Merge branch 'split_mainloop_onion'

src/app/config/config.c

@@ -1,4 +1,3 @@
-
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
@@ -96,7 +95,8 @@
 #include "lib/log/git_revision.h"
 #include "feature/stats/geoip.h"
 #include "feature/hibernate/hibernate.h"
-#include "core/mainloop/main.h"
+#include "app/main/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/policies.h"

src/app/config/statefile.c

@@ -33,11 +33,11 @@
 #include "core/or/circuitstats.h"
 #include "app/config/config.h"
 #include "app/config/confparse.h"
+#include "core/mainloop/mainloop.h"
 #include "core/mainloop/connection.h"
 #include "feature/control/control.h"
 #include "feature/client/entrynodes.h"
 #include "feature/hibernate/hibernate.h"
-#include "core/mainloop/main.h"
 #include "feature/stats/rephist.h"
 #include "feature/relay/router.h"
 #include "lib/sandbox/sandbox.h"

src/app/main/main.c

@@ -0,0 +1,1515 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file main.c
+ * \brief Invocation module.  Initializes subsystems and runs the main loop.
+ **/
+
+#include "core/or/or.h"
+
+#include "feature/client/addressmap.h"
+#include "lib/err/backtrace.h"
+#include "feature/client/bridges.h"
+#include "lib/container/buffers.h"
+#include "core/or/channel.h"
+#include "core/or/channeltls.h"
+#include "core/or/channelpadding.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuitmux_ewma.h"
+#include "core/or/command.h"
+#include "lib/compress/compress.h"
+#include "app/config/config.h"
+#include "core/mainloop/connection.h"
+#include "core/or/connection_edge.h"
+#include "core/or/connection_or.h"
+#include "feature/dircache/consdiffmgr.h"
+#include "feature/control/control.h"
+#include "core/mainloop/cpuworker.h"
+#include "lib/crypt_ops/crypto_s2k.h"
+#include "lib/crypt_ops/crypto_rand.h"
+#include "feature/dircache/dirserv.h"
+#include "feature/dirauth/bwauth.h"
+#include "feature/dirauth/process_descs.h"
+#include "feature/relay/dns.h"
+#include "feature/client/entrynodes.h"
+#include "feature/stats/geoip.h"
+#include "feature/hibernate/hibernate.h"
+#include "feature/hs/hs_cache.h"
+#include "feature/dirauth/keypin.h"
+#include "app/main/main.h"
+#include "core/mainloop/mainloop.h"
+#include "feature/nodelist/microdesc.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/nodelist/nodelist.h"
+#include "app/main/ntmain.h"
+#include "feature/relay/onion_queue.h"
+#include "core/or/policies.h"
+#include "core/or/protover.h"
+#include "feature/client/transports.h"
+#include "core/or/relay.h"
+#include "feature/rend/rendcache.h"
+#include "feature/rend/rendclient.h"
+#include "feature/rend/rendservice.h"
+#include "feature/stats/rephist.h"
+#include "feature/relay/router.h"
+#include "feature/relay/routerkeys.h"
+#include "feature/nodelist/authcert.h"
+#include "feature/nodelist/routerlist.h"
+#include "feature/nodelist/routerparse.h"
+#include "core/or/scheduler.h"
+#include "app/config/statefile.h"
+#include "core/or/status.h"
+#include "feature/api/tor_api.h"
+#include "feature/api/tor_api_internal.h"
+#include "lib/process/waitpid.h"
+#include "feature/relay/ext_orport.h"
+#include "lib/meminfo/meminfo.h"
+#include "lib/osinfo/uname.h"
+#include "lib/sandbox/sandbox.h"
+#include "lib/fs/lockfile.h"
+#include "lib/net/resolve.h"
+#include "lib/tls/tortls.h"
+#include "lib/evloop/compat_libevent.h"
+#include "lib/encoding/confline.h"
+#include "lib/evloop/timers.h"
+#include "lib/crypt_ops/crypto_init.h"
+
+#include <event2/event.h>
+
+#include "feature/dirauth/dirvote.h"
+#include "feature/dirauth/mode.h"
+#include "feature/dirauth/shared_random.h"
+
+#include "core/or/or_connection_st.h"
+#include "core/or/port_cfg_st.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYSTEMD
+#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
+/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
+ * Coverity. Here's a kludge to unconfuse it.
+ */
+#   define __INCLUDE_LEVEL__ 2
+#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
+#include <systemd/sd-daemon.h>
+#endif /* defined(HAVE_SYSTEMD) */
+
+void evdns_shutdown(int);
+
+#ifdef HAVE_RUST
+// helper function defined in Rust to output a log message indicating if tor is
+// running with Rust enabled. See src/rust/tor_util
+void rust_log_welcome_string(void);
+#endif
+
+/********* PROTOTYPES **********/
+
+static void dumpmemusage(int severity);
+static void dumpstats(int severity); /* log stats */
+static void process_signal(int sig);
+
+/********* START VARIABLES **********/
+
+/** Decides our behavior when no logs are configured/before any
+ * logs have been configured.  For 0, we log notice to stdout as normal.
+ * For 1, we log warnings only.  For 2, we log nothing.
+ */
+int quiet_level = 0;
+
+/********* END VARIABLES ************/
+
+/** Called when we get a SIGHUP: reload configuration files and keys,
+ * retry all connections, and so on. */
+static int
+do_hup(void)
+{
+  const or_options_t *options = get_options();
+
+  log_notice(LD_GENERAL,"Received reload signal (hup). Reloading config and "
+             "resetting internal state.");
+  if (accounting_is_enabled(options))
+    accounting_record_bandwidth_usage(time(NULL), get_or_state());
+
+  router_reset_warnings();
+  routerlist_reset_warnings();
+  /* first, reload config variables, in case they've changed */
+  if (options->ReloadTorrcOnSIGHUP) {
+    /* no need to provide argc/v, they've been cached in init_from_config */
+    int init_rv = options_init_from_torrc(0, NULL);
+    if (init_rv < 0) {
+      log_err(LD_CONFIG,"Reading config failed--see warnings above. "
+              "For usage, try -h.");
+      return -1;
+    } else if (BUG(init_rv > 0)) {
+      // LCOV_EXCL_START
+      /* This should be impossible: the only "return 1" cases in
+       * options_init_from_torrc are ones caused by command-line arguments;
+       * but they can't change while Tor is running. */
+      return -1;
+      // LCOV_EXCL_STOP
+    }
+    options = get_options(); /* they have changed now */
+    /* Logs are only truncated the first time they are opened, but were
+       probably intended to be cleaned up on signal. */
+    if (options->TruncateLogFile)
+      truncate_logs();
+  } else {
+    char *msg = NULL;
+    log_notice(LD_GENERAL, "Not reloading config file: the controller told "
+               "us not to.");
+    /* Make stuff get rescanned, reloaded, etc. */
+    if (set_options((or_options_t*)options, &msg) < 0) {
+      if (!msg)
+        msg = tor_strdup("Unknown error");
+      log_warn(LD_GENERAL, "Unable to re-set previous options: %s", msg);
+      tor_free(msg);
+    }
+  }
+  if (authdir_mode(options)) {
+    /* reload the approved-routers file */
+    if (dirserv_load_fingerprint_file() < 0) {
+      /* warnings are logged from dirserv_load_fingerprint_file() directly */
+      log_info(LD_GENERAL, "Error reloading fingerprints. "
+               "Continuing with old list.");
+    }
+  }
+
+  /* Rotate away from the old dirty circuits. This has to be done
+   * after we've read the new options, but before we start using
+   * circuits for directory fetches. */
+  circuit_mark_all_dirty_circs_as_unusable();
+
+  /* retry appropriate downloads */
+  router_reset_status_download_failures();
+  router_reset_descriptor_download_failures();
+  if (!net_is_disabled())
+    update_networkstatus_downloads(time(NULL));
+
+  /* We'll retry routerstatus downloads in about 10 seconds; no need to
+   * force a retry there. */
+
+  if (server_mode(options)) {
+    /* Maybe we've been given a new ed25519 key or certificate?
+     */
+    time_t now = approx_time();
+    int new_signing_key = load_ed_keys(options, now);
+    if (new_signing_key < 0 ||
+        generate_ed_link_cert(options, now, new_signing_key > 0)) {
+      log_warn(LD_OR, "Problem reloading Ed25519 keys; still using old keys.");
+    }
+
+    /* Update cpuworker and dnsworker processes, so they get up-to-date
+     * configuration options. */
+    cpuworkers_rotate_keyinfo();
+    dns_reset();
+  }
+  return 0;
+}
+
+/** Libevent callback: invoked when we get a signal.
+ */
+static void
+signal_callback(evutil_socket_t fd, short events, void *arg)
+{
+  const int *sigptr = arg;
+  const int sig = *sigptr;
+  (void)fd;
+  (void)events;
+
+  update_current_time(time(NULL));
+  process_signal(sig);
+}
+
+/** Do the work of acting on a signal received in <b>sig</b> */
+static void
+process_signal(int sig)
+{
+  switch (sig)
+    {
+    case SIGTERM:
+      log_notice(LD_GENERAL,"Catching signal TERM, exiting cleanly.");
+      tor_shutdown_event_loop_and_exit(0);
+      break;
+    case SIGINT:
+      if (!server_mode(get_options())) { /* do it now */
+        log_notice(LD_GENERAL,"Interrupt: exiting cleanly.");
+        tor_shutdown_event_loop_and_exit(0);
+        return;
+      }
+#ifdef HAVE_SYSTEMD
+      sd_notify(0, "STOPPING=1");
+#endif
+      hibernate_begin_shutdown();
+      break;
+#ifdef SIGPIPE
+    case SIGPIPE:
+      log_debug(LD_GENERAL,"Caught SIGPIPE. Ignoring.");
+      break;
+#endif
+    case SIGUSR1:
+      /* prefer to log it at INFO, but make sure we always see it */
+      dumpstats(get_min_log_level()<LOG_INFO ? get_min_log_level() : LOG_INFO);
+      control_event_signal(sig);
+      break;
+    case SIGUSR2:
+      switch_logs_debug();
+      log_debug(LD_GENERAL,"Caught USR2, going to loglevel debug. "
+                "Send HUP to change back.");
+      control_event_signal(sig);
+      break;
+    case SIGHUP:
+#ifdef HAVE_SYSTEMD
+      sd_notify(0, "RELOADING=1");
+#endif
+      if (do_hup() < 0) {
+        log_warn(LD_CONFIG,"Restart failed (config error?). Exiting.");
+        tor_shutdown_event_loop_and_exit(1);
+        return;
+      }
+#ifdef HAVE_SYSTEMD
+      sd_notify(0, "READY=1");
+#endif
+      control_event_signal(sig);
+      break;
+#ifdef SIGCHLD
+    case SIGCHLD:
+      notify_pending_waitpid_callbacks();
+      break;
+#endif
+    case SIGNEWNYM: {
+      do_signewnym(time(NULL));
+      break;
+    }
+    case SIGCLEARDNSCACHE:
+      addressmap_clear_transient();
+      control_event_signal(sig);
+      break;
+    case SIGHEARTBEAT:
+      log_heartbeat(time(NULL));
+      control_event_signal(sig);
+      break;
+  }
+}
+
+/**
+ * Write current memory usage information to the log.
+ */
+static void
+dumpmemusage(int severity)
+{
+  connection_dump_buffer_mem_stats(severity);
+  tor_log(severity, LD_GENERAL, "In rephist: %"PRIu64" used by %d Tors.",
+      (rephist_total_alloc), rephist_total_num);
+  dump_routerlist_mem_usage(severity);
+  dump_cell_pool_usage(severity);
+  dump_dns_mem_usage(severity);
+  tor_log_mallinfo(severity);
+}
+
+/** Write all statistics to the log, with log level <b>severity</b>. Called
+ * in response to a SIGUSR1. */
+static void
+dumpstats(int severity)
+{
+  time_t now = time(NULL);
+  time_t elapsed;
+  size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
+
+  tor_log(severity, LD_GENERAL, "Dumping stats:");
+
+  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
+    int i = conn_sl_idx;
+    tor_log(severity, LD_GENERAL,
+        "Conn %d (socket %d) type %d (%s), state %d (%s), created %d secs ago",
+        i, (int)conn->s, conn->type, conn_type_to_string(conn->type),
+        conn->state, conn_state_to_string(conn->type, conn->state),
+        (int)(now - conn->timestamp_created));
+    if (!connection_is_listener(conn)) {
+      tor_log(severity,LD_GENERAL,
+          "Conn %d is to %s:%d.", i,
+          safe_str_client(conn->address),
+          conn->port);
+      tor_log(severity,LD_GENERAL,
+          "Conn %d: %d bytes waiting on inbuf (len %d, last read %d secs ago)",
+          i,
+          (int)connection_get_inbuf_len(conn),
+          (int)buf_allocation(conn->inbuf),
+          (int)(now - conn->timestamp_last_read_allowed));
+      tor_log(severity,LD_GENERAL,
+          "Conn %d: %d bytes waiting on outbuf "
+          "(len %d, last written %d secs ago)",i,
+          (int)connection_get_outbuf_len(conn),
+          (int)buf_allocation(conn->outbuf),
+          (int)(now - conn->timestamp_last_write_allowed));
+      if (conn->type == CONN_TYPE_OR) {
+        or_connection_t *or_conn = TO_OR_CONN(conn);
+        if (or_conn->tls) {
+          if (tor_tls_get_buffer_sizes(or_conn->tls, &rbuf_cap, &rbuf_len,
+                                       &wbuf_cap, &wbuf_len) == 0) {
+            tor_log(severity, LD_GENERAL,
+                "Conn %d: %d/%d bytes used on OpenSSL read buffer; "
+                "%d/%d bytes used on write buffer.",
+                i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
+          }
+        }
+      }
+    }
+    circuit_dump_by_conn(conn, severity); /* dump info about all the circuits
+                                           * using this conn */
+  } SMARTLIST_FOREACH_END(conn);
+
+  channel_dumpstats(severity);
+  channel_listener_dumpstats(severity);
+
+  tor_log(severity, LD_NET,
+      "Cells processed: %"PRIu64" padding\n"
+      "                 %"PRIu64" create\n"
+      "                 %"PRIu64" created\n"
+      "                 %"PRIu64" relay\n"
+      "                        (%"PRIu64" relayed)\n"
+      "                        (%"PRIu64" delivered)\n"
+      "                 %"PRIu64" destroy",
+      (stats_n_padding_cells_processed),
+      (stats_n_create_cells_processed),
+      (stats_n_created_cells_processed),
+      (stats_n_relay_cells_processed),
+      (stats_n_relay_cells_relayed),
+      (stats_n_relay_cells_delivered),
+      (stats_n_destroy_cells_processed));
+  if (stats_n_data_cells_packaged)
+    tor_log(severity,LD_NET,"Average packaged cell fullness: %2.3f%%",
+        100*(((double)stats_n_data_bytes_packaged) /
+             ((double)stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE)) );
+  if (stats_n_data_cells_received)
+    tor_log(severity,LD_NET,"Average delivered cell fullness: %2.3f%%",
+        100*(((double)stats_n_data_bytes_received) /
+             ((double)stats_n_data_cells_received*RELAY_PAYLOAD_SIZE)) );
+
+  cpuworker_log_onionskin_overhead(severity, ONION_HANDSHAKE_TYPE_TAP, "TAP");
+  cpuworker_log_onionskin_overhead(severity, ONION_HANDSHAKE_TYPE_NTOR,"ntor");
+
+  if (now - time_of_process_start >= 0)
+    elapsed = now - time_of_process_start;
+  else
+    elapsed = 0;
+
+  if (elapsed) {
+    tor_log(severity, LD_NET,
+        "Average bandwidth: %"PRIu64"/%d = %d bytes/sec reading",
+        (get_bytes_read()),
+        (int)elapsed,
+        (int) (get_bytes_read()/elapsed));
+    tor_log(severity, LD_NET,
+        "Average bandwidth: %"PRIu64"/%d = %d bytes/sec writing",
+        (get_bytes_written()),
+        (int)elapsed,
+        (int) (get_bytes_written()/elapsed));
+  }
+
+  tor_log(severity, LD_NET, "--------------- Dumping memory information:");
+  dumpmemusage(severity);
+
+  rep_hist_dump_stats(now,severity);
+  rend_service_dump_stats(severity);
+  dump_distinct_digest_count(severity);
+}
+
+/** Called by exit() as we shut down the process.
+ */
+static void
+exit_function(void)
+{
+  /* NOTE: If we ever daemonize, this gets called immediately.  That's
+   * okay for now, because we only use this on Windows.  */
+#ifdef _WIN32
+  WSACleanup();
+#endif
+}
+
+#ifdef _WIN32
+#define UNIX_ONLY 0
+#else
+#define UNIX_ONLY 1
+#endif
+
+static struct {
+  /** A numeric code for this signal. Must match the signal value if
+   * try_to_register is true. */
+  int signal_value;
+  /** True if we should try to register this signal with libevent and catch
+   * corresponding posix signals. False otherwise. */
+  int try_to_register;
+  /** Pointer to hold the event object constructed for this signal. */
+  struct event *signal_event;
+} signal_handlers[] = {
+#ifdef SIGINT
+  { SIGINT, UNIX_ONLY, NULL }, /* do a controlled slow shutdown */
+#endif
+#ifdef SIGTERM
+  { SIGTERM, UNIX_ONLY, NULL }, /* to terminate now */
+#endif
+#ifdef SIGPIPE
+  { SIGPIPE, UNIX_ONLY, NULL }, /* otherwise SIGPIPE kills us */
+#endif
+#ifdef SIGUSR1
+  { SIGUSR1, UNIX_ONLY, NULL }, /* dump stats */
+#endif
+#ifdef SIGUSR2
+  { SIGUSR2, UNIX_ONLY, NULL }, /* go to loglevel debug */
+#endif
+#ifdef SIGHUP
+  { SIGHUP, UNIX_ONLY, NULL }, /* to reload config, retry conns, etc */
+#endif
+#ifdef SIGXFSZ
+  { SIGXFSZ, UNIX_ONLY, NULL }, /* handle file-too-big resource exhaustion */
+#endif
+#ifdef SIGCHLD
+  { SIGCHLD, UNIX_ONLY, NULL }, /* handle dns/cpu workers that exit */
+#endif
+  /* These are controller-only */
+  { SIGNEWNYM, 0, NULL },
+  { SIGCLEARDNSCACHE, 0, NULL },
+  { SIGHEARTBEAT, 0, NULL },
+  { -1, -1, NULL }
+};
+
+/** Set up the signal handler events for this process, and register them
+ * with libevent if appropriate. */
