#include "or.h"
| #define INTRO_CIRC_RETRY_PERIOD (60*5) |
If we can't build our intro circuits, don't retry for this long.
Referenced by rend_services_introduce().
| #define MAX_INTRO_CIRCS_PER_PERIOD 10 |
Don't try to build more than this many circuits before giving up for a while.
Referenced by rend_services_introduce().
| #define MAX_REND_FAILURES 30 |
How many times will a hidden service operator attempt to connect to a requested rendezvous point before giving up?
Referenced by rend_service_introduce(), and rend_service_relaunch_rendezvous().
| #define MAX_REND_TIMEOUT 30 |
How many seconds should we spend trying to connect to a requested rendezvous point before giving up?
Referenced by rend_service_introduce().
| #define NUM_INTRO_POINTS 3 |
Try to maintain this many intro points per service if possible.
Referenced by rend_service_intro_has_opened().
| static void clean_accepted_intros | ( | rend_service_t * | service, | |
| time_t | now | |||
| ) | [static] |
Remove elements from service's replay cache that are old enough to be noticed by timestamp checking.
References rend_service_t::accepted_intros, rend_service_t::last_cleaned_accepted_intros, REND_REPLAY_TIME_INTERVAL, and tor_free.
Referenced by rend_service_introduce().
| static int count_established_intro_points | ( | const char * | query | ) | [static] |
Return the number of introduction points that are or have been established for the given service address in query.
References _circuit_get_global_list(), CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, CIRCUIT_PURPOSE_S_INTRO, CIRCUIT_STATE_OPEN, circuit_t::marked_for_close, circuit_t::next, rend_data_t::onion_address, circuit_t::purpose, rend_cmp_service_ids(), origin_circuit_t::rend_data, circuit_t::state, and TO_ORIGIN_CIRCUIT().
Referenced by rend_service_intro_has_opened().
| static void directory_post_to_hs_dir | ( | rend_service_descriptor_t * | renddesc, | |
| smartlist_t * | descs, | |||
| const char * | service_id, | |||
| int | seconds_valid | |||
| ) | [static] |
Determine the responsible hidden service directories for the rend_encoded_v2_service_descriptor_t's in descs and upload them; service_id and seconds_valid are only passed for logging purposes.
References routerstatus_t::addr, rend_service_descriptor_t::all_uploads_performed, base32_encode(), rend_encoded_v2_service_descriptor_t::desc_id, rend_encoded_v2_service_descriptor_t::desc_str, DIGEST_LEN, DIR_PURPOSE_UPLOAD_RENDDESC_V2, directory_initiate_command_routerstatus(), hid_serv_get_responsible_directories(), routerstatus_t::identity_digest, LD_REND, routerstatus_t::nickname, routerstatus_t::or_port, REND_DESC_ID_V2_LEN_BASE32, router_get_by_digest(), ROUTER_PURPOSE_GENERAL, safe_str_client(), smartlist_add(), smartlist_clear(), smartlist_create(), smartlist_digest_isin(), smartlist_free(), rend_service_descriptor_t::successful_uploads, tor_dup_ip(), and tor_free.
Referenced by upload_service_descriptor().
| static origin_circuit_t * find_intro_circuit | ( | rend_intro_point_t * | intro, | |
| const char * | pk_digest | |||
| ) | [static] |
Return the (possibly non-open) introduction circuit ending at intro for the service whose public key is pk_digest. (desc_version is ignored). Return NULL if no such service is found.
References origin_circuit_t::build_state, cpath_build_state_t::chosen_exit, circuit_get_next_by_pk_and_purpose(), CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, CIRCUIT_PURPOSE_S_INTRO, DIGEST_LEN, rend_intro_point_t::extend_info, extend_info_t::identity_digest, origin_circuit_t::rend_data, and tor_assert.
Referenced by rend_service_dump_stats(), rend_service_update_descriptor(), and rend_services_introduce().
| int num_rend_services | ( | void | ) |
Return the number of rendezvous services we have configured.
