tor-commits July 2011

tor-commits@lists.torproject.org

16 participants
868 discussions

[tor/master] Disable recording new broken conns when we have bootstrapped
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit 2a594fcde94ada2ef38d33d306b7df189a5e495c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jul 11 16:10:24 2011 -0400 Disable recording new broken conns when we have bootstrapped Rationale: right now there seems to be no way for our bootstrap status to dip under 100% once it has reached 100%. Thus, recording broken connections after that point is useless, and wastes memory. If at some point in the future we allow our bootstrap level to go backwards, then we should change this rule so that we disable recording broken connection states _as long as_ the bootstrap status is 100%. --- src/or/circuitbuild.c | 2 +- src/or/connection.c | 2 +- src/or/connection_or.c | 17 ++++++++++++++--- src/or/connection_or.h | 2 +- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 6a411d1..0e1dd52 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2117,7 +2117,7 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) "Looks like client functionality is working."); control_event_bootstrap(BOOTSTRAP_STATUS_DONE, 0); control_event_client_status(LOG_NOTICE, "CIRCUIT_ESTABLISHED"); - clear_broken_connection_map(); + clear_broken_connection_map(1); if (server_mode(options) && !check_whether_orport_reachable()) { inform_testing_reachability(); consider_testing_reachability(1, 1); diff --git a/src/or/connection.c b/src/or/connection.c index b0e0f84..d82a66e 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -555,7 +555,7 @@ connection_free_all(void) connection_or_clear_identity_map(); /* Clear out our list of broken connections */ - clear_broken_connection_map(); + clear_broken_connection_map(0); SMARTLIST_FOREACH(conns, connection_t *, conn, _connection_free(conn)); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index e755c7e..94f8e22 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -158,12 +158,18 @@ connection_or_set_identity_digest(or_connection_t *conn, const char *digest) */ static strmap_t *broken_connection_counts; +/** If true, do not record information in broken_connection_counts. */ +static int disable_broken_connection_counts = 0; + /** Record that an OR connection failed in state. */ static void note_broken_connection(const char *state) { void *ptr; intptr_t val; + if (disable_broken_connection_counts) + return; + if (!broken_connection_counts) broken_connection_counts = strmap_new(); @@ -174,13 +180,16 @@ note_broken_connection(const char *state) strmap_set(broken_connection_counts, state, ptr); } -/** Forget all recorded states for failed connections. */ +/** Forget all recorded states for failed connections. If + * stop_recording is true, don't record any more. */ void -clear_broken_connection_map(void) +clear_broken_connection_map(int stop_recording) { if (broken_connection_counts) strmap_free(broken_connection_counts, NULL); broken_connection_counts = NULL; + if (stop_recording) + disable_broken_connection_counts = 1; } /** Write a detailed description the state of orconn into the @@ -209,6 +218,8 @@ static void connection_or_note_state_when_broken(or_connection_t *orconn) { char buf[256]; + if (disable_broken_connection_counts) + return; connection_or_get_state_description(orconn, buf, sizeof(buf)); log_info(LD_HANDSHAKE,"Connection died in state '%s'", buf); note_broken_connection(buf); @@ -240,7 +251,7 @@ connection_or_report_broken_states(int severity, int domain) int total = 0; smartlist_t *items; - if (!broken_connection_counts) + if (!broken_connection_counts || disable_broken_connection_counts) return; items = smartlist_create(); diff --git a/src/or/connection_or.h b/src/or/connection_or.h index abcfe83..072edbd 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -14,7 +14,7 @@ void connection_or_remove_from_identity_map(or_connection_t *conn); void connection_or_clear_identity_map(void); -void clear_broken_connection_map(void); +void clear_broken_connection_map(int disable); or_connection_t *connection_or_get_for_extend(const char *digest, const tor_addr_t *target_addr, const char **msg_out,