+void
+handle_signals(void)
+{
+  int i;
+  const int enabled = !get_options()->DisableSignalHandlers;
+
+  for (i = 0; signal_handlers[i].signal_value >= 0; ++i) {
+    /* Signal handlers are only registered with libevent if they need to catch
+     * real POSIX signals.  We construct these signal handler events in either
+     * case, though, so that controllers can activate them with the SIGNAL
+     * command.
+     */
+    if (enabled && signal_handlers[i].try_to_register) {
+      signal_handlers[i].signal_event =
+        tor_evsignal_new(tor_libevent_get_base(),
+                         signal_handlers[i].signal_value,
+                         signal_callback,
+                         &signal_handlers[i].signal_value);
+      if (event_add(signal_handlers[i].signal_event, NULL))
+        log_warn(LD_BUG, "Error from libevent when adding "
+                 "event for signal %d",
+                 signal_handlers[i].signal_value);
+    } else {
+      signal_handlers[i].signal_event =
+        tor_event_new(tor_libevent_get_base(), -1,
+                      EV_SIGNAL, signal_callback,
+                      &signal_handlers[i].signal_value);
+    }
+  }
+}
+
+/* Cause the signal handler for signal_num to be called in the event loop. */
+void
+activate_signal(int signal_num)
+{
+  int i;
+  for (i = 0; signal_handlers[i].signal_value >= 0; ++i) {
+    if (signal_handlers[i].signal_value == signal_num) {
+      event_active(signal_handlers[i].signal_event, EV_SIGNAL, 1);
+      return;
+    }
+  }
+}
+
+/** Main entry point for the Tor command-line client.  Return 0 on "success",
+ * negative on "failure", and positive on "success and exit".
+ */
+int
+tor_init(int argc, char *argv[])
+{
+  char progname[256];
+  int quiet = 0;
+
+  time_of_process_start = time(NULL);
+  tor_init_connection_lists();
+  /* Have the log set up with our application name. */
+  tor_snprintf(progname, sizeof(progname), "Tor %s", get_version());
+  log_set_application_name(progname);
+
+  /* Set up the crypto nice and early */
+  if (crypto_early_init() < 0) {
+    log_err(LD_GENERAL, "Unable to initialize the crypto subsystem!");
+    return -1;
+  }
+
+  /* Initialize the history structures. */
+  rep_hist_init();
+  /* Initialize the service cache. */
+  rend_cache_init();
+  addressmap_init(); /* Init the client dns cache. Do it always, since it's
+                      * cheap. */
+  /* Initialize the HS subsystem. */
+  hs_init();
+
+  {
+  /* We search for the "quiet" option first, since it decides whether we
+   * will log anything at all to the command line. */
+    config_line_t *opts = NULL, *cmdline_opts = NULL;
+    const config_line_t *cl;
+    (void) config_parse_commandline(argc, argv, 1, &opts, &cmdline_opts);
+    for (cl = cmdline_opts; cl; cl = cl->next) {
+      if (!strcmp(cl->key, "--hush"))
+        quiet = 1;
+      if (!strcmp(cl->key, "--quiet") ||
+          !strcmp(cl->key, "--dump-config"))
+        quiet = 2;
+      /* The following options imply --hush */
+      if (!strcmp(cl->key, "--version") || !strcmp(cl->key, "--digests") ||
+          !strcmp(cl->key, "--list-torrc-options") ||
+          !strcmp(cl->key, "--library-versions") ||
+          !strcmp(cl->key, "--hash-password") ||
+          !strcmp(cl->key, "-h") || !strcmp(cl->key, "--help")) {
+        if (quiet < 1)
+          quiet = 1;
+      }
+    }
+    config_free_lines(opts);
+    config_free_lines(cmdline_opts);
+  }
+
+ /* give it somewhere to log to initially */
+  switch (quiet) {
+    case 2:
+      /* no initial logging */
+      break;
+    case 1:
+      add_temp_log(LOG_WARN);
+      break;
+    default:
+      add_temp_log(LOG_NOTICE);
+  }
+  quiet_level = quiet;
+
+  {
+    const char *version = get_version();
+
+    log_notice(LD_GENERAL, "Tor %s running on %s with Libevent %s, "
+               "%s %s, Zlib %s, Liblzma %s, and Libzstd %s.", version,
+               get_uname(),
+               tor_libevent_get_version_str(),
+               crypto_get_library_name(),
+               crypto_get_library_version_string(),
+               tor_compress_supports_method(ZLIB_METHOD) ?
+                 tor_compress_version_str(ZLIB_METHOD) : "N/A",
+               tor_compress_supports_method(LZMA_METHOD) ?
+                 tor_compress_version_str(LZMA_METHOD) : "N/A",
+               tor_compress_supports_method(ZSTD_METHOD) ?
+                 tor_compress_version_str(ZSTD_METHOD) : "N/A");
+
+    log_notice(LD_GENERAL, "Tor can't help you if you use it wrong! "
+               "Learn how to be safe at "
+               "https://www.torproject.org/download/download#warning");
+
+    if (strstr(version, "alpha") || strstr(version, "beta"))
+      log_notice(LD_GENERAL, "This version is not a stable Tor release. "
+                 "Expect more bugs than usual.");
+
+    tor_compress_log_init_warnings();
+  }
+
+#ifdef HAVE_RUST
+  rust_log_welcome_string();
+#endif /* defined(HAVE_RUST) */
+
+  if (network_init()<0) {
+    log_err(LD_BUG,"Error initializing network; exiting.");
+    return -1;
+  }
+  atexit(exit_function);
+
+  int init_rv = options_init_from_torrc(argc,argv);
+  if (init_rv < 0) {
+    log_err(LD_CONFIG,"Reading config failed--see warnings above.");
+    return -1;
+  } else if (init_rv > 0) {
+    // We succeeded, and should exit anyway -- probably the user just said
+    // "--version" or something like that.
+    return 1;
+  }
+
+  /* The options are now initialised */
+  const or_options_t *options = get_options();
+
+  /* Initialize channelpadding parameters to defaults until we get
+   * a consensus */
+  channelpadding_new_consensus_params(NULL);
+
+  /* Initialize predicted ports list after loading options */
+  predicted_ports_init();
+
+#ifndef _WIN32
+  if (geteuid()==0)
+    log_warn(LD_GENERAL,"You are running Tor as root. You don't need to, "
+             "and you probably shouldn't.");
+#endif
+
+  if (crypto_global_init(options->HardwareAccel,
+                         options->AccelName,
+                         options->AccelDir)) {
+    log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
+    return -1;
+  }
+  stream_choice_seed_weak_rng();
+  if (tor_init_libevent_rng() < 0) {
+    log_warn(LD_NET, "Problem initializing libevent RNG.");
+  }
+
+  /* Scan/clean unparseable descriptors; after reading config */
+  routerparse_init();
+
+  return 0;
+}
+
+/** A lockfile structure, used to prevent two Tors from messing with the
+ * data directory at once.  If this variable is non-NULL, we're holding
+ * the lockfile. */
+static tor_lockfile_t *lockfile = NULL;
+
+/** Try to grab the lock file described in <b>options</b>, if we do not
+ * already have it.  If <b>err_if_locked</b> is true, warn if somebody else is
+ * holding the lock, and exit if we can't get it after waiting.  Otherwise,
+ * return -1 if we can't get the lockfile.  Return 0 on success.
+ */
+int
+try_locking(const or_options_t *options, int err_if_locked)
+{
+  if (lockfile)
+    return 0;
+  else {
+    char *fname = options_get_datadir_fname(options, "lock");
+    int already_locked = 0;
+    tor_lockfile_t *lf = tor_lockfile_lock(fname, 0, &already_locked);
+    tor_free(fname);
+    if (!lf) {
+      if (err_if_locked && already_locked) {
+        int r;
+        log_warn(LD_GENERAL, "It looks like another Tor process is running "
+                 "with the same data directory.  Waiting 5 seconds to see "
+                 "if it goes away.");
+#ifndef _WIN32
+        sleep(5);
+#else
+        Sleep(5000);
+#endif
+        r = try_locking(options, 0);
+        if (r<0) {
+          log_err(LD_GENERAL, "No, it's still there.  Exiting.");
+          return -1;
+        }
+        return r;
+      }
+      return -1;
+    }
+    lockfile = lf;
+    return 0;
+  }
+}
+
+/** Return true iff we've successfully acquired the lock file. */
+int
+have_lockfile(void)
+{
+  return lockfile != NULL;
+}
+
+/** If we have successfully acquired the lock file, release it. */
+void
+release_lockfile(void)
+{
+  if (lockfile) {
+    tor_lockfile_unlock(lockfile);
+    lockfile = NULL;
+  }
+}
+
+/** Free all memory that we might have allocated somewhere.
+ * If <b>postfork</b>, we are a worker process and we want to free
+ * only the parts of memory that we won't touch. If !<b>postfork</b>,
+ * Tor is shutting down and we should free everything.
+ *
+ * Helps us find the real leaks with sanitizers and the like. Also valgrind
+ * should then report 0 reachable in its leak report (in an ideal world --
+ * in practice libevent, SSL, libc etc never quite free everything). */
+void
+tor_free_all(int postfork)
+{
+  if (!postfork) {
+    evdns_shutdown(1);
+  }
+  geoip_free_all();
+  dirvote_free_all();
+  routerlist_free_all();
+  networkstatus_free_all();
+  addressmap_free_all();
+  dirserv_free_fingerprint_list();
+  dirserv_free_all();
+  dirserv_clear_measured_bw_cache();
+  rend_cache_free_all();
+  rend_service_authorization_free_all();
+  rep_hist_free_all();
+  dns_free_all();
+  clear_pending_onions();
+  circuit_free_all();
+  entry_guards_free_all();
+  pt_free_all();
+  channel_tls_free_all();
+  channel_free_all();
+  connection_free_all();
+  connection_edge_free_all();
+  scheduler_free_all();
+  nodelist_free_all();
+  microdesc_free_all();
+  routerparse_free_all();
+  ext_orport_free_all();
+  control_free_all();
+  tor_free_getaddrinfo_cache();
+  protover_free_all();
+  bridges_free_all();
+  consdiffmgr_free_all();
+  hs_free_all();
+  dos_free_all();
+  circuitmux_ewma_free_all();
+  accounting_free_all();
+
+  if (!postfork) {
+    config_free_all();
+    or_state_free_all();
+    router_free_all();
+    routerkeys_free_all();
+    policies_free_all();
+  }
+  if (!postfork) {
+    tor_tls_free_all();
+#ifndef _WIN32
+    tor_getpwnam(NULL);
+#endif
+  }
+  /* stuff in main.c */
+
+  tor_mainloop_free_all();
+
+#ifdef HAVE_SYSTEMD_209
+  periodic_timer_free(systemd_watchdog_timer);
+#endif
+
+  if (!postfork) {
+    release_lockfile();
+  }
+  tor_libevent_free_all();
+  /* Stuff in util.c and address.c*/
+  if (!postfork) {
+    escaped(NULL);
+    esc_router_info(NULL);
+    clean_up_backtrace_handler();
+    logs_free_all(); /* free log strings. do this last so logs keep working. */
+  }
+}
+
+/**
+ * Remove the specified file, and log a warning if the operation fails for
+ * any reason other than the file not existing. Ignores NULL filenames.
+ */
+void
+tor_remove_file(const char *filename)
+{
+  if (filename && tor_unlink(filename) != 0 && errno != ENOENT) {
+    log_warn(LD_FS, "Couldn't unlink %s: %s",
+               filename, strerror(errno));
+  }
+}
+
+/** Do whatever cleanup is necessary before shutting Tor down. */
+void
+tor_cleanup(void)
+{
+  const or_options_t *options = get_options();
+  if (options->command == CMD_RUN_TOR) {
+    time_t now = time(NULL);
+    /* Remove our pid file. We don't care if there was an error when we
+     * unlink, nothing we could do about it anyways. */
+    tor_remove_file(options->PidFile);
+    /* Remove control port file */
+    tor_remove_file(options->ControlPortWriteToFile);
+    /* Remove cookie authentication file */
+    {
+      char *cookie_fname = get_controller_cookie_file_name();
+      tor_remove_file(cookie_fname);
+      tor_free(cookie_fname);
+    }
+    /* Remove Extended ORPort cookie authentication file */
+    {
+      char *cookie_fname = get_ext_or_auth_cookie_file_name();
+      tor_remove_file(cookie_fname);
+      tor_free(cookie_fname);
+    }
+    if (accounting_is_enabled(options))
+      accounting_record_bandwidth_usage(now, get_or_state());
+    or_state_mark_dirty(get_or_state(), 0); /* force an immediate save. */
+    or_state_save(now);
+    if (authdir_mode(options)) {
+      sr_save_and_cleanup();
+    }
+    if (authdir_mode_tests_reachability(options))
+      rep_hist_record_mtbf_data(now, 0);
+    keypin_close_journal();
+  }
+
+  timers_shutdown();
+
+  tor_free_all(0); /* We could move tor_free_all back into the ifdef below
+                      later, if it makes shutdown unacceptably slow.  But for
+                      now, leave it here: it's helped us catch bugs in the
+                      past. */
+  crypto_global_cleanup();
+}
+
+/** Read/create keys as needed, and echo our fingerprint to stdout. */
+static int
+do_list_fingerprint(void)
+{
+  char buf[FINGERPRINT_LEN+1];
+  crypto_pk_t *k;
+  const char *nickname = get_options()->Nickname;
+  sandbox_disable_getaddrinfo_cache();
+  if (!server_mode(get_options())) {
+    log_err(LD_GENERAL,
+            "Clients don't have long-term identity keys. Exiting.");
+    return -1;
+  }
+  tor_assert(nickname);
+  if (init_keys() < 0) {
+    log_err(LD_GENERAL,"Error initializing keys; exiting.");
+    return -1;
+  }
+  if (!(k = get_server_identity_key())) {
+    log_err(LD_GENERAL,"Error: missing identity key.");
+    return -1;
+  }
+  if (crypto_pk_get_fingerprint(k, buf, 1)<0) {
+    log_err(LD_BUG, "Error computing fingerprint");
+    return -1;
+  }
+  printf("%s %s\n", nickname, buf);
+  return 0;
+}
+
+/** Entry point for password hashing: take the desired password from
+ * the command line, and print its salted hash to stdout. **/
+static void
+do_hash_password(void)
+{
+
+  char output[256];
+  char key[S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN];
+
+  crypto_rand(key, S2K_RFC2440_SPECIFIER_LEN-1);
+  key[S2K_RFC2440_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */
+  secret_to_key_rfc2440(key+S2K_RFC2440_SPECIFIER_LEN, DIGEST_LEN,
+                get_options()->command_arg, strlen(get_options()->command_arg),
+                key);
+  base16_encode(output, sizeof(output), key, sizeof(key));
+  printf("16:%s\n",output);
+}
+
+/** Entry point for configuration dumping: write the configuration to
+ * stdout. */
+static int
+do_dump_config(void)
+{
+  const or_options_t *options = get_options();
+  const char *arg = options->command_arg;
+  int how;
+  char *opts;
+
+  if (!strcmp(arg, "short")) {
+    how = OPTIONS_DUMP_MINIMAL;
+  } else if (!strcmp(arg, "non-builtin")) {
+    how = OPTIONS_DUMP_DEFAULTS;
+  } else if (!strcmp(arg, "full")) {
+    how = OPTIONS_DUMP_ALL;
+  } else {
+    fprintf(stderr, "No valid argument to --dump-config found!\n");
+    fprintf(stderr, "Please select 'short', 'non-builtin', or 'full'.\n");
+
+    return -1;
+  }
+
+  opts = options_dump(options, how);
+  printf("%s", opts);
+  tor_free(opts);
+
+  return 0;
+}
+
+static void
+init_addrinfo(void)
+{
+  if (! server_mode(get_options()) ||
+      (get_options()->Address && strlen(get_options()->Address) > 0)) {
+    /* We don't need to seed our own hostname, because we won't be calling
+     * resolve_my_address on it.
+     */
+    return;
+  }
+  char hname[256];
+
+  // host name to sandbox
+  gethostname(hname, sizeof(hname));
+  tor_add_addrinfo(hname);
+}
+
+static sandbox_cfg_t*
+sandbox_init_filter(void)
+{
+  const or_options_t *options = get_options();
+  sandbox_cfg_t *cfg = sandbox_cfg_new();
+  int i;
+
+  sandbox_cfg_allow_openat_filename(&cfg,
+      get_cachedir_fname("cached-status"));
+
+#define OPEN(name)                              \
+  sandbox_cfg_allow_open_filename(&cfg, tor_strdup(name))
+
+#define OPEN_DATADIR(name)                      \
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname(name))
+
+#define OPEN_DATADIR2(name, name2)                       \
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname2((name), (name2)))
+
+#define OPEN_DATADIR_SUFFIX(name, suffix) do {  \
+    OPEN_DATADIR(name);                         \
+    OPEN_DATADIR(name suffix);                  \
+  } while (0)
+
+#define OPEN_DATADIR2_SUFFIX(name, name2, suffix) do {  \
+    OPEN_DATADIR2(name, name2);                         \
+    OPEN_DATADIR2(name, name2 suffix);                  \
+  } while (0)
+
+#define OPEN_KEY_DIRECTORY() \
+  sandbox_cfg_allow_open_filename(&cfg, tor_strdup(options->KeyDirectory))
+#define OPEN_CACHEDIR(name)                      \
+  sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
+#define OPEN_CACHEDIR_SUFFIX(name, suffix) do {  \
+    OPEN_CACHEDIR(name);                         \
+    OPEN_CACHEDIR(name suffix);                  \
+  } while (0)
+#define OPEN_KEYDIR(name)                      \
+  sandbox_cfg_allow_open_filename(&cfg, get_keydir_fname(name))
+#define OPEN_KEYDIR_SUFFIX(name, suffix) do {    \
+    OPEN_KEYDIR(name);                           \
+    OPEN_KEYDIR(name suffix);                    \
+  } while (0)
+
+  OPEN(options->DataDirectory);
+  OPEN_KEY_DIRECTORY();
+