Referenced by circuit_predict_and_launch_new().
| static rend_service_port_config_t* parse_port_config | ( | const char * | string | ) | [static] |
Parses a real-port to virtual-port mapping and returns a new rend_service_port_config_t.
The format is: VirtualPort (IP|RealPort|IP:RealPort)?
IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
References escaped(), LD_CONFIG, rend_service_port_config_t::real_addr, rend_service_port_config_t::real_port, smartlist_create(), smartlist_free(), smartlist_split_string(), tor_addr_copy(), tor_addr_from_ipv4h, tor_addr_port_parse(), tor_free, tor_parse_long(), and rend_service_port_config_t::virtual_port.
Referenced by rend_config_services().
| static void rend_add_service | ( | rend_service_t * | service | ) | [static] |
Validate service and add it to rend_service_list if possible.
References rend_service_t::auth_type, rend_service_t::clients, rend_service_t::directory, fmt_addr(), rend_service_t::intro_nodes, LD_CONFIG, LD_REND, rend_service_t::ports, rend_service_port_config_t::real_addr, rend_service_port_config_t::real_port, rend_service_free(), smartlist_add(), smartlist_create(), and rend_service_port_config_t::virtual_port.
Referenced by rend_config_services().
| static void rend_authorized_client_free | ( | rend_authorized_client_t * | client | ) | [static] |
Helper: free storage held by a single service authorized client entry.
References rend_authorized_client_t::client_key, rend_authorized_client_t::client_name, crypto_free_pk_env(), and tor_free.
Referenced by rend_authorized_client_strmap_item_free(), and rend_service_free().
| static void rend_authorized_client_strmap_item_free | ( | void * | authorized_client | ) | [static] |
Helper for strmap_free.
References rend_authorized_client_free().
Referenced by rend_service_load_keys().
| static int rend_check_authorization | ( | rend_service_t * | service, | |
| const char * | descriptor_cookie | |||
| ) | [static] |
Check client authorization of a given descriptor_cookie for service. Return 1 for success and 0 for failure.
References rend_service_t::clients, LD_BUG, REND_DESC_COOKIE_LEN, and tor_assert.
Referenced by rend_service_introduce().
| int rend_config_services | ( | or_options_t * | options, | |
| int | validate_only | |||
| ) |
Set up rend_service_list, based on the values of HiddenServiceDir and HiddenServicePort in options. Return 0 on success and -1 on failure. (If validate_only is set, parse, warn and return as normal, but don't actually change the configured services.)
References _circuit_get_global_list(), rend_service_t::auth_type, CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, CIRCUIT_PURPOSE_S_INTRO, CIRCUIT_STATE_OPEN, rend_authorized_client_t::client_name, rend_service_t::clients, DIGEST_LEN, rend_service_t::directory, rend_service_t::intro_period_started, config_line_t::key, LD_BUG, LD_CONFIG, LD_REND, circuit_t::next, config_line_t::next, parse_port_config(), rend_service_t::ports, rend_add_service(), REND_CLIENTNAME_MAX_LEN, origin_circuit_t::rend_data, REND_LEGAL_CLIENTNAME_CHARACTERS, rend_data_t::rend_pk_digest, rend_service_free(), or_options_t::RendConfigLines, safe_str_client(), smartlist_add(), smartlist_add_all(), smartlist_clear(), smartlist_create(), smartlist_free(), smartlist_sort_strings(), smartlist_split_string(), smartlist_uniq_strings(), TO_ORIGIN_CIRCUIT(), tor_assert, tor_free, and config_line_t::value.
Referenced by options_act().
| void rend_consider_descriptor_republication | ( | void | ) |
Consider republication of v2 rendezvous service descriptors that failed previously, but without regenerating descriptor contents.
References rend_service_descriptor_t::all_uploads_performed, rend_service_t::desc, get_options(), and upload_service_descriptor().
Referenced by run_scheduled_events().
| void rend_consider_services_upload | ( | time_t | now | ) |
Regenerate and upload rendezvous service descriptors for all services, if necessary. If the descriptor has been dirty enough for long enough, definitely upload; else only upload when the periodic timeout has expired.
