1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2015, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "confparse.h"
12 #include "channeltls.h"
14 #include "connection.h"
15 #include "connection_or.h"
17 #include "directory.h"
20 #include "hibernate.h"
22 #include "microdesc.h"
23 #include "networkstatus.h"
28 #include "routerlist.h"
29 #include "routerparse.h"
30 #include "routerset.h"
35 * \brief Directory server core implementation. Manages directory
36 * contents and generates directories.
39 /** How far in the future do we allow a router to get? (seconds) */
40 #define ROUTER_ALLOW_SKEW (60*60*12)
41 /** How many seconds do we wait before regenerating the directory? */
42 #define DIR_REGEN_SLACK_TIME 30
43 /** If we're a cache, keep this many networkstatuses around from non-trusted
44 * directory authorities. */
45 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
47 extern time_t time_of_process_start
; /* from main.c */
49 extern long stats_n_seconds_working
; /* from main.c */
51 /** Total number of routers with measured bandwidth; this is set by
52 * dirserv_count_measured_bws() before the loop in
53 * dirserv_generate_networkstatus_vote_obj() and checked by
54 * dirserv_get_credible_bandwidth() and
55 * dirserv_compute_performance_thresholds() */
56 static int routers_with_measured_bw
= 0;
58 static void directory_remove_invalid(void);
59 static char *format_versions_list(config_line_t
*ln
);
60 struct authdir_config_t
;
62 dirserv_get_status_impl(const char *fp
, const char *nickname
,
63 uint32_t addr
, uint16_t or_port
,
64 const char *platform
, const char **msg
,
66 static void clear_cached_dir(cached_dir_t
*d
);
67 static const signed_descriptor_t
*get_signed_descriptor_by_fp(
70 time_t publish_cutoff
);
71 static was_router_added_t
dirserv_add_extrainfo(extrainfo_t
*ei
,
73 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
);
74 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
);
76 /************** Fingerprint handling code ************/
78 /* 1 Historically used to indicate Named */
79 #define FP_INVALID 2 /**< Believed invalid. */
80 #define FP_REJECT 4 /**< We will not publish this router. */
81 /* 8 Historically used to avoid using this as a dir. */
82 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
83 /* 32 Historically used to indicade Unnamed */
85 /** Target of status_by_digest map. */
86 typedef uint32_t router_status_t
;
88 static void add_fingerprint_to_dir(const char *fp
,
89 struct authdir_config_t
*list
,
90 router_status_t add_status
);
92 /** List of nickname-\>identity fingerprint mappings for all the routers
93 * that we name. Used to prevent router impersonation. */
94 typedef struct authdir_config_t
{
95 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
96 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
99 /** Should be static; exposed for testing. */
100 static authdir_config_t
*fingerprint_list
= NULL
;
102 /** Allocate and return a new, empty, authdir_config_t. */
103 static authdir_config_t
*
104 authdir_config_new(void)
106 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
107 list
->fp_by_name
= strmap_new();
108 list
->status_by_digest
= digestmap_new();
112 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
113 * <b>list</b>, or-ing the currently set status flags with
117 add_fingerprint_to_dir(const char *fp
, authdir_config_t
*list
,
118 router_status_t add_status
)
122 router_status_t
*status
;
126 fingerprint
= tor_strdup(fp
);
127 tor_strstrip(fingerprint
, " ");
128 if (base16_decode(d
, DIGEST_LEN
, fingerprint
, strlen(fingerprint
))) {
129 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
131 tor_free(fingerprint
);
135 status
= digestmap_get(list
->status_by_digest
, d
);
137 status
= tor_malloc_zero(sizeof(router_status_t
));
138 digestmap_set(list
->status_by_digest
, d
, status
);
141 tor_free(fingerprint
);
142 *status
|= add_status
;
146 /** Add the fingerprint for this OR to the global list of recognized
147 * identity key fingerprints. */
149 dirserv_add_own_fingerprint(crypto_pk_t
*pk
)
151 char fp
[FINGERPRINT_LEN
+1];
152 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
153 log_err(LD_BUG
, "Error computing fingerprint");
156 if (!fingerprint_list
)
157 fingerprint_list
= authdir_config_new();
158 add_fingerprint_to_dir(fp
, fingerprint_list
, 0);
162 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
163 * file. The file format is line-based, with each non-blank holding one