1 0

[tor/master] Record the states of failing OR connections
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit 734d9486f62b0fb19c71cac7a484ae65091bd41d Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 22 15:29:30 2011 -0400 Record the states of failing OR connections This code lets us record the state of any outgoing OR connection that fails before it becomes open, so we can notice if they're all dying in the same SSL state or the same OR handshake state. More work is still needed: - We need documentation - We need to actually call the code that reports the failure when we realize that we're having a hard time connecting out or making circuits. - We need to periodically clear out all this data -- perhaps, whenever we build a circuit successfully? - We'll eventually want to expose it to controllers, perhaps. Partial implementation of feature 3116. --- src/common/tortls.c | 31 ++++++++++++++ src/common/tortls.h | 1 + src/or/connection.c | 3 + src/or/connection_or.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++ src/or/connection_or.h | 3 + 5 files changed, 144 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 94ca81b..8db47a6 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -222,6 +222,37 @@ ssl_state_to_string(int ssl_state) return buf; } +/** DOCDOC 3116 */ +void +tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz) +{ + const char *ssl_state; + const char *tortls_state; + + if (PREDICT_UNLIKELY(!tls || !tls->ssl)) { + strlcpy(buf, "(No SSL object)", sz); + return; + } + + ssl_state = ssl_state_to_string(tls->ssl->state); + switch (tls->state) { +#define CASE(st) case TOR_TLS_ST_##st: tortls_state = #st ; break + CASE(HANDSHAKE); + CASE(OPEN); + CASE(GOTCLOSE); + CASE(SENTCLOSE); + CASE(CLOSED); + CASE(RENEGOTIATE); + CASE(BUFFEREVENT); +#undef CASE + default: + tortls_state = "unknown"; + break; + } + + tor_snprintf(buf, sz, "%s in %s", ssl_state, tortls_state); +} + void tor_tls_log_one_error(tor_tls_t *tls, unsigned long err, int severity, int domain, const char *doing) diff --git a/src/common/tortls.h b/src/common/tortls.h index ecb5bd2..9b8108b 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -48,6 +48,7 @@ typedef struct tor_tls_t tor_tls_t; #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE) const char *tor_tls_err_to_string(int err); +void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz); void tor_tls_free_all(void); int tor_tls_context_init(int is_public_server, diff --git a/src/or/connection.c b/src/or/connection.c index e8a17e7..b0e0f84 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -554,6 +554,9 @@ connection_free_all(void) /* Unlink everything from the identity map. */ connection_or_clear_identity_map(); + /* Clear out our list of broken connections */ + clear_broken_connection_map(); + SMARTLIST_FOREACH(conns, connection_t *, conn, _connection_free(conn)); if (outgoing_addrs) { diff --git a/src/or/connection_or.c b/src/or/connection_or.c index fa86241..85df78b 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -150,6 +150,111 @@ connection_or_set_identity_digest(or_connection_t *conn, const char *digest) #endif } +/**************************************************************/ + +/** DOCDOC */ +static strmap_t *broken_connection_counts; + +/** DOCDOC */ +static void +note_broken_connection(const char *state) +{ + void *ptr; + intptr_t val; + if (!broken_connection_counts) + broken_connection_counts = strmap_new(); + + ptr = strmap_get(broken_connection_counts, state); + val = (intptr_t)ptr; + val++; + ptr = (void*)val; + strmap_set(broken_connection_counts, state, ptr); +} + +/** DOCDOC */ +void +clear_broken_connection_map(void) +{ + if (broken_connection_counts) + strmap_free(broken_connection_counts, NULL); + broken_connection_counts = NULL; +} + +/** DOCDOC */ +static void +connection_or_get_state_description(or_connection_t *orconn, + char *buf, size_t buflen) +{ + connection_t *conn = TO_CONN(orconn); + const char *conn_state; + char tls_state[256]; + + tor_assert(conn->type == CONN_TYPE_OR); + + conn_state = conn_state_to_string(conn->type, conn->state); + tor_tls_get_state_description(orconn->tls, tls_state, sizeof(tls_state)); + + tor_snprintf(buf, buflen, "%s with SSL state %s", conn_state, tls_state); +} + +/** DOCDOC */ +static void +connection_or_note_state_when_broken(or_connection_t *orconn) +{ + char buf[256]; + connection_or_get_state_description(orconn, buf, sizeof(buf)); + log_info(LD_HANDSHAKE,"Connection died in state '%s'", buf); + note_broken_connection(buf); +} + +/** DOCDOC */ +typedef struct broken_state_count_t { + intptr_t count; + const char *state; +} broken_state_count_t; + +/** DOCDOC */ +static int +broken_state_count_compare(const void **a_ptr, const void **b_ptr) +{ + const broken_state_count_t *a = *a_ptr, *b = *b_ptr; + return a->count - b->count; +} + +/** DOCDOC */ +void +connection_or_report_broken_states(int severity, int domain) +{ + int total = 0; + smartlist_t *items; + + if (!broken_connection_counts) { + log(severity, domain, "No broken connections reported"); + return; + } + items = smartlist_create(); + STRMAP_FOREACH(broken_connection_counts, state, void *, countptr) { + broken_state_count_t *c = tor_malloc(sizeof(broken_state_count_t)); + total += c->count = (intptr_t)countptr; + c->state = state; + smartlist_add(items, c); + } STRMAP_FOREACH_END; + + smartlist_sort(items, broken_state_count_compare); + + log(severity, domain, "%d connections have failed:", total); + + SMARTLIST_FOREACH_BEGIN(items, const broken_state_count_t *, c) { + log(severity, domain, + " %d connections died in state %s", (int)c->count, c->state); + } SMARTLIST_FOREACH_END(c); + + SMARTLIST_FOREACH(items, broken_state_count_t *, c, tor_free(c)); + smartlist_free(items); +} + +/**************************************************************/ + /** Pack the cell_t host-order structure src into network-order * in the buffer dest. See tor-spec.txt for details about the * wire format. @@ -364,6 +469,7 @@ connection_or_about_to_close(or_connection_t *or_conn) /* now mark things down as needed */ if (connection_or_nonopen_was_started_here(or_conn)) { const or_options_t *options = get_options(); + connection_or_note_state_when_broken(or_conn); rep_hist_note_connect_failed(or_conn->identity_digest, now); entry_guard_register_connect_status(or_conn->identity_digest,0, !options->HTTPSProxy, now); diff --git a/src/or/connection_or.h b/src/or/connection_or.h index f1acfd1..abcfe83 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -14,6 +14,7 @@ void connection_or_remove_from_identity_map(or_connection_t *conn); void connection_or_clear_identity_map(void); +void clear_broken_connection_map(void); or_connection_t *connection_or_get_for_extend(const char *digest, const tor_addr_t *target_addr, const char **msg_out, @@ -35,6 +36,8 @@ void connection_or_connect_failed(or_connection_t *conn, or_connection_t *connection_or_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest); +void connection_or_report_broken_states(int severity, int domain); + int connection_tls_start_handshake(or_connection_t *conn, int receiving); int connection_tls_continue_handshake(or_connection_t *conn);

1 0

[tor/master] Report the states of failed TLS connections from bootstrap_problem
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit b0de8560f6f7b54c363226c11d277b6b08b1cbc7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 28 14:29:29 2011 -0400 Report the states of failed TLS connections from bootstrap_problem --- changes/feature3116 | 5 +++++ src/or/control.c | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletions(-) diff --git a/changes/feature3116 b/changes/feature3116 new file mode 100644 index 0000000..386790c --- /dev/null +++ b/changes/feature3116 @@ -0,0 +1,5 @@ + o Major features: + - While we're trying to bootstrap, record how many TLS connections + fail in each state, and report which states saw the most failures + in response to any bootstrap failures. This feature may speed up + diagnosis of censorship events. diff --git a/src/or/control.c b/src/or/control.c index 6ea9dbe..fa0c6cf 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -18,6 +18,7 @@ #include "config.h" #include "connection.h" #include "connection_edge.h" +#include "connection_or.h" #include "control.h" #include "directory.h" #include "dirserv.h" @@ -4268,6 +4269,7 @@ control_event_bootstrap_problem(const char *warn, int reason) const char *tag, *summary; char buf[BOOTSTRAP_MSG_LEN]; const char *recommendation = "ignore"; + int severity; /* bootstrap_percent must not be in "undefined" state here. */ tor_assert(status >= 0); @@ -4292,12 +4294,17 @@ control_event_bootstrap_problem(const char *warn, int reason) status--; /* find a recognized status string based on current progress */ status = bootstrap_percent; /* set status back to the actual number */ - log_fn(!strcmp(recommendation, "warn") ? LOG_WARN : LOG_INFO, + severity = !strcmp(recommendation, "warn") ? LOG_WARN : LOG_INFO; + + log_fn(severity, LD_CONTROL, "Problem bootstrapping. Stuck at %d%%: %s. (%s; %s; " "count %d; recommendation %s)", status, summary, warn, orconn_end_reason_to_control_string(reason), bootstrap_problems, recommendation); + + connection_or_report_broken_states(severity, LD_HANDSHAKE); + tor_snprintf(buf, sizeof(buf), "BOOTSTRAP PROGRESS=%d TAG=%s SUMMARY=\"%s\" WARNING=\"%s\" REASON=%s " "COUNT=%d RECOMMENDATION=%s",

