search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Raise the minimum bandwidth to be a relay from 20000 bytes to 20480
[tor/rransom.git] / src / or / dirserv.c
blob9fc30154e342986c0ec439af85c8d1c2dda385f6
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2008, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define DIRSERV_PRIVATE
7 #include "or.h"
8
9 /**
10 * \file dirserv.c
11 * \brief Directory server core implementation. Manages directory
12 * contents and generates directories.
13 */
14
15 /** How far in the future do we allow a router to get? (seconds) */
16 #define ROUTER_ALLOW_SKEW (60*60*12)
17 /** How many seconds do we wait before regenerating the directory? */
18 #define DIR_REGEN_SLACK_TIME 30
19 /** If we're a cache, keep this many networkstatuses around from non-trusted
20 * directory authorities. */
21 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
22
23 /** If a v1 directory is older than this, discard it. */
24 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
25 /** If a v1 running-routers is older than this, discard it. */
26 #define MAX_V1_RR_AGE (7*24*60*60)
27
28 extern time_t time_of_process_start; /* from main.c */
29
30 /** Do we need to regenerate the v1 directory when someone asks for it? */
31 static time_t the_directory_is_dirty = 1;
32 /** Do we need to regenerate the v1 runningrouters document when somebody
33 * asks for it? */
34 static time_t runningrouters_is_dirty = 1;
35 /** Do we need to regenerate our v2 networkstatus document when somebody asks
36 * for it? */
37 static time_t the_v2_networkstatus_is_dirty = 1;
38
39 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
40 * only.) */
41 static cached_dir_t *the_directory = NULL;
42
43 /** For authoritative directories: the current (v1) network status. */
44 static cached_dir_t the_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
45
46 static void directory_remove_invalid(void);
47 static cached_dir_t *dirserv_regenerate_directory(void);
48 static char *format_versions_list(config_line_t *ln);
49 struct authdir_config_t;
50 static int add_fingerprint_to_dir(const char *nickname, const char *fp,
51 struct authdir_config_t *list);
52 static uint32_t dirserv_router_get_status(const routerinfo_t *router,
53 const char **msg);
54 static uint32_t
55 dirserv_get_status_impl(const char *fp, const char *nickname,
56 const char *address,
57 uint32_t addr, uint16_t or_port,
58 const char *platform, const char *contact,
59 const char **msg, int should_log);
60 static void clear_cached_dir(cached_dir_t *d);
61 static signed_descriptor_t *get_signed_descriptor_by_fp(const char *fp,
62 int extrainfo,
63 time_t publish_cutoff);
64 static int dirserv_add_extrainfo(extrainfo_t *ei, const char **msg);
65
66 /************** Fingerprint handling code ************/
67
68 #define FP_NAMED 1 /**< Listed in fingerprint file. */
69 #define FP_INVALID 2 /**< Believed invalid. */
70 #define FP_REJECT 4 /**< We will not publish this router. */
71 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
72 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
73 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
74
75 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
76 * map. */
77 typedef struct router_status_t {
78 char nickname[MAX_NICKNAME_LEN+1];
79 uint32_t status;
80 } router_status_t;
81
82 /** List of nickname-\>identity fingerprint mappings for all the routers
83 * that we name. Used to prevent router impersonation. */
84 typedef struct authdir_config_t {
85 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
86 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
87 } authdir_config_t;
88
89 /** Should be static; exposed for testing. */
90 static authdir_config_t *fingerprint_list = NULL;
91
92 /** Allocate and return a new, empty, authdir_config_t. */
93 static authdir_config_t *
94 authdir_config_new(void)
95 {
96 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
97 list->fp_by_name = strmap_new();
98 list->status_by_digest = digestmap_new();
99 return list;
100 }
101
102 /** Add the fingerprint <b>fp</b> for the nickname <b>nickname</b> to
103 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
104 * new, or 1 if we replaced the old value.
105 */
106 /* static */ int
107 add_fingerprint_to_dir(const char *nickname, const char *fp,
108 authdir_config_t *list)
109 {
110 char *fingerprint;
111 char d[DIGEST_LEN];
112 router_status_t *status;
113 tor_assert(nickname);
114 tor_assert(fp);
115 tor_assert(list);
116
117 fingerprint = tor_strdup(fp);
118 tor_strstrip(fingerprint, " ");
119 if (base16_decode(d, DIGEST_LEN, fingerprint, strlen(fingerprint))) {
120 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
121 escaped(fp));
122 tor_free(fingerprint);
123 return 0;
124 }
125
126 if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
127 log_warn(LD_DIRSERV, "Tried to add a mapping for reserved nickname %s",
128 UNNAMED_ROUTER_NICKNAME);
129 tor_free(fingerprint);
130 return 0;
131 }
132
133 status = digestmap_get(list->status_by_digest, d);
134 if (!status) {
135 status = tor_malloc_zero(sizeof(router_status_t));
136 digestmap_set(list->status_by_digest, d, status);
137 }
138
139 if (nickname[0] != '!') {
140 char *old_fp = strmap_get_lc(list->fp_by_name, nickname);
141 if (old_fp && !strcasecmp(fingerprint, old_fp)) {
142 tor_free(fingerprint);
143 } else {
144 tor_free(old_fp);
145 strmap_set_lc(list->fp_by_name, nickname, fingerprint);
146 }
147 status->status |= FP_NAMED;
148 strlcpy(status->nickname, nickname, sizeof(status->nickname));
149 } else {
150 tor_free(fingerprint);
151 if (!strcasecmp(nickname, "!reject")) {
152 status->status |= FP_REJECT;
153 } else if (!strcasecmp(nickname, "!invalid")) {
154 status->status |= FP_INVALID;
155 } else if (!strcasecmp(nickname, "!baddir")) {
156 status->status |= FP_BADDIR;
157 } else if (!strcasecmp(nickname, "!badexit")) {
158 status->status |= FP_BADEXIT;
159 }
160 }
161 return 0;
162 }
163
164 /** Add the nickname and fingerprint for this OR to the
165 * global list of recognized identity key fingerprints. */
166 int
167 dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk)
168 {
169 char fp[FINGERPRINT_LEN+1];
170 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
171 log_err(LD_BUG, "Error computing fingerprint");
172 return -1;
173 }
174 if (!fingerprint_list)
175 fingerprint_list = authdir_config_new();
176 add_fingerprint_to_dir(nickname, fp, fingerprint_list);
177 return 0;
178 }
179
180 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
181 * file. The file format is line-based, with each non-blank holding one
182 * nickname, some space, and a fingerprint for that nickname. On success,
183 * replace the current fingerprint list with the new list and return 0. On
184 * failure, leave the current fingerprint list untouched, and
185 * return -1. */
186 int
187 dirserv_load_fingerprint_file(void)
188 {
189 char *fname;
190 char *cf;
191 char *nickname, *fingerprint;
192 authdir_config_t *fingerprint_list_new;
193 int result;
194 config_line_t *front=NULL, *list;
195 or_options_t *options = get_options();
196
197 fname = get_datadir_fname("approved-routers");
198 log_info(LD_GENERAL,
199 "Reloading approved fingerprints from \"%s\"...", fname);
200
201 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
202 if (!cf) {
203 if (options->NamingAuthoritativeDir) {
204 log_warn(LD_FS, "Cannot open fingerprint file '%s'. Failing.", fname);
205 tor_free(fname);
206 return -1;
207 } else {
208 log_info(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
209 tor_free(fname);
210 return 0;
211 }
212 }
213 tor_free(fname);
214
215 result = config_get_lines(cf, &front);
216 tor_free(cf);
217 if (result < 0) {
218 log_warn(LD_CONFIG, "Error reading from fingerprint file");
219 return -1;
220 }
221
222 fingerprint_list_new = authdir_config_new();
223
224 for (list=front; list; list=list->next) {
225 char digest_tmp[DIGEST_LEN];
226 nickname = list->key; fingerprint = list->value;
227 if (strlen(nickname) > MAX_NICKNAME_LEN) {
228 log_notice(LD_CONFIG,
229 "Nickname '%s' too long in fingerprint file. Skipping.",
230 nickname);
231 continue;
232 }
233 if (!is_legal_nickname(nickname) &&
234 strcasecmp(nickname, "!reject") &&
235 strcasecmp(nickname, "!invalid") &&
236 strcasecmp(nickname, "!badexit")) {
237 log_notice(LD_CONFIG,
238 "Invalid nickname '%s' in fingerprint file. Skipping.",
239 nickname);
240 continue;
241 }
242 tor_strstrip(fingerprint, " "); /* remove spaces */
243 if (strlen(fingerprint) != HEX_DIGEST_LEN ||
244 base16_decode(digest_tmp, sizeof(digest_tmp),
245 fingerprint, HEX_DIGEST_LEN) < 0) {
246 log_notice(LD_CONFIG,
247 "Invalid fingerprint (nickname '%s', "
248 "fingerprint %s). Skipping.",
249 nickname, fingerprint);
250 continue;
251 }
252 if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
253 /* If you approved an OR called "client", then clients who use
254 * the default nickname could all be rejected. That's no good. */
255 log_notice(LD_CONFIG,
256 "Authorizing nickname '%s' would break "
257 "many clients; skipping.",
258 DEFAULT_CLIENT_NICKNAME);
259 continue;
260 }
261 if (0==strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
262 /* If you approved an OR called "unnamed", then clients will be
263 * confused. */
264 log_notice(LD_CONFIG,
265 "Authorizing nickname '%s' is not allowed; skipping.",
266 UNNAMED_ROUTER_NICKNAME);
267 continue;
268 }
269 if (add_fingerprint_to_dir(nickname, fingerprint, fingerprint_list_new)
270 != 0)
271 log_notice(LD_CONFIG, "Duplicate nickname '%s'.", nickname);
272 }
273
274 config_free_lines(front);
275 dirserv_free_fingerprint_list();
276 fingerprint_list = fingerprint_list_new;
277 /* Delete any routers whose fingerprints we no longer recognize */
278 directory_remove_invalid();
279 return 0;
280 }
281
282 /** Check whether <b>router</b> has a nickname/identity key combination that
283 * we recognize from the fingerprint list, or an IP we automatically act on
284 * according to our configuration. Return the appropriate router status.
285 *
286 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
287 * *<b>msg</b> to an explanation of why. */
288 static uint32_t
289 dirserv_router_get_status(const routerinfo_t *router, const char **msg)
290 {
291 char d[DIGEST_LEN];
292
293 if (crypto_pk_get_digest(router->identity_pkey, d)) {
294 log_warn(LD_BUG,"Error computing fingerprint");
295 if (msg)
296 *msg = "Bug: Error computing fingerprint";
297 return FP_REJECT;
298 }
299
300 return dirserv_get_status_impl(d, router->nickname,
301 router->address,
302 router->addr, router->or_port,
303 router->platform, router->contact_info,
304 msg, 1);
305 }
306
307 /** Return true if there is no point in downloading the router described by
308 * <b>rs</b> because this directory would reject it. */
309 int
310 dirserv_would_reject_router(routerstatus_t *rs)
311 {
312 uint32_t res;
313
314 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
315 "", /* address is only used in logs */
316 rs->addr, rs->or_port,
317 NULL, NULL,
318 NULL, 0);
319
320 return (res & FP_REJECT) != 0;
321 }
322
323 /** Helper: Based only on the ID/Nickname combination,
324 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
325 */
326 static uint32_t
327 dirserv_get_name_status(const char *id_digest, const char *nickname)
328 {
329 char fp[HEX_DIGEST_LEN+1];
330 char *fp_by_name;
331
332 base16_encode(fp, sizeof(fp), id_digest, DIGEST_LEN);
333
334 if ((fp_by_name =
335 strmap_get_lc(fingerprint_list->fp_by_name, nickname))) {
336 if (!strcasecmp(fp, fp_by_name)) {
337 return FP_NAMED;
338 } else {
339 return FP_UNNAMED; /* Wrong fingerprint. */
340 }
341 }
342 return 0;
343 }
344
345 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
346 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
347 * port, platform (logging only) and contact info (logging only) as arguments.
348 *
349 * If should_log is false, do not log messages. (There's not much point in
350 * logging that we're rejecting servers we'll not download.)
