origin_circuit_st.h (11866B)
1 /* Copyright (c) 2001 Matej Pfajfar. 2 * Copyright (c) 2001-2004, Roger Dingledine. 3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. 4 * Copyright (c) 2007-2021, The Tor Project, Inc. */ 5 /* See LICENSE for licensing information */ 6 7 /** 8 * @file origin_circuit_st.h 9 * @brief Origin circuit structure. 10 **/ 11 12 #ifndef ORIGIN_CIRCUIT_ST_H 13 #define ORIGIN_CIRCUIT_ST_H 14 15 #include "core/or/or.h" 16 17 #include "core/or/circuit_st.h" 18 19 struct onion_queue_t; 20 21 /** 22 * Describes the circuit building process in simplified terms based 23 * on the path bias accounting state for a circuit. 24 * 25 * NOTE: These state values are enumerated in the order for which we 26 * expect circuits to transition through them. If you add states, 27 * you need to preserve this overall ordering. The various pathbias 28 * state transition and accounting functions (pathbias_mark_* and 29 * pathbias_count_*) contain ordinal comparisons to enforce proper 30 * state transitions for corrections. 31 * 32 * This state machine and the associated logic was created to prevent 33 * miscounting due to unknown cases of circuit reuse. See also tickets 34 * #6475 and #7802. 35 */ 36 enum path_state_t { 37 /** This circuit is "new". It has not yet completed a first hop 38 * or been counted by the path bias code. */ 39 PATH_STATE_NEW_CIRC = 0, 40 /** This circuit has completed one/two hops, and has been counted by 41 * the path bias logic. */ 42 PATH_STATE_BUILD_ATTEMPTED = 1, 43 /** This circuit has been completely built */ 44 PATH_STATE_BUILD_SUCCEEDED = 2, 45 /** Did we try to attach any SOCKS streams or hidserv introductions to 46 * this circuit? 47 * 48 * Note: If we ever implement end-to-end stream timing through test 49 * stream probes (#5707), we must *not* set this for those probes 50 * (or any other automatic streams) because the adversary could 51 * just tag at a later point. 52 */ 53 PATH_STATE_USE_ATTEMPTED = 3, 54 /** Did any SOCKS streams or hidserv introductions actually succeed on 55 * this circuit? 56 * 57 * If any streams detach/fail from this circuit, the code transitions 58 * the circuit back to PATH_STATE_USE_ATTEMPTED to ensure we probe. See 59 * pathbias_mark_use_rollback() for that. 60 */ 61 PATH_STATE_USE_SUCCEEDED = 4, 62 63 /** 64 * This is a special state to indicate that we got a corrupted 65 * relay cell on a circuit and we don't intend to probe it. 66 */ 67 PATH_STATE_USE_FAILED = 5, 68 69 /** 70 * This is a special state to indicate that we already counted 71 * the circuit. Used to guard against potential state machine 72 * violations. 73 */ 74 PATH_STATE_ALREADY_COUNTED = 6, 75 }; 76 77 /** An origin_circuit_t holds data necessary to build and use a circuit. 78 */ 79 struct origin_circuit_t { 80 circuit_t base_; 81 82 /** Linked list of AP streams (or EXIT streams if hidden service) 83 * associated with this circuit. 84 * 85 * Any updates to this pointer must be followed with 86 * conflux_update_p_streams(). */ 87 edge_connection_t *p_streams; 88 89 /** Smartlist of half-closed streams (half_edge_t*) that still 90 * have pending activity. 91 * 92 * Any updates to this pointer must be followed with 93 * conflux_update_half_streams(). 94 */ 95 smartlist_t *half_streams; 96 97 /** Bytes read on this circuit since last call to 98 * control_event_circ_bandwidth_used(). Only used if we're configured 99 * to emit CIRC_BW events. */ 100 uint32_t n_read_circ_bw; 101 102 /** Bytes written to on this circuit since last call to 103 * control_event_circ_bandwidth_used(). Only used if we're configured 104 * to emit CIRC_BW events. */ 105 uint32_t n_written_circ_bw; 106 107 /** Total known-valid relay cell bytes since last call to 108 * control_event_circ_bandwidth_used(). Only used if we're configured 109 * to emit CIRC_BW events. */ 110 uint32_t n_delivered_read_circ_bw; 111 112 /** Total written relay cell bytes since last call to 113 * control_event_circ_bandwidth_used(). Only used if we're configured 114 * to emit CIRC_BW events. */ 115 uint32_t n_delivered_written_circ_bw; 116 