1 0

[tor/master] Split connection_about_to_close_connection into separate functions
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit a2ad31a92b85158f0dfa0a219ae5270e03b2ef02 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jun 22 13:57:19 2011 -0400 Split connection_about_to_close_connection into separate functions This patch does NOTHING but: - move code - add declarations and includes as needed to make the new code work - declare the new functions. --- changes/split_about_to_close | 3 + src/or/connection.c | 106 +++--------------------------------------- src/or/connection_edge.c | 65 +++++++++++++++++++++++++ src/or/connection_edge.h | 3 + src/or/connection_or.c | 45 ++++++++++++++++++ src/or/connection_or.h | 1 + src/or/directory.c | 22 +++++++++ src/or/directory.h | 1 + 8 files changed, 147 insertions(+), 99 deletions(-) diff --git a/changes/split_about_to_close b/changes/split_about_to_close new file mode 100644 index 0000000..2f5a679 --- /dev/null +++ b/changes/split_about_to_close @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Split connection_about_to_close into separate functions for each + connection type. diff --git a/src/or/connection.c b/src/or/connection.c index 5dbf052..e8a17e7 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -563,7 +563,9 @@ connection_free_all(void) } } -/** Do any cleanup needed: +/** + * Called when we're about to finally unlink and free a connection: + * perform necessary accounting and cleanup * - Directory conns that failed to fetch a rendezvous descriptor * need to inform pending rendezvous streams. * - OR conns need to call rep_hist_note_*() to record status. @@ -576,114 +578,20 @@ connection_free_all(void) void connection_about_to_close_connection(connection_t *conn) { - circuit_t *circ; - dir_connection_t *dir_conn; - or_connection_t *or_conn; - edge_connection_t *edge_conn; - time_t now = time(NULL); - tor_assert(conn->marked_for_close); - if (CONN_IS_EDGE(conn)) { - edge_conn = TO_EDGE_CONN(conn); - if (!edge_conn->edge_has_sent_end) { - log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) " - "hasn't sent end yet?", - conn->marked_for_close_file, conn->marked_for_close); - tor_fragile_assert(); - } - } - switch (conn->type) { case CONN_TYPE_DIR: - dir_conn = TO_DIR_CONN(conn); - if (conn->state < DIR_CONN_STATE_CLIENT_FINISHED) { - /* It's a directory connection and connecting or fetching - * failed: forget about this router, and maybe try again. */ - connection_dir_request_failed(dir_conn); - } - /* If we were trying to fetch a v2 rend desc and did not succeed, - * retry as needed. (If a fetch is successful, the connection state - * is changed to DIR_PURPOSE_HAS_FETCHED_RENDDESC to mark that - * refetching is unnecessary.) */ - if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 && - dir_conn->rend_data && - strlen(dir_conn->rend_data->onion_address) == - REND_SERVICE_ID_LEN_BASE32) - rend_client_refetch_v2_renddesc(dir_conn->rend_data); + connection_dir_about_to_close(TO_DIR_CONN(conn)); break; case CONN_TYPE_OR: - or_conn = TO_OR_CONN(conn); - /* Remember why we're closing this connection. */ - if (conn->state != OR_CONN_STATE_OPEN) { - /* Inform any pending (not attached) circs that they should - * give up. */ - circuit_n_conn_done(TO_OR_CONN(conn), 0); - /* now mark things down as needed */ - if (connection_or_nonopen_was_started_here(or_conn)) { - const or_options_t *options = get_options(); - rep_hist_note_connect_failed(or_conn->identity_digest, now); - entry_guard_register_connect_status(or_conn->identity_digest,0, - !options->HTTPSProxy, now); - if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) { - int reason = tls_error_to_orconn_end_reason(or_conn->tls_error); - control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED, - reason); - if (!authdir_mode_tests_reachability(options)) - control_event_bootstrap_problem( - orconn_end_reason_to_control_string(reason), reason); - } - } - } else if (conn->hold_open_until_flushed) { - /* We only set hold_open_until_flushed when we're intentionally - * closing a connection. */ - rep_hist_note_disconnect(or_conn->identity_digest, now); - control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED, - tls_error_to_orconn_end_reason(or_conn->tls_error)); - } else if (!tor_digest_is_zero(or_conn->identity_digest)) { - rep_hist_note_connection_died(or_conn->identity_digest, now); - control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED, - tls_error_to_orconn_end_reason(or_conn->tls_error)); - } - /* Now close all the attached circuits on it. */ - circuit_unlink_all_from_or_conn(TO_OR_CONN(conn), - END_CIRC_REASON_OR_CONN_CLOSED); + connection_or_about_to_close(TO_OR_CONN(conn)); break; case CONN_TYPE_AP: - edge_conn = TO_EDGE_CONN(conn); - if (edge_conn->socks_request->has_finished == 0) { - /* since conn gets removed right after this function finishes, - * there's no point trying to send back a reply at this point. */ - log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending" - " back a socks reply.", - conn->marked_for_close_file, conn->marked_for_close); - } - if (!edge_conn->end_reason) { - log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having" - " set end_reason.", - conn->marked_for_close_file, conn->marked_for_close); - } - if (edge_conn->dns_server_request) { - log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having" - " replied to DNS request.", - conn->marked_for_close_file, conn->marked_for_close); - dnsserv_reject_request(edge_conn); - } - control_event_stream_bandwidth(edge_conn); - control_event_stream_status(edge_conn, STREAM_EVENT_CLOSED, - edge_conn->end_reason); - circ = circuit_get_by_edge_conn(edge_conn); - if (circ) - circuit_detach_stream(circ, edge_conn); + connection_ap_about_to_close(TO_EDGE_CONN(conn)); break; case CONN_TYPE_EXIT: - edge_conn = TO_EDGE_CONN(conn); - circ = circuit_get_by_edge_conn(edge_conn); - if (circ) - circuit_detach_stream(circ, edge_conn); - if (conn->state == EXIT_CONN_STATE_RESOLVING) { - connection_dns_remove(edge_conn); - } + connection_exit_about_to_close(TO_EDGE_CONN(conn)); break; } } diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 3f6e87c..7516716 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -408,6 +408,71 @@ connection_edge_finished_connecting(edge_connection_t *edge_conn) return connection_edge_process_inbuf(edge_conn, 1); } +/** Common code to connection_(ap|exit)_about_to_close. */ +static void +connection_edge_about_to_close(edge_connection_t *edge_conn) +{ + if (!edge_conn->edge_has_sent_end) { + connection_t *conn = TO_CONN(edge_conn); + log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) " + "hasn't sent end yet?", + conn->marked_for_close_file, conn->marked_for_close); + tor_fragile_assert(); + } +} + +/* Called when we're about to finally unlink and free an AP (client) + * connection: perform necessary accounting and cleanup */ +void +connection_ap_about_to_close(edge_connection_t *edge_conn) +{ + circuit_t *circ; + connection_t *conn = TO_CONN(edge_conn); + + if (edge_conn->socks_request->has_finished == 0) { + /* since conn gets removed right after this function finishes, + * there's no point trying to send back a reply at this point. */ + log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending" + " back a socks reply.", + conn->marked_for_close_file, conn->marked_for_close); + } + if (!edge_conn->end_reason) { + log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having" + " set end_reason.", + conn->marked_for_close_file, conn->marked_for_close); + } + if (edge_conn->dns_server_request) { + log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having" + " replied to DNS request.", + conn->marked_for_close_file, conn->marked_for_close); + dnsserv_reject_request(edge_conn); + } + control_event_stream_bandwidth(edge_conn); + control_event_stream_status(edge_conn, STREAM_EVENT_CLOSED, + edge_conn->end_reason); + circ = circuit_get_by_edge_conn(edge_conn); + if (circ) + circuit_detach_stream(circ, edge_conn); +} + +/* Called when we're about to finally unlink and free an exit + * connection: perform necessary accounting and cleanup */ +void +connection_exit_about_to_close(edge_connection_t *edge_conn) +{ + circuit_t *circ; + connection_t *conn = TO_CONN(edge_conn); + + connection_edge_about_to_close(edge_conn); + + circ = circuit_get_by_edge_conn(edge_conn); + if (circ) + circuit_detach_stream(circ, edge_conn); + if (conn->state == EXIT_CONN_STATE_RESOLVING) { + connection_dns_remove(edge_conn); + } +} + /** Define a schedule for how long to wait between retrying * application connections. Rather than waiting a fixed amount of * time between each retry, we wait 10 seconds each for the first diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h index a7fc12e..1cb1281 100644 --- a/src/or/connection_edge.h +++ b/src/or/connection_edge.h @@ -27,6 +27,9 @@ int connection_edge_flushed_some(edge_connection_t *conn); int connection_edge_finished_flushing(edge_connection_t *conn); int connection_edge_finished_connecting(edge_connection_t *conn); +void connection_ap_about_to_close(edge_connection_t *edge_conn); +void connection_exit_about_to_close(edge_connection_t *edge_conn); + int connection_ap_handshake_send_begin(edge_connection_t *ap_conn); int connection_ap_handshake_send_resolve(edge_connection_t *ap_conn); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 5092f63..fa86241 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -13,6 +13,7 @@ #include "or.h" #include "buffers.h" #include "circuitbuild.h" +#include "circuitlist.h" #include "command.h" #include "config.h" #include "connection.h" @@ -347,6 +348,50 @@ connection_or_finished_connecting(or_connection_t *or_conn) return 0; } +/* Called when we're about to finally unlink and free an OR connection: + * perform necessary accounting and cleanup */ +void +connection_or_about_to_close(or_connection_t *or_conn) +{ + time_t now = time(NULL); + connection_t *conn = TO_CONN(or_conn); + + /* Remember why we're closing this connection. */ + if (conn->state != OR_CONN_STATE_OPEN) { + /* Inform any pending (not attached) circs that they should + * give up. */ + circuit_n_conn_done(TO_OR_CONN(conn), 0); + /* now mark things down as needed */ + if (connection_or_nonopen_was_started_here(or_conn)) { + const or_options_t *options = get_options(); + rep_hist_note_connect_failed(or_conn->identity_digest, now); + entry_guard_register_connect_status(or_conn->identity_digest,0, + !options->HTTPSProxy, now); + if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) { + int reason = tls_error_to_orconn_end_reason(or_conn->tls_error); + control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED, + reason); + if (!authdir_mode_tests_reachability(options)) + control_event_bootstrap_problem( + orconn_end_reason_to_control_string(reason), reason); + } + } + } else if (conn->hold_open_until_flushed) { + /* We only set hold_open_until_flushed when we're intentionally + * closing a connection. */ + rep_hist_note_disconnect(or_conn->identity_digest, now); + control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED, + tls_error_to_orconn_end_reason(or_conn->tls_error)); + } else if (!tor_digest_is_zero(or_conn->identity_digest)) { + rep_hist_note_connection_died(or_conn->identity_digest, now); + control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED, + tls_error_to_orconn_end_reason(or_conn->tls_error)); + } + /* Now close all the attached circuits on it. */ + circuit_unlink_all_from_or_conn(TO_OR_CONN(conn), + END_CIRC_REASON_OR_CONN_CLOSED); +} + /** Return 1 if identity digest id_digest is known to be a * currently or recently running relay. Otherwise return 0. */ int diff --git a/src/or/connection_or.h b/src/or/connection_or.h index 4a374ca..f1acfd1 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -25,6 +25,7 @@ int connection_or_process_inbuf(or_connection_t *conn); int connection_or_flushed_some(or_connection_t *conn); int connection_or_finished_flushing(or_connection_t *conn); int connection_or_finished_connecting(or_connection_t *conn); +void connection_or_about_to_close(or_connection_t *conn); int connection_or_digest_is_known_relay(const char *id_digest); void connection_or_update_token_buckets(smartlist_t *conns, const or_options_t *options); diff --git a/src/or/directory.c b/src/or/directory.c index 17413ed..c0d4c22 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2301,6 +2301,28 @@ connection_dir_process_inbuf(dir_connection_t *conn) return 0; } +/** Called when we're about to finally unlink and free a directory connection: + * perform necessary accounting and cleanup */ +void +connection_dir_about_to_close(dir_connection_t *dir_conn) +{ + connection_t *conn = TO_CONN(dir_conn); + + if (conn->state < DIR_CONN_STATE_CLIENT_FINISHED) { + /* It's a directory connection and connecting or fetching + * failed: forget about this router, and maybe try again. */ + connection_dir_request_failed(dir_conn); + } + /* If we were trying to fetch a v2 rend desc and did not succeed, + * retry as needed. (If a fetch is successful, the connection state + * is changed to DIR_PURPOSE_HAS_FETCHED_RENDDESC to mark that + * refetching is unnecessary.) */ + if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 && + dir_conn->rend_data && + strlen(dir_conn->rend_data->onion_address) == REND_SERVICE_ID_LEN_BASE32) + rend_client_refetch_v2_renddesc(dir_conn->rend_data); +} + /** Create an http response for the client conn out of * status and reason_phrase. Write it to conn. */ diff --git a/src/or/directory.h b/src/or/directory.h index caff938..b2c2220 100644 --- a/src/or/directory.h +++ b/src/or/directory.h @@ -48,6 +48,7 @@ int connection_dir_reached_eof(dir_connection_t *conn); int connection_dir_process_inbuf(dir_connection_t *conn); int connection_dir_finished_flushing(dir_connection_t *conn); int connection_dir_finished_connecting(dir_connection_t *conn); +void connection_dir_about_to_close(dir_connection_t *dir_conn); void connection_dir_request_failed(dir_connection_t *conn); void directory_initiate_command(const char *address, const tor_addr_t *addr, uint16_t or_port, uint16_t dir_port,

