or.h

Go to the documentation of this file.

/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#ifndef TOR_OR_H
#define TOR_OR_H

#include "orconfig.h"

#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h> /* FreeBSD needs this to know what version it is */
#endif
#include "torint.h"
#ifdef HAVE_SYS_FCNTL_H
#include <sys/fcntl.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
#ifdef HAVE_ASSERT_H
#include <assert.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif

#ifdef _WIN32
#include <winsock2.h>
#include <io.h>
#include <process.h>
#include <direct.h>
#include <windows.h>
#endif /* defined(_WIN32) */

#include "crypto.h"
#include "crypto_format.h"
#include "tortls.h"
#include "torlog.h"
#include "container.h"
#include "compress.h"
#include "address.h"
#include "compat_libevent.h"
#include "ht.h"
#include "confline.h"
#include "replaycache.h"
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
#include "tor_queue.h"
#include "token_bucket.h"
#include "util_format.h"
#include "hs_circuitmap.h"

/* These signals are defined to help handle_control_signal work.
 */
#ifndef SIGHUP
#define SIGHUP 1
#endif
#ifndef SIGINT
#define SIGINT 2
#endif
#ifndef SIGUSR1
#define SIGUSR1 10
#endif
#ifndef SIGUSR2
#define SIGUSR2 12
#endif
#ifndef SIGTERM
#define SIGTERM 15
#endif
/* Controller signals start at a high number so we don't
 * conflict with system-defined signals. */
#define SIGNEWNYM 129
#define SIGCLEARDNSCACHE 130
#define SIGHEARTBEAT 131

#if (SIZEOF_CELL_T != 0)
/* On Irix, stdlib.h defines a cell_t type, so we need to make sure
 * that our stuff always calls cell_t something different. */
#define cell_t tor_cell_t
#endif

#ifdef ENABLE_TOR2WEB_MODE
#define NON_ANONYMOUS_MODE_ENABLED 1
#endif

#define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))

#define MAX_NICKNAME_LEN 19

#define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)

#define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)

#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */

#define MAX_DIR_DL_SIZE MAX_BUF_SIZE

#define MAX_HEADERS_SIZE 50000

#define MAX_DIR_UL_SIZE MAX_BUF_SIZE

#define MAX_DESCRIPTOR_UPLOAD_SIZE 20000

#define MAX_EXTRAINFO_UPLOAD_SIZE 50000

#define MIN_ONION_KEY_LIFETIME_DAYS (1)

#define MAX_ONION_KEY_LIFETIME_DAYS (90)

#define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)

#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)

#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)

#define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)

#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)

#define ROUTER_MAX_AGE (60*60*48)

#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)

#define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)

typedef enum {
  CIRC_ID_TYPE_LOWER=0, 
  CIRC_ID_TYPE_HIGHER=1, 
  CIRC_ID_TYPE_NEITHER=2
} circ_id_type_t;
#define circ_id_type_bitfield_t ENUM_BF(circ_id_type_t)

#define CONN_TYPE_MIN_ 3

#define CONN_TYPE_OR_LISTENER 3

#define CONN_TYPE_OR 4

#define CONN_TYPE_EXIT 5

#define CONN_TYPE_AP_LISTENER 6

#define CONN_TYPE_AP 7

#define CONN_TYPE_DIR_LISTENER 8

#define CONN_TYPE_DIR 9
/* Type 10 is unused. */
#define CONN_TYPE_CONTROL_LISTENER 11

#define CONN_TYPE_CONTROL 12

#define CONN_TYPE_AP_TRANS_LISTENER 13

#define CONN_TYPE_AP_NATD_LISTENER 14

#define CONN_TYPE_AP_DNS_LISTENER 15

#define CONN_TYPE_EXT_OR 16

#define CONN_TYPE_EXT_OR_LISTENER 17

#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18

#define CONN_TYPE_MAX_ 19
/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in
 * connection_t. */

/* Proxy client types */
#define PROXY_NONE 0
#define PROXY_CONNECT 1
#define PROXY_SOCKS4 2
#define PROXY_SOCKS5 3
/* !!!! If there is ever a PROXY_* type over 3, we must grow the proxy_type
 * field in or_connection_t */

/* Pluggable transport proxy type. Don't use this in or_connection_t,
 * instead use the actual underlying proxy type (see above).  */
#define PROXY_PLUGGABLE 4

/* Proxy client handshake states */
/* We use a proxy but we haven't even connected to it yet. */
#define PROXY_INFANT 1
/* We use an HTTP proxy and we've sent the CONNECT command. */
#define PROXY_HTTPS_WANT_CONNECT_OK 2
/* We use a SOCKS4 proxy and we've sent the CONNECT command. */
#define PROXY_SOCKS4_WANT_CONNECT_OK 3
/* We use a SOCKS5 proxy and we try to negotiate without
   any authentication . */
#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4
/* We use a SOCKS5 proxy and we try to negotiate with
   Username/Password authentication . */
#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5
/* We use a SOCKS5 proxy and we just sent our credentials. */
#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6
/* We use a SOCKS5 proxy and we just sent our CONNECT command. */
#define PROXY_SOCKS5_WANT_CONNECT_OK 7
/* We use a proxy and we CONNECTed successfully!. */
#define PROXY_CONNECTED 8

#define CONN_IS_EDGE(x) \
  ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)

#define LISTENER_STATE_READY 0

#define OR_CONN_STATE_MIN_ 1

#define OR_CONN_STATE_CONNECTING 1

#define OR_CONN_STATE_PROXY_HANDSHAKING 2

#define OR_CONN_STATE_TLS_HANDSHAKING 3

#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4

#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5

#define OR_CONN_STATE_OR_HANDSHAKING_V2 6

#define OR_CONN_STATE_OR_HANDSHAKING_V3 7

#define OR_CONN_STATE_OPEN 8
#define OR_CONN_STATE_MAX_ 8

#define EXT_OR_CONN_STATE_MIN_ 1

#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1

#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2

#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
#define EXT_OR_CONN_STATE_AUTH_MAX 3

#define EXT_OR_CONN_STATE_OPEN 4

#define EXT_OR_CONN_STATE_FLUSHING 5
#define EXT_OR_CONN_STATE_MAX_ 5

#define EXIT_CONN_STATE_MIN_ 1

#define EXIT_CONN_STATE_RESOLVING 1

#define EXIT_CONN_STATE_CONNECTING 2

#define EXIT_CONN_STATE_OPEN 3

#define EXIT_CONN_STATE_RESOLVEFAILED 4
#define EXIT_CONN_STATE_MAX_ 4

/* The AP state values must be disjoint from the EXIT state values. */
#define AP_CONN_STATE_MIN_ 5

#define AP_CONN_STATE_SOCKS_WAIT 5

#define AP_CONN_STATE_RENDDESC_WAIT 6

#define AP_CONN_STATE_CONTROLLER_WAIT 7

#define AP_CONN_STATE_CIRCUIT_WAIT 8

#define AP_CONN_STATE_CONNECT_WAIT 9

#define AP_CONN_STATE_RESOLVE_WAIT 10

#define AP_CONN_STATE_OPEN 11

#define AP_CONN_STATE_NATD_WAIT 12

#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
#define AP_CONN_STATE_MAX_ 13

#define AP_CONN_STATE_IS_UNATTACHED(s) \
  ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)

#define DIR_CONN_STATE_MIN_ 1

#define DIR_CONN_STATE_CONNECTING 1

#define DIR_CONN_STATE_CLIENT_SENDING 2

#define DIR_CONN_STATE_CLIENT_READING 3

#define DIR_CONN_STATE_CLIENT_FINISHED 4

#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5

#define DIR_CONN_STATE_SERVER_WRITING 6
#define DIR_CONN_STATE_MAX_ 6

#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)

#define CONTROL_CONN_STATE_MIN_ 1

#define CONTROL_CONN_STATE_OPEN 1

#define CONTROL_CONN_STATE_NEEDAUTH 2
#define CONTROL_CONN_STATE_MAX_ 2

#define DIR_PURPOSE_MIN_ 4

#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4

#define DIR_PURPOSE_FETCH_SERVERDESC 6

#define DIR_PURPOSE_FETCH_EXTRAINFO 7

#define DIR_PURPOSE_UPLOAD_DIR 8

#define DIR_PURPOSE_UPLOAD_VOTE 10

#define DIR_PURPOSE_UPLOAD_SIGNATURES 11

#define DIR_PURPOSE_FETCH_STATUS_VOTE 12

#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13

#define DIR_PURPOSE_FETCH_CONSENSUS 14

#define DIR_PURPOSE_FETCH_CERTIFICATE 15

#define DIR_PURPOSE_SERVER 16

#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17

#define DIR_PURPOSE_FETCH_RENDDESC_V2 18

#define DIR_PURPOSE_FETCH_MICRODESC 19

#define DIR_PURPOSE_UPLOAD_HSDESC 20

#define DIR_PURPOSE_FETCH_HSDESC 21

#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22
#define DIR_PURPOSE_MAX_ 22

#define DIR_PURPOSE_IS_UPLOAD(p)                \
  ((p)==DIR_PURPOSE_UPLOAD_DIR ||               \
   (p)==DIR_PURPOSE_UPLOAD_VOTE ||              \
   (p)==DIR_PURPOSE_UPLOAD_SIGNATURES ||        \
   (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 ||       \
   (p)==DIR_PURPOSE_UPLOAD_HSDESC)

#define EXIT_PURPOSE_MIN_ 1

#define EXIT_PURPOSE_CONNECT 1

#define EXIT_PURPOSE_RESOLVE 2
#define EXIT_PURPOSE_MAX_ 2

/* !!!! If any connection purpose is ever over 31, we must grow the type
 * field in connection_t. */

#define CIRCUIT_STATE_BUILDING 0

#define CIRCUIT_STATE_ONIONSKIN_PENDING 1

#define CIRCUIT_STATE_CHAN_WAIT 2

#define CIRCUIT_STATE_GUARD_WAIT 3

#define CIRCUIT_STATE_OPEN 4

#define CIRCUIT_PURPOSE_MIN_ 1

/* these circuits were initiated elsewhere */
#define CIRCUIT_PURPOSE_OR_MIN_ 1

#define CIRCUIT_PURPOSE_OR 1

#define CIRCUIT_PURPOSE_INTRO_POINT 2

#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3

#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
#define CIRCUIT_PURPOSE_OR_MAX_ 4

/* these circuits originate at this node */

/* here's how circ client-side purposes work:
 *   normal circuits are C_GENERAL.
 *   circuits that are c_introducing are either on their way to
 *     becoming open, or they are open and waiting for a
 *     suitable rendcirc before they send the intro.
 *   circuits that are c_introduce_ack_wait have sent the intro,
 *     but haven't gotten a response yet.
 *   circuits that are c_establish_rend are either on their way
 *     to becoming open, or they are open and have sent the
 *     establish_rendezvous cell but haven't received an ack.
 *   circuits that are c_rend_ready are open and have received a
 *     rend ack, but haven't heard from the service yet. if they have a
 *     buildstate->pending_final_cpath then they're expecting a
 *     cell from the service, else they're not.
 *   circuits that are c_rend_ready_intro_acked are open, and
 *     some intro circ has sent its intro and received an ack.
 *   circuits that are c_rend_joined are open, have heard from
 *     the service, and are talking to it.
 */
#define CIRCUIT_PURPOSE_C_GENERAL 5
#define CIRCUIT_PURPOSE_C_HS_MIN_ 6

#define CIRCUIT_PURPOSE_C_INTRODUCING 6

#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7

#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8

#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9

#define CIRCUIT_PURPOSE_C_REND_READY 10

#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11

#define CIRCUIT_PURPOSE_C_REND_JOINED 12

#define CIRCUIT_PURPOSE_C_HSDIR_GET 13
#define CIRCUIT_PURPOSE_C_HS_MAX_ 13

#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14
#define CIRCUIT_PURPOSE_C_MAX_ 14

#define CIRCUIT_PURPOSE_S_HS_MIN_ 15

#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15

#define CIRCUIT_PURPOSE_S_INTRO 16

#define CIRCUIT_PURPOSE_S_CONNECT_REND 17

#define CIRCUIT_PURPOSE_S_REND_JOINED 18

#define CIRCUIT_PURPOSE_S_HSDIR_POST 19
#define CIRCUIT_PURPOSE_S_HS_MAX_ 19

#define CIRCUIT_PURPOSE_TESTING 20

#define CIRCUIT_PURPOSE_CONTROLLER 21

#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22

#define CIRCUIT_PURPOSE_HS_VANGUARDS 23

#define CIRCUIT_PURPOSE_MAX_ 23

#define CIRCUIT_PURPOSE_UNKNOWN 255

#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_)

#define CIRCUIT_PURPOSE_IS_CLIENT(p)  \
  ((p)> CIRCUIT_PURPOSE_OR_MAX_ &&    \
   (p)<=CIRCUIT_PURPOSE_C_MAX_)

#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))