117 /** Total overhead data in all known-valid relay data cells since last 118 * call to control_event_circ_bandwidth_used(). Only used if we're 119 * configured to emit CIRC_BW events. */ 120 uint32_t n_overhead_read_circ_bw; 121 122 /** Total written overhead data in all relay data cells since last call to 123 * control_event_circ_bandwidth_used(). Only used if we're configured 124 * to emit CIRC_BW events. */ 125 uint32_t n_overhead_written_circ_bw; 126 127 /** Build state for this circuit. It includes the intended path 128 * length, the chosen exit router, rendezvous information, etc. 129 */ 130 cpath_build_state_t *build_state; 131 /** The doubly-linked list of crypt_path_t entries, one per hop, 132 * for this circuit. This includes ciphers for each hop, 133 * integrity-checking digests for each hop, and package/delivery 134 * windows for each hop. 135 */ 136 crypt_path_t *cpath; 137 138 /** Holds hidden service identifier on either client or service side. This 139 * is for both introduction and rendezvous circuit. */ 140 struct hs_ident_circuit_t *hs_ident; 141 142 /** Holds the data that the entry guard system uses to track the 143 * status of the guard this circuit is using, and thereby to determine 144 * whether this circuit can be used. */ 145 struct circuit_guard_state_t *guard_state; 146 147 /** Index into global_origin_circuit_list for this circuit. -1 if not 148 * present. */ 149 int global_origin_circuit_list_idx; 150 151 /** How many more relay_early cells can we send on this circuit, according 152 * to the specification? */ 153 unsigned int remaining_relay_early_cells : 4; 154 155 /** Set if this circuit is insanely old and we already informed the user */ 156 unsigned int is_ancient : 1; 157 158 /** Set if this circuit has already been opened. Used to detect 159 * cannibalized circuits. */ 160 unsigned int has_opened : 1; 161 162 /** 163 * Path bias state machine. Used to ensure integrity of our 164 * circuit building and usage accounting. See path_state_t 165 * for more details. 166 */ 167 path_state_bitfield_t path_state : 3; 168 169 /* If this flag is set, we should not consider attaching any more 170 * connections to this circuit. */ 171 unsigned int unusable_for_new_conns : 1; 172 173 /* If this flag is set (due to padding negotiation failure), we should 174 * not try to negotiate further circuit padding. */ 175 unsigned padding_negotiation_failed : 1; 176 177 /** 178 * If this flag is set, then a controller chose the first hop of this 179 * circuit's path, and it's okay to ignore checks that we'd usually do 180 * on this circuit's first hop. 181 * 182 * This flag is distinct from the CIRCUIT_PURPOSE_CONTROLLER purpose: the 183 * purpose indicates _what tor can use the circuit for_. Controller-created 184 * circuits can still have the CIRCUIT_PURPOSE_GENERAL purpose if Tor is 185 * allowed to attach streams to them. 186 */ 187 unsigned first_hop_from_controller : 1; 188 189 /** 190 * If true, this circuit's path has been chosen, in full or in part, 191 * by the controller API, and it's okay to ignore checks that we'd 192 * usually do on the path as whole. */ 193 unsigned int any_hop_from_controller : 1; 194 195 /** 196 * Tristate variable to guard against pathbias miscounting 197 * due to circuit purpose transitions changing the decision 198 * of pathbias_should_count(). This variable is informational 199 * only. The current results of pathbias_should_count() are 200 * the official decision for pathbias accounting. 