+  OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-consensus", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("unverified-consensus", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("unverified-microdesc-consensus", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-microdesc-consensus", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-microdescs", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-microdescs.new", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-descriptors", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-descriptors.new", ".tmp");
+  OPEN_CACHEDIR("cached-descriptors.tmp.tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-extrainfo", ".tmp");
+  OPEN_CACHEDIR_SUFFIX("cached-extrainfo.new", ".tmp");
+  OPEN_CACHEDIR("cached-extrainfo.tmp.tmp");
+
+  OPEN_DATADIR_SUFFIX("state", ".tmp");
+  OPEN_DATADIR_SUFFIX("sr-state", ".tmp");
+  OPEN_DATADIR_SUFFIX("unparseable-desc", ".tmp");
+  OPEN_DATADIR_SUFFIX("v3-status-votes", ".tmp");
+  OPEN_DATADIR("key-pinning-journal");
+  OPEN("/dev/srandom");
+  OPEN("/dev/urandom");
+  OPEN("/dev/random");
+  OPEN("/etc/hosts");
+  OPEN("/proc/meminfo");
+
+  if (options->BridgeAuthoritativeDir)
+    OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");
+
+  if (authdir_mode(options))
+    OPEN_DATADIR("approved-routers");
+
+  if (options->ServerDNSResolvConfFile)
+    sandbox_cfg_allow_open_filename(&cfg,
+                                tor_strdup(options->ServerDNSResolvConfFile));
+  else
+    sandbox_cfg_allow_open_filename(&cfg, tor_strdup("/etc/resolv.conf"));
+
+  for (i = 0; i < 2; ++i) {
+    if (get_torrc_fname(i)) {
+      sandbox_cfg_allow_open_filename(&cfg, tor_strdup(get_torrc_fname(i)));
+    }
+  }
+
+  SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, {
+    OPEN(f);
+  });
+
+#define RENAME_SUFFIX(name, suffix)        \
+  sandbox_cfg_allow_rename(&cfg,           \
+      get_datadir_fname(name suffix),      \
+      get_datadir_fname(name))
+
+#define RENAME_SUFFIX2(prefix, name, suffix) \
+  sandbox_cfg_allow_rename(&cfg,                                        \
+                           get_datadir_fname2(prefix, name suffix),     \
+                           get_datadir_fname2(prefix, name))
+
+#define RENAME_CACHEDIR_SUFFIX(name, suffix)        \
+  sandbox_cfg_allow_rename(&cfg,           \
+      get_cachedir_fname(name suffix),      \
+      get_cachedir_fname(name))
+
+#define RENAME_KEYDIR_SUFFIX(name, suffix)    \
+  sandbox_cfg_allow_rename(&cfg,           \
+      get_keydir_fname(name suffix),      \
+      get_keydir_fname(name))
+
+  RENAME_CACHEDIR_SUFFIX("cached-certs", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-consensus", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("unverified-consensus", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("unverified-microdesc-consensus", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-microdesc-consensus", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-microdescs", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-microdescs", ".new");
+  RENAME_CACHEDIR_SUFFIX("cached-microdescs.new", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-descriptors", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-descriptors", ".new");
+  RENAME_CACHEDIR_SUFFIX("cached-descriptors.new", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-extrainfo", ".tmp");
+  RENAME_CACHEDIR_SUFFIX("cached-extrainfo", ".new");
+  RENAME_CACHEDIR_SUFFIX("cached-extrainfo.new", ".tmp");
+
+  RENAME_SUFFIX("state", ".tmp");
+  RENAME_SUFFIX("sr-state", ".tmp");
+  RENAME_SUFFIX("unparseable-desc", ".tmp");
+  RENAME_SUFFIX("v3-status-votes", ".tmp");
+
+  if (options->BridgeAuthoritativeDir)
+    RENAME_SUFFIX("networkstatus-bridges", ".tmp");
+
+#define STAT_DATADIR(name)                      \
+  sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name))
+
+#define STAT_CACHEDIR(name)                                             \
+  sandbox_cfg_allow_stat_filename(&cfg, get_cachedir_fname(name))
+
+#define STAT_DATADIR2(name, name2)                                      \
+  sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname2((name), (name2)))
+
+#define STAT_KEY_DIRECTORY() \
+  sandbox_cfg_allow_stat_filename(&cfg, tor_strdup(options->KeyDirectory))
+
+  STAT_DATADIR(NULL);
+  STAT_DATADIR("lock");
+  STAT_DATADIR("state");
+  STAT_DATADIR("router-stability");
+
+  STAT_CACHEDIR("cached-extrainfo.new");
+
+  {
+    smartlist_t *files = smartlist_new();
+    tor_log_get_logfile_names(files);
+    SMARTLIST_FOREACH(files, char *, file_name, {
+      /* steals reference */
+      sandbox_cfg_allow_open_filename(&cfg, file_name);
+    });
+    smartlist_free(files);
+  }
+
+  {
+    smartlist_t *files = smartlist_new();
+    smartlist_t *dirs = smartlist_new();
+    hs_service_lists_fnames_for_sandbox(files, dirs);
+    SMARTLIST_FOREACH(files, char *, file_name, {
+      char *tmp_name = NULL;
+      tor_asprintf(&tmp_name, "%s.tmp", file_name);
+      sandbox_cfg_allow_rename(&cfg,
+                               tor_strdup(tmp_name), tor_strdup(file_name));
+      /* steals references */
+      sandbox_cfg_allow_open_filename(&cfg, file_name);
+      sandbox_cfg_allow_open_filename(&cfg, tmp_name);
+    });
+    SMARTLIST_FOREACH(dirs, char *, dir, {
+      /* steals reference */
+      sandbox_cfg_allow_stat_filename(&cfg, dir);
+    });
+    smartlist_free(files);
+    smartlist_free(dirs);
+  }
+
+  {
+    char *fname;
+    if ((fname = get_controller_cookie_file_name())) {
+      sandbox_cfg_allow_open_filename(&cfg, fname);
+    }
+    if ((fname = get_ext_or_auth_cookie_file_name())) {
+      sandbox_cfg_allow_open_filename(&cfg, fname);
+    }
+  }
+
+  SMARTLIST_FOREACH_BEGIN(get_configured_ports(), port_cfg_t *, port) {
+    if (!port->is_unix_addr)
+      continue;
+    /* When we open an AF_UNIX address, we want permission to open the
+     * directory that holds it. */
+    char *dirname = tor_strdup(port->unix_addr);
+    if (get_parent_directory(dirname) == 0) {
+      OPEN(dirname);
+    }
+    tor_free(dirname);
+    sandbox_cfg_allow_chmod_filename(&cfg, tor_strdup(port->unix_addr));
+    sandbox_cfg_allow_chown_filename(&cfg, tor_strdup(port->unix_addr));
+  } SMARTLIST_FOREACH_END(port);
+
+  if (options->DirPortFrontPage) {
+    sandbox_cfg_allow_open_filename(&cfg,
+                                    tor_strdup(options->DirPortFrontPage));
+  }
+
+  // orport
+  if (server_mode(get_options())) {
+
+    OPEN_KEYDIR_SUFFIX("secret_id_key", ".tmp");
+    OPEN_KEYDIR_SUFFIX("secret_onion_key", ".tmp");
+    OPEN_KEYDIR_SUFFIX("secret_onion_key_ntor", ".tmp");
+    OPEN_KEYDIR("secret_id_key.old");
+    OPEN_KEYDIR("secret_onion_key.old");
+    OPEN_KEYDIR("secret_onion_key_ntor.old");
+
+    OPEN_KEYDIR_SUFFIX("ed25519_master_id_secret_key", ".tmp");
+    OPEN_KEYDIR_SUFFIX("ed25519_master_id_secret_key_encrypted", ".tmp");
+    OPEN_KEYDIR_SUFFIX("ed25519_master_id_public_key", ".tmp");
+    OPEN_KEYDIR_SUFFIX("ed25519_signing_secret_key", ".tmp");
+    OPEN_KEYDIR_SUFFIX("ed25519_signing_secret_key_encrypted", ".tmp");
+    OPEN_KEYDIR_SUFFIX("ed25519_signing_public_key", ".tmp");
+    OPEN_KEYDIR_SUFFIX("ed25519_signing_cert", ".tmp");
+
+    OPEN_DATADIR2_SUFFIX("stats", "bridge-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "dirreq-stats", ".tmp");
+
+    OPEN_DATADIR2_SUFFIX("stats", "entry-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "exit-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "buffer-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "conn-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "hidserv-stats", ".tmp");
+
+    OPEN_DATADIR("approved-routers");
+    OPEN_DATADIR_SUFFIX("fingerprint", ".tmp");
+    OPEN_DATADIR_SUFFIX("hashed-fingerprint", ".tmp");
+    OPEN_DATADIR_SUFFIX("router-stability", ".tmp");
+
+    OPEN("/etc/resolv.conf");
+
+    RENAME_SUFFIX("fingerprint", ".tmp");
+    RENAME_KEYDIR_SUFFIX("secret_onion_key_ntor", ".tmp");
+
+    RENAME_KEYDIR_SUFFIX("secret_id_key", ".tmp");
+    RENAME_KEYDIR_SUFFIX("secret_id_key.old", ".tmp");
+    RENAME_KEYDIR_SUFFIX("secret_onion_key", ".tmp");
+    RENAME_KEYDIR_SUFFIX("secret_onion_key.old", ".tmp");
+
+    RENAME_SUFFIX2("stats", "bridge-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "dirreq-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "entry-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "exit-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "buffer-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "conn-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "hidserv-stats", ".tmp");
+    RENAME_SUFFIX("hashed-fingerprint", ".tmp");
+    RENAME_SUFFIX("router-stability", ".tmp");
+
+    RENAME_KEYDIR_SUFFIX("ed25519_master_id_secret_key", ".tmp");
+    RENAME_KEYDIR_SUFFIX("ed25519_master_id_secret_key_encrypted", ".tmp");
+    RENAME_KEYDIR_SUFFIX("ed25519_master_id_public_key", ".tmp");
+    RENAME_KEYDIR_SUFFIX("ed25519_signing_secret_key", ".tmp");
+    RENAME_KEYDIR_SUFFIX("ed25519_signing_cert", ".tmp");
+
+    sandbox_cfg_allow_rename(&cfg,
+             get_keydir_fname("secret_onion_key"),
+             get_keydir_fname("secret_onion_key.old"));
+    sandbox_cfg_allow_rename(&cfg,
+             get_keydir_fname("secret_onion_key_ntor"),
+             get_keydir_fname("secret_onion_key_ntor.old"));
+
+    STAT_KEY_DIRECTORY();
+    OPEN_DATADIR("stats");
+    STAT_DATADIR("stats");
+    STAT_DATADIR2("stats", "dirreq-stats");
+
+    consdiffmgr_register_with_sandbox(&cfg);
+  }
+
+  init_addrinfo();
+
+  return cfg;
+}
+
+static int
+run_tor_main_loop(void)
+{
+  handle_signals();
+  monotime_init();
+  timers_initialize();
+
+  /* load the private keys, if we're supposed to have them, and set up the
+   * TLS context. */
+  if (! client_identity_key_is_set()) {
+    if (init_keys() < 0) {
+      log_err(LD_OR, "Error initializing keys; exiting");
+      return -1;
+    }
+  }
+
+  /* Set up our buckets */
+  connection_bucket_init();
+
+  /* initialize the bootstrap status events to know we're starting up */
+  control_event_bootstrap(BOOTSTRAP_STATUS_STARTING, 0);
+
+  /* Initialize the keypinning log. */
+  if (authdir_mode_v3(get_options())) {
+    char *fname = get_datadir_fname("key-pinning-journal");
+    int r = 0;
+    if (keypin_load_journal(fname)<0) {
+      log_err(LD_DIR, "Error loading key-pinning journal: %s",strerror(errno));
+      r = -1;
+    }
+    if (keypin_open_journal(fname)<0) {
+      log_err(LD_DIR, "Error opening key-pinning journal: %s",strerror(errno));
+      r = -1;
+    }
+    tor_free(fname);
+    if (r)
+      return r;
+  }
+  {
+    /* This is the old name for key-pinning-journal.  These got corrupted
+     * in a couple of cases by #16530, so we started over. See #16580 for
+     * the rationale and for other options we didn't take.  We can remove
+     * this code once all the authorities that ran 0.2.7.1-alpha-dev are
+     * upgraded.
+     */
+    char *fname = get_datadir_fname("key-pinning-entries");
+    unlink(fname);
+    tor_free(fname);
+  }
+
+  if (trusted_dirs_reload_certs()) {
+    log_warn(LD_DIR,
+             "Couldn't load all cached v3 certificates. Starting anyway.");
+  }
+  if (router_reload_consensus_networkstatus()) {
+    return -1;
+  }
+  /* load the routers file, or assign the defaults. */
+  if (router_reload_router_list()) {
+    return -1;
+  }
+  /* load the networkstatuses. (This launches a download for new routers as
+   * appropriate.)
+   */
+  const time_t now = time(NULL);
+  directory_info_has_arrived(now, 1, 0);
+
+  if (server_mode(get_options()) || dir_server_mode(get_options())) {
+    /* launch cpuworkers. Need to do this *after* we've read the onion key. */
+    cpu_init();
+  }
+  consdiffmgr_enable_background_compression();
+
+  /* Setup shared random protocol subsystem. */
+  if (authdir_mode_v3(get_options())) {
+    if (sr_init(1) < 0) {
+      return -1;
+    }
+  }
+
+  /* initialize dns resolve map, spawn workers if needed */
+  if (dns_init() < 0) {
+    if (get_options()->ServerDNSAllowBrokenConfig)
+      log_warn(LD_GENERAL, "Couldn't set up any working nameservers. "
+               "Network not up yet?  Will try again soon.");
+    else {
+      log_err(LD_GENERAL,"Error initializing dns subsystem; exiting.  To "
+              "retry instead, set the ServerDNSAllowBrokenResolvConf option.");
+    }
+  }
+
+#ifdef HAVE_SYSTEMD
+  {
+    const int r = sd_notify(0, "READY=1");
+    if (r < 0) {
+      log_warn(LD_GENERAL, "Unable to send readiness to systemd: %s",
+               strerror(r));
+    } else if (r > 0) {
+      log_notice(LD_GENERAL, "Signaled readiness to systemd");
+    } else {
+      log_info(LD_GENERAL, "Systemd NOTIFY_SOCKET not present.");
+    }
+  }
+#endif /* defined(HAVE_SYSTEMD) */
+
+  return do_main_loop();
+}
+
+/* Main entry point for the Tor process.  Called from tor_main(), and by
+ * anybody embedding Tor. */
+int
+tor_run_main(const tor_main_configuration_t *tor_cfg)
+{
+  int result = 0;
+
+#ifdef _WIN32
+#ifndef HeapEnableTerminationOnCorruption
+#define HeapEnableTerminationOnCorruption 1
+#endif
+  /* On heap corruption, just give up; don't try to play along. */
+  HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
+
+  /* SetProcessDEPPolicy is only supported on 32-bit Windows.
+   * (On 64-bit Windows it always fails, and some compilers don't like the
+   * PSETDEP cast.)
+   * 32-bit Windows defines _WIN32.
+   * 64-bit Windows defines _WIN32 and _WIN64. */
+#ifndef _WIN64
+  /* Call SetProcessDEPPolicy to permanently enable DEP.
+     The function will not resolve on earlier versions of Windows,
+     and failure is not dangerous. */
+  HMODULE hMod = GetModuleHandleA("Kernel32.dll");
+  if (hMod) {
+    typedef BOOL (WINAPI *PSETDEP)(DWORD);
+    PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
+                           "SetProcessDEPPolicy");
+    if (setdeppolicy) {
+      /* PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */
+      setdeppolicy(3);
+    }
+  }
+#endif /* !defined(_WIN64) */
+#endif /* defined(_WIN32) */
+
+  {
+    int bt_err = configure_backtrace_handler(get_version());
+    if (bt_err < 0) {
+      log_warn(LD_BUG, "Unable to install backtrace handler: %s",
+               strerror(-bt_err));
+    }
+  }
+
+#ifdef EVENT_SET_MEM_FUNCTIONS_IMPLEMENTED
+  event_set_mem_functions(tor_malloc_, tor_realloc_, tor_free_);
+#endif
+
+  init_protocol_warning_severity_level();
+
+  update_approx_time(time(NULL));
+  tor_threads_init();
+  tor_compress_init();
+  init_logging(0);
+  monotime_init();
+
+  int argc = tor_cfg->argc + tor_cfg->argc_owned;
+  char **argv = tor_calloc(argc, sizeof(char*));
+  memcpy(argv, tor_cfg->argv, tor_cfg->argc*sizeof(char*));
+  if (tor_cfg->argc_owned)
+    memcpy(argv + tor_cfg->argc, tor_cfg->argv_owned,
+           tor_cfg->argc_owned*sizeof(char*));
+
+#ifdef NT_SERVICE
+  {
+     int done = 0;
+     result = nt_service_parse_options(argc, argv, &done);
+     if (done) {
+       goto done;
+     }
+  }
+#endif /* defined(NT_SERVICE) */
+  {
+    int init_rv = tor_init(argc, argv);
+    if (init_rv) {
+      tor_free_all(0);
+      result = (init_rv < 0) ? -1 : 0;
+      goto done;
+    }
+  }
+
+  if (get_options()->Sandbox && get_options()->command == CMD_RUN_TOR) {
+    sandbox_cfg_t* cfg = sandbox_init_filter();
+
+    if (sandbox_init(cfg)) {
+      tor_free(argv);
+      log_err(LD_BUG,"Failed to create syscall sandbox filter");
+      tor_free_all(0);
+      return -1;
+    }
+
+    // registering libevent rng
+#ifdef HAVE_EVUTIL_SECURE_RNG_SET_URANDOM_DEVICE_FILE
+    evutil_secure_rng_set_urandom_device_file(
+        (char*) sandbox_intern_string("/dev/urandom"));
+#endif
+  }
+
+  switch (get_options()->command) {
+  case CMD_RUN_TOR:
+#ifdef NT_SERVICE
+    nt_service_set_state(SERVICE_RUNNING);
+#endif
+    result = run_tor_main_loop();
+    break;
+  case CMD_KEYGEN:
+    result = load_ed_keys(get_options(), time(NULL)) < 0;
+    break;
+  case CMD_KEY_EXPIRATION:
+    init_keys();
+    result = log_cert_expiration();
+    break;
+  case CMD_LIST_FINGERPRINT:
+    result = do_list_fingerprint();
+    break;
+  case CMD_HASH_PASSWORD:
+    do_hash_password();
+    result = 0;
+    break;
+  case CMD_VERIFY_CONFIG:
+    if (quiet_level == 0)
+      printf("Configuration was valid\n");
+    result = 0;
+    break;
+  case CMD_DUMP_CONFIG:
+    result = do_dump_config();
+    break;
+  case CMD_RUN_UNITTESTS: /* only set by test.c */
+  default:
+    log_warn(LD_BUG,"Illegal command number %d: internal error.",
+             get_options()->command);
+    result = -1;
+  }
+  tor_cleanup();
+ done:
+  tor_free(argv);
+  return result;
+}