1 0

[tor/master] typo in feature2841; spotted by asn
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit a21c4c657a1d06e2c4fc72a2f85400944d0e6460 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jul 11 16:12:35 2011 -0400 typo in feature2841; spotted by asn --- changes/feature2841 | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/changes/feature2841 b/changes/feature2841 index aededbe..c5da061 100644 --- a/changes/feature2841 +++ b/changes/feature2841 @@ -1,6 +1,6 @@ o Major features: - Tor clients using bridges can now be configured to use a separate 'transport' proxy for each bridge. This helps to resist - censorship by allowing bridges to use protocol obfuxcation + censorship by allowing bridges to use protocol obfuscation plugins. It implements part of proposal 180.

1 0

[tor/master] Changes file for feature2841.
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit f4ed42eadf6317cd25b071e55d88e96ce83dc9ba Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jul 11 16:01:45 2011 -0400 Changes file for feature2841. --- changes/feature2841 | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/changes/feature2841 b/changes/feature2841 new file mode 100644 index 0000000..aededbe --- /dev/null +++ b/changes/feature2841 @@ -0,0 +1,6 @@ + o Major features: + - Tor clients using bridges can now be configured to use a + separate 'transport' proxy for each bridge. This helps to resist + censorship by allowing bridges to use protocol obfuxcation + plugins. It implements part of proposal 180. +

1 0

[tor/master] Trivial code tweaks and documentation updates.
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit 36468ec44b6dc3443b0142de83a100e2a853acf8 Author: George Kadianakis <desnacked(a)gmail.com> Date: Tue Jun 28 05:43:40 2011 +0200 Trivial code tweaks and documentation updates. --- src/or/circuitbuild.c | 15 ++++++++------- src/or/config.c | 6 +++--- src/or/connection.c | 26 ++++++++++++++++---------- src/or/main.c | 2 +- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index b1f967b..7857eda 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -4565,7 +4565,7 @@ clear_bridge_list(void) smartlist_clear(bridge_list); } -/** Free the transport_t transport. */ +/** Free the bridge bridge. */ static void bridge_free(bridge_info_t *bridge) { @@ -4590,7 +4590,7 @@ clear_transport_list(void) smartlist_clear(transport_list); } -/** Free the transport_t transport. */ +/** Free the pluggable transport struct transport. */ static void transport_free(transport_t *transport) { @@ -4639,8 +4639,8 @@ transport_add_from_config(const tor_addr_t *addr, uint16_t port, tor_addr_copy(&t->addr, addr); t->port = port; t->name = tor_strdup(name); - t->socks_version = socks_ver; + if (!transport_list) transport_list = smartlist_create(); @@ -4662,13 +4662,14 @@ validate_pluggable_transports_config(void) /* Skip bridges without transports. */ if (!b->transport_name) continue; - /* See if the user has Bridges that specify nonexistent + /* See if the user has Bridges that specify nonexistent pluggable transports. We should warn the user in such case, since it's probably misconfiguration. */ if (!transport_get_by_name(b->transport_name)) log_warn(LD_CONFIG, "You have a Bridge line using the %s " "pluggable transport, but there doesn't seem to be a " - "corresponding ClientTransportPlugin line.", b->transport_name); + "corresponding ClientTransportPlugin line.", + b->transport_name); } SMARTLIST_FOREACH_END(b); } } @@ -4812,7 +4813,7 @@ find_bridge_by_digest(const char *digest) /** If addr and port match the address and port of a * bridge of ours that uses pluggable transports, place it's transport * in transport. - * + * * Return: * 0: if transport was found successfully. * 1: if addr:port did not match a bridge, @@ -4820,7 +4821,7 @@ find_bridge_by_digest(const char *digest) * -1: if we should be using a transport, but the transport could not be found. */ int -find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, +find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, transport_t **transport) { if (!bridge_list) diff --git a/src/or/config.c b/src/or/config.c index 41142b6..12320e0 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -4680,8 +4680,7 @@ parse_client_transport_line(const char *line, int validate_only) SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); if (smartlist_len(items) < 3) { - log_warn(LD_CONFIG, "parse_client_transport_line(): " - "Too few arguments on ClientTransportPlugin line."); + log_warn(LD_CONFIG, "Too few arguments on ClientTransportPlugin line."); goto err; } @@ -4696,7 +4695,8 @@ parse_client_transport_line(const char *line, int validate_only) else if (!strcmp(socks_ver_str,"socks5")) socks_ver = PROXY_SOCKS5; else { - log_warn(LD_CONFIG, "Strange transport proxy type."); + log_warn(LD_CONFIG, "Strange ClientTransportPlugin proxy type '%s'.", + socks_ver_str); goto err; } diff --git a/src/or/connection.c b/src/or/connection.c index bfc901f..e086588 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -4101,11 +4101,14 @@ assert_connection_ok(connection_t *conn, time_t now) } } -/** Fills addr and port with the details of the proxy - * server of type proxy_type we are using. - * conn contains the connection_t we are using the proxy for. - * Returns 0 if we were successfull, 1 if we are not using - * a proxy, -1 if we are using a proxy but his addrport could not be +/** Fills addr and port with the details of the global + * proxy server we are using. + * conn contains the connection we are using the proxy for. + * + * Returns: + * 0: if we were successfull + * 1: if we are not using a proxy + * -1: if we are using a proxy but its addrport could not be * found. */ int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, @@ -4131,19 +4134,22 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int r; r = find_transport_by_bridge_addrport(&conn->addr, conn->port, &transport); if (r == 0) { /* transport found */ + tor_assert(transport); tor_addr_copy(addr, &transport->addr); *port = transport->port; + goto done; + } else { + return r; } - return r; } return 1; - done: + done: /* proxy found */ return 0; } -/** Returns the proxy type used by tor. */ +/** Returns the global proxy type used by tor. */ static int get_proxy_type(void) { @@ -4170,7 +4176,7 @@ log_failed_proxy_connection(connection_t *conn) uint16_t proxy_port; if (get_proxy_addrport(&proxy_addr, &proxy_port, conn) != 0) - return; /* if we have no proxy set up leave this function. */ + return; /* if we have no proxy set up, leave this function. */ log_warn(LD_NET, "The connection to the %s proxy server at %s:%u just failed. " @@ -4188,7 +4194,7 @@ proxy_type_to_string(int proxy_type) case PROXY_SOCKS4: return "SOCKS4"; case PROXY_SOCKS5: return "SOCKS5"; case PROXY_PLUGGABLE: return "pluggable transports SOCKS"; - case PROXY_NONE: return "NULL"; /* probably a bug */ + case PROXY_NONE: return "NULL"; default: tor_assert(0); } } diff --git a/src/or/main.c b/src/or/main.c index f456b03..4d43267 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -760,7 +760,7 @@ conn_close_if_marked(int i) /* If the connection we are about to close was trying to connect to a proxy server and failed, the client won't be able to use that - proxy. We should warn him about this. */ + proxy. We should warn the user about this. */ if (conn->proxy_state == PROXY_INFANT) log_failed_proxy_connection(conn);

