Some more documentation and specs for CONNECT_DIR and BEGIN_DIR.

Demand that BEGIN_DIR cells have an empty payload.


svn:r9104

doc/TODO

@@ -54,7 +54,10 @@ R   - Specify actual events.
     o Implement
     o Use for something, so we can be sure it works.
     o Test and debug
-    - be able to connect without having a server descriptor, to bootstrap
+    - turn the received socks addr:port into a digest for setting .exit
+    - be able to connect without having a server descriptor, to bootstrap.
+      - handle connect-dir streams that don't have a chosen_exit_name set.
+      - include ORPort in DirServers lines so we can know where to connect.
 
 N - Document .noconnect addresses... but where?
 

doc/socks-extensions.txt

@@ -53,7 +53,15 @@ Tor's extensions to the SOCKS protocol
   address" portion of the reply.
   (This command was not supported before Tor 0.1.2.2-alpha.)
 
-3. HTTP-resistance
+3. Other command extensions.
+
+  Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
+  In this case, Tor will open an encrypted direct TCP connection to the
+  directory port of the Tor server specified by address:port (the port
+  specified should be the ORPort of the server). It uses a one-hop tunnel
+  and a "BEGIN_DIR" relay cell to accomplish this secure connection.
+
+4. HTTP-resistance
 
   Tor checks the first byte of each SOCKS request to see whether it looks
   more like an HTTP request (that is, it starts with a "G", "H", or "P").  If

doc/tor-spec.txt

@@ -733,6 +733,9 @@ TODO:
    If the Tor server is not running a directory service, it should respond
    with a REASON_NOTDIRECTORY RELAY_END cell.
 
+   Clients MUST generate an all-zero payload for RELAY_BEGIN_DIR cells,
+   and servers MUST ignore the payload.
+
    [RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients
    SHOULD NOT send it to routers running earlier versions of Tor.]
 

src/or/connection_edge.c

@@ -1651,8 +1651,9 @@ connection_ap_handshake_send_begin(edge_connection_t *ap_conn,
     tor_assert(circ->build_state->onehop_tunnel == 0);
   }
 
-  if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ),
-                                   begin_type, payload, payload_len,
+  if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ), begin_type,
+                  begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
+                  begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0,
                                    ap_conn->cpath_layer) < 0)
     return -1; /* circuit is closed, don't continue */
 

src/or/or.h

@@ -1185,7 +1185,9 @@ typedef struct {
   int need_capacity;
   /** Whether the last hop was picked with exiting in mind. */
   int is_internal;
-  /** Did we pick this as a one-hop tunnel (not safe for other conns)? */
+  /** Did we pick this as a one-hop tunnel (not safe for other conns)?
+   * These are for encrypted connections that exit to this router, not
+   * for arbitrary exits from the circuit. */
   int onehop_tunnel;
   /** The crypt_path_t to append after rendezvous: used for rendezvous. */
   crypt_path_t *pending_final_cpath;
@@ -1710,10 +1712,16 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
 #define MAX_SOCKS_REPLY_LEN 1024
 #define MAX_SOCKS_ADDR_LEN 256
 
-#define SOCKS_COMMAND_CONNECT 0x01
-#define SOCKS_COMMAND_CONNECT_DIR 0xE0
-#define SOCKS_COMMAND_RESOLVE 0xF0
-#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
+/** Please open a TCP connection to this addr:port. */
+#define SOCKS_COMMAND_CONNECT       0x01
+/** Please turn this FQDN into an IP address, privately. */
+#define SOCKS_COMMAND_RESOLVE       0xF0
+/** Please turn this IP address into an FQDN, privately. */
+#define SOCKS_COMMAND_RESOLVE_PTR   0xF1
+/** Please open an encrypted direct TCP connection to the directory port
+ * of the Tor server specified by address:port. (In this case address:port
+ * specifies the ORPort of the server.) */
+#define SOCKS_COMMAND_CONNECT_DIR   0xF2
 
 #define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \
                                      (c)==SOCKS_COMMAND_CONNECT_DIR)
@@ -1722,8 +1730,11 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
 
 /** State of a SOCKS request from a user to an OP */
 struct socks_request_t {
-  char socks_version; /**< Which version of SOCKS did the client use? */
-  int command; /**< What has the user requested? One from the above list. */
+  /** Which version of SOCKS did the client use? One of "0, 4, 5" -- where
+   * 0 means that no socks handshake ever took place, and this is just a
+   * stub connection (e.g. see connection_ap_make_bridge()). */
+  char socks_version;
+  int command; /**< What is this stream's goal? One from the above list. */
   size_t replylen; /**< Length of <b>reply</b>. */
   char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
                                     * we want to specify our own socks reply,