July 2018 - tor-commits - lists.torproject.org

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 03 Jul '18

03 Jul '18

commit 051c0d5c079bf52903fc25e613311a46e07c5618 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jul 3 15:16:50 2018 +0000 Update translations for tails-misc --- ar.po | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ar.po b/ar.po index 0572221a7..11782ee59 100644 --- a/ar.po +++ b/ar.po @@ -13,6 +13,7 @@ # ButterflyOfFire, 2018 # 0xidz <ghoucine(a)gmail.com>, 2014 # lamine Kacimi <k_lamine27(a)yahoo.fr>, 2015 +# Khaled Hosny <khaledhosny(a)eglug.org>, 2018 # Matt Santy <matt_santy(a)hotmail.com>, 2013 # stayanonymous, 2015 # Mohammed ALDOUB <voulnet(a)gmail.com>, 2013 @@ -27,8 +28,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-03-12 19:03+0100\n" -"PO-Revision-Date: 2018-05-27 01:50+0000\n" -"Last-Translator: abidin toumi <abidin24(a)tutanota.com>\n" +"PO-Revision-Date: 2018-07-03 14:27+0000\n" +"Last-Translator: Khaled Hosny <khaledhosny(a)eglug.org>\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -42,7 +43,7 @@ msgstr "تور جاهز للإقلاع" #: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:40 msgid "You can now access the Internet." -msgstr "يمكنك الأن تصفح الأنترنت." +msgstr "يمكنك الآن تصفح الإنترنت." #: config/chroot_local-includes/etc/whisperback/config.py:65 #, python-format @@ -59,7 +60,7 @@ msgid "" "an opportunity for eavesdroppers, like your email or Internet provider, to\n" "confirm that you are using Tails.\n" "\n" -msgstr "<h1>ساعدنا لإصلاح المشكلة!</h1>\nاقرأ <a href=\"%s\">الإرشادات الخاصة بالتبليغ عن الأخطاء</a>.\nلحماية خصوصيتك، قم بتعبئة البيانات المطلوبة فقط لاغير!\n\n<h2>توضيح حول تزويدنا بعنوان بريدك الالكتروني</h2>\n\nسنقوم باستخدام بريدك الالكتروني للتواصل معك من أجل استيضاح المشكلة بشكل أفضل، وهو مطلوب لأغلب تقارير الأخطاء حيث أنه من غير الممكن متابعة تقارير الأخطاء التي ترسل من دون أية معلومات اتصال.\nمن ناحية أخرى، يجب التنويه بأن تضمين البريد الالكتروني يسمح لبعض الجهات تأكيد استخدامك لـ تيلز، كمزود خدمة البريد الالكتروني أو مزود خدمة الانتر نت على سبيل المثال. \n\n\n" +msgstr "<h1>ساعدنا لإصلاح المشكلة!</h1>\nاقرأ <a href=\"%s\">الإرشادات الخاصة بالتبليغ عن الأخطاء</a>.\nلحماية خصوصيتك، املأ البيانات المطلوبة فقط لا غير!\n<h2>توضيح حول إعطائنا عنوان بريدك الإلكتروني</h2>\n\nسنستخدم بريدك الإلكتروني للتواصل معك لاستيضاح المشكلة بشكل أفضل، وهو مطلوب لأغلب تقارير الأخطاء حيث أنه من غير الممكن متابعة تقارير الأخطاء التي ترسل من دون أية معلومات اتصال.\nمن ناحية أخرى، يجب التنويه بأن تضمين البريد الإلكتروني يسمح للمتنصتين، كمزود خدمة البريد الإلكتروني أو مزود خدمة الإنترنت، التأكد من استخدامك لـتيلز . \n\n" #: config/chroot_local-includes/usr/local/bin/electrum:57 msgid "Persistence is disabled for Electrum" @@ -88,11 +89,11 @@ msgstr "_Exit" #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-helper@tails.boum.org/extension.js:75 msgid "Restart" -msgstr "إعادة تشغيل" +msgstr "أعد التشغيل" #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-helper@tails.boum.org/extension.js:78 msgid "Lock screen" -msgstr "" +msgstr "أوصد الشاشة" #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-helper@tails.boum.org/extension.js:81 msgid "Power Off" @@ -125,7 +126,7 @@ msgstr "غير متاح" #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:170 msgid "Your additional software installation failed" -msgstr "" +msgstr "فشل تنصيب البرمجيات الإضافية" #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:171 msgid ""

1 0

[translation/mat-gui_completed] Update translations for mat-gui_completed
by translation＠torproject.org 03 Jul '18

03 Jul '18

commit 60b158655bd29666eebd7401f6d823adeecc8374 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jul 3 15:16:20 2018 +0000 Update translations for mat-gui_completed --- ar.po | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ar.po b/ar.po index 17e4d8caa..0ba405bbb 100644 --- a/ar.po +++ b/ar.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-02-10 23:06+0100\n" -"PO-Revision-Date: 2018-07-03 13:37+0000\n" +"PO-Revision-Date: 2018-07-03 14:18+0000\n" "Last-Translator: Khaled Hosny <khaledhosny(a)eglug.org>\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" @@ -98,19 +98,19 @@ msgstr "غير مدعوم" #: mat-gui:339 msgid "Harmless fileformat" -msgstr "صيغة الملف غير مؤذية" +msgstr "صيغة ملف غير مؤذية" #: mat-gui:341 msgid "Cant read file" -msgstr "لايمكن قرائه الملف" +msgstr "تعذّر قراءة الملف" #: mat-gui:343 msgid "Fileformat not supported" -msgstr "صيغة الملف غير مدعمة" +msgstr "صيغة الملف غير مدعومة" #: mat-gui:346 msgid "These files can not be processed:" -msgstr "لا يمكن معالجة هذه الملفات:" +msgstr "تعذّر معالجة هذه الملفات:" #: mat-gui:351 mat-gui:380 data/mat.glade:239 msgid "Filename" @@ -122,16 +122,16 @@ msgstr "السبب" #: mat-gui:365 msgid "Non-supported files in archive" -msgstr "الملفات في الأرشيف غير مدعمة" +msgstr "ملفات غير مدعومة في الأرشيف" #: mat-gui:379 msgid "Include" -msgstr "أدمِج" +msgstr "ادمِج" #: mat-gui:397 #, python-format msgid "MAT is not able to clean the following files, found in the %s archive" -msgstr "لم يستطع MAT تنظيف الملفات التالية الموجودة في الأرشيف %s" +msgstr "تعذّر على MAT تنظيف الملفات التالية الموجودة في الأرشيف %s" #: mat-gui:413 #, python-format @@ -169,7 +169,7 @@ msgstr "البيانات الوصفية" #: data/mat.glade:354 msgid "Name" -msgstr "الإسم" +msgstr "الاسم" #: data/mat.glade:368 msgid "Content"

1 0

[translation/mat-gui] Update translations for mat-gui
by translation＠torproject.org 03 Jul '18

03 Jul '18

commit 13b3b43f1f4f1c06912da2b25571b93e325a2509 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Jul 3 15:16:15 2018 +0000 Update translations for mat-gui --- ar.po | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ar.po b/ar.po index 17e4d8caa..0ba405bbb 100644 --- a/ar.po +++ b/ar.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-02-10 23:06+0100\n" -"PO-Revision-Date: 2018-07-03 13:37+0000\n" +"PO-Revision-Date: 2018-07-03 14:18+0000\n" "Last-Translator: Khaled Hosny <khaledhosny(a)eglug.org>\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" @@ -98,19 +98,19 @@ msgstr "غير مدعوم" #: mat-gui:339 msgid "Harmless fileformat" -msgstr "صيغة الملف غير مؤذية" +msgstr "صيغة ملف غير مؤذية" #: mat-gui:341 msgid "Cant read file" -msgstr "لايمكن قرائه الملف" +msgstr "تعذّر قراءة الملف" #: mat-gui:343 msgid "Fileformat not supported" -msgstr "صيغة الملف غير مدعمة" +msgstr "صيغة الملف غير مدعومة" #: mat-gui:346 msgid "These files can not be processed:" -msgstr "لا يمكن معالجة هذه الملفات:" +msgstr "تعذّر معالجة هذه الملفات:" #: mat-gui:351 mat-gui:380 data/mat.glade:239 msgid "Filename" @@ -122,16 +122,16 @@ msgstr "السبب" #: mat-gui:365 msgid "Non-supported files in archive" -msgstr "الملفات في الأرشيف غير مدعمة" +msgstr "ملفات غير مدعومة في الأرشيف" #: mat-gui:379 msgid "Include" -msgstr "أدمِج" +msgstr "ادمِج" #: mat-gui:397 #, python-format msgid "MAT is not able to clean the following files, found in the %s archive" -msgstr "لم يستطع MAT تنظيف الملفات التالية الموجودة في الأرشيف %s" +msgstr "تعذّر على MAT تنظيف الملفات التالية الموجودة في الأرشيف %s" #: mat-gui:413 #, python-format @@ -169,7 +169,7 @@ msgstr "البيانات الوصفية" #: data/mat.glade:354 msgid "Name" -msgstr "الإسم" +msgstr "الاسم" #: data/mat.glade:368 msgid "Content"

1 0

[tor/master] Extract addr_policy_t into a new header.
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit f54a5cbfb6d58399ee152306fcd7e0c55292a173 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 14:00:37 2018 -0400 Extract addr_policy_t into a new header. --- src/or/addr_policy_st.h | 46 ++++++++++++++++++++++++++++++++++++++++++++++ src/or/include.am | 1 + src/or/or.h | 33 +-------------------------------- src/or/policies.c | 1 + src/or/routerparse.c | 1 + src/or/routerset.c | 1 + src/test/test_dir.c | 1 + src/test/test_policy.c | 1 + src/test/test_routerset.c | 2 +- 9 files changed, 54 insertions(+), 33 deletions(-) diff --git a/src/or/addr_policy_st.h b/src/or/addr_policy_st.h new file mode 100644 index 000000000..be3e9d8f0 --- /dev/null +++ b/src/or/addr_policy_st.h @@ -0,0 +1,46 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_ADDR_POLICY_ST_H +#define TOR_ADDR_POLICY_ST_H + +#include "lib/cc/torint.h" +#include "lib/net/address.h" + +/** What action type does an address policy indicate: accept or reject? */ +typedef enum { + ADDR_POLICY_ACCEPT=1, + ADDR_POLICY_REJECT=2, +} addr_policy_action_t; +#define addr_policy_action_bitfield_t ENUM_BF(addr_policy_action_t) + +/** A reference-counted address policy rule. */ +typedef struct addr_policy_t { + int refcnt; /**< Reference count */ + /** What to do when the policy matches.*/ + addr_policy_action_bitfield_t policy_type:2; + unsigned int is_private:1; /**< True iff this is the pseudo-address, + * "private". */ + unsigned int is_canonical:1; /**< True iff this policy is the canonical + * copy (stored in a hash table to avoid + * duplication of common policies) */ + maskbits_t maskbits; /**< Accept/reject all addresses a such that the + * first maskbits bits of a match + * addr. */ + /** Base address to accept or reject. + * + * Note that wildcards are treated + * differntly depending on address family. An AF_UNSPEC address means + * "All addresses, IPv4 or IPv6." An AF_INET address with maskbits==0 means + * "All IPv4 addresses" and an AF_INET6 address with maskbits == 0 means + * "All IPv6 addresses". + **/ + tor_addr_t addr; + uint16_t prt_min; /**< Lowest port number to accept/reject. */ + uint16_t prt_max; /**< Highest port number to accept/reject. */ +} addr_policy_t; + +#endif diff --git a/src/or/include.am b/src/or/include.am index 491341374..ce195c92e 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -180,6 +180,7 @@ endif ORHEADERS = \ src/or/addressmap.h \ + src/or/addr_policy_st.h \ src/or/authority_cert_st.h \ src/or/auth_dirs.inc \ src/or/bridges.h \ diff --git a/src/or/or.h b/src/or/or.h index e18726cd7..1a24ef1b7 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1152,38 +1152,7 @@ typedef struct or_connection_t or_connection_t; /** Cast a entry_connection_t subtype pointer to a connection_t **/ #define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c))) -/** What action type does an address policy indicate: accept or reject? */ -typedef enum { - ADDR_POLICY_ACCEPT=1, - ADDR_POLICY_REJECT=2, -} addr_policy_action_t; -#define addr_policy_action_bitfield_t ENUM_BF(addr_policy_action_t) - -/** A reference-counted address policy rule. */ -typedef struct addr_policy_t { - int refcnt; /**< Reference count */ - /** What to do when the policy matches.*/ - addr_policy_action_bitfield_t policy_type:2; - unsigned int is_private:1; /**< True iff this is the pseudo-address, - * "private". */ - unsigned int is_canonical:1; /**< True iff this policy is the canonical - * copy (stored in a hash table to avoid - * duplication of common policies) */ - maskbits_t maskbits; /**< Accept/reject all addresses a such that the - * first maskbits bits of a match - * addr. */ - /** Base address to accept or reject. - * - * Note that wildcards are treated - * differntly depending on address family. An AF_UNSPEC address means - * "All addresses, IPv4 or IPv6." An AF_INET address with maskbits==0 means - * "All IPv4 addresses" and an AF_INET6 address with maskbits == 0 means - * "All IPv6 addresses". - **/ - tor_addr_t addr; - uint16_t prt_min; /**< Lowest port number to accept/reject. */ - uint16_t prt_max; /**< Highest port number to accept/reject. */ -} addr_policy_t; +typedef struct addr_policy_t addr_policy_t; typedef struct cached_dir_t cached_dir_t; diff --git a/src/or/policies.c b/src/or/policies.c index 78bf369cb..749b163cf 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -31,6 +31,7 @@ #include "ht.h" #include "lib/encoding/confline.h" +#include "or/addr_policy_st.h" #include "or/dir_server_st.h" #include "or/microdesc_st.h" #include "or/node_st.h" diff --git a/src/or/routerparse.c b/src/or/routerparse.c index a095c222b..f07080a4d 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -82,6 +82,7 @@ #include "or/dirauth/dirvote.h" +#include "or/addr_policy_st.h" #include "or/authority_cert_st.h" #include "or/document_signature_st.h" #include "or/extend_info_st.h" diff --git a/src/or/routerset.c b/src/or/routerset.c index 61b7dc121..285ef9d82 100644 --- a/src/or/routerset.c +++ b/src/or/routerset.c @@ -36,6 +36,7 @@ n * Copyright (c) 2001-2004, Roger Dingledine. #include "or/routerparse.h" #include "or/routerset.h" +#include "or/addr_policy_st.h" #include "or/extend_info_st.h" #include "or/node_st.h" #include "or/routerinfo_st.h" diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 0cdef0645..5551b5558 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -48,6 +48,7 @@ #include "or/voting_schedule.h" #include "lib/compress/compress.h" +#include "or/addr_policy_st.h" #include "or/authority_cert_st.h" #include "or/document_signature_st.h" #include "or/extrainfo_st.h" diff --git a/src/test/test_policy.c b/src/test/test_policy.c index a723e82eb..a6906af41 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -11,6 +11,7 @@ #include "lib/encoding/confline.h" #include "test/test.h" +#include "or/addr_policy_st.h" #include "or/node_st.h" #include "or/port_cfg_st.h" #include "or/routerinfo_st.h" diff --git a/src/test/test_routerset.c b/src/test/test_routerset.c index e64c24e89..ea8b43498 100644 --- a/src/test/test_routerset.c +++ b/src/test/test_routerset.c @@ -10,6 +10,7 @@ #include "or/policies.h" #include "or/nodelist.h" +#include "or/addr_policy_st.h" #include "or/extend_info_st.h" #include "or/node_st.h" #include "or/routerinfo_st.h" @@ -2227,4 +2228,3 @@ struct testcase_t routerset_tests[] = { TEST_CASE(routerset_free), END_OF_TESTCASES }; -

