[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r9104: Some more documentation and specs for CONNECT_DIR and BEGIN_ (in tor/trunk: doc src/or)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r9104: Some more documentation and specs for CONNECT_DIR and BEGIN_ (in tor/trunk: doc src/or)
From: arma@xxxxxxxx
Date: Wed, 13 Dec 2006 17:42:57 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Wed, 13 Dec 2006 17:43:24 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: arma
Date: 2006-12-13 17:42:52 -0500 (Wed, 13 Dec 2006)
New Revision: 9104

Modified:
   tor/trunk/doc/TODO
   tor/trunk/doc/socks-extensions.txt
   tor/trunk/doc/tor-spec.txt
   tor/trunk/src/or/connection_edge.c
   tor/trunk/src/or/or.h
Log:
Some more documentation and specs for CONNECT_DIR and BEGIN_DIR.

Demand that BEGIN_DIR cells have an empty payload.


Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2006-12-13 17:42:43 UTC (rev 9103)
+++ tor/trunk/doc/TODO	2006-12-13 22:42:52 UTC (rev 9104)
@@ -54,7 +54,10 @@
     o Implement
     o Use for something, so we can be sure it works.
     o Test and debug
-    - be able to connect without having a server descriptor, to bootstrap
+    - turn the received socks addr:port into a digest for setting .exit
+    - be able to connect without having a server descriptor, to bootstrap.
+      - handle connect-dir streams that don't have a chosen_exit_name set.
+      - include ORPort in DirServers lines so we can know where to connect.
 
 N - Document .noconnect addresses... but where?
 

Modified: tor/trunk/doc/socks-extensions.txt
===================================================================
--- tor/trunk/doc/socks-extensions.txt	2006-12-13 17:42:43 UTC (rev 9103)
+++ tor/trunk/doc/socks-extensions.txt	2006-12-13 22:42:52 UTC (rev 9104)
@@ -53,8 +53,16 @@
   address" portion of the reply.
   (This command was not supported before Tor 0.1.2.2-alpha.)
 
-3. HTTP-resistance
+3. Other command extensions.
 
+  Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
+  In this case, Tor will open an encrypted direct TCP connection to the
+  directory port of the Tor server specified by address:port (the port
+  specified should be the ORPort of the server). It uses a one-hop tunnel
+  and a "BEGIN_DIR" relay cell to accomplish this secure connection.
+
+4. HTTP-resistance
+
   Tor checks the first byte of each SOCKS request to see whether it looks
   more like an HTTP request (that is, it starts with a "G", "H", or "P").  If
   so, Tor returns a small webpage, telling the user that his/her browser is

Modified: tor/trunk/doc/tor-spec.txt
===================================================================
--- tor/trunk/doc/tor-spec.txt	2006-12-13 17:42:43 UTC (rev 9103)
+++ tor/trunk/doc/tor-spec.txt	2006-12-13 22:42:52 UTC (rev 9104)
@@ -733,6 +733,9 @@
    If the Tor server is not running a directory service, it should respond
    with a REASON_NOTDIRECTORY RELAY_END cell.
 
+   Clients MUST generate an all-zero payload for RELAY_BEGIN_DIR cells,
+   and servers MUST ignore the payload.
+
    [RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients
    SHOULD NOT send it to routers running earlier versions of Tor.]
 

Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c	2006-12-13 17:42:43 UTC (rev 9103)
+++ tor/trunk/src/or/connection_edge.c	2006-12-13 22:42:52 UTC (rev 9104)
@@ -1651,8 +1651,9 @@
     tor_assert(circ->build_state->onehop_tunnel == 0);
   }
 
-  if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ),
-                                   begin_type, payload, payload_len,
+  if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ), begin_type,
+                  begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
+                  begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0,
                                    ap_conn->cpath_layer) < 0)
     return -1; /* circuit is closed, don't continue */
 

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2006-12-13 17:42:43 UTC (rev 9103)
+++ tor/trunk/src/or/or.h	2006-12-13 22:42:52 UTC (rev 9104)
@@ -1185,7 +1185,9 @@
   int need_capacity;
   /** Whether the last hop was picked with exiting in mind. */
   int is_internal;
-  /** Did we pick this as a one-hop tunnel (not safe for other conns)? */
+  /** Did we pick this as a one-hop tunnel (not safe for other conns)?
+   * These are for encrypted connections that exit to this router, not
+   * for arbitrary exits from the circuit. */
   int onehop_tunnel;
   /** The crypt_path_t to append after rendezvous: used for rendezvous. */
   crypt_path_t *pending_final_cpath;
@@ -1710,10 +1712,16 @@
 #define MAX_SOCKS_REPLY_LEN 1024
 #define MAX_SOCKS_ADDR_LEN 256
 
-#define SOCKS_COMMAND_CONNECT 0x01
-#define SOCKS_COMMAND_CONNECT_DIR 0xE0
-#define SOCKS_COMMAND_RESOLVE 0xF0
-#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
+/** Please open a TCP connection to this addr:port. */
+#define SOCKS_COMMAND_CONNECT       0x01
+/** Please turn this FQDN into an IP address, privately. */
+#define SOCKS_COMMAND_RESOLVE       0xF0
+/** Please turn this IP address into an FQDN, privately. */
+#define SOCKS_COMMAND_RESOLVE_PTR   0xF1
+/** Please open an encrypted direct TCP connection to the directory port
+ * of the Tor server specified by address:port. (In this case address:port
+ * specifies the ORPort of the server.) */
+#define SOCKS_COMMAND_CONNECT_DIR   0xF2
 
 #define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \
                                      (c)==SOCKS_COMMAND_CONNECT_DIR)
@@ -1722,8 +1730,11 @@
 
 /** State of a SOCKS request from a user to an OP */
 struct socks_request_t {
-  char socks_version; /**< Which version of SOCKS did the client use? */
-  int command; /**< What has the user requested? One from the above list. */
+  /** Which version of SOCKS did the client use? One of "0, 4, 5" -- where
+   * 0 means that no socks handshake ever took place, and this is just a
+   * stub connection (e.g. see connection_ap_make_bridge()). */
+  char socks_version;
+  int command; /**< What is this stream's goal? One from the above list. */
   size_t replylen; /**< Length of <b>reply</b>. */
   char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
                                     * we want to specify our own socks reply,

Prev by Author: [or-cvs] r9103: add a docs/zh-cn for hanru to edit (website/trunk/docs)
Next by Author: [or-cvs] r9107: when we're doing a write split over the end of a circular bu (tor/trunk/src/or)
Previous by thread: [or-cvs] r9103: add a docs/zh-cn for hanru to edit (website/trunk/docs)
Next by thread: [or-cvs] r9105: Try to fix an assert failure in new write limiting code: mak (in tor/trunk: . src/common src/or)
Index(es):
- Author
- Thread