#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
  ((p) == CIRCUIT_PURPOSE_C_REND_JOINED ||     \
   (p) == CIRCUIT_PURPOSE_S_REND_JOINED)

#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC)

#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \
    ((p) == CIRCUIT_PURPOSE_C_GENERAL || \
     (p) == CIRCUIT_PURPOSE_C_HSDIR_GET)

#define MIN_CIRCUITS_HANDLING_STREAM 2

/* These RELAY_COMMAND constants define values for relay cell commands, and
* must match those defined in tor-spec.txt. */
#define RELAY_COMMAND_BEGIN 1
#define RELAY_COMMAND_DATA 2
#define RELAY_COMMAND_END 3
#define RELAY_COMMAND_CONNECTED 4
#define RELAY_COMMAND_SENDME 5
#define RELAY_COMMAND_EXTEND 6
#define RELAY_COMMAND_EXTENDED 7
#define RELAY_COMMAND_TRUNCATE 8
#define RELAY_COMMAND_TRUNCATED 9
#define RELAY_COMMAND_DROP 10
#define RELAY_COMMAND_RESOLVE 11
#define RELAY_COMMAND_RESOLVED 12
#define RELAY_COMMAND_BEGIN_DIR 13
#define RELAY_COMMAND_EXTEND2 14
#define RELAY_COMMAND_EXTENDED2 15

#define RELAY_COMMAND_ESTABLISH_INTRO 32
#define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
#define RELAY_COMMAND_INTRODUCE1 34
#define RELAY_COMMAND_INTRODUCE2 35
#define RELAY_COMMAND_RENDEZVOUS1 36
#define RELAY_COMMAND_RENDEZVOUS2 37
#define RELAY_COMMAND_INTRO_ESTABLISHED 38
#define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
#define RELAY_COMMAND_INTRODUCE_ACK 40

/* Reasons why an OR connection is closed. */
#define END_OR_CONN_REASON_DONE           1
#define END_OR_CONN_REASON_REFUSED        2 /* connection refused */
#define END_OR_CONN_REASON_OR_IDENTITY    3
#define END_OR_CONN_REASON_CONNRESET      4 /* connection reset by peer */
#define END_OR_CONN_REASON_TIMEOUT        5
#define END_OR_CONN_REASON_NO_ROUTE       6 /* no route to host/net */
#define END_OR_CONN_REASON_IO_ERROR       7 /* read/write error */
#define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
#define END_OR_CONN_REASON_PT_MISSING     9 /* PT failed or not available */
#define END_OR_CONN_REASON_MISC           10

/* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
 * documentation of these.  The values must match. */
#define END_STREAM_REASON_MISC 1
#define END_STREAM_REASON_RESOLVEFAILED 2
#define END_STREAM_REASON_CONNECTREFUSED 3
#define END_STREAM_REASON_EXITPOLICY 4
#define END_STREAM_REASON_DESTROY 5
#define END_STREAM_REASON_DONE 6
#define END_STREAM_REASON_TIMEOUT 7
#define END_STREAM_REASON_NOROUTE 8
#define END_STREAM_REASON_HIBERNATING 9
#define END_STREAM_REASON_INTERNAL 10
#define END_STREAM_REASON_RESOURCELIMIT 11
#define END_STREAM_REASON_CONNRESET 12
#define END_STREAM_REASON_TORPROTOCOL 13
#define END_STREAM_REASON_NOTDIRECTORY 14
#define END_STREAM_REASON_ENTRYPOLICY 15

/* These high-numbered end reasons are not part of the official spec,
 * and are not intended to be put in relay end cells. They are here
 * to be more informative when sending back socks replies to the
 * application. */
/* XXXX 256 is no longer used; feel free to reuse it. */
/* XXXX the ways we use this one don't make a lot of sense. */
#define END_STREAM_REASON_CANT_ATTACH 257

#define END_STREAM_REASON_NET_UNREACHABLE 258

#define END_STREAM_REASON_SOCKSPROTOCOL 259

#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260

#define END_STREAM_REASON_INVALID_NATD_DEST 261

#define END_STREAM_REASON_PRIVATE_ADDR 262

#define END_STREAM_REASON_HTTPPROTOCOL 263

#define END_STREAM_REASON_MASK 511

#define END_STREAM_REASON_FLAG_REMOTE 512

#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024

#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048

#define REMAP_STREAM_SOURCE_CACHE 1

#define REMAP_STREAM_SOURCE_EXIT 2

/* 'type' values to use in RESOLVED cells.  Specified in tor-spec.txt. */
#define RESOLVED_TYPE_HOSTNAME 0
#define RESOLVED_TYPE_IPV4 4
#define RESOLVED_TYPE_IPV6 6
#define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
#define RESOLVED_TYPE_ERROR 0xF1

/* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
 * call; they only go to the controller for tracking  */

/* Closing introduction point that were opened in parallel. */
#define END_CIRC_REASON_IP_NOW_REDUNDANT -4

#define END_CIRC_REASON_MEASUREMENT_EXPIRED -3

#define END_CIRC_REASON_NOPATH          -2

#define END_CIRC_AT_ORIGIN              -1

/* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt
 * section 5.4 for documentation of these. */
#define END_CIRC_REASON_MIN_            0
#define END_CIRC_REASON_NONE            0
#define END_CIRC_REASON_TORPROTOCOL     1
#define END_CIRC_REASON_INTERNAL        2
#define END_CIRC_REASON_REQUESTED       3
#define END_CIRC_REASON_HIBERNATING     4
#define END_CIRC_REASON_RESOURCELIMIT   5
#define END_CIRC_REASON_CONNECTFAILED   6
#define END_CIRC_REASON_OR_IDENTITY     7
#define END_CIRC_REASON_CHANNEL_CLOSED  8
#define END_CIRC_REASON_FINISHED        9
#define END_CIRC_REASON_TIMEOUT         10
#define END_CIRC_REASON_DESTROYED       11
#define END_CIRC_REASON_NOSUCHSERVICE   12
#define END_CIRC_REASON_MAX_            12

#define END_CIRC_REASON_FLAG_REMOTE     512

#define REND_SERVICE_ID_LEN_BASE32 16

#define REND_SERVICE_ADDRESS_LEN (16+1+5)

#define REND_SERVICE_ID_LEN 10

#define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)

#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS (60*60)

#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS 2

#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS 3

#define REND_DESC_ID_V2_LEN_BASE32 BASE32_DIGEST_LEN

#define REND_SECRET_ID_PART_LEN_BASE32 BASE32_DIGEST_LEN

#define REND_INTRO_POINT_ID_LEN_BASE32 BASE32_DIGEST_LEN

#define REND_DESC_COOKIE_LEN 16

#define REND_DESC_COOKIE_LEN_BASE64 22

#define REND_BASIC_AUTH_CLIENT_ID_LEN 4

#define REND_BASIC_AUTH_CLIENT_MULTIPLE 16

#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN (REND_BASIC_AUTH_CLIENT_ID_LEN \
                                          + CIPHER_KEY_LEN)

#define REND_DESC_MAX_SIZE (20 * 1024)

#define REND_LEGAL_CLIENTNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-_"

#define REND_CLIENTNAME_MAX_LEN 16

#define REND_COOKIE_LEN DIGEST_LEN

typedef enum rend_auth_type_t {
  REND_NO_AUTH      = 0,
  REND_BASIC_AUTH   = 1,
  REND_STEALTH_AUTH = 2,
} rend_auth_type_t;

typedef struct rend_service_authorization_t {
  uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN];
  char onion_address[REND_SERVICE_ADDRESS_LEN+1];
  rend_auth_type_t auth_type;
} rend_service_authorization_t;

typedef struct rend_data_t {
  /* Hidden service protocol version of this base object. */
  uint32_t version;

  smartlist_t *hsdirs_fp;

  char rend_cookie[REND_COOKIE_LEN];

  int nr_streams;
} rend_data_t;

typedef struct rend_data_v2_t {
  /* Rendezvous base data. */
  rend_data_t base_;

  char onion_address[REND_SERVICE_ID_LEN_BASE32+1];

  char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN];

  char descriptor_cookie[REND_DESC_COOKIE_LEN];

  rend_auth_type_t auth_type;

  char desc_id_fetch[DIGEST_LEN];

  char rend_pk_digest[DIGEST_LEN];
} rend_data_v2_t;

/* From a base rend_data_t object <b>d</d>, return the v2 object. */
static inline
rend_data_v2_t *TO_REND_DATA_V2(const rend_data_t *d)
{
  tor_assert(d);
  tor_assert(d->version == 2);
  return DOWNCAST(rend_data_v2_t, d);
}

/* Stub because we can't include hs_ident.h. */
struct hs_ident_edge_conn_t;
struct hs_ident_dir_conn_t;
struct hs_ident_circuit_t;

/* Hidden service directory index used in a node_t which is set once we set
 * the consensus. */
typedef struct hsdir_index_t {
  /* HSDir index to use when fetching a descriptor. */
  uint8_t fetch[DIGEST256_LEN];

  /* HSDir index used by services to store their first and second
   * descriptor. The first descriptor is chronologically older than the second
   * one and uses older TP and SRV values. */
  uint8_t store_first[DIGEST256_LEN];
  uint8_t store_second[DIGEST256_LEN];
} hsdir_index_t;

#define REND_REPLAY_TIME_INTERVAL (5 * 60)

typedef enum {
  CELL_DIRECTION_IN=1, 
  CELL_DIRECTION_OUT=2, 
} cell_direction_t;

#define CIRCWINDOW_START 1000
#define CIRCWINDOW_START_MIN 100
#define CIRCWINDOW_START_MAX 1000

#define CIRCWINDOW_INCREMENT 100

#define STREAMWINDOW_START 500

#define STREAMWINDOW_INCREMENT 50

#define ORCIRC_MAX_MIDDLE_CELLS (CIRCWINDOW_START_MAX*2)

#define ORCIRC_MAX_MIDDLE_KILL_THRESH (1.1f)

/* Cell commands.  These values are defined in tor-spec.txt. */
#define CELL_PADDING 0
#define CELL_CREATE 1
#define CELL_CREATED 2
#define CELL_RELAY 3
#define CELL_DESTROY 4
#define CELL_CREATE_FAST 5
#define CELL_CREATED_FAST 6
#define CELL_VERSIONS 7
#define CELL_NETINFO 8
#define CELL_RELAY_EARLY 9
#define CELL_CREATE2 10
#define CELL_CREATED2 11
#define CELL_PADDING_NEGOTIATE 12

#define CELL_VPADDING 128
#define CELL_CERTS 129
#define CELL_AUTH_CHALLENGE 130
#define CELL_AUTHENTICATE 131
#define CELL_AUTHORIZE 132
#define CELL_COMMAND_MAX_ 132

#define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)

#define LEGAL_NICKNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

#define DEFAULT_CLIENT_NICKNAME "client"

#define UNNAMED_ROUTER_NICKNAME "Unnamed"

#define SOCKS4_NETWORK_LEN 8

/*
 * Relay payload:
 *         Relay command           [1 byte]
 *         Recognized              [2 bytes]
 *         Stream ID               [2 bytes]
 *         Partial SHA-1           [4 bytes]
 *         Length                  [2 bytes]
 *         Relay payload           [498 bytes]
 */

#define CELL_PAYLOAD_SIZE 509

#define CELL_MAX_NETWORK_SIZE 514

#define VAR_CELL_MAX_HEADER_SIZE 7

static int get_cell_network_size(int wide_circ_ids);
static inline int get_cell_network_size(int wide_circ_ids)
{
  return wide_circ_ids ? CELL_MAX_NETWORK_SIZE : CELL_MAX_NETWORK_SIZE - 2;
}
static int get_var_cell_header_size(int wide_circ_ids);
static inline int get_var_cell_header_size(int wide_circ_ids)
{
  return wide_circ_ids ? VAR_CELL_MAX_HEADER_SIZE :
    VAR_CELL_MAX_HEADER_SIZE - 2;
}
static int get_circ_id_size(int wide_circ_ids);
static inline int get_circ_id_size(int wide_circ_ids)
{
  return wide_circ_ids ? 4 : 2;
}

#define RELAY_HEADER_SIZE (1+2+2+4+2)

#define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)

typedef uint32_t circid_t;
typedef uint16_t streamid_t;

/* channel_t typedef; struct channel_s is in channel.h */

typedef struct channel_s channel_t;

/* channel_listener_t typedef; struct channel_listener_s is in channel.h */

typedef struct channel_listener_s channel_listener_t;

