   time_t next_write;
03573 
03575   time_t LastWritten;
03576 
03578   time_t AccountingIntervalStart;
03579   uint64_t AccountingBytesReadInInterval;
03580   uint64_t AccountingBytesWrittenInInterval;
03581   int AccountingSecondsActive;
03582   int AccountingSecondsToReachSoftLimit;
03583   time_t AccountingSoftLimitHitAt;
03584   uint64_t AccountingBytesAtSoftLimit;
03585   uint64_t AccountingExpectedUsage;
03586 
03588   config_line_t *EntryGuards;
03589 
03590   config_line_t *TransportProxies;
03591 
03600   time_t      BWHistoryReadEnds;
03601   int         BWHistoryReadInterval;
03602   smartlist_t *BWHistoryReadValues;
03603   smartlist_t *BWHistoryReadMaxima;
03604   time_t      BWHistoryWriteEnds;
03605   int         BWHistoryWriteInterval;
03606   smartlist_t *BWHistoryWriteValues;
03607   smartlist_t *BWHistoryWriteMaxima;
03608   time_t      BWHistoryDirReadEnds;
03609   int         BWHistoryDirReadInterval;
03610   smartlist_t *BWHistoryDirReadValues;
03611   smartlist_t *BWHistoryDirReadMaxima;
03612   time_t      BWHistoryDirWriteEnds;
03613   int         BWHistoryDirWriteInterval;
03614   smartlist_t *BWHistoryDirWriteValues;
03615   smartlist_t *BWHistoryDirWriteMaxima;
03616 
03618   config_line_t * BuildtimeHistogram;
03619   unsigned int TotalBuildTimes;
03620   unsigned int CircuitBuildAbandonedCount;
03621 
03623   char *TorVersion;
03624 
03627   config_line_t *ExtraLines;
03628 
03630   time_t LastRotatedOnionKey;
03631 } or_state_t;
03632 
03636 static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
03637 {
03638   if (state->next_write > when)
03639     state->next_write = when;
03640 }
03641 
03642 #define MAX_SOCKS_REPLY_LEN 1024
03643 #define MAX_SOCKS_ADDR_LEN 256
03644 #define SOCKS_NO_AUTH 0x00
03645 #define SOCKS_USER_PASS 0x02
03646 
03648 #define SOCKS_COMMAND_CONNECT       0x01
03649 
03650 #define SOCKS_COMMAND_RESOLVE       0xF0
03651 
03652 #define SOCKS_COMMAND_RESOLVE_PTR   0xF1
03653 
03654 #define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT)
03655 #define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \
03656                                      (c)==SOCKS_COMMAND_RESOLVE_PTR)
03657 
03661 struct socks_request_t {
03665   uint8_t socks_version;
03669   uint8_t auth_type;
03671   uint8_t command;
03673   uint8_t listener_type;
03674   size_t replylen; 
03675   uint8_t reply[MAX_SOCKS_REPLY_LEN]; 
03681   char address[MAX_SOCKS_ADDR_LEN]; 
03683   uint16_t port; 
03684   unsigned int has_finished : 1; 
03687   unsigned int got_auth : 1; 
03690   size_t usernamelen;
03692   uint8_t passwordlen;
03696   char *username;
03699   char *password;
03700 };
03701 
03702 /********************************* circuitbuild.c **********************/
03703 
03705 #define DEFAULT_ROUTE_LEN 3
03706 
03707 /* Circuit Build Timeout "public" structures. */
03708 
03710 #define BW_WEIGHT_SCALE   10000
03711 #define BW_MIN_WEIGHT_SCALE 1
03712 #define BW_MAX_WEIGHT_SCALE INT32_MAX
03713 
03716 #define CBT_NCIRCUITS_TO_OBSERVE 1000
03717 
03719 #define CBT_BIN_WIDTH ((build_time_t)50)
03720 
03722 #define CBT_DEFAULT_NUM_XM_MODES 3
03723 #define CBT_MIN_NUM_XM_MODES 1
03724 #define CBT_MAX_NUM_XM_MODES 20
03725 
03727 typedef uint32_t build_time_t;
03728 
03733 #define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1))
03734 #define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX))
03735 
03737 #define CBT_SAVE_STATE_EVERY 10