For the first upload, pick a random time between now and two periods from now, and pick it independently for each service.
References crypto_rand_int(), rend_service_t::desc_is_dirty, get_options(), rend_service_t::next_upload_time, rend_service_update_descriptor(), or_options_t::RendPostPeriod, and upload_service_descriptor().
Referenced by run_scheduled_events().
| void rend_hsdir_routers_changed | ( | void | ) |
Called when our internal view of the directory has changed, so that we might have router descriptors of hidden service directories available that we did not have before.
Referenced by router_dir_info_changed().
| void rend_service_dump_stats | ( | int | severity | ) |
Log the status of introduction points for all rendezvous services at log severity severity.
References origin_circuit_t::_base, circuit_state_to_string(), rend_service_t::directory, rend_intro_point_t::extend_info, find_intro_circuit(), rend_service_t::intro_nodes, LD_GENERAL, extend_info_t::nickname, rend_service_t::pk_digest, safe_str_client(), and circuit_t::state.
Referenced by dumpstats().
| static void rend_service_free | ( | rend_service_t * | service | ) | [static] |
Release the storage held by service.
References _tor_free(), rend_service_t::accepted_intros, rend_service_t::clients, crypto_free_pk_env(), rend_service_t::desc, digestmap_free(), rend_service_t::directory, rend_service_t::intro_nodes, rend_service_t::ports, rend_service_t::private_key, rend_authorized_client_free(), rend_intro_point_free(), rend_service_descriptor_free(), smartlist_free(), and tor_free.
Referenced by rend_add_service(), rend_config_services(), and rend_service_free_all().
| void rend_service_free_all | ( | void | ) |
Release all the storage held in rend_service_list.
References rend_service_free(), and smartlist_free().
Referenced by tor_free_all().
| static rend_service_t* rend_service_get_by_pk_digest | ( | const char * | digest | ) | [static] |
Return the service whose public key has a digest of digest, or NULL if no such service exists.
References DIGEST_LEN.
Referenced by rend_service_intro_established(), rend_service_intro_has_opened(), rend_service_introduce(), rend_service_rendezvous_has_opened(), and rend_service_set_connection_addr_port().
| int rend_service_intro_established | ( | origin_circuit_t * | circuit, | |
| const char * | request, | |||
| size_t | request_len | |||
| ) |
Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a live introduction point, and note that the service descriptor is now out-of-date.
References origin_circuit_t::_base, base32_encode(), CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, CIRCUIT_PURPOSE_S_INTRO, rend_service_t::desc_is_dirty, LD_PROTOCOL, LD_REND, circuit_t::n_circ_id, circuit_t::purpose, origin_circuit_t::rend_data, rend_data_t::rend_pk_digest, rend_service_get_by_pk_digest(), REND_SERVICE_ID_LEN, REND_SERVICE_ID_LEN_BASE32, TO_CIRCUIT, and tor_assert.
Referenced by rend_process_relay_cell().
| void rend_service_intro_has_opened | ( | origin_circuit_t * | circuit | ) |
Called when we're done building a circuit to an introduction point: sends a RELAY_ESTABLISH_INTRO cell.
References origin_circuit_t::_base, base32_encode(), circuit_has_opened(), CIRCUIT_PURPOSE_C_GENERAL, CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, count_established_intro_points(), origin_circuit_t::cpath, crypto_digest(), crypto_pk_asn1_encode(), crypto_pk_private_sign_digest(), DIGEST_LEN, crypt_path_t::handshake_digest, origin_circuit_t::intro_key, LD_BUG, LD_CIRC, LD_GENERAL, LD_REND, circuit_t::n_circ_id, note_crypto_pk_op(), NUM_INTRO_POINTS, crypt_path_t::prev, circuit_t::purpose, RELAY_PAYLOAD_SIZE, relay_send_command_from_edge(), origin_circuit_t::rend_data, rend_data_t::rend_pk_digest, rend_service_get_by_pk_digest(), REND_SERVICE_ID_LEN, REND_SERVICE_ID_LEN_BASE32, set_uint16(), TO_CIRCUIT, and tor_assert.