351 */
352 static uint32_t
353 dirserv_get_status_impl(const char *id_digest, const char *nickname,
354 const char *address,
355 uint32_t addr, uint16_t or_port,
356 const char *platform, const char *contact,
357 const char **msg, int should_log)
358 {
359 int reject_unlisted = get_options()->AuthDirRejectUnlisted;
360 uint32_t result = 0;
361 router_status_t *status_by_digest;
362
363 if (!fingerprint_list)
364 fingerprint_list = authdir_config_new();
365
366 if (should_log)
367 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
368 strmap_size(fingerprint_list->fp_by_name),
369 digestmap_size(fingerprint_list->status_by_digest));
370
371 /* 0.1.1.17-rc was the first version that claimed to be stable, doesn't
372 * crash and drop circuits all the time, and is even vaguely compatible with
373 * the current network */
374 if (platform && !tor_version_as_new_as(platform,"0.1.1.17-rc")) {
375 if (msg)
376 *msg = "Tor version is far too old to work.";
377 return FP_REJECT;
378 }
379
380 result = dirserv_get_name_status(id_digest, nickname);
381 if (result & FP_NAMED) {
382 if (should_log)
383 log_debug(LD_DIRSERV,"Good fingerprint for '%s'",nickname);
384 }
385 if (result & FP_UNNAMED) {
386 if (should_log) {
387 char *esc_contact = esc_for_log(contact);
388 log_info(LD_DIRSERV,
389 "Mismatched fingerprint for '%s'. "
390 "ContactInfo '%s', platform '%s'.)",
391 nickname,
392 esc_contact,
393 platform ? escaped(platform) : "");
394 tor_free(esc_contact);
395 }
396 if (msg)
397 *msg = "Rejected: There is already a named server with this nickname "
398 "and a different fingerprint.";
399 }
400
401 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
402 id_digest);
403 if (status_by_digest)
404 result |= (status_by_digest->status & ~FP_NAMED);
405
406 if (result & FP_REJECT) {
407 if (msg)
408 *msg = "Fingerprint is marked rejected";
409 return FP_REJECT;
410 } else if (result & FP_INVALID) {
411 if (msg)
412 *msg = "Fingerprint is marked invalid";
413 }
414
415 if (authdir_policy_baddir_address(addr, or_port)) {
416 if (should_log)
417 log_info(LD_DIRSERV,
418 "Marking '%s' as bad directory because of address '%s'",
419 nickname, address);
420 result |= FP_BADDIR;
421 }
422
423 if (authdir_policy_badexit_address(addr, or_port)) {
424 if (should_log)
425 log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
426 nickname, address);
427 result |= FP_BADEXIT;
428 }
429
430 if (!(result & FP_NAMED)) {
431 if (!authdir_policy_permits_address(addr, or_port)) {
432 if (should_log)
433 log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
434 nickname, address);
435 if (msg)
436 *msg = "Authdir is rejecting routers in this range.";
437 return FP_REJECT;
438 }
439 if (!authdir_policy_valid_address(addr, or_port)) {
440 if (should_log)
441 log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
442 nickname, address);
443 result |= FP_INVALID;
444 }
445 if (reject_unlisted) {
446 if (msg)
447 *msg = "Authdir rejects unknown routers.";
448 return FP_REJECT;
449 }
450 }
451
452 return result;
453 }
454
455 /** If we are an authoritative dirserver, and the list of approved
456 * servers contains one whose identity key digest is <b>digest</b>,
457 * return that router's nickname. Otherwise return NULL. */
458 const char *
459 dirserv_get_nickname_by_digest(const char *digest)
460 {
461 router_status_t *status;
462 if (!fingerprint_list)
463 return NULL;
464 tor_assert(digest);
465
466 status = digestmap_get(fingerprint_list->status_by_digest, digest);
467 return status ? status->nickname : NULL;
468 }
469
470 /** Clear the current fingerprint list. */
471 void
472 dirserv_free_fingerprint_list(void)
473 {
474 if (!fingerprint_list)
475 return;
476
477 strmap_free(fingerprint_list->fp_by_name, _tor_free);
478 digestmap_free(fingerprint_list->status_by_digest, _tor_free);
479 tor_free(fingerprint_list);
480 }
481
482 /*
483 * Descriptor list
484 */
485
486 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
487 * unless we're configured to not care. Return 0 if all ok. */
488 static int
489 dirserv_router_has_valid_address(routerinfo_t *ri)
490 {
491 struct in_addr iaddr;
492 if (get_options()->DirAllowPrivateAddresses)
493 return 0; /* whatever it is, we're fine with it */
494 if (!tor_inet_aton(ri->address, &iaddr)) {
495 log_info(LD_DIRSERV,"Router '%s' published non-IP address '%s'. Refusing.",
496 ri->nickname, ri->address);
497 return -1;
498 }
499 if (is_internal_IP(ntohl(iaddr.s_addr), 0)) {
500 log_info(LD_DIRSERV,
501 "Router '%s' published internal IP address '%s'. Refusing.",
502 ri->nickname, ri->address);
503 return -1; /* it's a private IP, we should reject it */
504 }
505 return 0;
506 }
507
508 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
509 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
510 *
511 * If the router is rejected, set *<b>msg</b> to an explanation of why.
512 *
513 * If <b>complain</b> then explain at log-level 'notice' why we refused
514 * a descriptor; else explain at log-level 'info'.
515 */
516 int
517 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
518 int complain)
519 {
520 /* Okay. Now check whether the fingerprint is recognized. */
521 uint32_t status = dirserv_router_get_status(ri, msg);
522 time_t now;
523 int severity = complain ? LOG_NOTICE : LOG_INFO;
524 tor_assert(msg);
525 if (status & FP_REJECT)
526 return -1; /* msg is already set. */
527
528 /* Is there too much clock skew? */
529 now = time(NULL);
530 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
531 log_fn(severity, LD_DIRSERV, "Publication time for nickname '%s' is too "
532 "far (%d minutes) in the future; possible clock skew. Not adding "
533 "(%s)",
534 ri->nickname, (int)((ri->cache_info.published_on-now)/60),
535 esc_router_info(ri));
536 *msg = "Rejected: Your clock is set too far in the future, or your "
537 "timezone is not correct.";
538 return -1;
539 }
540 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
541 log_fn(severity, LD_DIRSERV,
542 "Publication time for router with nickname '%s' is too far "
543 "(%d minutes) in the past. Not adding (%s)",
544 ri->nickname, (int)((now-ri->cache_info.published_on)/60),
545 esc_router_info(ri));
546 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
547 " or your timezone is not correct.";
548 return -1;
549 }
550 if (dirserv_router_has_valid_address(ri) < 0) {
551 log_fn(severity, LD_DIRSERV,
552 "Router with nickname '%s' has invalid address '%s'. "
553 "Not adding (%s).",
554 ri->nickname, ri->address,
555 esc_router_info(ri));
556 *msg = "Rejected: Address is not an IP, or IP is a private address.";
557 return -1;
558 }
559 /* Okay, looks like we're willing to accept this one. */
560 ri->is_named = (status & FP_NAMED) ? 1 : 0;
561 ri->is_valid = (status & FP_INVALID) ? 0 : 1;
562 ri->is_bad_directory = (status & FP_BADDIR) ? 1 : 0;
563 ri->is_bad_exit = (status & FP_BADEXIT) ? 1 : 0;
564
565 return 0;
566 }
567
568 /** True iff <b>a</b> is more severe than <b>b</b>. */
569 static int
570 WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
571 {
572 return a < b;
573 }
574
575 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
576 * returns the most severe error that occurred for any one of them. */
577 was_router_added_t
578 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
579 const char *source,
580 const char **msg)
581 {
582 was_router_added_t r, r_tmp;
583 const char *msg_out;
584 smartlist_t *list;
585 const char *s;
586 int n_parsed = 0;
587 time_t now = time(NULL);
588 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
589 char time_buf[ISO_TIME_LEN+1];
590 int general = purpose == ROUTER_PURPOSE_GENERAL;
591 tor_assert(msg);
592
593 r=ROUTER_ADDED_SUCCESSFULLY; /*Least severe return value. */
594
595 format_iso_time(time_buf, now);
596 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
597 "@uploaded-at %s\n"
598 "@source %s\n"
599 "%s%s%s", time_buf, escaped(source),
600 !general ? "@purpose " : "",
601 !general ? router_purpose_to_string(purpose) : "",
602 !general ? "\n" : "")<0) {
603 *msg = "Couldn't format annotations";
604 return -1;
605 }
606
607 s = desc;
608 list = smartlist_create();
609 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
610 annotation_buf)) {
611 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
612 msg_out = NULL;
613 tor_assert(ri->purpose == purpose);
614 r_tmp = dirserv_add_descriptor(ri, &msg_out, source);
615 if (WRA_MORE_SEVERE(r_tmp, r)) {
616 r = r_tmp;
617 *msg = msg_out;
618 }
619 });
620 }
621 n_parsed += smartlist_len(list);
622 smartlist_clear(list);
623
624 s = desc;
625 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
626 NULL)) {
627 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
628 msg_out = NULL;
629
630 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
631 if (WRA_MORE_SEVERE(r_tmp, r)) {
632 r = r_tmp;
633 *msg = msg_out;
634 }
635 });
636 }
637 n_parsed += smartlist_len(list);
638 smartlist_free(list);
639
640 if (! *msg) {
641 if (!n_parsed) {
642 *msg = "No descriptors found in your POST.";
643 if (WRA_WAS_ADDED(r))
644 r = ROUTER_WAS_NOT_NEW;
645 } else {
646 *msg = "(no message)";
647 }
648 }
649
650 return r;
651 }
652
653 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
654 * the list of server descriptors. Set *<b>msg</b> to a message that should be
655 * passed back to the origin of this descriptor. Use <b>source</b> to produce
656 * better log messages.
657 *
658 * Return the status of the operation
659 *
660 * This function is only called when fresh descriptors are posted, not when
661 * we re-load the cache.
662 */
663 was_router_added_t
664 dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
665 {
666 was_router_added_t r;
667 routerinfo_t *ri_old;
668 char *desc, *nickname;
669 size_t desclen = 0;
670
671 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
672 * network and it'll clog everything up. */
673 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
674 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor '%s'"
675 " (source: %s) with size %d. Either this is an attack, or the "
676 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
677 ri->nickname, source, (int)ri->cache_info.signed_descriptor_len,
678 MAX_DESCRIPTOR_UPLOAD_SIZE);
679 *msg = "Router descriptor was too large";
680 control_event_or_authdir_new_descriptor("REJECTED",
681 ri->cache_info.signed_descriptor_body,
682 ri->cache_info.signed_descriptor_len, *msg);
683 routerinfo_free(ri);
684 return ROUTER_AUTHDIR_REJECTS;
685 }
686
687 /* Check whether this descriptor is semantically identical to the last one
688 * from this server. (We do this here and not in router_add_to_routerlist
689 * because we want to be able to accept the newest router descriptor that
690 * another authority has, so we all converge on the same one.) */
691 ri_old = router_get_by_digest(ri->cache_info.identity_digest);
692 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
693 && router_differences_are_cosmetic(ri_old, ri)
694 && !router_is_me(ri)) {
695 log_info(LD_DIRSERV,
696 "Not replacing descriptor from '%s' (source: %s); "
697 "differences are cosmetic.",
698 ri->nickname, source);
699 *msg = "Not replacing router descriptor; no information has changed since "
700 "the last one with this identity.";
701 control_event_or_authdir_new_descriptor("DROPPED",
702 ri->cache_info.signed_descriptor_body,
703 ri->cache_info.signed_descriptor_len, *msg);
704 routerinfo_free(ri);
705 return ROUTER_WAS_NOT_NEW;
706 }
707
708 /* Make a copy of desc, since router_add_to_routerlist might free
709 * ri and its associated signed_descriptor_t. */
710 desclen = ri->cache_info.signed_descriptor_len;
711 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
712 nickname = tor_strdup(ri->nickname);
713
714 r = router_add_to_routerlist(ri, msg, 0, 0);
715 if (!WRA_WAS_ADDED(r)) {
716 /* unless the routerinfo was fine, just out-of-date */
717 if (WRA_WAS_REJECTED(r))
718 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
719 log_info(LD_DIRSERV,
720 "Did not add descriptor from '%s' (source: %s): %s.",
721 nickname, source, *msg);
722 } else {
723 smartlist_t *changed;
724 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
725
726 changed = smartlist_create();
727 smartlist_add(changed, ri);
728 control_event_descriptors_changed(changed);
729 smartlist_free(changed);
730 if (!*msg) {
731 *msg = ri->is_valid ? "Descriptor for valid server accepted" :
732 "Descriptor for invalid server accepted";
733 }
734 log_info(LD_DIRSERV,
735 "Added descriptor from '%s' (source: %s): %s.",
736 nickname, source, *msg);
737 }
738 tor_free(desc);
739 tor_free(nickname);
740 return r;
741 }
742
743 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
744 static was_router_added_t
745 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
746 {
747 routerinfo_t *ri;
748 int r;
749 tor_assert(msg);
750 *msg = NULL;
751
752 ri = router_get_by_digest(ei->cache_info.identity_digest);
753 if (!ri) {
754 *msg = "No corresponding router descriptor for extra-info descriptor";
755 extrainfo_free(ei);
756 return ROUTER_BAD_EI;
757 }
758
759 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
760 * network and it'll clog everything up. */
761 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
762 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
763 "with size %d. Either this is an attack, or the "
764 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
765 (int)ei->cache_info.signed_descriptor_len,
766 MAX_EXTRAINFO_UPLOAD_SIZE);
767 *msg = "Extrainfo document was too large";
768 extrainfo_free(ei);
769 return ROUTER_BAD_EI;
770 }
771
772 if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) {
773 extrainfo_free(ei);
774 return r < 0 ? ROUTER_WAS_NOT_NEW : ROUTER_BAD_EI;
775 }
776 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
777 return ROUTER_ADDED_SUCCESSFULLY;
778 }
779
780 /** Remove all descriptors whose nicknames or fingerprints no longer
781 * are allowed by our fingerprint list. (Descriptors that used to be
782 * good can become bad when we reload the fingerprint list.)
783 */
784 static void
785 directory_remove_invalid(void)
786 {
787 int i;
788 int changed = 0;
789 routerlist_t *rl = router_get_routerlist();
790
791 routerlist_assert_ok(rl);
792
793 for (i = 0; i < smartlist_len(rl->routers); ++i) {
794 const char *msg;
795 routerinfo_t *ent = smartlist_get(rl->routers, i);
796 uint32_t r = dirserv_router_get_status(ent, &msg);
797 if (r & FP_REJECT) {
798 log_info(LD_DIRSERV, "Router '%s' is now rejected: %s",
799 ent->nickname, msg?msg:"");
800 routerlist_remove(rl, ent, 0);
801 i--;
802 changed = 1;
803 continue;
804 }
805 if (bool_neq((r & FP_NAMED), ent->is_named)) {
806 log_info(LD_DIRSERV,
807 "Router '%s' is now %snamed.", ent->nickname,
808 (r&FP_NAMED)?"":"un");
809 ent->is_named = (r&FP_NAMED)?1:0;
810 changed = 1;
811 }
812 if (bool_neq((r & FP_INVALID), !ent->is_valid)) {
813 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", ent->nickname,
814 (r&FP_INVALID) ? "in" : "");
815 ent->is_valid = (r&FP_INVALID)?0:1;
816 changed = 1;
817 }
818 if (bool_neq((r & FP_BADDIR), ent->is_bad_directory)) {
819 log_info(LD_DIRSERV, "Router '%s' is now a %s directory", ent->nickname,
820 (r & FP_BADDIR) ? "bad" : "good");
821 ent->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
822 changed = 1;
823 }
824 if (bool_neq((r & FP_BADEXIT), ent->is_bad_exit)) {
825 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", ent->nickname,
826 (r & FP_BADEXIT) ? "bad" : "good");
827 ent->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
828 changed = 1;
829 }
830 }
831 if (changed)
832 directory_set_dirty();
833
834 routerlist_assert_ok(rl);
835 }
836
837 /** Write a list of unregistered descriptors into a newly allocated
838 * string and return it. Used by dirserv operators to keep track of
839 * fast nodes that haven't registered.