03738 
03739 /* Circuit build times consensus parameters */
03740 
03745 #define CBT_DEFAULT_CLOSE_QUANTILE 95
03746 #define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF
03747 #define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF
03748 
03753 #define CBT_DEFAULT_RECENT_CIRCUITS 20
03754 #define CBT_MIN_RECENT_CIRCUITS 3
03755 #define CBT_MAX_RECENT_CIRCUITS 1000
03756 
03765 #define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10)
03766 #define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3
03767 #define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000
03768 
03770 #define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100
03771 #define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1
03772 #define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000
03773 
03775 #define CBT_DEFAULT_QUANTILE_CUTOFF 80
03776 #define CBT_MIN_QUANTILE_CUTOFF 10
03777 #define CBT_MAX_QUANTILE_CUTOFF 99
03778 double circuit_build_times_quantile_cutoff(void);
03779 
03781 #define CBT_DEFAULT_TEST_FREQUENCY 60
03782 #define CBT_MIN_TEST_FREQUENCY 1
03783 #define CBT_MAX_TEST_FREQUENCY INT32_MAX
03784 
03786 #define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500)
03787 #define CBT_MIN_TIMEOUT_MIN_VALUE 500
03788 #define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX
03789 
03791 #define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000)
03792 #define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE
03793 #define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX
03794 int32_t circuit_build_times_initial_timeout(void);
03795 
03796 #if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT
03797 #error "RECENT_CIRCUITS is set too low."
03798 #endif
03799 
03801 typedef struct {
03803   time_t network_last_live;
03805   int nonlive_timeouts;
03808   int8_t *timeouts_after_firsthop;
03810   int num_recent_circs;
03812   int after_firsthop_idx;
03813 } network_liveness_t;
03814 
03816 typedef struct {
03818   build_time_t circuit_build_times[CBT_NCIRCUITS_TO_OBSERVE];
03820   int build_times_idx;
03822   int total_build_times;
03824   network_liveness_t liveness;
03826   time_t last_circ_at;
03828   build_time_t Xm;
03830   double alpha;
03832   int have_computed_timeout;
03835   double timeout_ms;
03837   double close_ms;
03838 } circuit_build_times_t;
03839 
03840 /********************************* config.c ***************************/
03841 
03843 typedef enum setopt_err_t {
03844   SETOPT_OK = 0,
03845   SETOPT_ERR_MISC = -1,
03846   SETOPT_ERR_PARSE = -2,
03847   SETOPT_ERR_TRANSITION = -3,
03848   SETOPT_ERR_SETTING = -4,
03849 } setopt_err_t;
03850 
03851 /********************************* connection_edge.c *************************/
03852 
03854 typedef enum {
03856   ADDRMAPSRC_CONTROLLER,
03859   ADDRMAPSRC_AUTOMAP,
03862   ADDRMAPSRC_TORRC,
03865   ADDRMAPSRC_TRACKEXIT,
03868   ADDRMAPSRC_DNS,
03869 
03873   ADDRMAPSRC_NONE
03874 } addressmap_entry_source_t;
03875 
03876 /********************************* control.c ***************************/
03877 
03880 typedef enum circuit_status_event_t {
03881   CIRC_EVENT_LAUNCHED = 0,
03882   CIRC_EVENT_BUILT    = 1,
03883   CIRC_EVENT_EXTENDED = 2,
03884   CIRC_EVENT_FAILED   = 3,
03885   CIRC_EVENT_CLOSED   = 4,
03886 } circuit_status_event_t;
03887 
03890 typedef enum circuit_status_minor_event_t {
03891   CIRC_MINOR_EVENT_PURPOSE_CHANGED,
03892   CIRC_MINOR_EVENT_CANNIBALIZED,
