[or-cvs] bugfixes and refactorings
Roger Dingledine
arma at seul.org
Tue Sep 16 20:57:11 UTC 2003
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or
Modified Files:
circuit.c connection.c connection_edge.c directory.c main.c
onion.c or.h
Log Message:
bugfixes and refactorings
Index: circuit.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuit.c,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -d -r1.64 -r1.65
--- circuit.c 16 Sep 2003 20:13:43 -0000 1.64
+++ circuit.c 16 Sep 2003 20:57:08 -0000 1.65
@@ -127,11 +127,13 @@
high_bit = (aci_type == ACI_TYPE_HIGHER) ? 1<<15 : 0;
conn = connection_exact_get_by_addr_port(addr,port);
if (!conn)
- return 1; /* No connection exists; conflict is impossible. */
+ return (1|high_bit); /* No connection exists; conflict is impossible. */
do {
/* Sequentially iterate over test_aci=1...1<<15-1 until we find an
* aci such that (high_bit|test_aci) is not already used. */
+ /* XXX Will loop forever if all aci's in our range are used.
+ * This matters because it's an external DoS vulnerability. */
test_aci = conn->next_aci++;
if (test_aci == 0 || test_aci >= 1<<15) {
test_aci = 1;
@@ -225,13 +227,13 @@
return NULL;
}
-circuit_t *circuit_get_newest_ap(void) {
+circuit_t *circuit_get_newest_open(void) {
circuit_t *circ, *bestcirc=NULL;
for(circ=global_circuitlist;circ;circ = circ->next) {
- if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && (!bestcirc ||
+ if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && circ->n_conn && (!bestcirc ||
bestcirc->timestamp_created < circ->timestamp_created)) {
- log_fn(LOG_DEBUG,"Choosing n_aci %d.", circ->n_aci);
+ log_fn(LOG_DEBUG,"Choosing circuit %s:%d:%d.", circ->n_conn->address, circ->n_port, circ->n_aci);
assert(circ->n_aci);
bestcirc = circ;
}
@@ -501,7 +503,7 @@
assert(circ);
if(options.APPort) {
- youngest = circuit_get_newest_ap();
+ youngest = circuit_get_newest_open();
log_fn(LOG_DEBUG,"youngest %d, circ %d.",(int)youngest, (int)circ);
}
circuit_remove(circ);
@@ -610,7 +612,7 @@
circuit_t *circ, *tmpcirc;
circuit_t *youngest;
- youngest = circuit_get_newest_ap();
+ youngest = circuit_get_newest_open();
circ = global_circuitlist;
while(circ) {
Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- connection.c 16 Sep 2003 19:51:09 -0000 1.95
+++ connection.c 16 Sep 2003 20:57:08 -0000 1.96
@@ -848,7 +848,7 @@
conn->state <= _EXIT_CONN_STATE_MAX);
break;
case CONN_TYPE_AP:
- assert(conn->state >= _EXIT_CONN_STATE_MIN &&
+ assert(conn->state >= _AP_CONN_STATE_MIN &&
conn->state <= _AP_CONN_STATE_MAX);
break;
case CONN_TYPE_DIR:
Index: connection_edge.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_edge.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- connection_edge.c 16 Sep 2003 05:41:49 -0000 1.21
+++ connection_edge.c 16 Sep 2003 20:57:08 -0000 1.22
@@ -12,6 +12,21 @@
static int connection_exit_begin_conn(cell_t *cell, circuit_t *circ);
+#define SOCKS4_REQUEST_GRANTED 90
+#define SOCKS4_REQUEST_REJECT 91
+#define SOCKS4_REQUEST_IDENT_FAILED 92
+#define SOCKS4_REQUEST_IDENT_CONFLICT 93
+
+/* structure of a socks client operation */
+typedef struct {
+ unsigned char version; /* socks version number */
+ unsigned char command; /* command code */
+ unsigned char destport[2]; /* destination port, network order */
+ unsigned char destip[4]; /* destination address */