840 */
841 int
842 getinfo_helper_dirserv_unregistered(control_connection_t *control_conn,
843 const char *question, char **answer_out)
844 {
845 smartlist_t *answerlist;
846 char buf[1024];
847 char *answer;
848 int min_bw = atoi(question);
849 routerlist_t *rl = router_get_routerlist();
850
851 (void) control_conn;
852
853 if (strcmpstart(question, "unregistered-servers-"))
854 return 0;
855 question += strlen("unregistered-servers-");
856
857 answerlist = smartlist_create();
858 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ent, {
859 uint32_t r = dirserv_router_get_status(ent, NULL);
860 if (router_get_advertised_bandwidth(ent) >= (size_t)min_bw &&
861 !(r & FP_NAMED)) {
862 /* then log this one */
863 tor_snprintf(buf, sizeof(buf),
864 "%s: BW %d on '%s'.",
865 ent->nickname, router_get_advertised_bandwidth(ent),
866 ent->platform ? ent->platform : "");
867 smartlist_add(answerlist, tor_strdup(buf));
868 }
869 });
870 answer = smartlist_join_strings(answerlist, "\r\n", 0, NULL);
871 SMARTLIST_FOREACH(answerlist, char *, cp, tor_free(cp));
872 smartlist_free(answerlist);
873 *answer_out = answer;
874 return 0;
875 }
876
877 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
878 * directory, we will rebuild it instead of reusing the most recently
879 * generated one.
880 */
881 void
882 directory_set_dirty(void)
883 {
884 time_t now = time(NULL);
885 int set_v1_dirty=0;
886
887 /* Regenerate stubs only every 8 hours.
888 * XXXX It would be nice to generate less often, but these are just
889 * stubs: it doesn't matter. */
890 #define STUB_REGENERATE_INTERVAL (8*60*60)
891 if (!the_directory || !the_runningrouters.dir)
892 set_v1_dirty = 1;
893 else if (the_directory->published < now - STUB_REGENERATE_INTERVAL ||
894 the_runningrouters.published < now - STUB_REGENERATE_INTERVAL)
895 set_v1_dirty = 1;
896
897 if (set_v1_dirty) {
898 if (!the_directory_is_dirty)
899 the_directory_is_dirty = now;
900 if (!runningrouters_is_dirty)
901 runningrouters_is_dirty = now;
902 }
903 if (!the_v2_networkstatus_is_dirty)
904 the_v2_networkstatus_is_dirty = now;
905 }
906
907 /**
908 * Allocate and return a description of the status of the server <b>desc</b>,
909 * for use in a v1-style router-status line. The server is listed
910 * as running iff <b>is_live</b> is true.
911 */
912 static char *
913 list_single_server_status(routerinfo_t *desc, int is_live)
914 {
915 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
916 char *cp;
917
918 tor_assert(desc);
919
920 cp = buf;
921 if (!is_live) {
922 *cp++ = '!';
923 }
924 if (desc->is_valid) {
925 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
926 cp += strlen(cp);
927 *cp++ = '=';
928 }
929 *cp++ = '$';
930 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
931 DIGEST_LEN);
932 return tor_strdup(buf);
933 }
934
935 /** Each server needs to have passed a reachability test no more
936 * than this number of seconds ago, or he is listed as down in
937 * the directory. */
938 #define REACHABLE_TIMEOUT (45*60)
939
940 /** Treat a router as alive if
941 * - It's me, and I'm not hibernating.
942 * or - We've found it reachable recently. */
943 void
944 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
945 {
946 int answer;
947
948 if (router_is_me(router) && !we_are_hibernating())
949 answer = 1;
950 else
951 answer = get_options()->AssumeReachable ||
952 now < router->last_reachable + REACHABLE_TIMEOUT;
953
954 if (router->is_running && !answer) {
955 /* it was running but now it's not. tell rephist. */
956 rep_hist_note_router_unreachable(router->cache_info.identity_digest, now);
957 }
958
959 router->is_running = answer;
960 }
961
962 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
963 * contents of a v1-style router-status line, and store it in
964 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
965 *
966 * If for_controller is true, include the routers with very old descriptors.
967 * If for_controller is &gt;1, use the verbose nickname format.
968 */
969 int
970 list_server_status_v1(smartlist_t *routers, char **router_status_out,
971 int for_controller)
972 {
973 /* List of entries in a router-status style: An optional !, then an optional
974 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
975 smartlist_t *rs_entries;
976 time_t now = time(NULL);
977 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
978 or_options_t *options = get_options();
979 /* We include v2 dir auths here too, because they need to answer
980 * controllers. Eventually we'll deprecate this whole function;
981 * see also networkstatus_getinfo_by_purpose(). */
982 int authdir = authdir_mode_publishes_statuses(options);
983 tor_assert(router_status_out);
984
985 rs_entries = smartlist_create();
986
987 SMARTLIST_FOREACH(routers, routerinfo_t *, ri,
988 {
989 if (authdir) {
990 /* Update router status in routerinfo_t. */
991 dirserv_set_router_is_running(ri, now);
992 }
993 if (for_controller == 1 || ri->cache_info.published_on >= cutoff)
994 smartlist_add(rs_entries, list_single_server_status(ri, ri->is_running));
995 else if (for_controller > 2) {
996 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
997 char *cp = name_buf;
998 if (!ri->is_running)
999 *cp++ = '!';
1000 router_get_verbose_nickname(cp, ri);
1001 smartlist_add(rs_entries, tor_strdup(name_buf));
1002 }
1003 });
1004
1005 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
1006
1007 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
1008 smartlist_free(rs_entries);
1009
1010 return 0;
1011 }
1012
1013 /** Given a (possibly empty) list of config_line_t, each line of which contains
1014 * a list of comma-separated version numbers surrounded by optional space,
1015 * allocate and return a new string containing the version numbers, in order,
1016 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1017 */
1018 static char *
1019 format_versions_list(config_line_t *ln)
1020 {
1021 smartlist_t *versions;
1022 char *result;
1023 versions = smartlist_create();
1024 for ( ; ln; ln = ln->next) {
1025 smartlist_split_string(versions, ln->value, ",",
1026 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1027 }
1028 sort_version_list(versions, 1);
1029 result = smartlist_join_strings(versions,",",0,NULL);
1030 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1031 smartlist_free(versions);
1032 return result;
1033 }
1034
1035 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1036 * not hibernating, and not too old. Else return 0.
1037 */
1038 static int
1039 router_is_active(routerinfo_t *ri, time_t now)
1040 {
1041 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1042 if (ri->cache_info.published_on < cutoff)
1043 return 0;
1044 if (!ri->is_running || !ri->is_valid || ri->is_hibernating)
1045 return 0;
1046 return 1;
1047 }
1048
1049 /** Generate a new v1 directory and write it into a newly allocated string.
1050 * Point *<b>dir_out</b> to the allocated string. Sign the
1051 * directory with <b>private_key</b>. Return 0 on success, -1 on
1052 * failure. If <b>complete</b> is set, give us all the descriptors;
1053 * otherwise leave out non-running and non-valid ones.
1054 */
1055 int
1056 dirserv_dump_directory_to_string(char **dir_out,
1057 crypto_pk_env_t *private_key)
1058 {
1059 char *cp;
1060 char *identity_pkey; /* Identity key, DER64-encoded. */
1061 char *recommended_versions;
1062 char digest[DIGEST_LEN];
1063 char published[ISO_TIME_LEN+1];
1064 char *buf = NULL;
1065 size_t buf_len;
1066 size_t identity_pkey_len;
1067 time_t now = time(NULL);
1068
1069 tor_assert(dir_out);
1070 *dir_out = NULL;
1071
1072 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1073 &identity_pkey_len)<0) {
1074 log_warn(LD_BUG,"write identity_pkey to string failed!");
1075 return -1;
1076 }
1077
1078 recommended_versions =
1079 format_versions_list(get_options()->RecommendedVersions);
1080
1081 format_iso_time(published, now);
1082
1083 buf_len = 2048+strlen(recommended_versions);
1084
1085 buf = tor_malloc(buf_len);
1086 /* We'll be comparing against buf_len throughout the rest of the
1087 function, though strictly speaking we shouldn't be able to exceed
1088 it. This is C, after all, so we may as well check for buffer
1089 overruns.*/
1090
1091 tor_snprintf(buf, buf_len,
1092 "signed-directory\n"
1093 "published %s\n"
1094 "recommended-software %s\n"
1095 "router-status %s\n"
1096 "dir-signing-key\n%s\n",
1097 published, recommended_versions, "",
1098 identity_pkey);
1099
1100 tor_free(recommended_versions);
1101 tor_free(identity_pkey);
1102
1103 cp = buf + strlen(buf);
1104 *cp = '\0';
1105
1106 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1107 signature. */
1108 if (strlcat(buf, "directory-signature ", buf_len) >= buf_len)
1109 goto truncated;
1110 if (strlcat(buf, get_options()->Nickname, buf_len) >= buf_len)
1111 goto truncated;
1112 if (strlcat(buf, "\n", buf_len) >= buf_len)
1113 goto truncated;
1114
1115 if (router_get_dir_hash(buf,digest)) {
1116 log_warn(LD_BUG,"couldn't compute digest");
1117 tor_free(buf);
1118 return -1;
1119 }
1120 note_crypto_pk_op(SIGN_DIR);
1121 if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
1122 tor_free(buf);
1123 return -1;
1124 }
1125
1126 *dir_out = buf;
1127 return 0;
1128 truncated:
1129 log_warn(LD_BUG,"tried to exceed string length.");
1130 tor_free(buf);
1131 return -1;
1132 }
1133
1134 /********************************************************************/
1135
1136 /* A set of functions to answer questions about how we'd like to behave
1137 * as a directory mirror/client. */
1138
1139 /** Return 1 if we fetch our directory material directly from the
1140 * authorities, rather than from a mirror. */
1141 int
1142 directory_fetches_from_authorities(or_options_t *options)
1143 {
1144 routerinfo_t *me;
1145 uint32_t addr;
1146 if (options->FetchDirInfoEarly)
1147 return 1;
1148 if (options->BridgeRelay == 1)
1149 return 0;
1150 if (server_mode(options) && router_pick_published_address(options, &addr)<0)
1151 return 1; /* we don't know our IP address; ask an authority. */
1152 if (options->DirPort == 0)
1153 return 0;
1154 if (!server_mode(options) || !advertised_server_mode())
1155 return 0;
1156 me = router_get_my_routerinfo();
1157 if (!me || !me->dir_port)
1158 return 0; /* if dirport not advertised, return 0 too */
1159 return 1;
1160 }
1161
1162 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1163 * on the "mirror" schedule rather than the "client" schedule.
1164 */
1165 int
1166 directory_fetches_dir_info_early(or_options_t *options)
1167 {
1168 return directory_fetches_from_authorities(options);
1169 }
1170
1171 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1172 * on a very passive schedule -- waiting long enough for ordinary clients
1173 * to probably have the info we want. These would include bridge users,
1174 * and maybe others in the future e.g. if a Tor client uses another Tor
1175 * client as a directory guard.
1176 */
1177 int
1178 directory_fetches_dir_info_later(or_options_t *options)
1179 {
1180 return options->UseBridges != 0;
1181 }
1182
1183 /** Return 1 if we want to cache v2 dir info (each status file).
1184 */
1185 int
1186 directory_caches_v2_dir_info(or_options_t *options)
1187 {
1188 return options->DirPort != 0;
1189 }
1190
1191 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1192 * and we're willing to serve them to others. Else return 0.
1193 */
1194 int
1195 directory_caches_dir_info(or_options_t *options)
1196 {
1197 return options->BridgeRelay != 0 || options->DirPort != 0;
1198 }
1199
1200 /** Return 1 if we want to allow remote people to ask us directory
1201 * requests via the "begin_dir" interface, which doesn't require
1202 * having any separate port open. */
1203 int
1204 directory_permits_begindir_requests(or_options_t *options)
1205 {
1206 return options->BridgeRelay != 0 || options->DirPort != 0;
1207 }
1208
1209 /** Return 1 if we want to allow controllers to ask us directory
1210 * requests via the controller interface, which doesn't require
1211 * having any separate port open. */
1212 int
1213 directory_permits_controller_requests(or_options_t *options)
1214 {
1215 return options->DirPort != 0;
1216 }
1217
1218 /** Return 1 if we have no need to fetch new descriptors. This generally
1219 * happens when we're not a dir cache and we haven't built any circuits
1220 * lately.
1221 */
1222 int
1223 directory_too_idle_to_fetch_descriptors(or_options_t *options, time_t now)
1224 {
1225 return !directory_caches_dir_info(options) &&
1226 !options->FetchUselessDescriptors &&
1227 rep_hist_circbuilding_dormant(now);
1228 }
1229
1230 /********************************************************************/
1231
1232 /* Used only by non-v1-auth dirservers: The v1 directory and
1233 * runningrouters we'll serve when requested. */
1234
1235 /** The v1 directory we'll serve (as a cache or as an authority) if
1236 * requested. */
1237 static cached_dir_t *cached_directory = NULL;
1238 /** The v1 runningrouters document we'll serve (as a cache or as an authority)
1239 * if requested. */
1240 static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
1241
1242 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1243 * cached_dir_t. */
1244 static digestmap_t *cached_v2_networkstatus = NULL;
1245
1246 /** The v3 consensus network status that we're currently serving. */
1247 static cached_dir_t *cached_v3_networkstatus = NULL;
1248
1249 /** Possibly replace the contents of <b>d</b> with the value of
1250 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1251 * the last value, or too far in the future.
1252 *
1253 * Does not copy <b>directory</b>; frees it if it isn't used.
1254 */
1255 static void
1256 set_cached_dir(cached_dir_t *d, char *directory, time_t when)
1257 {
1258 time_t now = time(NULL);
1259 if (when<=d->published) {
1260 log_info(LD_DIRSERV, "Ignoring old directory; not caching.");
1261 tor_free(directory);
1262 } else if (when>=now+ROUTER_MAX_AGE_TO_PUBLISH) {
1263 log_info(LD_DIRSERV, "Ignoring future directory; not caching.");
1264 tor_free(directory);
1265 } else {
1266 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1267 log_debug(LD_DIRSERV, "Caching directory.");
1268 tor_free(d->dir);
1269 d->dir = directory;
1270 d->dir_len = strlen(directory);
1271 tor_free(d->dir_z);
1272 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1273 ZLIB_METHOD)) {
1274 log_warn(LD_BUG,"Error compressing cached directory");
1275 }
1276 d->published = when;
1277 }
1278 }
1279
1280 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1281 * any references. */
1282 void
1283 cached_dir_decref(cached_dir_t *d)
1284 {
1285 if (!d || --d->refcnt > 0)
1286 return;
1287 clear_cached_dir(d);
1288 tor_free(d);
1289 }
1290
1291 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1292 * published at <b>published</b>. */
1293 cached_dir_t *
1294 new_cached_dir(char *s, time_t published)
1295 {
1296 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1297 d->refcnt = 1;
1298 d->dir = s;
1299 d->dir_len = strlen(s);
1300 d->published = published;
1301 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1302 ZLIB_METHOD)) {
1303 log_warn(LD_BUG, "Error compressing directory");
1304 }
1305 return d;
1306 }
1307
1308 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1309 static void
1310 clear_cached_dir(cached_dir_t *d)
1311 {
1312 tor_free(d->dir);
1313 tor_free(d->dir_z);
1314 memset(d, 0, sizeof(cached_dir_t));
1315 }
1316
1317 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1318 static void
1319 _free_cached_dir(void *_d)
1320 {
1321 cached_dir_t *d = (cached_dir_t *)_d;
1322 cached_dir_decref(d);
1323 }
1324
1325 /** If we have no cached v1 directory, or it is older than <b>published</b>,
1326 * then replace it with <b>directory</b>, published at <b>published</b>.