Referenced by circuit_has_opened(), and rend_service_launch_establish_intro().
| int rend_service_introduce | ( | origin_circuit_t * | circuit, | |
| const char * | request, | |||
| size_t | request_len | |||
| ) |
Respond to an INTRODUCE2 cell by launching a circuit to the chosen rendezvous point.
References origin_circuit_t::_base, rend_service_t::accepted_intros, extend_info_t::addr, base16_encode(), base32_encode(), origin_circuit_t::build_state, CIRCLAUNCH_IS_INTERNAL, CIRCLAUNCH_NEED_CAPACITY, CIRCLAUNCH_NEED_UPTIME, circuit_init_cpath_crypto(), circuit_launch_by_extend_info(), CIRCUIT_PURPOSE_S_CONNECT_REND, CIRCUIT_PURPOSE_S_INTRO, clean_accepted_intros(), rend_service_t::clients, crypto_dh_compute_secret(), crypto_dh_free(), crypto_dh_generate_public(), crypto_dh_new(), crypto_digest_add_bytes(), crypto_digest_get_digest(), crypto_free_digest_env(), crypto_new_digest_env(), crypto_pk_asn1_decode(), crypto_pk_get_digest(), crypto_pk_keysize(), crypto_pk_private_hybrid_decrypt(), crypt_path_t::dh_handshake_state, DIGEST_LEN, digestmap_get(), digestmap_new(), digestmap_set(), escaped(), escaped_safe_str_client(), cpath_build_state_t::expiry_time, extend_info_free(), extend_info_from_router(), get_uint16(), get_uint32(), crypt_path_t::handshake_digest, extend_info_t::identity_digest, origin_circuit_t::intro_key, is_legal_nickname(), is_legal_nickname_or_hexdigest(), rend_service_t::last_cleaned_accepted_intros, LD_BUG, LD_PROTOCOL, LD_REND, crypt_path_t::magic, MAX_HEX_NICKNAME_LEN, MAX_NICKNAME_LEN, MAX_REND_FAILURES, MAX_REND_TIMEOUT, circuit_t::n_circ_id, extend_info_t::nickname, note_crypto_pk_op(), rend_data_t::onion_address, extend_info_t::onion_key, cpath_build_state_t::pending_final_cpath, PK_PKCS1_OAEP_PADDING, extend_info_t::port, circuit_t::purpose, RELAY_PAYLOAD_SIZE, rend_check_authorization(), rend_data_t::rend_cookie, REND_COOKIE_LEN, origin_circuit_t::rend_data, REND_DESC_COOKIE_LEN, rend_data_t::rend_pk_digest, REND_REPLAY_TIME_INTERVAL, rend_service_get_by_pk_digest(), REND_SERVICE_ID_LEN, REND_SERVICE_ID_LEN_BASE32, rend_service_requires_uptime(), rep_hist_note_used_internal(), router_get_by_nickname(), rend_service_t::service_id, TO_CIRCUIT, tor_addr_from_ipv4n(), and tor_assert.
Referenced by rend_process_relay_cell().
| static int rend_service_launch_establish_intro | ( | rend_service_t * | service, | |
| rend_intro_point_t * | intro | |||
| ) | [static] |
Launch a circuit to serve as an introduction point for the service service at the introduction point nickname
References origin_circuit_t::_base, base16_encode(), origin_circuit_t::build_state, cpath_build_state_t::chosen_exit, CIRCLAUNCH_IS_INTERNAL, CIRCLAUNCH_NEED_UPTIME, circuit_launch_by_extend_info(), CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, CIRCUIT_STATE_OPEN, crypto_pk_dup_key(), DIGEST_LEN, escaped_safe_str_client(), rend_intro_point_t::extend_info, extend_info_dup(), extend_info_free(), HEX_DIGEST_LEN, extend_info_t::identity_digest, rend_intro_point_t::intro_key, origin_circuit_t::intro_key, LD_REND, rend_service_t::n_intro_circuits_launched, extend_info_t::nickname, rend_data_t::onion_address, rend_service_t::pk_digest, origin_circuit_t::rend_data, rend_data_t::rend_pk_digest, rend_service_intro_has_opened(), rep_hist_note_used_internal(), rend_service_t::service_id, and circuit_t::state.
| int rend_service_load_keys | ( | void | ) |
Load and/or generate private keys for all hidden services, possibly including keys for client authorization. Return 0 on success, -1 on failure.