164 * nickname, some space, and a fingerprint for that nickname. On success,
165 * replace the current fingerprint list with the new list and return 0. On
166 * failure, leave the current fingerprint list untouched, and return -1. */
168 dirserv_load_fingerprint_file(void)
172 char *nickname
, *fingerprint
;
173 authdir_config_t
*fingerprint_list_new
;
175 config_line_t
*front
=NULL
, *list
;
177 fname
= get_datadir_fname("approved-routers");
179 "Reloading approved fingerprints from \"%s\"...", fname
);
181 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
183 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
189 result
= config_get_lines(cf
, &front
, 0);
192 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
196 fingerprint_list_new
= authdir_config_new();
198 for (list
=front
; list
; list
=list
->next
) {
199 char digest_tmp
[DIGEST_LEN
];
200 router_status_t add_status
= 0;
201 nickname
= list
->key
; fingerprint
= list
->value
;
202 tor_strstrip(fingerprint
, " "); /* remove spaces */
203 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
204 base16_decode(digest_tmp
, sizeof(digest_tmp
),
205 fingerprint
, HEX_DIGEST_LEN
) < 0) {
206 log_notice(LD_CONFIG
,
207 "Invalid fingerprint (nickname '%s', "
208 "fingerprint %s). Skipping.",
209 nickname
, fingerprint
);
212 if (!strcasecmp(nickname
, "!reject")) {
213 add_status
= FP_REJECT
;
214 } else if (!strcasecmp(nickname
, "!badexit")) {
215 add_status
= FP_BADEXIT
;
216 } else if (!strcasecmp(nickname
, "!invalid")) {
217 add_status
= FP_INVALID
;
219 add_fingerprint_to_dir(fingerprint
, fingerprint_list_new
, add_status
);
222 config_free_lines(front
);
223 dirserv_free_fingerprint_list();
224 fingerprint_list
= fingerprint_list_new
;
225 /* Delete any routers whose fingerprints we no longer recognize */
226 directory_remove_invalid();
230 /* If this is set, then we don't allow routers that have advertised an Ed25519
231 * identity to stop doing so. This is going to be essential for good identity
232 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
233 * just sign fake descriptors missing the Ed25519 key. But we won't actually
234 * be able to prevent that kind of thing until we're confident that there
235 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
236 * to leave this #undef.
238 #undef DISABLE_DISABLING_ED25519
240 /** Check whether <b>router</b> has a nickname/identity key combination that
241 * we recognize from the fingerprint list, or an IP we automatically act on
242 * according to our configuration. Return the appropriate router status.
244 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
245 * *<b>msg</b> to an explanation of why. */
247 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
,
251 const int key_pinning
= get_options()->AuthDirPinKeys
;
253 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
254 log_warn(LD_BUG
,"Error computing fingerprint");
256 *msg
= "Bug: Error computing fingerprint";
260 if (router
->signing_key_cert
) {
261 /* This has an ed25519 identity key. */
262 if (KEYPIN_MISMATCH
==
263 keypin_check((const uint8_t*)router
->cache_info
.identity_digest
,
264 router
->signing_key_cert
->signing_key
.pubkey
)) {
265 log_fn(severity
, LD_DIR
,
266 "Descriptor from router %s has an Ed25519 key, "
267 "but the <rsa,ed25519> keys don't match what they were before.",
268 router_describe(router
));
271 *msg
= "Ed25519 identity key or RSA identity key has changed.";
278 if (KEYPIN_MISMATCH
== keypin_check_lone_rsa(
279 (const uint8_t*)router
->cache_info
.identity_digest
)) {
280 log_fn(severity
, LD_DIR
,
281 "Descriptor from router %s has no Ed25519 key, "
282 "when we previously knew an Ed25519 for it. Ignoring for now, "
283 "since Ed25519 keys are fairly new.",
284 router_describe(router
));
285 #ifdef DISABLE_DISABLING_ED25519
288 *msg
= "Ed25519 identity key has disappeared.";
296 return dirserv_get_status_impl(d
, router
->nickname
,
297 router
->addr
, router
->or_port
,
298 router
->platform
, msg
, severity
);
301 /** Return true if there is no point in downloading the router described by
302 * <b>rs</b> because this directory would reject it. */
304 dirserv_would_reject_router(const routerstatus_t
*rs
)
308 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
309 rs
->addr
, rs
->or_port
,
310 NULL
, NULL
, LOG_DEBUG
);
312 return (res
& FP_REJECT
) != 0;
315 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
316 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
317 * port and platform (logging only) as arguments.