1327 *
1328 * If <b>published</b> is too old, do nothing.
1329 *
1330 * If <b>is_running_routers</b>, this is really a v1 running_routers
1331 * document rather than a v1 directory.
1332 */
1333 void
1334 dirserv_set_cached_directory(const char *directory, time_t published,
1335 int is_running_routers)
1336 {
1337 time_t now = time(NULL);
1338
1339 if (is_running_routers) {
1340 if (published >= now - MAX_V1_RR_AGE)
1341 set_cached_dir(&cached_runningrouters, tor_strdup(directory), published);
1342 } else {
1343 if (published >= now - MAX_V1_DIRECTORY_AGE) {
1344 cached_dir_decref(cached_directory);
1345 cached_directory = new_cached_dir(tor_strdup(directory), published);
1346 }
1347 }
1348 }
1349
1350 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1351 * network-status for an authoritative directory with identity digest
1352 * <b>identity</b> published at <b>published</b> -- store it so we can
1353 * serve it to others.
1354 *
1355 * If <b>networkstatus</b> is NULL, remove the entry with the given
1356 * identity fingerprint from the v2 cache.
1357 */
1358 void
1359 dirserv_set_cached_networkstatus_v2(const char *networkstatus,
1360 const char *identity,
1361 time_t published)
1362 {
1363 cached_dir_t *d, *old_d;
1364 smartlist_t *trusted_dirs;
1365 if (!cached_v2_networkstatus)
1366 cached_v2_networkstatus = digestmap_new();
1367
1368 old_d = digestmap_get(cached_v2_networkstatus, identity);
1369 if (!old_d && !networkstatus)
1370 return;
1371
1372 if (networkstatus) {
1373 if (!old_d || published > old_d->published) {
1374 d = new_cached_dir(tor_strdup(networkstatus), published);
1375 digestmap_set(cached_v2_networkstatus, identity, d);
1376 if (old_d)
1377 cached_dir_decref(old_d);
1378 }
1379 } else {
1380 if (old_d) {
1381 digestmap_remove(cached_v2_networkstatus, identity);
1382 cached_dir_decref(old_d);
1383 }
1384 }
1385
1386 /* Now purge old entries. */
1387 trusted_dirs = router_get_trusted_dir_servers();
1388 if (digestmap_size(cached_v2_networkstatus) >
1389 smartlist_len(trusted_dirs) + MAX_UNTRUSTED_NETWORKSTATUSES) {
1390 /* We need to remove the oldest untrusted networkstatus. */
1391 const char *oldest = NULL;
1392 time_t oldest_published = TIME_MAX;
1393 digestmap_iter_t *iter;
1394
1395 for (iter = digestmap_iter_init(cached_v2_networkstatus);
1396 !digestmap_iter_done(iter);
1397 iter = digestmap_iter_next(cached_v2_networkstatus, iter)) {
1398 const char *ident;
1399 void *val;
1400 digestmap_iter_get(iter, &ident, &val);
1401 d = val;
1402 if (d->published < oldest_published &&
1403 !router_digest_is_trusted_dir(ident)) {
1404 oldest = ident;
1405 oldest_published = d->published;
1406 }
1407 }
1408 tor_assert(oldest);
1409 d = digestmap_remove(cached_v2_networkstatus, oldest);
1410 if (d)
1411 cached_dir_decref(d);
1412 }
1413 }
1414
1415 /** Replace the v3 consensus networkstatus that we're serving with
1416 * <b>networkstatus</b>, published at <b>published</b>. No validation is
1417 * performed. */
1418 void
1419 dirserv_set_cached_networkstatus_v3(const char *networkstatus,
1420 time_t published)
1421 {
1422 if (cached_v3_networkstatus)
1423 cached_dir_decref(cached_v3_networkstatus);
1424 cached_v3_networkstatus = new_cached_dir(
1425 tor_strdup(networkstatus), published);
1426 }
1427
1428 /** Remove any v2 networkstatus from the directory cache that was published
1429 * before <b>cutoff</b>. */
1430 void
1431 dirserv_clear_old_networkstatuses(time_t cutoff)
1432 {
1433 if (!cached_v2_networkstatus)
1434 return;
1435
1436 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus, id, cached_dir_t *, dir) {
1437 if (dir->published < cutoff) {
1438 char *fname;
1439 fname = networkstatus_get_cache_filename(id);
1440 if (file_status(fname) == FN_FILE) {
1441 log_info(LD_DIR, "Removing too-old untrusted networkstatus in %s",
1442 fname);
1443 unlink(fname);
1444 }
1445 tor_free(fname);
1446 cached_dir_decref(dir);
1447 MAP_DEL_CURRENT(id);
1448 }
1449 } DIGESTMAP_FOREACH_END
1450 }
1451
1452 /** Remove any v1 info from the directory cache that was published
1453 * too long ago. */
1454 void
1455 dirserv_clear_old_v1_info(time_t now)
1456 {
1457 if (cached_directory &&
1458 cached_directory->published < (now - MAX_V1_DIRECTORY_AGE)) {
1459 cached_dir_decref(cached_directory);
1460 cached_directory = NULL;
1461 }
1462 if (cached_runningrouters.published < (now - MAX_V1_RR_AGE)) {
1463 clear_cached_dir(&cached_runningrouters);
1464 }
1465 }
1466
1467 /** Helper: If we're an authority for the right directory version (v1 or v2)
1468 * (based on <b>auth_type</b>), try to regenerate
1469 * auth_src as appropriate and return it, falling back to cache_src on
1470 * failure. If we're a cache, simply return cache_src.
1471 */
1472 static cached_dir_t *
1473 dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
1474 cached_dir_t *auth_src,
1475 time_t dirty, cached_dir_t *(*regenerate)(void),
1476 const char *name,
1477 authority_type_t auth_type)
1478 {
1479 or_options_t *options = get_options();
1480 int authority = (auth_type == V1_AUTHORITY && authdir_mode_v1(options)) ||
1481 (auth_type == V2_AUTHORITY && authdir_mode_v2(options));
1482
1483 if (!authority || authdir_mode_bridge(options)) {
1484 return cache_src;
1485 } else {
1486 /* We're authoritative. */
1487 if (regenerate != NULL) {
1488 if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) {
1489 if (!(auth_src = regenerate())) {
1490 log_err(LD_BUG, "Couldn't generate %s?", name);
1491 exit(1);
1492 }
1493 } else {
1494 log_info(LD_DIRSERV, "The %s is still clean; reusing.", name);
1495 }
1496 }
1497 return auth_src ? auth_src : cache_src;
1498 }
1499 }
1500
1501 /** Return the most recently generated encoded signed v1 directory,
1502 * generating a new one as necessary. If not a v1 authoritative directory
1503 * may return NULL if no directory is yet cached. */
1504 cached_dir_t *
1505 dirserv_get_directory(void)
1506 {
1507 return dirserv_pick_cached_dir_obj(cached_directory, the_directory,
1508 the_directory_is_dirty,
1509 dirserv_regenerate_directory,
1510 "v1 server directory", V1_AUTHORITY);
1511 }
1512
1513 /** Only called by v1 auth dirservers.
1514 * Generate a fresh v1 directory; set the_directory and return a pointer
1515 * to the new value.
1516 */
1517 static cached_dir_t *
1518 dirserv_regenerate_directory(void)
1519 {
1520 char *new_directory=NULL;
1521
1522 if (dirserv_dump_directory_to_string(&new_directory, get_identity_key())) {
1523 log_warn(LD_BUG, "Error creating directory.");
1524 tor_free(new_directory);
1525 return NULL;
1526 }
1527 cached_dir_decref(the_directory);
1528 the_directory = new_cached_dir(new_directory, time(NULL));
1529 log_info(LD_DIRSERV,"New directory (size %d) has been built.",
1530 (int)the_directory->dir_len);
1531 log_debug(LD_DIRSERV,"New directory (size %d):\n%s",
1532 (int)the_directory->dir_len, the_directory->dir);
1533
1534 the_directory_is_dirty = 0;
1535
1536 /* Save the directory to disk so we re-load it quickly on startup.
1537 */
1538 dirserv_set_cached_directory(the_directory->dir, time(NULL), 0);
1539
1540 return the_directory;
1541 }
1542
1543 /** Only called by v1 auth dirservers.
1544 * Replace the current running-routers list with a newly generated one. */
1545 static cached_dir_t *
1546 generate_runningrouters(void)
1547 {
1548 char *s=NULL;
1549 char digest[DIGEST_LEN];
1550 char published[ISO_TIME_LEN+1];
1551 size_t len;
1552 crypto_pk_env_t *private_key = get_identity_key();
1553 char *identity_pkey; /* Identity key, DER64-encoded. */
1554 size_t identity_pkey_len;
1555
1556 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1557 &identity_pkey_len)<0) {
1558 log_warn(LD_BUG,"write identity_pkey to string failed!");
1559 goto err;
1560 }
1561 format_iso_time(published, time(NULL));
1562
1563 len = 2048;
1564 s = tor_malloc_zero(len);
1565 tor_snprintf(s, len,
1566 "network-status\n"
1567 "published %s\n"
1568 "router-status %s\n"
1569 "dir-signing-key\n%s"
1570 "directory-signature %s\n",
1571 published, "", identity_pkey,
1572 get_options()->Nickname);
1573 tor_free(identity_pkey);
1574 if (router_get_runningrouters_hash(s,digest)) {
1575 log_warn(LD_BUG,"couldn't compute digest");
1576 goto err;
1577 }
1578 note_crypto_pk_op(SIGN_DIR);
1579 if (router_append_dirobj_signature(s, len, digest, private_key)<0)
1580 goto err;
1581
1582 set_cached_dir(&the_runningrouters, s, time(NULL));
1583 runningrouters_is_dirty = 0;
1584
1585 return &the_runningrouters;
1586 err:
1587 tor_free(s);
1588 return NULL;
1589 }
1590
1591 /** Set *<b>rr</b> to the most recently generated encoded signed
1592 * running-routers list, generating a new one as necessary. Return the
1593 * size of the directory on success, and 0 on failure. */
1594 cached_dir_t *
1595 dirserv_get_runningrouters(void)
1596 {
1597 return dirserv_pick_cached_dir_obj(
1598 &cached_runningrouters, &the_runningrouters,
1599 runningrouters_is_dirty,
1600 generate_runningrouters,
1601 "v1 network status list", V1_AUTHORITY);
1602 }
1603
1604 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1605 * optionally compressed format, suitable for sending to clients. */
1606 cached_dir_t *
1607 dirserv_get_consensus(void)
1608 {
1609 return cached_v3_networkstatus;
1610 }
1611
1612 /** For authoritative directories: the current (v2) network status. */
1613 static cached_dir_t *the_v2_networkstatus = NULL;
1614
1615 /** Return true iff our opinion of the routers has been stale for long
1616 * enough that we should generate a new v2 network status doc. */
1617 static int
1618 should_generate_v2_networkstatus(void)
1619 {
1620 return authdir_mode_v2(get_options()) &&
1621 the_v2_networkstatus_is_dirty &&
1622 the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
1623 }
1624
1625 /** If a router's uptime is at least this value, then it is always
1626 * considered stable, regardless of the rest of the network. This
1627 * way we resist attacks where an attacker doubles the size of the
1628 * network using allegedly high-uptime nodes, displacing all the
1629 * current guards. */
1630 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1631 /** If a router's MTBF is at least this value, then it is always stable.
1632 * See above. (Corresponds to about 7 days for current decay rates.) */
1633 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1634 /** Similarly, we protect sufficiently fast nodes from being pushed
1635 * out of the set of Fast nodes. */
1636 #define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
1637 /** Similarly, every node with sufficient bandwidth can be considered
1638 * for Guard status. */
1639 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1640 /** Similarly, every node with at least this much weighted time known can be
1641 * considered familiar enough to be a guard. Corresponds to about 20 days for
1642 * current decay rates.
1643 */
1644 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1645 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1646 */
1647 #define WFU_TO_GUARANTEE_GUARD (0.995)
1648
1649 /* Thresholds for server performance: set by
1650 * dirserv_compute_performance_thresholds, and used by
1651 * generate_v2_networkstatus */
1652
1653 /** Any router with an uptime of at least this value is stable. */
1654 static uint32_t stable_uptime = 0; /* start at a safe value */
1655 /** Any router with an mtbf of at least this value is stable. */
1656 static double stable_mtbf = 0.0;
1657 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1658 * than stable_uptime. */
1659 static int enough_mtbf_info = 0;
1660 /** Any router with a weighted fractional uptime of at least this much might
1661 * be good as a guard. */
1662 static double guard_wfu = 0.0;
1663 /** Don't call a router a guard unless we've known about it for at least this
1664 * many seconds. */
1665 static long guard_tk = 0;
1666 /** Any router with a bandwidth at least this high is "Fast" */
1667 static uint32_t fast_bandwidth = 0;
1668 /** If exits can be guards, then all guards must have a bandwidth this
1669 * high. */
1670 static uint32_t guard_bandwidth_including_exits = 0;
1671 /** If exits can't be guards, then all guards must have a bandwidth this
1672 * high. */
1673 static uint32_t guard_bandwidth_excluding_exits = 0;
1674 /** Total bandwidth of all the routers we're considering. */
1675 static uint64_t total_bandwidth = 0;
1676 /** Total bandwidth of all the exit routers we're considering. */
1677 static uint64_t total_exit_bandwidth = 0;
1678
1679 /** Helper: estimate the uptime of a router given its stated uptime and the
1680 * amount of time since it last stated its stated uptime. */
1681 static INLINE long
1682 real_uptime(routerinfo_t *router, time_t now)
1683 {
1684 if (now < router->cache_info.published_on)
1685 return router->uptime;
1686 else
1687 return router->uptime + (now - router->cache_info.published_on);
1688 }
1689
1690 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1691 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1692 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1693 * bandwidth.