+ /* userid follows, terminated by a NULL */
+ /* dest host follows, terminated by a NULL */
+} socks4_t;
+
int connection_edge_process_inbuf(connection_t *conn) {
assert(conn);
@@ -509,7 +524,7 @@
}
/* find the circuit that we should use, if there is one. */
- circ = circuit_get_newest_ap();
+ circ = circuit_get_newest_open();
if(!circ) {
log_fn(LOG_INFO,"No circuit ready. Closing.");
Index: directory.c
===================================================================
RCS file: /home/or/cvsroot/src/or/directory.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- directory.c 16 Sep 2003 05:41:49 -0000 1.25
+++ directory.c 16 Sep 2003 20:57:08 -0000 1.26
@@ -21,6 +21,7 @@
static int directory_dirty=1;
static char getstring[] = "GET / HTTP/1.0\r\n\r\n";
+static char poststring[] = "POST / HTTP/1.0\r\n\r\n";
static char answerstring[] = "HTTP/1.0 200 OK\r\n\r\n";
/********* END VARIABLES ************/
@@ -132,7 +133,7 @@
if(router_get_dir_from_string(the_directory, conn->pkey) < 0) {
log_fn(LOG_DEBUG,"...but parsing failed. Ignoring.");
} else {
- log_fn(LOG_DEBUG,"and got a %s directory; updated routers.",
+ log_fn(LOG_DEBUG,"and got an %s directory; updated routers.",
conn->pkey ? "authenticated" : "unauthenticated");
}
@@ -235,7 +236,6 @@
case DIR_CONN_STATE_CONNECTING:
if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) { /* not yet */
if(!ERRNO_CONN_EINPROGRESS(errno)) {
- /* yuck. kill it. */
log_fn(LOG_DEBUG,"in-progress connect failed. Removing.");
router_forget_router(conn->addr, conn->port); /* don't try him again */
return -1;
Index: main.c
===================================================================
RCS file: /home/or/cvsroot/src/or/main.c,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -d -r1.93 -r1.94
--- main.c 14 Sep 2003 08:17:14 -0000 1.93
+++ main.c 16 Sep 2003 20:57:08 -0000 1.94
@@ -343,7 +343,7 @@
if(options.APPort && time_to_new_circuit < now.tv_sec) {
circuit_expire_unused_circuits();
circuit_launch_new(-1); /* tell it to forget about previous failures */
- circ = circuit_get_newest_ap();
+ circ = circuit_get_newest_open();
if(!circ || circ->dirty) {
log(LOG_INFO,"prepare_for_poll(): Youngest circuit %s; launching replacement.", circ ? "dirty" : "missing");
circuit_launch_new(0); /* make an onion and lay the circuit */
Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -d -r1.64 -r1.65
--- onion.c 16 Sep 2003 05:41:49 -0000 1.64
+++ onion.c 16 Sep 2003 20:57:08 -0000 1.65
@@ -21,6 +21,11 @@
return ACI_TYPE_LOWER;
}
+struct onion_queue_t {
+ circuit_t *circ;
+ struct onion_queue_t *next;
+};
+
/* global (within this file) variables used by the next few functions */
static struct onion_queue_t *ol_list=NULL;
static struct onion_queue_t *ol_tail=NULL;
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.129
retrieving revision 1.130
diff -u -d -r1.129 -r1.130
--- or.h 16 Sep 2003 20:13:43 -0000 1.129
+++ or.h 16 Sep 2003 20:57:09 -0000 1.130
@@ -105,8 +105,10 @@
#define MAX_BUF_SIZE (640*1024)
#define DEFAULT_BANDWIDTH_OP (1024 * 1000)
+#ifndef USE_TLS
#define HANDSHAKE_AS_OP 1
#define HANDSHAKE_AS_OR 2
+#endif
#define ACI_TYPE_LOWER 0
#define ACI_TYPE_HIGHER 1
@@ -136,7 +138,6 @@
#define _CPUWORKER_STATE_MAX 2
#define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
-#define CPUWORKER_TASK_HANDSHAKE CPUWORKER_STATE_BUSY_HANDSHAKE