/* channel states for channel_t */

typedef enum {
  /*
   * Closed state - channel is inactive
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSING
   * Permitted transitions to:
   *   - CHANNEL_STATE_OPENING
   */
  CHANNEL_STATE_CLOSED = 0,
  /*
   * Opening state - channel is trying to connect
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSED
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_ERROR
   *   - CHANNEL_STATE_OPEN
   */
  CHANNEL_STATE_OPENING,
  /*
   * Open state - channel is active and ready for use
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_MAINT
   *   - CHANNEL_STATE_OPENING
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_ERROR
   *   - CHANNEL_STATE_MAINT
   */
  CHANNEL_STATE_OPEN,
  /*
   * Maintenance state - channel is temporarily offline for subclass specific
   *   maintenance activities such as TLS renegotiation.
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_OPEN
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_ERROR
   *   - CHANNEL_STATE_OPEN
   */
  CHANNEL_STATE_MAINT,
  /*
   * Closing state - channel is shutting down
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_MAINT
   *   - CHANNEL_STATE_OPEN
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSED,
   *   - CHANNEL_STATE_ERROR
   */
  CHANNEL_STATE_CLOSING,
  /*
   * Error state - channel has experienced a permanent error
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_MAINT
   *   - CHANNEL_STATE_OPENING
   *   - CHANNEL_STATE_OPEN
   * Permitted transitions to:
   *   - None
   */
  CHANNEL_STATE_ERROR,
  /*
   * Placeholder for maximum state value
   */
  CHANNEL_STATE_LAST
} channel_state_t;

/* channel listener states for channel_listener_t */

typedef enum {
  /*
   * Closed state - channel listener is inactive
   *
   * Permitted transitions from:
   *   - CHANNEL_LISTENER_STATE_CLOSING
   * Permitted transitions to:
   *   - CHANNEL_LISTENER_STATE_LISTENING
   */
  CHANNEL_LISTENER_STATE_CLOSED = 0,
  /*
   * Listening state - channel listener is listening for incoming
   * connections
   *
   * Permitted transitions from:
   *   - CHANNEL_LISTENER_STATE_CLOSED
   * Permitted transitions to:
   *   - CHANNEL_LISTENER_STATE_CLOSING
   *   - CHANNEL_LISTENER_STATE_ERROR
   */
  CHANNEL_LISTENER_STATE_LISTENING,
  /*
   * Closing state - channel listener is shutting down
   *
   * Permitted transitions from:
   *   - CHANNEL_LISTENER_STATE_LISTENING
   * Permitted transitions to:
   *   - CHANNEL_LISTENER_STATE_CLOSED,
   *   - CHANNEL_LISTENER_STATE_ERROR
   */
  CHANNEL_LISTENER_STATE_CLOSING,
  /*
   * Error state - channel listener has experienced a permanent error
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_LISTENING
   * Permitted transitions to:
   *   - None
   */
  CHANNEL_LISTENER_STATE_ERROR,
  /*
   * Placeholder for maximum state value
   */
  CHANNEL_LISTENER_STATE_LAST
} channel_listener_state_t;

/* TLS channel stuff */

typedef struct channel_tls_s channel_tls_t;

/* circuitmux_t typedef; struct circuitmux_s is in circuitmux.h */

typedef struct circuitmux_s circuitmux_t;

typedef struct cell_t {
  circid_t circ_id; 
  uint8_t command; 
  uint8_t payload[CELL_PAYLOAD_SIZE]; 
} cell_t;

typedef struct var_cell_t {
  uint8_t command;
  circid_t circ_id;
  uint16_t payload_len;
  uint8_t payload[FLEXIBLE_ARRAY_MEMBER];
} var_cell_t;

typedef struct ext_or_cmd_t {
  uint16_t cmd; 
  uint16_t len; 
  char body[FLEXIBLE_ARRAY_MEMBER]; 
} ext_or_cmd_t;

typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE]; 
  uint32_t inserted_timestamp; 
} packed_cell_t;

typedef struct cell_queue_t {
  TOR_SIMPLEQ_HEAD(cell_simpleq, packed_cell_t) head;
  int n; 
} cell_queue_t;

typedef struct destroy_cell_t {
  TOR_SIMPLEQ_ENTRY(destroy_cell_t) next;
  circid_t circid;
  uint32_t inserted_timestamp; 
  uint8_t reason;
} destroy_cell_t;

typedef struct destroy_cell_queue_t {
  TOR_SIMPLEQ_HEAD(dcell_simpleq, destroy_cell_t) head;
  int n; 
} destroy_cell_queue_t;

typedef struct {
  uint8_t command; 
  uint16_t recognized; 
  streamid_t stream_id; 
  char integrity[4]; 
  uint16_t length; 
} relay_header_t;

typedef struct socks_request_t socks_request_t;

typedef struct entry_port_cfg_t {
  /* Client port types (socks, dns, trans, natd) only: */
  uint8_t isolation_flags; 
  int session_group; 
  /* Socks only: */
  unsigned int socks_prefer_no_auth : 1;
  unsigned int socks_iso_keep_alive : 1;

  /* Client port types only: */
  unsigned int ipv4_traffic : 1;
  unsigned int ipv6_traffic : 1;
  unsigned int prefer_ipv6 : 1;
  unsigned int dns_request : 1;
  unsigned int onion_traffic : 1;

  unsigned int cache_ipv4_answers : 1;
  unsigned int cache_ipv6_answers : 1;
  unsigned int use_cached_ipv4_answers : 1;
  unsigned int use_cached_ipv6_answers : 1;
  unsigned int prefer_ipv6_virtaddr : 1;

} entry_port_cfg_t;

typedef struct server_port_cfg_t {
  /* Server port types (or, dir) only: */
  unsigned int no_advertise : 1;
  unsigned int no_listen : 1;
  unsigned int all_addrs : 1;
  unsigned int bind_ipv4_only : 1;
  unsigned int bind_ipv6_only : 1;
} server_port_cfg_t;

/* Values for connection_t.magic: used to make sure that downcasts (casts from
* connection_t to foo_connection_t) are safe. */
#define BASE_CONNECTION_MAGIC 0x7C3C304Eu
#define OR_CONNECTION_MAGIC 0x7D31FF03u
#define EDGE_CONNECTION_MAGIC 0xF0374013u
#define ENTRY_CONNECTION_MAGIC 0xbb4a5703
#define DIR_CONNECTION_MAGIC 0x9988ffeeu
#define CONTROL_CONNECTION_MAGIC 0x8abc765du
#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u

struct buf_t;

typedef struct connection_t {
  uint32_t magic; 
  uint8_t state; 
  unsigned int type:5; 
  unsigned int purpose:5; 
  /* The next fields are all one-bit booleans. Some are only applicable to
   * connection subtypes, but we hold them here anyway, to save space.
   */
  unsigned int read_blocked_on_bw:1; 
  unsigned int write_blocked_on_bw:1; 
  unsigned int hold_open_until_flushed:1; 
  unsigned int inbuf_reached_eof:1; 
  unsigned int in_flushed_some:1;
  unsigned int in_connection_handle_write:1;

  /* For linked connections:
   */
  unsigned int linked:1; 
  unsigned int reading_from_linked_conn:1;
  unsigned int writing_to_linked_conn:1;
  unsigned int active_on_link:1;
  unsigned int linked_conn_is_closed:1;

  unsigned int proxy_state:4;

  tor_socket_t s;
  int conn_array_index; 
  struct event *read_event; 
  struct event *write_event; 
  struct buf_t *inbuf; 
  struct buf_t *outbuf; 
  size_t outbuf_flushlen; 
  time_t timestamp_last_read_allowed; 
  time_t timestamp_last_write_allowed; 
  time_t timestamp_created; 
  int socket_family; 
  tor_addr_t addr; 
  uint16_t port; 
  uint16_t marked_for_close; 
  const char *marked_for_close_file; 
  char *address; 
  struct connection_t *linked_conn;

  uint64_t global_identifier;

  uint32_t n_read_conn_bw;

  uint32_t n_written_conn_bw;
} connection_t;

typedef struct listener_connection_t {
  connection_t base_;

  struct evdns_server_port *dns_server_port;

  entry_port_cfg_t entry_cfg;

} listener_connection_t;

#define OR_AUTH_CHALLENGE_LEN 32

#define OR_CERT_TYPE_TLS_LINK 1

#define OR_CERT_TYPE_ID_1024 2

#define OR_CERT_TYPE_AUTH_1024 3
/* DOCDOC */
#define OR_CERT_TYPE_RSA_ED_CROSSCERT 7

#define AUTHTYPE_RSA_SHA256_TLSSECRET 1

#define AUTHTYPE_RSA_SHA256_RFC5705 2

#define AUTHTYPE_ED25519_SHA256_RFC5705 3
/*
 * NOTE: authchallenge_type_is_better() relies on these AUTHTYPE codes
 * being sorted in order of preference.  If we someday add one with
 * a higher numerical value that we don't like as much, we should revise
 * authchallenge_type_is_better().
 */

#define V3_AUTH_FIXED_PART_LEN (8+(32*6))

#define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16)

typedef struct or_handshake_certs_t {
  int started_here;
  tor_x509_cert_t *auth_cert;
  tor_x509_cert_t *link_cert;
  tor_x509_cert_t *id_cert;
  struct tor_cert_st *ed_id_sign;
  struct tor_cert_st *ed_sign_link;
  struct tor_cert_st *ed_sign_auth;
  uint8_t *ed_rsa_crosscert;
  size_t ed_rsa_crosscert_len;
} or_handshake_certs_t;

typedef struct or_handshake_state_t {
  time_t sent_versions_at;
  unsigned int started_here : 1;
  unsigned int received_versions : 1;
  unsigned int received_auth_challenge : 1;
  unsigned int received_certs_cell : 1;
  unsigned int received_authenticate : 1;

  /* True iff we've received valid authentication to some identity. */
  unsigned int authenticated : 1;
  unsigned int authenticated_rsa : 1;
  unsigned int authenticated_ed25519 : 1;

  /* True iff we have sent a netinfo cell */
  unsigned int sent_netinfo : 1;

  struct tor_cert_st *own_link_cert;

  unsigned int digest_sent_data : 1;
  unsigned int digest_received_data : 1;
  uint8_t authenticated_rsa_peer_id[DIGEST_LEN];
  ed25519_public_key_t authenticated_ed25519_peer_id;

  crypto_digest_t *digest_sent;
  crypto_digest_t *digest_received;
  or_handshake_certs_t *certs;
} or_handshake_state_t;

#define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */
/*
 * OR_CONN_HIGHWATER and OR_CONN_LOWWATER moved from connection_or.c so
 * channeltls.c can see them too.
 */

#define OR_CONN_HIGHWATER (32*1024)

#define OR_CONN_LOWWATER (16*1024)

typedef struct or_connection_t {
  connection_t base_;

  char identity_digest[DIGEST_LEN];

  char *ext_or_conn_id;
  char *ext_or_auth_correct_client_hash;
  char *ext_or_transport;

  char *nickname; 
  tor_tls_t *tls; 
  int tls_error; 
  /* Channel using this connection */
  channel_tls_t *chan;

  tor_addr_t real_addr; 
  unsigned int is_canonical:1;

  unsigned int is_outgoing:1;
  unsigned int proxy_type:2; 
  unsigned int wide_circ_ids:1;
  unsigned int have_noted_bootstrap_problem:1;
  unsigned int tracked_for_dos_mitigation : 1;

  uint16_t link_proto; 
  uint16_t idle_timeout; 
  or_handshake_state_t *handshake_state; 
  time_t timestamp_lastempty; 
  token_bucket_rw_t bucket; 
  /*
   * Count the number of bytes flushed out on this orconn, and the number of
   * bytes TLS actually sent - used for overhead estimation for scheduling.
   */
  uint64_t bytes_xmitted, bytes_xmitted_by_tls;
} or_connection_t;

typedef struct edge_connection_t {
  connection_t base_;

  struct edge_connection_t *next_stream; 
  int package_window; 
  int deliver_window; 
  struct circuit_t *on_circuit; 
  struct crypt_path_t *cpath_layer;
  rend_data_t *rend_data;

  /* Hidden service connection identifier for edge connections. Used by the HS
   * client-side code to identify client SOCKS connections and by the
   * service-side code to match HS circuits with their streams. */
  struct hs_ident_edge_conn_t *hs_ident;

  uint32_t address_ttl; 
  uint32_t begincell_flags; 
  streamid_t stream_id; 
  uint16_t end_reason;

  uint32_t n_read;

  uint32_t n_written;

  unsigned int is_dns_request:1;
  unsigned int is_reverse_dns_lookup:1;

  unsigned int edge_has_sent_end:1; 
  unsigned int edge_blocked_on_circ:1;

  uint64_t dirreq_id;
} edge_connection_t;

typedef struct entry_connection_t {
  edge_connection_t edge_;

  /* XXX prop220: we need to make chosen_exit_name able to encode Ed IDs too.
   * That's logically part of the UI parts for prop220 though. */
  char *chosen_exit_name;

  socks_request_t *socks_request; 
  /* === Isolation related, AP only. === */
  entry_port_cfg_t entry_cfg;
  unsigned nym_epoch;

  char *original_dest_address;
  /* Other fields to isolate on already exist.  The ClientAddr is addr.  The
     ClientProtocol is a combination of type and socks_request->
     socks_version.  SocksAuth is socks_request->username/password.
     DestAddr is in socks_request->address. */

  uint8_t num_socks_retries;

  struct buf_t *pending_optimistic_data;
  /* For AP connections only: buffer for data that we previously sent
  * optimistically which we are currently re-sending as we retry this
  * connection. */
  struct buf_t *sending_optimistic_data;

  struct evdns_server_request *dns_server_request;