1694 */
1695 static int
1696 dirserv_thinks_router_is_unreliable(time_t now,
1697 routerinfo_t *router,
1698 int need_uptime, int need_capacity)
1699 {
1700 if (need_uptime) {
1701 if (!enough_mtbf_info) {
1702 /* XXX022 Once most authorities are on v3, we should change the rule from
1703 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1704 * v3 if we don't have enough mtbf data." */
1705 long uptime = real_uptime(router, now);
1706 if ((unsigned)uptime < stable_uptime &&
1707 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1708 return 1;
1709 } else {
1710 double mtbf =
1711 rep_hist_get_stability(router->cache_info.identity_digest, now);
1712 if (mtbf < stable_mtbf &&
1713 mtbf < MTBF_TO_GUARANTEE_STABLE)
1714 return 1;
1715 }
1716 }
1717 if (need_capacity) {
1718 uint32_t bw = router_get_advertised_bandwidth(router);
1719 if (bw < fast_bandwidth)
1720 return 1;
1721 }
1722 return 0;
1723 }
1724
1725 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1726 * Right now this means it advertises support for it, it has a high
1727 * uptime, and it's currently considered Running.
1728 *
1729 * This function needs to be called after router-\>is_running has
1730 * been set.
1731 */
1732 static int
1733 dirserv_thinks_router_is_hs_dir(routerinfo_t *router, time_t now)
1734 {
1735 long uptime = real_uptime(router, now);
1736
1737 return (router->wants_to_be_hs_dir &&
1738 uptime > get_options()->MinUptimeHidServDirectoryV2 &&
1739 router->is_running);
1740 }
1741
1742 /** Look through the routerlist, the Mean Time Between Failure history, and
1743 * the Weighted Fractional Uptime history, and use them to set thresholds for
1744 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1745 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1746 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1747 * total_bandwidth, and total_exit_bandwidth.
1748 *
1749 * Also, set the is_exit flag of each router appropriately. */
1750 static void
1751 dirserv_compute_performance_thresholds(routerlist_t *rl)
1752 {
1753 int n_active, n_active_nonexit, n_familiar;
1754 uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
1755 long *tks;
1756 double *mtbfs, *wfus;
1757 time_t now = time(NULL);
1758
1759 /* initialize these all here, in case there are no routers */
1760 stable_uptime = 0;
1761 stable_mtbf = 0;
1762 fast_bandwidth = 0;
1763 guard_bandwidth_including_exits = 0;
1764 guard_bandwidth_excluding_exits = 0;
1765 guard_tk = 0;
1766 guard_wfu = 0;
1767 total_bandwidth = 0;
1768 total_exit_bandwidth = 0;
1769
1770 /* Initialize arrays that will hold values for each router. We'll
1771 * sort them and use that to compute thresholds. */
1772 n_active = n_active_nonexit = 0;
1773 /* Uptime for every active router. */
1774 uptimes = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1775 /* Bandwidth for every active router. */
1776 bandwidths = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1777 /* Bandwidth for every active non-exit router. */
1778 bandwidths_excluding_exits =
1779 tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1780 /* Weighted mean time between failure for each active router. */
1781 mtbfs = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1782 /* Time-known for each active router. */
1783 tks = tor_malloc(sizeof(long)*smartlist_len(rl->routers));
1784 /* Weighted fractional uptime for each active router. */
1785 wfus = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1786
1787 /* Now, fill in the arrays. */
1788 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1789 if (router_is_active(ri, now)) {
1790 const char *id = ri->cache_info.identity_digest;
1791 uint32_t bw;
1792 ri->is_exit = exit_policy_is_general_exit(ri->exit_policy);
1793 uptimes[n_active] = (uint32_t)real_uptime(ri, now);
1794 mtbfs[n_active] = rep_hist_get_stability(id, now);
1795 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1796 bandwidths[n_active] = bw = router_get_advertised_bandwidth(ri);
1797 total_bandwidth += bw;
1798 if (ri->is_exit && !ri->is_bad_exit) {
1799 total_exit_bandwidth += bw;
1800 } else {
1801 bandwidths_excluding_exits[n_active_nonexit] = bw;
1802 ++n_active_nonexit;
1803 }
1804 ++n_active;
1805 }
1806 });
1807
1808 /* Now, compute thresholds. */
1809 if (n_active) {
1810 /* The median uptime is stable. */
1811 stable_uptime = median_uint32(uptimes, n_active);
1812 /* The median mtbf is stable, if we have enough mtbf info */
1813 stable_mtbf = median_double(mtbfs, n_active);
1814 /* The 12.5th percentile bandwidth is fast. */
1815 fast_bandwidth = find_nth_uint32(bandwidths, n_active, n_active/8);
1816 /* (Now bandwidths is sorted.) */
1817 if (fast_bandwidth < ROUTER_REQUIRED_MIN_BANDWIDTH/2)
1818 fast_bandwidth = bandwidths[n_active/4];
1819 guard_bandwidth_including_exits = bandwidths[(n_active-1)/2];
1820 guard_tk = find_nth_long(tks, n_active, n_active/8);
1821 }
1822
1823 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1824 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1825
1826 if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
1827 fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
1828
1829 /* Now that we have a time-known that 7/8 routers are known longer than,
1830 * fill wfus with the wfu of every such "familiar" router. */
1831 n_familiar = 0;
1832 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1833 if (router_is_active(ri, now)) {
1834 const char *id = ri->cache_info.identity_digest;
1835 long tk = rep_hist_get_weighted_time_known(id, now);
1836 if (tk < guard_tk)
1837 continue;
1838 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1839 }
1840 });
1841 if (n_familiar)
1842 guard_wfu = median_double(wfus, n_familiar);
1843 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1844 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1845
1846 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1847
1848 if (n_active_nonexit) {
1849 guard_bandwidth_excluding_exits =
1850 median_uint32(bandwidths_excluding_exits, n_active_nonexit);
1851 }
1852
1853 log(LOG_INFO, LD_DIRSERV,
1854 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1855 "For Fast: %lu bytes/sec. "
1856 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1857 "and bandwidth %lu or %lu bytes/sec. We%s have enough stability data.",
1858 (unsigned long)stable_uptime,
1859 (unsigned long)stable_mtbf,
1860 (unsigned long)fast_bandwidth,
1861 guard_wfu*100,
1862 (unsigned long)guard_tk,
1863 (unsigned long)guard_bandwidth_including_exits,
1864 (unsigned long)guard_bandwidth_excluding_exits,
1865 enough_mtbf_info ? "" : " don't ");
1866
1867 tor_free(uptimes);
1868 tor_free(mtbfs);
1869 tor_free(bandwidths);
1870 tor_free(bandwidths_excluding_exits);
1871 tor_free(tks);
1872 tor_free(wfus);
1873 }
1874
1875 /** Given a platform string as in a routerinfo_t (possibly null), return a
1876 * newly allocated version string for a networkstatus document, or NULL if the
1877 * platform doesn't give a Tor version. */
1878 static char *
1879 version_from_platform(const char *platform)
1880 {
1881 if (platform && !strcmpstart(platform, "Tor ")) {
1882 const char *eos = find_whitespace(platform+4);
1883 if (eos && !strcmpstart(eos, " (r")) {
1884 /* XXXX Unify this logic with the other version extraction
1885 * logic in routerparse.c. */
1886 eos = find_whitespace(eos+1);
1887 }
1888 if (eos) {
1889 return tor_strndup(platform, eos-platform);
1890 }
1891 }
1892 return NULL;
1893 }
1894
1895 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1896 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1897 * Use the same format as in network-status documents. If <b>version</b> is
1898 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1899 * failure. If <b>first_line_only</b> is true, don't include any flags
1900 * or version line.
1901 */
1902 int
1903 routerstatus_format_entry(char *buf, size_t buf_len,
1904 routerstatus_t *rs, const char *version,
1905 int first_line_only, int v2_format)
1906 /* XXX: first_line_only and v2_format should probably be be both
1907 * replaced by a single purpose parameter.
1908 */
1909 {
1910 int r;
1911 struct in_addr in;
1912 char *cp;
1913 char *summary;
1914
1915 char published[ISO_TIME_LEN+1];
1916 char ipaddr[INET_NTOA_BUF_LEN];
1917 char identity64[BASE64_DIGEST_LEN+1];
1918 char digest64[BASE64_DIGEST_LEN+1];
1919
1920 format_iso_time(published, rs->published_on);
1921 digest_to_base64(identity64, rs->identity_digest);
1922 digest_to_base64(digest64, rs->descriptor_digest);
1923 in.s_addr = htonl(rs->addr);
1924 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
1925
1926 r = tor_snprintf(buf, buf_len,
1927 "r %s %s %s %s %s %d %d\n",
1928 rs->nickname,
1929 identity64,
1930 digest64,
1931 published,
1932 ipaddr,
1933 (int)rs->or_port,
1934 (int)rs->dir_port);
1935 if (r<0) {
1936 log_warn(LD_BUG, "Not enough space in buffer.");
1937 return -1;
1938 }
1939 if (first_line_only)
1940 return 0;
1941
1942 cp = buf + strlen(buf);
1943 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
1944 r = tor_snprintf(cp, buf_len - (cp-buf),
1945 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
1946 /* These must stay in alphabetical order. */
1947 rs->is_authority?" Authority":"",
1948 rs->is_bad_directory?" BadDirectory":"",
1949 rs->is_bad_exit?" BadExit":"",
1950 rs->is_exit?" Exit":"",
1951 rs->is_fast?" Fast":"",
1952 rs->is_possible_guard?" Guard":"",
1953 rs->is_hs_dir?" HSDir":"",
1954 rs->is_named?" Named":"",
1955 rs->is_running?" Running":"",
1956 rs->is_stable?" Stable":"",
1957 rs->is_unnamed?" Unnamed":"",
1958 rs->is_v2_dir?" V2Dir":"",
1959 rs->is_valid?" Valid":"");
1960 if (r<0) {
1961 log_warn(LD_BUG, "Not enough space in buffer.");
1962 return -1;
1963 }
1964 cp += strlen(cp);
1965
1966 /* length of "opt v \n" */
1967 #define V_LINE_OVERHEAD 7
1968 if (version && strlen(version) < MAX_V_LINE_LEN - V_LINE_OVERHEAD) {
1969 if (tor_snprintf(cp, buf_len - (cp-buf), "opt v %s\n", version)<0) {
1970 log_warn(LD_BUG, "Unable to print router version.");
1971 return -1;
1972 }
1973 cp += strlen(cp);
1974 }
1975
1976 if (!v2_format) {
1977 routerinfo_t* desc = router_get_by_digest(rs->identity_digest);
1978
1979 /* Blow up more or less nicely if we didn't get anything or not the
1980 * thing we expected.
1981 */
1982 if (!desc) {
1983 char id[HEX_DIGEST_LEN+1];
1984 char dd[HEX_DIGEST_LEN+1];
1985
1986 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
1987 base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
1988 log_warn(LD_BUG, "Cannot get any descriptor for %s "
1989 "(wanted descriptor %s).",
1990 id, dd);
1991 return -1;
1992 };
1993 if (memcmp(desc->cache_info.signed_descriptor_digest,
1994 rs->descriptor_digest,
1995 DIGEST_LEN)) {
1996 char rl_d[HEX_DIGEST_LEN+1];
1997 char rs_d[HEX_DIGEST_LEN+1];
1998 char id[HEX_DIGEST_LEN+1];
1999
2000 base16_encode(rl_d, sizeof(rl_d),
2001 desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
2002 base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
2003 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2004 log_err(LD_BUG, "descriptor digest in routerlist does not match "
2005 "the one in routerstatus: %s vs %s "
2006 "(router %s)\n",
2007 rl_d, rs_d, id);
2008
2009 tor_assert(!memcmp(desc->cache_info.signed_descriptor_digest,
2010 rs->descriptor_digest,
2011 DIGEST_LEN));
2012 };
2013
2014 r = tor_snprintf(cp, buf_len - (cp-buf),
2015 "w Bandwidth=%d\n",
2016 router_get_advertised_bandwidth_capped(desc) / 1024);
2017 if (r<0) {
2018 log_warn(LD_BUG, "Not enough space in buffer.");
2019 return -1;
2020 }
2021 cp += strlen(cp);
2022
2023 summary = policy_summarize(desc->exit_policy);
2024 r = tor_snprintf(cp, buf_len - (cp-buf), "p %s\n", summary);
2025 if (r<0) {
2026 log_warn(LD_BUG, "Not enough space in buffer.");
2027 tor_free(summary);
2028 return -1;
2029 }
2030 cp += strlen(cp);
2031 tor_free(summary);
2032 }
2033
2034 return 0;
2035 }
2036
2037 /** Helper for sorting: compares two routerinfos first by address, and then by
2038 * descending order of "usefulness". (An authority is more useful than a
2039 * non-authority; a running router is more useful than a non-running router;
2040 * and a router with more bandwidth is more useful than one with less.)
