📄 circuitbuild.c
字号:
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2008, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* $Id$ */
const char circuitbuild_c_id[] =
"$Id$";
/**
* \file circuitbuild.c
* \brief The actual details of building circuits.
**/
#include "or.h"
/********* START VARIABLES **********/
/** A global list of all circuits at this hop. */
extern circuit_t *global_circuitlist;
/** An entry_guard_t represents our information about a chosen long-term
* first hop, known as a "helper" node in the literature. We can't just
* use a routerinfo_t, since we want to remember these even when we
* don't have a directory. */
typedef struct {
char nickname[MAX_NICKNAME_LEN+1];
char identity[DIGEST_LEN];
time_t chosen_on_date; /**< Approximately when was this guard added?
* "0" if we don't know. */
char *chosen_by_version; /**< What tor version added this guard? NULL
* if we don't know. */
unsigned int made_contact : 1; /**< 0 if we have never connected to this
* router, 1 if we have. */
unsigned int can_retry : 1; /**< Should we retry connecting to this entry,
* in spite of having it marked as unreachable?*/
time_t bad_since; /**< 0 if this guard is currently usable, or the time at
* which it was observed to become (according to the
* directory or the user configuration) unusable. */
time_t unreachable_since; /**< 0 if we can connect to this guard, or the
* time at which we first noticed we couldn't
* connect to it. */
time_t last_attempted; /**< 0 if we can connect to this guard, or the time
* at which we last failed to connect to it. */
} entry_guard_t;
/** A list of our chosen entry guards. */
static smartlist_t *entry_guards = NULL;
/** A value of 1 means that the entry_guards list has changed
* and those changes need to be flushed to disk. */
static int entry_guards_dirty = 0;
/********* END VARIABLES ************/
static int circuit_deliver_create_cell(circuit_t *circ,
uint8_t cell_type, const char *payload);
static int onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit);
static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
static int onion_extend_cpath(origin_circuit_t *circ);
static int count_acceptable_routers(smartlist_t *routers);
static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
static void entry_guards_changed(void);
static time_t start_of_month(time_t when);
/** Iterate over values of circ_id, starting from conn-\>next_circ_id,
* and with the high bit specified by conn-\>circ_id_type, until we get
* a circ_id that is not in use by any other circuit on that conn.
*
* Return it, or 0 if can't get a unique circ_id.
*/
static uint16_t
get_unique_circ_id_by_conn(or_connection_t *conn)
{
uint16_t test_circ_id;
uint16_t attempts=0;
uint16_t high_bit;
tor_assert(conn);
if (conn->circ_id_type == CIRC_ID_TYPE_NEITHER) {
log_warn(LD_BUG, "Trying to pick a circuit ID for a connection from "
"a client with no identity.");
return 0;
}
high_bit = (conn->circ_id_type == CIRC_ID_TYPE_HIGHER) ? 1<<15 : 0;
do {
/* Sequentially iterate over test_circ_id=1...1<<15-1 until we find a
* circID such that (high_bit|test_circ_id) is not already used. */
test_circ_id = conn->next_circ_id++;
if (test_circ_id == 0 || test_circ_id >= 1<<15) {
test_circ_id = 1;
conn->next_circ_id = 2;
}
if (++attempts > 1<<15) {
/* Make sure we don't loop forever if all circ_id's are used. This
* matters because it's an external DoS opportunity.
*/
log_warn(LD_CIRC,"No unused circ IDs. Failing.");
return 0;
}
test_circ_id |= high_bit;
} while (circuit_get_by_circid_orconn(test_circ_id, conn));
return test_circ_id;
}
/** If <b>verbose</b> is false, allocate and return a comma-separated list of
* the currently built elements of circuit_t. If <b>verbose</b> is true, also
* list information about link status in a more verbose format using spaces.
* If <b>verbose_names</b> is false, give nicknames for Named routers and hex
* digests for others; if <b>verbose_names</b> is true, use $DIGEST=Name style
* names.