#define DEBUGGING_17659

#ifdef DEBUGGING_17659
  uint16_t marked_pending_circ_line;
  const char *marked_pending_circ_file;
#endif

#define NUM_CIRCUITS_LAUNCHED_THRESHOLD 10

  unsigned int num_circuits_launched:4;

  unsigned int want_onehop:1;
  unsigned int use_begindir:1;

  unsigned int chosen_exit_optional:1;
  unsigned int chosen_exit_retries:3;

  unsigned int is_transparent_ap:1;

  unsigned int may_use_optimistic_data : 1;
} entry_connection_t;

typedef struct dir_connection_t {
  connection_t base_;

  char *requested_resource;
  unsigned int dirconn_direct:1; 
  uint8_t router_purpose;

  smartlist_t *spool;
  tor_compress_state_t *compress_state;

  rend_data_t *rend_data;

  /* Hidden service connection identifier for dir connections: Used by HS
     client-side code to fetch HS descriptors, and by the service-side code to
     upload descriptors. */
  struct hs_ident_dir_conn_t *hs_ident;

  struct circuit_guard_state_t *guard_state;

  char identity_digest[DIGEST_LEN]; 
  uint64_t dirreq_id;

#ifdef MEASUREMENTS_21206

  uint32_t data_cells_received;

  uint32_t data_cells_sent;
#endif /* defined(MEASUREMENTS_21206) */
} dir_connection_t;

typedef struct control_connection_t {
  connection_t base_;

  uint64_t event_mask; 
  unsigned int have_sent_protocolinfo:1;
  unsigned int is_owning_control_connection:1;

  smartlist_t *ephemeral_onion_services;

  char *safecookie_client_hash;

  uint32_t incoming_cmd_len;
  uint32_t incoming_cmd_cur_len;
  char *incoming_cmd;
} control_connection_t;

#define TO_CONN(c) (&(((c)->base_)))

#define ENTRY_TO_EDGE_CONN(c) (&(((c))->edge_))

#define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))

static or_connection_t *TO_OR_CONN(connection_t *);
static dir_connection_t *TO_DIR_CONN(connection_t *);
static edge_connection_t *TO_EDGE_CONN(connection_t *);
static entry_connection_t *TO_ENTRY_CONN(connection_t *);
static entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *);
static control_connection_t *TO_CONTROL_CONN(connection_t *);
static listener_connection_t *TO_LISTENER_CONN(connection_t *);

static inline or_connection_t *TO_OR_CONN(connection_t *c)
{
  tor_assert(c->magic == OR_CONNECTION_MAGIC);
  return DOWNCAST(or_connection_t, c);
}
static inline dir_connection_t *TO_DIR_CONN(connection_t *c)
{
  tor_assert(c->magic == DIR_CONNECTION_MAGIC);
  return DOWNCAST(dir_connection_t, c);
}
static inline edge_connection_t *TO_EDGE_CONN(connection_t *c)
{
  tor_assert(c->magic == EDGE_CONNECTION_MAGIC ||
             c->magic == ENTRY_CONNECTION_MAGIC);
  return DOWNCAST(edge_connection_t, c);
}
static inline entry_connection_t *TO_ENTRY_CONN(connection_t *c)
{
  tor_assert(c->magic == ENTRY_CONNECTION_MAGIC);
  return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_.base_);
}
static inline entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *c)
{
  tor_assert(c->base_.magic == ENTRY_CONNECTION_MAGIC);
  return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_);
}
static inline control_connection_t *TO_CONTROL_CONN(connection_t *c)
{
  tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
  return DOWNCAST(control_connection_t, c);
}
static inline listener_connection_t *TO_LISTENER_CONN(connection_t *c)
{
  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
  return DOWNCAST(listener_connection_t, c);
}

typedef enum {
  ADDR_POLICY_ACCEPT=1,
  ADDR_POLICY_REJECT=2,
} addr_policy_action_t;
#define addr_policy_action_bitfield_t ENUM_BF(addr_policy_action_t)

typedef struct addr_policy_t {
  int refcnt; 
  addr_policy_action_bitfield_t policy_type:2;
  unsigned int is_private:1; 
  unsigned int is_canonical:1; 
  maskbits_t maskbits; 
  tor_addr_t addr;
  uint16_t prt_min; 
  uint16_t prt_max; 
} addr_policy_t;

typedef struct cached_dir_t {
  char *dir; 
  char *dir_compressed; 
  size_t dir_len; 
  size_t dir_compressed_len; 
  time_t published; 
  common_digests_t digests; 
  uint8_t digest_sha3_as_signed[DIGEST256_LEN];
  int refcnt; 
} cached_dir_t;

typedef enum {
  SAVED_NOWHERE=0,
  SAVED_IN_CACHE,
  /* FFFF (We could also mmap the file and grow the mmap as needed, or
   * lazy-load the descriptor text by using seek and read.  We don't, for
   * now.)
   */
  SAVED_IN_JOURNAL
} saved_location_t;
#define saved_location_bitfield_t ENUM_BF(saved_location_t)

typedef enum {
  DL_SCHED_GENERIC = 0,
  DL_SCHED_CONSENSUS = 1,
  DL_SCHED_BRIDGE = 2,
} download_schedule_t;
#define download_schedule_bitfield_t ENUM_BF(download_schedule_t)

typedef enum {
  DL_WANT_ANY_DIRSERVER = 0,
  DL_WANT_AUTHORITY = 1,
} download_want_authority_t;
#define download_want_authority_bitfield_t \
                                        ENUM_BF(download_want_authority_t)

typedef enum {
  DL_SCHED_INCREMENT_FAILURE = 0,
  DL_SCHED_INCREMENT_ATTEMPT = 1,
} download_schedule_increment_t;
#define download_schedule_increment_bitfield_t \
                                        ENUM_BF(download_schedule_increment_t)

typedef struct download_status_t {
  time_t next_attempt_at; 
  uint8_t n_download_failures; 
  uint8_t n_download_attempts; 
  download_schedule_bitfield_t schedule : 8; 
  download_want_authority_bitfield_t want_authority : 1; 
  download_schedule_increment_bitfield_t increment_on : 1; 
  uint8_t last_backoff_position; 
  int last_delay_used; 
} download_status_t;

#define IMPOSSIBLE_TO_DOWNLOAD 255

#define ROUTER_ANNOTATION_BUF_LEN 256

typedef struct signed_descriptor_t {
  char *signed_descriptor_body;
  size_t annotations_len;
  size_t signed_descriptor_len;
  char signed_descriptor_digest[DIGEST_LEN];
  char identity_digest[DIGEST_LEN];
  time_t published_on;
  char extra_info_digest[DIGEST_LEN];
  char extra_info_digest256[DIGEST256_LEN];
  struct tor_cert_st *signing_key_cert;
  download_status_t ei_dl_status;
  saved_location_t saved_location;
  off_t saved_offset;
  int routerlist_index;
  time_t last_listed_as_valid_until;
  /* If true, we do not ever try to save this object in the cache. */
  unsigned int do_not_cache : 1;
  /* If true, this item is meant to represent an extrainfo. */
  unsigned int is_extrainfo : 1;
  /* If true, we got an extrainfo for this item, and the digest was right,
   * but it was incompatible. */
  unsigned int extrainfo_is_bogus : 1;
  /* If true, we are willing to transmit this item unencrypted. */
  unsigned int send_unencrypted : 1;
} signed_descriptor_t;

typedef int16_t country_t;

typedef struct protover_summary_flags_t {
  unsigned int protocols_known:1;

  unsigned int supports_extend2_cells:1;

  unsigned int supports_ed25519_link_handshake_compat:1;

  unsigned int supports_ed25519_link_handshake_any:1;

  unsigned int supports_ed25519_hs_intro : 1;

  unsigned int supports_v3_hsdir : 1;

  unsigned int supports_v3_rendezvous_point: 1;
} protover_summary_flags_t;

typedef struct {
  signed_descriptor_t cache_info;
  char *nickname; 
  uint32_t addr; 
  uint16_t or_port; 
  uint16_t dir_port; 
  /* XXXXX187 Actually these should probably be part of a list of addresses,
   * not just a special case.  Use abstractions to access these; don't do it
   * directly. */
  tor_addr_t ipv6_addr;
  uint16_t ipv6_orport;

  crypto_pk_t *onion_pkey; 
  crypto_pk_t *identity_pkey;  
  curve25519_public_key_t *onion_curve25519_pkey;
  time_t cert_expiration_time;

  char *platform; 
  char *protocol_list; 
  /* link info */
  uint32_t bandwidthrate; 
  uint32_t bandwidthburst; 
  uint32_t bandwidthcapacity;
  smartlist_t *exit_policy; 
  struct short_policy_t *ipv6_exit_policy;
  long uptime; 
  smartlist_t *declared_family; 
  char *contact_info; 
  unsigned int is_hibernating:1; 
  unsigned int caches_extra_info:1; 
  unsigned int allow_single_hop_exits:1;  
  unsigned int wants_to_be_hs_dir:1; 
  unsigned int policy_is_reject_star:1; 
  unsigned int needs_retest_if_added:1;

  unsigned int supports_tunnelled_dir_requests:1;

  unsigned int omit_from_vote:1;

  protover_summary_flags_t pv;

#define ROUTER_PURPOSE_GENERAL 0

#define ROUTER_PURPOSE_CONTROLLER 1

#define ROUTER_PURPOSE_BRIDGE 2

#define ROUTER_PURPOSE_UNKNOWN 255

  uint8_t purpose;
} routerinfo_t;

typedef struct extrainfo_t {
  signed_descriptor_t cache_info;
  uint8_t digest256[DIGEST256_LEN];
  char nickname[MAX_NICKNAME_LEN+1];
  unsigned int bad_sig : 1;
  char *pending_sig;
  size_t pending_sig_len;
} extrainfo_t;

typedef struct routerstatus_t {
  time_t published_on; 
  char nickname[MAX_NICKNAME_LEN+1]; 
  char identity_digest[DIGEST_LEN]; 
  char descriptor_digest[DIGEST256_LEN];
  uint32_t addr; 
  uint16_t or_port; 
  uint16_t dir_port; 
  tor_addr_t ipv6_addr; 
  uint16_t ipv6_orport; 
  unsigned int is_authority:1; 
  unsigned int is_exit:1; 
  unsigned int is_stable:1; 
  unsigned int is_fast:1; 
  unsigned int is_flagged_running:1;
  unsigned int is_named:1; 
  unsigned int is_unnamed:1; 
  unsigned int is_valid:1; 
  unsigned int is_possible_guard:1; 
  unsigned int is_bad_exit:1; 
  unsigned int is_hs_dir:1; 
  unsigned int is_v2_dir:1; 
  unsigned int has_bandwidth:1; 
  unsigned int has_exitsummary:1; 
  unsigned int bw_is_unmeasured:1; 
  protover_summary_flags_t pv;

  uint32_t bandwidth_kb; 
  unsigned int has_guardfraction:1;
  uint32_t guardfraction_percentage;

  char *exitsummary; 
  /* ---- The fields below aren't derived from the networkstatus; they
   * hold local information only. */

  time_t last_dir_503_at; 
  download_status_t dl_status;

} routerstatus_t;

typedef struct short_policy_entry_t {
  uint16_t min_port, max_port;
} short_policy_entry_t;

typedef struct short_policy_t {
  unsigned int is_accept : 1;
  unsigned int n_entries : 31;
  short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER];
} short_policy_t;

typedef struct microdesc_t {
  HT_ENTRY(microdesc_t) node;

  /* Cache information */

  time_t last_listed;
  saved_location_bitfield_t saved_location : 3;
  unsigned int no_save : 1;
  unsigned int held_in_map : 1;
  unsigned int held_by_nodes;

  off_t off;

  /* The string containing the microdesc. */

  char *body;
  size_t bodylen;
  char digest[DIGEST256_LEN];

  /* Fields in the microdescriptor. */

  crypto_pk_t *onion_pkey;
  curve25519_public_key_t *onion_curve25519_pkey;
  ed25519_public_key_t *ed25519_identity_pkey;
  tor_addr_t ipv6_addr;
  uint16_t ipv6_orport;
  smartlist_t *family;
  short_policy_t *exit_policy;
  short_policy_t *ipv6_exit_policy;

} microdesc_t;

typedef struct node_t {
  /* Indexing information */

  HT_ENTRY(node_t) ht_ent;
  HT_ENTRY(node_t) ed_ht_ent;
  int nodelist_idx;

  char identity[DIGEST_LEN];

  ed25519_public_key_t ed25519_id;

  microdesc_t *md;
  routerinfo_t *ri;
  routerstatus_t *rs;