1 0

[tor/master] Extract more constants from or.h
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit 49f88e77e5f9dec60e2409e1f6d3e3935c5eab69 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 14:16:25 2018 -0400 Extract more constants from or.h --- src/or/circuit_st.h | 9 + src/or/circuitlist.h | 142 +++++++++- src/or/circuitstats.h | 87 +++++- src/or/config.c | 4 + src/or/connection.h | 65 +++++ src/or/connection_edge.h | 49 +++- src/or/connection_or.h | 27 ++ src/or/connection_st.h | 18 ++ src/or/control.h | 15 + src/or/directory.c | 9 + src/or/directory.h | 73 +++++ src/or/dos.c | 2 +- src/or/ext_orport.h | 20 +- src/or/networkstatus.c | 2 +- src/or/or.h | 559 -------------------------------------- src/or/proto_socks.c | 2 +- src/or/proto_socks.h | 1 - src/or/routerlist.h | 29 ++ src/or/socks_request_st.h | 18 +- src/or/transports.c | 1 + src/test/bench.c | 1 + src/test/test_channeltls.c | 2 +- src/test/test_circuitbuild.c | 2 +- src/test/test_controller_events.c | 2 +- src/test/test_dir.c | 1 + src/test/test_dns.c | 2 +- src/test/test_hs_client.c | 1 + src/test/test_oos.c | 2 +- src/test/test_relay.c | 2 +- src/test/test_socks.c | 1 + 30 files changed, 574 insertions(+), 574 deletions(-) diff --git a/src/or/circuit_st.h b/src/or/circuit_st.h index e53e5bf3e..8453efa63 100644 --- a/src/or/circuit_st.h +++ b/src/or/circuit_st.h @@ -13,6 +13,15 @@ struct hs_token_t; +/** "magic" value for an origin_circuit_t */ +#define ORIGIN_CIRCUIT_MAGIC 0x35315243u +/** "magic" value for an or_circuit_t */ +#define OR_CIRCUIT_MAGIC 0x98ABC04Fu +/** "magic" value for a circuit that would have been freed by circuit_free, + * but which we're keeping around until a cpuworker reply arrives. See + * circuit_free() for more documentation. */ +#define DEAD_CIRCUIT_MAGIC 0xdeadc14c + /** * A circuit is a path over the onion routing * network. Applications can connect to one end of the circuit, and can diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h index 8b41424ee..7c9bc0199 100644 --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@ -15,6 +15,147 @@ #include "lib/testsupport/testsupport.h" #include "or/hs_ident.h" +/** Circuit state: I'm the origin, still haven't done all my handshakes. */ +#define CIRCUIT_STATE_BUILDING 0 +/** Circuit state: Waiting to process the onionskin. */ +#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 +/** Circuit state: I'd like to deliver a create, but my n_chan is still + * connecting. */ +#define CIRCUIT_STATE_CHAN_WAIT 2 +/** Circuit state: the circuit is open but we don't want to actually use it + * until we find out if a better guard will be available. + */ +#define CIRCUIT_STATE_GUARD_WAIT 3 +/** Circuit state: onionskin(s) processed, ready to send/receive cells. */ +#define CIRCUIT_STATE_OPEN 4 + +#define CIRCUIT_PURPOSE_MIN_ 1 + +/* these circuits were initiated elsewhere */ +#define CIRCUIT_PURPOSE_OR_MIN_ 1 +/** OR-side circuit purpose: normal circuit, at OR. */ +#define CIRCUIT_PURPOSE_OR 1 +/** OR-side circuit purpose: At OR, from the service, waiting for intro from + * clients. */ +#define CIRCUIT_PURPOSE_INTRO_POINT 2 +/** OR-side circuit purpose: At OR, from the client, waiting for the service. + */ +#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3 +/** OR-side circuit purpose: At OR, both circuits have this purpose. */ +#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4 +#define CIRCUIT_PURPOSE_OR_MAX_ 4 + +/* these circuits originate at this node */ + +/* here's how circ client-side purposes work: + * normal circuits are C_GENERAL. + * circuits that are c_introducing are either on their way to + * becoming open, or they are open and waiting for a + * suitable rendcirc before they send the intro. + * circuits that are c_introduce_ack_wait have sent the intro, + * but haven't gotten a response yet. + * circuits that are c_establish_rend are either on their way + * to becoming open, or they are open and have sent the + * establish_rendezvous cell but haven't received an ack. + * circuits that are c_rend_ready are open and have received a + * rend ack, but haven't heard from the service yet. if they have a + * buildstate->pending_final_cpath then they're expecting a + * cell from the service, else they're not. + * circuits that are c_rend_ready_intro_acked are open, and + * some intro circ has sent its intro and received an ack. + * circuits that are c_rend_joined are open, have heard from + * the service, and are talking to it. + */ +/** Client-side circuit purpose: Normal circuit, with cpath. */ +#define CIRCUIT_PURPOSE_C_GENERAL 5 +#define CIRCUIT_PURPOSE_C_HS_MIN_ 6 +/** Client-side circuit purpose: at the client, connecting to intro point. */ +#define CIRCUIT_PURPOSE_C_INTRODUCING 6 +/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point, + * waiting for ACK/NAK. */ +#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7 +/** Client-side circuit purpose: at the client, introduced and acked, closing. + */ +#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8 +/** Client-side circuit purpose: at the client, waiting for ack. */ +#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9 +/** Client-side circuit purpose: at the client, waiting for the service. */ +#define CIRCUIT_PURPOSE_C_REND_READY 10 +/** Client-side circuit purpose: at the client, waiting for the service, + * INTRODUCE has been acknowledged. */ +#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11 +/** Client-side circuit purpose: at the client, rendezvous established. */ +#define CIRCUIT_PURPOSE_C_REND_JOINED 12 +/** This circuit is used for getting hsdirs */ +#define CIRCUIT_PURPOSE_C_HSDIR_GET 13 +#define CIRCUIT_PURPOSE_C_HS_MAX_ 13 +/** This circuit is used for build time measurement only */ +#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14 +#define CIRCUIT_PURPOSE_C_MAX_ 14 + +#define CIRCUIT_PURPOSE_S_HS_MIN_ 15 +/** Hidden-service-side circuit purpose: at the service, waiting for + * introductions. */ +#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15 +/** Hidden-service-side circuit purpose: at the service, successfully + * established intro. */ +#define CIRCUIT_PURPOSE_S_INTRO 16 +/** Hidden-service-side circuit purpose: at the service, connecting to rend + * point. */ +#define CIRCUIT_PURPOSE_S_CONNECT_REND 17 +/** Hidden-service-side circuit purpose: at the service, rendezvous + * established. */ +#define CIRCUIT_PURPOSE_S_REND_JOINED 18 +/** This circuit is used for uploading hsdirs */ +#define CIRCUIT_PURPOSE_S_HSDIR_POST 19 +#define CIRCUIT_PURPOSE_S_HS_MAX_ 19 + +/** A testing circuit; not meant to be used for actual traffic. */ +#define CIRCUIT_PURPOSE_TESTING 20 +/** A controller made this circuit and Tor should not use it. */ +#define CIRCUIT_PURPOSE_CONTROLLER 21 +/** This circuit is used for path bias probing only */ +#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22 + +/** This circuit is used for vanguards/restricted paths. + * + * This type of circuit is *only* created preemptively and never + * on-demand. When an HS operation needs to take place (e.g. connect to an + * intro point), these circuits are then cannibalized and repurposed to the + * actual needed HS purpose. */ +#define CIRCUIT_PURPOSE_HS_VANGUARDS 23 + +#define CIRCUIT_PURPOSE_MAX_ 23 +/** A catch-all for unrecognized purposes. Currently we don't expect + * to make or see any circuits with this purpose. */ +#define CIRCUIT_PURPOSE_UNKNOWN 255 + +/** True iff the circuit purpose p is for a circuit that + * originated at this node. */ +#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_) +/** True iff the circuit purpose p is for a circuit that originated + * here to serve as a client. (Hidden services don't count here.) */ +#define CIRCUIT_PURPOSE_IS_CLIENT(p) \ + ((p)> CIRCUIT_PURPOSE_OR_MAX_ && \ + (p)<=CIRCUIT_PURPOSE_C_MAX_) +/** True iff the circuit_t c is actually an origin_circuit_t. */ +#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose)) +/** True iff the circuit purpose p is for an established rendezvous + * circuit. */ +#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \ + ((p) == CIRCUIT_PURPOSE_C_REND_JOINED || \ + (p) == CIRCUIT_PURPOSE_S_REND_JOINED) +/** True iff the circuit_t c is actually an or_circuit_t */ +#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC) + +/** True iff this circuit purpose should count towards the global + * pending rate limit (set by MaxClientCircuitsPending). We count all + * general purpose circuits, as well as the first step of client onion + * service connections (HSDir gets). */ +#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \ + ((p) == CIRCUIT_PURPOSE_C_GENERAL || \ + (p) == CIRCUIT_PURPOSE_C_HSDIR_GET) + /** Convert a circuit_t* to a pointer to the enclosing or_circuit_t. Assert * if the cast is impossible. */ or_circuit_t *TO_OR_CIRCUIT(circuit_t *); @@ -104,4 +245,3 @@ STATIC uint32_t circuit_max_queued_item_age(const circuit_t *c, uint32_t now); #endif /* defined(CIRCUITLIST_PRIVATE) */ #endif /* !defined(TOR_CIRCUITLIST_H) */ - diff --git a/src/or/circuitstats.h b/src/or/circuitstats.h index d7d1012ce..174730d03 100644 --- a/src/or/circuitstats.h +++ b/src/or/circuitstats.h @@ -21,6 +21,9 @@ int circuit_build_times_disabled(const or_options_t *options); int circuit_build_times_disabled_(const or_options_t *options, int ignore_consensus); +/** A build_time_t is milliseconds */ +typedef uint32_t build_time_t; + int circuit_build_times_enough_to_compute(const circuit_build_times_t *cbt); void circuit_build_times_update_state(const circuit_build_times_t *cbt, or_state_t *state); @@ -47,6 +50,89 @@ double circuit_build_times_close_rate(const circuit_build_times_t *cbt); void circuit_build_times_update_last_circ(circuit_build_times_t *cbt); void circuit_build_times_mark_circ_as_measurement_only(origin_circuit_t *circ); +/** Total size of the circuit timeout history to accumulate. + * 1000 is approx 2.5 days worth of continual-use circuits. */ +#define CBT_NCIRCUITS_TO_OBSERVE 1000 + +/** Width of the histogram bins in milliseconds */ +#define CBT_BIN_WIDTH ((build_time_t)50) + +/** Number of modes to use in the weighted-avg computation of Xm */ +#define CBT_DEFAULT_NUM_XM_MODES 3 +#define CBT_MIN_NUM_XM_MODES 1 +#define CBT_MAX_NUM_XM_MODES 20 + +/** + * CBT_BUILD_ABANDONED is our flag value to represent a force-closed + * circuit (Aka a 'right-censored' pareto value). + */ +#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1)) +#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX)) + +/** Save state every 10 circuits */ +#define CBT_SAVE_STATE_EVERY 10 + +/* Circuit build times consensus parameters */ + +/** + * How long to wait before actually closing circuits that take too long to + * build in terms of CDF quantile. + */ +#define CBT_DEFAULT_CLOSE_QUANTILE 95 +#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF +#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF + +/** + * How many circuits count as recent when considering if the + * connection has gone gimpy or changed. + */ +#define CBT_DEFAULT_RECENT_CIRCUITS 20 +#define CBT_MIN_RECENT_CIRCUITS 3 +#define CBT_MAX_RECENT_CIRCUITS 1000 + +/** + * Maximum count of timeouts that finish the first hop in the past + * RECENT_CIRCUITS before calculating a new timeout. + * + * This tells us whether to abandon timeout history and set + * the timeout back to whatever circuit_build_times_get_initial_timeout() + * gives us. + */ +#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10) +#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3 +#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000 + +/** Minimum circuits before estimating a timeout */ +#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100 +#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1 +#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000 + +/** Cutoff percentile on the CDF for our timeout estimation. */ +#define CBT_DEFAULT_QUANTILE_CUTOFF 80 +#define CBT_MIN_QUANTILE_CUTOFF 10 +#define CBT_MAX_QUANTILE_CUTOFF 99 +double circuit_build_times_quantile_cutoff(void); + +/** How often in seconds should we build a test circuit */ +#define CBT_DEFAULT_TEST_FREQUENCY 10 +#define CBT_MIN_TEST_FREQUENCY 1 +#define CBT_MAX_TEST_FREQUENCY INT32_MAX + +/** Lowest allowable value for CircuitBuildTimeout in milliseconds */ +#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500) +#define CBT_MIN_TIMEOUT_MIN_VALUE 500 +#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX + +/** Initial circuit build timeout in milliseconds */ +#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000) +#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE +#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX +int32_t circuit_build_times_initial_timeout(void); + +#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT +#error "RECENT_CIRCUITS is set too low." +#endif + #ifdef CIRCUITSTATS_PRIVATE STATIC double circuit_build_times_calculate_timeout(circuit_build_times_t *cbt, double quantile); @@ -125,4 +211,3 @@ struct circuit_build_times_s { #endif /* defined(CIRCUITSTATS_PRIVATE) */ #endif /* !defined(TOR_CIRCUITSTATS_H) */ - diff --git a/src/or/config.c b/src/or/config.c index 4fb4489fc..0507c4312 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -147,6 +147,10 @@ static const char unix_socket_prefix[] = "unix:"; * configuration. */ static const char unix_q_socket_prefix[] = "unix:\""; +/* limits for TCP send and recv buffer size used for constrained sockets */ +#define MIN_CONSTRAINED_TCP_BUFFER 2048 +#define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */ + /** macro to help with the bulk rename of *DownloadSchedule to * *DowloadInitialDelay . */ #define DOWNLOAD_SCHEDULE(name) \ diff --git a/src/or/connection.h b/src/or/connection.h index 0b4a35cc5..3419ee65e 100644 --- a/src/or/connection.h +++ b/src/or/connection.h @@ -16,6 +16,71 @@ listener_connection_t *TO_LISTENER_CONN(connection_t *); struct buf_t; +#define CONN_TYPE_MIN_ 3 +/** Type for sockets listening for OR connections. */ +#define CONN_TYPE_OR_LISTENER 3 +/** A bidirectional TLS connection transmitting a sequence of cells. + * May be from an OR to an OR, or from an OP to an OR. */ +#define CONN_TYPE_OR 4 +/** A TCP connection from an onion router to a stream's destination. */ +#define CONN_TYPE_EXIT 5 +/** Type for sockets listening for SOCKS connections. */ +#define CONN_TYPE_AP_LISTENER 6 +/** A SOCKS proxy connection from the user application to the onion + * proxy. */ +#define CONN_TYPE_AP 7 +/** Type for sockets listening for HTTP connections to the directory server. */ +#define CONN_TYPE_DIR_LISTENER 8 +/** Type for HTTP connections to the directory server. */ +#define CONN_TYPE_DIR 9 +/* Type 10 is unused. */ +/** Type for listening for connections from user interface process. */ +#define CONN_TYPE_CONTROL_LISTENER 11 +/** Type for connections from user interface process. */ +#define CONN_TYPE_CONTROL 12 +/** Type for sockets listening for transparent connections redirected by pf or + * netfilter. */ +#define CONN_TYPE_AP_TRANS_LISTENER 13 +/** Type for sockets listening for transparent connections redirected by + * natd. */ +#define CONN_TYPE_AP_NATD_LISTENER 14 +/** Type for sockets listening for DNS requests. */ +#define CONN_TYPE_AP_DNS_LISTENER 15 + +/** Type for connections from the Extended ORPort. */ +#define CONN_TYPE_EXT_OR 16 +/** Type for sockets listening for Extended ORPort connections. */ +#define CONN_TYPE_EXT_OR_LISTENER 17 +/** Type for sockets listening for HTTP CONNECT tunnel connections. */ +#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18 + +#define CONN_TYPE_MAX_ 19 +/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in + * connection_t. */ + +/* Proxy client handshake states */ +/* We use a proxy but we haven't even connected to it yet. */ +#define PROXY_INFANT 1 +/* We use an HTTP proxy and we've sent the CONNECT command. */ +#define PROXY_HTTPS_WANT_CONNECT_OK 2 +/* We use a SOCKS4 proxy and we've sent the CONNECT command. */ +#define PROXY_SOCKS4_WANT_CONNECT_OK 3 +/* We use a SOCKS5 proxy and we try to negotiate without + any authentication . */ +#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4 +/* We use a SOCKS5 proxy and we try to negotiate with + Username/Password authentication . */ +#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5 +/* We use a SOCKS5 proxy and we just sent our credentials. */ +#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6 +/* We use a SOCKS5 proxy and we just sent our CONNECT command. */ +#define PROXY_SOCKS5_WANT_CONNECT_OK 7 +/* We use a proxy and we CONNECTed successfully!. */ +#define PROXY_CONNECTED 8 + +/** State for any listener connection. */ +#define LISTENER_STATE_READY 0 + const char *conn_type_to_string(int type); const char *conn_state_to_string(int type, int state); int conn_listener_type_supports_af_unix(int type); diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h index d6774668d..24968b277 100644 --- a/src/or/connection_edge.h +++ b/src/or/connection_edge.h @@ -18,6 +18,54 @@ edge_connection_t *TO_EDGE_CONN(connection_t *); entry_connection_t *TO_ENTRY_CONN(connection_t *); entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *); +#define EXIT_CONN_STATE_MIN_ 1 +/** State for an exit connection: waiting for response from DNS farm. */ +#define EXIT_CONN_STATE_RESOLVING 1 +/** State for an exit connection: waiting for connect() to finish. */ +#define EXIT_CONN_STATE_CONNECTING 2 +/** State for an exit connection: open and ready to transmit data. */ +#define EXIT_CONN_STATE_OPEN 3 +/** State for an exit connection: waiting to be removed. */ +#define EXIT_CONN_STATE_RESOLVEFAILED 4 +#define EXIT_CONN_STATE_MAX_ 4 + +/* The AP state values must be disjoint from the EXIT state values. */ +#define AP_CONN_STATE_MIN_ 5 +/** State for a SOCKS connection: waiting for SOCKS request. */ +#define AP_CONN_STATE_SOCKS_WAIT 5 +/** State for a SOCKS connection: got a y.onion URL; waiting to receive + * rendezvous descriptor. */ +#define AP_CONN_STATE_RENDDESC_WAIT 6 +/** The controller will attach this connection to a circuit; it isn't our + * job to do so. */ +#define AP_CONN_STATE_CONTROLLER_WAIT 7 +/** State for a SOCKS connection: waiting for a completed circuit. */ +#define AP_CONN_STATE_CIRCUIT_WAIT 8 +/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */ +#define AP_CONN_STATE_CONNECT_WAIT 9 +/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */ +#define AP_CONN_STATE_RESOLVE_WAIT 10 +/** State for a SOCKS connection: ready to send and receive. */ +#define AP_CONN_STATE_OPEN 11 +/** State for a transparent natd connection: waiting for original + * destination. */ +#define AP_CONN_STATE_NATD_WAIT 12 +/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */ +#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13 +#define AP_CONN_STATE_MAX_ 13 + +#define EXIT_PURPOSE_MIN_ 1 +/** This exit stream wants to do an ordinary connect. */ +#define EXIT_PURPOSE_CONNECT 1 +/** This exit stream wants to do a resolve (either normal or reverse). */ +#define EXIT_PURPOSE_RESOLVE 2 +#define EXIT_PURPOSE_MAX_ 2 + +/** True iff the AP_CONN_STATE_* value s means that the corresponding + * edge connection is not attached to any circuit. */ +#define AP_CONN_STATE_IS_UNATTACHED(s) \ + ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT) + #define connection_mark_unattached_ap(conn, endreason) \ connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__) @@ -198,4 +246,3 @@ STATIC int connection_ap_process_http_connect(entry_connection_t *conn); #endif /* defined(CONNECTION_EDGE_PRIVATE) */ #endif /* !defined(TOR_CONNECTION_EDGE_H) */ - diff --git a/src/or/connection_or.h b/src/or/connection_or.h index 27574c9e9..2d95fdea1 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -17,6 +17,33 @@ struct ed25519_keypair_t; or_connection_t *TO_OR_CONN(connection_t *); +#define OR_CONN_STATE_MIN_ 1 +/** State for a connection to an OR: waiting for connect() to finish. */ +#define OR_CONN_STATE_CONNECTING 1 +/** State for a connection to an OR: waiting for proxy handshake to complete */ +#define OR_CONN_STATE_PROXY_HANDSHAKING 2 +/** State for an OR connection client: SSL is handshaking, not done + * yet. */ +#define OR_CONN_STATE_TLS_HANDSHAKING 3 +/** State for a connection to an OR: We're doing a second SSL handshake for + * renegotiation purposes. (V2 handshake only.) */ +#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4 +/** State for a connection at an OR: We're waiting for the client to + * renegotiate (to indicate a v2 handshake) or send a versions cell (to + * indicate a v3 handshake) */ +#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5 +/** State for an OR connection: We're done with our SSL handshake, we've done + * renegotiation, but we haven't yet negotiated link protocol versions and + * sent a netinfo cell. */ +#define OR_CONN_STATE_OR_HANDSHAKING_V2 6 +/** State for an OR connection: We're done with our SSL handshake, but we + * haven't yet negotiated link protocol versions, done a V3 handshake, and + * sent a netinfo cell. */ +#define OR_CONN_STATE_OR_HANDSHAKING_V3 7 +/** State for an OR connection: Ready to send/receive cells. */ +#define OR_CONN_STATE_OPEN 8 +#define OR_CONN_STATE_MAX_ 8 + void connection_or_clear_identity(or_connection_t *conn); void connection_or_clear_identity_map(void); void clear_broken_connection_map(int disable); diff --git a/src/or/connection_st.h b/src/or/connection_st.h index 2e785c6e6..6c2247868 100644 --- a/src/or/connection_st.h +++ b/src/or/connection_st.h @@ -9,6 +9,16 @@ struct buf_t; +/* Values for connection_t.magic: used to make sure that downcasts (casts from +* connection_t to foo_connection_t) are safe. */ +#define BASE_CONNECTION_MAGIC 0x7C3C304Eu +#define OR_CONNECTION_MAGIC 0x7D31FF03u +#define EDGE_CONNECTION_MAGIC 0xF0374013u +#define ENTRY_CONNECTION_MAGIC 0xbb4a5703 +#define DIR_CONNECTION_MAGIC 0x9988ffeeu +#define CONTROL_CONNECTION_MAGIC 0x8abc765du +#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u + /** Description of a connection to another host or process, and associated * data. * @@ -128,4 +138,12 @@ struct connection_t { uint32_t n_written_conn_bw; }; +/** True iff x is an edge connection. */ +#define CONN_IS_EDGE(x) \ + ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP) + +/** True iff the purpose of conn means that it's a server-side + * directory connection. */ +#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER) + #endif diff --git a/src/or/control.h b/src/or/control.h index d6ffe4a25..53ac87107 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -84,6 +84,21 @@ typedef enum { control_connection_t *TO_CONTROL_CONN(connection_t *); +#define CONTROL_CONN_STATE_MIN_ 1 +/** State for a control connection: Authenticated and accepting v1 commands. */ +#define CONTROL_CONN_STATE_OPEN 1 +/** State for a control connection: Waiting for authentication; speaking + * protocol v1. */ +#define CONTROL_CONN_STATE_NEEDAUTH 2 +#define CONTROL_CONN_STATE_MAX_ 2 + +/** Reason for remapping an AP connection's address: we have a cached + * answer. */ +#define REMAP_STREAM_SOURCE_CACHE 1 +/** Reason for remapping an AP connection's address: the exit node told us an + * answer. */ +#define REMAP_STREAM_SOURCE_EXIT 2 + void control_initialize_event_queue(void); void control_update_global_event_mask(void); diff --git a/src/or/directory.c b/src/or/directory.c index 842cf631e..ca925ed85 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -144,6 +144,15 @@ static void connection_dir_close_consensus_fetches( /********* START VARIABLES **********/ +/** Maximum size, in bytes, for resized buffers. */ +#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */ +/** Maximum size, in bytes, for any directory object that we've downloaded. */ +#define MAX_DIR_DL_SIZE MAX_BUF_SIZE + +/** Maximum size, in bytes, for any directory object that we're accepting + * as an upload. */ +#define MAX_DIR_UL_SIZE MAX_BUF_SIZE + /** How far in the future do we allow a directory server to tell us it is * before deciding that one of us has the wrong time? */ #define ALLOW_DIRECTORY_TIME_SKEW (30*60) diff --git a/src/or/directory.h b/src/or/directory.h index 6ed9e9b17..992ff618f 100644 --- a/src/or/directory.h +++ b/src/or/directory.h @@ -16,6 +16,79 @@ enum compress_method_t; dir_connection_t *TO_DIR_CONN(connection_t *c); + +#define DIR_CONN_STATE_MIN_ 1 +/** State for connection to directory server: waiting for connect(). */ +#define DIR_CONN_STATE_CONNECTING 1 +/** State for connection to directory server: sending HTTP request. */ +#define DIR_CONN_STATE_CLIENT_SENDING 2 +/** State for connection to directory server: reading HTTP response. */ +#define DIR_CONN_STATE_CLIENT_READING 3 +/** State for connection to directory server: happy and finished. */ +#define DIR_CONN_STATE_CLIENT_FINISHED 4 +/** State for connection at directory server: waiting for HTTP request. */ +#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5 +/** State for connection at directory server: sending HTTP response. */ +#define DIR_CONN_STATE_SERVER_WRITING 6 +#define DIR_CONN_STATE_MAX_ 6 + +#define DIR_PURPOSE_MIN_ 4 +/** A connection to a directory server: set after a v2 rendezvous + * descriptor is downloaded. */ +#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4 +/** A connection to a directory server: download one or more server + * descriptors. */ +#define DIR_PURPOSE_FETCH_SERVERDESC 6 +/** A connection to a directory server: download one or more extra-info + * documents. */ +#define DIR_PURPOSE_FETCH_EXTRAINFO 7 +/** A connection to a directory server: upload a server descriptor. */ +#define DIR_PURPOSE_UPLOAD_DIR 8 +/** A connection to a directory server: upload a v3 networkstatus vote. */ +#define DIR_PURPOSE_UPLOAD_VOTE 10 +/** A connection to a directory server: upload a v3 consensus signature */ +#define DIR_PURPOSE_UPLOAD_SIGNATURES 11 +/** A connection to a directory server: download one or more v3 networkstatus + * votes. */ +#define DIR_PURPOSE_FETCH_STATUS_VOTE 12 +/** A connection to a directory server: download a v3 detached signatures + * object for a consensus. */ +#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13 +/** A connection to a directory server: download a v3 networkstatus + * consensus. */ +#define DIR_PURPOSE_FETCH_CONSENSUS 14 +/** A connection to a directory server: download one or more directory + * authority certificates. */ +#define DIR_PURPOSE_FETCH_CERTIFICATE 15 + +/** Purpose for connection at a directory server. */ +#define DIR_PURPOSE_SERVER 16 +/** A connection to a hidden service directory server: upload a v2 rendezvous + * descriptor. */ +#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17 +/** A connection to a hidden service directory server: download a v2 rendezvous + * descriptor. */ +#define DIR_PURPOSE_FETCH_RENDDESC_V2 18 +/** A connection to a directory server: download a microdescriptor. */ +#define DIR_PURPOSE_FETCH_MICRODESC 19 +/** A connection to a hidden service directory: upload a v3 descriptor. */ +#define DIR_PURPOSE_UPLOAD_HSDESC 20 +/** A connection to a hidden service directory: fetch a v3 descriptor. */ +#define DIR_PURPOSE_FETCH_HSDESC 21 +/** A connection to a directory server: set after a hidden service descriptor + * is downloaded. */ +#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22 +#define DIR_PURPOSE_MAX_ 22 + +/** True iff p is a purpose corresponding to uploading + * data to a directory server. */ +#define DIR_PURPOSE_IS_UPLOAD(p) \ + ((p)==DIR_PURPOSE_UPLOAD_DIR || \ + (p)==DIR_PURPOSE_UPLOAD_VOTE || \ + (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \ + (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \ + (p)==DIR_PURPOSE_UPLOAD_HSDESC) + int directories_have_accepted_server_descriptor(void); void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, dirinfo_type_t type, const char *payload, diff --git a/src/or/dos.c b/src/or/dos.c index 02bdbcf35..d86ede02c 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -11,6 +11,7 @@ #include "or/or.h" #include "or/channel.h" #include "or/config.h" +#include "or/connection.h" #include "or/connection_or.h" #include "lib/crypt_ops/crypto_rand.h" #include "or/geoip.h" @@ -798,4 +799,3 @@ dos_init(void) /* To initialize, we only need to get the parameters. */ set_dos_parameters(NULL); } - diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h index c235b076e..7eebfdb25 100644 --- a/src/or/ext_orport.h +++ b/src/or/ext_orport.h @@ -7,6 +7,25 @@ #ifndef EXT_ORPORT_H #define EXT_ORPORT_H +/** States of the Extended ORPort protocol. Be careful before changing + * the numbers: they matter. */ +#define EXT_OR_CONN_STATE_MIN_ 1 +/** Extended ORPort authentication is waiting for the authentication + * type selected by the client. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1 +/** Extended ORPort authentication is waiting for the client nonce. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2 +/** Extended ORPort authentication is waiting for the client hash. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3 +#define EXT_OR_CONN_STATE_AUTH_MAX 3 +/** Authentication finished and the Extended ORPort is now accepting + * traffic. */ +#define EXT_OR_CONN_STATE_OPEN 4 +/** Extended ORPort is flushing its last messages and preparing to + * start accepting OR connections. */ +#define EXT_OR_CONN_STATE_FLUSHING 5 +#define EXT_OR_CONN_STATE_MAX_ 5 + int connection_ext_or_start_auth(or_connection_t *or_conn); ext_or_cmd_t *ext_or_cmd_new(uint16_t len); @@ -43,4 +62,3 @@ extern int ext_or_auth_cookie_is_set; #endif /* defined(EXT_ORPORT_PRIVATE) */ #endif /* !defined(EXT_ORPORT_H) */ - diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index b12846197..133ab84b3 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -45,6 +45,7 @@ #include "or/circuitstats.h" #include "or/config.h" #include "or/connection.h" +#include "or/connection_edge.h" #include "or/connection_or.h" #include "or/consdiffmgr.h" #include "or/control.h" @@ -2719,4 +2720,3 @@ networkstatus_free_all(void) tor_free(waiting->body); } } - diff --git a/src/or/or.h b/src/or/or.h index 1a24ef1b7..be1f61edf 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -126,17 +126,9 @@ struct curve25519_public_key_t; * equal sign or tilde, nickname. */ #define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN) -/** Maximum size, in bytes, for resized buffers. */ -#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */ -/** Maximum size, in bytes, for any directory object that we've downloaded. */ -#define MAX_DIR_DL_SIZE MAX_BUF_SIZE - /** For HTTP parsing: Maximum number of bytes we'll accept in the headers * of an HTTP request or response. */ #define MAX_HEADERS_SIZE 50000 -/** Maximum size, in bytes, for any directory object that we're accepting - * as an upload. */ -#define MAX_DIR_UL_SIZE MAX_BUF_SIZE /** Maximum size, in bytes, of a single router descriptor uploaded to us * as a directory authority. Caches and clients fetch whatever descriptors @@ -179,48 +171,6 @@ struct curve25519_public_key_t; /** How old do we let a saved descriptor get before force-removing it? */ #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5) -#define CONN_TYPE_MIN_ 3 -/** Type for sockets listening for OR connections. */ -#define CONN_TYPE_OR_LISTENER 3 -/** A bidirectional TLS connection transmitting a sequence of cells. - * May be from an OR to an OR, or from an OP to an OR. */ -#define CONN_TYPE_OR 4 -/** A TCP connection from an onion router to a stream's destination. */ -#define CONN_TYPE_EXIT 5 -/** Type for sockets listening for SOCKS connections. */ -#define CONN_TYPE_AP_LISTENER 6 -/** A SOCKS proxy connection from the user application to the onion - * proxy. */ -#define CONN_TYPE_AP 7 -/** Type for sockets listening for HTTP connections to the directory server. */ -#define CONN_TYPE_DIR_LISTENER 8 -/** Type for HTTP connections to the directory server. */ -#define CONN_TYPE_DIR 9 -/* Type 10 is unused. */ -/** Type for listening for connections from user interface process. */ -#define CONN_TYPE_CONTROL_LISTENER 11 -/** Type for connections from user interface process. */ -#define CONN_TYPE_CONTROL 12 -/** Type for sockets listening for transparent connections redirected by pf or - * netfilter. */ -#define CONN_TYPE_AP_TRANS_LISTENER 13 -/** Type for sockets listening for transparent connections redirected by - * natd. */ -#define CONN_TYPE_AP_NATD_LISTENER 14 -/** Type for sockets listening for DNS requests. */ -#define CONN_TYPE_AP_DNS_LISTENER 15 - -/** Type for connections from the Extended ORPort. */ -#define CONN_TYPE_EXT_OR 16 -/** Type for sockets listening for Extended ORPort connections. */ -#define CONN_TYPE_EXT_OR_LISTENER 17 -/** Type for sockets listening for HTTP CONNECT tunnel connections. */ -#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18 - -#define CONN_TYPE_MAX_ 19 -/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in - * connection_t. */ - /* Proxy client types */ #define PROXY_NONE 0 #define PROXY_CONNECT 1 @@ -233,355 +183,6 @@ struct curve25519_public_key_t; * instead use the actual underlying proxy type (see above). */ #define PROXY_PLUGGABLE 4 -/* Proxy client handshake states */ -/* We use a proxy but we haven't even connected to it yet. */ -#define PROXY_INFANT 1 -/* We use an HTTP proxy and we've sent the CONNECT command. */ -#define PROXY_HTTPS_WANT_CONNECT_OK 2 -/* We use a SOCKS4 proxy and we've sent the CONNECT command. */ -#define PROXY_SOCKS4_WANT_CONNECT_OK 3 -/* We use a SOCKS5 proxy and we try to negotiate without - any authentication . */ -#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4 -/* We use a SOCKS5 proxy and we try to negotiate with - Username/Password authentication . */ -#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5 -/* We use a SOCKS5 proxy and we just sent our credentials. */ -#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6 -/* We use a SOCKS5 proxy and we just sent our CONNECT command. */ -#define PROXY_SOCKS5_WANT_CONNECT_OK 7 -/* We use a proxy and we CONNECTed successfully!. */ -#define PROXY_CONNECTED 8 - -/** True iff x is an edge connection. */ -#define CONN_IS_EDGE(x) \ - ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP) - -/** State for any listener connection. */ -#define LISTENER_STATE_READY 0 - -#define OR_CONN_STATE_MIN_ 1 -/** State for a connection to an OR: waiting for connect() to finish. */ -#define OR_CONN_STATE_CONNECTING 1 -/** State for a connection to an OR: waiting for proxy handshake to complete */ -#define OR_CONN_STATE_PROXY_HANDSHAKING 2 -/** State for an OR connection client: SSL is handshaking, not done - * yet. */ -#define OR_CONN_STATE_TLS_HANDSHAKING 3 -/** State for a connection to an OR: We're doing a second SSL handshake for - * renegotiation purposes. (V2 handshake only.) */ -#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4 -/** State for a connection at an OR: We're waiting for the client to - * renegotiate (to indicate a v2 handshake) or send a versions cell (to - * indicate a v3 handshake) */ -#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5 -/** State for an OR connection: We're done with our SSL handshake, we've done - * renegotiation, but we haven't yet negotiated link protocol versions and - * sent a netinfo cell. */ -#define OR_CONN_STATE_OR_HANDSHAKING_V2 6 -/** State for an OR connection: We're done with our SSL handshake, but we - * haven't yet negotiated link protocol versions, done a V3 handshake, and - * sent a netinfo cell. */ -#define OR_CONN_STATE_OR_HANDSHAKING_V3 7 -/** State for an OR connection: Ready to send/receive cells. */ -#define OR_CONN_STATE_OPEN 8 -#define OR_CONN_STATE_MAX_ 8 - -/** States of the Extended ORPort protocol. Be careful before changing - * the numbers: they matter. */ -#define EXT_OR_CONN_STATE_MIN_ 1 -/** Extended ORPort authentication is waiting for the authentication - * type selected by the client. */ -#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1 -/** Extended ORPort authentication is waiting for the client nonce. */ -#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2 -/** Extended ORPort authentication is waiting for the client hash. */ -#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3 -#define EXT_OR_CONN_STATE_AUTH_MAX 3 -/** Authentication finished and the Extended ORPort is now accepting - * traffic. */ -#define EXT_OR_CONN_STATE_OPEN 4 -/** Extended ORPort is flushing its last messages and preparing to - * start accepting OR connections. */ -#define EXT_OR_CONN_STATE_FLUSHING 5 -#define EXT_OR_CONN_STATE_MAX_ 5 - -#define EXIT_CONN_STATE_MIN_ 1 -/** State for an exit connection: waiting for response from DNS farm. */ -#define EXIT_CONN_STATE_RESOLVING 1 -/** State for an exit connection: waiting for connect() to finish. */ -#define EXIT_CONN_STATE_CONNECTING 2 -/** State for an exit connection: open and ready to transmit data. */ -#define EXIT_CONN_STATE_OPEN 3 -/** State for an exit connection: waiting to be removed. */ -#define EXIT_CONN_STATE_RESOLVEFAILED 4 -#define EXIT_CONN_STATE_MAX_ 4 - -/* The AP state values must be disjoint from the EXIT state values. */ -#define AP_CONN_STATE_MIN_ 5 -/** State for a SOCKS connection: waiting for SOCKS request. */ -#define AP_CONN_STATE_SOCKS_WAIT 5 -/** State for a SOCKS connection: got a y.onion URL; waiting to receive - * rendezvous descriptor. */ -#define AP_CONN_STATE_RENDDESC_WAIT 6 -/** The controller will attach this connection to a circuit; it isn't our - * job to do so. */ -#define AP_CONN_STATE_CONTROLLER_WAIT 7 -/** State for a SOCKS connection: waiting for a completed circuit. */ -#define AP_CONN_STATE_CIRCUIT_WAIT 8 -/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */ -#define AP_CONN_STATE_CONNECT_WAIT 9 -/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */ -#define AP_CONN_STATE_RESOLVE_WAIT 10 -/** State for a SOCKS connection: ready to send and receive. */ -#define AP_CONN_STATE_OPEN 11 -/** State for a transparent natd connection: waiting for original - * destination. */ -#define AP_CONN_STATE_NATD_WAIT 12 -/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */ -#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13 -#define AP_CONN_STATE_MAX_ 13 - -/** True iff the AP_CONN_STATE_* value s means that the corresponding - * edge connection is not attached to any circuit. */ -#define AP_CONN_STATE_IS_UNATTACHED(s) \ - ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT) - -#define DIR_CONN_STATE_MIN_ 1 -/** State for connection to directory server: waiting for connect(). */ -#define DIR_CONN_STATE_CONNECTING 1 -/** State for connection to directory server: sending HTTP request. */ -#define DIR_CONN_STATE_CLIENT_SENDING 2 -/** State for connection to directory server: reading HTTP response. */ -#define DIR_CONN_STATE_CLIENT_READING 3 -/** State for connection to directory server: happy and finished. */ -#define DIR_CONN_STATE_CLIENT_FINISHED 4 -/** State for connection at directory server: waiting for HTTP request. */ -#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5 -/** State for connection at directory server: sending HTTP response. */ -#define DIR_CONN_STATE_SERVER_WRITING 6 -#define DIR_CONN_STATE_MAX_ 6 - -/** True iff the purpose of conn means that it's a server-side - * directory connection. */ -#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER) - -#define CONTROL_CONN_STATE_MIN_ 1 -/** State for a control connection: Authenticated and accepting v1 commands. */ -#define CONTROL_CONN_STATE_OPEN 1 -/** State for a control connection: Waiting for authentication; speaking - * protocol v1. */ -#define CONTROL_CONN_STATE_NEEDAUTH 2 -#define CONTROL_CONN_STATE_MAX_ 2 - -#define DIR_PURPOSE_MIN_ 4 -/** A connection to a directory server: set after a v2 rendezvous - * descriptor is downloaded. */ -#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4 -/** A connection to a directory server: download one or more server - * descriptors. */ -#define DIR_PURPOSE_FETCH_SERVERDESC 6 -/** A connection to a directory server: download one or more extra-info - * documents. */ -#define DIR_PURPOSE_FETCH_EXTRAINFO 7 -/** A connection to a directory server: upload a server descriptor. */ -#define DIR_PURPOSE_UPLOAD_DIR 8 -/** A connection to a directory server: upload a v3 networkstatus vote. */ -#define DIR_PURPOSE_UPLOAD_VOTE 10 -/** A connection to a directory server: upload a v3 consensus signature */ -#define DIR_PURPOSE_UPLOAD_SIGNATURES 11 -/** A connection to a directory server: download one or more v3 networkstatus - * votes. */ -#define DIR_PURPOSE_FETCH_STATUS_VOTE 12 -/** A connection to a directory server: download a v3 detached signatures - * object for a consensus. */ -#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13 -/** A connection to a directory server: download a v3 networkstatus - * consensus. */ -#define DIR_PURPOSE_FETCH_CONSENSUS 14 -/** A connection to a directory server: download one or more directory - * authority certificates. */ -#define DIR_PURPOSE_FETCH_CERTIFICATE 15 - -/** Purpose for connection at a directory server. */ -#define DIR_PURPOSE_SERVER 16 -/** A connection to a hidden service directory server: upload a v2 rendezvous - * descriptor. */ -#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17 -/** A connection to a hidden service directory server: download a v2 rendezvous - * descriptor. */ -#define DIR_PURPOSE_FETCH_RENDDESC_V2 18 -/** A connection to a directory server: download a microdescriptor. */ -#define DIR_PURPOSE_FETCH_MICRODESC 19 -/** A connection to a hidden service directory: upload a v3 descriptor. */ -#define DIR_PURPOSE_UPLOAD_HSDESC 20 -/** A connection to a hidden service directory: fetch a v3 descriptor. */ -#define DIR_PURPOSE_FETCH_HSDESC 21 -/** A connection to a directory server: set after a hidden service descriptor - * is downloaded. */ -#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22 -#define DIR_PURPOSE_MAX_ 22 - -/** True iff p is a purpose corresponding to uploading - * data to a directory server. */ -#define DIR_PURPOSE_IS_UPLOAD(p) \ - ((p)==DIR_PURPOSE_UPLOAD_DIR || \ - (p)==DIR_PURPOSE_UPLOAD_VOTE || \ - (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \ - (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \ - (p)==DIR_PURPOSE_UPLOAD_HSDESC) - -#define EXIT_PURPOSE_MIN_ 1 -/** This exit stream wants to do an ordinary connect. */ -#define EXIT_PURPOSE_CONNECT 1 -/** This exit stream wants to do a resolve (either normal or reverse). */ -#define EXIT_PURPOSE_RESOLVE 2 -#define EXIT_PURPOSE_MAX_ 2 - -/* !!!! If any connection purpose is ever over 31, we must grow the type - * field in connection_t. */ - -/** Circuit state: I'm the origin, still haven't done all my handshakes. */ -#define CIRCUIT_STATE_BUILDING 0 -/** Circuit state: Waiting to process the onionskin. */ -#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 -/** Circuit state: I'd like to deliver a create, but my n_chan is still - * connecting. */ -#define CIRCUIT_STATE_CHAN_WAIT 2 -/** Circuit state: the circuit is open but we don't want to actually use it - * until we find out if a better guard will be available. - */ -#define CIRCUIT_STATE_GUARD_WAIT 3 -/** Circuit state: onionskin(s) processed, ready to send/receive cells. */ -#define CIRCUIT_STATE_OPEN 4 - -#define CIRCUIT_PURPOSE_MIN_ 1 - -/* these circuits were initiated elsewhere */ -#define CIRCUIT_PURPOSE_OR_MIN_ 1 -/** OR-side circuit purpose: normal circuit, at OR. */ -#define CIRCUIT_PURPOSE_OR 1 -/** OR-side circuit purpose: At OR, from the service, waiting for intro from - * clients. */ -#define CIRCUIT_PURPOSE_INTRO_POINT 2 -/** OR-side circuit purpose: At OR, from the client, waiting for the service. - */ -#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3 -/** OR-side circuit purpose: At OR, both circuits have this purpose. */ -#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4 -#define CIRCUIT_PURPOSE_OR_MAX_ 4 - -/* these circuits originate at this node */ - -/* here's how circ client-side purposes work: - * normal circuits are C_GENERAL. - * circuits that are c_introducing are either on their way to - * becoming open, or they are open and waiting for a - * suitable rendcirc before they send the intro. - * circuits that are c_introduce_ack_wait have sent the intro, - * but haven't gotten a response yet. - * circuits that are c_establish_rend are either on their way - * to becoming open, or they are open and have sent the - * establish_rendezvous cell but haven't received an ack. - * circuits that are c_rend_ready are open and have received a - * rend ack, but haven't heard from the service yet. if they have a - * buildstate->pending_final_cpath then they're expecting a - * cell from the service, else they're not. - * circuits that are c_rend_ready_intro_acked are open, and - * some intro circ has sent its intro and received an ack. - * circuits that are c_rend_joined are open, have heard from - * the service, and are talking to it. - */ -/** Client-side circuit purpose: Normal circuit, with cpath. */ -#define CIRCUIT_PURPOSE_C_GENERAL 5 -#define CIRCUIT_PURPOSE_C_HS_MIN_ 6 -/** Client-side circuit purpose: at the client, connecting to intro point. */ -#define CIRCUIT_PURPOSE_C_INTRODUCING 6 -/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point, - * waiting for ACK/NAK. */ -#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7 -/** Client-side circuit purpose: at the client, introduced and acked, closing. - */ -#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8 -/** Client-side circuit purpose: at the client, waiting for ack. */ -#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9 -/** Client-side circuit purpose: at the client, waiting for the service. */ -#define CIRCUIT_PURPOSE_C_REND_READY 10 -/** Client-side circuit purpose: at the client, waiting for the service, - * INTRODUCE has been acknowledged. */ -#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11 -/** Client-side circuit purpose: at the client, rendezvous established. */ -#define CIRCUIT_PURPOSE_C_REND_JOINED 12 -/** This circuit is used for getting hsdirs */ -#define CIRCUIT_PURPOSE_C_HSDIR_GET 13 -#define CIRCUIT_PURPOSE_C_HS_MAX_ 13 -/** This circuit is used for build time measurement only */ -#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14 -#define CIRCUIT_PURPOSE_C_MAX_ 14 - -#define CIRCUIT_PURPOSE_S_HS_MIN_ 15 -/** Hidden-service-side circuit purpose: at the service, waiting for - * introductions. */ -#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15 -/** Hidden-service-side circuit purpose: at the service, successfully - * established intro. */ -#define CIRCUIT_PURPOSE_S_INTRO 16 -/** Hidden-service-side circuit purpose: at the service, connecting to rend - * point. */ -#define CIRCUIT_PURPOSE_S_CONNECT_REND 17 -/** Hidden-service-side circuit purpose: at the service, rendezvous - * established. */ -#define CIRCUIT_PURPOSE_S_REND_JOINED 18 -/** This circuit is used for uploading hsdirs */ -#define CIRCUIT_PURPOSE_S_HSDIR_POST 19 -#define CIRCUIT_PURPOSE_S_HS_MAX_ 19 - -/** A testing circuit; not meant to be used for actual traffic. */ -#define CIRCUIT_PURPOSE_TESTING 20 -/** A controller made this circuit and Tor should not use it. */ -#define CIRCUIT_PURPOSE_CONTROLLER 21 -/** This circuit is used for path bias probing only */ -#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22 - -/** This circuit is used for vanguards/restricted paths. - * - * This type of circuit is *only* created preemptively and never - * on-demand. When an HS operation needs to take place (e.g. connect to an - * intro point), these circuits are then cannibalized and repurposed to the - * actual needed HS purpose. */ -#define CIRCUIT_PURPOSE_HS_VANGUARDS 23 - -#define CIRCUIT_PURPOSE_MAX_ 23 -/** A catch-all for unrecognized purposes. Currently we don't expect - * to make or see any circuits with this purpose. */ -#define CIRCUIT_PURPOSE_UNKNOWN 255 - -/** True iff the circuit purpose p is for a circuit that - * originated at this node. */ -#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_) -/** True iff the circuit purpose p is for a circuit that originated - * here to serve as a client. (Hidden services don't count here.) */ -#define CIRCUIT_PURPOSE_IS_CLIENT(p) \ - ((p)> CIRCUIT_PURPOSE_OR_MAX_ && \ - (p)<=CIRCUIT_PURPOSE_C_MAX_) -/** True iff the circuit_t c is actually an origin_circuit_t. */ -#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose)) -/** True iff the circuit purpose p is for an established rendezvous - * circuit. */ -#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \ - ((p) == CIRCUIT_PURPOSE_C_REND_JOINED || \ - (p) == CIRCUIT_PURPOSE_S_REND_JOINED) -/** True iff the circuit_t c is actually an or_circuit_t */ -#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC) - -/** True iff this circuit purpose should count towards the global - * pending rate limit (set by MaxClientCircuitsPending). We count all - * general purpose circuits, as well as the first step of client onion - * service connections (HSDir gets). */ -#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \ - ((p) == CIRCUIT_PURPOSE_C_GENERAL || \ - (p) == CIRCUIT_PURPOSE_C_HSDIR_GET) - /** How many circuits do we want simultaneously in-progress to handle * a given stream? */ #define MIN_CIRCUITS_HANDLING_STREAM 2 @@ -686,13 +287,6 @@ struct curve25519_public_key_t; * connection_mark_unattached_ap(). */ #define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048 -/** Reason for remapping an AP connection's address: we have a cached - * answer. */ -#define REMAP_STREAM_SOURCE_CACHE 1 -/** Reason for remapping an AP connection's address: the exit node told us an - * answer. */ -#define REMAP_STREAM_SOURCE_EXIT 2 - /* 'type' values to use in RESOLVED cells. Specified in tor-spec.txt. */ #define RESOLVED_TYPE_HOSTNAME 0 #define RESOLVED_TYPE_IPV4 4 @@ -1051,16 +645,6 @@ typedef struct socks_request_t socks_request_t; typedef struct entry_port_cfg_t entry_port_cfg_t; typedef struct server_port_cfg_t server_port_cfg_t; -/* Values for connection_t.magic: used to make sure that downcasts (casts from -* connection_t to foo_connection_t) are safe. */ -#define BASE_CONNECTION_MAGIC 0x7C3C304Eu -#define OR_CONNECTION_MAGIC 0x7D31FF03u -#define EDGE_CONNECTION_MAGIC 0xF0374013u -#define ENTRY_CONNECTION_MAGIC 0xbb4a5703 -#define DIR_CONNECTION_MAGIC 0x9988ffeeu -#define CONTROL_CONNECTION_MAGIC 0x8abc765du -#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u - /** Minimum length of the random part of an AUTH_CHALLENGE cell. */ #define OR_AUTH_CHALLENGE_LEN 32 @@ -1345,15 +929,6 @@ typedef struct crypt_path_reference_t crypt_path_reference_t; typedef struct cpath_build_state_t cpath_build_state_t; -/** "magic" value for an origin_circuit_t */ -#define ORIGIN_CIRCUIT_MAGIC 0x35315243u -/** "magic" value for an or_circuit_t */ -#define OR_CIRCUIT_MAGIC 0x98ABC04Fu -/** "magic" value for a circuit that would have been freed by circuit_free, - * but which we're keeping around until a cpuworker reply arrives. See - * circuit_free() for more documentation. */ -#define DEAD_CIRCUIT_MAGIC 0xdeadc14c - struct create_cell_t; /** Entry in the cell stats list of a circuit; used only if CELL_STATS @@ -1442,10 +1017,6 @@ typedef enum { /** Convert a circuit subtype to a circuit_t. */ #define TO_CIRCUIT(x) (&((x)->base_)) -/* limits for TCP send and recv buffer size used for constrained sockets */ -#define MIN_CONSTRAINED_TCP_BUFFER 2048 -#define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */ - /** @name Isolation flags Ways to isolate client streams @@ -2626,22 +2197,7 @@ typedef struct { time_t LastRotatedOnionKey; } or_state_t; -#define MAX_SOCKS_REPLY_LEN 1024 #define MAX_SOCKS_ADDR_LEN 256 -#define SOCKS_NO_AUTH 0x00 -#define SOCKS_USER_PASS 0x02 - -/** Please open a TCP connection to this addr:port. */ -#define SOCKS_COMMAND_CONNECT 0x01 -/** Please turn this FQDN into an IP address, privately. */ -#define SOCKS_COMMAND_RESOLVE 0xF0 -/** Please turn this IP address into an FQDN, privately. */ -#define SOCKS_COMMAND_RESOLVE_PTR 0xF1 - -/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */ -#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0) -#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \ - (c)==SOCKS_COMMAND_RESOLVE_PTR) /********************************* circuitbuild.c **********************/ @@ -2655,92 +2211,6 @@ typedef struct { #define BW_MIN_WEIGHT_SCALE 1 #define BW_MAX_WEIGHT_SCALE INT32_MAX -/** Total size of the circuit timeout history to accumulate. - * 1000 is approx 2.5 days worth of continual-use circuits. */ -#define CBT_NCIRCUITS_TO_OBSERVE 1000 - -/** Width of the histogram bins in milliseconds */ -#define CBT_BIN_WIDTH ((build_time_t)50) - -/** Number of modes to use in the weighted-avg computation of Xm */ -#define CBT_DEFAULT_NUM_XM_MODES 3 -#define CBT_MIN_NUM_XM_MODES 1 -#define CBT_MAX_NUM_XM_MODES 20 - -/** A build_time_t is milliseconds */ -typedef uint32_t build_time_t; - -/** - * CBT_BUILD_ABANDONED is our flag value to represent a force-closed - * circuit (Aka a 'right-censored' pareto value). - */ -#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1)) -#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX)) - -/** Save state every 10 circuits */ -#define CBT_SAVE_STATE_EVERY 10 - -/* Circuit build times consensus parameters */ - -/** - * How long to wait before actually closing circuits that take too long to - * build in terms of CDF quantile. - */ -#define CBT_DEFAULT_CLOSE_QUANTILE 95 -#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF -#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF - -/** - * How many circuits count as recent when considering if the - * connection has gone gimpy or changed. - */ -#define CBT_DEFAULT_RECENT_CIRCUITS 20 -#define CBT_MIN_RECENT_CIRCUITS 3 -#define CBT_MAX_RECENT_CIRCUITS 1000 - -/** - * Maximum count of timeouts that finish the first hop in the past - * RECENT_CIRCUITS before calculating a new timeout. - * - * This tells us whether to abandon timeout history and set - * the timeout back to whatever circuit_build_times_get_initial_timeout() - * gives us. - */ -#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10) -#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3 -#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000 - -/** Minimum circuits before estimating a timeout */ -#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100 -#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1 -#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000 - -/** Cutoff percentile on the CDF for our timeout estimation. */ -#define CBT_DEFAULT_QUANTILE_CUTOFF 80 -#define CBT_MIN_QUANTILE_CUTOFF 10 -#define CBT_MAX_QUANTILE_CUTOFF 99 -double circuit_build_times_quantile_cutoff(void); - -/** How often in seconds should we build a test circuit */ -#define CBT_DEFAULT_TEST_FREQUENCY 10 -#define CBT_MIN_TEST_FREQUENCY 1 -#define CBT_MAX_TEST_FREQUENCY INT32_MAX - -/** Lowest allowable value for CircuitBuildTimeout in milliseconds */ -#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500) -#define CBT_MIN_TIMEOUT_MIN_VALUE 500 -#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX - -/** Initial circuit build timeout in milliseconds */ -#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000) -#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE -#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX -int32_t circuit_build_times_initial_timeout(void); - -#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT -#error "RECENT_CIRCUITS is set too low." -#endif - typedef struct circuit_build_times_s circuit_build_times_t; /********************************* config.c ***************************/ @@ -2830,35 +2300,6 @@ typedef struct dir_server_t dir_server_t; #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX -/* Flags for pick_directory_server() and pick_trusteddirserver(). */ -/** Flag to indicate that we should not automatically be willing to use - * ourself to answer a directory request. - * Passed to router_pick_directory_server (et al).*/ -#define PDS_ALLOW_SELF (1<<0) -/** Flag to indicate that if no servers seem to be up, we should mark all - * directory servers as up and try again. - * Passed to router_pick_directory_server (et al).*/ -#define PDS_RETRY_IF_NO_SERVERS (1<<1) -/** Flag to indicate that we should not exclude directory servers that - * our ReachableAddress settings would exclude. This usually means that - * we're going to connect to the server over Tor, and so we don't need to - * worry about our firewall telling us we can't. - * Passed to router_pick_directory_server (et al).*/ -#define PDS_IGNORE_FASCISTFIREWALL (1<<2) -/** Flag to indicate that we should not use any directory authority to which - * we have an existing directory connection for downloading server descriptors - * or extrainfo documents. - * - * Passed to router_pick_directory_server (et al) - */ -#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3) -/** Flag to indicate that we should not use any directory authority to which - * we have an existing directory connection for downloading microdescs. - * - * Passed to router_pick_directory_server (et al) - */ -#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4) - typedef struct tor_version_t tor_version_t; #endif /* !defined(TOR_OR_H) */ diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 94603c260..f5e6ce581 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -7,6 +7,7 @@ #include "or/or.h" #include "or/addressmap.h" #include "lib/container/buffers.h" +#include "or/connection.h" #include "or/control.h" #include "or/config.h" #include "lib/crypt_ops/crypto_util.h" @@ -710,4 +711,3 @@ parse_socks_client(const uint8_t *data, size_t datalen, return -1; /* LCOV_EXCL_STOP */ } - diff --git a/src/or/proto_socks.h b/src/or/proto_socks.h index 1624d7b06..53de288f6 100644 --- a/src/or/proto_socks.h +++ b/src/or/proto_socks.h @@ -19,4 +19,3 @@ int fetch_from_buf_socks(struct buf_t *buf, socks_request_t *req, int fetch_from_buf_socks_client(buf_t *buf, int state, char **reason); #endif /* !defined(TOR_PROTO_SOCKS_H) */ - diff --git a/src/or/routerlist.h b/src/or/routerlist.h index 2047e1c0d..4b7406364 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -68,6 +68,35 @@ typedef enum bandwidth_weight_rule_t { WEIGHT_FOR_DIR } bandwidth_weight_rule_t; +/* Flags for pick_directory_server() and pick_trusteddirserver(). */ +/** Flag to indicate that we should not automatically be willing to use + * ourself to answer a directory request. + * Passed to router_pick_directory_server (et al).*/ +#define PDS_ALLOW_SELF (1<<0) +/** Flag to indicate that if no servers seem to be up, we should mark all + * directory servers as up and try again. + * Passed to router_pick_directory_server (et al).*/ +#define PDS_RETRY_IF_NO_SERVERS (1<<1) +/** Flag to indicate that we should not exclude directory servers that + * our ReachableAddress settings would exclude. This usually means that + * we're going to connect to the server over Tor, and so we don't need to + * worry about our firewall telling us we can't. + * Passed to router_pick_directory_server (et al).*/ +#define PDS_IGNORE_FASCISTFIREWALL (1<<2) +/** Flag to indicate that we should not use any directory authority to which + * we have an existing directory connection for downloading server descriptors + * or extrainfo documents. + * + * Passed to router_pick_directory_server (et al) + */ +#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3) +/** Flag to indicate that we should not use any directory authority to which + * we have an existing directory connection for downloading microdescs. + * + * Passed to router_pick_directory_server (et al) + */ +#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4) + int get_n_authorities(dirinfo_type_t type); int trusted_dirs_reload_certs(void); diff --git a/src/or/socks_request_st.h b/src/or/socks_request_st.h index c650a5773..d7b979c3e 100644 --- a/src/or/socks_request_st.h +++ b/src/or/socks_request_st.h @@ -7,6 +7,23 @@ #ifndef SOCKS_REQUEST_ST_H #define SOCKS_REQUEST_ST_H +#define MAX_SOCKS_REPLY_LEN 1024 + +#define SOCKS_NO_AUTH 0x00 +#define SOCKS_USER_PASS 0x02 + +/** Please open a TCP connection to this addr:port. */ +#define SOCKS_COMMAND_CONNECT 0x01 +/** Please turn this FQDN into an IP address, privately. */ +#define SOCKS_COMMAND_RESOLVE 0xF0 +/** Please turn this IP address into an FQDN, privately. */ +#define SOCKS_COMMAND_RESOLVE_PTR 0xF1 + +/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */ +#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0) +#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \ + (c)==SOCKS_COMMAND_RESOLVE_PTR) + /** State of a SOCKS request from a user to an OP. Also used to encode other * information for non-socks user request (such as those on TransPort and * DNSPort) */ @@ -56,4 +73,3 @@ struct socks_request_t { }; #endif - diff --git a/src/or/transports.c b/src/or/transports.c index 34161fd16..ff51ff00e 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -93,6 +93,7 @@ #include "or/or.h" #include "or/bridges.h" #include "or/config.h" +#include "or/connection.h" #include "or/circuitbuild.h" #include "or/transports.h" #include "common/util.h" diff --git a/src/test/bench.c b/src/test/bench.c index 427ebd814..ced04fffd 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -19,6 +19,7 @@ #include <openssl/ecdh.h> #include <openssl/obj_mac.h> +#include "or/circuitlist.h" #include "or/config.h" #include "lib/crypt_ops/crypto_curve25519.h" #include "lib/crypt_ops/crypto_dh.h" diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c index aed766fc0..ad2b443cf 100644 --- a/src/test/test_channeltls.c +++ b/src/test/test_channeltls.c @@ -11,6 +11,7 @@ #include "lib/container/buffers.h" #include "or/channel.h" #include "or/channeltls.h" +#include "or/connection.h" #include "or/connection_or.h" #include "or/config.h" /* For init/free stuff */ @@ -336,4 +337,3 @@ struct testcase_t channeltls_tests[] = { TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c index d17a04614..c09133c54 100644 --- a/src/test/test_circuitbuild.c +++ b/src/test/test_circuitbuild.c @@ -11,6 +11,7 @@ #include "test/log_test_helpers.h" #include "or/config.h" #include "or/circuitbuild.h" +#include "or/circuitlist.h" #include "or/extend_info_st.h" @@ -132,4 +133,3 @@ struct testcase_t circuitbuild_tests[] = { { "unhandled_exit", test_new_route_len_unhandled_exit, 0, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c index b642a37d2..33a45a99c 100644 --- a/src/test/test_controller_events.c +++ b/src/test/test_controller_events.c @@ -7,6 +7,7 @@ #include "or/or.h" #include "or/channel.h" #include "or/channeltls.h" +#include "or/circuitlist.h" #include "or/connection.h" #include "or/control.h" #include "test/test.h" @@ -331,4 +332,3 @@ struct testcase_t controller_event_tests[] = { TEST(event_mask, TT_FORK), END_OF_TESTCASES }; - diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 5551b5558..a2b4ec68a 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -19,6 +19,7 @@ #include "or/or.h" #include "or/bridges.h" +#include "or/connection.h" #include "or/confparse.h" #include "or/config.h" #include "or/control.h" diff --git a/src/test/test_dns.c b/src/test/test_dns.c index 3bcef0aa7..1407a5c47 100644 --- a/src/test/test_dns.c +++ b/src/test/test_dns.c @@ -8,6 +8,7 @@ #include "or/dns.h" #include "or/connection.h" +#include "or/connection_edge.h" #include "or/router.h" #include "or/edge_connection_st.h" @@ -748,4 +749,3 @@ struct testcase_t dns_tests[] = { }; #undef NS_MODULE - diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index b5cb9bb91..1458c358d 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -24,6 +24,7 @@ #include "lib/crypt_ops/crypto.h" #include "lib/crypt_ops/crypto_dh.h" #include "or/channeltls.h" +#include "or/directory.h" #include "or/main.h" #include "or/nodelist.h" #include "or/routerset.h" diff --git a/src/test/test_oos.c b/src/test/test_oos.c index 6ecb1a078..f101390d6 100644 --- a/src/test/test_oos.c +++ b/src/test/test_oos.c @@ -9,6 +9,7 @@ #include "or/config.h" #include "or/connection.h" #include "or/connection_or.h" +#include "or/directory.h" #include "or/main.h" #include "test/test.h" @@ -456,4 +457,3 @@ struct testcase_t oos_tests[] = { { "pick_oos_victims", test_oos_pick_oos_victims, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_relay.c b/src/test/test_relay.c index 777153d11..fe5795d11 100644 --- a/src/test/test_relay.c +++ b/src/test/test_relay.c @@ -4,6 +4,7 @@ #include "or/or.h" #define CIRCUITBUILD_PRIVATE #include "or/circuitbuild.h" +#include "or/circuitlist.h" #define RELAY_PRIVATE #include "or/relay.h" /* For init/free stuff */ @@ -130,4 +131,3 @@ struct testcase_t relay_tests[] = { TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 3e4528af2..046ed3597 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -6,6 +6,7 @@ #include "or/or.h" #include "lib/container/buffers.h" #include "or/config.h" +#include "or/connection.h" #include "or/proto_socks.h" #include "test/test.h" #include "test/log_test_helpers.h"