#ifndef USE_TLS
/* how to read these states:
@@ -180,21 +181,17 @@
#define _AP_CONN_STATE_MAX 5
#define _DIR_CONN_STATE_MIN 0
-#define DIR_CONN_STATE_CONNECTING 0
-#define DIR_CONN_STATE_SENDING_COMMAND 1
-#define DIR_CONN_STATE_READING 2
-#define DIR_CONN_STATE_COMMAND_WAIT 3
-#define DIR_CONN_STATE_WRITING 4
+#define DIR_CONN_STATE_CONNECTING 0 /* client */
+#define DIR_CONN_STATE_SENDING_COMMAND 1 /* client */
+#define DIR_CONN_STATE_READING 2 /* client */
+#define DIR_CONN_STATE_COMMAND_WAIT 3 /* dirserver */
+#define DIR_CONN_STATE_WRITING 4 /* dirserver */
#define _DIR_CONN_STATE_MAX 4
#define CIRCUIT_STATE_BUILDING 0 /* I'm the OP, still haven't done all my handshakes */
-#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onion */
+#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onionskin */
#define CIRCUIT_STATE_OR_WAIT 2 /* I'm the OP, my firsthop is still connecting */
-#define CIRCUIT_STATE_OPEN 3 /* onion processed, ready to send data along the connection */
-//#define CIRCUIT_STATE_CLOSE_WAIT1 4 /* sent two "destroy" signals, waiting for acks */
-//#define CIRCUIT_STATE_CLOSE_WAIT2 5 /* received one ack, waiting for one more
-// (or if just one was sent, waiting for that one */
-//#define CIRCUIT_STATE_CLOSE 4 /* both acks received, connection is dead */ /* NOT USED */
+#define CIRCUIT_STATE_OPEN 3 /* onionskin(s) processed, ready to send/receive cells */
#define RELAY_COMMAND_BEGIN 1
#define RELAY_COMMAND_DATA 2
@@ -212,8 +209,10 @@
#define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
/* Used to en/decrypt onion skins */
#define ONION_CIPHER DEFAULT_CIPHER
+#ifndef USE_TLS
/* Used to en/decrypt cells between ORs/OPs. */
#define CONNECTION_CIPHER DEFAULT_CIPHER
+#endif
/* Used to en/decrypt RELAY cells */
#define CIRCUIT_CIPHER DEFAULT_CIPHER
@@ -260,21 +259,6 @@
#define ZERO_STREAM "\0\0\0\0\0\0\0\0"
-#define SOCKS4_REQUEST_GRANTED 90
-#define SOCKS4_REQUEST_REJECT 91
-#define SOCKS4_REQUEST_IDENT_FAILED 92
-#define SOCKS4_REQUEST_IDENT_CONFLICT 93
-
-/* structure of a socks client operation */
-typedef struct {
- unsigned char version; /* socks version number */
- unsigned char command; /* command code */
- unsigned char destport[2]; /* destination port, network order */
- unsigned char destip[4]; /* destination address */
- /* userid follows, terminated by a NULL */
- /* dest host follows, terminated by a NULL */
-} socks4_t;
-
struct connection_t {
uint8_t type;
@@ -428,7 +412,7 @@
int package_window;
int deliver_window;
- aci_t p_aci; /* connection identifiers */
+ aci_t p_aci; /* circuit identifiers */
aci_t n_aci;
crypto_cipher_env_t *p_crypto; /* used only for intermediate hops */
@@ -447,11 +431,6 @@
typedef struct circuit_t circuit_t;
-struct onion_queue_t {
- circuit_t *circ;
- struct onion_queue_t *next;
-};
-
typedef struct {
char *LogLevel;
char *RouterFile;
@@ -507,7 +486,7 @@
circuit_t *circuit_enumerate_by_naddr_nport(circuit_t *start, uint32_t naddr, uint16_t nport);
circuit_t *circuit_get_by_aci_conn(aci_t aci, connection_t *conn);
circuit_t *circuit_get_by_conn(connection_t *conn);
-circuit_t *circuit_get_newest_ap(void);
+circuit_t *circuit_get_newest_open(void);
int circuit_deliver_relay_cell(cell_t *cell, circuit_t *circ,
int cell_direction, crypt_path_t *layer_hint);
More information about the tor-commits
mailing list