References abort_writing_to_file(), base64_encode(), check_private_dir(), rend_authorized_client_t::client_key, crypto_free_pk_env(), crypto_new_pk_env(), crypto_pk_check_key(), crypto_pk_dup_key(), crypto_pk_get_digest(), crypto_pk_write_private_key_to_string(), crypto_rand(), rend_authorized_client_t::descriptor_cookie, escaped(), finish_writing_to_file(), init_key_from_file(), LD_BUG, LD_CONFIG, LD_FS, LD_REND, read_file_to_str(), rend_authorized_client_strmap_item_free(), REND_DESC_COOKIE_LEN, REND_DESC_COOKIE_LEN_BASE64, rend_get_service_id(), rend_parse_client_keys(), RFTS_IGNORE_MISSING, start_writing_to_stdio_file(), strmap_free(), strmap_get(), strmap_size(), tor_free, tor_snprintf(), and write_str_to_file().
Referenced by options_act().
| void rend_service_relaunch_rendezvous | ( | origin_circuit_t * | oldcirc | ) |
Called when we fail building a rendezvous circuit at some point other than the last hop: launches a new circuit to the same rendezvous point.
References origin_circuit_t::_base, origin_circuit_t::build_state, cpath_build_state_t::chosen_exit, CIRCLAUNCH_IS_INTERNAL, CIRCLAUNCH_NEED_CAPACITY, circuit_launch_by_extend_info(), CIRCUIT_PURPOSE_S_CONNECT_REND, cpath_build_state_t::expiry_time, cpath_build_state_t::failure_count, LD_REND, MAX_REND_FAILURES, extend_info_t::nickname, cpath_build_state_t::pending_final_cpath, circuit_t::purpose, origin_circuit_t::rend_data, rend_data_dup(), and tor_assert.
Referenced by circuit_build_failed().
| void rend_service_rendezvous_has_opened | ( | origin_circuit_t * | circuit | ) |
Called once a circuit to a rendezvous point is established: sends a RELAY_COMMAND_RENDEZVOUS1 cell.
References origin_circuit_t::_base, base16_encode(), base32_encode(), origin_circuit_t::build_state, circuit_initial_package_window(), CIRCUIT_PURPOSE_S_CONNECT_REND, CIRCUIT_PURPOSE_S_REND_JOINED, CIRCWINDOW_START, origin_circuit_t::cpath, crypto_dh_free(), crypto_dh_get_public(), crypt_path_t::deliver_window, crypt_path_t::dh_handshake_state, DIGEST_LEN, crypt_path_t::handshake_digest, LD_GENERAL, LD_REND, circuit_t::n_circ_id, onion_append_to_cpath(), crypt_path_t::package_window, cpath_build_state_t::pending_final_cpath, crypt_path_t::prev, circuit_t::purpose, RELAY_PAYLOAD_SIZE, relay_send_command_from_edge(), rend_data_t::rend_cookie, REND_COOKIE_LEN, origin_circuit_t::rend_data, rend_data_t::rend_pk_digest, rend_service_get_by_pk_digest(), REND_SERVICE_ID_LEN, REND_SERVICE_ID_LEN_BASE32, crypt_path_t::state, TO_CIRCUIT, and tor_assert.
Referenced by circuit_has_opened().
| static int rend_service_requires_uptime | ( | rend_service_t * | service | ) | [static] |
Return 1 if any virtual port in service wants a circuit to have good uptime. Else return 0.
References get_options(), rend_service_t::ports, smartlist_string_num_isin(), and rend_service_port_config_t::virtual_port.