1 0

[tor/master] Pull a couple more enums from or.h
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit f75357ec355e4e716321417e562526ce77f4f931 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 14:44:04 2018 -0400 Pull a couple more enums from or.h --- src/or/circpathbias.h | 3 +- src/or/crypt_path_st.h | 14 +++++++++ src/or/desc_store_st.h | 7 ++++- src/or/or.h | 77 ++-------------------------------------------- src/or/origin_circuit_st.h | 57 +++++++++++++++++++++++++++++++++- 5 files changed, 79 insertions(+), 79 deletions(-) diff --git a/src/or/circpathbias.h b/src/or/circpathbias.h index 09162c40e..c99d1277b 100644 --- a/src/or/circpathbias.h +++ b/src/or/circpathbias.h @@ -23,7 +23,6 @@ int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell); void pathbias_count_use_attempt(origin_circuit_t *circ); void pathbias_mark_use_success(origin_circuit_t *circ); void pathbias_mark_use_rollback(origin_circuit_t *circ); -const char *pathbias_state_to_string(path_state_t state); +const char *pathbias_state_to_string(enum path_state_t state); #endif /* !defined(TOR_CIRCPATHBIAS_H) */ - diff --git a/src/or/crypt_path_st.h b/src/or/crypt_path_st.h index 7d38c7375..0fde1fab0 100644 --- a/src/or/crypt_path_st.h +++ b/src/or/crypt_path_st.h @@ -10,6 +10,20 @@ #include "or/relay_crypto_st.h" struct crypto_dh_t; +#define CRYPT_PATH_MAGIC 0x70127012u + +struct fast_handshake_state_t; +struct ntor_handshake_state_t; +struct crypto_dh_t; +struct onion_handshake_state_t { + uint16_t tag; + union { + struct fast_handshake_state_t *fast; + struct crypto_dh_t *tap; + struct ntor_handshake_state_t *ntor; + } u; +}; + /** Holds accounting information for a single step in the layered encryption * performed by a circuit. Used only at the client edge of a circuit. */ struct crypt_path_t { diff --git a/src/or/desc_store_st.h b/src/or/desc_store_st.h index c070e354c..168a83b23 100644 --- a/src/or/desc_store_st.h +++ b/src/or/desc_store_st.h @@ -7,6 +7,12 @@ #ifndef DESC_STORE_ST_H #define DESC_STORE_ST_H +/** Allowable types of desc_store_t. */ +typedef enum store_type_t { + ROUTER_STORE = 0, + EXTRAINFO_STORE = 1 +} store_type_t; + /** A 'store' is a set of descriptors saved on disk, with accompanying * journal, mmaped as needed, rebuilt as needed. */ struct desc_store_t { @@ -31,4 +37,3 @@ struct desc_store_t { }; #endif - diff --git a/src/or/or.h b/src/or/or.h index c38b8d750..1221084af 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -862,13 +862,6 @@ typedef enum { typedef struct networkstatus_t networkstatus_t; typedef struct ns_detached_signatures_t ns_detached_signatures_t; - -/** Allowable types of desc_store_t. */ -typedef enum store_type_t { - ROUTER_STORE = 0, - EXTRAINFO_STORE = 1 -} store_type_t; - typedef struct desc_store_t desc_store_t; typedef struct routerlist_t routerlist_t; typedef struct extend_info_t extend_info_t; @@ -897,24 +890,12 @@ typedef enum { #define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1)) -#define CRYPT_PATH_MAGIC 0x70127012u - -struct fast_handshake_state_t; -struct ntor_handshake_state_t; -struct crypto_dh_t; #define ONION_HANDSHAKE_TYPE_TAP 0x0000 #define ONION_HANDSHAKE_TYPE_FAST 0x0001 #define ONION_HANDSHAKE_TYPE_NTOR 0x0002 #define MAX_ONION_HANDSHAKE_TYPE 0x0002 -typedef struct { - uint16_t tag; - union { - struct fast_handshake_state_t *fast; - struct crypto_dh_t *tap; - struct ntor_handshake_state_t *ntor; - } u; -} onion_handshake_state_t; +typedef struct onion_handshake_state_t onion_handshake_state_t; typedef struct relay_crypto_t relay_crypto_t; typedef struct crypt_path_t crypt_path_t; typedef struct crypt_path_reference_t crypt_path_reference_t; @@ -946,61 +927,7 @@ typedef struct or_circuit_t or_circuit_t; * circuit. */ #define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8 -/** - * Describes the circuit building process in simplified terms based - * on the path bias accounting state for a circuit. - * - * NOTE: These state values are enumerated in the order for which we - * expect circuits to transition through them. If you add states, - * you need to preserve this overall ordering. The various pathbias - * state transition and accounting functions (pathbias_mark_* and - * pathbias_count_*) contain ordinal comparisons to enforce proper - * state transitions for corrections. - * - * This state machine and the associated logic was created to prevent - * miscounting due to unknown cases of circuit reuse. See also tickets - * #6475 and #7802. - */ -typedef enum { - /** This circuit is "new". It has not yet completed a first hop - * or been counted by the path bias code. */ - PATH_STATE_NEW_CIRC = 0, - /** This circuit has completed one/two hops, and has been counted by - * the path bias logic. */ - PATH_STATE_BUILD_ATTEMPTED = 1, - /** This circuit has been completely built */ - PATH_STATE_BUILD_SUCCEEDED = 2, - /** Did we try to attach any SOCKS streams or hidserv introductions to - * this circuit? - * - * Note: If we ever implement end-to-end stream timing through test - * stream probes (#5707), we must *not* set this for those probes - * (or any other automatic streams) because the adversary could - * just tag at a later point. - */ - PATH_STATE_USE_ATTEMPTED = 3, - /** Did any SOCKS streams or hidserv introductions actually succeed on - * this circuit? - * - * If any streams detatch/fail from this circuit, the code transitions - * the circuit back to PATH_STATE_USE_ATTEMPTED to ensure we probe. See - * pathbias_mark_use_rollback() for that. - */ - PATH_STATE_USE_SUCCEEDED = 4, - - /** - * This is a special state to indicate that we got a corrupted - * relay cell on a circuit and we don't intend to probe it. - */ - PATH_STATE_USE_FAILED = 5, - - /** - * This is a special state to indicate that we already counted - * the circuit. Used to guard against potential state machine - * violations. - */ - PATH_STATE_ALREADY_COUNTED = 6, -} path_state_t; +typedef enum path_state_t path_state_t; #define path_state_bitfield_t ENUM_BF(path_state_t) #if REND_COOKIE_LEN != DIGEST_LEN diff --git a/src/or/origin_circuit_st.h b/src/or/origin_circuit_st.h index fa41214d4..b885725ed 100644 --- a/src/or/origin_circuit_st.h +++ b/src/or/origin_circuit_st.h @@ -13,6 +13,62 @@ struct onion_queue_t; +/** + * Describes the circuit building process in simplified terms based + * on the path bias accounting state for a circuit. + * + * NOTE: These state values are enumerated in the order for which we + * expect circuits to transition through them. If you add states, + * you need to preserve this overall ordering. The various pathbias + * state transition and accounting functions (pathbias_mark_* and + * pathbias_count_*) contain ordinal comparisons to enforce proper + * state transitions for corrections. + * + * This state machine and the associated logic was created to prevent + * miscounting due to unknown cases of circuit reuse. See also tickets + * #6475 and #7802. + */ +enum path_state_t { + /** This circuit is "new". It has not yet completed a first hop + * or been counted by the path bias code. */ + PATH_STATE_NEW_CIRC = 0, + /** This circuit has completed one/two hops, and has been counted by + * the path bias logic. */ + PATH_STATE_BUILD_ATTEMPTED = 1, + /** This circuit has been completely built */ + PATH_STATE_BUILD_SUCCEEDED = 2, + /** Did we try to attach any SOCKS streams or hidserv introductions to + * this circuit? + * + * Note: If we ever implement end-to-end stream timing through test + * stream probes (#5707), we must *not* set this for those probes + * (or any other automatic streams) because the adversary could + * just tag at a later point. + */ + PATH_STATE_USE_ATTEMPTED = 3, + /** Did any SOCKS streams or hidserv introductions actually succeed on + * this circuit? + * + * If any streams detatch/fail from this circuit, the code transitions + * the circuit back to PATH_STATE_USE_ATTEMPTED to ensure we probe. See + * pathbias_mark_use_rollback() for that. + */ + PATH_STATE_USE_SUCCEEDED = 4, + + /** + * This is a special state to indicate that we got a corrupted + * relay cell on a circuit and we don't intend to probe it. + */ + PATH_STATE_USE_FAILED = 5, + + /** + * This is a special state to indicate that we already counted + * the circuit. Used to guard against potential state machine + * violations. + */ + PATH_STATE_ALREADY_COUNTED = 6, +}; + /** An origin_circuit_t holds data necessary to build and use a circuit. */ struct origin_circuit_t { @@ -232,4 +288,3 @@ struct origin_circuit_t { }; #endif -

1 0

[tor/master] Move ext_or_cmd_t to proto_ext_or
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit 6ccd98f93e733e39dcd460860aeead017b1b5a4f Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 14:34:52 2018 -0400 Move ext_or_cmd_t to proto_ext_or --- src/or/or.h | 8 +------- src/or/proto_ext_or.h | 9 +++++++-- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/or/or.h b/src/or/or.h index be1f61edf..c38b8d750 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -624,13 +624,7 @@ typedef struct packed_cell_t packed_cell_t; typedef struct cell_queue_t cell_queue_t; typedef struct destroy_cell_t destroy_cell_t; typedef struct destroy_cell_queue_t destroy_cell_queue_t; - -/** A parsed Extended ORPort message. */ -typedef struct ext_or_cmd_t { - uint16_t cmd; /** Command type */ - uint16_t len; /** Body length */ - char body[FLEXIBLE_ARRAY_MEMBER]; /** Message body */ -} ext_or_cmd_t; +typedef struct ext_or_cmd_t ext_or_cmd_t; /** Beginning of a RELAY cell payload. */ typedef struct { diff --git a/src/or/proto_ext_or.h b/src/or/proto_ext_or.h index 5366ec447..708a45974 100644 --- a/src/or/proto_ext_or.h +++ b/src/or/proto_ext_or.h @@ -8,10 +8,15 @@ #define TOR_PROTO_EXT_OR_H struct buf_t; -struct ext_or_cmt_t; + +/** A parsed Extended ORPort message. */ +typedef struct ext_or_cmd_t { + uint16_t cmd; /** Command type */ + uint16_t len; /** Body length */ + char body[FLEXIBLE_ARRAY_MEMBER]; /** Message body */ +} ext_or_cmd_t; int fetch_ext_or_command_from_buf(struct buf_t *buf, struct ext_or_cmd_t **out); #endif /* !defined(TOR_PROTO_EXT_OR_H) */ -