319 * Log messages at 'severity'. (There's not much point in
320 * logging that we're rejecting servers we'll not download.)
323 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
324 uint32_t addr
, uint16_t or_port
,
325 const char *platform
, const char **msg
, int severity
)
328 router_status_t
*status_by_digest
;
330 if (!fingerprint_list
)
331 fingerprint_list
= authdir_config_new();
333 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
334 strmap_size(fingerprint_list
->fp_by_name
),
335 digestmap_size(fingerprint_list
->status_by_digest
));
337 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
338 * missing some important security fixes too. Disable them. */
339 if (platform
&& !tor_version_as_new_as(platform
,"0.2.4.18-rc")) {
341 *msg
= "Tor version is insecure or unsupported. Please upgrade!";
345 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
347 if (status_by_digest
)
348 result
|= *status_by_digest
;
350 if (result
& FP_REJECT
) {
352 *msg
= "Fingerprint is marked rejected";
354 } else if (result
& FP_INVALID
) {
356 *msg
= "Fingerprint is marked invalid";
359 if (authdir_policy_badexit_address(addr
, or_port
)) {
360 log_fn(severity
, LD_DIRSERV
,
361 "Marking '%s' as bad exit because of address '%s'",
362 nickname
, fmt_addr32(addr
));
363 result
|= FP_BADEXIT
;
366 if (!authdir_policy_permits_address(addr
, or_port
)) {
367 log_fn(severity
, LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
368 nickname
, fmt_addr32(addr
));
370 *msg
= "Authdir is rejecting routers in this range.";
373 if (!authdir_policy_valid_address(addr
, or_port
)) {
374 log_fn(severity
, LD_DIRSERV
,
375 "Not marking '%s' valid because of address '%s'",
376 nickname
, fmt_addr32(addr
));
377 result
|= FP_INVALID
;
383 /** Clear the current fingerprint list. */
385 dirserv_free_fingerprint_list(void)
387 if (!fingerprint_list
)
390 strmap_free(fingerprint_list
->fp_by_name
, tor_free_
);
391 digestmap_free(fingerprint_list
->status_by_digest
, tor_free_
);
392 tor_free(fingerprint_list
);
399 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
400 * unless we're configured to not care. Return 0 if all ok. */
402 dirserv_router_has_valid_address(routerinfo_t
*ri
)
405 if (get_options()->DirAllowPrivateAddresses
)
406 return 0; /* whatever it is, we're fine with it */
407 tor_addr_from_ipv4h(&addr
, ri
->addr
);
409 if (tor_addr_is_internal(&addr
, 0)) {
411 "Router %s published internal IP address. Refusing.",
412 router_describe(ri
));
413 return -1; /* it's a private IP, we should reject it */
418 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
419 * set its is_valid,running fields and return 0. Otherwise, return -1.
421 * If the router is rejected, set *<b>msg</b> to an explanation of why.
423 * If <b>complain</b> then explain at log-level 'notice' why we refused
424 * a descriptor; else explain at log-level 'info'.
