Skip to main content

tor_proto/
stream.rs

1//! Tor stream handling.
2//!
3//! A stream is an anonymized conversation; multiple streams can be
4//! multiplexed over a single circuit.
5
6pub(crate) mod cmdcheck;
7pub(crate) mod flow_ctrl;
8pub(crate) mod raw;
9
10#[cfg(any(feature = "hs-service", feature = "relay"))]
11pub(crate) mod incoming;
12
13pub(crate) mod queue;
14
15use futures::SinkExt as _;
16use oneshot_fused_workaround as oneshot;
17use postage::watch;
18use safelog::sensitive;
19
20use tor_async_utils::SinkCloseChannel as _;
21use tor_cell::relaycell::flow_ctrl::XonKbpsEwma;
22use tor_cell::relaycell::msg::{AnyRelayMsg, End};
23use tor_cell::relaycell::{RelayCellFormat, StreamId, UnparsedRelayMsg};
24use tor_memquota::mq_queue::{self, MpscSpec};
25
26use flow_ctrl::state::StreamRateLimit;
27
28use crate::memquota::StreamAccount;
29use crate::stream::flow_ctrl::xon_xoff::reader::XonXoffReaderCtrl;
30use crate::{ClientTunnel, Error, HopLocation, Result};
31
32#[cfg(any(feature = "hs-service", feature = "relay"))]
33pub use incoming::{
34    IncomingStream, IncomingStreamRequest, IncomingStreamRequestContext,
35    IncomingStreamRequestDisposition, IncomingStreamRequestFilter,
36};
37
38pub use raw::StreamReceiver;
39
40#[cfg_attr(docsrs, doc(cfg(any(feature = "hs-service", feature = "relay"))))]
41#[cfg(any(feature = "hs-service", feature = "relay"))]
42pub(crate) use incoming::{InboundDataCmdChecker, IncomingCmdChecker, StreamReqInfo};
43
44use std::pin::Pin;
45use std::sync::Arc;
46
47/// Initial value for outbound flow-control window on streams.
48pub(crate) const SEND_WINDOW_INIT: u16 = 500;
49/// Initial value for inbound flow-control window on streams.
50pub(crate) const RECV_WINDOW_INIT: u16 = 500;
51
52/// Size of the buffer used between the reactor and a `StreamReader`.
53///
54/// FIXME(eta): We pick 2× the receive window, which is very conservative (we arguably shouldn't
55///             get sent more than the receive window anyway!). We might do due to things that
56///             don't count towards the window though.
57pub(crate) const STREAM_READER_BUFFER: usize = (2 * RECV_WINDOW_INIT) as usize;
58
59/// MPSC queue relating to a stream (either inbound or outbound), sender
60pub(crate) type StreamMpscSender<T> = mq_queue::Sender<T, MpscSpec>;
61/// MPSC queue relating to a stream (either inbound or outbound), receiver
62pub(crate) type StreamMpscReceiver<T> = mq_queue::Receiver<T, MpscSpec>;
63
64/// A behavior to perform when closing a stream.
65///
66/// We don't use `Option<End>` here, since the behavior of `SendNothing` is so surprising
67/// that we shouldn't let it pass unremarked.
68#[derive(Clone, Debug)]
69pub(crate) enum CloseStreamBehavior {
70    /// Send nothing at all, so that the other side will not realize we have
71    /// closed the stream.
72    ///
73    /// We should only do this for incoming onion service streams when we
74    /// want to black-hole the client's requests.
75    SendNothing,
76    /// Send an End cell, if we haven't already sent one.
77    SendEnd(End),
78}
79
80impl Default for CloseStreamBehavior {
81    fn default() -> Self {
82        Self::SendEnd(End::new_misc())
83    }
84}
85
86/// A collection of components that can be combined to implement a Tor stream,
87/// or anything that requires a stream ID.
88///
89/// Not all components may be needed, depending on the purpose of the "stream".
90/// For example we build `RELAY_RESOLVE` requests like we do data streams,
91/// but they won't use the `StreamTarget` as they don't need to send additional
92/// messages.
93#[derive(Debug)]
94pub(crate) struct StreamComponents {
95    /// A [`Stream`](futures::Stream) of incoming relay messages for this Tor stream.
96    pub(crate) stream_receiver: StreamReceiver,
97    /// A handle that can communicate messages to the circuit reactor for this stream.
98    pub(crate) target: StreamTarget,
99    /// The memquota [account](tor_memquota::Account) to use for data on this stream.