1 0

[tor/master] Extract or_state_t to its own header.
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit 986d761510c4e5070cbdf8879f49342b7b1350c1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 14:51:53 2018 -0400 Extract or_state_t to its own header. Fewer modules needed this than I had expected. --- src/or/circuitstats.c | 1 + src/or/connection_or.c | 1 + src/or/dirauth/shared_random_state.c | 2 + src/or/entrynodes.c | 1 + src/or/hibernate.c | 1 + src/or/hs_service.c | 1 + src/or/include.am | 3 +- src/or/main.c | 1 + src/or/or.h | 73 +----------------------------- src/or/or_state_st.h | 86 ++++++++++++++++++++++++++++++++++++ src/or/rephist.c | 1 + src/or/router.c | 1 + src/or/statefile.c | 2 + src/or/status.c | 1 + src/test/test.c | 2 + src/test/test_accounting.c | 3 +- src/test/test_entrynodes.c | 1 + src/test/test_hs_common.c | 1 + src/test/test_hs_service.c | 1 + src/test/test_pt.c | 2 + src/test/test_routerlist.c | 1 + src/test/test_shared_random.c | 2 +- src/test/test_status.c | 1 + src/test/test_tortls.c | 1 + 24 files changed, 115 insertions(+), 75 deletions(-) diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c index c090a1e7a..32584c26d 100644 --- a/src/or/circuitstats.c +++ b/src/or/circuitstats.c @@ -46,6 +46,7 @@ #include "or/crypt_path_st.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #undef log #include <math.h> diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 41ec7e8bc..b3021edf1 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -66,6 +66,7 @@ #include "or/or_connection_st.h" #include "or/or_handshake_certs_st.h" #include "or/or_handshake_state_st.h" +#include "or/or_state_st.h" #include "or/routerinfo_st.h" #include "or/var_cell_st.h" #include "lib/crypt_ops/crypto_format.h" diff --git a/src/or/dirauth/shared_random_state.c b/src/or/dirauth/shared_random_state.c index 85c02887d..87ddcc073 100644 --- a/src/or/dirauth/shared_random_state.c +++ b/src/or/dirauth/shared_random_state.c @@ -23,6 +23,8 @@ #include "or/voting_schedule.h" #include "lib/encoding/confline.h" +#include "or/or_state_st.h" + /* Default filename of the shared random state on disk. */ static const char default_fname[] = "sr-state"; diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 2ed2bc904..ba9c30f8b 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -143,6 +143,7 @@ #include "or/node_st.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #include "lib/crypt_ops/digestset.h" diff --git a/src/or/hibernate.c b/src/or/hibernate.c index 2c43e0f99..f98ada02d 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -44,6 +44,7 @@ hibernating, phase 2: #include "common/compat_libevent.h" #include "or/or_connection_st.h" +#include "or/or_state_st.h" /** Are we currently awake, asleep, running out of bandwidth, or shutting * down? */ diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 6c134136f..b651f1e27 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -45,6 +45,7 @@ #include "or/networkstatus_st.h" #include "or/node_st.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #include "or/routerstatus_st.h" #include "lib/encoding/confline.h" diff --git a/src/or/include.am b/src/or/include.am index ce195c92e..5475ea17e 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -75,7 +75,7 @@ LIBTOR_APP_A_SOURCES = \ src/or/onion_fast.c \ src/or/onion_tap.c \ src/or/transports.c \ - src/or/parsecommon.c \ + src/or/parsecommon.c \ src/or/periodic.c \ src/or/protover.c \ src/or/protover_rust.c \ @@ -275,6 +275,7 @@ ORHEADERS = \ src/or/or_connection_st.h \ src/or/or_handshake_certs_st.h \ src/or/or_handshake_state_st.h \ + src/or/or_state_st.h \ src/or/origin_circuit_st.h \ src/or/transports.h \ src/or/parsecommon.h \ diff --git a/src/or/main.c b/src/or/main.c index 19b30f725..9851cdb57 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -131,6 +131,7 @@ #include "or/entry_connection_st.h" #include "or/networkstatus_st.h" #include "or/or_connection_st.h" +#include "or/or_state_st.h" #include "or/port_cfg_st.h" #include "or/routerinfo_st.h" #include "or/socks_request_st.h" diff --git a/src/or/or.h b/src/or/or.h index 1221084af..0886517dd 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2045,78 +2045,7 @@ typedef struct { #define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level()) -/** Persistent state for an onion router, as saved to disk. */ -typedef struct { - uint32_t magic_; - /** The time at which we next plan to write the state to the disk. Equal to - * TIME_MAX if there are no savable changes, 0 if there are changes that - * should be saved right away. */ - time_t next_write; - - /** When was the state last written to disk? */ - time_t LastWritten; - - /** Fields for accounting bandwidth use. */ - time_t AccountingIntervalStart; - uint64_t AccountingBytesReadInInterval; - uint64_t AccountingBytesWrittenInInterval; - int AccountingSecondsActive; - int AccountingSecondsToReachSoftLimit; - time_t AccountingSoftLimitHitAt; - uint64_t AccountingBytesAtSoftLimit; - uint64_t AccountingExpectedUsage; - - /** A list of Entry Guard-related configuration lines. (pre-prop271) */ - struct config_line_t *EntryGuards; - - /** A list of guard-related configuration lines. (post-prop271) */ - struct config_line_t *Guard; - - struct config_line_t *TransportProxies; - - /** Cached revision counters for active hidden services on this host */ - struct config_line_t *HidServRevCounter; - - /** These fields hold information on the history of bandwidth usage for - * servers. The "Ends" fields hold the time when we last updated the - * bandwidth usage. The "Interval" fields hold the granularity, in seconds, - * of the entries of Values. The "Values" lists hold decimal string - * representations of the number of bytes read or written in each - * interval. The "Maxima" list holds decimal strings describing the highest - * rate achieved during the interval. - */ - time_t BWHistoryReadEnds; - int BWHistoryReadInterval; - smartlist_t *BWHistoryReadValues; - smartlist_t *BWHistoryReadMaxima; - time_t BWHistoryWriteEnds; - int BWHistoryWriteInterval; - smartlist_t *BWHistoryWriteValues; - smartlist_t *BWHistoryWriteMaxima; - time_t BWHistoryDirReadEnds; - int BWHistoryDirReadInterval; - smartlist_t *BWHistoryDirReadValues; - smartlist_t *BWHistoryDirReadMaxima; - time_t BWHistoryDirWriteEnds; - int BWHistoryDirWriteInterval; - smartlist_t *BWHistoryDirWriteValues; - smartlist_t *BWHistoryDirWriteMaxima; - - /** Build time histogram */ - struct config_line_t * BuildtimeHistogram; - int TotalBuildTimes; - int CircuitBuildAbandonedCount; - - /** What version of Tor wrote this state file? */ - char *TorVersion; - - /** Holds any unrecognized values we found in the state file, in the order - * in which we found them. */ - struct config_line_t *ExtraLines; - - /** When did we last rotate our onion key? "0" for 'no idea'. */ - time_t LastRotatedOnionKey; -} or_state_t; +typedef struct or_state_t or_state_t; #define MAX_SOCKS_ADDR_LEN 256 diff --git a/src/or/or_state_st.h b/src/or/or_state_st.h new file mode 100644 index 000000000..f1d5f981f --- /dev/null +++ b/src/or/or_state_st.h @@ -0,0 +1,86 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_OR_STATE_ST_H +#define TOR_OR_STATE_ST_H + +#include "lib/cc/torint.h" +struct smartlist_t; + +/** Persistent state for an onion router, as saved to disk. */ +struct or_state_t { + uint32_t magic_; + /** The time at which we next plan to write the state to the disk. Equal to + * TIME_MAX if there are no savable changes, 0 if there are changes that + * should be saved right away. */ + time_t next_write; + + /** When was the state last written to disk? */ + time_t LastWritten; + + /** Fields for accounting bandwidth use. */ + time_t AccountingIntervalStart; + uint64_t AccountingBytesReadInInterval; + uint64_t AccountingBytesWrittenInInterval; + int AccountingSecondsActive; + int AccountingSecondsToReachSoftLimit; + time_t AccountingSoftLimitHitAt; + uint64_t AccountingBytesAtSoftLimit; + uint64_t AccountingExpectedUsage; + + /** A list of Entry Guard-related configuration lines. (pre-prop271) */ + struct config_line_t *EntryGuards; + + /** A list of guard-related configuration lines. (post-prop271) */ + struct config_line_t *Guard; + + struct config_line_t *TransportProxies; + + /** Cached revision counters for active hidden services on this host */ + struct config_line_t *HidServRevCounter; + + /** These fields hold information on the history of bandwidth usage for + * servers. The "Ends" fields hold the time when we last updated the + * bandwidth usage. The "Interval" fields hold the granularity, in seconds, + * of the entries of Values. The "Values" lists hold decimal string + * representations of the number of bytes read or written in each + * interval. The "Maxima" list holds decimal strings describing the highest + * rate achieved during the interval. + */ + time_t BWHistoryReadEnds; + int BWHistoryReadInterval; + struct smartlist_t *BWHistoryReadValues; + struct smartlist_t *BWHistoryReadMaxima; + time_t BWHistoryWriteEnds; + int BWHistoryWriteInterval; + struct smartlist_t *BWHistoryWriteValues; + struct smartlist_t *BWHistoryWriteMaxima; + time_t BWHistoryDirReadEnds; + int BWHistoryDirReadInterval; + struct smartlist_t *BWHistoryDirReadValues; + struct smartlist_t *BWHistoryDirReadMaxima; + time_t BWHistoryDirWriteEnds; + int BWHistoryDirWriteInterval; + struct smartlist_t *BWHistoryDirWriteValues; + struct smartlist_t *BWHistoryDirWriteMaxima; + + /** Build time histogram */ + struct config_line_t * BuildtimeHistogram; + int TotalBuildTimes; + int CircuitBuildAbandonedCount; + + /** What version of Tor wrote this state file? */ + char *TorVersion; + + /** Holds any unrecognized values we found in the state file, in the order + * in which we found them. */ + struct config_line_t *ExtraLines; + + /** When did we last rotate our onion key? "0" for 'no idea'. */ + time_t LastRotatedOnionKey; +}; + +#endif diff --git a/src/or/rephist.c b/src/or/rephist.c index 907b01d68..02dc86403 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -91,6 +91,7 @@ #include "or/networkstatus_st.h" #include "or/or_circuit_st.h" +#include "or/or_state_st.h" #include "lib/container/bloomfilt.h" #include "lib/container/order.h" diff --git a/src/or/router.c b/src/or/router.c index cc7102228..6420f1e5d 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -47,6 +47,7 @@ #include "or/extrainfo_st.h" #include "or/node_st.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #include "or/port_cfg_st.h" #include "or/routerinfo_st.h" diff --git a/src/or/statefile.c b/src/or/statefile.c index 090e29a18..5631001c0 100644 --- a/src/or/statefile.c +++ b/src/or/statefile.c @@ -44,6 +44,8 @@ #include "or/statefile.h" #include "lib/encoding/confline.h" +#include "or/or_state_st.h" + /** A list of state-file "abbreviations," for compatibility. */ static config_abbrev_t state_abbrevs_[] = { { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 }, diff --git a/src/or/status.c b/src/or/status.c index 2cb1dc734..80b56ac1a 100644 --- a/src/or/status.c +++ b/src/or/status.c @@ -30,6 +30,7 @@ #include "or/hs_service.h" #include "or/dos.h" +#include "or/or_state_st.h" #include "or/routerinfo_st.h" #include "lib/tls/tortls.h" diff --git a/src/test/test.c b/src/test/test.c index 64332e264..d6be5ea2e 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -12,6 +12,8 @@ #include "lib/crypt_ops/crypto_dh.h" #include "lib/crypt_ops/crypto_rand.h" +#include "or/or_state_st.h" + #include <stdio.h> #ifdef HAVE_FCNTL_H #include <fcntl.h> diff --git a/src/test/test_accounting.c b/src/test/test_accounting.c index ce8e08f7c..7b9511dc2 100644 --- a/src/test/test_accounting.c +++ b/src/test/test_accounting.c @@ -9,6 +9,8 @@ #define STATEFILE_PRIVATE #include "or/statefile.h" +#include "or/or_state_st.h" + #define NS_MODULE accounting #define NS_SUBMODULE limits @@ -102,4 +104,3 @@ struct testcase_t accounting_tests[] = { { "bwlimits", test_accounting_limits, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index f0d649330..262e2fa68 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -37,6 +37,7 @@ #include "or/networkstatus_st.h" #include "or/node_st.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #include "or/routerinfo_st.h" #include "or/routerstatus_st.h" diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index cf221ca60..28c6316bd 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -37,6 +37,7 @@ #include "or/microdesc_st.h" #include "or/networkstatus_st.h" #include "or/node_st.h" +#include "or/or_state_st.h" #include "or/routerinfo_st.h" #include "or/routerstatus_st.h" diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 3ea1e7530..e81a5eff4 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -59,6 +59,7 @@ #include "or/networkstatus_st.h" #include "or/node_st.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #include "or/routerinfo_st.h" /* Trunnel */ diff --git a/src/test/test_pt.c b/src/test/test_pt.c index 087040506..e685ab50d 100644 --- a/src/test/test_pt.c +++ b/src/test/test_pt.c @@ -21,6 +21,8 @@ #include "lib/process/subprocess.h" #include "lib/encoding/confline.h" +#include "or/or_state_st.h" + static void reset_mp(managed_proxy_t *mp) { diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c index 804df0f14..b25a0be9a 100644 --- a/src/test/test_routerlist.c +++ b/src/test/test_routerlist.c @@ -37,6 +37,7 @@ #include "or/dir_connection_st.h" #include "or/networkstatus_st.h" #include "or/node_st.h" +#include "or/or_state_st.h" #include "or/routerstatus_st.h" #include "lib/encoding/confline.h" diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 91ae20bff..293ed6cf3 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -24,6 +24,7 @@ #include "or/dir_server_st.h" #include "or/networkstatus_st.h" +#include "or/or_state_st.h" static authority_cert_t *mock_cert; @@ -1393,4 +1394,3 @@ struct testcase_t sr_tests[] = { NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_status.c b/src/test/test_status.c index 071b3ba8a..6c694be57 100644 --- a/src/test/test_status.c +++ b/src/test/test_status.c @@ -27,6 +27,7 @@ #include "lib/tls/tortls.h" #include "or/origin_circuit_st.h" +#include "or/or_state_st.h" #include "or/routerinfo_st.h" #include "test/test.h" diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index b45673468..9ae9d4dfb 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -34,6 +34,7 @@ ENABLE_GCC_WARNING(redundant-decls) #include "lib/log/torlog.h" #include "or/config.h" #include "lib/tls/tortls.h" +#include "or/or_state_st.h" #include "test/test.h" #include "test/log_test_helpers.h"