427 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
428 int complain
, int *valid_out
)
430 /* Okay. Now check whether the fingerprint is recognized. */
432 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
433 uint32_t status
= dirserv_router_get_status(ri
, msg
, severity
);
435 if (status
& FP_REJECT
)
436 return -1; /* msg is already set. */
438 /* Is there too much clock skew? */
440 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
441 log_fn(severity
, LD_DIRSERV
, "Publication time for %s is too "
442 "far (%d minutes) in the future; possible clock skew. Not adding "
445 (int)((ri
->cache_info
.published_on
-now
)/60),
446 esc_router_info(ri
));
447 *msg
= "Rejected: Your clock is set too far in the future, or your "
448 "timezone is not correct.";
451 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
452 log_fn(severity
, LD_DIRSERV
,
453 "Publication time for %s is too far "
454 "(%d minutes) in the past. Not adding (%s)",
456 (int)((now
-ri
->cache_info
.published_on
)/60),
457 esc_router_info(ri
));
458 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
459 " or your timezone is not correct.";
462 if (dirserv_router_has_valid_address(ri
) < 0) {
463 log_fn(severity
, LD_DIRSERV
,
464 "Router %s has invalid address. Not adding (%s).",
466 esc_router_info(ri
));
467 *msg
= "Rejected: Address is a private address.";
471 *valid_out
= ! (status
& FP_INVALID
);
476 /** Update the relevant flags of <b>node</b> based on our opinion as a
477 * directory authority in <b>authstatus</b>, as returned by
478 * dirserv_router_get_status or equivalent. */
480 dirserv_set_node_flags_from_authoritative_status(node_t
*node
,
483 node
->is_valid
= (authstatus
& FP_INVALID
) ? 0 : 1;
484 node
->is_bad_exit
= (authstatus
& FP_BADEXIT
) ? 1 : 0;
487 /** True iff <b>a</b> is more severe than <b>b</b>. */
489 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
494 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
495 * returns the most severe error that occurred for any one of them. */
497 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
501 was_router_added_t r
, r_tmp
;
506 time_t now
= time(NULL
);
507 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
508 char time_buf
[ISO_TIME_LEN
+1];
509 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
512 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
514 format_iso_time(time_buf
, now
);
515 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
518 "%s%s%s", time_buf
, escaped(source
),
519 !general
? "@purpose " : "",
520 !general
? router_purpose_to_string(purpose
) : "",
521 !general
? "\n" : "")<0) {
522 *msg
= "Couldn't format annotations";
527 list
= smartlist_new();
528 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
529 annotation_buf
, NULL
)) {
530 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
532 tor_assert(ri
->purpose
== purpose
);
533 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
534 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
540 n_parsed
+= smartlist_len(list
);
541 smartlist_clear(list
);
544 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
546 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
549 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
550 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
556 n_parsed
+= smartlist_len(list
);
557 smartlist_free(list
);
561 *msg
= "No descriptors found in your POST.";
562 if (WRA_WAS_ADDED(r
))
563 r
= ROUTER_IS_ALREADY_KNOWN
;
565 *msg
= "(no message)";
572 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
573 * the list of server descriptors. Set *<b>msg</b> to a message that should be
574 * passed back to the origin of this descriptor, or NULL if there is no such
575 * message. Use <b>source</b> to produce better log messages.
577 * Return the status of the operation
579 * This function is only called when fresh descriptors are posted, not when
580 * we re-load the cache.
583 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
585 was_router_added_t r
;
586 routerinfo_t
*ri_old
;
587 char *desc
, *nickname
;
588 const size_t desclen
= ri
->cache_info
.signed_descriptor_len
+
589 ri
->cache_info
.annotations_len
;
590 const int key_pinning
= get_options()->AuthDirPinKeys
;
593 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
594 * network and it'll clog everything up. */
595 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
596 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
597 " (source: %s) with size %d. Either this is an attack, or the "
598 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
599 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
600 MAX_DESCRIPTOR_UPLOAD_SIZE
);
601 *msg
= "Router descriptor was too large.";
602 control_event_or_authdir_new_descriptor("REJECTED",
603 ri
->cache_info
.signed_descriptor_body
,
606 return ROUTER_AUTHDIR_REJECTS
;
609 /* Check whether this descriptor is semantically identical to the last one
610 * from this server. (We do this here and not in router_add_to_routerlist
611 * because we want to be able to accept the newest router descriptor that
612 * another authority has, so we all converge on the same one.) */
613 ri_old
= router_get_mutable_by_digest(ri
->cache_info
.identity_digest
);
614 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
615 && router_differences_are_cosmetic(ri_old
, ri
)
616 && !router_is_me(ri
)) {
618 "Not replacing descriptor from %s (source: %s); "
619 "differences are cosmetic.",
620 router_describe(ri
), source
);
621 *msg
= "Not replacing router descriptor; no information has changed since "
622 "the last one with this identity.";
623 control_event_or_authdir_new_descriptor("DROPPED",
624 ri
->cache_info
.signed_descriptor_body
,
627 return ROUTER_IS_ALREADY_KNOWN
;
630 /* Do keypinning again ... this time, to add the pin if appropriate */
632 if (ri
->signing_key_cert
) {
633 keypin_status
= keypin_check_and_add(
634 (const uint8_t*)ri
->cache_info
.identity_digest
,
635 ri
->signing_key_cert
->signing_key
.pubkey
,
638 keypin_status
= keypin_check_lone_rsa(
639 (const uint8_t*)ri
->cache_info
.identity_digest
);
640 #ifndef DISABLE_DISABLING_ED25519
641 if (keypin_status
== KEYPIN_MISMATCH
)
642 keypin_status
= KEYPIN_NOT_FOUND
;
645 if (keypin_status
== KEYPIN_MISMATCH
&& key_pinning
) {
646 log_info(LD_DIRSERV
, "Dropping descriptor from %s (source: %s) because "
647 "its key did not match an older RSA/Ed25519 keypair",
648 router_describe(ri
), source
);
649 *msg
= "Looks like your keypair does not match its older value.";
650 return ROUTER_AUTHDIR_REJECTS
;
653 /* Make a copy of desc, since router_add_to_routerlist might free
654 * ri and its associated signed_descriptor_t. */
655 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
656 nickname
= tor_strdup(ri
->nickname
);
658 /* Tell if we're about to need to launch a test if we add this. */
659 ri
->needs_retest_if_added
=
660 dirserv_should_launch_reachability_test(ri
, ri_old
);
662 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
663 if (!WRA_WAS_ADDED(r
)) {
664 /* unless the routerinfo was fine, just out-of-date */
665 if (WRA_WAS_REJECTED(r
))
666 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
668 "Did not add descriptor from '%s' (source: %s): %s.",
669 nickname
, source
, *msg
? *msg
: "(no message)");
671 smartlist_t
*changed
;
672 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
674 changed
= smartlist_new();
675 smartlist_add(changed
, ri
);
676 routerlist_descriptors_added(changed
, 0);
677 smartlist_free(changed
);
679 *msg
= "Descriptor accepted";
682 "Added descriptor from '%s' (source: %s): %s.",
683 nickname
, source
, *msg
);
690 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
691 static was_router_added_t
692 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
699 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
700 * can mess with some of the flags in ri->cache_info. */
701 ri
= router_get_mutable_by_digest(ei
->cache_info
.identity_digest
);
703 *msg
= "No corresponding router descriptor for extra-info descriptor";
705 return ROUTER_BAD_EI
;
708 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
709 * network and it'll clog everything up. */
710 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
711 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
712 "with size %d. Either this is an attack, or the "
713 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
714 (int)ei
->cache_info
.signed_descriptor_len
,
715 MAX_EXTRAINFO_UPLOAD_SIZE
);
716 *msg
= "Extrainfo document was too large";
718 return ROUTER_BAD_EI
;
721 if ((r
= routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
,
722 &ri
->cache_info
, msg
))) {
724 return r
< 0 ? ROUTER_IS_ALREADY_KNOWN
: ROUTER_BAD_EI
;
726 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
727 return ROUTER_ADDED_SUCCESSFULLY
;
730 /** Remove all descriptors whose nicknames or fingerprints no longer
731 * are allowed by our fingerprint list. (Descriptors that used to be
732 * good can become bad when we reload the fingerprint list.)