1 0

[tor/master] Various small tweaks around config.c and or.h
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit 5a05deb574a7178e752ce22d754d0d6fc1fa2141 Author: George Kadianakis <desnacked(a)gmail.com> Date: Tue Jun 21 18:49:04 2011 +0200 Various small tweaks around config.c and or.h --- src/or/config.c | 37 +++++++++++-------------------------- src/or/or.h | 2 +- 2 files changed, 12 insertions(+), 27 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index a78252c..c414981 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1208,8 +1208,8 @@ options_act(or_options_t *old_options) if (consider_adding_dir_authorities(options, old_options) < 0) return -1; + clear_transport_list(); if (options->ClientTransportPlugin) { - clear_transport_list(); for (cl = options->ClientTransportPlugin; cl; cl = cl->next) { if (parse_client_transport_line(cl->value, 0)<0) { log_warn(LD_BUG, @@ -1232,14 +1232,6 @@ options_act(or_options_t *old_options) sweep_bridge_list(); } - /** Okay, we have Bridges and we have ClientTransportPlugins. Let's - match them together. */ - if (options->Bridges && options->ClientTransportPlugin) { - assert(!server_mode(options)); - if (match_bridges_with_transports() < 0) - return -1; - } - if (running_tor && rend_config_services(options, 0)<0) { log_warn(LD_BUG, "Previously validated hidden services line could not be added!"); @@ -3566,15 +3558,9 @@ options_validate(or_options_t *old_options, or_options_t *options, } } - /* Check if more than one proxy type has been enabled. This looks REALLY ugly! */ - if ((options->Socks4Proxy && (options->Socks5Proxy || options->HTTPSProxy - || options->ClientTransportPlugin)) || - (options->Socks5Proxy && (options->Socks4Proxy || options->HTTPSProxy - || options->ClientTransportPlugin)) || - (options->HTTPSProxy && (options->Socks4Proxy || options->Socks5Proxy - || options->ClientTransportPlugin)) || - (options->ClientTransportPlugin && (options->Socks4Proxy - || options->Socks5Proxy || options->HTTPSProxy))) + /* Check if more than one proxy type has been enabled. */ + if (!!options->Socks4Proxy + !!options->Socks5Proxy + + !!options->HTTPSProxy + !!options->ClientTransportPlugin > 1) REJECT("You have configured more than one proxy types. " "(Socks4Proxy|Socks5Proxy|HTTPSProxy|ClientTransportPlugin)"); @@ -4593,7 +4579,7 @@ options_init_logs(or_options_t *options, int validate_only) * validate_only is 0, and the line is well-formed, then add * the bridge described in the line to our internal bridge list. */ static int -parse_bridge_line(const char *line, int validate_only, +parse_bridge_line(const char *line, int validate_only, or_options_t *options) { smartlist_t *items = NULL; @@ -4654,13 +4640,12 @@ parse_bridge_line(const char *line, int validate_only, } if (!validate_only) { - log_debug(LD_DIR, "Bridge at %s:%d with transport %s (%s)", - fmt_addr(&addr), (int)port, transport_name, - fingerprint ? fingerprint : "no key listed"); - - if (bridge_add_from_config(&addr, port, - fingerprint ? digest : NULL,transport_name) < 0) - goto err; + log_debug(LD_DIR, "Bridge at %s:%d (transport: %s) (%s)", + fmt_addr(&addr), (int)port, + transport_name ? transport_name : "no transport", + fingerprint ? fingerprint : "no key listed"); + bridge_add_from_config(&addr, port, + fingerprint ? digest : NULL,transport_name); } r = 0; diff --git a/src/or/or.h b/src/or/or.h index f713db7..72d311b 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -234,7 +234,7 @@ typedef enum { #define PROXY_PLUGGABLE 4 /* Proxy client handshake states */ -/* We use a proxy but we haven't even connected to it yet. */ +/* We use a proxy but we haven't even connected to it yet. */ #define PROXY_INFANT 1 /* We use an HTTP proxy and we've sent the CONNECT command. */ #define PROXY_HTTPS_WANT_CONNECT_OK 2