Referenced by rend_service_introduce().
| int rend_service_set_connection_addr_port | ( | edge_connection_t * | conn, | |
| origin_circuit_t * | circ | |||
| ) |
Given conn, a rendezvous exit stream, look up the hidden service for 'circ', and look up the port and address based on conn->port. Assign the actual conn->addr and conn->port. Return -1 if failure, or 0 for success.
References edge_connection_t::_base, origin_circuit_t::_base, base32_encode(), CIRCUIT_PURPOSE_S_REND_JOINED, LD_REND, circuit_t::n_circ_id, connection_t::port, rend_service_t::ports, circuit_t::purpose, origin_circuit_t::rend_data, rend_data_t::rend_pk_digest, rend_service_get_by_pk_digest(), REND_SERVICE_ID_LEN, REND_SERVICE_ID_LEN_BASE32, smartlist_add(), smartlist_create(), and tor_assert.
Referenced by connection_exit_begin_conn().
| static void rend_service_update_descriptor | ( | rend_service_t * | service | ) | [static] |
Replace the old value of service->desc with one that reflects the other fields in service.
References origin_circuit_t::_base, CIRCUIT_PURPOSE_S_INTRO, crypto_pk_dup_key(), rend_service_t::desc, rend_intro_point_t::extend_info, extend_info_dup(), find_intro_circuit(), rend_intro_point_t::intro_key, rend_service_t::intro_nodes, rend_service_descriptor_t::intro_nodes, rend_service_descriptor_t::pk, rend_service_t::pk_digest, rend_service_t::private_key, rend_service_descriptor_t::protocols, circuit_t::purpose, rend_service_descriptor_free(), smartlist_add(), smartlist_create(), and rend_service_descriptor_t::timestamp.
Referenced by rend_consider_services_upload().
| void rend_services_introduce | ( | void | ) |
For every service, check how many intro points it currently has, and:
References rend_service_t::desc, rend_service_t::desc_is_dirty, DIGEST_LEN, rend_intro_point_t::extend_info, find_intro_circuit(), get_options(), extend_info_t::identity_digest, INTRO_CIRC_RETRY_PERIOD, rend_service_descriptor_t::intro_nodes, rend_service_t::intro_nodes, rend_service_t::intro_period_started, LD_REND, MAX_INTRO_CIRCS_PER_PERIOD, rend_service_t::n_intro_circuits_launched, extend_info_t::nickname, rend_service_t::pk_digest, rend_intro_point_free(), router_get_by_digest(), rend_service_t::service_id, smartlist_add(), smartlist_clear(), smartlist_create(), smartlist_del(), and tor_assert.
Referenced by circuit_build_needed_circs().
| static void upload_service_descriptor | ( | rend_service_t * | service | ) | [static] |
Encode and sign an up-to-date service descriptor for service, and upload it/them to the responsible hidden service directories.
References rend_service_t::auth_type, rend_authorized_client_t::client_key, rend_service_t::clients, rend_service_t::desc, rend_service_t::desc_is_dirty, rend_authorized_client_t::descriptor_cookie, directory_post_to_hs_dir(), get_options(), LD_BUG, LD_REND, networkstatus_get_latest_consensus(), rend_service_t::next_upload_time, rend_service_descriptor_t::pk, rend_encode_v2_descriptors(), rend_encoded_v2_service_descriptor_free(), rend_get_service_id(), REND_SERVICE_ID_LEN_BASE32, REND_TIME_PERIOD_OVERLAPPING_V2_DESCS, or_options_t::RendPostPeriod, networkstatus_t::routerstatus_list, smartlist_add(), smartlist_clear(), smartlist_create(), and smartlist_free().
Referenced by rend_consider_descriptor_republication(), and rend_consider_services_upload().
int consider_republishing_rend_descriptors = 1 [static] |
True if the list of available router descriptors might have changed so that we should have a look whether we can republish previously failed rendezvous service descriptors.
smartlist_t* rend_service_list = NULL [static] |
A list of rend_service_t's for services run on this OP.
1.5.6