100    pub(crate) memquota: StreamAccount,
101    /// The control information needed to add XON/XOFF flow control to the stream.
102    pub(crate) xon_xoff_reader_ctrl: XonXoffReaderCtrl,
103}
104
105/// Internal handle, used to implement a stream on a particular tunnel.
106///
107/// The reader and the writer for a stream should hold a `StreamTarget` for the stream;
108/// the reader should additionally hold an `mpsc::Receiver` to get
109/// relay messages for the stream.
110///
111/// When all the `StreamTarget`s for a stream are dropped, the Reactor will
112/// close the stream by sending an END message to the other side.
113/// You can close a stream earlier by using [`StreamTarget::close`]
114/// or [`StreamTarget::close_pending`].
115#[derive(Clone, Debug)]
116pub(crate) struct StreamTarget {
117    /// Which hop of the circuit this stream is with.
118    pub(crate) hop: Option<HopLocation>,
119    /// Reactor ID for this stream.
120    pub(crate) stream_id: StreamId,
121    /// Encoding to use for relay cells sent on this stream.
122    ///
123    /// This is mostly irrelevant, except when deciding
124    /// how many bytes we can pack in a DATA message.
125    pub(crate) relay_cell_format: RelayCellFormat,
126    /// A [`Stream`](futures::Stream) that provides updates to the rate limit for sending data.
127    // TODO(arti#2068): we should consider making this an `Option`
128    pub(crate) rate_limit_stream: watch::Receiver<StreamRateLimit>,
129    /// Channel to send cells down.
130    pub(crate) tx: StreamMpscSender<AnyRelayMsg>,
131    /// Reference to the tunnel that this stream is on.
132    pub(crate) tunnel: Tunnel,
133}
134
135/// A client or relay tunnel.
136#[derive(Debug, Clone, derive_more::From)]
137pub(crate) enum Tunnel {
138    /// A client tunnel.
139    Client(Arc<ClientTunnel>),
140    /// A relay tunnel.
141    #[cfg(feature = "relay")]
142    Relay(Arc<crate::relay::RelayCirc>),
143}
144
145impl StreamTarget {
146    /// Deliver a relay message for the stream that owns this StreamTarget.
147    ///
148    /// The StreamTarget will set the correct stream ID and pick the
149    /// right hop, but will not validate that the message is well-formed
150    /// or meaningful in context.
151    pub(crate) async fn send(&mut self, msg: AnyRelayMsg) -> Result<()> {
152        self.tx.send(msg).await.map_err(|_| Error::CircuitClosed)?;
153        Ok(())
154    }
155
156    /// Close the pending stream that owns this StreamTarget, delivering the specified
157    /// END message (if any)
158    ///
159    /// The stream is closed by sending a control message (`CtrlMsg::ClosePendingStream`)
160    /// to the reactor.
161    ///
162    /// Returns a [`oneshot::Receiver`] that can be used to await the reactor's response.
163    ///
164    /// The StreamTarget will set the correct stream ID and pick the
165    /// right hop, but will not validate that the message is well-formed
166    /// or meaningful in context.
167    ///
168    /// Note that in many cases, the actual contents of an END message can leak unwanted
169    /// information. Please consider carefully before sending anything but an
170    /// [`End::new_misc()`](tor_cell::relaycell::msg::End::new_misc) message over a `ClientTunnel`.
171    /// (For onion services, we send [`DONE`](tor_cell::relaycell::msg::EndReason::DONE) )
172    ///
173    /// In addition to sending the END message, this function also ensures
174    /// the state of the stream map entry of this stream is updated
175    /// accordingly.
176    ///
177    /// Normally, you shouldn't need to call this function, as streams are implicitly closed by the
178    /// reactor when their corresponding `StreamTarget` is dropped. The only valid use of this
179    /// function is for closing pending incoming streams (a stream is said to be pending if we have
180    /// received the message initiating the stream but have not responded to it yet).
181    ///
182    /// **NOTE**: This function should be called at most once per request.
183    /// Calling it twice is an error.