*/
static char *
circuit_list_path_impl(origin_circuit_t *circ, int verbose, int verbose_names)
{
crypt_path_t *hop;
smartlist_t *elements;
const char *states[] = {"closed", "waiting for keys", "open"};
char buf[128];
char *s;
elements = smartlist_create();
if (verbose) {
const char *nickname = build_state_get_exit_nickname(circ->build_state);
tor_snprintf(buf, sizeof(buf), "%s%s circ (length %d%s%s):",
circ->build_state->is_internal ? "internal" : "exit",
circ->build_state->need_uptime ? " (high-uptime)" : "",
circ->build_state->desired_path_len,
circ->_base.state == CIRCUIT_STATE_OPEN ? "" : ", exit ",
circ->_base.state == CIRCUIT_STATE_OPEN ? "" :
(nickname?nickname:"*unnamed*"));
smartlist_add(elements, tor_strdup(buf));
}
hop = circ->cpath;
do {
routerinfo_t *ri;
char *elt;
if (!hop)
break;
if (!verbose && hop->state != CPATH_STATE_OPEN)
break;
if (!hop->extend_info)
break;
if (verbose_names) {
elt = tor_malloc(MAX_VERBOSE_NICKNAME_LEN+1);
if ((ri = router_get_by_digest(hop->extend_info->identity_digest))) {
router_get_verbose_nickname(elt, ri);
} else if (hop->extend_info->nickname &&
is_legal_nickname(hop->extend_info->nickname)) {
elt[0] = '$';
base16_encode(elt+1, HEX_DIGEST_LEN+1,
hop->extend_info->identity_digest, DIGEST_LEN);
elt[HEX_DIGEST_LEN+1]= '~';
strlcpy(elt+HEX_DIGEST_LEN+2,
hop->extend_info->nickname, MAX_NICKNAME_LEN+1);
} else {
elt[0] = '$';
base16_encode(elt+1, HEX_DIGEST_LEN+1,
hop->extend_info->identity_digest, DIGEST_LEN);
}
} else { /* ! verbose_names */
if ((ri = router_get_by_digest(hop->extend_info->identity_digest)) &&
ri->is_named) {
elt = tor_strdup(hop->extend_info->nickname);
} else {
elt = tor_malloc(HEX_DIGEST_LEN+2);
elt[0] = '$';
base16_encode(elt+1, HEX_DIGEST_LEN+1,
hop->extend_info->identity_digest, DIGEST_LEN);
}
}
tor_assert(elt);
if (verbose) {
size_t len = strlen(elt)+2+strlen(states[hop->state])+1;
char *v = tor_malloc(len);
tor_assert(hop->state <= 2);
tor_snprintf(v,len,"%s(%s)",elt,states[hop->state]);
smartlist_add(elements, v);
tor_free(elt);
} else {
smartlist_add(elements, elt);
}
hop = hop->next;
} while (hop != circ->cpath);
s = smartlist_join_strings(elements, verbose?" ":",", 0, NULL);
SMARTLIST_FOREACH(elements, char*, cp, tor_free(cp));
smartlist_free(elements);
return s;
}
/** If <b>verbose</b> is false, allocate and return a comma-separated
* list of the currently built elements of circuit_t. If
* <b>verbose</b> is true, also list information about link status in
* a more verbose format using spaces.
*/
char *
circuit_list_path(origin_circuit_t *circ, int verbose)
{
return circuit_list_path_impl(circ, verbose, 0);
}
/** Allocate and return a comma-separated list of the currently built elements
* of circuit_t, giving each as a verbose nickname.
*/
char *
circuit_list_path_for_controller(origin_circuit_t *circ)
{
return circuit_list_path_impl(circ, 0, 1);
}
/** Log, at severity <b>severity</b>, the nicknames of each router in
* circ's cpath. Also log the length of the cpath, and the intended
* exit point.
*/
void
circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
{
char *s = circuit_list_path(circ,1);
log(severity,domain,"%s",s);
tor_free(s);
}
/** Tell the rep(utation)hist(ory) module about the status of the links
* in circ. Hops that have become OPEN are marked as successfully
* extended; the _first_ hop that isn't open (if any) is marked as
* unable to extend.
