tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

or_connection_st.h (4649B)

      1 /* Copyright (c) 2001 Matej Pfajfar.
      2 * Copyright (c) 2001-2004, Roger Dingledine.
      3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
      4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
      5 /* See LICENSE for licensing information */
      6 
      7 /**
      8 * @file or_connection_st.h
      9 * @brief OR connection structure.
     10 **/
     11 
     12 #ifndef OR_CONNECTION_ST_H
     13 #define OR_CONNECTION_ST_H
     14 
     15 #include "core/or/connection_st.h"
     16 #include "lib/evloop/token_bucket.h"
     17 
     18 struct tor_tls_t;
     19 
     20 /** Subtype of connection_t for an "OR connection" -- that is, one that speaks
     21 * cells over TLS. */
     22 struct or_connection_t {
     23  connection_t base_;
     24 
     25  /** Hash of the public RSA key for the other side's identity key, or zeroes
     26   * if the other side hasn't shown us a valid identity key. */
     27  char identity_digest[DIGEST_LEN];
     28 
     29  /** This is the ClientHash value we expect to receive from the
     30   *  client during the Extended ORPort authentication protocol. We
     31   *  compute it upon receiving the ClientNonce from the client, and we
     32   *  compare it with the actual ClientHash value sent by the
     33   *  client. */
     34  char *ext_or_auth_correct_client_hash;
     35  /** String carrying the name of the pluggable transport
     36   *  (e.g. "obfs2") that is obfuscating this connection. If no
     37   *  pluggable transports are used, it's NULL. */
     38  char *ext_or_transport;
     39 
     40  char *nickname; /**< Nickname of OR on other side (if any). */
     41 
     42  struct tor_tls_t *tls; /**< TLS connection state. */
     43  int tls_error; /**< Last tor_tls error code. */
     44  /** When we last used this conn for any client traffic. If not
     45   * recent, we can rate limit it further. */
     46 
     47  /* Channel using this connection */
     48  channel_tls_t *chan;
     49 
     50  /**
     51   * The "canonical" address and port for this relay's ORPort, if this is
     52   * a known relay.
     53   *
     54   * An ORPort is "canonical" in this sense only if it is the same ORPort
     55   * that is listed for this identity in the consensus we have.
     56   *
     57   * This field may be set on outbound connections for _any_ relay, and on
     58   * inbound connections after authentication.  If we don't know the relay's
     59   * identity, or if we don't have the relay's identity in our consensus, we
     60   * leave this address as UNSPEC.
     61   **/
     62  tor_addr_port_t canonical_orport;
     63 
     64  /** Should this connection be used for extending circuits to the server
     65   * matching the <b>identity_digest</b> field?  Set to true if we're pretty
     66   * sure we aren't getting MITMed, either because we're connected to an
     67   * address listed in a server descriptor, or because an authenticated
     68   * NETINFO cell listed the address we're connected to as recognized. */
     69  unsigned int is_canonical:1;
     70 
     71  /** True iff this is an outgoing connection. */
     72  unsigned int is_outgoing:1;
     73  unsigned int proxy_type:3; /**< One of PROXY_NONE...PROXY_HAPROXY */
     74  unsigned int wide_circ_ids:1;
     75  /** True iff a failure on this connection indicates a possible
     76   * bootstrapping problem.  We set this as true if we notice that this
     77   * connection could handle a pending origin circuit, or if we launch it to
     78   * handle an origin circuit. */
     79  unsigned int potentially_used_for_bootstrapping:1;
     80  /** True iff this connection has had its bootstrap failure logged with
     81   * control_event_bootstrap_problem. */
     82  unsigned int have_noted_bootstrap_problem:1;
     83  /** True iff this is a client connection and its address has been put in the
     84   * geoip cache and handled by the DoS mitigation subsystem. We use this to
     85   * insure we have a coherent count of concurrent connection. */
     86  unsigned int tracked_for_dos_mitigation : 1;
     87  /** True iff this connection is using a pluggable transport */
     88  unsigned int is_pt : 1;
     89 
     90  uint16_t link_proto; /**< What protocol version are we using? 0 for
     91                        * "none negotiated yet." */
     92  uint16_t idle_timeout; /**< How long can this connection sit with no
     93                          * circuits on it before we close it? Based on
     94                          * IDLE_CIRCUIT_TIMEOUT_{NON,}CANONICAL and
     95                          * on is_canonical, randomized. */
     96  or_handshake_state_t *handshake_state; /**< If we are setting this connection
     97                                          * up, state information to do so. */
     98 
     99  time_t timestamp_lastempty; /**< When was the outbuf last completely empty?*/
    100 
    101  token_bucket_rw_t bucket; /**< Used for rate limiting when the connection is
    102                          * in state CONN_OPEN. */
    103 
    104  /*
    105   * Count the number of bytes flushed out on this orconn, and the number of
    106   * bytes TLS actually sent - used for overhead estimation for scheduling.
    107   */
    108  uint64_t bytes_xmitted, bytes_xmitted_by_tls;
    109 };
    110 
    111 #endif /* !defined(OR_CONNECTION_ST_H) */