src/app/main/main.h

@@ -0,0 +1,29 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file main.h
+ * \brief Header file for main.c.
+ **/
+
+#ifndef TOR_MAIN_H
+#define TOR_MAIN_H
+
+void handle_signals(void);
+void activate_signal(int signal_num);
+
+int try_locking(const or_options_t *options, int err_if_locked);
+int have_lockfile(void);
+void release_lockfile(void);
+
+void tor_remove_file(const char *filename);
+
+void tor_cleanup(void);
+void tor_free_all(int postfork);
+
+int tor_init(int argc, char **argv);
+
+#endif /* !defined(TOR_MAIN_H) */

src/app/main/ntmain.c

@@ -21,7 +21,7 @@
 
 #include "core/or/or.h"
 #include "app/config/config.h"
-#include "core/mainloop/main.h"
+#include "app/main/main.h"
 #include "app/main/ntmain.h"
 #include "lib/log/win32err.h"
 #include "lib/fs/winlib.h"

src/core/crypto/onion_crypto.c

@@ -0,0 +1,311 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file onion_crypto.c
+ * \brief Functions to handle different kinds of circuit extension crypto.
+ *
+ * In this module, we provide a set of abstractions to create a uniform
+ * interface over the three circuit extension handshakes that Tor has used
+ * over the years (TAP, CREATE_FAST, and ntor).  These handshakes are
+ * implemented in onion_tap.c, onion_fast.c, and onion_ntor.c respectively.
+ *
+ * All[*] of these handshakes follow a similar pattern: a client, knowing
+ * some key from the relay it wants to extend through, generates the
+ * first part of a handshake. A relay receives that handshake, and sends
+ * a reply.  Once the client handles the reply, it knows that it is
+ * talking to the right relay, and it shares some freshly negotiated key
+ * material with that relay.
+ *
+ * We sometimes call the client's part of the handshake an "onionskin".
+ * We do this because historically, Onion Routing used a multi-layer
+ * structure called an "onion" to construct circuits. Each layer of the
+ * onion contained key material chosen by the client, the identity of
+ * the next relay in the circuit, and a smaller onion, encrypted with
+ * the key of the next relay.  When we changed Tor to use a telescoping
+ * circuit extension design, it corresponded to sending each layer of the
+ * onion separately -- as a series of onionskins.
+ **/
+
+#include "core/or/or.h"
+#include "core/or/circuitbuild.h"
+#include "core/crypto/onion_crypto.h"
+#include "core/crypto/onion_fast.h"
+#include "core/crypto/onion_ntor.h"
+#include "core/crypto/onion_tap.h"
+#include "feature/relay/router.h"
+#include "lib/crypt_ops/crypto_dh.h"
+#include "lib/crypt_ops/crypto_util.h"
+
+#include "core/or/crypt_path_st.h"
+#include "core/or/extend_info_st.h"
+
+/** Return a new server_onion_keys_t object with all of the keys
+ * and other info we might need to do onion handshakes.  (We make a copy of
+ * our keys for each cpuworker to avoid race conditions with the main thread,
+ * and to avoid locking) */
+server_onion_keys_t *
+server_onion_keys_new(void)
+{
+  server_onion_keys_t *keys = tor_malloc_zero(sizeof(server_onion_keys_t));
+  memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
+  dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
+  keys->curve25519_key_map = construct_ntor_key_map();
+  keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
+  curve25519_keypair_generate(keys->junk_keypair, 0);
+  return keys;
+}
+/** Release all storage held in <b>keys</b>. */
+void
+server_onion_keys_free_(server_onion_keys_t *keys)
+{
+  if (! keys)
+    return;
+
+  crypto_pk_free(keys->onion_key);
+  crypto_pk_free(keys->last_onion_key);
+  ntor_key_map_free(keys->curve25519_key_map);
+  tor_free(keys->junk_keypair);
+  memwipe(keys, 0, sizeof(server_onion_keys_t));
+  tor_free(keys);
+}
+
+/** Release whatever storage is held in <b>state</b>, depending on its
+ * type, and clear its pointer. */
+void
+onion_handshake_state_release(onion_handshake_state_t *state)
+{
+  switch (state->tag) {
+  case ONION_HANDSHAKE_TYPE_TAP:
+    crypto_dh_free(state->u.tap);
+    state->u.tap = NULL;
+    break;
+  case ONION_HANDSHAKE_TYPE_FAST:
+    fast_handshake_state_free(state->u.fast);
+    state->u.fast = NULL;
+    break;
+  case ONION_HANDSHAKE_TYPE_NTOR:
+    ntor_handshake_state_free(state->u.ntor);
+    state->u.ntor = NULL;
+    break;
+  default:
+    /* LCOV_EXCL_START
+     * This state should not even exist. */
+    log_warn(LD_BUG, "called with unknown handshake state type %d",
+             (int)state->tag);
+    tor_fragile_assert();
+    /* LCOV_EXCL_STOP */
+  }
+}
+
+/** Perform the first step of a circuit-creation handshake of type <b>type</b>
+ * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in
+ * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>.
+ * Return -1 on failure, and the length of the onionskin on acceptance.
+ */
+int
+onion_skin_create(int type,
+                  const extend_info_t *node,
+                  onion_handshake_state_t *state_out,
+                  uint8_t *onion_skin_out)
+{
+  int r = -1;
+
+  switch (type) {
+  case ONION_HANDSHAKE_TYPE_TAP:
+    if (!node->onion_key)
+      return -1;
+
+    if (onion_skin_TAP_create(node->onion_key,
+                              &state_out->u.tap,
+                              (char*)onion_skin_out) < 0)
+      return -1;
+
+    r = TAP_ONIONSKIN_CHALLENGE_LEN;
+    break;
+  case ONION_HANDSHAKE_TYPE_FAST:
+    if (fast_onionskin_create(&state_out->u.fast, onion_skin_out) < 0)
+      return -1;
+
+    r = CREATE_FAST_LEN;
+    break;
+  case ONION_HANDSHAKE_TYPE_NTOR:
+    if (!extend_info_supports_ntor(node))
+      return -1;
+    if (onion_skin_ntor_create((const uint8_t*)node->identity_digest,
+                               &node->curve25519_onion_key,
+                               &state_out->u.ntor,
+                               onion_skin_out) < 0)
+      return -1;
+
+    r = NTOR_ONIONSKIN_LEN;
+    break;
+  default:
+    /* LCOV_EXCL_START
+     * We should never try to create an impossible handshake type. */
+    log_warn(LD_BUG, "called with unknown handshake state type %d", type);
+    tor_fragile_assert();
+    r = -1;
+    /* LCOV_EXCL_STOP */
+  }
+
+  if (r > 0)
+    state_out->tag = (uint16_t) type;
+
+  return r;
+}
+
+/* This is the maximum value for keys_out_len passed to
+ * onion_skin_server_handshake, plus 16. We can make it bigger if needed:
+ * It just defines how many bytes to stack-allocate. */
+#define MAX_KEYS_TMP_LEN 128
+
+/** Perform the second (server-side) step of a circuit-creation handshake of
+ * type <b>type</b>, responding to the client request in <b>onion_skin</b>
+ * using the keys in <b>keys</b>.  On success, write our response into
+ * <b>reply_out</b>, generate <b>keys_out_len</b> bytes worth of key material
+ * in <b>keys_out_len</b>, a hidden service nonce to <b>rend_nonce_out</b>,
+ * and return the length of the reply. On failure, return -1.
+ */
+int
+onion_skin_server_handshake(int type,
+                      const uint8_t *onion_skin, size_t onionskin_len,
+                      const server_onion_keys_t *keys,
+                      uint8_t *reply_out,
+                      uint8_t *keys_out, size_t keys_out_len,
+                      uint8_t *rend_nonce_out)
+{
+  int r = -1;
+
+  switch (type) {
+  case ONION_HANDSHAKE_TYPE_TAP:
+    if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
+      return -1;
+    if (onion_skin_TAP_server_handshake((const char*)onion_skin,
+                                        keys->onion_key, keys->last_onion_key,
+                                        (char*)reply_out,
+                                        (char*)keys_out, keys_out_len)<0)
+      return -1;
+    r = TAP_ONIONSKIN_REPLY_LEN;
+    memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
+    break;
+  case ONION_HANDSHAKE_TYPE_FAST:
+    if (onionskin_len != CREATE_FAST_LEN)
+      return -1;
+    if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0)
+      return -1;
+    r = CREATED_FAST_LEN;
+    memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
+    break;
+  case ONION_HANDSHAKE_TYPE_NTOR:
+    if (onionskin_len < NTOR_ONIONSKIN_LEN)
+      return -1;
+    {
+      size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
+      tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN);
+      uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
+
+      if (onion_skin_ntor_server_handshake(
+                                   onion_skin, keys->curve25519_key_map,
+                                   keys->junk_keypair,
+                                   keys->my_identity,
+                                   reply_out, keys_tmp, keys_tmp_len)<0) {
+        /* no need to memwipe here, since the output will never be used */
+        return -1;
+      }
+
+      memcpy(keys_out, keys_tmp, keys_out_len);
+      memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
+      memwipe(keys_tmp, 0, sizeof(keys_tmp));
+      r = NTOR_REPLY_LEN;
+    }
+    break;
+  default:
+    /* LCOV_EXCL_START
+     * We should have rejected this far before this point */
+    log_warn(LD_BUG, "called with unknown handshake state type %d", type);
+    tor_fragile_assert();
+    return -1;
+    /* LCOV_EXCL_STOP */
+  }
+
+  return r;
+}
+
+/** Perform the final (client-side) step of a circuit-creation handshake of
+ * type <b>type</b>, using our state in <b>handshake_state</b> and the
+ * server's response in <b>reply</b>. On success, generate <b>keys_out_len</b>
+ * bytes worth of key material in <b>keys_out_len</b>, set
+ * <b>rend_authenticator_out</b> to the "KH" field that can be used to
+ * establish introduction points at this hop, and return 0. On failure,
+ * return -1, and set *msg_out to an error message if this is worth
+ * complaining to the user about. */
+int
+onion_skin_client_handshake(int type,
+                      const onion_handshake_state_t *handshake_state,
+                      const uint8_t *reply, size_t reply_len,
+                      uint8_t *keys_out, size_t keys_out_len,
+                      uint8_t *rend_authenticator_out,
+                      const char **msg_out)
+{
+  if (handshake_state->tag != type)
+    return -1;
+
+  switch (type) {
+  case ONION_HANDSHAKE_TYPE_TAP:
+    if (reply_len != TAP_ONIONSKIN_REPLY_LEN) {
+      if (msg_out)
+        *msg_out = "TAP reply was not of the correct length.";
+      return -1;
+    }
+    if (onion_skin_TAP_client_handshake(handshake_state->u.tap,
+                                        (const char*)reply,
+                                        (char *)keys_out, keys_out_len,
+                                        msg_out) < 0)
+      return -1;
+
+    memcpy(rend_authenticator_out, reply+DH1024_KEY_LEN, DIGEST_LEN);
+
+    return 0;
+  case ONION_HANDSHAKE_TYPE_FAST:
+    if (reply_len != CREATED_FAST_LEN) {
+      if (msg_out)
+        *msg_out = "TAP reply was not of the correct length.";
+      return -1;
+    }
+    if (fast_client_handshake(handshake_state->u.fast, reply,
+                              keys_out, keys_out_len, msg_out) < 0)
+      return -1;
+
+    memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
+    return 0;
+  case ONION_HANDSHAKE_TYPE_NTOR:
+    if (reply_len < NTOR_REPLY_LEN) {
+      if (msg_out)
+        *msg_out = "ntor reply was not of the correct length.";
+      return -1;
+    }
+    {
+      size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
+      uint8_t *keys_tmp = tor_malloc(keys_tmp_len);
+      if (onion_skin_ntor_client_handshake(handshake_state->u.ntor,
+                                        reply,
+                                        keys_tmp, keys_tmp_len, msg_out) < 0) {
+        tor_free(keys_tmp);
+        return -1;
+      }
+      memcpy(keys_out, keys_tmp, keys_out_len);
+      memcpy(rend_authenticator_out, keys_tmp + keys_out_len, DIGEST_LEN);
+      memwipe(keys_tmp, 0, keys_tmp_len);
+      tor_free(keys_tmp);
+    }
+    return 0;
+  default:
+    log_warn(LD_BUG, "called with unknown handshake state type %d", type);
+    tor_fragile_assert();
+    return -1;
+  }
+}

src/core/crypto/onion_crypto.h

@@ -0,0 +1,47 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file onion_crypto.h
+ * \brief Header file for onion_crypto.c.
+ **/
+
+#ifndef TOR_ONION_CRYPTO_H
+#define TOR_ONION_CRYPTO_H
+
+typedef struct server_onion_keys_t {
+  uint8_t my_identity[DIGEST_LEN];
+  crypto_pk_t *onion_key;
+  crypto_pk_t *last_onion_key;
+  struct di_digest256_map_t *curve25519_key_map;
+  struct curve25519_keypair_t *junk_keypair;
+} server_onion_keys_t;
+
+void onion_handshake_state_release(onion_handshake_state_t *state);
+
+int onion_skin_create(int type,
+                      const extend_info_t *node,
+                      onion_handshake_state_t *state_out,
+                      uint8_t *onion_skin_out);
+int onion_skin_server_handshake(int type,
+                      const uint8_t *onion_skin, size_t onionskin_len,
+                      const server_onion_keys_t *keys,
+                      uint8_t *reply_out,
+                      uint8_t *keys_out, size_t key_out_len,
+                      uint8_t *rend_nonce_out);
+int onion_skin_client_handshake(int type,
+                      const onion_handshake_state_t *handshake_state,
+                      const uint8_t *reply, size_t reply_len,
+                      uint8_t *keys_out, size_t key_out_len,
+                      uint8_t *rend_authenticator_out,
+                      const char **msg_out);
+
+server_onion_keys_t *server_onion_keys_new(void);
+void server_onion_keys_free_(server_onion_keys_t *keys);
+#define server_onion_keys_free(keys) \
+  FREE_AND_NULL(server_onion_keys_t, server_onion_keys_free_, (keys))
+
+#endif

src/core/include.am

@@ -10,15 +10,16 @@ LIBTOR_APP_A_SOURCES = 				\
 	src/app/config/config.c			\
 	src/app/config/confparse.c		\
 	src/app/config/statefile.c		\
+	src/app/main/main.c			\
 	src/core/crypto/hs_ntor.c		\
-	src/core/crypto/onion.c			\
+	src/core/crypto/onion_crypto.c		\
 	src/core/crypto/onion_fast.c		\
 	src/core/crypto/onion_ntor.c		\
 	src/core/crypto/onion_tap.c		\
 	src/core/crypto/relay_crypto.c		\
 	src/core/mainloop/connection.c		\
 	src/core/mainloop/cpuworker.c		\
-	src/core/mainloop/main.c		\
+	src/core/mainloop/mainloop.c		\
 	src/core/mainloop/periodic.c		\
 	src/core/or/address_set.c		\
 	src/core/or/channel.c			\
@@ -34,6 +35,7 @@ LIBTOR_APP_A_SOURCES = 				\
 	src/core/or/connection_edge.c		\
 	src/core/or/connection_or.c		\
 	src/core/or/dos.c			\
+	src/core/or/onion.c			\
 	src/core/or/policies.c			\
 	src/core/or/protover.c			\
 	src/core/or/reasons.c			\
@@ -95,6 +97,7 @@ LIBTOR_APP_A_SOURCES = 				\
 	src/feature/nodelist/torcert.c		\
 	src/feature/relay/dns.c			\
 	src/feature/relay/ext_orport.c		\
+	src/feature/relay/onion_queue.c		\
 	src/feature/relay/router.c		\
 	src/feature/relay/routerkeys.c		\
 	src/feature/rend/rendcache.c		\
@@ -162,16 +165,17 @@ noinst_HEADERS +=					\
 	src/app/config/or_options_st.h			\
 	src/app/config/or_state_st.h			\
 	src/app/config/statefile.h			\
+	src/app/main/main.h				\
 	src/app/main/ntmain.h				\
 	src/core/crypto/hs_ntor.h			\
-	src/core/crypto/onion.h				\
+	src/core/crypto/onion_crypto.h	        	\
 	src/core/crypto/onion_fast.h			\
 	src/core/crypto/onion_ntor.h			\
 	src/core/crypto/onion_tap.h			\
 	src/core/crypto/relay_crypto.h			\
 	src/core/mainloop/connection.h			\
 	src/core/mainloop/cpuworker.h			\
-	src/core/mainloop/main.h			\
+	src/core/mainloop/mainloop.h			\
 	src/core/mainloop/periodic.h			\
 	src/core/or/addr_policy_st.h			\
 	src/core/or/address_set.h			\
@@ -202,6 +206,7 @@ noinst_HEADERS +=					\
 	src/core/or/entry_port_cfg_st.h			\
 	src/core/or/extend_info_st.h			\
 	src/core/or/listener_connection_st.h		\
+	src/core/or/onion.h				\
 	src/core/or/or.h				\
 	src/core/or/or_circuit_st.h			\
 	src/core/or/or_connection_st.h			\
@@ -307,6 +312,7 @@ noinst_HEADERS +=					\
 	src/feature/relay/dns.h				\
 	src/feature/relay/dns_structs.h			\
 	src/feature/relay/ext_orport.h			\
+	src/feature/relay/onion_queue.h			\
 	src/feature/relay/router.h			\
 	src/feature/relay/routerkeys.h			\
 	src/feature/rend/rend_authorized_client_st.h	\

src/core/mainloop/connection.c

@@ -85,7 +85,7 @@
 #include "feature/client/entrynodes.h"
 #include "feature/relay/ext_orport.h"
 #include "feature/stats/geoip.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/hibernate/hibernate.h"
 #include "feature/hs/hs_common.h"
 #include "feature/hs/hs_ident.h"

src/core/mainloop/cpuworker.c

@@ -26,11 +26,12 @@
 #include "core/mainloop/cpuworker.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/crypt_ops/crypto_util.h"
-#include "core/mainloop/main.h"
+#include "core/or/onion.h"
-#include "core/crypto/onion.h"
+#include "feature/relay/onion_queue.h"
 #include "feature/stats/rephist.h"
 #include "feature/relay/router.h"
 #include "lib/evloop/workqueue.h"
+#include "core/crypto/onion_crypto.h"
 
 #include "core/or/or_circuit_st.h"
 #include "lib/intmath/weakrng.h"

src/core/mainloop/main.h → src/core/mainloop/mainloop.h

@@ -5,12 +5,12 @@
 /* See LICENSE for licensing information */
 
 /**
- * \file main.h
+ * \file mainloop.h
- * \brief Header file for main.c.
+ * \brief Header file for mainloop.c.
  **/
 
-#ifndef TOR_MAIN_H
+#ifndef TOR_MAINLOOP_H
-#define TOR_MAIN_H
+#define TOR_MAINLOOP_H
 
 int have_completed_a_circuit(void);
 void note_that_we_completed_a_circuit(void);
@@ -73,20 +73,7 @@ MOCK_DECL(void,reset_uptime,(void));
 
 unsigned get_signewnym_epoch(void);
 
-void handle_signals(void);
-void activate_signal(int signal_num);
-
-int try_locking(const or_options_t *options, int err_if_locked);
-int have_lockfile(void);
-void release_lockfile(void);
-
-void tor_remove_file(const char *filename);
-
-void tor_cleanup(void);
-void tor_free_all(int postfork);
-
 int do_main_loop(void);
-int tor_init(int argc, char **argv);
 
 void reset_main_loop_counters(void);
 uint64_t get_main_loop_success_count(void);
@@ -96,6 +83,12 @@ uint64_t get_main_loop_idle_count(void);
 void periodic_events_on_new_options(const or_options_t *options);
 void reschedule_per_second_timer(void);
 
+void do_signewnym(time_t);
+time_t get_last_signewnym_time(void);
+
+void tor_init_connection_lists(void);
+void tor_mainloop_free_all(void);
+
 struct token_bucket_rw_t;
 
 extern time_t time_of_process_start;
@@ -103,13 +96,12 @@ extern int quiet_level;
 extern struct token_bucket_rw_t global_bucket;
 extern struct token_bucket_rw_t global_relayed_bucket;
 
-#ifdef MAIN_PRIVATE
+#ifdef MAINLOOP_PRIVATE
-STATIC void init_connection_lists(void);
 STATIC void initialize_mainloop_events(void);
 STATIC void close_closeable_connections(void);
 STATIC void initialize_periodic_events(void);
 STATIC void teardown_periodic_events(void);
-STATIC int get_my_roles(const or_options_t *options);
+STATIC int get_my_roles(const or_options_t *);
 #ifdef TOR_UNIT_TESTS
 extern smartlist_t *connection_array;
 
@@ -119,4 +111,4 @@ extern periodic_event_item_t periodic_events[];
 #endif
 #endif /* defined(MAIN_PRIVATE) */
 
-#endif /* !defined(TOR_MAIN_H) */
+#endif

src/core/mainloop/periodic.c

@@ -14,7 +14,7 @@
 #include "core/or/or.h"
 #include "lib/evloop/compat_libevent.h"
 #include "app/config/config.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/mainloop/periodic.h"
 #include "lib/evloop/compat_libevent.h"
 

src/core/or/channel.c

@@ -69,7 +69,7 @@
 #include "core/or/circuitmux.h"
 #include "feature/client/entrynodes.h"
 #include "feature/stats/geoip.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/relay.h"
 #include "feature/stats/rephist.h"

src/core/or/channelpadding.c

@@ -17,7 +17,7 @@
 #include "core/mainloop/connection.h"
 #include "core/or/connection_or.h"
 #include "lib/crypt_ops/crypto_rand.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/stats/rephist.h"
 #include "feature/relay/router.h"
 #include "lib/time/compat_time.h"

src/core/or/circuitbuild.c

@@ -47,11 +47,12 @@
 #include "feature/dircache/directory.h"
 #include "feature/client/entrynodes.h"
 #include "core/crypto/hs_ntor.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
-#include "core/crypto/onion.h"
+#include "core/or/onion.h"
+#include "core/crypto/onion_crypto.h"
 #include "core/crypto/onion_tap.h"
 #include "core/crypto/onion_fast.h"
 #include "core/or/policies.h"

src/core/or/circuitlist.c

@@ -71,13 +71,14 @@
 #include "lib/crypt_ops/crypto_dh.h"
 #include "feature/dircache/directory.h"
 #include "feature/client/entrynodes.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/hs/hs_circuit.h"
 #include "feature/hs/hs_circuitmap.h"
 #include "feature/hs/hs_ident.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
-#include "core/crypto/onion.h"
+#include "feature/relay/onion_queue.h"
+#include "core/crypto/onion_crypto.h"
 #include "core/crypto/onion_fast.h"
 #include "core/or/policies.h"
 #include "core/or/relay.h"

src/core/or/circuitstats.c

@@ -32,7 +32,7 @@
 #include "app/config/confparse.h"
 #include "feature/control/control.h"
 #include "lib/crypt_ops/crypto_rand.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/rend/rendclient.h"
 #include "feature/rend/rendservice.h"

src/core/or/command.c

@@ -50,7 +50,8 @@
 #include "core/or/dos.h"
 #include "feature/hibernate/hibernate.h"
 #include "feature/nodelist/nodelist.h"
-#include "core/crypto/onion.h"
+#include "core/or/onion.h"
+#include "core/crypto/onion_crypto.h"
 #include "feature/stats/rephist.h"
 #include "core/or/relay.h"
 #include "feature/relay/router.h"
@@ -699,4 +700,3 @@ command_setup_listener(channel_listener_t *listener)
 
   channel_listener_set_listener_fn(listener, command_handle_incoming_channel);
 }
-

src/core/or/connection_edge.c

@@ -80,7 +80,7 @@
 #include "feature/hs/hs_cache.h"
 #include "feature/hs/hs_client.h"
 #include "feature/hs/hs_circuit.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/policies.h"

src/core/or/connection_or.c

@@ -44,7 +44,7 @@
 #include "feature/dirauth/reachability.h"
 #include "feature/client/entrynodes.h"
 #include "feature/stats/geoip.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "trunnel/link_handshake.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"

src/core/or/dos.c

@@ -15,7 +15,7 @@
 #include "core/or/connection_or.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "feature/stats/geoip.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/relay.h"

src/core/crypto/onion.c → src/core/or/onion.c

@@ -6,7 +6,7 @@
 
 /**
  * \file onion.c
- * \brief Functions to queue create cells, wrap the various onionskin types,
+ * \brief Functions to queue create cells,
  * and parse and create the CREATE cell and its allies.
  *
  * This module has a few functions, all related to the CREATE/CREATED
@@ -14,27 +14,6 @@
  * related EXTEND/EXTENDED handshake that we use over circuits in order to
  * extend them an additional hop.
  *
- * In this module, we provide a set of abstractions to create a uniform
- * interface over the three circuit extension handshakes that Tor has used
- * over the years (TAP, CREATE_FAST, and ntor).  These handshakes are
- * implemented in onion_tap.c, onion_fast.c, and onion_ntor.c respectively.
- *
- * All[*] of these handshakes follow a similar pattern: a client, knowing
- * some key from the relay it wants to extend through, generates the
- * first part of a handshake. A relay receives that handshake, and sends
- * a reply.  Once the client handles the reply, it knows that it is
- * talking to the right relay, and it shares some freshly negotiated key
- * material with that relay.
- *
- * We sometimes call the client's part of the handshake an "onionskin".
- * We do this because historically, Onion Routing used a multi-layer
- * structure called an "onion" to construct circuits. Each layer of the
- * onion contained key material chosen by the client, the identity of
- * the next relay in the circuit, and a smaller onion, encrypted with
- * the key of the next relay.  When we changed Tor to use a telescoping
- * circuit extension design, it corresponded to sending each layer of the
- * onion separately -- as a series of onionskins.
- *
  * Clients invoke these functions when creating or extending a circuit,
  * from circuitbuild.c.
  *
@@ -57,628 +36,23 @@
  *   <li>Encoding and decodign EXTEND, EXTENDED, EXTEND2, and EXTENDED2
  *    relay cells.
  * </ul>
- *
- * [*] The CREATE_FAST handshake is weaker than described here; see
- * onion_fast.c for more information.
  **/
 
 #include "core/or/or.h"
-#include "core/or/circuitbuild.h"
+
-#include "core/or/circuitlist.h"
 #include "app/config/config.h"
-#include "core/mainloop/cpuworker.h"
+#include "core/crypto/onion_crypto.h"
-#include "lib/crypt_ops/crypto_util.h"
-#include "lib/crypt_ops/crypto_dh.h"
-#include "feature/nodelist/networkstatus.h"
-#include "core/crypto/onion.h"
 #include "core/crypto/onion_fast.h"
 #include "core/crypto/onion_ntor.h"
 #include "core/crypto/onion_tap.h"
-#include "core/or/relay.h"
+#include "core/or/onion.h"
-#include "feature/stats/rephist.h"
+#include "feature/nodelist/networkstatus.h"
-#include "feature/relay/router.h"
 
 #include "core/or/cell_st.h"
-#include "core/or/extend_info_st.h"
-#include "core/or/or_circuit_st.h"
 
 // trunnel
 #include "trunnel/ed25519_cert.h"
 
-/** Type for a linked list of circuits that are waiting for a free CPU worker
- * to process a waiting onion handshake. */
-typedef struct onion_queue_t {
-  TOR_TAILQ_ENTRY(onion_queue_t) next;
-  or_circuit_t *circ;
-  uint16_t handshake_type;
-  create_cell_t *onionskin;
-  time_t when_added;
-} onion_queue_t;
-
-/** 5 seconds on the onion queue til we just send back a destroy */
-#define ONIONQUEUE_WAIT_CUTOFF 5
-
-/** Array of queues of circuits waiting for CPU workers. An element is NULL
- * if that queue is empty.*/
-static TOR_TAILQ_HEAD(onion_queue_head_t, onion_queue_t)
-              ol_list[MAX_ONION_HANDSHAKE_TYPE+1] =
-{ TOR_TAILQ_HEAD_INITIALIZER(ol_list[0]), /* tap */
-  TOR_TAILQ_HEAD_INITIALIZER(ol_list[1]), /* fast */
-  TOR_TAILQ_HEAD_INITIALIZER(ol_list[2]), /* ntor */
-};
-
-/** Number of entries of each type currently in each element of ol_list[]. */
-static int ol_entries[MAX_ONION_HANDSHAKE_TYPE+1];
-
-static int num_ntors_per_tap(void);
-static void onion_queue_entry_remove(onion_queue_t *victim);
-
-/* XXXX Check lengths vs MAX_ONIONSKIN_{CHALLENGE,REPLY}_LEN.
- *
- * (By which I think I meant, "make sure that no
- * X_ONIONSKIN_CHALLENGE/REPLY_LEN is greater than
- * MAX_ONIONSKIN_CHALLENGE/REPLY_LEN."  Also, make sure that we can pass
- * over-large values via EXTEND2/EXTENDED2, for future-compatibility.*/
-
-/** Return true iff we have room to queue another onionskin of type
- * <b>type</b>. */
-static int
-have_room_for_onionskin(uint16_t type)
-{
-  const or_options_t *options = get_options();
-  int num_cpus;
-  uint64_t tap_usec, ntor_usec;
-  uint64_t ntor_during_tap_usec, tap_during_ntor_usec;
-
-  /* If we've got fewer than 50 entries, we always have room for one more. */
-  if (ol_entries[type] < 50)
-    return 1;
-  num_cpus = get_num_cpus(options);
-  /* Compute how many microseconds we'd expect to need to clear all
-   * onionskins in various combinations of the queues. */
-
-  /* How long would it take to process all the TAP cells in the queue? */
-  tap_usec  = estimated_usec_for_onionskins(
-                                    ol_entries[ONION_HANDSHAKE_TYPE_TAP],
-                                    ONION_HANDSHAKE_TYPE_TAP) / num_cpus;
-
-  /* How long would it take to process all the NTor cells in the queue? */
-  ntor_usec = estimated_usec_for_onionskins(
-                                    ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
-                                    ONION_HANDSHAKE_TYPE_NTOR) / num_cpus;
-
-  /* How long would it take to process the tap cells that we expect to
-   * process while draining the ntor queue? */
-  tap_during_ntor_usec  = estimated_usec_for_onionskins(
-    MIN(ol_entries[ONION_HANDSHAKE_TYPE_TAP],
-        ol_entries[ONION_HANDSHAKE_TYPE_NTOR] / num_ntors_per_tap()),
-                                    ONION_HANDSHAKE_TYPE_TAP) / num_cpus;
-
-  /* How long would it take to process the ntor cells that we expect to
-   * process while draining the tap queue? */
-  ntor_during_tap_usec  = estimated_usec_for_onionskins(
-    MIN(ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
-        ol_entries[ONION_HANDSHAKE_TYPE_TAP] * num_ntors_per_tap()),
-                                    ONION_HANDSHAKE_TYPE_NTOR) / num_cpus;
-
-  /* See whether that exceeds MaxOnionQueueDelay. If so, we can't queue
-   * this. */
-  if (type == ONION_HANDSHAKE_TYPE_NTOR &&
-      (ntor_usec + tap_during_ntor_usec) / 1000 >
-       (uint64_t)options->MaxOnionQueueDelay)
-    return 0;
-
-  if (type == ONION_HANDSHAKE_TYPE_TAP &&
-      (tap_usec + ntor_during_tap_usec) / 1000 >
-       (uint64_t)options->MaxOnionQueueDelay)
-    return 0;
-
-  /* If we support the ntor handshake, then don't let TAP handshakes use
-   * more than 2/3 of the space on the queue. */
-  if (type == ONION_HANDSHAKE_TYPE_TAP &&
-      tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
-    return 0;
-
-  return 1;
-}
-
-/** Add <b>circ</b> to the end of ol_list and return 0, except
- * if ol_list is too long, in which case do nothing and return -1.
- */
-int
-onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin)
-{
-  onion_queue_t *tmp;
-  time_t now = time(NULL);
-
-  if (onionskin->handshake_type > MAX_ONION_HANDSHAKE_TYPE) {
-    /* LCOV_EXCL_START
-     * We should have rejected this far before this point */
-    log_warn(LD_BUG, "Handshake %d out of range! Dropping.",
-             onionskin->handshake_type);
-    return -1;
-    /* LCOV_EXCL_STOP */
-  }
-
-  tmp = tor_malloc_zero(sizeof(onion_queue_t));
-  tmp->circ = circ;
-  tmp->handshake_type = onionskin->handshake_type;
-  tmp->onionskin = onionskin;
-  tmp->when_added = now;
-
-  if (!have_room_for_onionskin(onionskin->handshake_type)) {
-#define WARN_TOO_MANY_CIRC_CREATIONS_INTERVAL (60)
-    static ratelim_t last_warned =
-      RATELIM_INIT(WARN_TOO_MANY_CIRC_CREATIONS_INTERVAL);
-    char *m;
-    if (onionskin->handshake_type == ONION_HANDSHAKE_TYPE_NTOR &&
-        (m = rate_limit_log(&last_warned, approx_time()))) {
-      log_warn(LD_GENERAL,
-               "Your computer is too slow to handle this many circuit "
-               "creation requests! Please consider using the "
-               "MaxAdvertisedBandwidth config option or choosing a more "
-               "restricted exit policy.%s",m);
-      tor_free(m);
-    }
-    tor_free(tmp);
-    return -1;
-  }
-
-  ++ol_entries[onionskin->handshake_type];
-  log_info(LD_OR, "New create (%s). Queues now ntor=%d and tap=%d.",
-    onionskin->handshake_type == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap",
-    ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
-    ol_entries[ONION_HANDSHAKE_TYPE_TAP]);
-
-  circ->onionqueue_entry = tmp;
-  TOR_TAILQ_INSERT_TAIL(&ol_list[onionskin->handshake_type], tmp, next);
-
-  /* cull elderly requests. */
-  while (1) {
-    onion_queue_t *head = TOR_TAILQ_FIRST(&ol_list[onionskin->handshake_type]);
-    if (now - head->when_added < (time_t)ONIONQUEUE_WAIT_CUTOFF)
-      break;
-
-    circ = head->circ;
-    circ->onionqueue_entry = NULL;
-    onion_queue_entry_remove(head);
-    log_info(LD_CIRC,
-             "Circuit create request is too old; canceling due to overload.");
-    if (! TO_CIRCUIT(circ)->marked_for_close) {
-      circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
-    }
-  }
-  return 0;
-}
-
-/** Return a fairness parameter, to prefer processing NTOR style
- * handshakes but still slowly drain the TAP queue so we don't starve
- * it entirely. */
-static int
-num_ntors_per_tap(void)
-{
-#define DEFAULT_NUM_NTORS_PER_TAP 10
-#define MIN_NUM_NTORS_PER_TAP 1
-#define MAX_NUM_NTORS_PER_TAP 100000
-
-  return networkstatus_get_param(NULL, "NumNTorsPerTAP",
-                                 DEFAULT_NUM_NTORS_PER_TAP,
-                                 MIN_NUM_NTORS_PER_TAP,
-                                 MAX_NUM_NTORS_PER_TAP);
-}
-
-/** Choose which onion queue we'll pull from next. If one is empty choose
- * the other; if they both have elements, load balance across them but
- * favoring NTOR. */
-static uint16_t
-decide_next_handshake_type(void)
-{
-  /* The number of times we've chosen ntor lately when both were available. */
-  static int recently_chosen_ntors = 0;
-
-  if (!ol_entries[ONION_HANDSHAKE_TYPE_NTOR])
-    return ONION_HANDSHAKE_TYPE_TAP; /* no ntors? try tap */
-
-  if (!ol_entries[ONION_HANDSHAKE_TYPE_TAP]) {
-
-    /* Nick wants us to prioritize new tap requests when there aren't
-     * any in the queue and we've processed k ntor cells since the last
-     * tap cell. This strategy is maybe a good idea, since it starves tap
-     * less in the case where tap is rare, or maybe a poor idea, since it
-     * makes the new tap cell unfairly jump in front of ntor cells that
-     * got here first. In any case this edge case will only become relevant
-     * once tap is rare. We should reevaluate whether we like this decision
-     * once tap gets more rare. */
-    if (ol_entries[ONION_HANDSHAKE_TYPE_NTOR] &&
-        recently_chosen_ntors <= num_ntors_per_tap())
-      ++recently_chosen_ntors;
-
-    return ONION_HANDSHAKE_TYPE_NTOR; /* no taps? try ntor */
-  }
-
-  /* They both have something queued. Pick ntor if we haven't done that
-   * too much lately. */
-  if (++recently_chosen_ntors <= num_ntors_per_tap()) {
-    return ONION_HANDSHAKE_TYPE_NTOR;
-  }
-
-  /* Else, it's time to let tap have its turn. */
-  recently_chosen_ntors = 0;
-  return ONION_HANDSHAKE_TYPE_TAP;
-}
-
-/** Remove the highest priority item from ol_list[] and return it, or
- * return NULL if the lists are empty.
- */
-or_circuit_t *
-onion_next_task(create_cell_t **onionskin_out)
-{
-  or_circuit_t *circ;
-  uint16_t handshake_to_choose = decide_next_handshake_type();
-  onion_queue_t *head = TOR_TAILQ_FIRST(&ol_list[handshake_to_choose]);
-
-  if (!head)
-    return NULL; /* no onions pending, we're done */
-
-  tor_assert(head->circ);
-  tor_assert(head->handshake_type <= MAX_ONION_HANDSHAKE_TYPE);
-//  tor_assert(head->circ->p_chan); /* make sure it's still valid */
-/* XXX I only commented out the above line to make the unit tests
- * more manageable. That's probably not good long-term. -RD */
-  circ = head->circ;
-  if (head->onionskin)
-    --ol_entries[head->handshake_type];
-  log_info(LD_OR, "Processing create (%s). Queues now ntor=%d and tap=%d.",
-    head->handshake_type == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap",
-    ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
-    ol_entries[ONION_HANDSHAKE_TYPE_TAP]);
-
-  *onionskin_out = head->onionskin;
-  head->onionskin = NULL; /* prevent free. */
-  circ->onionqueue_entry = NULL;
-  onion_queue_entry_remove(head);
-  return circ;
-}
-
-/** Return the number of <b>handshake_type</b>-style create requests pending.
- */
-int
-onion_num_pending(uint16_t handshake_type)
-{
-  return ol_entries[handshake_type];
-}
-
-/** Go through ol_list, find the onion_queue_t element which points to
- * circ, remove and free that element. Leave circ itself alone.
- */
-void
-onion_pending_remove(or_circuit_t *circ)
-{
-  onion_queue_t *victim;
-
-  if (!circ)
-    return;
-
-  victim = circ->onionqueue_entry;
-  if (victim)
-    onion_queue_entry_remove(victim);
-
-  cpuworker_cancel_circ_handshake(circ);
-}
-
-/** Remove a queue entry <b>victim</b> from the queue, unlinking it from
- * its circuit and freeing it and any structures it owns.*/
-static void
-onion_queue_entry_remove(onion_queue_t *victim)
-{
-  if (victim->handshake_type > MAX_ONION_HANDSHAKE_TYPE) {
-    /* LCOV_EXCL_START
-     * We should have rejected this far before this point */
-    log_warn(LD_BUG, "Handshake %d out of range! Dropping.",
-             victim->handshake_type);
-    /* XXX leaks */
-    return;
-    /* LCOV_EXCL_STOP */
-  }
-
-  TOR_TAILQ_REMOVE(&ol_list[victim->handshake_type], victim, next);
-
-  if (victim->circ)
-    victim->circ->onionqueue_entry = NULL;
-
-  if (victim->onionskin)
-    --ol_entries[victim->handshake_type];
-
-  tor_free(victim->onionskin);
-  tor_free(victim);
-}
-
-/** Remove all circuits from the pending list.  Called from tor_free_all. */
-void
-clear_pending_onions(void)
-{
-  onion_queue_t *victim, *next;
-  int i;
-  for (i=0; i<=MAX_ONION_HANDSHAKE_TYPE; i++) {
-    for (victim = TOR_TAILQ_FIRST(&ol_list[i]); victim; victim = next) {
-      next = TOR_TAILQ_NEXT(victim,next);
-      onion_queue_entry_remove(victim);
-    }
-    tor_assert(TOR_TAILQ_EMPTY(&ol_list[i]));
-  }
-  memset(ol_entries, 0, sizeof(ol_entries));
-}
-
-/* ============================================================ */
-
-/** Return a new server_onion_keys_t object with all of the keys
- * and other info we might need to do onion handshakes.  (We make a copy of
- * our keys for each cpuworker to avoid race conditions with the main thread,
- * and to avoid locking) */
-server_onion_keys_t *
-server_onion_keys_new(void)
-{
-  server_onion_keys_t *keys = tor_malloc_zero(sizeof(server_onion_keys_t));
-  memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
-  dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
-  keys->curve25519_key_map = construct_ntor_key_map();
-  keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
-  curve25519_keypair_generate(keys->junk_keypair, 0);
-  return keys;
-}
-
-/** Release all storage held in <b>keys</b>. */
-void
-server_onion_keys_free_(server_onion_keys_t *keys)
-{
-  if (! keys)
-    return;
-
-  crypto_pk_free(keys->onion_key);
-  crypto_pk_free(keys->last_onion_key);
-  ntor_key_map_free(keys->curve25519_key_map);
-  tor_free(keys->junk_keypair);
-  memwipe(keys, 0, sizeof(server_onion_keys_t));
-  tor_free(keys);
-}
-
-/** Release whatever storage is held in <b>state</b>, depending on its
- * type, and clear its pointer. */
-void
-onion_handshake_state_release(onion_handshake_state_t *state)
-{
-  switch (state->tag) {
-  case ONION_HANDSHAKE_TYPE_TAP:
-    crypto_dh_free(state->u.tap);
-    state->u.tap = NULL;
-    break;
-  case ONION_HANDSHAKE_TYPE_FAST:
-    fast_handshake_state_free(state->u.fast);
-    state->u.fast = NULL;
-    break;
-  case ONION_HANDSHAKE_TYPE_NTOR:
-    ntor_handshake_state_free(state->u.ntor);
-    state->u.ntor = NULL;
-    break;
-  default:
-    /* LCOV_EXCL_START
-     * This state should not even exist. */
-    log_warn(LD_BUG, "called with unknown handshake state type %d",
-             (int)state->tag);
-    tor_fragile_assert();
-    /* LCOV_EXCL_STOP */
-  }
-}
-
-/** Perform the first step of a circuit-creation handshake of type <b>type</b>
- * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in
- * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>.
- * Return -1 on failure, and the length of the onionskin on acceptance.
- */
-int
-onion_skin_create(int type,
-                  const extend_info_t *node,
-                  onion_handshake_state_t *state_out,
-                  uint8_t *onion_skin_out)
-{
-  int r = -1;
-
-  switch (type) {
-  case ONION_HANDSHAKE_TYPE_TAP:
-    if (!node->onion_key)
-      return -1;
-
-    if (onion_skin_TAP_create(node->onion_key,
-                              &state_out->u.tap,
-                              (char*)onion_skin_out) < 0)
-      return -1;
-
-    r = TAP_ONIONSKIN_CHALLENGE_LEN;
-    break;
-  case ONION_HANDSHAKE_TYPE_FAST:
-    if (fast_onionskin_create(&state_out->u.fast, onion_skin_out) < 0)
-      return -1;
-
-    r = CREATE_FAST_LEN;
-    break;
-  case ONION_HANDSHAKE_TYPE_NTOR:
-    if (!extend_info_supports_ntor(node))
-      return -1;
-    if (onion_skin_ntor_create((const uint8_t*)node->identity_digest,
-                               &node->curve25519_onion_key,
-                               &state_out->u.ntor,
-                               onion_skin_out) < 0)
-      return -1;
-
-    r = NTOR_ONIONSKIN_LEN;
-    break;
-  default:
-    /* LCOV_EXCL_START
-     * We should never try to create an impossible handshake type. */
-    log_warn(LD_BUG, "called with unknown handshake state type %d", type);
-    tor_fragile_assert();
-    r = -1;
-    /* LCOV_EXCL_STOP */
-  }
-
-  if (r > 0)
-    state_out->tag = (uint16_t) type;
-
-  return r;
-}
-
-/* This is the maximum value for keys_out_len passed to
- * onion_skin_server_handshake, plus 16. We can make it bigger if needed:
- * It just defines how many bytes to stack-allocate. */
-#define MAX_KEYS_TMP_LEN 128
-
-/** Perform the second (server-side) step of a circuit-creation handshake of
- * type <b>type</b>, responding to the client request in <b>onion_skin</b>
- * using the keys in <b>keys</b>.  On success, write our response into
- * <b>reply_out</b>, generate <b>keys_out_len</b> bytes worth of key material
- * in <b>keys_out_len</b>, a hidden service nonce to <b>rend_nonce_out</b>,
- * and return the length of the reply. On failure, return -1.
- */
-int
-onion_skin_server_handshake(int type,
-                      const uint8_t *onion_skin, size_t onionskin_len,
-                      const server_onion_keys_t *keys,
-                      uint8_t *reply_out,
-                      uint8_t *keys_out, size_t keys_out_len,
-                      uint8_t *rend_nonce_out)
-{
-  int r = -1;
-
-  switch (type) {
-  case ONION_HANDSHAKE_TYPE_TAP:
-    if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
-      return -1;
-    if (onion_skin_TAP_server_handshake((const char*)onion_skin,
-                                        keys->onion_key, keys->last_onion_key,
-                                        (char*)reply_out,
-                                        (char*)keys_out, keys_out_len)<0)
-      return -1;
-    r = TAP_ONIONSKIN_REPLY_LEN;
-    memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
-    break;
-  case ONION_HANDSHAKE_TYPE_FAST:
-    if (onionskin_len != CREATE_FAST_LEN)
-      return -1;
-    if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0)
-      return -1;
-    r = CREATED_FAST_LEN;
-    memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
-    break;
-  case ONION_HANDSHAKE_TYPE_NTOR:
-    if (onionskin_len < NTOR_ONIONSKIN_LEN)
-      return -1;
-    {
-      size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
-      tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN);
-      uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
-
-      if (onion_skin_ntor_server_handshake(
-                                   onion_skin, keys->curve25519_key_map,
-                                   keys->junk_keypair,
-                                   keys->my_identity,
-                                   reply_out, keys_tmp, keys_tmp_len)<0) {
-        /* no need to memwipe here, since the output will never be used */
-        return -1;
-      }
-
-      memcpy(keys_out, keys_tmp, keys_out_len);
-      memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
-      memwipe(keys_tmp, 0, sizeof(keys_tmp));
-      r = NTOR_REPLY_LEN;
-    }
-    break;
-  default:
-    /* LCOV_EXCL_START
-     * We should have rejected this far before this point */
-    log_warn(LD_BUG, "called with unknown handshake state type %d", type);
-    tor_fragile_assert();
-    return -1;
-    /* LCOV_EXCL_STOP */
-  }
-
-  return r;
-}
-
-/** Perform the final (client-side) step of a circuit-creation handshake of
- * type <b>type</b>, using our state in <b>handshake_state</b> and the
- * server's response in <b>reply</b>. On success, generate <b>keys_out_len</b>
- * bytes worth of key material in <b>keys_out_len</b>, set
- * <b>rend_authenticator_out</b> to the "KH" field that can be used to
- * establish introduction points at this hop, and return 0. On failure,
- * return -1, and set *msg_out to an error message if this is worth
- * complaining to the user about. */
-int
-onion_skin_client_handshake(int type,
-                      const onion_handshake_state_t *handshake_state,
-                      const uint8_t *reply, size_t reply_len,
-                      uint8_t *keys_out, size_t keys_out_len,
-                      uint8_t *rend_authenticator_out,
-                      const char **msg_out)
-{
-  if (handshake_state->tag != type)
-    return -1;
-
-  switch (type) {
-  case ONION_HANDSHAKE_TYPE_TAP:
-    if (reply_len != TAP_ONIONSKIN_REPLY_LEN) {
-      if (msg_out)
-        *msg_out = "TAP reply was not of the correct length.";
-      return -1;
-    }
-    if (onion_skin_TAP_client_handshake(handshake_state->u.tap,
-                                        (const char*)reply,
-                                        (char *)keys_out, keys_out_len,
-                                        msg_out) < 0)
-      return -1;
-
-    memcpy(rend_authenticator_out, reply+DH1024_KEY_LEN, DIGEST_LEN);
-
-    return 0;
-  case ONION_HANDSHAKE_TYPE_FAST:
-    if (reply_len != CREATED_FAST_LEN) {
-      if (msg_out)
-        *msg_out = "TAP reply was not of the correct length.";
-      return -1;
-    }
-    if (fast_client_handshake(handshake_state->u.fast, reply,
-                              keys_out, keys_out_len, msg_out) < 0)
-      return -1;
-
-    memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
-    return 0;
-  case ONION_HANDSHAKE_TYPE_NTOR:
-    if (reply_len < NTOR_REPLY_LEN) {
-      if (msg_out)
-        *msg_out = "ntor reply was not of the correct length.";
-      return -1;
-    }
-    {
-      size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
-      uint8_t *keys_tmp = tor_malloc(keys_tmp_len);
-      if (onion_skin_ntor_client_handshake(handshake_state->u.ntor,
-                                        reply,
-                                        keys_tmp, keys_tmp_len, msg_out) < 0) {
-        tor_free(keys_tmp);
-        return -1;
-      }
-      memcpy(keys_out, keys_tmp, keys_out_len);
-      memcpy(rend_authenticator_out, keys_tmp + keys_out_len, DIGEST_LEN);
-      memwipe(keys_tmp, 0, keys_tmp_len);
-      tor_free(keys_tmp);
-    }
-    return 0;
-  default:
-    log_warn(LD_BUG, "called with unknown handshake state type %d", type);
-    tor_fragile_assert();
-    return -1;
-  }
-}
-
 /** Helper: return 0 if <b>cell</b> appears valid, -1 otherwise. If
  * <b>unknown_ok</b> is true, allow cells with handshake types we don't
  * recognize. */

src/core/crypto/onion.h → src/core/or/onion.h

@@ -17,47 +17,9 @@ struct curve25519_keypair_t;
 struct curve25519_public_key_t;
 #include "lib/crypt_ops/crypto_ed25519.h"
 
-int onion_pending_add(or_circuit_t *circ, struct create_cell_t *onionskin);
-or_circuit_t *onion_next_task(struct create_cell_t **onionskin_out);
-int onion_num_pending(uint16_t handshake_type);
-void onion_pending_remove(or_circuit_t *circ);
-void clear_pending_onions(void);
-
-typedef struct server_onion_keys_t {
-  uint8_t my_identity[DIGEST_LEN];
-  crypto_pk_t *onion_key;
-  crypto_pk_t *last_onion_key;
-  struct di_digest256_map_t *curve25519_key_map;
-  struct curve25519_keypair_t *junk_keypair;
-} server_onion_keys_t;
-
 #define MAX_ONIONSKIN_CHALLENGE_LEN 255
 #define MAX_ONIONSKIN_REPLY_LEN 255
 
-server_onion_keys_t *server_onion_keys_new(void);
-void server_onion_keys_free_(server_onion_keys_t *keys);
-#define server_onion_keys_free(keys) \
-  FREE_AND_NULL(server_onion_keys_t, server_onion_keys_free_, (keys))
-
-void onion_handshake_state_release(onion_handshake_state_t *state);
-
-int onion_skin_create(int type,
-                      const extend_info_t *node,
-                      onion_handshake_state_t *state_out,
-                      uint8_t *onion_skin_out);
-int onion_skin_server_handshake(int type,
-                      const uint8_t *onion_skin, size_t onionskin_len,
-                      const server_onion_keys_t *keys,
-                      uint8_t *reply_out,
-                      uint8_t *keys_out, size_t key_out_len,
-                      uint8_t *rend_nonce_out);
-int onion_skin_client_handshake(int type,
-                      const onion_handshake_state_t *handshake_state,
-                      const uint8_t *reply, size_t reply_len,
-                      uint8_t *keys_out, size_t key_out_len,
-                      uint8_t *rend_authenticator_out,
-                      const char **msg_out);
-
 /** A parsed CREATE, CREATE_FAST, or CREATE2 cell. */
 typedef struct create_cell_t {
   /** The cell command. One of CREATE{,_FAST,2} */

src/core/or/relay.c

@@ -67,10 +67,10 @@
 #include "feature/relay/dns.h"
 #include "feature/stats/geoip.h"
 #include "feature/hs/hs_cache.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
-#include "core/crypto/onion.h"
+#include "core/or/onion.h"
 #include "core/or/policies.h"
 #include "core/or/reasons.h"
 #include "core/or/relay.h"

src/core/or/scheduler.c

@@ -8,7 +8,7 @@
 #define SCHEDULER_PRIVATE_
 #define SCHEDULER_KIST_PRIVATE
 #include "core/or/scheduler.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "lib/container/buffers.h"
 #define TOR_CHANNEL_INTERNAL_
 #include "core/or/channeltls.h"

src/core/or/status.c

@@ -22,7 +22,7 @@
 #include "core/or/relay.h"
 #include "feature/relay/router.h"
 #include "core/or/circuitlist.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/stats/rephist.h"
 #include "feature/hibernate/hibernate.h"
 #include "app/config/statefile.h"

src/feature/client/dnsserv.c

@@ -27,7 +27,7 @@
 #include "core/mainloop/connection.h"
 #include "core/or/connection_edge.h"
 #include "feature/control/control.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/or/policies.h"
 
 #include "feature/control/control_connection_st.h"

src/feature/client/entrynodes.c

@@ -127,7 +127,7 @@
 #include "lib/crypt_ops/crypto_rand.h"
 #include "feature/dircache/directory.h"
 #include "feature/client/entrynodes.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"

src/feature/control/control.c

@@ -65,7 +65,8 @@
 #include "feature/hs/hs_cache.h"
 #include "feature/hs/hs_common.h"
 #include "feature/hs/hs_control.h"
-#include "core/mainloop/main.h"
+#include "app/main/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"

src/feature/dirauth/voteflags.c

@@ -14,7 +14,7 @@
 #include "feature/dirauth/voteflags.h"
 
 #include "app/config/config.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/or/policies.h"
 #include "feature/dirauth/bwauth.h"
 #include "feature/dirauth/reachability.h"

src/feature/dircache/directory.c

@@ -30,7 +30,7 @@
 #include "feature/hs/hs_common.h"
 #include "feature/hs/hs_control.h"
 #include "feature/hs/hs_client.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"

src/feature/hibernate/hibernate.c

@@ -38,7 +38,7 @@ hibernating, phase 2:
 #include "feature/control/control.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "feature/hibernate/hibernate.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/relay/router.h"
 #include "app/config/statefile.h"
 #include "lib/evloop/compat_libevent.h"

src/feature/hs/hs_service.c

@@ -20,7 +20,7 @@
 #include "lib/crypt_ops/crypto_ope.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "feature/dircache/directory.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/relay.h"

src/feature/nodelist/authcert.c

@@ -20,7 +20,7 @@
 
 #include "app/config/config.h"
 #include "core/mainloop/connection.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/or/policies.h"
 #include "feature/client/bridges.h"
 #include "feature/dircache/directory.h"

src/feature/nodelist/fmt_routerstatus.c

@@ -29,7 +29,7 @@
 /* #include "feature/dircache/dirserv.h" */
 /* #include "feature/hibernate/hibernate.h" */
 /* #include "feature/dirauth/keypin.h" */
-/* #include "core/mainloop/main.h" */
+/* #include "core/mainloop/mainloop.h" */
 /* #include "feature/nodelist/microdesc.h" */
 /* #include "feature/nodelist/networkstatus.h" */
 /* #include "feature/nodelist/nodelist.h" */

src/feature/nodelist/networkstatus.c

@@ -57,7 +57,7 @@
 #include "core/or/dos.h"
 #include "feature/client/entrynodes.h"
 #include "feature/hibernate/hibernate.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"

src/feature/nodelist/nodelist.c

@@ -52,7 +52,7 @@
 #include "feature/stats/geoip.h"
 #include "feature/hs/hs_common.h"
 #include "feature/hs/hs_client.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"

src/feature/nodelist/routerlist.c

@@ -64,7 +64,7 @@
 
 #include "app/config/config.h"
 #include "core/mainloop/connection.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/or/policies.h"
 #include "feature/client/bridges.h"
 #include "feature/control/control.h"

src/feature/relay/dns.c

@@ -58,7 +58,7 @@
 #include "feature/control/control.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "feature/relay/dns.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/or/policies.h"
 #include "core/or/relay.h"
 #include "feature/relay/router.h"

src/feature/relay/ext_orport.c

@@ -25,7 +25,7 @@
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/crypt_ops/crypto_util.h"
 #include "feature/relay/ext_orport.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/proto/proto_ext_or.h"
 
 #include "core/or/or_connection_st.h"

src/feature/relay/onion_queue.c

@@ -0,0 +1,361 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file onion_queue.c
+ * \brief Functions to queue create cells for processing.
+ *
+ * Relays invoke these functions when they receive a CREATE or EXTEND
+ * cell in command.c or relay.c, in order to queue the pending request.
+ * They also invoke them from cpuworker.c, which handles dispatching
+ * onionskin requests to different worker threads.
+ *
+ * <br>
+ *
+ * This module also handles:
+ *  <ul>
+ *  <li> Queueing incoming onionskins on the relay side before passing
+ *      them to worker threads.
+ *   <li>Expiring onionskins on the relay side if they have waited for
+ *     too long.
+ * </ul>
+ **/
+
+#include "core/or/or.h"
+
+#include "feature/relay/onion_queue.h"
+
+#include "app/config/config.h"
+#include "core/mainloop/cpuworker.h"
+#include "core/or/circuitlist.h"
+#include "core/or/onion.h"
+#include "feature/nodelist/networkstatus.h"
+
+#include "core/or/or_circuit_st.h"
+
+/** Type for a linked list of circuits that are waiting for a free CPU worker
+ * to process a waiting onion handshake. */
+typedef struct onion_queue_t {
+  TOR_TAILQ_ENTRY(onion_queue_t) next;
+  or_circuit_t *circ;
+  uint16_t handshake_type;
+  create_cell_t *onionskin;
+  time_t when_added;
+} onion_queue_t;
+
+/** 5 seconds on the onion queue til we just send back a destroy */
+#define ONIONQUEUE_WAIT_CUTOFF 5
+
+/** Array of queues of circuits waiting for CPU workers. An element is NULL
+ * if that queue is empty.*/
+static TOR_TAILQ_HEAD(onion_queue_head_t, onion_queue_t)
+              ol_list[MAX_ONION_HANDSHAKE_TYPE+1] =
+{ TOR_TAILQ_HEAD_INITIALIZER(ol_list[0]), /* tap */
+  TOR_TAILQ_HEAD_INITIALIZER(ol_list[1]), /* fast */
+  TOR_TAILQ_HEAD_INITIALIZER(ol_list[2]), /* ntor */
+};
+
+/** Number of entries of each type currently in each element of ol_list[]. */
+static int ol_entries[MAX_ONION_HANDSHAKE_TYPE+1];
+
+static int num_ntors_per_tap(void);
+static void onion_queue_entry_remove(onion_queue_t *victim);
+
+/* XXXX Check lengths vs MAX_ONIONSKIN_{CHALLENGE,REPLY}_LEN.
+ *
+ * (By which I think I meant, "make sure that no
+ * X_ONIONSKIN_CHALLENGE/REPLY_LEN is greater than
+ * MAX_ONIONSKIN_CHALLENGE/REPLY_LEN."  Also, make sure that we can pass
+ * over-large values via EXTEND2/EXTENDED2, for future-compatibility.*/
+
+/** Return true iff we have room to queue another onionskin of type
+ * <b>type</b>. */
+static int
+have_room_for_onionskin(uint16_t type)
+{
+  const or_options_t *options = get_options();
+  int num_cpus;
+  uint64_t tap_usec, ntor_usec;
+  uint64_t ntor_during_tap_usec, tap_during_ntor_usec;
+
+  /* If we've got fewer than 50 entries, we always have room for one more. */
+  if (ol_entries[type] < 50)
+    return 1;
+  num_cpus = get_num_cpus(options);
+  /* Compute how many microseconds we'd expect to need to clear all
+   * onionskins in various combinations of the queues. */
+
+  /* How long would it take to process all the TAP cells in the queue? */
+  tap_usec  = estimated_usec_for_onionskins(
+                                    ol_entries[ONION_HANDSHAKE_TYPE_TAP],
+                                    ONION_HANDSHAKE_TYPE_TAP) / num_cpus;
+
+  /* How long would it take to process all the NTor cells in the queue? */
+  ntor_usec = estimated_usec_for_onionskins(
+                                    ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
+                                    ONION_HANDSHAKE_TYPE_NTOR) / num_cpus;
+
+  /* How long would it take to process the tap cells that we expect to
+   * process while draining the ntor queue? */
+  tap_during_ntor_usec  = estimated_usec_for_onionskins(
+    MIN(ol_entries[ONION_HANDSHAKE_TYPE_TAP],
+        ol_entries[ONION_HANDSHAKE_TYPE_NTOR] / num_ntors_per_tap()),
+                                    ONION_HANDSHAKE_TYPE_TAP) / num_cpus;
+
+  /* How long would it take to process the ntor cells that we expect to
+   * process while draining the tap queue? */
+  ntor_during_tap_usec  = estimated_usec_for_onionskins(
+    MIN(ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
+        ol_entries[ONION_HANDSHAKE_TYPE_TAP] * num_ntors_per_tap()),
+                                    ONION_HANDSHAKE_TYPE_NTOR) / num_cpus;
+
+  /* See whether that exceeds MaxOnionQueueDelay. If so, we can't queue
+   * this. */
+  if (type == ONION_HANDSHAKE_TYPE_NTOR &&
+      (ntor_usec + tap_during_ntor_usec) / 1000 >
+       (uint64_t)options->MaxOnionQueueDelay)
+    return 0;
+
+  if (type == ONION_HANDSHAKE_TYPE_TAP &&
+      (tap_usec + ntor_during_tap_usec) / 1000 >
+       (uint64_t)options->MaxOnionQueueDelay)
+    return 0;
+
+  /* If we support the ntor handshake, then don't let TAP handshakes use
+   * more than 2/3 of the space on the queue. */
+  if (type == ONION_HANDSHAKE_TYPE_TAP &&
+      tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
+    return 0;
+
+  return 1;
+}
+
+/** Add <b>circ</b> to the end of ol_list and return 0, except
+ * if ol_list is too long, in which case do nothing and return -1.
+ */
+int
+onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin)
+{
+  onion_queue_t *tmp;
+  time_t now = time(NULL);
+
+  if (onionskin->handshake_type > MAX_ONION_HANDSHAKE_TYPE) {
+    /* LCOV_EXCL_START
+     * We should have rejected this far before this point */
+    log_warn(LD_BUG, "Handshake %d out of range! Dropping.",
+             onionskin->handshake_type);
+    return -1;
+    /* LCOV_EXCL_STOP */
+  }
+
+  tmp = tor_malloc_zero(sizeof(onion_queue_t));
+  tmp->circ = circ;
+  tmp->handshake_type = onionskin->handshake_type;
+  tmp->onionskin = onionskin;
+  tmp->when_added = now;
+
+  if (!have_room_for_onionskin(onionskin->handshake_type)) {
+#define WARN_TOO_MANY_CIRC_CREATIONS_INTERVAL (60)
+    static ratelim_t last_warned =
+      RATELIM_INIT(WARN_TOO_MANY_CIRC_CREATIONS_INTERVAL);
+    char *m;
+    if (onionskin->handshake_type == ONION_HANDSHAKE_TYPE_NTOR &&
+        (m = rate_limit_log(&last_warned, approx_time()))) {
+      log_warn(LD_GENERAL,
+               "Your computer is too slow to handle this many circuit "
+               "creation requests! Please consider using the "
+               "MaxAdvertisedBandwidth config option or choosing a more "
+               "restricted exit policy.%s",m);
+      tor_free(m);
+    }
+    tor_free(tmp);
+    return -1;
+  }
+
+  ++ol_entries[onionskin->handshake_type];
+  log_info(LD_OR, "New create (%s). Queues now ntor=%d and tap=%d.",
+    onionskin->handshake_type == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap",
+    ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
+    ol_entries[ONION_HANDSHAKE_TYPE_TAP]);
+
+  circ->onionqueue_entry = tmp;
+  TOR_TAILQ_INSERT_TAIL(&ol_list[onionskin->handshake_type], tmp, next);
+
+  /* cull elderly requests. */
+  while (1) {
+    onion_queue_t *head = TOR_TAILQ_FIRST(&ol_list[onionskin->handshake_type]);
+    if (now - head->when_added < (time_t)ONIONQUEUE_WAIT_CUTOFF)
+      break;
+
+    circ = head->circ;
+    circ->onionqueue_entry = NULL;
+    onion_queue_entry_remove(head);
+    log_info(LD_CIRC,
+             "Circuit create request is too old; canceling due to overload.");
+    if (! TO_CIRCUIT(circ)->marked_for_close) {
+      circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
+    }
+  }
+  return 0;
+}
+
+/** Return a fairness parameter, to prefer processing NTOR style
+ * handshakes but still slowly drain the TAP queue so we don't starve
+ * it entirely. */
+static int
+num_ntors_per_tap(void)
+{
+#define DEFAULT_NUM_NTORS_PER_TAP 10
+#define MIN_NUM_NTORS_PER_TAP 1
+#define MAX_NUM_NTORS_PER_TAP 100000
+
+  return networkstatus_get_param(NULL, "NumNTorsPerTAP",
+                                 DEFAULT_NUM_NTORS_PER_TAP,
+                                 MIN_NUM_NTORS_PER_TAP,
+                                 MAX_NUM_NTORS_PER_TAP);
+}
+
+/** Choose which onion queue we'll pull from next. If one is empty choose
+ * the other; if they both have elements, load balance across them but
+ * favoring NTOR. */
+static uint16_t
+decide_next_handshake_type(void)
+{
+  /* The number of times we've chosen ntor lately when both were available. */
+  static int recently_chosen_ntors = 0;
+
+  if (!ol_entries[ONION_HANDSHAKE_TYPE_NTOR])
+    return ONION_HANDSHAKE_TYPE_TAP; /* no ntors? try tap */
+
+  if (!ol_entries[ONION_HANDSHAKE_TYPE_TAP]) {
+
+    /* Nick wants us to prioritize new tap requests when there aren't
+     * any in the queue and we've processed k ntor cells since the last
+     * tap cell. This strategy is maybe a good idea, since it starves tap
+     * less in the case where tap is rare, or maybe a poor idea, since it
+     * makes the new tap cell unfairly jump in front of ntor cells that
+     * got here first. In any case this edge case will only become relevant
+     * once tap is rare. We should reevaluate whether we like this decision
+     * once tap gets more rare. */
+    if (ol_entries[ONION_HANDSHAKE_TYPE_NTOR] &&
+        recently_chosen_ntors <= num_ntors_per_tap())
+      ++recently_chosen_ntors;
+
+    return ONION_HANDSHAKE_TYPE_NTOR; /* no taps? try ntor */
+  }
+
+  /* They both have something queued. Pick ntor if we haven't done that
+   * too much lately. */
+  if (++recently_chosen_ntors <= num_ntors_per_tap()) {
+    return ONION_HANDSHAKE_TYPE_NTOR;
+  }
+
+  /* Else, it's time to let tap have its turn. */
+  recently_chosen_ntors = 0;
+  return ONION_HANDSHAKE_TYPE_TAP;
+}
+
+/** Remove the highest priority item from ol_list[] and return it, or
+ * return NULL if the lists are empty.
+ */
+or_circuit_t *
+onion_next_task(create_cell_t **onionskin_out)
+{
+  or_circuit_t *circ;
+  uint16_t handshake_to_choose = decide_next_handshake_type();
+  onion_queue_t *head = TOR_TAILQ_FIRST(&ol_list[handshake_to_choose]);
+
+  if (!head)
+    return NULL; /* no onions pending, we're done */
+
+  tor_assert(head->circ);
+  tor_assert(head->handshake_type <= MAX_ONION_HANDSHAKE_TYPE);
+//  tor_assert(head->circ->p_chan); /* make sure it's still valid */
+/* XXX I only commented out the above line to make the unit tests
+ * more manageable. That's probably not good long-term. -RD */
+  circ = head->circ;
+  if (head->onionskin)
+    --ol_entries[head->handshake_type];
+  log_info(LD_OR, "Processing create (%s). Queues now ntor=%d and tap=%d.",
+    head->handshake_type == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap",
+    ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
+    ol_entries[ONION_HANDSHAKE_TYPE_TAP]);
+
+  *onionskin_out = head->onionskin;
+  head->onionskin = NULL; /* prevent free. */
+  circ->onionqueue_entry = NULL;
+  onion_queue_entry_remove(head);
+  return circ;
+}
+
+/** Return the number of <b>handshake_type</b>-style create requests pending.
+ */
+int
+onion_num_pending(uint16_t handshake_type)
+{
+  return ol_entries[handshake_type];
+}
+
+/** Go through ol_list, find the onion_queue_t element which points to
+ * circ, remove and free that element. Leave circ itself alone.
+ */
+void
+onion_pending_remove(or_circuit_t *circ)
+{
+  onion_queue_t *victim;
+
+  if (!circ)
+    return;
+
+  victim = circ->onionqueue_entry;
+  if (victim)
+    onion_queue_entry_remove(victim);
+
+  cpuworker_cancel_circ_handshake(circ);
+}
+
+/** Remove a queue entry <b>victim</b> from the queue, unlinking it from
+ * its circuit and freeing it and any structures it owns.*/
+static void
+onion_queue_entry_remove(onion_queue_t *victim)
+{
+  if (victim->handshake_type > MAX_ONION_HANDSHAKE_TYPE) {
+    /* LCOV_EXCL_START
+     * We should have rejected this far before this point */
+    log_warn(LD_BUG, "Handshake %d out of range! Dropping.",
+             victim->handshake_type);
+    /* XXX leaks */
+    return;
+    /* LCOV_EXCL_STOP */
+  }
+
+  TOR_TAILQ_REMOVE(&ol_list[victim->handshake_type], victim, next);
+
+  if (victim->circ)
+    victim->circ->onionqueue_entry = NULL;
+
+  if (victim->onionskin)
+    --ol_entries[victim->handshake_type];
+
+  tor_free(victim->onionskin);
+  tor_free(victim);
+}
+
+/** Remove all circuits from the pending list.  Called from tor_free_all. */
+void
+clear_pending_onions(void)
+{
+  onion_queue_t *victim, *next;
+  int i;
+  for (i=0; i<=MAX_ONION_HANDSHAKE_TYPE; i++) {
+    for (victim = TOR_TAILQ_FIRST(&ol_list[i]); victim; victim = next) {
+      next = TOR_TAILQ_NEXT(victim,next);
+      onion_queue_entry_remove(victim);
+    }
+    tor_assert(TOR_TAILQ_EMPTY(&ol_list[i]));
+  }
+  memset(ol_entries, 0, sizeof(ol_entries));
+}