*/
/* XXXX Someday we should learn from OR circuits too. */
void
circuit_rep_hist_note_result(origin_circuit_t *circ)
{
crypt_path_t *hop;
char *prev_digest = NULL;
routerinfo_t *router;
hop = circ->cpath;
if (!hop) /* circuit hasn't started building yet. */
return;
if (server_mode(get_options())) {
routerinfo_t *me = router_get_my_routerinfo();
if (!me)
return;
prev_digest = me->cache_info.identity_digest;
}
do {
router = router_get_by_digest(hop->extend_info->identity_digest);
if (router) {
if (prev_digest) {
if (hop->state == CPATH_STATE_OPEN)
rep_hist_note_extend_succeeded(prev_digest,
router->cache_info.identity_digest);
else {
rep_hist_note_extend_failed(prev_digest,
router->cache_info.identity_digest);
break;
}
}
prev_digest = router->cache_info.identity_digest;
} else {
prev_digest = NULL;
}
hop=hop->next;
} while (hop!=circ->cpath);
}
/** Pick all the entries in our cpath. Stop and return 0 when we're
* happy, or return -1 if an error occurs. */
static int
onion_populate_cpath(origin_circuit_t *circ)
{
int r;
again:
r = onion_extend_cpath(circ);
if (r < 0) {
log_info(LD_CIRC,"Generating cpath hop failed.");
return -1;
}
if (r == 0)
goto again;
return 0; /* if r == 1 */
}
/** Create and return a new origin circuit. Initialize its purpose and
* build-state based on our arguments. The <b>flags</b> argument is a
* bitfield of CIRCLAUNCH_* flags. */
origin_circuit_t *
origin_circuit_init(uint8_t purpose, int flags)
{
/* sets circ->p_circ_id and circ->p_conn */
origin_circuit_t *circ = origin_circuit_new();
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OR_WAIT);
circ->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
circ->build_state->onehop_tunnel =
((flags & CIRCLAUNCH_ONEHOP_TUNNEL) ? 1 : 0);
circ->build_state->need_uptime =
((flags & CIRCLAUNCH_NEED_UPTIME) ? 1 : 0);
circ->build_state->need_capacity =
((flags & CIRCLAUNCH_NEED_CAPACITY) ? 1 : 0);
circ->build_state->is_internal =
((flags & CIRCLAUNCH_IS_INTERNAL) ? 1 : 0);
circ->_base.purpose = purpose;
return circ;
}
/** Build a new circuit for <b>purpose</b>. If <b>exit</b>
* is defined, then use that as your exit router, else choose a suitable
* exit node.
*
* Also launch a connection to the first OR in the chosen path, if
* it's not open already.
*/
origin_circuit_t *
circuit_establish_circuit(uint8_t purpose, extend_info_t *exit, int flags)
{
origin_circuit_t *circ;
int err_reason = 0;
circ = origin_circuit_init(purpose, flags);
if (onion_pick_cpath_exit(circ, exit) < 0 ||
onion_populate_cpath(circ) < 0) {
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOPATH);
return NULL;
}
control_event_circuit_status(circ, CIRC_EVENT_LAUNCHED, 0);
if ((err_reason = circuit_handle_first_hop(circ)) < 0) {
circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
return NULL;
}
return circ;
}
/** Start establishing the first hop of our circuit. Figure out what
* OR we should connect to, and if necessary start the connection to
* it. If we're already connected, then send the 'create' cell.
* Return 0 for ok, -reason if circ should be marked-for-close. */
int
circuit_handle_first_hop(origin_circuit_t *circ)
{
crypt_path_t *firsthop;
or_connection_t *n_conn;
char tmpbuf[INET_NTOA_BUF_LEN];
struct in_addr in;
int err_reason = 0;
firsthop = onion_next_hop_in_cpath(circ->cpath);
tor_assert(firsthop);
tor_assert(firsthop->extend_info);
/* now see if we're already connected to the first OR in 'route' */
in.s_addr = htonl(firsthop->extend_info->addr);
tor_inet_ntoa(&in, tmpbuf, sizeof(tmpbuf));
log_debug(LD_CIRC,"Looking for firsthop '%s:%u'",tmpbuf,
firsthop->extend_info->port);
/* imprint the circuit with its future n_conn->id */
memcpy(circ->_base.n_conn_id_digest, firsthop->extend_info->identity_digest,
DIGEST_LEN);
n_conn = connection_or_get_by_identity_digest(
firsthop->extend_info->identity_digest);
/* If we don't have an open conn, or the conn we have is obsolete
* (i.e. old or broken) and the other side will let us make a second
* connection without dropping it immediately... */
if (!n_conn || n_conn->_base.state != OR_CONN_STATE_OPEN ||
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -