Header file for rendservice.c. More...
Go to the source code of this file.
Data Structures | |
| struct | rend_intro_cell_s |
Macros | |
| #define | rend_service_free_intro(req) |
| #define | rend_service_port_config_free(p) |
| #define | rend_authorized_client_free(client) |
Typedefs | |
| typedef struct rend_intro_cell_s | rend_intro_cell_t |
Functions | |
| int | rend_num_services (void) |
| int | rend_config_service (const config_line_t *line_, const or_options_t *options, hs_service_config_t *config) |
| void | rend_service_prune_list (void) |
| void | rend_service_free_staging_list (void) |
| int | rend_service_load_all_keys (const smartlist_t *service_list) |
| void | rend_services_add_filenames_to_lists (smartlist_t *open_lst, smartlist_t *stat_lst) |
| void | rend_consider_services_intro_points (time_t now) |
| void | rend_consider_services_upload (time_t now) |
| void | rend_hsdir_routers_changed (void) |
| void | rend_consider_descriptor_republication (void) |
| void | rend_service_intro_has_opened (origin_circuit_t *circuit) |
| int | rend_service_intro_established (origin_circuit_t *circuit, const uint8_t *request, size_t request_len) |
| void | rend_service_rendezvous_has_opened (origin_circuit_t *circuit) |
| int | rend_service_receive_introduction (origin_circuit_t *circuit, const uint8_t *request, size_t request_len) |
| int | rend_service_decrypt_intro (rend_intro_cell_t *request, crypto_pk_t *key, char **err_msg_out) |
| void | rend_service_free_intro_ (rend_intro_cell_t *request) |
| rend_intro_cell_t * | rend_service_begin_parse_intro (const uint8_t *request, size_t request_len, uint8_t type, char **err_msg_out) |
| int | rend_service_parse_intro_plaintext (rend_intro_cell_t *intro, char **err_msg_out) |
| ssize_t | rend_service_encode_establish_intro_cell (char *cell_body_out, size_t cell_body_out_len, crypto_pk_t *intro_key, const char *rend_circ_nonce) |
| int | rend_service_validate_intro_late (const rend_intro_cell_t *intro, char **err_msg_out) |
| void | rend_service_relaunch_rendezvous (origin_circuit_t *oldcirc) |
| int | rend_service_set_connection_addr_port (edge_connection_t *conn, origin_circuit_t *circ) |
| void | rend_service_dump_stats (int severity) |
| void | rend_service_free_all (void) |
| void | rend_service_init (void) |
| rend_service_port_config_t * | rend_service_parse_port_config (const char *string, const char *sep, char **err_msg_out) |
| void | rend_service_port_config_free_ (rend_service_port_config_t *p) |
| void | rend_authorized_client_free_ (rend_authorized_client_t *client) |
| hs_service_add_ephemeral_status_t | rend_service_add_ephemeral (crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit, rend_auth_type_t auth_type, smartlist_t *auth_clients, char **service_id_out) |
| int | rend_service_del_ephemeral (const char *service_id) |
| void | directory_post_to_hs_dir (rend_service_descriptor_t *renddesc, smartlist_t *descs, smartlist_t *hs_dirs, const char *service_id, int seconds_valid) |
| void | rend_service_desc_has_uploaded (const rend_data_t *rend_data) |
| int | rend_service_allow_non_anonymous_connection (const or_options_t *options) |
| int | rend_service_reveal_startup_time (const or_options_t *options) |
| int | rend_service_non_anonymous_mode_enabled (const or_options_t *options) |
Detailed Description
Header file for rendservice.c.
Macro Definition Documentation
◆ rend_authorized_client_free
| #define rend_authorized_client_free | ( | client | ) |
◆ rend_service_free_intro
| #define rend_service_free_intro | ( | req | ) |
◆ rend_service_port_config_free
| #define rend_service_port_config_free | ( | p | ) |
Function Documentation
◆ directory_post_to_hs_dir()
| void directory_post_to_hs_dir | ( | rend_service_descriptor_t * | renddesc, |
| smartlist_t * | descs, | ||
| smartlist_t * | hs_dirs, | ||
| const char * | service_id, | ||
| int | seconds_valid | ||
| ) |
Upload the rend_encoded_v2_service_descriptor_t's in descs associated with the rend_service_descriptor_t renddesc to the responsible hidden service directories OR the hidden service directories specified by hs_dirs; service_id and seconds_valid are only passed for logging purposes.
If any HSDirs are specified, they should be used instead of the responsible directories
◆ rend_authorized_client_free_()
| void rend_authorized_client_free_ | ( | rend_authorized_client_t * | client | ) |
Helper: free storage held by a single service authorized client entry.
◆ rend_consider_descriptor_republication()
| void rend_consider_descriptor_republication | ( | void | ) |
Consider republication of v2 rendezvous service descriptors that failed previously, but without regenerating descriptor contents.
◆ rend_consider_services_intro_points()
| void rend_consider_services_intro_points | ( | time_t | now | ) |
For every service, check how many intro points it currently has, and:
- Invalidate introdution points based on specific criteria, see remove_invalid_intro_points comments.
- Pick new intro points as necessary.
- Launch circuits to any new intro points.
This is called once a second by the main loop.
◆ rend_consider_services_upload()
| void rend_consider_services_upload | ( | time_t | now | ) |
Regenerate and upload rendezvous service descriptors for all services, if necessary. If the descriptor has been dirty enough for long enough, definitely upload; else only upload when the periodic timeout has expired.
For the first upload, pick a random time between now and two periods from now, and pick it independently for each service.
◆ rend_hsdir_routers_changed()
| void rend_hsdir_routers_changed | ( | void | ) |
Called when our internal view of the directory has changed, so that we might have router descriptors of hidden service directories available that we did not have before.
◆ rend_num_services()
| int rend_num_services | ( | void | ) |
Return the number of rendezvous services we have configured.
◆ rend_service_add_ephemeral()
| hs_service_add_ephemeral_status_t rend_service_add_ephemeral | ( | crypto_pk_t * | pk, |
| smartlist_t * | ports, | ||
| int | max_streams_per_circuit, | ||
| int | max_streams_close_circuit, | ||
| rend_auth_type_t | auth_type, | ||
| smartlist_t * | auth_clients, | ||
| char ** | service_id_out | ||
| ) |
Add the ephemeral service pk/ports if possible, using client authorization auth_type and an optional list of rend_authorized_client_t in auth_clients, with max_streams_per_circuit streams allowed per rendezvous circuit, and circuit closure on max streams being exceeded set by max_streams_close_circuit.
Ownership of pk, ports, and auth_clients is passed to this routine. Regardless of success/failure, callers should not touch these values after calling this routine, and may assume that correct cleanup has been done on failure.
Return an appropriate hs_service_add_ephemeral_status_t.
◆ rend_service_begin_parse_intro()
| rend_intro_cell_t* rend_service_begin_parse_intro | ( | const uint8_t * | request, |
| size_t | request_len, | ||
| uint8_t | type, | ||
| char ** | err_msg_out | ||
| ) |
Parse an INTRODUCE1 or INTRODUCE2 cell into a newly allocated rend_intro_cell_t structure. Free it with rend_service_free_intro() when finished. The type parameter should be 1 or 2 to indicate whether this is INTRODUCE1 or INTRODUCE2. This parses only the non-encrypted parts; after this, call rend_service_decrypt_intro() with a key, then rend_service_parse_intro_plaintext() to finish parsing. The optional err_msg_out parameter is set to a string suitable for log output if parsing fails. This function does some validation, but only that which depends solely on the contents of the cell and the key; it can be unit-tested. Further validation is done in rend_service_validate_intro().
◆ rend_service_decrypt_intro()
| int rend_service_decrypt_intro | ( | rend_intro_cell_t * | intro, |
| crypto_pk_t * | key, | ||
| char ** | err_msg_out | ||
| ) |
Decrypt the encrypted part of an INTRODUCE1 or INTRODUCE2 cell, return 0 if successful, or < 0 and write an error message to *err_msg_out if provided.
◆ rend_service_del_ephemeral()
| int rend_service_del_ephemeral | ( | const char * | service_id | ) |
Remove the ephemeral service service_id if possible. Returns 0 on success, and -1 on failure.
◆ rend_service_desc_has_uploaded()
| void rend_service_desc_has_uploaded | ( | const rend_data_t * | rend_data | ) |
A new descriptor has been successfully uploaded for the given rend_data. Remove and free the expiring nodes from the associated service.
◆ rend_service_dump_stats()
| void rend_service_dump_stats | ( | int | severity | ) |
Log the status of introduction points for all rendezvous services at log severity severity.
◆ rend_service_free_all()
| void rend_service_free_all | ( | void | ) |
Release all the storage held in both rend_service_list and rend_service_staging_list.
◆ rend_service_free_intro_()
| void rend_service_free_intro_ | ( | rend_intro_cell_t * | request | ) |
Free a parsed INTRODUCE1 or INTRODUCE2 cell that was allocated by rend_service_parse_intro().
◆ rend_service_intro_established()
| int rend_service_intro_established | ( | origin_circuit_t * | circuit, |
| const uint8_t * | request, | ||
| size_t | request_len | ||
| ) |
Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a live introduction point, and note that the service descriptor is now out-of-date.
◆ rend_service_intro_has_opened()
| void rend_service_intro_has_opened | ( | origin_circuit_t * | circuit | ) |
Called when we're done building a circuit to an introduction point: sends a RELAY_ESTABLISH_INTRO cell.
◆ rend_service_load_all_keys()
| int rend_service_load_all_keys | ( | const smartlist_t * | service_list | ) |
Load and/or generate private keys for all hidden services, possibly including keys for client authorization. If a service_list is provided, treat it as the list of hidden services (used in unittests). Otherwise, require that rend_service_list is not NULL. Return 0 on success, -1 on failure.
◆ rend_service_parse_intro_plaintext()
| int rend_service_parse_intro_plaintext | ( | rend_intro_cell_t * | intro, |
| char ** | err_msg_out | ||
| ) |
Parse the plaintext of the encrypted part of an INTRODUCE1 or INTRODUCE2 cell, return 0 if successful, or < 0 and write an error message to *err_msg_out if provided.
The rendezvous cookie and Diffie-Hellman stuff are version-invariant and at the end of the plaintext of the encrypted part of the cell.
◆ rend_service_parse_port_config()
| rend_service_port_config_t* rend_service_parse_port_config | ( | const char * | string, |
| const char * | sep, | ||
| char ** | err_msg_out | ||
| ) |
Parses a virtual-port to real-port/socket mapping separated by the provided separator and returns a new rend_service_port_config_t, or NULL and an optional error string on failure.
The format is: VirtualPort SEP (IP|RealPort|IP:RealPort|'socket':path)?
IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
◆ rend_service_port_config_free_()
| void rend_service_port_config_free_ | ( | rend_service_port_config_t * | p | ) |
Release all storage held in a rend_service_port_config_t.
◆ rend_service_receive_introduction()
| int rend_service_receive_introduction | ( | origin_circuit_t * | circuit, |
| const uint8_t * | request, | ||
| size_t | request_len | ||
| ) |
Respond to an INTRODUCE2 cell by launching a circuit to the chosen rendezvous point.
◆ rend_service_relaunch_rendezvous()
| void rend_service_relaunch_rendezvous | ( | origin_circuit_t * | oldcirc | ) |
Called when we fail building a rendezvous circuit at some point other than the last hop: launches a new circuit to the same rendezvous point.
◆ rend_service_rendezvous_has_opened()
| void rend_service_rendezvous_has_opened | ( | origin_circuit_t * | circuit | ) |
Called once a circuit to a rendezvous point is established: sends a RELAY_COMMAND_RENDEZVOUS1 cell.
◆ rend_service_set_connection_addr_port()
| int rend_service_set_connection_addr_port | ( | edge_connection_t * | conn, |
| origin_circuit_t * | circ | ||
| ) |
Given conn, a rendezvous exit stream, look up the hidden service for circ, and look up the port and address based on conn->port. Assign the actual conn->addr and conn->port. Return -2 on failure for which the circuit should be closed, -1 on other failure, or 0 for success.
◆ rend_service_validate_intro_late()
| int rend_service_validate_intro_late | ( | const rend_intro_cell_t * | intro, |
| char ** | err_msg_out | ||
| ) |
Do validity checks on a parsed intro cell after decryption; some of these are not done in rend_service_parse_intro_plaintext() itself because they depend on a lot of other state and would make it hard to unit test. Returns >= 0 if successful or < 0 if the intro cell is invalid, and optionally writes out an error message for logging. If an err_msg pointer is provided, it is the caller's responsibility to free any provided message.
◆ rend_services_add_filenames_to_lists()
| void rend_services_add_filenames_to_lists | ( | smartlist_t * | open_lst, |
| smartlist_t * | stat_lst | ||
| ) |
Add to open_lst every filename used by a configured hidden service, and to stat_lst every directory used by a configured hidden service