src/feature/relay/onion_queue.h

@@ -0,0 +1,23 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file onion_queue.h
+ * \brief Header file for onion_queue.c.
+ **/
+
+#ifndef TOR_ONION_QUEUE_H
+#define TOR_ONION_QUEUE_H
+
+struct create_cell_t;
+
+int onion_pending_add(or_circuit_t *circ, struct create_cell_t *onionskin);
+or_circuit_t *onion_next_task(struct create_cell_t **onionskin_out);
+int onion_num_pending(uint16_t handshake_type);
+void onion_pending_remove(or_circuit_t *circ);
+void clear_pending_onions(void);
+
+#endif

src/feature/relay/router.c

@@ -22,7 +22,8 @@
 #include "feature/relay/dns.h"
 #include "feature/stats/geoip.h"
 #include "feature/hibernate/hibernate.h"
-#include "core/mainloop/main.h"
+#include "app/main/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/policies.h"

src/feature/rend/rendclient.c

@@ -23,7 +23,7 @@
 #include "feature/hs/hs_circuit.h"
 #include "feature/hs/hs_client.h"
 #include "feature/hs/hs_common.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/relay.h"

src/feature/rend/rendservice.c

@@ -22,7 +22,7 @@
 #include "feature/dircache/directory.h"
 #include "feature/hs/hs_common.h"
 #include "feature/hs/hs_config.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/policies.h"

src/test/test.c

@@ -11,7 +11,6 @@
 #include "orconfig.h"
 #include "lib/crypt_ops/crypto_dh.h"
 #include "lib/crypt_ops/crypto_rand.h"
-
 #include "app/config/or_state_st.h"
 
 #include <stdio.h>
@@ -33,7 +32,7 @@
 #define ROUTER_PRIVATE
 #define CIRCUITSTATS_PRIVATE
 #define CIRCUITLIST_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #define STATEFILE_PRIVATE
 
 #include "core/or/or.h"
@@ -47,9 +46,9 @@
 #include "feature/rend/rendcommon.h"
 #include "feature/rend/rendcache.h"
 #include "test/test.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "lib/memarea/memarea.h"
-#include "core/crypto/onion.h"
+#include "core/or/onion.h"
 #include "core/crypto/onion_ntor.h"
 #include "core/crypto/onion_fast.h"
 #include "core/crypto/onion_tap.h"
@@ -64,6 +63,7 @@
 #include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
 #include "feature/rend/rend_intro_point_st.h"
 #include "feature/rend/rend_service_descriptor_st.h"
+#include "feature/relay/onion_queue.h"
 
 /** Run unit tests for the onion handshake code. */
 static void

src/test/test_cell_formats.c

@@ -13,7 +13,7 @@
 #include "core/or/connection_or.h"
 #include "app/config/config.h"
 #include "lib/crypt_ops/crypto_rand.h"
-#include "core/crypto/onion.h"
+#include "core/or/onion.h"
 #include "core/crypto/onion_tap.h"
 #include "core/crypto/onion_fast.h"
 #include "core/crypto/onion_ntor.h"

src/test/test_channelpadding.c

@@ -2,7 +2,7 @@
 /* See LICENSE for licensing information */
 
 #define TOR_CHANNEL_INTERNAL_
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #define NETWORKSTATUS_PRIVATE
 #define TOR_TIMERS_PRIVATE
 #include "core/or/or.h"
@@ -16,7 +16,7 @@
 #include "lib/evloop/compat_libevent.h"
 #include "app/config/config.h"
 #include "lib/time/compat_time.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "test/log_test_helpers.h"
 #include "lib/tls/tortls.h"

src/test/test_config.c

@@ -31,7 +31,7 @@
 #include "feature/relay/ext_orport.h"
 #include "feature/stats/geoip.h"
 #include "feature/hibernate/hibernate.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/networkstatus.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/policies.h"

src/test/test_connection.c

@@ -4,7 +4,7 @@
 #include "orconfig.h"
 
 #define CONNECTION_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #define CONNECTION_OR_PRIVATE
 
 #include "core/or/or.h"
@@ -13,7 +13,7 @@
 #include "core/mainloop/connection.h"
 #include "core/or/connection_edge.h"
 #include "feature/hs/hs_common.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/microdesc.h"
 #include "feature/nodelist/nodelist.h"
 #include "feature/nodelist/networkstatus.h"

src/test/test_extorport.c

@@ -3,7 +3,7 @@
 
 #define CONNECTION_PRIVATE
 #define EXT_ORPORT_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #include "core/or/or.h"
 #include "lib/container/buffers.h"
 #include "core/mainloop/connection.h"
@@ -12,7 +12,7 @@
 #include "feature/control/control.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "feature/relay/ext_orport.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 
 #include "core/or/or_connection_st.h"
 
@@ -463,7 +463,7 @@ test_ext_or_handshake(void *arg)
   memcpy(ext_or_auth_cookie, "Gliding wrapt in a brown mantle," , 32);
   ext_or_auth_cookie_is_set = 1;
 
-  init_connection_lists();
+  tor_init_connection_lists();
 
   conn = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
   tt_int_op(0, OP_EQ, connection_ext_or_start_auth(conn));

src/test/test_helpers.c

@@ -9,7 +9,7 @@
 #define ROUTERLIST_PRIVATE
 #define CONFIG_PRIVATE
 #define CONNECTION_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 
 #include "orconfig.h"
 #include "core/or/or.h"
@@ -19,7 +19,7 @@
 #include "app/config/confparse.h"
 #include "core/mainloop/connection.h"
 #include "lib/crypt_ops/crypto_rand.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/nodelist.h"
 #include "core/or/relay.h"
 #include "feature/nodelist/routerlist.h"
@@ -217,7 +217,7 @@ test_conn_get_connection(uint8_t state, uint8_t type, uint8_t purpose)
        mock_connection_connect_sockaddr);
   MOCK(tor_close_socket, fake_close_socket);
 
-  init_connection_lists();
+  tor_init_connection_lists();
 
   conn = connection_new(type, TEST_CONN_FAMILY);
   tt_assert(conn);

src/test/test_hs_client.c

@@ -8,7 +8,7 @@
 
 #define CONFIG_PRIVATE
 #define CRYPTO_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #define HS_CLIENT_PRIVATE
 #define TOR_CHANNEL_INTERNAL_
 #define CIRCUITBUILD_PRIVATE
@@ -26,7 +26,7 @@
 #include "lib/crypt_ops/crypto_dh.h"
 #include "core/or/channeltls.h"
 #include "feature/dircache/directory.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/nodelist.h"
 #include "feature/nodelist/routerset.h"
 

src/test/test_hs_service.c

@@ -15,7 +15,7 @@
 #define HS_SERVICE_PRIVATE
 #define HS_INTROPOINT_PRIVATE
 #define HS_CIRCUIT_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #define NETWORKSTATUS_PRIVATE
 #define STATEFILE_PRIVATE
 #define TOR_CHANNEL_INTERNAL_
@@ -49,7 +49,7 @@
 #include "feature/hs/hs_circuitmap.h"
 #include "feature/hs/hs_service.h"
 #include "feature/hs/hs_client.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/rend/rendservice.h"
 #include "app/config/statefile.h"
 #include "feature/dirauth/shared_random_state.h"

src/test/test_mainloop.c

@@ -10,7 +10,7 @@
 #include "test/log_test_helpers.h"
 
 #include "core/or/or.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 
 static const uint64_t BILLION = 1000000000;
 

src/test/test_oos.c

@@ -10,7 +10,7 @@
 #include "core/mainloop/connection.h"
 #include "core/or/connection_or.h"
 #include "feature/dircache/directory.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "test/test.h"
 
 #include "feature/dircommon/dir_connection_st.h"

src/test/test_options.c

@@ -12,7 +12,7 @@
 
 #define ROUTERSET_PRIVATE
 #include "feature/nodelist/routerset.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "test/log_test_helpers.h"
 
 #include "lib/sandbox/sandbox.h"

src/test/test_periodic_event.c

@@ -9,7 +9,7 @@
 
 #define CONFIG_PRIVATE
 #define HS_SERVICE_PRIVATE
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 
 #include "test/test.h"
 #include "test/test_helpers.h"
@@ -18,7 +18,7 @@
 #include "app/config/config.h"
 #include "feature/hibernate/hibernate.h"
 #include "feature/hs/hs_service.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "core/mainloop/periodic.h"
 
 /** Helper function: This is replaced in some tests for the event callbacks so

src/test/test_relaycell.c

@@ -6,7 +6,7 @@
 #define RELAY_PRIVATE
 #define CIRCUITLIST_PRIVATE
 #include "core/or/or.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "app/config/config.h"
 #include "core/mainloop/connection.h"
 #include "lib/crypt_ops/crypto_cipher.h"

src/test/test_router.c

@@ -9,7 +9,7 @@
 
 #include "core/or/or.h"
 #include "app/config/config.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/hibernate/hibernate.h"
 #include "feature/nodelist/routerinfo_st.h"
 #include "feature/nodelist/routerlist.h"

src/test/test_status.c

@@ -21,7 +21,7 @@
 #include "feature/stats/rephist.h"
 #include "core/or/relay.h"
 #include "feature/relay/router.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "feature/nodelist/nodelist.h"
 #include "app/config/statefile.h"
 #include "lib/tls/tortls.h"

src/test/test_workqueue.c

@@ -5,7 +5,7 @@
 
 #include "core/or/or.h"
 #include "lib/thread/threads.h"
-#include "core/crypto/onion.h"
+#include "core/or/onion.h"
 #include "lib/evloop/workqueue.h"
 #include "lib/crypt_ops/crypto_curve25519.h"
 #include "lib/crypt_ops/crypto_rand.h"

src/test/testing_common.c

@@ -8,7 +8,7 @@
  * \brief Common pieces to implement unit tests.
  **/
 
-#define MAIN_PRIVATE
+#define MAINLOOP_PRIVATE
 #include "orconfig.h"
 #include "core/or/or.h"
 #include "feature/control/control.h"
@@ -20,7 +20,7 @@
 #include "lib/err/backtrace.h"
 #include "test/test.h"
 #include "core/or/channelpadding.h"
-#include "core/mainloop/main.h"
+#include "core/mainloop/mainloop.h"
 #include "lib/compress/compress.h"
 #include "lib/evloop/compat_libevent.h"
 #include "lib/crypt_ops/crypto_init.h"

src/tools/tor-print-ed-signing-cert.c

@@ -6,7 +6,7 @@
 #include <string.h>
 #include <time.h>
 
-#include "ed25519_cert.h"
+#include "trunnel/ed25519_cert.h"
 #include "lib/cc/torint.h"  /* TOR_PRIdSZ */
 #include "lib/crypt_ops/crypto_format.h"
 #include "lib/malloc/malloc.h"