201 */ 202 uint8_t pathbias_shouldcount; 203 #define PATHBIAS_SHOULDCOUNT_UNDECIDED 0 204 #define PATHBIAS_SHOULDCOUNT_IGNORED 1 205 #define PATHBIAS_SHOULDCOUNT_COUNTED 2 206 207 /** For path probing. Store the temporary probe stream ID 208 * for response comparison */ 209 streamid_t pathbias_probe_id; 210 211 /** For path probing. Store the temporary probe address nonce 212 * (in host byte order) for response comparison. */ 213 uint32_t pathbias_probe_nonce; 214 215 /** This is nonzero iff hs_with_pow_circ is set and there was a valid proof 216 * of work solution associated with this circuit. */ 217 uint32_t hs_pow_effort; 218 219 /** Set iff this is a hidden-service circuit for a HS with PoW defenses 220 * enabled, so that we know to be more lenient with timing out the 221 * circuit-build to allow the service time to work through the queue of 222 * requests. */ 223 unsigned int hs_with_pow_circ : 1; 224 225 /** Set iff this intro circ required a pow, and it has already queued 226 * the pow with the cpuworker and is awaiting a reply. */ 227 unsigned int hs_currently_solving_pow : 1; 228 229 /** Set iff this circuit has been given a relaxed timeout because 230 * no circuits have opened. Used to prevent spamming logs. */ 231 unsigned int relaxed_timeout : 1; 232 233 /** What commands were sent over this circuit that decremented the 234 * RELAY_EARLY counter? This is for debugging task 878. */ 235 uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]; 236 237 /** How many RELAY_EARLY cells have been sent over this circuit? This is 238 * for debugging task 878, too. */ 239 int relay_early_cells_sent; 240 241 /** The next stream_id that will be tried when we're attempting to 242 * construct a new AP stream originating at this circuit. */ 243 streamid_t next_stream_id; 244 245 /* The intro key replaces the hidden service's public key if purpose is 246 * S_ESTABLISH_INTRO or S_INTRO, provided that no unversioned rendezvous 247 * descriptor is used. */ 248 crypto_pk_t *intro_key; 249 250 /** Quasi-global identifier for this circuit; used for control.c */ 251 /* XXXX NM This can get re-used after 2**32 circuits. */ 252 uint32_t global_identifier; 253 254 /** True if we have associated one stream to this circuit, thereby setting 255 * the isolation parameters for this circuit. Note that this doesn't 256 * necessarily mean that we've <em>attached</em> any streams to the circuit: 257 * we may only have marked up this circuit during the launch process. 258 */ 259 unsigned int isolation_values_set : 1; 260 /** True iff any stream has <em>ever</em> been attached to this circuit. 261 * 262 * In a better world we could use timestamp_dirty for this, but 263 * timestamp_dirty is far too overloaded at the moment. 264 */ 265 unsigned int isolation_any_streams_attached : 1; 266 267 /** A bitfield of ISO_* flags for every isolation field such that this 268 * circuit has had streams with more than one value for that field 269 * attached to it. */ 270 uint8_t isolation_flags_mixed; 271 272 /** @name Isolation parameters 273 * 274 * If any streams have been associated with this circ (isolation_values_set 275 * == 1), and all streams associated with the circuit have had the same 276 * value for some field ((isolation_flags_mixed & ISO_FOO) == 0), then these 277 * elements hold the value for that field. 278 * 279 * Note again that "associated" is not the same as "attached": we 280 * preliminarily associate streams with a circuit while the circuit is being 281 * launched, so that we can tell whether we need to launch more circuits. 282 * 283 * @{ 284 */ 285 uint8_t client_proto_type; 286 uint8_t client_proto_socksver; 287 uint16_t dest_port; 288 tor_addr_t client_addr; 289 char *dest_address; 290 int session_group; 291 unsigned nym_epoch; 292 size_t socks_username_len; 293 uint8_t socks_password_len; 294 /* Note that the next two values are NOT NUL-terminated; see 295 socks_username_len and socks_password_len for their lengths. */ 296 char *socks_username; 297 char *socks_password; 298 /** Global identifier for the first stream attached here; used by 299 * ISO_STREAM. */ 300 uint64_t associated_isolated_stream_global_id; 301 /**@}*/ 302 /** A list of addr_policy_t for this circuit in particular. Used by 303 * adjust_exit_policy_from_exitpolicy_failure. 304 */ 305 smartlist_t *prepend_policy; 306 307 /** How long do we wait before closing this circuit if it remains 308 * completely idle after it was built, in seconds? This value 309 * is randomized on a per-circuit basis from CircuitsAvailableTimoeut 310 * to 2*CircuitsAvailableTimoeut. */ 311 int circuit_idle_timeout; 312 313 }; 314 315 #endif /* !defined(ORIGIN_CIRCUIT_ST_H) */