03893 } circuit_status_minor_event_t;
03894 
03897 typedef enum stream_status_event_t {
03898   STREAM_EVENT_SENT_CONNECT = 0,
03899   STREAM_EVENT_SENT_RESOLVE = 1,
03900   STREAM_EVENT_SUCCEEDED    = 2,
03901   STREAM_EVENT_FAILED       = 3,
03902   STREAM_EVENT_CLOSED       = 4,
03903   STREAM_EVENT_NEW          = 5,
03904   STREAM_EVENT_NEW_RESOLVE  = 6,
03905   STREAM_EVENT_FAILED_RETRIABLE = 7,
03906   STREAM_EVENT_REMAP        = 8
03907 } stream_status_event_t;
03908 
03911 typedef enum or_conn_status_event_t {
03912   OR_CONN_EVENT_LAUNCHED     = 0,
03913   OR_CONN_EVENT_CONNECTED    = 1,
03914   OR_CONN_EVENT_FAILED       = 2,
03915   OR_CONN_EVENT_CLOSED       = 3,
03916   OR_CONN_EVENT_NEW          = 4,
03917 } or_conn_status_event_t;
03918 
03920 typedef enum buildtimeout_set_event_t {
03921   BUILDTIMEOUT_SET_EVENT_COMPUTED  = 0,
03922   BUILDTIMEOUT_SET_EVENT_RESET     = 1,
03923   BUILDTIMEOUT_SET_EVENT_SUSPENDED = 2,
03924   BUILDTIMEOUT_SET_EVENT_DISCARD = 3,
03925   BUILDTIMEOUT_SET_EVENT_RESUME = 4
03926 } buildtimeout_set_event_t;
03927 
03934 #define CONN_LOG_PROTECT(conn, stmt)                                    \
03935   STMT_BEGIN                                                            \
03936     int _log_conn_is_control;                                           \
03937     tor_assert(conn);                                                   \
03938     _log_conn_is_control = (conn->type == CONN_TYPE_CONTROL);           \
03939     if (_log_conn_is_control)                                           \
03940       disable_control_logging();                                        \
03941   STMT_BEGIN stmt; STMT_END;                                            \
03942     if (_log_conn_is_control)                                           \
03943       enable_control_logging();                                         \
03944   STMT_END
03945 
03948 typedef enum {
03949   BOOTSTRAP_STATUS_UNDEF=-1,
03950   BOOTSTRAP_STATUS_STARTING=0,
03951   BOOTSTRAP_STATUS_CONN_DIR=5,
03952   BOOTSTRAP_STATUS_HANDSHAKE=-2,
03953   BOOTSTRAP_STATUS_HANDSHAKE_DIR=10,
03954   BOOTSTRAP_STATUS_ONEHOP_CREATE=15,
03955   BOOTSTRAP_STATUS_REQUESTING_STATUS=20,
03956   BOOTSTRAP_STATUS_LOADING_STATUS=25,
03957   BOOTSTRAP_STATUS_LOADING_KEYS=40,
03958   BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS=45,
03959   BOOTSTRAP_STATUS_LOADING_DESCRIPTORS=50,
03960   BOOTSTRAP_STATUS_CONN_OR=80,
03961   BOOTSTRAP_STATUS_HANDSHAKE_OR=85,
03962   BOOTSTRAP_STATUS_CIRCUIT_CREATE=90,
03963   BOOTSTRAP_STATUS_DONE=100
03964 } bootstrap_status_t;
03965 
03966 /********************************* directory.c ***************************/
03967 
03969 typedef struct {
03970   char first[DIGEST_LEN];
03971   char second[DIGEST_LEN];
03972 } fp_pair_t;
03973 
03974 /********************************* dirserv.c ***************************/
03975 
03978 typedef enum {
03980   NS_V2,
03982   NS_V3_CONSENSUS,
03984   NS_V3_VOTE,
03986   NS_CONTROL_PORT,
03988   NS_V3_CONSENSUS_MICRODESC
03989 } routerstatus_format_type_t;
03990 
03991 #ifdef DIRSERV_PRIVATE
03992 typedef struct measured_bw_line_t {
03993   char node_id[DIGEST_LEN];
03994   char node_hex[MAX_HEX_NICKNAME_LEN+1];
03995   long int bw;
03996 } measured_bw_line_t;
03997 
03998 #endif
03999 
04000 /********************************* dirvote.c ************************/
04001 
04003 typedef struct vote_timing_t {