  /* local info: copied from routerstatus, then possibly frobbed based
   * on experience.  Authorities set this stuff directly.  Note that
   * these reflect knowledge of the primary (IPv4) OR port only.  */

  unsigned int is_running:1; 
  unsigned int is_valid:1; 
  unsigned int is_fast:1; 
  unsigned int is_stable:1; 
  unsigned int is_possible_guard:1; 
  unsigned int is_exit:1; 
  unsigned int is_bad_exit:1; 
  unsigned int is_hs_dir:1; 
  /* Local info: warning state. */

  unsigned int name_lookup_warned:1; 
  unsigned int rejects_all:1;

  /* Local info: derived. */

  unsigned int ipv6_preferred:1;

  /* XXXprop186 what is this suppose to mean with multiple OR ports? */
  country_t country;

  /* The below items are used only by authdirservers for
   * reachability testing. */

  time_t last_reachable;        /* IPv4. */
  time_t last_reachable6;       /* IPv6. */

  /* Hidden service directory index data. This is used by a service or client
   * in order to know what's the hs directory index for this node at the time
   * the consensus is set. */
  struct hsdir_index_t hsdir_index;
} node_t;

typedef struct vote_microdesc_hash_t {
  struct vote_microdesc_hash_t *next;
  char *microdesc_hash_line;
} vote_microdesc_hash_t;

typedef struct vote_routerstatus_t {
  routerstatus_t status; 
#define MAX_KNOWN_FLAGS_IN_VOTE 64
  uint64_t flags; 
  char *version; 
  char *protocols; 
  unsigned int has_measured_bw:1; 
  unsigned int has_ed25519_listing:1;
  unsigned int ed25519_reflects_consensus:1;
  uint32_t measured_bw_kb; 
  vote_microdesc_hash_t *microdesc;
  uint8_t ed25519_id[ED25519_PUBKEY_LEN];
} vote_routerstatus_t;

typedef struct document_signature_t {
  char identity_digest[DIGEST_LEN];
  char signing_key_digest[DIGEST_LEN];
  digest_algorithm_t alg;
  char *signature;
  int signature_len;
  unsigned int bad_signature : 1; 
  unsigned int good_signature : 1; 
} document_signature_t;

typedef struct networkstatus_voter_info_t {
  char identity_digest[DIGEST_LEN];
  char *nickname; 
  char legacy_id_digest[DIGEST_LEN];
  char *address; 
  uint32_t addr; 
  uint16_t dir_port; 
  uint16_t or_port; 
  char *contact; 
  char vote_digest[DIGEST_LEN]; 
  /* Nothing from here on is signed. */
  smartlist_t *sigs;
} networkstatus_voter_info_t;

typedef struct networkstatus_sr_info_t {
  /* Indicate if the dirauth partitipates in the SR protocol with its vote.
   * This is tied to the SR flag in the vote. */
  unsigned int participate:1;
  /* Both vote and consensus: Current and previous SRV. If list is empty,
   * this means none were found in either the consensus or vote. */
  struct sr_srv_t *previous_srv;
  struct sr_srv_t *current_srv;
  /* Vote only: List of commitments. */
  smartlist_t *commits;
} networkstatus_sr_info_t;

typedef enum {
  NS_TYPE_VOTE,
  NS_TYPE_CONSENSUS,
  NS_TYPE_OPINION,
} networkstatus_type_t;

typedef enum {
  FLAV_NS = 0,
  FLAV_MICRODESC = 1,
} consensus_flavor_t;

#define N_CONSENSUS_FLAVORS ((int)(FLAV_MICRODESC)+1)

typedef struct networkstatus_t {
  networkstatus_type_t type; 
  consensus_flavor_t flavor; 
  unsigned int has_measured_bws : 1;
  time_t published; 
  time_t valid_after; 
  time_t fresh_until; 
  time_t valid_until; 
  int consensus_method;
  smartlist_t *supported_methods;

  smartlist_t *package_lines;

  int vote_seconds;
  int dist_seconds;

  char *client_versions;
  char *server_versions;

  char *recommended_relay_protocols;
  char *recommended_client_protocols;
  char *required_relay_protocols;
  char *required_client_protocols;

  smartlist_t *known_flags;

  smartlist_t *net_params;

  smartlist_t *weight_params;

  smartlist_t *voters;

  struct authority_cert_t *cert; 
  common_digests_t digests;
  uint8_t digest_sha3_as_signed[DIGEST256_LEN];

  smartlist_t *routerstatus_list;

  digestmap_t *desc_digest_map;

  networkstatus_sr_info_t sr_info;
} networkstatus_t;

typedef struct ns_detached_signatures_t {
  time_t valid_after;
  time_t fresh_until;
  time_t valid_until;
  strmap_t *digests; 
  strmap_t *signatures; 
} ns_detached_signatures_t;

typedef enum store_type_t {
  ROUTER_STORE = 0,
  EXTRAINFO_STORE = 1
} store_type_t;

typedef struct desc_store_t {
  const char *fname_base;
  const char *description;

  tor_mmap_t *mmap; 
  store_type_t type; 
  size_t journal_len;
  size_t store_len;
  size_t bytes_dropped;
} desc_store_t;

typedef struct {
  struct digest_ri_map_t *identity_map;
  struct digest_sd_map_t *desc_digest_map;
  struct digest_ei_map_t *extra_info_map;
  struct digest_sd_map_t *desc_by_eid_map;
  smartlist_t *routers;
  smartlist_t *old_routers;
  desc_store_t desc_store;
  desc_store_t extrainfo_store;
} routerlist_t;

typedef struct extend_info_t {
  char nickname[MAX_HEX_NICKNAME_LEN+1]; 
  char identity_digest[DIGEST_LEN];
  ed25519_public_key_t ed_identity;
  uint16_t port; 
  tor_addr_t addr; 
  crypto_pk_t *onion_key; 
  curve25519_public_key_t curve25519_onion_key;
} extend_info_t;

typedef struct authority_cert_t {
  signed_descriptor_t cache_info;
  crypto_pk_t *identity_key;
  crypto_pk_t *signing_key;
  char signing_key_digest[DIGEST_LEN];
  time_t expires;
  uint32_t addr;
  uint16_t dir_port;
} authority_cert_t;

typedef enum {
  NO_DIRINFO      = 0,
  V3_DIRINFO      = 1 << 2,
  BRIDGE_DIRINFO  = 1 << 4,
  EXTRAINFO_DIRINFO=1 << 5,
  MICRODESC_DIRINFO=1 << 6,
} dirinfo_type_t;

#define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))

#define CRYPT_PATH_MAGIC 0x70127012u

struct fast_handshake_state_t;
struct ntor_handshake_state_t;
#define ONION_HANDSHAKE_TYPE_TAP  0x0000
#define ONION_HANDSHAKE_TYPE_FAST 0x0001
#define ONION_HANDSHAKE_TYPE_NTOR 0x0002
#define MAX_ONION_HANDSHAKE_TYPE 0x0002
typedef struct {
  uint16_t tag;
  union {
    struct fast_handshake_state_t *fast;
    crypto_dh_t *tap;
    struct ntor_handshake_state_t *ntor;
  } u;
} onion_handshake_state_t;

typedef struct relay_crypto_t {
  /* crypto environments */
  crypto_cipher_t *f_crypto;
  crypto_cipher_t *b_crypto;

  crypto_digest_t *f_digest; /* for integrity checking */
  crypto_digest_t *b_digest;

} relay_crypto_t;

typedef struct crypt_path_t {
  uint32_t magic;

  relay_crypto_t crypto;

  onion_handshake_state_t handshake_state;
  crypto_dh_t *rend_dh_handshake_state;

  char rend_circ_nonce[DIGEST_LEN];/* KH in tor-spec.txt */

  extend_info_t *extend_info;

  uint8_t state;
#define CPATH_STATE_CLOSED 0
#define CPATH_STATE_AWAITING_KEYS 1
#define CPATH_STATE_OPEN 2
  struct crypt_path_t *next; 
  struct crypt_path_t *prev; 
  int package_window; 
  int deliver_window; 
} crypt_path_t;

typedef struct {
  unsigned int refcount;
  crypt_path_t *cpath;
} crypt_path_reference_t;

#define CPATH_KEY_MATERIAL_LEN (20*2+16*2)

#define DH_KEY_LEN DH_BYTES

typedef struct {
  int desired_path_len;
  extend_info_t *chosen_exit;
  unsigned int need_uptime : 1;
  unsigned int need_capacity : 1;
  unsigned int is_internal : 1;
  unsigned int onehop_tunnel : 1;
  crypt_path_t *pending_final_cpath;
  crypt_path_reference_t *service_pending_final_cpath_ref;
  int failure_count;
  time_t expiry_time;
} cpath_build_state_t;

#define ORIGIN_CIRCUIT_MAGIC 0x35315243u

#define OR_CIRCUIT_MAGIC 0x98ABC04Fu

#define DEAD_CIRCUIT_MAGIC 0xdeadc14c

struct create_cell_t;

typedef struct testing_cell_stats_entry_t {
  uint8_t command; 
  unsigned int waiting_time:22;
  unsigned int removed:1; 
  unsigned int exitward:1; 
} testing_cell_stats_entry_t;

typedef struct circuit_t {
  uint32_t magic; 
  channel_t *n_chan;

  circid_t n_circ_id;

  circuitmux_t *n_mux;

  cell_queue_t n_chan_cells;

  extend_info_t *n_hop;

  unsigned int streams_blocked_on_n_chan : 1;
  unsigned int streams_blocked_on_p_chan : 1;

  unsigned int p_delete_pending : 1;
  unsigned int n_delete_pending : 1;

  unsigned int received_destroy : 1;

  uint8_t state; 
  uint8_t purpose; 
  int package_window;
  int deliver_window;

  uint32_t age_tmp;

  struct create_cell_t *n_chan_create_cell;

  struct timeval timestamp_began;

  struct timeval timestamp_created;

  time_t timestamp_dirty;

  uint16_t marked_for_close; 
  const char *marked_for_close_file; 
  int marked_for_close_reason;
  int marked_for_close_orig_reason;

  uint64_t dirreq_id;

  int global_circuitlist_idx;

  smartlist_t *testing_cell_stats;

  hs_token_t *hs_token;
  HT_ENTRY(circuit_t) hs_circuitmap_node;
} circuit_t;

#define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8

typedef enum {
    PATH_STATE_NEW_CIRC = 0,
    PATH_STATE_BUILD_ATTEMPTED = 1,
    PATH_STATE_BUILD_SUCCEEDED = 2,
    PATH_STATE_USE_ATTEMPTED = 3,
    PATH_STATE_USE_SUCCEEDED = 4,

    PATH_STATE_USE_FAILED = 5,

    PATH_STATE_ALREADY_COUNTED = 6,
} path_state_t;
#define path_state_bitfield_t ENUM_BF(path_state_t)

typedef struct origin_circuit_t {
  circuit_t base_;

  edge_connection_t *p_streams;

  uint32_t n_read_circ_bw;

  uint32_t n_written_circ_bw;

  uint32_t n_delivered_read_circ_bw;

  uint32_t n_delivered_written_circ_bw;

  uint32_t n_overhead_read_circ_bw;

  uint32_t n_overhead_written_circ_bw;

  cpath_build_state_t *build_state;
  crypt_path_t *cpath;

  rend_data_t *rend_data;

  struct hs_ident_circuit_t *hs_ident;

  struct circuit_guard_state_t *guard_state;

  int global_origin_circuit_list_idx;

  unsigned int remaining_relay_early_cells : 4;

  unsigned int is_ancient : 1;

  unsigned int has_opened : 1;

  path_state_bitfield_t path_state : 3;

  /* If this flag is set, we should not consider attaching any more
   * connections to this circuit. */
  unsigned int unusable_for_new_conns : 1;

  uint8_t pathbias_shouldcount;
#define PATHBIAS_SHOULDCOUNT_UNDECIDED 0
#define PATHBIAS_SHOULDCOUNT_IGNORED   1
#define PATHBIAS_SHOULDCOUNT_COUNTED   2

  streamid_t pathbias_probe_id;

  uint32_t pathbias_probe_nonce;

  unsigned int hs_circ_has_timed_out : 1;

  unsigned int relaxed_timeout : 1;

  unsigned int hs_service_side_rend_circ_has_been_relaunched : 1;

  uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT];

  int relay_early_cells_sent;

  streamid_t next_stream_id;

  /* The intro key replaces the hidden service's public key if purpose is
   * S_ESTABLISH_INTRO or S_INTRO, provided that no unversioned rendezvous
   * descriptor is used. */
  crypto_pk_t *intro_key;

  /* XXXX NM This can get re-used after 2**32 circuits. */
  uint32_t global_identifier;

  unsigned int isolation_values_set : 1;
  unsigned int isolation_any_streams_attached : 1;

  uint8_t isolation_flags_mixed;

  uint8_t client_proto_type;
  uint8_t client_proto_socksver;
  uint16_t dest_port;
  tor_addr_t client_addr;
  char *dest_address;
  int session_group;
  unsigned nym_epoch;
  size_t socks_username_len;
  uint8_t socks_password_len;
  /* Note that the next two values are NOT NUL-terminated; see
     socks_username_len and socks_password_len for their lengths. */
  char *socks_username;
  char *socks_password;
  uint64_t associated_isolated_stream_global_id;
  smartlist_t *prepend_policy;

  int circuit_idle_timeout;

} origin_circuit_t;

struct onion_queue_t;

typedef struct or_circuit_t {
  circuit_t base_;

  struct onion_queue_t *onionqueue_entry;
  struct workqueue_entry_s *workqueue_entry;

  circid_t p_circ_id;
  cell_queue_t p_chan_cells;
  channel_t *p_chan;
  circuitmux_t *p_mux;
  edge_connection_t *n_streams;
  edge_connection_t *resolving_streams;

  relay_crypto_t crypto;

  struct or_circuit_t *rend_splice;

  char rend_circ_nonce[DIGEST_LEN];/* KH in tor-spec.txt */

  unsigned int remaining_relay_early_cells : 4;

  /* We have already received an INTRODUCE1 cell on this circuit. */
  unsigned int already_received_introduce1 : 1;

  unsigned int circuit_carries_hs_traffic_stats : 1;

  uint32_t processed_cells;

  uint64_t total_cell_waiting_time;
} or_circuit_t;

#if REND_COOKIE_LEN != DIGEST_LEN
#error "The REND_TOKEN_LEN macro assumes REND_COOKIE_LEN == DIGEST_LEN"
#endif
#define REND_TOKEN_LEN DIGEST_LEN

#define TO_CIRCUIT(x)  (&((x)->base_))

static or_circuit_t *TO_OR_CIRCUIT(circuit_t *);
static const or_circuit_t *CONST_TO_OR_CIRCUIT(const circuit_t *);
static origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *);
static const origin_circuit_t *CONST_TO_ORIGIN_CIRCUIT(const circuit_t *);

static inline int node_is_good_exit(const node_t *node)
{
  return node->is_exit && ! node->is_bad_exit;
}

static inline or_circuit_t *TO_OR_CIRCUIT(circuit_t *x)
{
  tor_assert(x->magic == OR_CIRCUIT_MAGIC);
  return DOWNCAST(or_circuit_t, x);
}
static inline const or_circuit_t *CONST_TO_OR_CIRCUIT(const circuit_t *x)
{
  tor_assert(x->magic == OR_CIRCUIT_MAGIC);
  return DOWNCAST(or_circuit_t, x);
}
static inline origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *x)
{
  tor_assert(x->magic == ORIGIN_CIRCUIT_MAGIC);
  return DOWNCAST(origin_circuit_t, x);
}
static inline const origin_circuit_t *CONST_TO_ORIGIN_CIRCUIT(
    const circuit_t *x)
{
  tor_assert(x->magic == ORIGIN_CIRCUIT_MAGIC);
  return DOWNCAST(origin_circuit_t, x);
}

/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

#define ISO_DESTPORT    (1u<<0)

#define ISO_DESTADDR    (1u<<1)

#define ISO_SOCKSAUTH   (1u<<2)

#define ISO_CLIENTPROTO (1u<<3)

#define ISO_CLIENTADDR  (1u<<4)

#define ISO_SESSIONGRP  (1u<<5)

#define ISO_NYM_EPOCH   (1u<<6)

#define ISO_STREAM      (1u<<7)

#define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)

#define SESSION_GROUP_UNSET -1

#define SESSION_GROUP_DIRCONN -2

#define SESSION_GROUP_CONTROL_RESOLVE -3

#define SESSION_GROUP_FIRST_AUTO -4

typedef struct port_cfg_t {
  tor_addr_t addr; 
  int port; 
  uint8_t type; 
  unsigned is_unix_addr : 1; 
  unsigned is_group_writable : 1;
  unsigned is_world_writable : 1;
  unsigned relax_dirmode_check : 1;

  entry_port_cfg_t entry_cfg;

  server_port_cfg_t server_cfg;

  /* Unix sockets only: */
  char unix_addr[FLEXIBLE_ARRAY_MEMBER];
} port_cfg_t;

typedef struct routerset_t routerset_t;

#define CFG_AUTO_PORT 0xc4005e

typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR,
              OUTBOUND_ADDR_EXIT_AND_OR,
              OUTBOUND_ADDR_MAX} outbound_addr_t;

typedef struct {
  uint32_t magic_;

  enum {
    CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD,
    CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG,
    CMD_KEYGEN,
    CMD_KEY_EXPIRATION,
  } command;
  char *command_arg; 
  config_line_t *Logs; 
  int LogTimeGranularity; 
  int LogMessageDomains; 
  int TruncateLogFile; 
  char *SyslogIdentityTag; 
  char *AndroidIdentityTag; 
  char *DebugLogFile; 
  char *DataDirectory_option; 
  char *DataDirectory; 
  int DataDirectoryGroupReadable; 
  char *KeyDirectory_option; 
  char *KeyDirectory; 
  int KeyDirectoryGroupReadable; 
  char *CacheDirectory_option; 
  char *CacheDirectory; 
  int CacheDirectoryGroupReadable; 
  char *Nickname; 
  char *Address; 
  char *PidFile; 
  routerset_t *ExitNodes; 
  routerset_t *EntryNodes;
  int StrictNodes; 
  routerset_t *ExcludeNodes;
  routerset_t *ExcludeExitNodes;
  routerset_t *ExcludeExitNodesUnion_;

  int DisableAllSwap; 
  config_line_t *ExitPolicy; 
  int ExitPolicyRejectPrivate; 
  int ExitPolicyRejectLocalInterfaces; 
  int ReducedExitPolicy; 
  config_line_t *SocksPolicy; 
  config_line_t *DirPolicy; 
  config_line_t *OutboundBindAddress;
  config_line_t *OutboundBindAddressOR;
  config_line_t *OutboundBindAddressExit;
  tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2];
  config_line_t *RecommendedVersions;
  config_line_t *RecommendedClientVersions;
  config_line_t *RecommendedServerVersions;
  config_line_t *RecommendedPackages;
  int DirAllowPrivateAddresses;
  int ExtendAllowPrivateAddresses;
  char *User; 
  config_line_t *ORPort_lines; 
  config_line_t *ExtORPort_lines;
  config_line_t *SocksPort_lines;
  config_line_t *TransPort_lines;
  char *TransProxyType; 
  enum {
    TPT_DEFAULT,
    TPT_PF_DIVERT,
    TPT_IPFW,
    TPT_TPROXY,
  } TransProxyType_parsed;
  config_line_t *NATDPort_lines; 
  config_line_t *HTTPTunnelPort_lines;
  config_line_t *ControlPort_lines; 
  config_line_t *ControlSocket; 
  int ControlSocketsGroupWritable; 
  int UnixSocksGroupWritable; 
  config_line_t *DirPort_lines;
  config_line_t *DNSPort_lines; 
  /* MaxMemInQueues value as input by the user. We clean this up to be
   * MaxMemInQueues. */
  uint64_t MaxMemInQueues_raw;
  uint64_t MaxMemInQueues;
  uint64_t MaxMemInQueues_low_threshold;

  unsigned int ORPort_set : 1;
  unsigned int SocksPort_set : 1;
  unsigned int TransPort_set : 1;
  unsigned int NATDPort_set : 1;
  unsigned int ControlPort_set : 1;
  unsigned int DirPort_set : 1;
  unsigned int DNSPort_set : 1;
  unsigned int ExtORPort_set : 1;
  unsigned int HTTPTunnelPort_set : 1;
  int AssumeReachable; 
  int AuthoritativeDir; 
  int V3AuthoritativeDir; 
  int VersioningAuthoritativeDir; 
  int BridgeAuthoritativeDir; 
  char *BridgeDistribution;

  char *BridgePassword;
  char *BridgePassword_AuthDigest_;

  int UseBridges; 
  config_line_t *Bridges; 
  config_line_t *ClientTransportPlugin; 
  config_line_t *ServerTransportPlugin; 
  config_line_t *ServerTransportListenAddr;

  config_line_t *ServerTransportOptions;

  int BridgeRelay; 
  int UpdateBridgesFromAuthority;

  int AvoidDiskWrites; 
  int ClientOnly; 
  int ReducedConnectionPadding; 
  int ConnectionPadding;

  smartlist_t *PublishServerDescriptor;
  dirinfo_type_t PublishServerDescriptor_;
  int PublishHidServDescriptors;
  int FetchServerDescriptors; 
  int FetchHidServDescriptors; 
  int MinUptimeHidServDirectoryV2; 
  int FetchUselessDescriptors; 
  int AllDirActionsPrivate; 
  int Tor2webMode;

  routerset_t *Tor2webRendezvousPoints;

  routerset_t *HSLayer2Nodes;

  routerset_t *HSLayer3Nodes;

  int HiddenServiceSingleHopMode;
  /* Makes hidden service clients and servers non-anonymous on this tor
   * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
   * non-anonymous behaviour in the hidden service protocol.
   * Use rend_service_non_anonymous_mode_enabled() instead of using this option
   * directly.
   */
  int HiddenServiceNonAnonymousMode;

  int ConnLimit; 
  int ConnLimit_; 
  int ConnLimit_high_thresh; 
  int ConnLimit_low_thresh; 
  int RunAsDaemon; 
  int FascistFirewall; 
  smartlist_t *FirewallPorts; 
  config_line_t *ReachableAddresses; 
  config_line_t *ReachableORAddresses; 
  config_line_t *ReachableDirAddresses; 
  int ConstrainedSockets; 
  uint64_t ConstrainedSockSize; 
  int RefuseUnknownExits;

  smartlist_t *LongLivedPorts;
  smartlist_t *RejectPlaintextPorts;
  smartlist_t *WarnPlaintextPorts;
  smartlist_t *TrackHostExits;
  int TrackHostExitsExpire; 
  config_line_t *AddressMap; 
  int AutomapHostsOnResolve; 
  smartlist_t *AutomapHostsSuffixes;
  int RendPostPeriod; 
  int KeepalivePeriod; 
  int SocksTimeout; 
  int LearnCircuitBuildTimeout; 
  int CircuitBuildTimeout; 
  int CircuitsAvailableTimeout; 
  int CircuitStreamTimeout; 
  int MaxOnionQueueDelay; /*< DOCDOC */
  int NewCircuitPeriod; 
  int MaxCircuitDirtiness; 
  uint64_t BandwidthRate; 
  uint64_t BandwidthBurst; 
  uint64_t MaxAdvertisedBandwidth; 
  uint64_t RelayBandwidthRate; 
  uint64_t RelayBandwidthBurst; 
  uint64_t PerConnBWRate; 
  uint64_t PerConnBWBurst; 
  int NumCPUs; 
  config_line_t *RendConfigLines; 
  config_line_t *HidServAuth; 
  char *ContactInfo; 
  int HeartbeatPeriod; 
  int MainloopStats; 
  char *HTTPProxy; 
  tor_addr_t HTTPProxyAddr; 
  uint16_t HTTPProxyPort; 
  char *HTTPProxyAuthenticator; 
  char *HTTPSProxy; 
  tor_addr_t HTTPSProxyAddr; 
  uint16_t HTTPSProxyPort; 
  char *HTTPSProxyAuthenticator; 
  char *Socks4Proxy; 
  tor_addr_t Socks4ProxyAddr; 
  uint16_t Socks4ProxyPort; 
  char *Socks5Proxy; 
  tor_addr_t Socks5ProxyAddr; 
  uint16_t Socks5ProxyPort; 
  char *Socks5ProxyUsername; 
  char *Socks5ProxyPassword; 
  config_line_t *DirAuthorities;

  config_line_t *FallbackDir;
  int UseDefaultFallbackDirs;

  double DirAuthorityFallbackRate;

  config_line_t *AlternateDirAuthority;

  config_line_t *AlternateBridgeAuthority;

  config_line_t *MyFamily_lines; 
  config_line_t *MyFamily; 
  config_line_t *NodeFamilies; 
  smartlist_t *NodeFamilySets; 
  config_line_t *AuthDirBadExit; 
  config_line_t *AuthDirReject; 
  config_line_t *AuthDirInvalid; 
  smartlist_t *AuthDirBadExitCCs;
  smartlist_t *AuthDirInvalidCCs;
  smartlist_t *AuthDirRejectCCs;
  int AuthDirListBadExits; 
  int AuthDirMaxServersPerAddr; 
  int AuthDirHasIPv6Connectivity; 
  int AuthDirPinKeys; 
  uint64_t AuthDirFastGuarantee;

  uint64_t AuthDirGuardBWGuarantee;

  char *AccountingStart; 
  uint64_t AccountingMax; 
  char *AccountingRule_option;
  enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;

  config_line_t *HashedControlPassword;
  config_line_t *HashedControlSessionPassword;

  int CookieAuthentication; 
  char *CookieAuthFile; 
  char *ExtORPortCookieAuthFile; 
  int CookieAuthFileGroupReadable; 
  int ExtORPortCookieAuthFileGroupReadable; 
  int LeaveStreamsUnattached; 
  int DisablePredictedCircuits; 
  char *OwningControllerProcess;
  int OwningControllerFD;

  int ShutdownWaitLength; 
  char *SafeLogging; 
  /* Derived from SafeLogging */
  enum {
    SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
  } SafeLogging_;

  int Sandbox; 
  int SafeSocks; 
  int ProtocolWarnings; 
  int TestSocks; 
  int HardwareAccel; 
  int TokenBucketRefillInterval;
  char *AccelName; 
  char *AccelDir; 
  int UseEntryGuards_option;
  int UseEntryGuards;

  int NumEntryGuards; 
  int UseGuardFraction;

  int NumDirectoryGuards; 
  int NumPrimaryGuards; 
  int RephistTrackTime; 
  int FetchDirInfoEarly;

  int FetchDirInfoExtraEarly;

  int DirCache; 
  char *VirtualAddrNetworkIPv4; 
  char *VirtualAddrNetworkIPv6; 
  int ServerDNSSearchDomains; 
  int ServerDNSDetectHijacking; 
  int ServerDNSRandomizeCase; 
  char *ServerDNSResolvConfFile; 
  char *DirPortFrontPage; 
  int DisableDebuggerAttachment; 
  int ServerDNSAllowBrokenConfig;
  int CountPrivateBandwidth;
  smartlist_t *ServerDNSTestAddresses; 
  int EnforceDistinctSubnets; 
  int AllowNonRFC953Hostnames; 
  int ServerDNSAllowNonRFC953Hostnames;

  int DownloadExtraInfo;

  int DirReqStatistics_option;
  int DirReqStatistics;

  int ExitPortStatistics;

  int ConnDirectionStatistics;

  int CellStatistics;

  int PaddingStatistics;

  int EntryStatistics;

  int HiddenServiceStatistics_option;
  int HiddenServiceStatistics;

  int ExtraInfoStatistics;

  int ClientDNSRejectInternalAddresses;

  int ClientRejectInternalAddresses;

  int ClientUseIPv4;
  int ClientUseIPv6;
  int ClientPreferIPv6ORPort;
  int ClientPreferIPv6DirPort;

  int V3AuthVotingInterval;
  int V3AuthVoteDelay;
  int V3AuthDistDelay;
  int V3AuthNIntervalsValid;

  int V3AuthUseLegacyKey;

  char *V3BandwidthsFile;

  char *GuardfractionFile;

  char *ConsensusParams;

  int MinMeasuredBWsForAuthToIgnoreAdvertised;

  int TestingV3AuthInitialVotingInterval;

  int TestingV3AuthInitialVoteDelay;

  int TestingV3AuthInitialDistDelay;

  int TestingV3AuthVotingStartOffset;

  int TestingAuthDirTimeToLearnReachability;

  int TestingEstimatedDescriptorPropagationTime;

  int TestingServerDownloadInitialDelay;

  int TestingClientDownloadInitialDelay;

  int TestingServerConsensusDownloadInitialDelay;

  int TestingClientConsensusDownloadInitialDelay;

  int ClientBootstrapConsensusAuthorityDownloadInitialDelay;

  int ClientBootstrapConsensusFallbackDownloadInitialDelay;

  int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay;

  int TestingBridgeDownloadInitialDelay;

  int TestingBridgeBootstrapDownloadInitialDelay;

  int TestingClientMaxIntervalWithoutRequest;

  int TestingDirConnectionMaxStall;

  int ClientBootstrapConsensusMaxInProgressTries;

  int TestingTorNetwork;

  uint64_t TestingMinExitFlagThreshold;

  uint64_t TestingMinFastFlagThreshold;

  routerset_t *TestingDirAuthVoteExit;
  int TestingDirAuthVoteExitIsStrict;

  routerset_t *TestingDirAuthVoteGuard;
  int TestingDirAuthVoteGuardIsStrict;

  routerset_t *TestingDirAuthVoteHSDir;
  int TestingDirAuthVoteHSDirIsStrict;

  int TestingEnableConnBwEvent;

  int TestingEnableCellStatsEvent;

  int BridgeRecordUsageByCountry;

  char *GeoIPFile;
  char *GeoIPv6File;

  int GeoIPExcludeUnknown;

  int ReloadTorrcOnSIGHUP;

  /* The main parameter for picking circuits within a connection.
   *
   * If this value is positive, when picking a cell to relay on a connection,
   * we always relay from the circuit whose weighted cell count is lowest.
   * Cells are weighted exponentially such that if one cell is sent
   * 'CircuitPriorityHalflife' seconds before another, it counts for half as
   * much.
   *
   * If this value is zero, we're disabling the cell-EWMA algorithm.
   *
   * If this value is negative, we're using the default approach
   * according to either Tor or a parameter set in the consensus.
   */
  double CircuitPriorityHalflife;

  int UsingTestNetworkDefaults_;

  int UseMicrodescriptors;

  char *ControlPortWriteToFile;
  int ControlPortFileGroupReadable;

#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024

  int MaxClientCircuitsPending;

  int OptimisticData;

  int DisableNetwork;

  int PathBiasCircThreshold;
  double PathBiasNoticeRate;
  double PathBiasWarnRate;
  double PathBiasExtremeRate;
  int PathBiasDropGuards;
  int PathBiasScaleThreshold;
  int PathBiasUseThreshold;
  double PathBiasNoticeUseRate;
  double PathBiasExtremeUseRate;
  int PathBiasScaleUseThreshold;
  int IPv6Exit; 
  double PathsNeededToBuildCircuits;

  int SSLKeyLifetime;

  int GuardLifetime;

  int ExitRelay;

  int SigningKeyLifetime;
  int TestingLinkCertLifetime;
  int TestingAuthKeyLifetime;

  int TestingSigningKeySlop;
  int TestingLinkKeySlop;
  int TestingAuthKeySlop;

  int OfflineMasterKey;

  enum {
    FORCE_PASSPHRASE_AUTO=0,
    FORCE_PASSPHRASE_ON,
    FORCE_PASSPHRASE_OFF
  } keygen_force_passphrase;
  int use_keygen_passphrase_fd;
  int keygen_passphrase_fd;
  int change_key_passphrase;
  char *master_key_fname;

  int KeepBindCapabilities;

  uint64_t MaxUnparseableDescSizeToLog;

  int AuthDirSharedRandomness;

  int DisableOOSCheck;

  int ExtendByEd25519ID;

  /* NOTE: remove this option someday. */
  int AuthDirTestEd25519LinkKeys;

  int IncludeUsed;

  int MaxConsensusAgeForDiffs;

  int NoExec;

  int KISTSchedRunInterval;

  double KISTSockBufSizeFactor;

  smartlist_t *Schedulers;
  /* An ordered list of scheduler_types mapped from Schedulers. */
  smartlist_t *SchedulerTypes_;

  smartlist_t *FilesOpenedByIncludes;

  int DisableSignalHandlers;

  int DoSCircuitCreationEnabled;
  int DoSCircuitCreationMinConnections;
  int DoSCircuitCreationRate;
  int DoSCircuitCreationBurst;
  int DoSCircuitCreationDefenseType;
  int DoSCircuitCreationDefenseTimePeriod;

  int DoSConnectionEnabled;
  int DoSConnectionMaxConcurrentCount;
  int DoSConnectionDefenseType;

  int DoSRefuseSingleHopClientRendezvous;
} or_options_t;

#define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level())

typedef struct {
  uint32_t magic_;
  time_t next_write;

  time_t LastWritten;

  time_t AccountingIntervalStart;
  uint64_t AccountingBytesReadInInterval;
  uint64_t AccountingBytesWrittenInInterval;
  int AccountingSecondsActive;
  int AccountingSecondsToReachSoftLimit;
  time_t AccountingSoftLimitHitAt;
  uint64_t AccountingBytesAtSoftLimit;
  uint64_t AccountingExpectedUsage;

  config_line_t *EntryGuards;

  config_line_t *Guard;

  config_line_t *TransportProxies;

  config_line_t *HidServRevCounter;

  time_t      BWHistoryReadEnds;
  int         BWHistoryReadInterval;
  smartlist_t *BWHistoryReadValues;
  smartlist_t *BWHistoryReadMaxima;
  time_t      BWHistoryWriteEnds;
  int         BWHistoryWriteInterval;
  smartlist_t *BWHistoryWriteValues;
  smartlist_t *BWHistoryWriteMaxima;
  time_t      BWHistoryDirReadEnds;
  int         BWHistoryDirReadInterval;
  smartlist_t *BWHistoryDirReadValues;
  smartlist_t *BWHistoryDirReadMaxima;
  time_t      BWHistoryDirWriteEnds;
  int         BWHistoryDirWriteInterval;
  smartlist_t *BWHistoryDirWriteValues;
  smartlist_t *BWHistoryDirWriteMaxima;

  config_line_t * BuildtimeHistogram;
  int TotalBuildTimes;
  int CircuitBuildAbandonedCount;

  char *TorVersion;

  config_line_t *ExtraLines;

  time_t LastRotatedOnionKey;
} or_state_t;

#define MAX_SOCKS_REPLY_LEN 1024
#define MAX_SOCKS_ADDR_LEN 256
#define SOCKS_NO_AUTH 0x00
#define SOCKS_USER_PASS 0x02

#define SOCKS_COMMAND_CONNECT       0x01

#define SOCKS_COMMAND_RESOLVE       0xF0

#define SOCKS_COMMAND_RESOLVE_PTR   0xF1

/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0)
#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \
                                     (c)==SOCKS_COMMAND_RESOLVE_PTR)

struct socks_request_t {
  uint8_t socks_version;
  uint8_t auth_type;
  uint8_t command;
  uint8_t listener_type;
  size_t replylen; 
  uint8_t reply[MAX_SOCKS_REPLY_LEN]; 
  char address[MAX_SOCKS_ADDR_LEN]; 
  uint16_t port; 
  unsigned int has_finished : 1; 
  unsigned int got_auth : 1; 
  unsigned int socks_prefer_no_auth : 1;

  size_t usernamelen;
  uint8_t passwordlen;
  char *username;
  char *password;
};

/********************************* circuitbuild.c **********************/

#define DEFAULT_ROUTE_LEN 3

/* Circuit Build Timeout "public" structures. */

#define BW_WEIGHT_SCALE   10000
#define BW_MIN_WEIGHT_SCALE 1
#define BW_MAX_WEIGHT_SCALE INT32_MAX

#define CBT_NCIRCUITS_TO_OBSERVE 1000

#define CBT_BIN_WIDTH ((build_time_t)50)

#define CBT_DEFAULT_NUM_XM_MODES 3
#define CBT_MIN_NUM_XM_MODES 1
#define CBT_MAX_NUM_XM_MODES 20

typedef uint32_t build_time_t;

#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1))
#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX))

#define CBT_SAVE_STATE_EVERY 10

/* Circuit build times consensus parameters */

#define CBT_DEFAULT_CLOSE_QUANTILE 95
#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF
#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF

#define CBT_DEFAULT_RECENT_CIRCUITS 20
#define CBT_MIN_RECENT_CIRCUITS 3
#define CBT_MAX_RECENT_CIRCUITS 1000

#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10)
#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3
#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000

#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100
#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1
#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000

#define CBT_DEFAULT_QUANTILE_CUTOFF 80
#define CBT_MIN_QUANTILE_CUTOFF 10
#define CBT_MAX_QUANTILE_CUTOFF 99
double circuit_build_times_quantile_cutoff(void);

#define CBT_DEFAULT_TEST_FREQUENCY 10
#define CBT_MIN_TEST_FREQUENCY 1
#define CBT_MAX_TEST_FREQUENCY INT32_MAX

#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500)
#define CBT_MIN_TIMEOUT_MIN_VALUE 500
#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX

#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000)
#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE
#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX
int32_t circuit_build_times_initial_timeout(void);

#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT
#error "RECENT_CIRCUITS is set too low."
#endif

typedef struct {
  time_t network_last_live;
  int nonlive_timeouts;
  int8_t *timeouts_after_firsthop;
  int num_recent_circs;
  int after_firsthop_idx;
} network_liveness_t;

typedef struct circuit_build_times_s circuit_build_times_t;

/********************************* config.c ***************************/

typedef enum setopt_err_t {
  SETOPT_OK = 0,
  SETOPT_ERR_MISC = -1,
  SETOPT_ERR_PARSE = -2,
  SETOPT_ERR_TRANSITION = -3,
  SETOPT_ERR_SETTING = -4,
} setopt_err_t;

/********************************* connection_edge.c *************************/

typedef enum {
  ADDRMAPSRC_CONTROLLER,
  ADDRMAPSRC_AUTOMAP,
  ADDRMAPSRC_TORRC,
  ADDRMAPSRC_TRACKEXIT,
  ADDRMAPSRC_DNS,