184    #[cfg(any(feature = "hs-service", feature = "relay"))]
185    pub(crate) fn close_pending(
186        &self,
187        message: crate::stream::CloseStreamBehavior,
188    ) -> Result<oneshot::Receiver<Result<()>>> {
189        match &self.tunnel {
190            Tunnel::Client(t) => {
191                cfg_if::cfg_if! {
192                    if #[cfg(feature = "hs-service")] {
193                        t.close_pending(self.stream_id, self.hop, message)
194                    } else {
195                        Err(tor_error::internal!("close_pending() called on client stream?!").into())
196                    }
197                }
198            }
199            #[cfg(feature = "relay")]
200            Tunnel::Relay(t) => t.close_pending(self.stream_id, message),
201        }
202    }
203
204    /// Queue a "close" for the stream corresponding to this StreamTarget.
205    ///
206    /// Unlike `close_pending`, this method does not allow the caller to provide an `END` message.
207    ///
208    /// Once this method has been called, no more messages may be sent with [`StreamTarget::send`],
209    /// on this `StreamTarget`` or any clone of it.
210    /// The reactor *will* try to flush any already-send messages before it closes the stream.
211    ///
212    /// You don't need to call this method if the stream is closing because all of its StreamTargets
213    /// have been dropped.
214    pub(crate) fn close(&mut self) {
215        Pin::new(&mut self.tx).close_channel();
216    }
217
218    /// Called when a circuit-level protocol error has occurred and the
219    /// tunnel needs to shut down.
220    pub(crate) fn protocol_error(&mut self) {
221        match &self.tunnel {
222            Tunnel::Client(t) => t.terminate(),
223            #[cfg(feature = "relay")]
224            Tunnel::Relay(t) => t.terminate(),
225        }
226    }
227
228    /// Request to send a SENDME cell for this stream.
229    ///
230    /// This sends a request to the circuit reactor to send a stream-level SENDME, but it does not
231    /// block or wait for a response from the circuit reactor.
232    /// An error is only returned if we are unable to send the request.
233    /// This means that if the circuit reactor is unable to send the SENDME, we are not notified of
234    /// this here and an error will not be returned.
235    pub(crate) fn send_sendme(&mut self) -> Result<()> {
236        match &self.tunnel {
237            Tunnel::Client(t) => t.send_sendme(self.stream_id, self.hop),
238            #[cfg(feature = "relay")]
239            Tunnel::Relay(t) => t.send_sendme(self.stream_id),
240        }
241    }
242
243    /// Inform the circuit reactor that there has been a change in the drain rate for this stream.
244    ///
245    /// Typically the circuit reactor would send this new rate in an XON message to the other end of
246    /// the stream.
247    /// But it may decide not to, and may discard this update.
248    /// For example the stream may have a large amount of buffered data, and the reactor may not
249    /// want to send an XON while the buffer is large.
250    ///
251    /// This sends a message to inform the circuit reactor of the new drain rate,
252    /// but it does not block or wait for a response from the reactor.
253    /// An error is only returned if we are unable to send the update.
254    pub(crate) fn drain_rate_update(&mut self, rate: XonKbpsEwma) -> Result<()> {
255        match &mut self.tunnel {
256            Tunnel::Client(t) => t.drain_rate_update(self.stream_id, self.hop, rate),
257            #[cfg(feature = "relay")]
258            Tunnel::Relay(t) => t.drain_rate_update(self.stream_id, rate),
259        }
260    }
261
262    /// Return a reference to the tunnel that this `StreamTarget` is using.
263    #[cfg(any(feature = "experimental-api", feature = "stream-ctrl"))]
264    pub(crate) fn tunnel(&self) -> &Tunnel {
265        &self.tunnel
266    }
267
268    /// Return the kind of relay cell in use on this `StreamTarget`.
269    pub(crate) fn relay_cell_format(&self) -> RelayCellFormat {
270        self.relay_cell_format
271    }
272
273    /// A [`Stream`](futures::Stream) that provides updates to the rate limit for sending data.
274    pub(crate) fn rate_limit_stream(&self) -> &watch::Receiver<StreamRateLimit> {
275        &self.rate_limit_stream
276    }
277}
278
279/// Return the stream ID of `msg`, if it has one.
280///
281/// Returns `Ok(None)` if `msg` is a meta cell.
282pub(crate) fn msg_streamid(msg: &UnparsedRelayMsg) -> Result<Option<StreamId>> {
283    let cmd = msg.cmd();
284    let streamid = msg.stream_id();
285    if !cmd.accepts_streamid_val(streamid) {
286        return Err(Error::CircProto(format!(
287            "Invalid stream ID {} for relay command {}",
288            sensitive(StreamId::get_or_zero(streamid)),
289            msg.cmd()
290        )));
291    }
292
293    Ok(streamid)
294}