04006   int vote_interval;
04008   int n_intervals_valid;
04010   int vote_delay;
04012   int dist_delay;
04013 } vote_timing_t;
04014 
04015 /********************************* geoip.c **************************/
04016 
04019 #define DIR_RECORD_USAGE_GRANULARITY 8
04020 
04021 #define DIR_ENTRY_RECORD_USAGE_RETAIN_IPS (24*60*60)
04022 
04024 #define DIR_RECORD_USAGE_MIN_OBSERVATION_TIME (12*60*60)
04025 
04030 typedef enum {
04032   GEOIP_CLIENT_CONNECT = 0,
04034   GEOIP_CLIENT_NETWORKSTATUS = 1,
04036   GEOIP_CLIENT_NETWORKSTATUS_V2 = 2,
04037 } geoip_client_action_t;
04040 typedef enum {
04042   GEOIP_SUCCESS = 0,
04045   GEOIP_REJECT_NOT_ENOUGH_SIGS = 1,
04047   GEOIP_REJECT_UNAVAILABLE = 2,
04049   GEOIP_REJECT_NOT_FOUND = 3,
04051   GEOIP_REJECT_NOT_MODIFIED = 4,
04053   GEOIP_REJECT_BUSY = 5,
04054 } geoip_ns_response_t;
04055 #define GEOIP_NS_RESPONSE_NUM 6
04056 
04059 typedef enum {
04060   DIRREQ_DIRECT = 0,
04061   DIRREQ_TUNNELED = 1,
04062 } dirreq_type_t;
04063 
04066 typedef enum {
04070   DIRREQ_IS_FOR_NETWORK_STATUS = 0,
04074   DIRREQ_FLUSHING_DIR_CONN_FINISHED = 1,
04076   DIRREQ_END_CELL_SENT = 2,
04079   DIRREQ_CIRC_QUEUE_FLUSHED = 3,
04083   DIRREQ_OR_CONN_BUFFER_FLUSHED = 4
04084 } dirreq_state_t;
04085 
04086 #define WRITE_STATS_INTERVAL (24*60*60)
04087 
04088 /********************************* microdesc.c *************************/
04089 
04090 typedef struct microdesc_cache_t microdesc_cache_t;
04091 
04092 /********************************* networkstatus.c *********************/
04093 
04095 typedef enum {
04096   NS_FROM_CACHE, NS_FROM_DIR_BY_FP, NS_FROM_DIR_ALL, NS_GENERATED
04097 } v2_networkstatus_source_t;
04098 
04101 typedef enum version_status_t {
04102   VS_RECOMMENDED=0, 
04103   VS_OLD=1, 
04104   VS_NEW=2, 
04105   VS_NEW_IN_SERIES=3, 
04108   VS_UNRECOMMENDED=4, 
04109   VS_EMPTY=5, 
04110   VS_UNKNOWN, 
04111 } version_status_t;
04112 
04113 /********************************* policies.c ************************/
04114 
04116 typedef enum {
04118   ADDR_POLICY_ACCEPTED=0,
04120   ADDR_POLICY_REJECTED=-1,
04123   ADDR_POLICY_PROBABLY_ACCEPTED=1,
04126   ADDR_POLICY_PROBABLY_REJECTED=2,
04127 } addr_policy_result_t;
04128 
04129 /********************************* rephist.c ***************************/
04130 
04133 typedef enum {
04134   SIGN_DIR, SIGN_RTR,
04135   VERIFY_DIR, VERIFY_RTR,
04136   ENC_ONIONSKIN, DEC_ONIONSKIN,
04137   TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
04138   REND_CLIENT, REND_MID, REND_SERVER,
04139 } pk_op_t;
04140 
04141 /********************************* rendcommon.c ***************************/
04142 
04144 typedef struct rend_authorized_client_t {
04145   char *client_name;
04146   char descriptor_cookie[REND_DESC_COOKIE_LEN];
04147   crypto_pk_t *client_key;
04148 } rend_authorized_client_t;
04149 
04151 typedef struct rend_encoded_v2_service_descriptor_t {
04152   char desc_id[DIGEST_LEN]; 
04153   char *desc_str; 
04154 } rend_encoded_v2_service_descriptor_t;
04155 
04159 #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5
04160 
04166 #define INTRO_POINT_LIFETIME_INTRODUCTIONS 16384
04167 
04174 #define INTRO_POINT_LIFETIME_MIN_SECONDS 18*60*60
04175 
04179 #define INTRO_POINT_LIFETIME_MAX_SECONDS 24*60*60
04180 
04184 typedef struct rend_intro_point_t {
04185   extend_info_t *extend_info; 
04186   crypto_pk_t *intro_key; 
04194   unsigned int timed_out : 1;
04195 
04199   unsigned int unreachable_count : 3;