2041 **/
2042 static int
2043 _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
2044 {
2045 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
2046 int first_is_auth, second_is_auth;
2047 uint32_t bw_first, bw_second;
2048
2049 /* we return -1 if first should appear before second... that is,
2050 * if first is a better router. */
2051 if (first->addr < second->addr)
2052 return -1;
2053 else if (first->addr > second->addr)
2054 return 1;
2055
2056 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
2057 * reality, we will almost never get here, since addresses will usually be
2058 * different. */
2059
2060 first_is_auth =
2061 router_digest_is_trusted_dir(first->cache_info.identity_digest);
2062 second_is_auth =
2063 router_digest_is_trusted_dir(second->cache_info.identity_digest);
2064
2065 if (first_is_auth && !second_is_auth)
2066 return -1;
2067 else if (!first_is_auth && second_is_auth)
2068 return 1;
2069
2070 else if (first->is_running && !second->is_running)
2071 return -1;
2072 else if (!first->is_running && second->is_running)
2073 return 1;
2074
2075 bw_first = router_get_advertised_bandwidth(first);
2076 bw_second = router_get_advertised_bandwidth(second);
2077
2078 if (bw_first > bw_second)
2079 return -1;
2080 else if (bw_first < bw_second)
2081 return 1;
2082
2083 /* They're equal! Compare by identity digest, so there's a
2084 * deterministic order and we avoid flapping. */
2085 return memcmp(first->cache_info.identity_digest,
2086 second->cache_info.identity_digest,
2087 DIGEST_LEN);
2088 }
2089
2090 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2091 * whose keys are the identity digests of those routers that we're going to
2092 * exclude for Sybil-like appearance. */
2093 static digestmap_t *
2094 get_possible_sybil_list(const smartlist_t *routers)
2095 {
2096 or_options_t *options = get_options();
2097 digestmap_t *omit_as_sybil;
2098 smartlist_t *routers_by_ip = smartlist_create();
2099 uint32_t last_addr;
2100 int addr_count;
2101 /* Allow at most this number of Tor servers on a single IP address, ... */
2102 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
2103 /* ... unless it's a directory authority, in which case allow more. */
2104 int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
2105 if (max_with_same_addr <= 0)
2106 max_with_same_addr = INT_MAX;
2107 if (max_with_same_addr_on_authority <= 0)
2108 max_with_same_addr_on_authority = INT_MAX;
2109
2110 smartlist_add_all(routers_by_ip, routers);
2111 smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
2112 omit_as_sybil = digestmap_new();
2113
2114 last_addr = 0;
2115 addr_count = 0;
2116 SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
2117 {
2118 if (last_addr != ri->addr) {
2119 last_addr = ri->addr;
2120 addr_count = 1;
2121 } else if (++addr_count > max_with_same_addr) {
2122 if (!router_addr_is_trusted_dir(ri->addr) ||
2123 addr_count > max_with_same_addr_on_authority)
2124 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2125 }
2126 });
2127
2128 smartlist_free(routers_by_ip);
2129 return omit_as_sybil;
2130 }
2131
2132 /** Extract status information from <b>ri</b> and from other authority
2133 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2134 * the named flag in <b>rs</b>. If not <b>exits_can_be_guards</b>, never mark
2135 * an exit as a guard. If <b>listbadexits</b>, consider setting the badexit
2136 * flag.
2137 *
2138 * We assume that ri-\>is_running has already been set, e.g. by
2139 * dirserv_set_router_is_running(ri, now);
2140 */
2141 void
2142 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2143 routerinfo_t *ri, time_t now,
2144 int naming, int exits_can_be_guards,
2145 int listbadexits, int listbaddirs)
2146 {
2147 int unstable_version =
2148 !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
2149 memset(rs, 0, sizeof(routerstatus_t));
2150
2151 rs->is_authority =
2152 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2153
2154 /* Already set by compute_performance_thresholds. */
2155 rs->is_exit = ri->is_exit;
2156 rs->is_stable = ri->is_stable =
2157 router_is_active(ri, now) &&
2158 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0) &&
2159 !unstable_version;
2160 rs->is_fast = ri->is_fast =
2161 router_is_active(ri, now) &&
2162 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2163 rs->is_running = ri->is_running; /* computed above */
2164
2165 if (naming) {
2166 uint32_t name_status = dirserv_get_name_status(
2167 ri->cache_info.identity_digest, ri->nickname);
2168 rs->is_named = (naming && (name_status & FP_NAMED)) ? 1 : 0;
2169 rs->is_unnamed = (naming && (name_status & FP_UNNAMED)) ? 1 : 0;
2170 }
2171 rs->is_valid = ri->is_valid;
2172
2173 if (rs->is_fast &&
2174 (!rs->is_exit || exits_can_be_guards) &&
2175 (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
2176 router_get_advertised_bandwidth(ri) >=
2177 (exits_can_be_guards ? guard_bandwidth_including_exits :
2178 guard_bandwidth_excluding_exits))) {
2179 long tk = rep_hist_get_weighted_time_known(
2180 ri->cache_info.identity_digest, now);
2181 double wfu = rep_hist_get_weighted_fractional_uptime(
2182 ri->cache_info.identity_digest, now);
2183 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2184 } else {
2185 rs->is_possible_guard = 0;
2186 }
2187 rs->is_bad_directory = listbaddirs && ri->is_bad_directory;
2188 rs->is_bad_exit = listbadexits && ri->is_bad_exit;
2189 ri->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, now);
2190 rs->is_hs_dir = ri->is_hs_dir;
2191 rs->is_v2_dir = ri->dir_port != 0;
2192
2193 if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME))
2194 rs->is_named = rs->is_unnamed = 0;
2195
2196 rs->published_on = ri->cache_info.published_on;
2197 memcpy(rs->identity_digest, ri->cache_info.identity_digest, DIGEST_LEN);
2198 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2199 DIGEST_LEN);
2200 rs->addr = ri->addr;
2201 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2202 rs->or_port = ri->or_port;
2203 rs->dir_port = ri->dir_port;
2204 }
2205
2206 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2207 * too narrow an IP-space. Clear out its flags: we don't want people
2208 * using it.
2209 */
2210 static void
2211 clear_status_flags_on_sybil(routerstatus_t *rs)
2212 {
2213 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2214 rs->is_running = rs->is_named = rs->is_valid = rs->is_v2_dir =
2215 rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit =
2216 rs->is_bad_directory = 0;
2217 /* FFFF we might want some mechanism to check later on if we
2218 * missed zeroing any flags: it's easy to add a new flag but
2219 * forget to add it to this clause. */
2220 }
2221
2222 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2223 * function here because it's eerily similar to
2224 * clear_status_flags_on_sybil() above. One day we should merge them. */
2225 void
2226 router_clear_status_flags(routerinfo_t *router)
2227 {
2228 router->is_valid = router->is_running = router->is_hs_dir =
2229 router->is_fast = router->is_stable =
2230 router->is_possible_guard = router->is_exit =
2231 router->is_bad_exit = router->is_bad_directory = 0;
2232 }
2233
2234 /** Return a new networkstatus_t* containing our current opinion. (For v3
2235 * authorities) */
2236 networkstatus_t *
2237 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
2238 authority_cert_t *cert)
2239 {
2240 or_options_t *options = get_options();
2241 networkstatus_t *v3_out = NULL;
2242 uint32_t addr;
2243 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2244 const char *contact;
2245 smartlist_t *routers, *routerstatuses;
2246 char identity_digest[DIGEST_LEN];
2247 char signing_key_digest[DIGEST_LEN];
2248 int naming = options->NamingAuthoritativeDir;
2249 int listbadexits = options->AuthDirListBadExits;
2250 int listbaddirs = options->AuthDirListBadDirs;
2251 int exits_can_be_guards;
2252 routerlist_t *rl = router_get_routerlist();
2253 time_t now = time(NULL);
2254 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2255 networkstatus_voter_info_t *voter = NULL;
2256 vote_timing_t timing;
2257 digestmap_t *omit_as_sybil = NULL;
2258 int vote_on_reachability = 1;
2259
2260 tor_assert(private_key);
2261 tor_assert(cert);
2262
2263 if (now - time_of_process_start <
2264 options->TestingAuthDirTimeToLearnReachability)
2265 vote_on_reachability = 0;
2266
2267 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2268 log_warn(LD_NET, "Couldn't resolve my hostname");
2269 return NULL;
2270 }
2271 if (!strchr(hostname, '.')) {
2272 tor_free(hostname);
2273 hostname = tor_dup_ip(addr);
2274 }
2275 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2276 log_err(LD_BUG, "Error computing signing key digest");
2277 return NULL;
2278 }
2279 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2280 log_err(LD_BUG, "Error computing identity key digest");
2281 return NULL;
2282 }
2283
2284 if (options->VersioningAuthoritativeDir) {
2285 client_versions = format_versions_list(options->RecommendedClientVersions);
2286 server_versions = format_versions_list(options->RecommendedServerVersions);
2287 }
2288
2289 contact = get_options()->ContactInfo;
2290 if (!contact)
2291 contact = "(none)";
2292
2293 /* precompute this part, since we need it to decide what "stable"
2294 * means. */
2295 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2296 dirserv_set_router_is_running(ri, now);
2297 });
2298
2299 dirserv_compute_performance_thresholds(rl);
2300
2301 /* XXXX We should take steps to keep this from oscillating if
2302 * total_exit_bandwidth is close to total_bandwidth/3. */
2303 exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
2304
2305 routers = smartlist_create();
2306 smartlist_add_all(routers, rl->routers);
2307 routers_sort_by_identity(routers);
2308 omit_as_sybil = get_possible_sybil_list(routers);
2309
2310 routerstatuses = smartlist_create();
2311
2312 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2313 if (ri->cache_info.published_on >= cutoff) {
2314 routerstatus_t *rs;
2315 vote_routerstatus_t *vrs;
2316
2317 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2318 rs = &vrs->status;
2319 set_routerstatus_from_routerinfo(rs, ri, now,
2320 naming, exits_can_be_guards,
2321 listbadexits, listbaddirs);
2322
2323 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2324 clear_status_flags_on_sybil(rs);
2325
2326 if (!vote_on_reachability)
2327 rs->is_running = 0;
2328
2329 vrs->version = version_from_platform(ri->platform);
2330 smartlist_add(routerstatuses, vrs);
2331 }
2332 });
2333 smartlist_free(routers);
2334 digestmap_free(omit_as_sybil, NULL);
2335
2336 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
2337
2338 v3_out->type = NS_TYPE_VOTE;
2339 dirvote_get_preferred_voting_intervals(&timing);
2340 v3_out->published = now;
2341 {
2342 char tbuf[ISO_TIME_LEN+1];
2343 networkstatus_t *current_consensus =
2344 networkstatus_get_live_consensus(now);
2345 long last_consensus_interval; /* only used to pick a valid_after */
2346 if (current_consensus)
2347 last_consensus_interval = current_consensus->fresh_until -
2348 current_consensus->valid_after;
2349 else
2350 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
2351 v3_out->valid_after =
2352 dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
2353 format_iso_time(tbuf, v3_out->valid_after);
2354 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
2355 "consensus_set=%d, last_interval=%d",
2356 tbuf, current_consensus?1:0, (int)last_consensus_interval);
2357 }
2358 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
2359 v3_out->valid_until = v3_out->valid_after +
2360 (timing.vote_interval * timing.n_intervals_valid);
2361 v3_out->vote_seconds = timing.vote_delay;
2362 v3_out->dist_seconds = timing.dist_delay;
2363 tor_assert(v3_out->vote_seconds > 0);
2364 tor_assert(v3_out->dist_seconds > 0);
2365 tor_assert(timing.n_intervals_valid > 0);
2366
2367 v3_out->client_versions = client_versions;
2368 v3_out->server_versions = server_versions;
2369 v3_out->known_flags = smartlist_create();
2370 smartlist_split_string(v3_out->known_flags,
2371 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2372 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
2373 if (vote_on_reachability)
2374 smartlist_add(v3_out->known_flags, tor_strdup("Running"));
2375 if (listbaddirs)
2376 smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
2377 if (listbadexits)
2378 smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
2379 if (naming) {
2380 smartlist_add(v3_out->known_flags, tor_strdup("Named"));
2381 smartlist_add(v3_out->known_flags, tor_strdup("Unnamed"));
2382 }
2383 smartlist_sort_strings(v3_out->known_flags);
2384
2385 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2386 voter->nickname = tor_strdup(options->Nickname);
2387 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
2388 voter->address = hostname;
2389 voter->addr = addr;
2390 voter->dir_port = options->DirPort;
2391 voter->or_port = options->ORPort;
2392 voter->contact = tor_strdup(contact);
2393 memcpy(voter->signing_key_digest, signing_key_digest, DIGEST_LEN);
2394 if (options->V3AuthUseLegacyKey) {
2395 authority_cert_t *c = get_my_v3_legacy_cert();
2396 if (c) {
2397 crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest);
2398 }
2399 }
2400
2401 v3_out->voters = smartlist_create();
2402 smartlist_add(v3_out->voters, voter);
2403 v3_out->cert = authority_cert_dup(cert);
2404 v3_out->routerstatus_list = routerstatuses;
2405 /* Note: networkstatus_digest is unset; it won't get set until we actually
2406 * format the vote. */
2407
2408 return v3_out;
2409 }
2410
2411 /** For v2 authoritative directories only: Replace the contents of
2412 * <b>the_v2_networkstatus</b> with a newly generated network status
2413 * object. */
2414 static cached_dir_t *
2415 generate_v2_networkstatus_opinion(void)
2416 {
2417 cached_dir_t *r = NULL;
2418 size_t len, identity_pkey_len;
2419 char *status = NULL, *client_versions = NULL, *server_versions = NULL,
2420 *identity_pkey = NULL, *hostname = NULL;
2421 char *outp, *endp;
2422 or_options_t *options = get_options();
2423 char fingerprint[FINGERPRINT_LEN+1];
2424 char ipaddr[INET_NTOA_BUF_LEN];
2425 char published[ISO_TIME_LEN+1];
2426 char digest[DIGEST_LEN];
2427 struct in_addr in;
2428 uint32_t addr;
2429 crypto_pk_env_t *private_key;
2430 routerlist_t *rl = router_get_routerlist();
2431 time_t now = time(NULL);
2432 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2433 int naming = options->NamingAuthoritativeDir;
2434 int versioning = options->VersioningAuthoritativeDir;
2435 int listbaddirs = options->AuthDirListBadDirs;