1 0

[tor/master] Revised how we handle ClientTransportPlugin and Bridge lines.
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit 1fe8bee6562956e1725f8c4feaac32c8e21b84b3 Author: George Kadianakis <desnacked(a)gmail.com> Date: Wed Jun 22 23:28:11 2011 +0200 Revised how we handle ClientTransportPlugin and Bridge lines. Multiple Bridge lines can point to the same one ClientTransportPlugin line, and we can have multiple ClientTransportPlugin lines in our configuration file that don't match with a bridge. We also issue a warning when we have a Bridge line with a pluggable transport but we can't match it to a ClientTransportPlugin line. --- src/or/circuitbuild.c | 77 ++++++++++++++++++++++++++++++++++++------------ src/or/circuitbuild.h | 5 ++- src/or/config.c | 16 +++------- src/or/connection.c | 48 +++++++++++++++-------------- src/or/connection.h | 3 +- src/or/connection_or.c | 19 ++++++++---- 6 files changed, 105 insertions(+), 63 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index d5989f3..b1f967b 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -4607,16 +4607,15 @@ static transport_t * transport_get_by_name(const char *name) { tor_assert(name); - if (transport_list) { - SMARTLIST_FOREACH_BEGIN(transport_list, transport_t *, transport) { - if (!strcmp(transport->name, name)) - return transport; - } SMARTLIST_FOREACH_END(transport); - } - log_notice(LD_GENERAL, "We were asked to match '%s' to a pluggable " - "transport, and we failed. If you didn't expect this, please " - "check your configuration.", name); + if (!transport_list) + return NULL; + + SMARTLIST_FOREACH_BEGIN(transport_list, transport_t *, transport) { + if (!strcmp(transport->name, name)) + return transport; + } SMARTLIST_FOREACH_END(transport); + return NULL; } @@ -4653,6 +4652,27 @@ transport_add_from_config(const tor_addr_t *addr, uint16_t port, return -1; } +/** Warns the user of possible pluggable transport misconfiguration. */ +void +validate_pluggable_transports_config(void) +{ + if (bridge_list) { + SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) + { + /* Skip bridges without transports. */ + if (!b->transport_name) + continue; + /* See if the user has Bridges that specify nonexistent + pluggable transports. We should warn the user in such case, + since it's probably misconfiguration. */ + if (!transport_get_by_name(b->transport_name)) + log_warn(LD_CONFIG, "You have a Bridge line using the %s " + "pluggable transport, but there doesn't seem to be a " + "corresponding ClientTransportPlugin line.", b->transport_name); + } SMARTLIST_FOREACH_END(b); + } +} + /** Return a bridge pointer if ri is one of our known bridges * (either by comparing keys if possible, else by comparing addr/port). * Else return NULL. */ @@ -4789,24 +4809,41 @@ find_bridge_by_digest(const char *digest) return NULL; } -/** If addr and port match one of our known bridges, - * returns its transport protocol if it has one, else returns NULL. */ -transport_t * -find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port) +/** If addr and port match the address and port of a + * bridge of ours that uses pluggable transports, place it's transport + * in transport. + * + * Return: + * 0: if transport was found successfully. + * 1: if addr:port did not match a bridge, + * or if matched bridge was not using transports. + * -1: if we should be using a transport, but the transport could not be found. + */ +int +find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, + transport_t **transport) { - tor_assert(bridge_list); + if (!bridge_list) + return 1; + SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge) { if (tor_addr_eq(&bridge->addr, addr) && - (bridge->port == port)) { - if (bridge->transport_name) { - return transport_get_by_name(bridge->transport_name); - } else /* bridge found, but it had no transport */ + (bridge->port == port)) { /* bridge matched */ + if (bridge->transport_name) { /* it also uses pluggable transports */ + *transport = transport_get_by_name(bridge->transport_name); + if (*transport == NULL) { /* it uses pluggable transports, but + the transport could not be found! */ + return -1; + } + return 0; + } else { /* bridge matched, but it doesn't use transports. */ break; + } } } SMARTLIST_FOREACH_END(bridge); - return NULL; + return 1; } /** We need to ask bridge for its server descriptor. */ @@ -5116,6 +5153,8 @@ entry_guards_free_all(void) clear_bridge_list(); clear_transport_list(); smartlist_free(bridge_list); + smartlist_free(transport_list); bridge_list = NULL; + transport_list = NULL; } diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 83eb7ba..71ea608 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -142,8 +142,9 @@ int circuit_build_times_get_bw_scale(networkstatus_t *ns); void clear_transport_list(void); int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver); -transport_t * -find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port); +int find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, + transport_t **transport); +void validate_pluggable_transports_config(void); #endif diff --git a/src/or/config.c b/src/or/config.c index c414981..41142b6 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1232,6 +1232,11 @@ options_act(or_options_t *old_options) sweep_bridge_list(); } + /* If we have pluggable transport related options enabled, see if we + should warn the user about potential configuration problems. */ + if (options->Bridges || options->ClientTransportPlugin) + validate_pluggable_transports_config(); + if (running_tor && rend_config_services(options, 0)<0) { log_warn(LD_BUG, "Previously validated hidden services line could not be added!"); @@ -3683,11 +3688,6 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("TunnelDirConns set to 0 only works with UseBridges set to 0"); if (options->ClientTransportPlugin) { - if (!options->Bridges) - REJECT("ClientTransportPlugin found without any bridges."); - if (server_mode(options)) - REJECT("ClientTransportPlugin found but we are a server."); - for (cl = options->ClientTransportPlugin; cl; cl = cl->next) { if (parse_client_transport_line(cl->value, 1)<0) REJECT("Transport line did not parse. See logs for details."); @@ -4604,12 +4604,6 @@ parse_bridge_line(const char *line, int validate_only, smartlist_del_keeporder(items, 0); if (!strstr(field1, ".")) { /* new-style bridge line */ - if (!options->ClientTransportPlugin) { - log_warn(LD_CONFIG, "Pluggable transports protocol found " - "in bridge line, but no ClientTransportPlugin lines found."); - goto err; - } - transport_name = field1; addrport = smartlist_get(items, 0); smartlist_del_keeporder(items, 0); diff --git a/src/or/connection.c b/src/or/connection.c index fafea43..bfc901f 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -67,6 +67,7 @@ static const char *connection_proxy_state_to_string(int state); static int connection_read_https_proxy_response(connection_t *conn); static void connection_send_socks5_connect(connection_t *conn); static const char *proxy_type_to_string(int proxy_type); +static int get_proxy_type(void); /** The last IPv4 address that our network interface seemed to have been * binding to, in host order. We use this to detect when our IP changes. */ @@ -4103,44 +4104,47 @@ assert_connection_ok(connection_t *conn, time_t now) /** Fills addr and port with the details of the proxy * server of type proxy_type we are using. * conn contains the connection_t we are using the proxy for. - * Returns 0 if we were successfull or returns 1 if we are not using - * a proxy. */ + * Returns 0 if we were successfull, 1 if we are not using + * a proxy, -1 if we are using a proxy but his addrport could not be + * found. */ int -get_proxy_addrport(int proxy_type, tor_addr_t *addr, uint16_t *port, +get_proxy_addrport(tor_addr_t *addr, uint16_t *port, connection_t *conn) { - or_options_t *options; - - if (proxy_type == PROXY_NONE) - return 1; - - options = get_options(); + or_options_t *options = get_options(); - if (proxy_type == PROXY_CONNECT) { + if (options->HTTPSProxy) { tor_addr_copy(addr, &options->HTTPSProxyAddr); *port = options->HTTPSProxyPort; - } else if (proxy_type == PROXY_SOCKS4) { + goto done; + } else if (options->Socks4Proxy) { tor_addr_copy(addr, &options->Socks4ProxyAddr); *port = options->Socks4ProxyPort; - } else if (proxy_type == PROXY_SOCKS5) { + goto done; + } else if (options->Socks5Proxy) { tor_addr_copy(addr, &options->Socks5ProxyAddr); *port = options->Socks5ProxyPort; - } else if (proxy_type == PROXY_PLUGGABLE) { - transport_t *transport; - transport = find_transport_by_bridge_addrport(&conn->addr, conn->port); - if (transport) { + goto done; + } else if (options->ClientTransportPlugin || + options->Bridges) { + transport_t *transport=NULL; + int r; + r = find_transport_by_bridge_addrport(&conn->addr, conn->port, &transport); + if (r == 0) { /* transport found */ tor_addr_copy(addr, &transport->addr); *port = transport->port; - } else { /* no transport for this bridge. */ - return 1; } + return r; } + return 1; + + done: return 0; } /** Returns the proxy type used by tor. */ -int +static int get_proxy_type(void) { or_options_t *options = get_options(); @@ -4162,18 +4166,16 @@ get_proxy_type(void) void log_failed_proxy_connection(connection_t *conn) { - int proxy_type; tor_addr_t proxy_addr; uint16_t proxy_port; - proxy_type = get_proxy_type(); - if (get_proxy_addrport(proxy_type, &proxy_addr, &proxy_port, conn) != 0) + if (get_proxy_addrport(&proxy_addr, &proxy_port, conn) != 0) return; /* if we have no proxy set up leave this function. */ log_warn(LD_NET, "The connection to the %s proxy server at %s:%u just failed. " "Make sure that the proxy server is up and running.", - proxy_type_to_string(proxy_type), fmt_addr(&proxy_addr), + proxy_type_to_string(get_proxy_type()), fmt_addr(&proxy_addr), proxy_port); } diff --git a/src/or/connection.h b/src/or/connection.h index 34be9cc..bf439b9 100644 --- a/src/or/connection.h +++ b/src/or/connection.h @@ -58,9 +58,8 @@ int connection_connect(connection_t *conn, const char *address, int connection_proxy_connect(connection_t *conn, int type); int connection_read_proxy_handshake(connection_t *conn); void log_failed_proxy_connection(connection_t *conn); -int get_proxy_addrport(int proxy_type, tor_addr_t *addr, +int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, connection_t *conn); -int get_proxy_type(void); int retry_all_listeners(smartlist_t *replaced_conns, smartlist_t *new_conns); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 6ed6fe6..4cbd440 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -336,11 +336,15 @@ connection_or_finished_connecting(or_connection_t *or_conn) else if (get_options()->Socks5Proxy) proxy_type = PROXY_SOCKS5; else if (get_options()->ClientTransportPlugin) { - transport_t *transport; - transport = find_transport_by_bridge_addrport(&conn->addr,conn->port); - if (transport) { /* this bridge supports transports. use proxy. */ + transport_t *transport=NULL; + int r; + r = find_transport_by_bridge_addrport(&conn->addr,conn->port,&transport); + if (r == 0) { + tor_assert(transport); log_debug(LD_GENERAL, "Found transport. Setting proxy type!\n"); proxy_type = transport->socks_version; + } else if (r == -1) { + return -1; } } @@ -840,7 +844,6 @@ connection_or_connect(const tor_addr_t *_addr, uint16_t port, tor_addr_t addr; int r; - int proxy_type; tor_addr_t proxy_addr; uint16_t proxy_port; @@ -861,12 +864,16 @@ connection_or_connect(const tor_addr_t *_addr, uint16_t port, control_event_or_conn_status(conn, OR_CONN_EVENT_LAUNCHED, 0); /* If we are using a proxy server, find it and use it. */ - proxy_type = get_proxy_type(); - r = get_proxy_addrport(proxy_type, &proxy_addr, &proxy_port, TO_CONN(conn)); + r = get_proxy_addrport(&proxy_addr, &proxy_port, TO_CONN(conn)); if (r == 0) { /* proxy found. */ tor_addr_copy(&addr, &proxy_addr); port = proxy_port; conn->_base.proxy_state = PROXY_INFANT; + } else if (r == -1) { /* proxy could not be found. */ + log_warn(LD_GENERAL, "Tried to connect through proxy, but proxy address " + "could not be found."); + connection_free(TO_CONN(conn)); + return NULL; } switch (connection_connect(TO_CONN(conn), conn->_base.address,