1 0

[tor/master] Extract or_options_t from or.h
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit 13116378b1a8118e277320e377a691064e54983a Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 14:58:29 2018 -0400 Extract or_options_t from or.h I decided to have this file included from config.h, though, since it is used nearly everywhere. --- src/or/circuitmux_ewma.c | 2 +- src/or/config.h | 1 + src/or/control.h | 1 + src/or/hs_config.c | 1 + src/or/or.h | 1062 +-------------------------------------------- src/or/or_options_st.h | 1077 ++++++++++++++++++++++++++++++++++++++++++++++ src/or/policies.h | 1 + src/or/rendservice.h | 1 + 8 files changed, 1084 insertions(+), 1062 deletions(-) diff --git a/src/or/circuitmux_ewma.c b/src/or/circuitmux_ewma.c index 1ee5f1f62..d600602a7 100644 --- a/src/or/circuitmux_ewma.c +++ b/src/or/circuitmux_ewma.c @@ -39,6 +39,7 @@ #include "or/circuitmux_ewma.h" #include "lib/crypt_ops/crypto_rand.h" #include "or/networkstatus.h" +#include "or/or_options_st.h" /*** EWMA parameter #defines ***/ @@ -826,4 +827,3 @@ circuitmux_ewma_free_all(void) { ewma_ticks_initialized = 0; } - diff --git a/src/or/config.h b/src/or/config.h index 869499582..5fdf7862e 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -12,6 +12,7 @@ #ifndef TOR_CONFIG_H #define TOR_CONFIG_H +#include "or/or_options_st.h" #include "lib/testsupport/testsupport.h" #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(DARWIN) diff --git a/src/or/control.h b/src/or/control.h index 53ac87107..5c5fe8a91 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -184,6 +184,7 @@ int control_event_signal(uintptr_t signal); int init_control_cookie_authentication(int enabled); char *get_controller_cookie_file_name(void); +struct config_line_t; smartlist_t *decode_hashed_passwords(struct config_line_t *passwords); void disable_control_logging(void); void enable_control_logging(void); diff --git a/src/or/hs_config.c b/src/or/hs_config.c index 603cd6e74..cb55faa9d 100644 --- a/src/or/hs_config.c +++ b/src/or/hs_config.c @@ -30,6 +30,7 @@ #include "or/hs_service.h" #include "or/rendservice.h" #include "lib/encoding/confline.h" +#include "or/or_options_st.h" /* Using the given list of services, stage them into our global state. Every * service version are handled. This function can remove entries in the given diff --git a/src/or/or.h b/src/or/or.h index 0886517dd..4ed774389 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -981,1067 +981,7 @@ typedef struct routerset_t routerset_t; * to pick its own port. */ #define CFG_AUTO_PORT 0xc4005e -/** Enumeration of outbound address configuration types: - * Exit-only, OR-only, or both */ -typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, - OUTBOUND_ADDR_EXIT_AND_OR, - OUTBOUND_ADDR_MAX} outbound_addr_t; - -struct config_line_t; - -/** Configuration options for a Tor process. */ -typedef struct { - uint32_t magic_; - - /** What should the tor process actually do? */ - enum { - CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD, - CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG, - CMD_KEYGEN, - CMD_KEY_EXPIRATION, - } command; - char *command_arg; /**< Argument for command-line option. */ - - struct config_line_t *Logs; /**< New-style list of configuration lines - * for logs */ - int LogTimeGranularity; /**< Log resolution in milliseconds. */ - - int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which - * each log message occurs? */ - int TruncateLogFile; /**< Boolean: Should we truncate the log file - before we start writing? */ - char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */ - char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */ - - char *DebugLogFile; /**< Where to send verbose log messages. */ - char *DataDirectory_option; /**< Where to store long-term data, as - * configured by the user. */ - char *DataDirectory; /**< Where to store long-term data, as modified. */ - int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */ - - char *KeyDirectory_option; /**< Where to store keys, as - * configured by the user. */ - char *KeyDirectory; /**< Where to store keys data, as modified. */ - int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */ - - char *CacheDirectory_option; /**< Where to store cached data, as - * configured by the user. */ - char *CacheDirectory; /**< Where to store cached data, as modified. */ - int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */ - - char *Nickname; /**< OR only: nickname of this onion router. */ - char *Address; /**< OR only: configured address for this onion router. */ - char *PidFile; /**< Where to store PID of Tor process. */ - - routerset_t *ExitNodes; /**< Structure containing nicknames, digests, - * country codes and IP address patterns of ORs to - * consider as exits. */ - routerset_t *EntryNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of ORs to - * consider as entry points. */ - int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes - * are up, or we need to access a node in ExcludeNodes, - * do we just fail instead? */ - routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of ORs - * not to use in circuits. But see StrictNodes - * above. */ - routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of - * ORs not to consider as exits. */ - - /** Union of ExcludeNodes and ExcludeExitNodes */ - routerset_t *ExcludeExitNodesUnion_; - - int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our - * process for all current and future memory. */ - - struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */ - int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private - * addresses, and our own published addresses? - */ - int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local - * interface addresses? - * Includes OutboundBindAddresses and - * configured ports. */ - int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */ - struct config_line_t *SocksPolicy; /**< Lists of socks policy components */ - struct config_line_t *DirPolicy; /**< Lists of dir policy components */ - /** Local address to bind outbound sockets */ - struct config_line_t *OutboundBindAddress; - /** Local address to bind outbound relay sockets */ - struct config_line_t *OutboundBindAddressOR; - /** Local address to bind outbound exit sockets */ - struct config_line_t *OutboundBindAddressExit; - /** Addresses derived from the various OutboundBindAddress lines. - * [][0] is IPv4, [][1] is IPv6 - */ - tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; - /** Directory server only: which versions of - * Tor should we tell users to run? */ - struct config_line_t *RecommendedVersions; - struct config_line_t *RecommendedClientVersions; - struct config_line_t *RecommendedServerVersions; - struct config_line_t *RecommendedPackages; - /** Whether dirservers allow router descriptors with private IPs. */ - int DirAllowPrivateAddresses; - /** Whether routers accept EXTEND cells to routers with private IPs. */ - int ExtendAllowPrivateAddresses; - char *User; /**< Name of user to run Tor as. */ - /** Ports to listen on for OR connections. */ - struct config_line_t *ORPort_lines; - /** Ports to listen on for extended OR connections. */ - struct config_line_t *ExtORPort_lines; - /** Ports to listen on for SOCKS connections. */ - struct config_line_t *SocksPort_lines; - /** Ports to listen on for transparent pf/netfilter connections. */ - struct config_line_t *TransPort_lines; - char *TransProxyType; /**< What kind of transparent proxy - * implementation are we using? */ - /** Parsed value of TransProxyType. */ - enum { - TPT_DEFAULT, - TPT_PF_DIVERT, - TPT_IPFW, - TPT_TPROXY, - } TransProxyType_parsed; - /** Ports to listen on for transparent natd connections. */ - struct config_line_t *NATDPort_lines; - /** Ports to listen on for HTTP Tunnel connections. */ - struct config_line_t *HTTPTunnelPort_lines; - struct config_line_t *ControlPort_lines; /**< Ports to listen on for control - * connections. */ - /** List of Unix Domain Sockets to listen on for control connections. */ - struct config_line_t *ControlSocket; - - int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */ - int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */ - /** Ports to listen on for directory connections. */ - struct config_line_t *DirPort_lines; - /** Ports to listen on for DNS requests. */ - struct config_line_t *DNSPort_lines; - - /* MaxMemInQueues value as input by the user. We clean this up to be - * MaxMemInQueues. */ - uint64_t MaxMemInQueues_raw; - uint64_t MaxMemInQueues;/**< If we have more memory than this allocated - * for queues and buffers, run the OOM handler */ - /** Above this value, consider ourselves low on RAM. */ - uint64_t MaxMemInQueues_low_threshold; - - /** @name port booleans - * - * Derived booleans: For server ports and ControlPort, true iff there is a - * non-listener port on an AF_INET or AF_INET6 address of the given type - * configured in one of the _lines options above. - * For client ports, also true if there is a unix socket configured. - * If you are checking for client ports, you may want to use: - * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set || - * HTTPTunnelPort_set - * rather than SocksPort_set. - * - * @{ - */ - unsigned int ORPort_set : 1; - unsigned int SocksPort_set : 1; - unsigned int TransPort_set : 1; - unsigned int NATDPort_set : 1; - unsigned int ControlPort_set : 1; - unsigned int DirPort_set : 1; - unsigned int DNSPort_set : 1; - unsigned int ExtORPort_set : 1; - unsigned int HTTPTunnelPort_set : 1; - /**@}*/ - - int AssumeReachable; /**< Whether to publish our descriptor regardless. */ - int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ - int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory - * for version 3 directories? */ - int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative - * directory that's willing to recommend - * versions? */ - int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory - * that aggregates bridge descriptors? */ - - /** If set on a bridge relay, it will include this value on a new - * "bridge-distribution-request" line in its bridge descriptor. */ - char *BridgeDistribution; - - /** If set on a bridge authority, it will answer requests on its dirport - * for bridge statuses -- but only if the requests use this password. */ - char *BridgePassword; - /** If BridgePassword is set, this is a SHA256 digest of the basic http - * authenticator for it. Used so we can do a time-independent comparison. */ - char *BridgePassword_AuthDigest_; - - int UseBridges; /**< Boolean: should we start all circuits with a bridge? */ - struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */ - - struct config_line_t *ClientTransportPlugin; /**< List of client - transport plugins. */ - - struct config_line_t *ServerTransportPlugin; /**< List of client - transport plugins. */ - - /** List of TCP/IP addresses that transports should listen at. */ - struct config_line_t *ServerTransportListenAddr; - - /** List of options that must be passed to pluggable transports. */ - struct config_line_t *ServerTransportOptions; - - int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make - * this explicit so we can change how we behave in the - * future. */ - - /** Boolean: if we know the bridge's digest, should we get new - * descriptors from the bridge authorities or from the bridge itself? */ - int UpdateBridgesFromAuthority; - - int AvoidDiskWrites; /**< Boolean: should we never cache things to disk? - * Not used yet. */ - int ClientOnly; /**< Boolean: should we never evolve into a server role? */ - - int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections - open shorter and pad them less against - connection-level traffic analysis? */ - /** Autobool: if auto, then connection padding will be negotiated by client - * and server. If 0, it will be fully disabled. If 1, the client will still - * pad to the server regardless of server support. */ - int ConnectionPadding; - - /** To what authority types do we publish our descriptor? Choices are - * "v1", "v2", "v3", "bridge", or "". */ - smartlist_t *PublishServerDescriptor; - /** A bitfield of authority types, derived from PublishServerDescriptor. */ - dirinfo_type_t PublishServerDescriptor_; - /** Boolean: do we publish hidden service descriptors to the HS auths? */ - int PublishHidServDescriptors; - int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */ - int FetchHidServDescriptors; /**< and hidden service descriptors? */ - - int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden - * service directories after what time? */ - - int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ - int AllDirActionsPrivate; /**< Should every directory action be sent - * through a Tor circuit? */ - - /** Run in 'tor2web mode'? (I.e. only make client connections to hidden - * services, and use a single hop for all hidden-service-related - * circuits.) */ - int Tor2webMode; - - /** A routerset that should be used when picking RPs for HS circuits. */ - routerset_t *Tor2webRendezvousPoints; - - /** A routerset that should be used when picking middle nodes for HS - * circuits. */ - routerset_t *HSLayer2Nodes; - - /** A routerset that should be used when picking third-hop nodes for HS - * circuits. */ - routerset_t *HSLayer3Nodes; - - /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct) - * circuits between the onion service server, and the introduction and - * rendezvous points. (Onion service descriptors are still posted using - * 3-hop paths, to avoid onion service directories blocking the service.) - * This option makes every hidden service instance hosted by - * this tor instance a Single Onion Service. - * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be - * set to 1. - * Use rend_service_allow_non_anonymous_connection() or - * rend_service_reveal_startup_time() instead of using this option directly. - */ - int HiddenServiceSingleHopMode; - /* Makes hidden service clients and servers non-anonymous on this tor - * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables - * non-anonymous behaviour in the hidden service protocol. - * Use rend_service_non_anonymous_mode_enabled() instead of using this option - * directly. - */ - int HiddenServiceNonAnonymousMode; - - int ConnLimit; /**< Demanded minimum number of simultaneous connections. */ - int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */ - int ConnLimit_high_thresh; /**< start trying to lower socket usage if we - * have this many. */ - int ConnLimit_low_thresh; /**< try to get down to here after socket - * exhaustion. */ - int RunAsDaemon; /**< If true, run in the background. (Unix only) */ - int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */ - smartlist_t *FirewallPorts; /**< Which ports our firewall allows - * (strings). */ - /** IP:ports our firewall allows. */ - struct config_line_t *ReachableAddresses; - struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */ - struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */ - - int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */ - uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */ - - /** Whether we should drop exit streams from Tors that we don't know are - * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do - * what the consensus says, defaulting to 'refuse' if the consensus says - * nothing). */ - int RefuseUnknownExits; - - /** Application ports that require all nodes in circ to have sufficient - * uptime. */ - smartlist_t *LongLivedPorts; - /** Application ports that are likely to be unencrypted and - * unauthenticated; we reject requests for them to prevent the - * user from screwing up and leaking plaintext secrets to an - * observer somewhere on the Internet. */ - smartlist_t *RejectPlaintextPorts; - /** Related to RejectPlaintextPorts above, except this config option - * controls whether we warn (in the log and via a controller status - * event) every time a risky connection is attempted. */ - smartlist_t *WarnPlaintextPorts; - /** Should we try to reuse the same exit node for a given host */ - smartlist_t *TrackHostExits; - int TrackHostExitsExpire; /**< Number of seconds until we expire an - * addressmap */ - struct config_line_t *AddressMap; /**< List of address map directives. */ - int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a - * hostname ending with one of the suffixes in - * AutomapHostsSuffixes, map it to a - * virtual address. */ - /** List of suffixes for AutomapHostsOnResolve. The special value - * "." means "match everything." */ - smartlist_t *AutomapHostsSuffixes; - int RendPostPeriod; /**< How often do we post each rendezvous service - * descriptor? Remember to publish them independently. */ - int KeepalivePeriod; /**< How often do we send padding cells to keep - * connections alive? */ - int SocksTimeout; /**< How long do we let a socks connection wait - * unattached before we fail it? */ - int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value - * for CircuitBuildTimeout based on timeout - * history. Use circuit_build_times_disabled() - * rather than checking this value directly. */ - int CircuitBuildTimeout; /**< Cull non-open circuits that were born at - * least this many seconds ago. Used until - * adaptive algorithm learns a new value. */ - int CircuitsAvailableTimeout; /**< Try to have an open circuit for at - least this long after last activity */ - int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits - * and try a new circuit if the stream has been - * waiting for this many seconds. If zero, use - * our default internal timeout schedule. */ - int MaxOnionQueueDelay; /*< DOCDOC */ - int NewCircuitPeriod; /**< How long do we use a circuit before building - * a new one? */ - int MaxCircuitDirtiness; /**< Never use circs that were first used more than - this interval ago. */ - uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing - * to use in a second? */ - uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing - * to use in a second? */ - uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to - * tell other nodes we have? */ - uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we - * willing to use for all relayed conns? */ - uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we - * use in a second for all relayed conns? */ - uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */ - uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */ - int NumCPUs; /**< How many CPUs should we try to use? */ - struct config_line_t *RendConfigLines; /**< List of configuration lines - * for rendezvous services. */ - struct config_line_t *HidServAuth; /**< List of configuration lines for - * client-side authorizations for hidden - * services */ - char *ContactInfo; /**< Contact info to be published in the directory. */ - - int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds - * have passed. */ - int MainloopStats; /**< Log main loop statistics as part of the - * heartbeat messages. */ - - char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */ - tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */ - uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */ - char *HTTPProxyAuthenticator; /**< username:password string, if any. */ - - char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */ - tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */ - uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */ - char *HTTPSProxyAuthenticator; /**< username:password string, if any. */ - - char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */ - tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */ - uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */ - - char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */ - tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */ - uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */ - char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */ - char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */ - - /** List of configuration lines for replacement directory authorities. - * If you just want to replace one class of authority at a time, - * use the "Alternate*Authority" options below instead. */ - struct config_line_t *DirAuthorities; - - /** List of fallback directory servers */ - struct config_line_t *FallbackDir; - /** Whether to use the default hard-coded FallbackDirs */ - int UseDefaultFallbackDirs; - - /** Weight to apply to all directory authority rates if considering them - * along with fallbackdirs */ - double DirAuthorityFallbackRate; - - /** If set, use these main (currently v3) directory authorities and - * not the default ones. */ - struct config_line_t *AlternateDirAuthority; - - /** If set, use these bridge authorities and not the default one. */ - struct config_line_t *AlternateBridgeAuthority; - - struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */ - struct config_line_t *MyFamily; /**< Declared family for this OR, - normalized */ - struct config_line_t *NodeFamilies; /**< List of config lines for - * node families */ - smartlist_t *NodeFamilySets; /**< List of parsed NodeFamilies values. */ - struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to - * mark as bad exits. */ - struct config_line_t *AuthDirReject; /**< Address policy for descriptors to - * reject. */ - struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to - * never mark as valid. */ - /** @name AuthDir...CC - * - * Lists of country codes to mark as BadExit, or Invalid, or to - * reject entirely. - * - * @{ - */ - smartlist_t *AuthDirBadExitCCs; - smartlist_t *AuthDirInvalidCCs; - smartlist_t *AuthDirRejectCCs; - /**@}*/ - - int AuthDirListBadExits; /**< True iff we should list bad exits, - * and vote for all other exits as good. */ - int AuthDirMaxServersPerAddr; /**< Do not permit more than this - * number of servers per IP address. */ - int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ - int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ - - /** If non-zero, always vote the Fast flag for any relay advertising - * this amount of capacity or more. */ - uint64_t AuthDirFastGuarantee; - - /** If non-zero, this advertised capacity or more is always sufficient - * to satisfy the bandwidth requirement for the Guard flag. */ - uint64_t AuthDirGuardBWGuarantee; - - char *AccountingStart; /**< How long is the accounting interval, and when - * does it start? */ - uint64_t AccountingMax; /**< How many bytes do we allow per accounting - * interval before hibernation? 0 for "never - * hibernate." */ - /** How do we determine when our AccountingMax has been reached? - * "max" for when in or out reaches AccountingMax - * "sum" for when in plus out reaches AccountingMax - * "in" for when in reaches AccountingMax - * "out" for when out reaches AccountingMax */ - char *AccountingRule_option; - enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule; - - /** Base64-encoded hash of accepted passwords for the control system. */ - struct config_line_t *HashedControlPassword; - /** As HashedControlPassword, but not saved. */ - struct config_line_t *HashedControlSessionPassword; - - int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for - * the control system? */ - char *CookieAuthFile; /**< Filesystem location of a ControlPort - * authentication cookie. */ - char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended - * ORPort authentication cookie. */ - int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ - int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the - * ExtORPortCookieAuthFile g+r? */ - int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to - * circuits itself (0), or does it expect a controller - * to cope? (1) */ - int DisablePredictedCircuits; /**< Boolean: does Tor preemptively - * make circuits in the background (0), - * or not (1)? */ - - /** Process specifier for a controller that ‘owns’ this Tor - * instance. Tor will terminate if its owning controller does. */ - char *OwningControllerProcess; - /** FD specifier for a controller that owns this Tor instance. */ - int OwningControllerFD; - - int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how - * long do we wait before exiting? */ - char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */ - - /* Derived from SafeLogging */ - enum { - SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE - } SafeLogging_; - - int Sandbox; /**< Boolean: should sandboxing be enabled? */ - int SafeSocks; /**< Boolean: should we outright refuse application - * connections that use socks4 or socks5-with-local-dns? */ - int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor - * protocol, is it a warn or an info in our logs? */ - int TestSocks; /**< Boolean: when we get a socks connection, do we loudly - * log whether it was DNS-leaking or not? */ - int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware - * acceleration where available? */ - /** Token Bucket Refill resolution in milliseconds. */ - int TokenBucketRefillInterval; - char *AccelName; /**< Optional hardware acceleration engine name. */ - char *AccelDir; /**< Optional hardware acceleration engine search dir. */ - - /** Boolean: Do we try to enter from a smallish number - * of fixed nodes? */ - int UseEntryGuards_option; - /** Internal variable to remember whether we're actually acting on - * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or - * Single Onion Service, it is always false, otherwise we use the value of - * UseEntryGuards_option. */ - int UseEntryGuards; - - int NumEntryGuards; /**< How many entry guards do we try to establish? */ - - /** If 1, we use any guardfraction information we see in the - * consensus. If 0, we don't. If -1, let the consensus parameter - * decide. */ - int UseGuardFraction; - - int NumDirectoryGuards; /**< How many dir guards do we try to establish? - * If 0, use value from NumEntryGuards. */ - int NumPrimaryGuards; /**< How many primary guards do we want? */ - - int RephistTrackTime; /**< How many seconds do we keep rephist info? */ - /** Should we always fetch our dir info on the mirror schedule (which - * means directly from the authorities) no matter our other config? */ - int FetchDirInfoEarly; - - /** Should we fetch our dir info at the start of the consensus period? */ - int FetchDirInfoExtraEarly; - - int DirCache; /**< Cache all directory documents and accept requests via - * tunnelled dir conns from clients. If 1, enabled (default); - * If 0, disabled. */ - - char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual - * MAPADDRESS requests for IPv4 addresses */ - char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual - * MAPADDRESS requests for IPv6 addresses */ - int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit - * addresses to be FQDNs, but rather search for them in - * the local domains. */ - int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure - * hijacking. */ - int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent - * DNS poisoning attacks. */ - char *ServerDNSResolvConfFile; /**< If provided, we configure our internal - * resolver from the file here rather than from - * /etc/resolv.conf (Unix) or the registry (Windows). */ - char *DirPortFrontPage; /**< This is a full path to a file with an html - disclaimer. This allows a server administrator to show - that they're running Tor and anyone visiting their server - will know this without any specialized knowledge. */ - int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to - disable ptrace; needs BSD testing. */ - /** Boolean: if set, we start even if our resolv.conf file is missing - * or broken. */ - int ServerDNSAllowBrokenConfig; - /** Boolean: if set, then even connections to private addresses will get - * rate-limited. */ - int CountPrivateBandwidth; - smartlist_t *ServerDNSTestAddresses; /**< A list of addresses that definitely - * should be resolvable. Used for - * testing our DNS server. */ - int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the - * same network zone in the same circuit. */ - int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames - * with weird characters. */ - /** If true, we try resolving hostnames with weird characters. */ - int ServerDNSAllowNonRFC953Hostnames; - - /** If true, we try to download extra-info documents (and we serve them, - * if we are a cache). For authorities, this is always true. */ - int DownloadExtraInfo; - - /** If true, we're configured to collect statistics on clients - * requesting network statuses from us as directory. */ - int DirReqStatistics_option; - /** Internal variable to remember whether we're actually acting on - * DirReqStatistics_option -- yes if it's set and we're a server, else no. */ - int DirReqStatistics; - - /** If true, the user wants us to collect statistics on port usage. */ - int ExitPortStatistics; - - /** If true, the user wants us to collect connection statistics. */ - int ConnDirectionStatistics; - - /** If true, the user wants us to collect cell statistics. */ - int CellStatistics; - - /** If true, the user wants us to collect padding statistics. */ - int PaddingStatistics; - - /** If true, the user wants us to collect statistics as entry node. */ - int EntryStatistics; - - /** If true, the user wants us to collect statistics as hidden service - * directory, introduction point, or rendezvous point. */ - int HiddenServiceStatistics_option; - /** Internal variable to remember whether we're actually acting on - * HiddenServiceStatistics_option -- yes if it's set and we're a server, - * else no. */ - int HiddenServiceStatistics; - - /** If true, include statistics file contents in extra-info documents. */ - int ExtraInfoStatistics; - - /** If true, do not believe anybody who tells us that a domain resolves - * to an internal address, or that an internal address has a PTR mapping. - * Helps avoid some cross-site attacks. */ - int ClientDNSRejectInternalAddresses; - - /** If true, do not accept any requests to connect to internal addresses - * over randomly chosen exits. */ - int ClientRejectInternalAddresses; - - /** If true, clients may connect over IPv4. If false, they will avoid - * connecting over IPv4. We enforce this for OR and Dir connections. */ - int ClientUseIPv4; - /** If true, clients may connect over IPv6. If false, they will avoid - * connecting over IPv4. We enforce this for OR and Dir connections. - * Use fascist_firewall_use_ipv6() instead of accessing this value - * directly. */ - int ClientUseIPv6; - /** If true, prefer an IPv6 OR port over an IPv4 one for entry node - * connections. If auto, bridge clients prefer IPv6, and other clients - * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value - * directly. */ - int ClientPreferIPv6ORPort; - /** If true, prefer an IPv6 directory port over an IPv4 one for direct - * directory connections. If auto, bridge clients prefer IPv6, and other - * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of - * accessing this value directly. */ - int ClientPreferIPv6DirPort; - - /** The length of time that we think a consensus should be fresh. */ - int V3AuthVotingInterval; - /** The length of time we think it will take to distribute votes. */ - int V3AuthVoteDelay; - /** The length of time we think it will take to distribute signatures. */ - int V3AuthDistDelay; - /** The number of intervals we think a consensus should be valid. */ - int V3AuthNIntervalsValid; - - /** Should advertise and sign consensuses with a legacy key, for key - * migration purposes? */ - int V3AuthUseLegacyKey; - - /** Location of bandwidth measurement file */ - char *V3BandwidthsFile; - - /** Location of guardfraction file */ - char *GuardfractionFile; - - /** Authority only: key=value pairs that we add to our networkstatus - * consensus vote on the 'params' line. */ - char *ConsensusParams; - - /** Authority only: minimum number of measured bandwidths we must see - * before we only believe measured bandwidths to assign flags. */ - int MinMeasuredBWsForAuthToIgnoreAdvertised; - - /** The length of time that we think an initial consensus should be fresh. - * Only altered on testing networks. */ - int TestingV3AuthInitialVotingInterval; - - /** The length of time we think it will take to distribute initial votes. - * Only altered on testing networks. */ - int TestingV3AuthInitialVoteDelay; - - /** The length of time we think it will take to distribute initial - * signatures. Only altered on testing networks.*/ - int TestingV3AuthInitialDistDelay; - - /** Offset in seconds added to the starting time for consensus - voting. Only altered on testing networks. */ - int TestingV3AuthVotingStartOffset; - - /** If an authority has been around for less than this amount of time, it - * does not believe its reachability information is accurate. Only - * altered on testing networks. */ - int TestingAuthDirTimeToLearnReachability; - - /** Clients don't download any descriptor this recent, since it will - * probably not have propagated to enough caches. Only altered on testing - * networks. */ - int TestingEstimatedDescriptorPropagationTime; - - /** Schedule for when servers should download things in general. Only - * altered on testing networks. */ - int TestingServerDownloadInitialDelay; - - /** Schedule for when clients should download things in general. Only - * altered on testing networks. */ - int TestingClientDownloadInitialDelay; - - /** Schedule for when servers should download consensuses. Only altered - * on testing networks. */ - int TestingServerConsensusDownloadInitialDelay; - - /** Schedule for when clients should download consensuses. Only altered - * on testing networks. */ - int TestingClientConsensusDownloadInitialDelay; - - /** Schedule for when clients should download consensuses from authorities - * if they are bootstrapping (that is, they don't have a usable, reasonably - * live consensus). Only used by clients fetching from a list of fallback - * directory mirrors. - * - * This schedule is incremented by (potentially concurrent) connection - * attempts, unlike other schedules, which are incremented by connection - * failures. Only altered on testing networks. */ - int ClientBootstrapConsensusAuthorityDownloadInitialDelay; - - /** Schedule for when clients should download consensuses from fallback - * directory mirrors if they are bootstrapping (that is, they don't have a - * usable, reasonably live consensus). Only used by clients fetching from a - * list of fallback directory mirrors. - * - * This schedule is incremented by (potentially concurrent) connection - * attempts, unlike other schedules, which are incremented by connection - * failures. Only altered on testing networks. */ - int ClientBootstrapConsensusFallbackDownloadInitialDelay; - - /** Schedule for when clients should download consensuses from authorities - * if they are bootstrapping (that is, they don't have a usable, reasonably - * live consensus). Only used by clients which don't have or won't fetch - * from a list of fallback directory mirrors. - * - * This schedule is incremented by (potentially concurrent) connection - * attempts, unlike other schedules, which are incremented by connection - * failures. Only altered on testing networks. */ - int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay; - - /** Schedule for when clients should download bridge descriptors. Only - * altered on testing networks. */ - int TestingBridgeDownloadInitialDelay; - - /** Schedule for when clients should download bridge descriptors when they - * have no running bridges. Only altered on testing networks. */ - int TestingBridgeBootstrapDownloadInitialDelay; - - /** When directory clients have only a few descriptors to request, they - * batch them until they have more, or until this amount of time has - * passed. Only altered on testing networks. */ - int TestingClientMaxIntervalWithoutRequest; - - /** How long do we let a directory connection stall before expiring - * it? Only altered on testing networks. */ - int TestingDirConnectionMaxStall; - - /** How many simultaneous in-progress connections will we make when trying - * to fetch a consensus before we wait for one to complete, timeout, or - * error out? Only altered on testing networks. */ - int ClientBootstrapConsensusMaxInProgressTries; - - /** If true, we take part in a testing network. Change the defaults of a - * couple of other configuration options and allow to change the values - * of certain configuration options. */ - int TestingTorNetwork; - - /** Minimum value for the Exit flag threshold on testing networks. */ - uint64_t TestingMinExitFlagThreshold; - - /** Minimum value for the Fast flag threshold on testing networks. */ - uint64_t TestingMinFastFlagThreshold; - - /** Relays in a testing network which should be voted Exit - * regardless of exit policy. */ - routerset_t *TestingDirAuthVoteExit; - int TestingDirAuthVoteExitIsStrict; - - /** Relays in a testing network which should be voted Guard - * regardless of uptime and bandwidth. */ - routerset_t *TestingDirAuthVoteGuard; - int TestingDirAuthVoteGuardIsStrict; - - /** Relays in a testing network which should be voted HSDir - * regardless of uptime and DirPort. */ - routerset_t *TestingDirAuthVoteHSDir; - int TestingDirAuthVoteHSDirIsStrict; - - /** Enable CONN_BW events. Only altered on testing networks. */ - int TestingEnableConnBwEvent; - - /** Enable CELL_STATS events. Only altered on testing networks. */ - int TestingEnableCellStatsEvent; - - /** If true, and we have GeoIP data, and we're a bridge, keep a per-country - * count of how many client addresses have contacted us so that we can help - * the bridge authority guess which countries have blocked access to us. */ - int BridgeRecordUsageByCountry; - - /** Optionally, IPv4 and IPv6 GeoIP data. */ - char *GeoIPFile; - char *GeoIPv6File; - - /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular - * country code will exclude all nodes in ?? and A1. If true, all nodes in - * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */ - int GeoIPExcludeUnknown; - - /** If true, SIGHUP should reload the torrc. Sometimes controllers want - * to make this false. */ - int ReloadTorrcOnSIGHUP; - - /* The main parameter for picking circuits within a connection. - * - * If this value is positive, when picking a cell to relay on a connection, - * we always relay from the circuit whose weighted cell count is lowest. - * Cells are weighted exponentially such that if one cell is sent - * 'CircuitPriorityHalflife' seconds before another, it counts for half as - * much. - * - * If this value is zero, we're disabling the cell-EWMA algorithm. - * - * If this value is negative, we're using the default approach - * according to either Tor or a parameter set in the consensus. - */ - double CircuitPriorityHalflife; - - /** Set to true if the TestingTorNetwork configuration option is set. - * This is used so that options_validate() has a chance to realize that - * the defaults have changed. */ - int UsingTestNetworkDefaults_; - - /** If 1, we try to use microdescriptors to build circuits. If 0, we don't. - * If -1, Tor decides. */ - int UseMicrodescriptors; - - /** File where we should write the ControlPort. */ - char *ControlPortWriteToFile; - /** Should that file be group-readable? */ - int ControlPortFileGroupReadable; - -#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024 - /** Maximum number of non-open general-purpose origin circuits to allow at - * once. */ - int MaxClientCircuitsPending; - - /** If 1, we always send optimistic data when it's supported. If 0, we - * never use it. If -1, we do what the consensus says. */ - int OptimisticData; - - /** If 1, we accept and launch no external network connections, except on - * control ports. */ - int DisableNetwork; - - /** - * Parameters for path-bias detection. - * @{ - * These options override the default behavior of Tor's (**currently - * experimental**) path bias detection algorithm. To try to find broken or - * misbehaving guard nodes, Tor looks for nodes where more than a certain - * fraction of circuits through that guard fail to get built. - * - * The PathBiasCircThreshold option controls how many circuits we need to - * build through a guard before we make these checks. The - * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options - * control what fraction of circuits must succeed through a guard so we - * won't write log messages. If less than PathBiasExtremeRate circuits - * succeed *and* PathBiasDropGuards is set to 1, we disable use of that - * guard. - * - * When we have seen more than PathBiasScaleThreshold circuits through a - * guard, we scale our observations by 0.5 (governed by the consensus) so - * that new observations don't get swamped by old ones. - * - * By default, or if a negative value is provided for one of these options, - * Tor uses reasonable defaults from the networkstatus consensus document. - * If no defaults are available there, these options default to 150, .70, - * .50, .30, 0, and 300 respectively. - */ - int PathBiasCircThreshold; - double PathBiasNoticeRate; - double PathBiasWarnRate; - double PathBiasExtremeRate; - int PathBiasDropGuards; - int PathBiasScaleThreshold; - /** @} */ - - /** - * Parameters for path-bias use detection - * @{ - * Similar to the above options, these options override the default behavior - * of Tor's (**currently experimental**) path use bias detection algorithm. - * - * Where as the path bias parameters govern thresholds for successfully - * building circuits, these four path use bias parameters govern thresholds - * only for circuit usage. Circuits which receive no stream usage are not - * counted by this detection algorithm. A used circuit is considered - * successful if it is capable of carrying streams or otherwise receiving - * well-formed responses to RELAY cells. - * - * By default, or if a negative value is provided for one of these options, - * Tor uses reasonable defaults from the networkstatus consensus document. - * If no defaults are available there, these options default to 20, .80, - * .60, and 100, respectively. - */ - int PathBiasUseThreshold; - double PathBiasNoticeUseRate; - double PathBiasExtremeUseRate; - int PathBiasScaleUseThreshold; - /** @} */ - - int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */ - - /** Fraction: */ - double PathsNeededToBuildCircuits; - - /** What expiry time shall we place on our SSL certs? "0" means we - * should guess a suitable value. */ - int SSLKeyLifetime; - - /** How long (seconds) do we keep a guard before picking a new one? */ - int GuardLifetime; - - /** Is this an exit node? This is a tristate, where "1" means "yes, and use - * the default exit policy if none is given" and "0" means "no; exit policy - * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user." - * - * XXXX Eventually, the default will be 0. */ - int ExitRelay; - - /** For how long (seconds) do we declare our signing keys to be valid? */ - int SigningKeyLifetime; - /** For how long (seconds) do we declare our link keys to be valid? */ - int TestingLinkCertLifetime; - /** For how long (seconds) do we declare our auth keys to be valid? */ - int TestingAuthKeyLifetime; - - /** How long before signing keys expire will we try to make a new one? */ - int TestingSigningKeySlop; - /** How long before link keys expire will we try to make a new one? */ - int TestingLinkKeySlop; - /** How long before auth keys expire will we try to make a new one? */ - int TestingAuthKeySlop; - - /** Force use of offline master key features: never generate a master - * ed25519 identity key except from tor --keygen */ - int OfflineMasterKey; - - enum { - FORCE_PASSPHRASE_AUTO=0, - FORCE_PASSPHRASE_ON, - FORCE_PASSPHRASE_OFF - } keygen_force_passphrase; - int use_keygen_passphrase_fd; - int keygen_passphrase_fd; - int change_key_passphrase; - char *master_key_fname; - - /** Autobool: Do we try to retain capabilities if we can? */ - int KeepBindCapabilities; - - /** Maximum total size of unparseable descriptors to log during the - * lifetime of this Tor process. - */ - uint64_t MaxUnparseableDescSizeToLog; - - /** Bool (default: 1): Switch for the shared random protocol. Only - * relevant to a directory authority. If off, the authority won't - * participate in the protocol. If on (default), a flag is added to the - * vote indicating participation. */ - int AuthDirSharedRandomness; - - /** If 1, we skip all OOS checks. */ - int DisableOOSCheck; - - /** Autobool: Should we include Ed25519 identities in extend2 cells? - * If -1, we should do whatever the consensus parameter says. */ - int ExtendByEd25519ID; - - /** Bool (default: 1): When testing routerinfos as a directory authority, - * do we enforce Ed25519 identity match? */ - /* NOTE: remove this option someday. */ - int AuthDirTestEd25519LinkKeys; - - /** Bool (default: 0): Tells if a %include was used on torrc */ - int IncludeUsed; - - /** The seconds after expiration which we as a relay should keep old - * consensuses around so that we can generate diffs from them. If 0, - * use the default. */ - int MaxConsensusAgeForDiffs; - - /** Bool (default: 0). Tells Tor to never try to exec another program. - */ - int NoExec; - - /** Have the KIST scheduler run every X milliseconds. If less than zero, do - * not use the KIST scheduler but use the old vanilla scheduler instead. If - * zero, do what the consensus says and fall back to using KIST as if this is - * set to "10 msec" if the consensus doesn't say anything. */ - int KISTSchedRunInterval; - - /** A multiplier for the KIST per-socket limit calculation. */ - double KISTSockBufSizeFactor; - - /** The list of scheduler type string ordered by priority that is first one - * has to be tried first. Default: KIST,KISTLite,Vanilla */ - smartlist_t *Schedulers; - /* An ordered list of scheduler_types mapped from Schedulers. */ - smartlist_t *SchedulerTypes_; - - /** List of files that were opened by %include in torrc and torrc-defaults */ - smartlist_t *FilesOpenedByIncludes; - - /** If true, Tor shouldn't install any posix signal handlers, since it is - * running embedded inside another process. - */ - int DisableSignalHandlers; - - /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */ - int DoSCircuitCreationEnabled; - /** Minimum concurrent connection needed from one single address before any - * defense is used. */ - int DoSCircuitCreationMinConnections; - /** Circuit rate used to refill the token bucket. */ - int DoSCircuitCreationRate; - /** Maximum allowed burst of circuits. Reaching that value, the address is - * detected as malicious and a defense might be used. */ - int DoSCircuitCreationBurst; - /** When an address is marked as malicous, what defense should be used - * against it. See the dos_cc_defense_type_t enum. */ - int DoSCircuitCreationDefenseType; - /** For how much time (in seconds) the defense is applicable for a malicious - * address. A random time delta is added to the defense time of an address - * which will be between 1 second and