04200 
04203   unsigned int listed_in_last_desc : 1;
04204 
04208   unsigned int rend_service_note_removing_intro_point_called : 1;
04209 
04215   digestmap_t *accepted_intro_rsa_parts;
04216 
04220   time_t time_published;
04221 
04225   time_t time_to_expire;
04226 
04235   time_t time_expiring;
04236 } rend_intro_point_t;
04237 
04240 typedef struct rend_service_descriptor_t {
04241   crypto_pk_t *pk; 
04242   int version; 
04243   time_t timestamp; 
04244   uint16_t protocols; 
04248   smartlist_t *intro_nodes;
04250   int all_uploads_performed;
04255   smartlist_t *successful_uploads;
04256 } rend_service_descriptor_t;
04257 
04259 typedef struct rend_cache_entry_t {
04260   size_t len; 
04261   time_t received; 
04262   char *desc; 
04263   rend_service_descriptor_t *parsed; 
04264 } rend_cache_entry_t;
04265 
04266 /********************************* routerlist.c ***************************/
04267 
04269 typedef struct trusted_dir_server_t {
04270   char *description;
04271   char *nickname;
04272   char *address; 
04273   uint32_t addr; 
04274   uint16_t dir_port; 
04275   uint16_t or_port; 
04276   char digest[DIGEST_LEN]; 
04277   char v3_identity_digest[DIGEST_LEN]; 
04280   unsigned int is_running:1; 
04284   unsigned int has_accepted_serverdesc:1;
04285 
04287   dirinfo_type_t type;
04288 
04289   download_status_t v2_ns_dl_status; 
04291   time_t addr_current_at; 
04294   routerstatus_t fake_status; 
04299 } trusted_dir_server_t;
04300 
04301 #define ROUTER_REQUIRED_MIN_BANDWIDTH (20*1024)
04302 
04303 #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX
04304 
04305 /* Flags for pick_directory_server() and pick_trusteddirserver(). */
04309 #define PDS_ALLOW_SELF                 (1<<0)
04310 
04313 #define PDS_RETRY_IF_NO_SERVERS        (1<<1)
04314 
04319 #define PDS_IGNORE_FASCISTFIREWALL     (1<<2)
04320 
04332 #define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3)
04333 #define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4)
04334 
04335 #define _PDS_PREFER_TUNNELED_DIR_CONNS (1<<16)
04336 
04339 typedef enum bandwidth_weight_rule_t {
04340   NO_WEIGHTING, WEIGHT_FOR_EXIT, WEIGHT_FOR_MID, WEIGHT_FOR_GUARD,
04341   WEIGHT_FOR_DIR
04342 } bandwidth_weight_rule_t;
04343 
04346 typedef enum {
04347   CRN_NEED_UPTIME = 1<<0,
04348   CRN_NEED_CAPACITY = 1<<1,
04349   CRN_NEED_GUARD = 1<<2,
04350   CRN_ALLOW_INVALID = 1<<3,
04351   /* XXXX not used, apparently. */
04352   CRN_WEIGHT_AS_EXIT = 1<<5,
04353   CRN_NEED_DESC = 1<<6
04354 } router_crn_flags_t;
04355 
04357 typedef enum was_router_added_t {
04358   ROUTER_ADDED_SUCCESSFULLY = 1,
04359   ROUTER_ADDED_NOTIFY_GENERATOR = 0,
04360   ROUTER_BAD_EI = -1,
04361   ROUTER_WAS_NOT_NEW = -2,
04362   ROUTER_NOT_IN_CONSENSUS = -3,
04363   ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4,
04364   ROUTER_AUTHDIR_REJECTS = -5,
04365   ROUTER_WAS_NOT_WANTED = -6
04366 } was_router_added_t;
04367 
04368 /********************************* routerparse.c ************************/
04369 
04370 #define MAX_STATUS_TAG_LEN 32
04371 
04376 typedef struct tor_version_t {
04377   int major;
04378   int minor;
04379   int micro;
04382   enum { VER_PRE=0, VER_RC=1, VER_RELEASE=2, } status;
04383   int patchlevel;
04384   char status_tag[MAX_STATUS_TAG_LEN];
04385   int svn_revision;
04386 
04387   int git_tag_len;
04388   char git_tag[DIGEST_LEN];
04389 } tor_version_t;
04390 
04391 #endif
04392