  ADDRMAPSRC_NONE
} addressmap_entry_source_t;
#define addressmap_entry_source_bitfield_t ENUM_BF(addressmap_entry_source_t)

/********************************* control.c ***************************/

typedef enum circuit_status_event_t {
  CIRC_EVENT_LAUNCHED = 0,
  CIRC_EVENT_BUILT    = 1,
  CIRC_EVENT_EXTENDED = 2,
  CIRC_EVENT_FAILED   = 3,
  CIRC_EVENT_CLOSED   = 4,
} circuit_status_event_t;

typedef enum circuit_status_minor_event_t {
  CIRC_MINOR_EVENT_PURPOSE_CHANGED,
  CIRC_MINOR_EVENT_CANNIBALIZED,
} circuit_status_minor_event_t;

typedef enum stream_status_event_t {
  STREAM_EVENT_SENT_CONNECT = 0,
  STREAM_EVENT_SENT_RESOLVE = 1,
  STREAM_EVENT_SUCCEEDED    = 2,
  STREAM_EVENT_FAILED       = 3,
  STREAM_EVENT_CLOSED       = 4,
  STREAM_EVENT_NEW          = 5,
  STREAM_EVENT_NEW_RESOLVE  = 6,
  STREAM_EVENT_FAILED_RETRIABLE = 7,
  STREAM_EVENT_REMAP        = 8
} stream_status_event_t;

typedef enum or_conn_status_event_t {
  OR_CONN_EVENT_LAUNCHED     = 0,
  OR_CONN_EVENT_CONNECTED    = 1,
  OR_CONN_EVENT_FAILED       = 2,
  OR_CONN_EVENT_CLOSED       = 3,
  OR_CONN_EVENT_NEW          = 4,
} or_conn_status_event_t;

typedef enum buildtimeout_set_event_t {
  BUILDTIMEOUT_SET_EVENT_COMPUTED  = 0,
  BUILDTIMEOUT_SET_EVENT_RESET     = 1,
  BUILDTIMEOUT_SET_EVENT_SUSPENDED = 2,
  BUILDTIMEOUT_SET_EVENT_DISCARD = 3,
  BUILDTIMEOUT_SET_EVENT_RESUME = 4
} buildtimeout_set_event_t;

#define CONN_LOG_PROTECT(conn, stmt)                                    \
  STMT_BEGIN                                                            \
    int _log_conn_is_control;                                           \
    tor_assert(conn);                                                   \
    _log_conn_is_control = (conn->type == CONN_TYPE_CONTROL);           \
    if (_log_conn_is_control)                                           \
      disable_control_logging();                                        \
  STMT_BEGIN stmt; STMT_END;                                            \
    if (_log_conn_is_control)                                           \
      enable_control_logging();                                         \
  STMT_END

typedef enum {
  BOOTSTRAP_STATUS_UNDEF=-1,
  BOOTSTRAP_STATUS_STARTING=0,
  BOOTSTRAP_STATUS_CONN_DIR=5,
  BOOTSTRAP_STATUS_HANDSHAKE=-2,
  BOOTSTRAP_STATUS_HANDSHAKE_DIR=10,
  BOOTSTRAP_STATUS_ONEHOP_CREATE=15,
  BOOTSTRAP_STATUS_REQUESTING_STATUS=20,
  BOOTSTRAP_STATUS_LOADING_STATUS=25,
  BOOTSTRAP_STATUS_LOADING_KEYS=40,
  BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS=45,
  BOOTSTRAP_STATUS_LOADING_DESCRIPTORS=50,
  BOOTSTRAP_STATUS_CONN_OR=80,
  BOOTSTRAP_STATUS_HANDSHAKE_OR=85,
  BOOTSTRAP_STATUS_CIRCUIT_CREATE=90,
  BOOTSTRAP_STATUS_DONE=100
} bootstrap_status_t;

/********************************* directory.c ***************************/

typedef struct {
  char first[DIGEST_LEN];
  char second[DIGEST_LEN];
} fp_pair_t;

/********************************* dirserv.c ***************************/

typedef enum {
  NS_V2,
  NS_V3_CONSENSUS,
  NS_V3_VOTE,
  NS_CONTROL_PORT,
  NS_V3_CONSENSUS_MICRODESC
} routerstatus_format_type_t;

#ifdef DIRSERV_PRIVATE
typedef struct measured_bw_line_t {
  char node_id[DIGEST_LEN];
  char node_hex[MAX_HEX_NICKNAME_LEN+1];
  long int bw_kb;
} measured_bw_line_t;

#endif /* defined(DIRSERV_PRIVATE) */

/********************************* dirvote.c ************************/

typedef struct vote_timing_t {
  int vote_interval;
  int n_intervals_valid;
  int vote_delay;
  int dist_delay;
} vote_timing_t;

/********************************* geoip.c **************************/

typedef enum {
  GEOIP_CLIENT_CONNECT = 0,
  GEOIP_CLIENT_NETWORKSTATUS = 1,
} geoip_client_action_t;
typedef enum {
  GEOIP_SUCCESS = 0,
  GEOIP_REJECT_NOT_ENOUGH_SIGS = 1,
  GEOIP_REJECT_UNAVAILABLE = 2,
  GEOIP_REJECT_NOT_FOUND = 3,
  GEOIP_REJECT_NOT_MODIFIED = 4,
  GEOIP_REJECT_BUSY = 5,
} geoip_ns_response_t;
#define GEOIP_NS_RESPONSE_NUM 6

typedef enum {
  DIRREQ_DIRECT = 0,
  DIRREQ_TUNNELED = 1,
} dirreq_type_t;

typedef enum {
  DIRREQ_IS_FOR_NETWORK_STATUS = 0,
  DIRREQ_FLUSHING_DIR_CONN_FINISHED = 1,
  DIRREQ_END_CELL_SENT = 2,
  DIRREQ_CIRC_QUEUE_FLUSHED = 3,
  DIRREQ_CHANNEL_BUFFER_FLUSHED = 4
} dirreq_state_t;

#define WRITE_STATS_INTERVAL (24*60*60)

/********************************* microdesc.c *************************/

typedef struct microdesc_cache_t microdesc_cache_t;

/********************************* networkstatus.c *********************/

typedef enum version_status_t {
  VS_RECOMMENDED=0, 
  VS_OLD=1, 
  VS_NEW=2, 
  VS_NEW_IN_SERIES=3, 
  VS_UNRECOMMENDED=4, 
  VS_EMPTY=5, 
  VS_UNKNOWN, 
} version_status_t;

/********************************* policies.c ************************/

typedef enum {
  ADDR_POLICY_ACCEPTED=0,
  ADDR_POLICY_REJECTED=-1,
  ADDR_POLICY_PROBABLY_ACCEPTED=1,
  ADDR_POLICY_PROBABLY_REJECTED=2,
} addr_policy_result_t;

/********************************* rephist.c ***************************/

typedef enum {
  SIGN_DIR, SIGN_RTR,
  VERIFY_DIR, VERIFY_RTR,
  ENC_ONIONSKIN, DEC_ONIONSKIN,
  TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
  REND_CLIENT, REND_MID, REND_SERVER,
} pk_op_t;

/********************************* rendcommon.c ***************************/

typedef struct rend_authorized_client_t {
  char *client_name;
  uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN];
  crypto_pk_t *client_key;
} rend_authorized_client_t;

typedef struct rend_encoded_v2_service_descriptor_t {
  char desc_id[DIGEST_LEN]; 
  char *desc_str; 
} rend_encoded_v2_service_descriptor_t;

#define MAX_INTRO_POINT_REACHABILITY_FAILURES 5

#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384
/* Double the minimum value so the interval is [min, min * 2]. */
#define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \
  (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2)

#define INTRO_POINT_LIFETIME_MIN_SECONDS (18*60*60)

#define INTRO_POINT_LIFETIME_MAX_SECONDS (24*60*60)

#define MAX_INTRO_POINT_CIRCUIT_RETRIES 3

typedef struct rend_intro_point_t {
  extend_info_t *extend_info; 
  crypto_pk_t *intro_key; 
  unsigned int timed_out : 1;

  unsigned int unreachable_count : 3;

  unsigned int listed_in_last_desc : 1;

  replaycache_t *accepted_intro_rsa_parts;

  int accepted_introduce2_count;

  int max_introductions;

  time_t time_published;

  time_t time_to_expire;

  unsigned int circuit_retries;

  unsigned int circuit_established:1;
} rend_intro_point_t;

#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16

typedef struct rend_service_descriptor_t {
  crypto_pk_t *pk; 
  int version; 
  time_t timestamp; 
  unsigned protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH;
  smartlist_t *intro_nodes;
  int all_uploads_performed;
  smartlist_t *successful_uploads;
} rend_service_descriptor_t;

/********************************* routerlist.c ***************************/

typedef struct dir_server_t {
  char *description;
  char *nickname;
  char *address; 
  /* XX/teor - why do we duplicate the address and port fields here and in
   *           fake_status? Surely we could just use fake_status (#17867). */
  tor_addr_t ipv6_addr; 
  uint32_t addr; 
  uint16_t dir_port; 
  uint16_t or_port; 
  uint16_t ipv6_orport; 
  double weight; 
  char digest[DIGEST_LEN]; 
  char v3_identity_digest[DIGEST_LEN]; 
  unsigned int is_running:1; 
  unsigned int is_authority:1; 
  unsigned int has_accepted_serverdesc:1;

  dirinfo_type_t type;

  time_t addr_current_at; 
  routerstatus_t fake_status; 
} dir_server_t;

#define RELAY_REQUIRED_MIN_BANDWIDTH (75*1024)
#define BRIDGE_REQUIRED_MIN_BANDWIDTH (50*1024)

#define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX

/* Flags for pick_directory_server() and pick_trusteddirserver(). */
#define PDS_ALLOW_SELF                 (1<<0)

#define PDS_RETRY_IF_NO_SERVERS        (1<<1)

#define PDS_IGNORE_FASCISTFIREWALL     (1<<2)

#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3)

#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4)

typedef enum bandwidth_weight_rule_t {
  NO_WEIGHTING, WEIGHT_FOR_EXIT, WEIGHT_FOR_MID, WEIGHT_FOR_GUARD,
  WEIGHT_FOR_DIR
} bandwidth_weight_rule_t;

typedef enum {
  CRN_NEED_UPTIME = 1<<0,
  CRN_NEED_CAPACITY = 1<<1,
  CRN_NEED_GUARD = 1<<2,
  /* XXXX not used, apparently. */
  CRN_WEIGHT_AS_EXIT = 1<<5,
  CRN_NEED_DESC = 1<<6,
  /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
  CRN_PREF_ADDR = 1<<7,
  /* On clients, only provide nodes that we can connect to directly, based on
   * our firewall rules */
  CRN_DIRECT_CONN = 1<<8,
  /* On clients, only provide nodes with HSRend >= 2 protocol version which
   * is required for hidden service version >= 3. */
  CRN_RENDEZVOUS_V3 = 1<<9,
} router_crn_flags_t;

typedef enum was_router_added_t {
  /* Router was added successfully. */
  ROUTER_ADDED_SUCCESSFULLY = 1,
  /* Extrainfo document was rejected because no corresponding router
   * descriptor was found OR router descriptor was rejected because
   * it was incompatible with its extrainfo document. */
  ROUTER_BAD_EI = -1,
  /* Router descriptor was rejected because it is already known. */
  ROUTER_IS_ALREADY_KNOWN = -2,
  /* General purpose router was rejected, because it was not listed
   * in consensus. */
  ROUTER_NOT_IN_CONSENSUS = -3,
  /* Router was neither in directory consensus nor in any of
   * networkstatus documents. Caching it to access later.
   * (Applies to fetched descriptors only.) */
  ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4,
  /* Router was rejected by directory authority. */
  ROUTER_AUTHDIR_REJECTS = -5,
  /* Bridge descriptor was rejected because such bridge was not one
   * of the bridges we have listed in our configuration. */
  ROUTER_WAS_NOT_WANTED = -6,
  /* Router descriptor was rejected because it was older than
   * OLD_ROUTER_DESC_MAX_AGE. */
  ROUTER_WAS_TOO_OLD = -7, /* note contrast with 'NOT_NEW' */
  /* DOCDOC */
  ROUTER_CERTS_EXPIRED = -8
} was_router_added_t;

/********************************* routerparse.c ************************/

#define MAX_STATUS_TAG_LEN 32

typedef struct tor_version_t {
  int major;
  int minor;
  int micro;
  enum { VER_PRE=0, VER_RC=1, VER_RELEASE=2, } status;
  int patchlevel;
  char status_tag[MAX_STATUS_TAG_LEN];
  int svn_revision;

  int git_tag_len;
  char git_tag[DIGEST_LEN];
} tor_version_t;

#endif /* !defined(TOR_OR_H) */