half of this value. */ - int DoSCircuitCreationDefenseTimePeriod; - - /** Autobool: Is the DoS connection mitigation subsystem enabled? */ - int DoSConnectionEnabled; - /** Maximum concurrent connection allowed per address. */ - int DoSConnectionMaxConcurrentCount; - /** When an address is reaches the maximum count, what defense should be - * used against it. See the dos_conn_defense_type_t enum. */ - int DoSConnectionDefenseType; - - /** Autobool: Do we refuse single hop client rendezvous? */ - int DoSRefuseSingleHopClientRendezvous; -} or_options_t; +typedef struct or_options_t or_options_t; #define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level()) diff --git a/src/or/or_options_st.h b/src/or/or_options_st.h new file mode 100644 index 000000000..0c0c5d32b --- /dev/null +++ b/src/or/or_options_st.h @@ -0,0 +1,1077 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_OR_OPTIONS_ST_H +#define TOR_OR_OPTIONS_ST_H + +#include "lib/cc/torint.h" +#include "lib/net/address.h" + +struct smartlist_t; +struct config_line_t; + +/** Enumeration of outbound address configuration types: + * Exit-only, OR-only, or both */ +typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, + OUTBOUND_ADDR_EXIT_AND_OR, + OUTBOUND_ADDR_MAX} outbound_addr_t; + +/** Configuration options for a Tor process. */ +struct or_options_t { + uint32_t magic_; + + /** What should the tor process actually do? */ + enum { + CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD, + CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG, + CMD_KEYGEN, + CMD_KEY_EXPIRATION, + } command; + char *command_arg; /**< Argument for command-line option. */ + + struct config_line_t *Logs; /**< New-style list of configuration lines + * for logs */ + int LogTimeGranularity; /**< Log resolution in milliseconds. */ + + int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which + * each log message occurs? */ + int TruncateLogFile; /**< Boolean: Should we truncate the log file + before we start writing? */ + char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */ + char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */ + + char *DebugLogFile; /**< Where to send verbose log messages. */ + char *DataDirectory_option; /**< Where to store long-term data, as + * configured by the user. */ + char *DataDirectory; /**< Where to store long-term data, as modified. */ + int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */ + + char *KeyDirectory_option; /**< Where to store keys, as + * configured by the user. */ + char *KeyDirectory; /**< Where to store keys data, as modified. */ + int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */ + + char *CacheDirectory_option; /**< Where to store cached data, as + * configured by the user. */ + char *CacheDirectory; /**< Where to store cached data, as modified. */ + int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */ + + char *Nickname; /**< OR only: nickname of this onion router. */ + char *Address; /**< OR only: configured address for this onion router. */ + char *PidFile; /**< Where to store PID of Tor process. */ + + routerset_t *ExitNodes; /**< Structure containing nicknames, digests, + * country codes and IP address patterns of ORs to + * consider as exits. */ + routerset_t *EntryNodes;/**< Structure containing nicknames, digests, + * country codes and IP address patterns of ORs to + * consider as entry points. */ + int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes + * are up, or we need to access a node in ExcludeNodes, + * do we just fail instead? */ + routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests, + * country codes and IP address patterns of ORs + * not to use in circuits. But see StrictNodes + * above. */ + routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests, + * country codes and IP address patterns of + * ORs not to consider as exits. */ + + /** Union of ExcludeNodes and ExcludeExitNodes */ + routerset_t *ExcludeExitNodesUnion_; + + int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our + * process for all current and future memory. */ + + struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */ + int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private + * addresses, and our own published addresses? + */ + int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local + * interface addresses? + * Includes OutboundBindAddresses and + * configured ports. */ + int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */ + struct config_line_t *SocksPolicy; /**< Lists of socks policy components */ + struct config_line_t *DirPolicy; /**< Lists of dir policy components */ + /** Local address to bind outbound sockets */ + struct config_line_t *OutboundBindAddress; + /** Local address to bind outbound relay sockets */ + struct config_line_t *OutboundBindAddressOR; + /** Local address to bind outbound exit sockets */ + struct config_line_t *OutboundBindAddressExit; + /** Addresses derived from the various OutboundBindAddress lines. + * [][0] is IPv4, [][1] is IPv6 + */ + tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; + /** Directory server only: which versions of + * Tor should we tell users to run? */ + struct config_line_t *RecommendedVersions; + struct config_line_t *RecommendedClientVersions; + struct config_line_t *RecommendedServerVersions; + struct config_line_t *RecommendedPackages; + /** Whether dirservers allow router descriptors with private IPs. */ + int DirAllowPrivateAddresses; + /** Whether routers accept EXTEND cells to routers with private IPs. */ + int ExtendAllowPrivateAddresses; + char *User; /**< Name of user to run Tor as. */ + /** Ports to listen on for OR connections. */ + struct config_line_t *ORPort_lines; + /** Ports to listen on for extended OR connections. */ + struct config_line_t *ExtORPort_lines; + /** Ports to listen on for SOCKS connections. */ + struct config_line_t *SocksPort_lines; + /** Ports to listen on for transparent pf/netfilter connections. */ + struct config_line_t *TransPort_lines; + char *TransProxyType; /**< What kind of transparent proxy + * implementation are we using? */ + /** Parsed value of TransProxyType. */ + enum { + TPT_DEFAULT, + TPT_PF_DIVERT, + TPT_IPFW, + TPT_TPROXY, + } TransProxyType_parsed; + /** Ports to listen on for transparent natd connections. */ + struct config_line_t *NATDPort_lines; + /** Ports to listen on for HTTP Tunnel connections. */ + struct config_line_t *HTTPTunnelPort_lines; + struct config_line_t *ControlPort_lines; /**< Ports to listen on for control + * connections. */ + /** List of Unix Domain Sockets to listen on for control connections. */ + struct config_line_t *ControlSocket; + + int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */ + int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */ + /** Ports to listen on for directory connections. */ + struct config_line_t *DirPort_lines; + /** Ports to listen on for DNS requests. */ + struct config_line_t *DNSPort_lines; + + /* MaxMemInQueues value as input by the user. We clean this up to be + * MaxMemInQueues. */ + uint64_t MaxMemInQueues_raw; + uint64_t MaxMemInQueues;/**< If we have more memory than this allocated + * for queues and buffers, run the OOM handler */ + /** Above this value, consider ourselves low on RAM. */ + uint64_t MaxMemInQueues_low_threshold; + + /** @name port booleans + * + * Derived booleans: For server ports and ControlPort, true iff there is a + * non-listener port on an AF_INET or AF_INET6 address of the given type + * configured in one of the _lines options above. + * For client ports, also true if there is a unix socket configured. + * If you are checking for client ports, you may want to use: + * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set || + * HTTPTunnelPort_set + * rather than SocksPort_set. + * + * @{ + */ + unsigned int ORPort_set : 1; + unsigned int SocksPort_set : 1; + unsigned int TransPort_set : 1; + unsigned int NATDPort_set : 1; + unsigned int ControlPort_set : 1; + unsigned int DirPort_set : 1; + unsigned int DNSPort_set : 1; + unsigned int ExtORPort_set : 1; + unsigned int HTTPTunnelPort_set : 1; + /**@}*/ + + int AssumeReachable; /**< Whether to publish our descriptor regardless. */ + int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ + int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory + * for version 3 directories? */ + int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative + * directory that's willing to recommend + * versions? */ + int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory + * that aggregates bridge descriptors? */ + + /** If set on a bridge relay, it will include this value on a new + * "bridge-distribution-request" line in its bridge descriptor. */ + char *BridgeDistribution; + + /** If set on a bridge authority, it will answer requests on its dirport + * for bridge statuses -- but only if the requests use this password. */ + char *BridgePassword; + /** If BridgePassword is set, this is a SHA256 digest of the basic http + * authenticator for it. Used so we can do a time-independent comparison. */ + char *BridgePassword_AuthDigest_; + + int UseBridges; /**< Boolean: should we start all circuits with a bridge? */ + struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */ + + struct config_line_t *ClientTransportPlugin; /**< List of client + transport plugins. */ + + struct config_line_t *ServerTransportPlugin; /**< List of client + transport plugins. */ + + /** List of TCP/IP addresses that transports should listen at. */ + struct config_line_t *ServerTransportListenAddr; + + /** List of options that must be passed to pluggable transports. */ + struct config_line_t *ServerTransportOptions; + + int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make + * this explicit so we can change how we behave in the + * future. */ + + /** Boolean: if we know the bridge's digest, should we get new + * descriptors from the bridge authorities or from the bridge itself? */ + int UpdateBridgesFromAuthority; + + int AvoidDiskWrites; /**< Boolean: should we never cache things to disk? + * Not used yet. */ + int ClientOnly; /**< Boolean: should we never evolve into a server role? */ + + int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections + open shorter and pad them less against + connection-level traffic analysis? */ + /** Autobool: if auto, then connection padding will be negotiated by client + * and server. If 0, it will be fully disabled. If 1, the client will still + * pad to the server regardless of server support. */ + int ConnectionPadding; + + /** To what authority types do we publish our descriptor? Choices are + * "v1", "v2", "v3", "bridge", or "". */ + struct smartlist_t *PublishServerDescriptor; + /** A bitfield of authority types, derived from PublishServerDescriptor. */ + dirinfo_type_t PublishServerDescriptor_; + /** Boolean: do we publish hidden service descriptors to the HS auths? */ + int PublishHidServDescriptors; + int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */ + int FetchHidServDescriptors; /**< and hidden service descriptors? */ + + int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden + * service directories after what time? */ + + int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ + int AllDirActionsPrivate; /**< Should every directory action be sent + * through a Tor circuit? */ + + /** Run in 'tor2web mode'? (I.e. only make client connections to hidden + * services, and use a single hop for all hidden-service-related + * circuits.) */ + int Tor2webMode; + + /** A routerset that should be used when picking RPs for HS circuits. */ + routerset_t *Tor2webRendezvousPoints; + + /** A routerset that should be used when picking middle nodes for HS + * circuits. */ + routerset_t *HSLayer2Nodes; + + /** A routerset that should be used when picking third-hop nodes for HS + * circuits. */ + routerset_t *HSLayer3Nodes; + + /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct) + * circuits between the onion service server, and the introduction and + * rendezvous points. (Onion service descriptors are still posted using + * 3-hop paths, to avoid onion service directories blocking the service.) + * This option makes every hidden service instance hosted by + * this tor instance a Single Onion Service. + * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be + * set to 1. + * Use rend_service_allow_non_anonymous_connection() or + * rend_service_reveal_startup_time() instead of using this option directly. + */ + int HiddenServiceSingleHopMode; + /* Makes hidden service clients and servers non-anonymous on this tor + * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables + * non-anonymous behaviour in the hidden service protocol. + * Use rend_service_non_anonymous_mode_enabled() instead of using this option + * directly. + */ + int HiddenServiceNonAnonymousMode; + + int ConnLimit; /**< Demanded minimum number of simultaneous connections. */ + int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */ + int ConnLimit_high_thresh; /**< start trying to lower socket usage if we + * have this many. */ + int ConnLimit_low_thresh; /**< try to get down to here after socket + * exhaustion. */ + int RunAsDaemon; /**< If true, run in the background. (Unix only) */ + int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */ + struct smartlist_t *FirewallPorts; /**< Which ports our firewall allows + * (strings). */ + /** IP:ports our firewall allows. */ + struct config_line_t *ReachableAddresses; + struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */ + struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */ + + int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */ + uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */ + + /** Whether we should drop exit streams from Tors that we don't know are + * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do + * what the consensus says, defaulting to 'refuse' if the consensus says + * nothing). */ + int RefuseUnknownExits; + + /** Application ports that require all nodes in circ to have sufficient + * uptime. */ + struct smartlist_t *LongLivedPorts; + /** Application ports that are likely to be unencrypted and + * unauthenticated; we reject requests for them to prevent the + * user from screwing up and leaking plaintext secrets to an + * observer somewhere on the Internet. */ + struct smartlist_t *RejectPlaintextPorts; + /** Related to RejectPlaintextPorts above, except this config option + * controls whether we warn (in the log and via a controller status + * event) every time a risky connection is attempted. */ + struct smartlist_t *WarnPlaintextPorts; + /** Should we try to reuse the same exit node for a given host */ + struct smartlist_t *TrackHostExits; + int TrackHostExitsExpire; /**< Number of seconds until we expire an + * addressmap */ + struct config_line_t *AddressMap; /**< List of address map directives. */ + int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a + * hostname ending with one of the suffixes in + * AutomapHostsSuffixes, map it to a + * virtual address. */ + /** List of suffixes for AutomapHostsOnResolve. The special value + * "." means "match everything." */ + struct smartlist_t *AutomapHostsSuffixes; + int RendPostPeriod; /**< How often do we post each rendezvous service + * descriptor? Remember to publish them independently. */ + int KeepalivePeriod; /**< How often do we send padding cells to keep + * connections alive? */ + int SocksTimeout; /**< How long do we let a socks connection wait + * unattached before we fail it? */ + int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value + * for CircuitBuildTimeout based on timeout + * history. Use circuit_build_times_disabled() + * rather than checking this value directly. */ + int CircuitBuildTimeout; /**< Cull non-open circuits that were born at + * least this many seconds ago. Used until + * adaptive algorithm learns a new value. */ + int CircuitsAvailableTimeout; /**< Try to have an open circuit for at + least this long after last activity */ + int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits + * and try a new circuit if the stream has been + * waiting for this many seconds. If zero, use + * our default internal timeout schedule. */ + int MaxOnionQueueDelay; /*< DOCDOC */ + int NewCircuitPeriod; /**< How long do we use a circuit before building + * a new one? */ + int MaxCircuitDirtiness; /**< Never use circs that were first used more than + this interval ago. */ + uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing + * to use in a second? */ + uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing + * to use in a second? */ + uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to + * tell other nodes we have? */ + uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we + * willing to use for all relayed conns? */ + uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we + * use in a second for all relayed conns? */ + uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */ + uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */ + int NumCPUs; /**< How many CPUs should we try to use? */ + struct config_line_t *RendConfigLines; /**< List of configuration lines + * for rendezvous services. */ + struct config_line_t *HidServAuth; /**< List of configuration lines for + * client-side authorizations for hidden + * services */ + char *ContactInfo; /**< Contact info to be published in the directory. */ + + int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds + * have passed. */ + int MainloopStats; /**< Log main loop statistics as part of the + * heartbeat messages. */ + + char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */ + tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */ + uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */ + char *HTTPProxyAuthenticator; /**< username:password string, if any. */ + + char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */ + tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */ + uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */ + char *HTTPSProxyAuthenticator; /**< username:password string, if any. */ + + char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */ + tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */ + uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */ + + char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */ + tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */ + uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */ + char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */ + char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */ + + /** List of configuration lines for replacement directory authorities. + * If you just want to replace one class of authority at a time, + * use the "Alternate*Authority" options below instead. */ + struct config_line_t *DirAuthorities; + + /** List of fallback directory servers */ + struct config_line_t *FallbackDir; + /** Whether to use the default hard-coded FallbackDirs */ + int UseDefaultFallbackDirs; + + /** Weight to apply to all directory authority rates if considering them + * along with fallbackdirs */ + double DirAuthorityFallbackRate; + + /** If set, use these main (currently v3) directory authorities and + * not the default ones. */ + struct config_line_t *AlternateDirAuthority; + + /** If set, use these bridge authorities and not the default one. */ + struct config_line_t *AlternateBridgeAuthority; + + struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */ + struct config_line_t *MyFamily; /**< Declared family for this OR, + normalized */ + struct config_line_t *NodeFamilies; /**< List of config lines for + * node families */ + /** List of parsed NodeFamilies values. */ + struct smartlist_t *NodeFamilySets; + struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to + * mark as bad exits. */ + struct config_line_t *AuthDirReject; /**< Address policy for descriptors to + * reject. */ + struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to + * never mark as valid. */ + /** @name AuthDir...CC + * + * Lists of country codes to mark as BadExit, or Invalid, or to + * reject entirely. + * + * @{ + */ + struct smartlist_t *AuthDirBadExitCCs; + struct smartlist_t *AuthDirInvalidCCs; + struct smartlist_t *AuthDirRejectCCs; + /**@}*/ + + int AuthDirListBadExits; /**< True iff we should list bad exits, + * and vote for all other exits as good. */ + int AuthDirMaxServersPerAddr; /**< Do not permit more than this + * number of servers per IP address. */ + int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ + int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ + + /** If non-zero, always vote the Fast flag for any relay advertising + * this amount of capacity or more. */ + uint64_t AuthDirFastGuarantee; + + /** If non-zero, this advertised capacity or more is always sufficient + * to satisfy the bandwidth requirement for the Guard flag. */ + uint64_t AuthDirGuardBWGuarantee; + + char *AccountingStart; /**< How long is the accounting interval, and when + * does it start? */ + uint64_t AccountingMax; /**< How many bytes do we allow per accounting + * interval before hibernation? 0 for "never + * hibernate." */ + /** How do we determine when our AccountingMax has been reached? + * "max" for when in or out reaches AccountingMax + * "sum" for when in plus out reaches AccountingMax + * "in" for when in reaches AccountingMax + * "out" for when out reaches AccountingMax */ + char *AccountingRule_option; + enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule; + + /** Base64-encoded hash of accepted passwords for the control system. */ + struct config_line_t *HashedControlPassword; + /** As HashedControlPassword, but not saved. */ + struct config_line_t *HashedControlSessionPassword; + + int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for + * the control system? */ + char *CookieAuthFile; /**< Filesystem location of a ControlPort + * authentication cookie. */ + char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended + * ORPort authentication cookie. */ + int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ + int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the + * ExtORPortCookieAuthFile g+r? */ + int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to + * circuits itself (0), or does it expect a controller + * to cope? (1) */ + int DisablePredictedCircuits; /**< Boolean: does Tor preemptively + * make circuits in the background (0), + * or not (1)? */ + + /** Process specifier for a controller that ‘owns’ this Tor + * instance. Tor will terminate if its owning controller does. */ + char *OwningControllerProcess; + /** FD specifier for a controller that owns this Tor instance. */ + int OwningControllerFD; + + int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how + * long do we wait before exiting? */ + char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */ + + /* Derived from SafeLogging */ + enum { + SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE + } SafeLogging_; + + int Sandbox; /**< Boolean: should sandboxing be enabled? */ + int SafeSocks; /**< Boolean: should we outright refuse application + * connections that use socks4 or socks5-with-local-dns? */ + int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor + * protocol, is it a warn or an info in our logs? */ + int TestSocks; /**< Boolean: when we get a socks connection, do we loudly + * log whether it was DNS-leaking or not? */ + int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware + * acceleration where available? */ + /** Token Bucket Refill resolution in milliseconds. */ + int TokenBucketRefillInterval; + char *AccelName; /**< Optional hardware acceleration engine name. */ + char *AccelDir; /**< Optional hardware acceleration engine search dir. */ + + /** Boolean: Do we try to enter from a smallish number + * of fixed nodes? */ + int UseEntryGuards_option; + /** Internal variable to remember whether we're actually acting on + * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or + * Single Onion Service, it is always false, otherwise we use the value of + * UseEntryGuards_option. */ + int UseEntryGuards; + + int NumEntryGuards; /**< How many entry guards do we try to establish? */ + + /** If 1, we use any guardfraction information we see in the + * consensus. If 0, we don't. If -1, let the consensus parameter + * decide. */ + int UseGuardFraction; + + int NumDirectoryGuards; /**< How many dir guards do we try to establish? + * If 0, use value from NumEntryGuards. */ + int NumPrimaryGuards; /**< How many primary guards do we want? */ + + int RephistTrackTime; /**< How many seconds do we keep rephist info? */ + /** Should we always fetch our dir info on the mirror schedule (which + * means directly from the authorities) no matter our other config? */ + int FetchDirInfoEarly; + + /** Should we fetch our dir info at the start of the consensus period? */ + int FetchDirInfoExtraEarly; + + int DirCache; /**< Cache all directory documents and accept requests via + * tunnelled dir conns from clients. If 1, enabled (default); + * If 0, disabled. */ + + char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual + * MAPADDRESS requests for IPv4 addresses */ + char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual + * MAPADDRESS requests for IPv6 addresses */ + int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit + * addresses to be FQDNs, but rather search for them in + * the local domains. */ + int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure + * hijacking. */ + int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent + * DNS poisoning attacks. */ + char *ServerDNSResolvConfFile; /**< If provided, we configure our internal + * resolver from the file here rather than from + * /etc/resolv.conf (Unix) or the registry (Windows). */ + char *DirPortFrontPage; /**< This is a full path to a file with an html + disclaimer. This allows a server administrator to show + that they're running Tor and anyone visiting their server + will know this without any specialized knowledge. */ + int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to + disable ptrace; needs BSD testing. */ + /** Boolean: if set, we start even if our resolv.conf file is missing + * or broken. */ + int ServerDNSAllowBrokenConfig; + /** Boolean: if set, then even connections to private addresses will get + * rate-limited. */ + int CountPrivateBandwidth; + /** A list of addresses that definitely should be resolvable. Used for + * testing our DNS server. */ + struct smartlist_t *ServerDNSTestAddresses; + int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the + * same network zone in the same circuit. */ + int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames + * with weird characters. */ + /** If true, we try resolving hostnames with weird characters. */ + int ServerDNSAllowNonRFC953Hostnames; + + /** If true, we try to download extra-info documents (and we serve them, + * if we are a cache). For authorities, this is always true. */ + int DownloadExtraInfo; + + /** If true, we're configured to collect statistics on clients + * requesting network statuses from us as directory. */ + int DirReqStatistics_option; + /** Internal variable to remember whether we're actually acting on + * DirReqStatistics_option -- yes if it's set and we're a server, else no. */ + int DirReqStatistics; + + /** If true, the user wants us to collect statistics on port usage. */ + int ExitPortStatistics; + + /** If true, the user wants us to collect connection statistics. */ + int ConnDirectionStatistics; + + /** If true, the user wants us to collect cell statistics. */ + int CellStatistics; + + /** If true, the user wants us to collect padding statistics. */ + int PaddingStatistics; + + /** If true, the user wants us to collect statistics as entry node. */ + int EntryStatistics; + + /** If true, the user wants us to collect statistics as hidden service + * directory, introduction point, or rendezvous point. */ + int HiddenServiceStatistics_option; + /** Internal variable to remember whether we're actually acting on + * HiddenServiceStatistics_option -- yes if it's set and we're a server, + * else no. */ + int HiddenServiceStatistics; + + /** If true, include statistics file contents in extra-info documents. */ + int ExtraInfoStatistics; + + /** If true, do not believe anybody who tells us that a domain resolves + * to an internal address, or that an internal address has a PTR mapping. + * Helps avoid some cross-site attacks. */ + int ClientDNSRejectInternalAddresses; + + /** If true, do not accept any requests to connect to internal addresses + * over randomly chosen exits. */ + int ClientRejectInternalAddresses; + + /** If true, clients may connect over IPv4. If false, they will avoid + * connecting over IPv4. We enforce this for OR and Dir connections. */ + int ClientUseIPv4; + /** If true, clients may connect over IPv6. If false, they will avoid + * connecting over IPv4. We enforce this for OR and Dir connections. + * Use fascist_firewall_use_ipv6() instead of accessing this value + * directly. */ + int ClientUseIPv6; + /** If true, prefer an IPv6 OR port over an IPv4 one for entry node + * connections. If auto, bridge clients prefer IPv6, and other clients + * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value + * directly. */ + int ClientPreferIPv6ORPort; + /** If true, prefer an IPv6 directory port over an IPv4 one for direct + * directory connections. If auto, bridge clients prefer IPv6, and other + * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of + * accessing this value directly. */ + int ClientPreferIPv6DirPort; + + /** The length of time that we think a consensus should be fresh. */ + int V3AuthVotingInterval; + /** The length of time we think it will take to distribute votes. */ + int V3AuthVoteDelay; + /** The length of time we think it will take to distribute signatures. */ + int V3AuthDistDelay; + /** The number of intervals we think a consensus should be valid. */ + int V3AuthNIntervalsValid; + + /** Should advertise and sign consensuses with a legacy key, for key + * migration purposes? */ + int V3AuthUseLegacyKey; + + /** Location of bandwidth measurement file */ + char *V3BandwidthsFile; + + /** Location of guardfraction file */ + char *GuardfractionFile; + + /** Authority only: key=value pairs that we add to our networkstatus + * consensus vote on the 'params' line. */ + char *ConsensusParams; + + /** Authority only: minimum number of measured bandwidths we must see + * before we only believe measured bandwidths to assign flags. */ + int MinMeasuredBWsForAuthToIgnoreAdvertised; + + /** The length of time that we think an initial consensus should be fresh. + * Only altered on testing networks. */ + int TestingV3AuthInitialVotingInterval; + + /** The length of time we think it will take to distribute initial votes. + * Only altered on testing networks. */ + int TestingV3AuthInitialVoteDelay; + + /** The length of time we think it will take to distribute initial + * signatures. Only altered on testing networks.*/ + int TestingV3AuthInitialDistDelay; + + /** Offset in seconds added to the starting time for consensus + voting. Only altered on testing networks. */ + int TestingV3AuthVotingStartOffset; + + /** If an authority has been around for less than this amount of time, it + * does not believe its reachability information is accurate. Only + * altered on testing networks. */ + int TestingAuthDirTimeToLearnReachability; + + /** Clients don't download any descriptor this recent, since it will + * probably not have propagated to enough caches. Only altered on testing + * networks. */ + int TestingEstimatedDescriptorPropagationTime; + + /** Schedule for when servers should download things in general. Only + * altered on testing networks. */ + int TestingServerDownloadInitialDelay; + + /** Schedule for when clients should download things in general. Only + * altered on testing networks. */ + int TestingClientDownloadInitialDelay; + + /** Schedule for when servers should download consensuses. Only altered + * on testing networks. */ + int TestingServerConsensusDownloadInitialDelay; + + /** Schedule for when clients should download consensuses. Only altered + * on testing networks. */ + int TestingClientConsensusDownloadInitialDelay; + + /** Schedule for when clients should download consensuses from authorities + * if they are bootstrapping (that is, they don't have a usable, reasonably + * live consensus). Only used by clients fetching from a list of fallback + * directory mirrors. + * + * This schedule is incremented by (potentially concurrent) connection + * attempts, unlike other schedules, which are incremented by connection + * failures. Only altered on testing networks. */ + int ClientBootstrapConsensusAuthorityDownloadInitialDelay; + + /** Schedule for when clients should download consensuses from fallback + * directory mirrors if they are bootstrapping (that is, they don't have a + * usable, reasonably live consensus). Only used by clients fetching from a + * list of fallback directory mirrors. + * + * This schedule is incremented by (potentially concurrent) connection + * attempts, unlike other schedules, which are incremented by connection + * failures. Only altered on testing networks. */ + int ClientBootstrapConsensusFallbackDownloadInitialDelay; + + /** Schedule for when clients should download consensuses from authorities + * if they are bootstrapping (that is, they don't have a usable, reasonably + * live consensus). Only used by clients which don't have or won't fetch + * from a list of fallback directory mirrors. + * + * This schedule is incremented by (potentially concurrent) connection + * attempts, unlike other schedules, which are incremented by connection + * failures. Only altered on testing networks. */ + int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay; + + /** Schedule for when clients should download bridge descriptors. Only + * altered on testing networks. */ + int TestingBridgeDownloadInitialDelay; + + /** Schedule for when clients should download bridge descriptors when they + * have no running bridges. Only altered on testing networks. */ + int TestingBridgeBootstrapDownloadInitialDelay; + + /** When directory clients have only a few descriptors to request, they + * batch them until they have more, or until this amount of time has + * passed. Only altered on testing networks. */ + int TestingClientMaxIntervalWithoutRequest; + + /** How long do we let a directory connection stall before expiring + * it? Only altered on testing networks. */ + int TestingDirConnectionMaxStall; + + /** How many simultaneous in-progress connections will we make when trying + * to fetch a consensus before we wait for one to complete, timeout, or + * error out? Only altered on testing networks. */ + int ClientBootstrapConsensusMaxInProgressTries; + + /** If true, we take part in a testing network. Change the defaults of a + * couple of other configuration options and allow to change the values + * of certain configuration options. */ + int TestingTorNetwork; + + /** Minimum value for the Exit flag threshold on testing networks. */ + uint64_t TestingMinExitFlagThreshold; + + /** Minimum value for the Fast flag threshold on testing networks. */ + uint64_t TestingMinFastFlagThreshold; + + /** Relays in a testing network which should be voted Exit + * regardless of exit policy. */ + routerset_t *TestingDirAuthVoteExit; + int TestingDirAuthVoteExitIsStrict; + + /** Relays in a testing network which should be voted Guard + * regardless of uptime and bandwidth. */ + routerset_t *TestingDirAuthVoteGuard; + int TestingDirAuthVoteGuardIsStrict; + + /** Relays in a testing network which should be voted HSDir + * regardless of uptime and DirPort. */ + routerset_t *TestingDirAuthVoteHSDir; + int TestingDirAuthVoteHSDirIsStrict; + + /** Enable CONN_BW events. Only altered on testing networks. */ + int TestingEnableConnBwEvent; + + /** Enable CELL_STATS events. Only altered on testing networks. */ + int TestingEnableCellStatsEvent; + + /** If true, and we have GeoIP data, and we're a bridge, keep a per-country + * count of how many client addresses have contacted us so that we can help + * the bridge authority guess which countries have blocked access to us. */ + int BridgeRecordUsageByCountry; + + /** Optionally, IPv4 and IPv6 GeoIP data. */ + char *GeoIPFile; + char *GeoIPv6File; + + /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular + * country code will exclude all nodes in ?? and A1. If true, all nodes in + * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */ + int GeoIPExcludeUnknown; + + /** If true, SIGHUP should reload the torrc. Sometimes controllers want + * to make this false. */ + int ReloadTorrcOnSIGHUP; + + /* The main parameter for picking circuits within a connection. + * + * If this value is positive, when picking a cell to relay on a connection, + * we always relay from the circuit whose weighted cell count is lowest. + * Cells are weighted exponentially such that if one cell is sent + * 'CircuitPriorityHalflife' seconds before another, it counts for half as + * much. + * + * If this value is zero, we're disabling the cell-EWMA algorithm. + * + * If this value is negative, we're using the default approach + * according to either Tor or a parameter set in the consensus. + */ + double CircuitPriorityHalflife; + + /** Set to true if the TestingTorNetwork configuration option is set. + * This is used so that options_validate() has a chance to realize that + * the defaults have changed. */ + int UsingTestNetworkDefaults_; + + /** If 1, we try to use microdescriptors to build circuits. If 0, we don't. + * If -1, Tor decides. */ + int UseMicrodescriptors; + + /** File where we should write the ControlPort. */ + char *ControlPortWriteToFile; + /** Should that file be group-readable? */ + int ControlPortFileGroupReadable; + +#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024 + /** Maximum number of non-open general-purpose origin circuits to allow at + * once. */ + int MaxClientCircuitsPending; + + /** If 1, we always send optimistic data when it's supported. If 0, we + * never use it. If -1, we do what the consensus says. */ + int OptimisticData; + + /** If 1, we accept and launch no external network connections, except on + * control ports. */ + int DisableNetwork; + + /** + * Parameters for path-bias detection. + * @{ + * These options override the default behavior of Tor's (**currently + * experimental**) path bias detection algorithm. To try to find broken or + * misbehaving guard nodes, Tor looks for nodes where more than a certain + * fraction of circuits through that guard fail to get built. + * + * The PathBiasCircThreshold option controls how many circuits we need to + * build through a guard before we make these checks. The + * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options + * control what fraction of circuits must succeed through a guard so we + * won't write log messages. If less than PathBiasExtremeRate circuits + * succeed *and* PathBiasDropGuards is set to 1, we disable use of that + * guard. + * + * When we have seen more than PathBiasScaleThreshold circuits through a + * guard, we scale our observations by 0.5 (governed by the consensus) so + * that new observations don't get swamped by old ones. + * + * By default, or if a negative value is provided for one of these options, + * Tor uses reasonable defaults from the networkstatus consensus document. + * If no defaults are available there, these options default to 150, .70, + * .50, .30, 0, and 300 respectively. + */ + int PathBiasCircThreshold; + double PathBiasNoticeRate; + double PathBiasWarnRate; + double PathBiasExtremeRate; + int PathBiasDropGuards; + int PathBiasScaleThreshold; + /** @} */ + + /** + * Parameters for path-bias use detection + * @{ + * Similar to the above options, these options override the default behavior + * of Tor's (**currently experimental**) path use bias detection algorithm. + * + * Where as the path bias parameters govern thresholds for successfully + * building circuits, these four path use bias parameters govern thresholds + * only for circuit usage. Circuits which receive no stream usage are not + * counted by this detection algorithm. A used circuit is considered + * successful if it is capable of carrying streams or otherwise receiving + * well-formed responses to RELAY cells. + * + * By default, or if a negative value is provided for one of these options, + * Tor uses reasonable defaults from the networkstatus consensus document. + * If no defaults are available there, these options default to 20, .80, + * .60, and 100, respectively. + */ + int PathBiasUseThreshold; + double PathBiasNoticeUseRate; + double PathBiasExtremeUseRate; + int PathBiasScaleUseThreshold; + /** @} */ + + int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */ + + /** Fraction: */ + double PathsNeededToBuildCircuits; + + /** What expiry time shall we place on our SSL certs? "0" means we + * should guess a suitable value. */ + int SSLKeyLifetime; + + /** How long (seconds) do we keep a guard before picking a new one? */ + int GuardLifetime; + + /** Is this an exit node? This is a tristate, where "1" means "yes, and use + * the default exit policy if none is given" and "0" means "no; exit policy + * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user." + * + * XXXX Eventually, the default will be 0. */ + int ExitRelay; + + /** For how long (seconds) do we declare our signing keys to be valid? */ + int SigningKeyLifetime; + /** For how long (seconds) do we declare our link keys to be valid? */ + int TestingLinkCertLifetime; + /** For how long (seconds) do we declare our auth keys to be valid? */ + int TestingAuthKeyLifetime; + + /** How long before signing keys expire will we try to make a new one? */ + int TestingSigningKeySlop; + /** How long before link keys expire will we try to make a new one? */ + int TestingLinkKeySlop; + /** How long before auth keys expire will we try to make a new one? */ + int TestingAuthKeySlop; + + /** Force use of offline master key features: never generate a master + * ed25519 identity key except from tor --keygen */ + int OfflineMasterKey; + + enum { + FORCE_PASSPHRASE_AUTO=0, + FORCE_PASSPHRASE_ON, + FORCE_PASSPHRASE_OFF + } keygen_force_passphrase; + int use_keygen_passphrase_fd; + int keygen_passphrase_fd; + int change_key_passphrase; + char *master_key_fname; + + /** Autobool: Do we try to retain capabilities if we can? */ + int KeepBindCapabilities; + + /** Maximum total size of unparseable descriptors to log during the + * lifetime of this Tor process. + */ + uint64_t MaxUnparseableDescSizeToLog; + + /** Bool (default: 1): Switch for the shared random protocol. Only + * relevant to a directory authority. If off, the authority won't + * participate in the protocol. If on (default), a flag is added to the + * vote indicating participation. */ + int AuthDirSharedRandomness; + + /** If 1, we skip all OOS checks. */ + int DisableOOSCheck; + + /** Autobool: Should we include Ed25519 identities in extend2 cells? + * If -1, we should do whatever the consensus parameter says. */ + int ExtendByEd25519ID; + + /** Bool (default: 1): When testing routerinfos as a directory authority, + * do we enforce Ed25519 identity match? */ + /* NOTE: remove this option someday. */ + int AuthDirTestEd25519LinkKeys; + + /** Bool (default: 0): Tells if a %include was used on torrc */ + int IncludeUsed; + + /** The seconds after expiration which we as a relay should keep old + * consensuses around so that we can generate diffs from them. If 0, + * use the default. */ + int MaxConsensusAgeForDiffs; + + /** Bool (default: 0). Tells Tor to never try to exec another program. + */ + int NoExec; + + /** Have the KIST scheduler run every X milliseconds. If less than zero, do + * not use the KIST scheduler but use the old vanilla scheduler instead. If + * zero, do what the consensus says and fall back to using KIST as if this is + * set to "10 msec" if the consensus doesn't say anything. */ + int KISTSchedRunInterval; + + /** A multiplier for the KIST per-socket limit calculation. */ + double KISTSockBufSizeFactor; + + /** The list of scheduler type string ordered by priority that is first one + * has to be tried first. Default: KIST,KISTLite,Vanilla */ + struct smartlist_t *Schedulers; + /* An ordered list of scheduler_types mapped from Schedulers. */ + struct smartlist_t *SchedulerTypes_; + + /** List of files that were opened by %include in torrc and torrc-defaults */ + struct smartlist_t *FilesOpenedByIncludes; + + /** If true, Tor shouldn't install any posix signal handlers, since it is + * running embedded inside another process. + */ + int DisableSignalHandlers; + + /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */ + int DoSCircuitCreationEnabled; + /** Minimum concurrent connection needed from one single address before any + * defense is used. */ + int DoSCircuitCreationMinConnections; + /** Circuit rate used to refill the token bucket. */ + int DoSCircuitCreationRate; + /** Maximum allowed burst of circuits. Reaching that value, the address is + * detected as malicious and a defense might be used. */ + int DoSCircuitCreationBurst; + /** When an address is marked as malicous, what defense should be used + * against it. See the dos_cc_defense_type_t enum. */ + int DoSCircuitCreationDefenseType; + /** For how much time (in seconds) the defense is applicable for a malicious + * address. A random time delta is added to the defense time of an address + * which will be between 1 second and half of this value. */ + int DoSCircuitCreationDefenseTimePeriod; + + /** Autobool: Is the DoS connection mitigation subsystem enabled? */ + int DoSConnectionEnabled; + /** Maximum concurrent connection allowed per address. */ + int DoSConnectionMaxConcurrentCount; + /** When an address is reaches the maximum count, what defense should be + * used against it. See the dos_conn_defense_type_t enum. */ + int DoSConnectionDefenseType; + + /** Autobool: Do we refuse single hop client rendezvous? */ + int DoSRefuseSingleHopClientRendezvous; +}; + +#endif diff --git a/src/or/policies.h b/src/or/policies.h index ff0b54499..7da3ba031 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -121,6 +121,7 @@ int policies_parse_exit_policy_from_options( uint32_t local_address, const tor_addr_t *ipv6_local_address, smartlist_t **result); +struct config_line_t; int policies_parse_exit_policy(struct config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, const smartlist_t *configured_addresses); diff --git a/src/or/rendservice.h b/src/or/rendservice.h index b11a2a7da..35962df7f 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -16,6 +16,7 @@ #include "or/hs_service.h" typedef struct rend_intro_cell_t rend_intro_cell_t; +struct config_line_t; /* This can be used for both INTRODUCE1 and INTRODUCE2 */