1 0

[tor/master] Small tweaks to 2841 code
by nickm＠torproject.org 11 Jul '11

11 Jul '11

commit c4b831e92d68e6c56246ae6e5b2002ef558525ac Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Jul 2 23:12:32 2011 -0400 Small tweaks to 2841 code - const-ify some transport_t pointers - Remove a vestigial argument to parse_bridge_line - Make it compile without warnings on my laptop with --enable-gcc-warnings --- src/or/circuitbuild.c | 6 +++--- src/or/circuitbuild.h | 2 +- src/or/config.c | 10 ++++------ src/or/connection.c | 3 ++- src/or/connection_or.c | 2 +- 5 files changed, 11 insertions(+), 12 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 7857eda..b00a35d 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -123,7 +123,7 @@ static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); static void entry_guards_changed(void); -static transport_t *transport_get_by_name(const char *name); +static const transport_t *transport_get_by_name(const char *name); static void transport_free(transport_t *transport); static void bridge_free(bridge_info_t *bridge); @@ -4603,7 +4603,7 @@ transport_free(transport_t *transport) /** Returns the transport in our transport list that has the name name. * Else returns NULL. */ -static transport_t * +static const transport_t * transport_get_by_name(const char *name) { tor_assert(name); @@ -4822,7 +4822,7 @@ find_bridge_by_digest(const char *digest) */ int find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, - transport_t **transport) + const transport_t **transport) { if (!bridge_list) return 1; diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 71ea608..54f8250 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -143,7 +143,7 @@ void clear_transport_list(void); int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver); int find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, - transport_t **transport); + const transport_t **transport); void validate_pluggable_transports_config(void); #endif diff --git a/src/or/config.c b/src/or/config.c index 12320e0..9096839 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -570,8 +570,7 @@ static int options_transition_affects_descriptor(or_options_t *old_options, static int check_nickname_list(const char *lst, const char *name, char **msg); static void config_register_addressmaps(or_options_t *options); -static int parse_bridge_line(const char *line, int validate_only, - or_options_t *options); +static int parse_bridge_line(const char *line, int validate_only); static int parse_client_transport_line(const char *line, int validate_only); static int parse_dir_server_line(const char *line, dirinfo_type_t required_type, @@ -1223,7 +1222,7 @@ options_act(or_options_t *old_options) if (options->Bridges) { mark_bridge_list(); for (cl = options->Bridges; cl; cl = cl->next) { - if (parse_bridge_line(cl->value, 0, options)<0) { + if (parse_bridge_line(cl->value, 0)<0) { log_warn(LD_BUG, "Previously validated Bridge line could not be added!"); return -1; @@ -3696,7 +3695,7 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->Bridges) { for (cl = options->Bridges; cl; cl = cl->next) { - if (parse_bridge_line(cl->value, 1, options)<0) + if (parse_bridge_line(cl->value, 1)<0) REJECT("Bridge line did not parse. See logs for details."); } } @@ -4579,8 +4578,7 @@ options_init_logs(or_options_t *options, int validate_only) * validate_only is 0, and the line is well-formed, then add * the bridge described in the line to our internal bridge list. */ static int -parse_bridge_line(const char *line, int validate_only, - or_options_t *options) +parse_bridge_line(const char *line, int validate_only) { smartlist_t *items = NULL; int r; diff --git a/src/or/connection.c b/src/or/connection.c index e086588..05937ac 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -4130,7 +4130,7 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, goto done; } else if (options->ClientTransportPlugin || options->Bridges) { - transport_t *transport=NULL; + const transport_t *transport=NULL; int r; r = find_transport_by_bridge_addrport(&conn->addr, conn->port, &transport); if (r == 0) { /* transport found */ @@ -4197,5 +4197,6 @@ proxy_type_to_string(int proxy_type) case PROXY_NONE: return "NULL"; default: tor_assert(0); } + return NULL; /*Unreached*/ } diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 4cbd440..2de25f6 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -336,7 +336,7 @@ connection_or_finished_connecting(or_connection_t *or_conn) else if (get_options()->Socks5Proxy) proxy_type = PROXY_SOCKS5; else if (get_options()->ClientTransportPlugin) { - transport_t *transport=NULL; + const transport_t *transport=NULL; int r; r = find_transport_by_bridge_addrport(&conn->addr,conn->port,&transport); if (r == 0) {

1 0

← Newer
1
...
59
60
61
62
63
64
65
...
87
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits July 2011