2436 int listbadexits = options->AuthDirListBadExits;
2437 int exits_can_be_guards;
2438 const char *contact;
2439 char *version_lines = NULL;
2440 smartlist_t *routers = NULL;
2441 digestmap_t *omit_as_sybil = NULL;
2442
2443 private_key = get_identity_key();
2444
2445 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2446 log_warn(LD_NET, "Couldn't resolve my hostname");
2447 goto done;
2448 }
2449 in.s_addr = htonl(addr);
2450 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
2451
2452 format_iso_time(published, now);
2453
2454 client_versions = format_versions_list(options->RecommendedClientVersions);
2455 server_versions = format_versions_list(options->RecommendedServerVersions);
2456
2457 if (crypto_pk_write_public_key_to_string(private_key, &identity_pkey,
2458 &identity_pkey_len)<0) {
2459 log_warn(LD_BUG,"Writing public key to string failed.");
2460 goto done;
2461 }
2462
2463 if (crypto_pk_get_fingerprint(private_key, fingerprint, 0)<0) {
2464 log_err(LD_BUG, "Error computing fingerprint");
2465 goto done;
2466 }
2467
2468 contact = get_options()->ContactInfo;
2469 if (!contact)
2470 contact = "(none)";
2471
2472 if (versioning) {
2473 size_t v_len = 64+strlen(client_versions)+strlen(server_versions);
2474 version_lines = tor_malloc(v_len);
2475 tor_snprintf(version_lines, v_len,
2476 "client-versions %s\nserver-versions %s\n",
2477 client_versions, server_versions);
2478 } else {
2479 version_lines = tor_strdup("");
2480 }
2481
2482 len = 4096+strlen(client_versions)+strlen(server_versions);
2483 len += identity_pkey_len*2;
2484 len += (RS_ENTRY_LEN)*smartlist_len(rl->routers);
2485
2486 status = tor_malloc(len);
2487 tor_snprintf(status, len,
2488 "network-status-version 2\n"
2489 "dir-source %s %s %d\n"
2490 "fingerprint %s\n"
2491 "contact %s\n"
2492 "published %s\n"
2493 "dir-options%s%s%s%s\n"
2494 "%s" /* client version line, server version line. */
2495 "dir-signing-key\n%s",
2496 hostname, ipaddr, (int)options->DirPort,
2497 fingerprint,
2498 contact,
2499 published,
2500 naming ? " Names" : "",
2501 listbaddirs ? " BadDirectories" : "",
2502 listbadexits ? " BadExits" : "",
2503 versioning ? " Versions" : "",
2504 version_lines,
2505 identity_pkey);
2506 outp = status + strlen(status);
2507 endp = status + len;
2508
2509 /* precompute this part, since we need it to decide what "stable"
2510 * means. */
2511 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2512 dirserv_set_router_is_running(ri, now);
2513 });
2514
2515 dirserv_compute_performance_thresholds(rl);
2516
2517 /* XXXX We should take steps to keep this from oscillating if
2518 * total_exit_bandwidth is close to total_bandwidth/3. */
2519 exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
2520
2521 routers = smartlist_create();
2522 smartlist_add_all(routers, rl->routers);
2523 routers_sort_by_identity(routers);
2524
2525 omit_as_sybil = get_possible_sybil_list(routers);
2526
2527 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2528 if (ri->cache_info.published_on >= cutoff) {
2529 routerstatus_t rs;
2530 char *version = version_from_platform(ri->platform);
2531
2532 set_routerstatus_from_routerinfo(&rs, ri, now,
2533 naming, exits_can_be_guards,
2534 listbadexits, listbaddirs);
2535
2536 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2537 clear_status_flags_on_sybil(&rs);
2538
2539 if (routerstatus_format_entry(outp, endp-outp, &rs, version, 0, 1)) {
2540 log_warn(LD_BUG, "Unable to print router status.");
2541 tor_free(version);
2542 goto done;
2543 }
2544 tor_free(version);
2545 outp += strlen(outp);
2546 }
2547 });
2548
2549 if (tor_snprintf(outp, endp-outp, "directory-signature %s\n",
2550 get_options()->Nickname)<0) {
2551 log_warn(LD_BUG, "Unable to write signature line.");
2552 goto done;
2553 }
2554 if (router_get_networkstatus_v2_hash(status, digest)<0) {
2555 log_warn(LD_BUG, "Unable to hash network status");
2556 goto done;
2557 }
2558 outp += strlen(outp);
2559
2560 note_crypto_pk_op(SIGN_DIR);
2561 if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
2562 log_warn(LD_BUG, "Unable to sign router status.");
2563 goto done;
2564 }
2565
2566 {
2567 networkstatus_v2_t *ns;
2568 if (!(ns = networkstatus_v2_parse_from_string(status))) {
2569 log_err(LD_BUG,"Generated a networkstatus we couldn't parse.");
2570 goto done;
2571 }
2572 networkstatus_v2_free(ns);
2573 }
2574
2575 {
2576 cached_dir_t **ns_ptr = &the_v2_networkstatus;
2577 if (*ns_ptr)
2578 cached_dir_decref(*ns_ptr);
2579 *ns_ptr = new_cached_dir(status, now);
2580 status = NULL; /* So it doesn't get double-freed. */
2581 the_v2_networkstatus_is_dirty = 0;
2582 router_set_networkstatus_v2((*ns_ptr)->dir, now, NS_GENERATED, NULL);
2583 r = *ns_ptr;
2584 }
2585
2586 done:
2587 tor_free(client_versions);
2588 tor_free(server_versions);
2589 tor_free(version_lines);
2590 tor_free(status);
2591 tor_free(hostname);
2592 tor_free(identity_pkey);
2593 if (routers)
2594 smartlist_free(routers);
2595 if (omit_as_sybil)
2596 digestmap_free(omit_as_sybil, NULL);
2597 return r;
2598 }
2599
2600 /** Given the portion of a networkstatus request URL after "tor/status/" in
2601 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2602 * networkstatus objects that the client has requested. */
2603 void
2604 dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
2605 const char *key)
2606 {
2607 tor_assert(result);
2608
2609 if (!cached_v2_networkstatus)
2610 cached_v2_networkstatus = digestmap_new();
2611
2612 if (should_generate_v2_networkstatus())
2613 generate_v2_networkstatus_opinion();
2614
2615 if (!strcmp(key,"authority")) {
2616 if (authdir_mode_v2(get_options())) {
2617 routerinfo_t *me = router_get_my_routerinfo();
2618 if (me)
2619 smartlist_add(result,
2620 tor_memdup(me->cache_info.identity_digest, DIGEST_LEN));
2621 }
2622 } else if (!strcmp(key, "all")) {
2623 if (digestmap_size(cached_v2_networkstatus)) {
2624 digestmap_iter_t *iter;
2625 iter = digestmap_iter_init(cached_v2_networkstatus);
2626 while (!digestmap_iter_done(iter)) {
2627 const char *ident;
2628 void *val;
2629 digestmap_iter_get(iter, &ident, &val);
2630 smartlist_add(result, tor_memdup(ident, DIGEST_LEN));
2631 iter = digestmap_iter_next(cached_v2_networkstatus, iter);
2632 }
2633 } else {
2634 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2635 trusted_dir_server_t *, ds,
2636 if (ds->type & V2_AUTHORITY)
2637 smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
2638 }
2639 smartlist_sort_digests(result);
2640 if (smartlist_len(result) == 0)
2641 log_info(LD_DIRSERV,
2642 "Client requested 'all' network status objects; we have none.");
2643 } else if (!strcmpstart(key, "fp/")) {
2644 dir_split_resource_into_fingerprints(key+3, result, NULL, 1, 1);
2645 }
2646 }
2647
2648 /** Look for a network status object as specified by <b>key</b>, which should
2649 * be either "authority" (to find a network status generated by us), a hex
2650 * identity digest (to find a network status generated by given directory), or
2651 * "all" (to return all the v2 network status objects we have).
2652 */
2653 void
2654 dirserv_get_networkstatus_v2(smartlist_t *result,
2655 const char *key)
2656 {
2657 cached_dir_t *cached;
2658 smartlist_t *fingerprints = smartlist_create();
2659 tor_assert(result);
2660
2661 if (!cached_v2_networkstatus)
2662 cached_v2_networkstatus = digestmap_new();
2663
2664 dirserv_get_networkstatus_v2_fingerprints(fingerprints, key);
2665 SMARTLIST_FOREACH(fingerprints, const char *, fp,
2666 {
2667 if (router_digest_is_me(fp) && should_generate_v2_networkstatus())
2668 generate_v2_networkstatus_opinion();
2669 cached = digestmap_get(cached_v2_networkstatus, fp);
2670 if (cached) {
2671 smartlist_add(result, cached);
2672 } else {
2673 char hexbuf[HEX_DIGEST_LEN+1];
2674 base16_encode(hexbuf, sizeof(hexbuf), fp, DIGEST_LEN);
2675 log_info(LD_DIRSERV, "Don't know about any network status with "
2676 "fingerprint '%s'", hexbuf);
2677 }
2678 });
2679 SMARTLIST_FOREACH(fingerprints, char *, cp, tor_free(cp));
2680 smartlist_free(fingerprints);
2681 }
2682
2683 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2684 * pointers, adds copies of digests to fps_out, and doesn't use the
2685 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2686 * requests, adds identity digests.
2687 */
2688 int
2689 dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
2690 const char **msg, int for_unencrypted_conn,
2691 int is_extrainfo)
2692 {
2693 int by_id = 1;
2694 *msg = NULL;
2695
2696 if (!strcmp(key, "all")) {
2697 routerlist_t *rl = router_get_routerlist();
2698 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2699 smartlist_add(fps_out,
2700 tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
2701 } else if (!strcmp(key, "authority")) {
2702 routerinfo_t *ri = router_get_my_routerinfo();
2703 if (ri)
2704 smartlist_add(fps_out,
2705 tor_memdup(ri->cache_info.identity_digest, DIGEST_LEN));
2706 } else if (!strcmpstart(key, "d/")) {
2707 by_id = 0;
2708 key += strlen("d/");
2709 dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
2710 } else if (!strcmpstart(key, "fp/")) {
2711 key += strlen("fp/");
2712 dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
2713 } else {
2714 *msg = "Key not recognized";
2715 return -1;
2716 }
2717
2718 if (for_unencrypted_conn) {
2719 /* Remove anything that insists it not be sent unencrypted. */
2720 SMARTLIST_FOREACH(fps_out, char *, cp, {
2721 signed_descriptor_t *sd;
2722 if (by_id)
2723 sd = get_signed_descriptor_by_fp(cp,is_extrainfo,0);
2724 else if (is_extrainfo)
2725 sd = extrainfo_get_by_descriptor_digest(cp);
2726 else
2727 sd = router_get_by_descriptor_digest(cp);
2728 if (sd && !sd->send_unencrypted) {
2729 tor_free(cp);
2730 SMARTLIST_DEL_CURRENT(fps_out, cp);
2731 }
2732 });
2733 }
2734
2735 if (!smartlist_len(fps_out)) {
2736 *msg = "Servers unavailable";
2737 return -1;
2738 }
2739 return 0;
2740 }
2741
2742 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
2743 * <b>key</b>. The key should be either
2744 * - "/tor/server/authority" for our own routerinfo;
2745 * - "/tor/server/all" for all the routerinfos we have, concatenated;
2746 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
2747 * hex identity digests; or
2748 * - "/tor/server/d/D" where D is a plus-separated sequence
2749 * of server descriptor digests, in hex.
2750 *
2751 * Return 0 if we found some matching descriptors, or -1 if we do not
2752 * have any descriptors, no matching descriptors, or if we did not
2753 * recognize the key (URL).
2754 * If -1 is returned *<b>msg</b> will be set to an appropriate error
2755 * message.
2756 *
2757 * XXXX rename this function. It's only called from the controller.
2758 * XXXX in fact, refactor this function, mergeing as much as possible.
2759 */
2760 int
2761 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
2762 const char **msg)
2763 {
2764 *msg = NULL;
2765
2766 if (!strcmp(key, "/tor/server/all")) {
2767 routerlist_t *rl = router_get_routerlist();
2768 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2769 smartlist_add(descs_out, &(r->cache_info)));
2770 } else if (!strcmp(key, "/tor/server/authority")) {
2771 routerinfo_t *ri = router_get_my_routerinfo();
2772 if (ri)
2773 smartlist_add(descs_out, &(ri->cache_info));
2774 } else if (!strcmpstart(key, "/tor/server/d/")) {
2775 smartlist_t *digests = smartlist_create();
2776 key += strlen("/tor/server/d/");
2777 dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
2778 SMARTLIST_FOREACH(digests, const char *, d,
2779 {
2780 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
2781 if (sd)
2782 smartlist_add(descs_out,sd);
2783 });
2784 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
2785 smartlist_free(digests);
2786 } else if (!strcmpstart(key, "/tor/server/fp/")) {
2787 smartlist_t *digests = smartlist_create();
2788 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
2789 key += strlen("/tor/server/fp/");
2790 dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
2791 SMARTLIST_FOREACH(digests, const char *, d,
2792 {
2793 if (router_digest_is_me(d)) {
2794 /* make sure desc_routerinfo exists */
2795 routerinfo_t *ri = router_get_my_routerinfo();
2796 if (ri)
2797 smartlist_add(descs_out, &(ri->cache_info));
2798 } else {
2799 routerinfo_t *ri = router_get_by_digest(d);
2800 /* Don't actually serve a descriptor that everyone will think is
2801 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
2802 * Tors from downloading descriptors that they will throw away.
2803 */
2804 if (ri && ri->cache_info.published_on > cutoff)
2805 smartlist_add(descs_out, &(ri->cache_info));
2806 }
2807 });
2808 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
2809 smartlist_free(digests);
2810 } else {
2811 *msg = "Key not recognized";
2812 return -1;
2813 }
2814
2815 if (!smartlist_len(descs_out)) {
2816 *msg = "Servers unavailable";
2817 return -1;
2818 }
2819 return 0;
2820 }
2821
2822 /** Called when a TLS handshake has completed successfully with a
2823 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
2824 * a certificate with digest <b>digest_rcvd</b>.
2825 *
2826 * Also, if as_advertised is 1, then inform the reachability checker
2827 * that we could get to this guy.
2828 */
2829 void
2830 dirserv_orconn_tls_done(const char *address,
2831 uint16_t or_port,
2832 const char *digest_rcvd,
2833 int as_advertised)
2834 {
2835 routerlist_t *rl = router_get_routerlist();
2836 time_t now = time(NULL);
2837 int bridge_auth = authdir_mode_bridge(get_options());
2838 tor_assert(address);
2839 tor_assert(digest_rcvd);
2840
2841 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2842 if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
2843 as_advertised &&
2844 !memcmp(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
2845 /* correct digest. mark this router reachable! */
2846 if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) {
2847 log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.",
2848 ri->nickname);
2849 rep_hist_note_router_reachable(digest_rcvd, now);
2850 ri->last_reachable = now;
2851 }
2852 }
2853 });
2854 /* FFFF Maybe we should reinstate the code that dumps routers with the same
2855 * addr/port but with nonmatching keys, but instead of dumping, we should
2856 * skip testing. */
2857 }
2858
2859 /** Auth dir server only: if <b>try_all</b> is 1, launch connections to
2860 * all known routers; else we want to load balance such that we only
2861 * try a few connections per call.
2862 *
2863 * The load balancing is such that if we get called once every ten
2864 * seconds, we will cycle through all the tests in 1280 seconds (a
2865 * bit over 20 minutes).