1 0

[tor/master] Remove system headers from or.h
by nickm＠torproject.org 03 Jul '18

03 Jul '18

commit 6c440da9260b6f8fffca7cb95ed6e51f55c71b14 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Jul 1 15:02:01 2018 -0400 Remove system headers from or.h --- src/or/config.c | 9 +++++++++ src/or/connection.c | 7 +++++++ src/or/control.c | 7 +++++++ src/or/dns.c | 4 ++++ src/or/hibernate.c | 4 ++++ src/or/hs_service.c | 7 +++++++ src/or/main.c | 4 ++++ src/or/microdesc.c | 4 ++++ src/or/networkstatus.c | 4 ++++ src/or/or.h | 43 +------------------------------------------ src/or/rendservice.c | 10 ++++++++++ src/or/rephist.c | 4 ++++ src/or/routerkeys.c | 4 ++++ src/or/routerlist.c | 4 ++++ src/or/routerparse.c | 3 +++ src/or/scheduler_kist.c | 4 ++++ src/or/statefile.c | 4 ++++ src/test/test_addr.c | 5 ++++- src/test/test_bt_cl.c | 5 ++++- src/test/test_checkdir.c | 5 ++++- src/test/test_config.c | 7 +++++++ src/test/test_crypto.c | 7 +++++++ src/test/test_dir.c | 4 ++++ src/test/test_extorport.c | 5 ++++- src/test/test_hs.c | 4 ++++ src/test/test_logging.c | 4 ++++ src/test/test_microdesc.c | 5 ++++- src/test/test_routerkeys.c | 7 +++++++ src/test/test_shared_random.c | 4 ++++ src/test/test_switch_id.c | 3 +++ src/test/test_util.c | 10 ++++++++++ src/test/testing_common.c | 6 ++++++ 32 files changed, 160 insertions(+), 47 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 0507c4312..a29958c57 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -110,6 +110,15 @@ #ifdef _WIN32 #include <shlobj.h> #endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif #include "lib/meminfo/meminfo.h" #include "lib/osinfo/uname.h" diff --git a/src/or/connection.c b/src/or/connection.c index e42288579..66ccc51b5 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -112,6 +112,13 @@ #include <pwd.h> #endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + #ifdef HAVE_SYS_UN_H #include <sys/socket.h> #include <sys/un.h> diff --git a/src/or/control.c b/src/or/control.c index 35e8cacd8..67d1a0c68 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -100,6 +100,13 @@ #include "or/routerlist_st.h" #include "or/socks_request_st.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + #ifndef _WIN32 #include <pwd.h> #include <sys/resource.h> diff --git a/src/or/dns.c b/src/or/dns.c index 08a55170e..45c4384eb 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -69,6 +69,10 @@ #include "or/edge_connection_st.h" #include "or/or_circuit_st.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + #include <event2/event.h> #include <event2/dns.h> diff --git a/src/or/hibernate.c b/src/or/hibernate.c index f98ada02d..c44e974fc 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -46,6 +46,10 @@ hibernating, phase 2: #include "or/or_connection_st.h" #include "or/or_state_st.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /** Are we currently awake, asleep, running out of bandwidth, or shutting * down? */ static hibernate_state_t hibernate_state = HIBERNATE_STATE_INITIAL; diff --git a/src/or/hs_service.c b/src/or/hs_service.c index b651f1e27..6cb01b57c 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -56,6 +56,13 @@ #include "trunnel/hs/cell_common.h" #include "trunnel/hs/cell_establish_intro.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /* Helper macro. Iterate over every service in the global map. The var is the * name of the service pointer. */ #define FOR_EACH_SERVICE_BEGIN(var) \ diff --git a/src/or/main.c b/src/or/main.c index 9851cdb57..b48c0b813 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -136,6 +136,10 @@ #include "or/routerinfo_st.h" #include "or/socks_request_st.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + #ifdef HAVE_SYSTEMD # if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) /* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse diff --git a/src/or/microdesc.c b/src/or/microdesc.c index 838c966a2..a0ee4ba5f 100644 --- a/src/or/microdesc.c +++ b/src/or/microdesc.c @@ -30,6 +30,10 @@ #include "or/node_st.h" #include "or/routerstatus_st.h" +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + /** A data structure to hold a bunch of cached microdescriptors. There are * two active files in the cache: a "cache file" that we mmap, and a "journal * file" that we append to. Periodically, we rebuild the cache file to hold diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 133ab84b3..f91e46cdd 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -88,6 +88,10 @@ #include "or/vote_microdesc_hash_st.h" #include "or/vote_routerstatus_st.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /** Most recently received and validated v3 "ns"-flavored consensus network * status. */ STATIC networkstatus_t *current_ns_consensus = NULL; diff --git a/src/or/or.h b/src/or/or.h index 4ed774389..b0340ed1a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -13,56 +13,15 @@ #define TOR_OR_H #include "orconfig.h" +#include "lib/cc/torint.h" -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif #ifdef HAVE_SIGNAL_H #include <signal.h> #endif -#ifdef HAVE_NETDB_H -#include <netdb.h> -#endif -#ifdef HAVE_SYS_PARAM_H -#include <sys/param.h> /* FreeBSD needs this to know what version it is */ -#endif -#include "lib/cc/torint.h" -#ifdef HAVE_SYS_FCNTL_H -#include <sys/fcntl.h> -#endif -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif -#ifdef HAVE_SYS_IOCTL_H -#include <sys/ioctl.h> -#endif -#ifdef HAVE_SYS_UN_H -#include <sys/un.h> -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> -#endif -#ifdef HAVE_ARPA_INET_H -#include <arpa/inet.h> -#endif -#ifdef HAVE_ERRNO_H -#include <errno.h> -#endif #ifdef HAVE_TIME_H #include <time.h> #endif -#ifdef _WIN32 -#include <winsock2.h> -#include <io.h> -#include <process.h> -#include <direct.h> -#include <windows.h> -#endif /* defined(_WIN32) */ - #include "common/util.h" #include "lib/container/map.h" diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 6d0861647..8e094b593 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -51,6 +51,16 @@ #include "or/rend_service_descriptor_st.h" #include "or/routerstatus_st.h" +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + struct rend_service_t; static origin_circuit_t *find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest); diff --git a/src/or/rephist.c b/src/or/rephist.c index 02dc86403..a74a952ce 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -98,6 +98,10 @@ #include "lib/math/fp.h" #include "lib/math/laplace.h" +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + static void bw_arrays_init(void); static void predicted_ports_alloc(void); diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index b92ec76aa..bb04a8b22 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -29,6 +29,10 @@ #define ENC_KEY_HEADER "Boxed Ed25519 key" #define ENC_KEY_TAG "master" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /* DOCDOC */ static ssize_t do_getpass(const char *prompt, char *buf, size_t buflen, diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 189ea8acd..164b0bf86 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -141,6 +141,10 @@ #include "lib/crypt_ops/digestset.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + // #define DEBUG_ROUTERLIST /****************************************************************************/ diff --git a/src/or/routerparse.c b/src/or/routerparse.c index f07080a4d..29eb48321 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -104,6 +104,9 @@ #undef log #include <math.h> +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif /****************************************************************************/ diff --git a/src/or/scheduler_kist.c b/src/or/scheduler_kist.c index 3059952b9..5a45ccab8 100644 --- a/src/or/scheduler_kist.c +++ b/src/or/scheduler_kist.c @@ -19,6 +19,10 @@ #define TLS_PER_CELL_OVERHEAD 29 +#ifdef HAVE_SYS_IOCTL_H +#include <sys/ioctl.h> +#endif + #ifdef HAVE_KIST_SUPPORT /* Kernel interface needed for KIST. */ #include <netinet/tcp.h> diff --git a/src/or/statefile.c b/src/or/statefile.c index 5631001c0..e9db1ff06 100644 --- a/src/or/statefile.c +++ b/src/or/statefile.c @@ -46,6 +46,10 @@ #include "or/or_state_st.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /** A list of state-file "abbreviations," for compatibility. */ static config_abbrev_t state_abbrevs_[] = { { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 }, diff --git a/src/test/test_addr.c b/src/test/test_addr.c index 0a3212adb..1069e25b4 100644 --- a/src/test/test_addr.c +++ b/src/test/test_addr.c @@ -11,6 +11,10 @@ #include "or/addressmap.h" #include "test/log_test_helpers.h" +#ifdef HAVE_SYS_UN_H +#include <sys/un.h> +#endif + /** Mocking replacement: only handles localhost. */ static int mock_tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out) @@ -1257,4 +1261,3 @@ struct testcase_t addr_tests[] = { { "make_null", test_addr_make_null, 0, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_bt_cl.c b/src/test/test_bt_cl.c index c64ca8e2b..8a8221f19 100644 --- a/src/test/test_bt_cl.c +++ b/src/test/test_bt_cl.c @@ -12,6 +12,10 @@ #include "lib/err/backtrace.h" #include "lib/log/torlog.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /* -1: no crash. * 0: crash with a segmentation fault. * 1x: crash with an assertion failure. */ @@ -118,4 +122,3 @@ main(int argc, char **argv) return 0; } - diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c index d0c899a07..09688cf0a 100644 --- a/src/test/test_checkdir.c +++ b/src/test/test_checkdir.c @@ -14,6 +14,10 @@ #include "test/test.h" #include "common/util.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + #ifdef _WIN32 #define mkdir(a,b) mkdir(a) #define tt_int_op_nowin(a,op,b) do { (void)(a); (void)(b); } while (0) @@ -146,4 +150,3 @@ struct testcase_t checkdir_tests[] = { CHECKDIR(perms, TT_FORK), END_OF_TESTCASES }; - diff --git a/src/test/test_config.c b/src/test/test_config.c index d84cac4e9..25199454e 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -53,6 +53,13 @@ #include "lib/net/gethostname.h" #include "lib/encoding/confline.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + static void test_config_addressmap(void *arg) { diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index e342c933b..194c54e85 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -19,6 +19,13 @@ #include "lib/crypt_ops/crypto_rand.h" #include "ed25519_vectors.inc" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /** Run unit tests for Diffie-Hellman functionality. */ static void test_crypto_dh(void *arg) diff --git a/src/test/test_dir.c b/src/test/test_dir.c index a2b4ec68a..5adfb9570 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -63,6 +63,10 @@ #include "or/vote_microdesc_hash_st.h" #include "or/vote_routerstatus_st.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + #define NS_MODULE dir static void diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c index 0032ef5b7..4ddef4e43 100644 --- a/src/test/test_extorport.c +++ b/src/test/test_extorport.c @@ -18,6 +18,10 @@ #include "test/test.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + /* Test connection_or_remove_from_ext_or_id_map and * connection_or_set_ext_or_identifier */ static void @@ -610,4 +614,3 @@ struct testcase_t extorport_tests[] = { { "handshake", test_ext_or_handshake, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_hs.c b/src/test/test_hs.c index 2a6cd2827..b17e8cf21 100644 --- a/src/test/test_hs.c +++ b/src/test/test_hs.c @@ -30,6 +30,10 @@ #include "test/test_helpers.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + /* mock ID digest and longname for node that's in nodelist */ #define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" diff --git a/src/test/test_logging.c b/src/test/test_logging.c index d97941146..48cdf2e6b 100644 --- a/src/test/test_logging.c +++ b/src/test/test_logging.c @@ -11,6 +11,10 @@ #include "test/test.h" #include "lib/process/subprocess.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + static void dummy_cb_fn(int severity, uint32_t domain, const char *msg) { diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c index 1b680c02c..2038f5498 100644 --- a/src/test/test_microdesc.c +++ b/src/test/test_microdesc.c @@ -20,6 +20,10 @@ #include "test/test.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + #ifdef _WIN32 /* For mkdir() */ #include <direct.h> @@ -815,4 +819,3 @@ struct testcase_t microdesc_tests[] = { { "corrupt_desc", test_md_corrupt_desc, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c index 3fc381cd2..8c2be30a8 100644 --- a/src/test/test_routerkeys.c +++ b/src/test/test_routerkeys.c @@ -20,6 +20,13 @@ #include <direct.h> #endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + static void test_routerkeys_write_fingerprint(void *arg) { diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 293ed6cf3..1b4fdc899 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -26,6 +26,10 @@ #include "or/networkstatus_st.h" #include "or/or_state_st.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + static authority_cert_t *mock_cert; static authority_cert_t * diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index 11fe53b7c..95801822f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -7,6 +7,9 @@ #ifdef HAVE_SYS_CAPABILITY_H #include <sys/capability.h> #endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif #define TEST_BUILT_WITH_CAPS 0 #define TEST_HAVE_CAPS 1 diff --git a/src/test/test_util.c b/src/test/test_util.c index ab0573e56..3c0b4f77f 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -48,6 +48,16 @@ #ifdef HAVE_UTIME_H #include <utime.h> #endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + #ifdef _WIN32 #include <tchar.h> #endif diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 0b7a3287a..ace564d0f 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -28,6 +28,12 @@ #ifdef HAVE_FCNTL_H #include <fcntl.h> #endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif #ifdef _WIN32 /* For mkdir() */

1 0