2866 */
2867 void
2868 dirserv_test_reachability(time_t now, int try_all)
2869 {
2870 /* XXX decide what to do here; see or-talk thread "purging old router
2871 * information, revocation." -NM
2872 * We can't afford to mess with this in 0.1.2.x. The reason is that
2873 * if we stop doing reachability tests on some of routerlist, then
2874 * we'll for-sure think they're down, which may have unexpected
2875 * effects in other parts of the code. It doesn't hurt much to do
2876 * the testing, and directory authorities are easy to upgrade. Let's
2877 * wait til 0.2.0. -RD */
2878 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2879 routerlist_t *rl = router_get_routerlist();
2880 static char ctr = 0;
2881 int bridge_auth = authdir_mode_bridge(get_options());
2882
2883 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, router) {
2884 const char *id_digest = router->cache_info.identity_digest;
2885 tor_addr_t router_addr;
2886 if (router_is_me(router))
2887 continue;
2888 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
2889 continue; /* bridge authorities only test reachability on bridges */
2890 // if (router->cache_info.published_on > cutoff)
2891 // continue;
2892 if (try_all || (((uint8_t)id_digest[0]) % 128) == ctr) {
2893 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
2894 router->nickname, router->address, router->or_port);
2895 /* Remember when we started trying to determine reachability */
2896 if (!router->testing_since)
2897 router->testing_since = now;
2898 tor_addr_from_ipv4h(&router_addr, router->addr);
2899 connection_or_connect(&router_addr, router->or_port, id_digest);
2900 }
2901 } SMARTLIST_FOREACH_END(router);
2902 if (!try_all) /* increment ctr */
2903 ctr = (ctr + 1) % 128;
2904 }
2905
2906 /** Given a fingerprint <b>fp</b> which is either set if we're looking
2907 * for a v2 status, or zeroes if we're looking for a v3 status, return
2908 * a pointer to the appropriate cached dir object, or NULL if there isn't
2909 * one available. */
2910 static cached_dir_t *
2911 lookup_cached_dir_by_fp(const char *fp)
2912 {
2913 cached_dir_t *d = NULL;
2914 if (tor_digest_is_zero(fp) && cached_v3_networkstatus)
2915 d = cached_v3_networkstatus;
2916 else if (router_digest_is_me(fp) && the_v2_networkstatus)
2917 d = the_v2_networkstatus;
2918 else if (cached_v2_networkstatus)
2919 d = digestmap_get(cached_v2_networkstatus, fp);
2920 return d;
2921 }
2922
2923 /** Remove from <b>fps</b> every networkstatus key where both
2924 * a) we have a networkstatus document and
2925 * b) it is not newer than <b>cutoff</b>.
2926 *
2927 * Return 1 if any items were present at all; else return 0.
2928 */
2929 int
2930 dirserv_remove_old_statuses(smartlist_t *fps, time_t cutoff)
2931 {
2932 int found_any = 0;
2933 SMARTLIST_FOREACH(fps, char *, digest,
2934 {
2935 cached_dir_t *d = lookup_cached_dir_by_fp(digest);
2936 if (!d)
2937 continue;
2938 found_any = 1;
2939 if (d->published <= cutoff) {
2940 tor_free(digest);
2941 SMARTLIST_DEL_CURRENT(fps, digest);
2942 }
2943 });
2944
2945 return found_any;
2946 }
2947
2948 /** Return the cache-info for identity fingerprint <b>fp</b>, or
2949 * its extra-info document if <b>extrainfo</b> is true. Return
2950 * NULL if not found or if the descriptor is older than
2951 * <b>publish_cutoff</b>. */
2952 static signed_descriptor_t *
2953 get_signed_descriptor_by_fp(const char *fp, int extrainfo,
2954 time_t publish_cutoff)
2955 {
2956 if (router_digest_is_me(fp)) {
2957 if (extrainfo)
2958 return &(router_get_my_extrainfo()->cache_info);
2959 else
2960 return &(router_get_my_routerinfo()->cache_info);
2961 } else {
2962 routerinfo_t *ri = router_get_by_digest(fp);
2963 if (ri &&
2964 ri->cache_info.published_on > publish_cutoff) {
2965 if (extrainfo)
2966 return extrainfo_get_by_descriptor_digest(
2967 ri->cache_info.extra_info_digest);
2968 else
2969 return &ri->cache_info;
2970 }
2971 }
2972 return NULL;
2973 }
2974
2975 /** Return true iff we have any of the docments (extrainfo or routerdesc)
2976 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
2977 * decide whether to send a 404. */
2978 int
2979 dirserv_have_any_serverdesc(smartlist_t *fps, int spool_src)
2980 {
2981 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
2982 SMARTLIST_FOREACH(fps, const char *, fp, {
2983 switch (spool_src)
2984 {
2985 case DIR_SPOOL_EXTRA_BY_DIGEST:
2986 if (extrainfo_get_by_descriptor_digest(fp)) return 1;
2987 break;
2988 case DIR_SPOOL_SERVER_BY_DIGEST:
2989 if (router_get_by_descriptor_digest(fp)) return 1;
2990 break;
2991 case DIR_SPOOL_EXTRA_BY_FP:
2992 case DIR_SPOOL_SERVER_BY_FP:
2993 if (get_signed_descriptor_by_fp(fp,
2994 spool_src == DIR_SPOOL_EXTRA_BY_FP, publish_cutoff))
2995 return 1;
2996 break;
2997 }
2998 });
2999 return 0;
3000 }
3001
3002 /** Return an approximate estimate of the number of bytes that will
3003 * be needed to transmit the server descriptors (if is_serverdescs --
3004 * they can be either d/ or fp/ queries) or networkstatus objects (if
3005 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3006 * we guess how large the data will be after compression.
3007 *
3008 * The return value is an estimate; it might be larger or smaller.
3009 **/
3010 size_t
3011 dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
3012 int compressed)
3013 {
3014 size_t result;
3015 tor_assert(fps);
3016 if (is_serverdescs) {
3017 int n = smartlist_len(fps);
3018 routerinfo_t *me = router_get_my_routerinfo();
3019 result = (me?me->cache_info.signed_descriptor_len:2048) * n;
3020 if (compressed)
3021 result /= 2; /* observed compressability is between 35 and 55%. */
3022 } else {
3023 result = 0;
3024 SMARTLIST_FOREACH(fps, const char *, digest, {
3025 cached_dir_t *dir = lookup_cached_dir_by_fp(digest);
3026 if (dir)
3027 result += compressed ? dir->dir_z_len : dir->dir_len;
3028 });
3029 }
3030 return result;
3031 }
3032
3033 /** When we're spooling data onto our outbuf, add more whenever we dip
3034 * below this threshold. */
3035 #define DIRSERV_BUFFER_MIN 16384
3036
3037 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3038 * Flushes any remaining data to be (un)compressed, and changes the spool
3039 * source to NONE. Returns 0 on success, negative on failure. */
3040 static int
3041 connection_dirserv_finish_spooling(dir_connection_t *conn)
3042 {
3043 if (conn->zlib_state) {
3044 connection_write_to_buf_zlib("", 0, conn, 1);
3045 tor_zlib_free(conn->zlib_state);
3046 conn->zlib_state = NULL;
3047 }
3048 conn->dir_spool_src = DIR_SPOOL_NONE;
3049 return 0;
3050 }
3051
3052 /** Spooling helper: called when we're sending a bunch of server descriptors,
3053 * and the outbuf has become too empty. Pulls some entries from
3054 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3055 * run out of entries, flushes the zlib state and sets the spool source to
3056 * NONE. Returns 0 on success, negative on failure.
3057 */
3058 static int
3059 connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
3060 {
3061 #ifdef TRACK_SERVED_TIME
3062 time_t now = time(NULL);
3063 #endif
3064 int by_fp = (conn->dir_spool_src == DIR_SPOOL_SERVER_BY_FP ||
3065 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP);
3066 int extra = (conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP ||
3067 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_DIGEST);
3068 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3069
3070 while (smartlist_len(conn->fingerprint_stack) &&
3071 buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3072 const char *body;
3073 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3074 signed_descriptor_t *sd = NULL;
3075 if (by_fp) {
3076 sd = get_signed_descriptor_by_fp(fp, extra, publish_cutoff);
3077 } else {
3078 sd = extra ? extrainfo_get_by_descriptor_digest(fp)
3079 : router_get_by_descriptor_digest(fp);
3080 }
3081 tor_free(fp);
3082 if (!sd)
3083 continue;
3084 if (!connection_dir_is_encrypted(conn) && !sd->send_unencrypted) {
3085 /* we did this check once before (so we could have an accurate size
3086 * estimate and maybe send a 404 if somebody asked for only bridges on a
3087 * connection), but we need to do it again in case a previously
3088 * unknown bridge descriptor has shown up between then and now. */
3089 continue;
3090 }
3091 #ifdef TRACK_SERVED_TIME
3092 sd->last_served_at = now;
3093 #endif
3094 body = signed_descriptor_get_body(sd);
3095 if (conn->zlib_state) {
3096 int last = ! smartlist_len(conn->fingerprint_stack);
3097 connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
3098 last);
3099 if (last) {
3100 tor_zlib_free(conn->zlib_state);
3101 conn->zlib_state = NULL;
3102 }
3103 } else {
3104 connection_write_to_buf(body,
3105 sd->signed_descriptor_len,
3106 TO_CONN(conn));
3107 }
3108 }
3109
3110 if (!smartlist_len(conn->fingerprint_stack)) {
3111 /* We just wrote the last one; finish up. */
3112 conn->dir_spool_src = DIR_SPOOL_NONE;
3113 smartlist_free(conn->fingerprint_stack);
3114 conn->fingerprint_stack = NULL;
3115 }
3116 return 0;
3117 }
3118
3119 /** Spooling helper: Called when we're sending a directory or networkstatus,
3120 * and the outbuf has become too empty. Pulls some bytes from
3121 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3122 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3123 * and sets the spool source to NONE. Returns 0 on success, negative on
3124 * failure. */
3125 static int
3126 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t *conn)
3127 {
3128 ssize_t bytes;
3129 int64_t remaining;
3130
3131 bytes = DIRSERV_BUFFER_MIN - buf_datalen(conn->_base.outbuf);
3132 tor_assert(bytes > 0);
3133 tor_assert(conn->cached_dir);
3134 if (bytes < 8192)
3135 bytes = 8192;
3136 remaining = conn->cached_dir->dir_z_len - conn->cached_dir_offset;
3137 if (bytes > remaining)
3138 bytes = (ssize_t) remaining;
3139
3140 if (conn->zlib_state) {
3141 connection_write_to_buf_zlib(
3142 conn->cached_dir->dir_z + conn->cached_dir_offset,
3143 bytes, conn, bytes == remaining);
3144 } else {
3145 connection_write_to_buf(conn->cached_dir->dir_z + conn->cached_dir_offset,
3146 bytes, TO_CONN(conn));
3147 }
3148 conn->cached_dir_offset += bytes;
3149 if (conn->cached_dir_offset == (int)conn->cached_dir->dir_z_len) {
3150 /* We just wrote the last one; finish up. */
3151 connection_dirserv_finish_spooling(conn);
3152 cached_dir_decref(conn->cached_dir);
3153 conn->cached_dir = NULL;
3154 }
3155 return 0;
3156 }
3157
3158 /** Spooling helper: Called when we're spooling networkstatus objects on
3159 * <b>conn</b>, and the outbuf has become too empty. If the current
3160 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3161 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3162 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3163 * treated as a request for the current consensus.) If we run out of entries,
3164 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3165 * success, negative on failure. */
3166 static int
3167 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
3168 {
3169
3170 while (buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3171 if (conn->cached_dir) {
3172 int uncompressing = (conn->zlib_state != NULL);
3173 int r = connection_dirserv_add_dir_bytes_to_outbuf(conn);
3174 if (conn->dir_spool_src == DIR_SPOOL_NONE) {
3175 /* add_dir_bytes thinks we're done with the cached_dir. But we
3176 * may have more cached_dirs! */
3177 conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
3178 /* This bit is tricky. If we were uncompressing the last
3179 * networkstatus, we may need to make a new zlib object to
3180 * uncompress the next one. */
3181 if (uncompressing && ! conn->zlib_state &&
3182 conn->fingerprint_stack &&
3183 smartlist_len(conn->fingerprint_stack)) {
3184 conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
3185 }
3186 }
3187 if (r) return r;
3188 } else if (conn->fingerprint_stack &&
3189 smartlist_len(conn->fingerprint_stack)) {
3190 /* Add another networkstatus; start serving it. */
3191 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3192 cached_dir_t *d = lookup_cached_dir_by_fp(fp);
3193 tor_free(fp);
3194 if (d) {
3195 ++d->refcnt;
3196 conn->cached_dir = d;
3197 conn->cached_dir_offset = 0;
3198 }
3199 } else {
3200 connection_dirserv_finish_spooling(conn);
3201 if (conn->fingerprint_stack)
3202 smartlist_free(conn->fingerprint_stack);
3203 conn->fingerprint_stack = NULL;
3204 return 0;
3205 }
3206 }
3207 return 0;
3208 }
3209
3210 /** Called whenever we have flushed some directory data in state
3211 * SERVER_WRITING. */
3212 int
3213 connection_dirserv_flushed_some(dir_connection_t *conn)
3214 {
3215 tor_assert(conn->_base.state == DIR_CONN_STATE_SERVER_WRITING);
3216
3217 if (buf_datalen(conn->_base.outbuf) >= DIRSERV_BUFFER_MIN)
3218 return 0;
3219
3220 switch (conn->dir_spool_src) {
3221 case DIR_SPOOL_EXTRA_BY_DIGEST:
3222 case DIR_SPOOL_EXTRA_BY_FP:
3223 case DIR_SPOOL_SERVER_BY_DIGEST:
3224 case DIR_SPOOL_SERVER_BY_FP:
3225 return connection_dirserv_add_servers_to_outbuf(conn);
3226 case DIR_SPOOL_CACHED_DIR:
3227 return connection_dirserv_add_dir_bytes_to_outbuf(conn);
3228 case DIR_SPOOL_NETWORKSTATUS:
3229 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn);
3230 case DIR_SPOOL_NONE:
3231 default:
3232 return 0;
3233 }
3234 }
3235
3236 /** Release all storage used by the directory server. */
3237 void
3238 dirserv_free_all(void)
3239 {
3240 dirserv_free_fingerprint_list();
3241
3242 cached_dir_decref(the_directory);
3243 clear_cached_dir(&the_runningrouters);
3244 cached_dir_decref(the_v2_networkstatus);
3245 cached_dir_decref(cached_directory);
3246 clear_cached_dir(&cached_runningrouters);
3247 if (cached_v2_networkstatus) {
3248 digestmap_free(cached_v2_networkstatus, _free_cached_dir);
3249 cached_v2_networkstatus = NULL;
3250 }
3251 cached_dir_decref(cached_v3_networkstatus);
3252 }
3253