735 directory_remove_invalid(void)
737 routerlist_t
*rl
= router_get_routerlist();
738 smartlist_t
*nodes
= smartlist_new();
739 smartlist_add_all(nodes
, nodelist_get_list());
741 SMARTLIST_FOREACH_BEGIN(nodes
, node_t
*, node
) {
742 const char *msg
= NULL
;
743 routerinfo_t
*ent
= node
->ri
;
744 char description
[NODE_DESC_BUF_LEN
];
748 r
= dirserv_router_get_status(ent
, &msg
, LOG_INFO
);
749 router_get_description(description
, ent
);
751 log_info(LD_DIRSERV
, "Router %s is now rejected: %s",
752 description
, msg
?msg
:"");
753 routerlist_remove(rl
, ent
, 0, time(NULL
));
756 if (bool_neq((r
& FP_INVALID
), !node
->is_valid
)) {
757 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", description
,
758 (r
&FP_INVALID
) ? "in" : "");
759 node
->is_valid
= (r
&FP_INVALID
)?0:1;
761 if (bool_neq((r
& FP_BADEXIT
), node
->is_bad_exit
)) {
762 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", description
,
763 (r
& FP_BADEXIT
) ? "bad" : "good");
764 node
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
766 } SMARTLIST_FOREACH_END(node
);
768 routerlist_assert_ok(rl
);
769 smartlist_free(nodes
);
773 * Allocate and return a description of the status of the server <b>desc</b>,
774 * for use in a v1-style router-status line. The server is listed
775 * as running iff <b>is_live</b> is true.
778 list_single_server_status(const routerinfo_t
*desc
, int is_live
)
780 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
790 node
= node_get_by_id(desc
->cache_info
.identity_digest
);
791 if (node
&& node
->is_valid
) {
792 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
797 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
799 return tor_strdup(buf
);
802 /* DOCDOC running_long_enough_to_decide_unreachable */
804 running_long_enough_to_decide_unreachable(void)
806 return time_of_process_start
807 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
810 /** Each server needs to have passed a reachability test no more
811 * than this number of seconds ago, or it is listed as down in
813 #define REACHABLE_TIMEOUT (45*60)
815 /** If we tested a router and found it reachable _at least this long_ after it
816 * declared itself hibernating, it is probably done hibernating and we just
817 * missed a descriptor from it. */
818 #define HIBERNATION_PUBLICATION_SKEW (60*60)
820 /** Treat a router as alive if
821 * - It's me, and I'm not hibernating.
822 * or - We've found it reachable recently. */
824 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
826 /*XXXX024 This function is a mess. Separate out the part that calculates
827 whether it's reachable and the part that tells rephist that the router was
831 const or_options_t
*options
= get_options();
832 node_t
*node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
835 if (router_is_me(router
)) {
836 /* We always know if we are down ourselves. */
837 answer
= ! we_are_hibernating();
838 } else if (router
->is_hibernating
&&
839 (router
->cache_info
.published_on
+
840 HIBERNATION_PUBLICATION_SKEW
) > node
->last_reachable
) {
841 /* A hibernating router is down unless we (somehow) had contact with it
842 * since it declared itself to be hibernating. */
844 } else if (options
->AssumeReachable
) {
845 /* If AssumeReachable, everybody is up unless they say they are down! */
848 /* Otherwise, a router counts as up if we found all announced OR
849 ports reachable in the last REACHABLE_TIMEOUT seconds.
851 XXX prop186 For now there's always one IPv4 and at most one
854 If we're not on IPv6, don't consider reachability of potential
855 IPv6 OR port since that'd kill all dual stack relays until a
856 majority of the dir auths have IPv6 connectivity. */
857 answer
= (now
< node
->last_reachable
+ REACHABLE_TIMEOUT
&&
858 (options
->AuthDirHasIPv6Connectivity
!= 1 ||
859 tor_addr_is_null(&router
->ipv6_addr
) ||
860 now
< node
->last_reachable6
+ REACHABLE_TIMEOUT
));
863 if (!answer
&& running_long_enough_to_decide_unreachable()) {
864 /* Not considered reachable. tell rephist about that.
866 Because we launch a reachability test for each router every
867 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
868 been down since at least that time after we last successfully reached
874 if (node
->last_reachable
&&
875 node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
< now
)
876 when
= node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
;
877 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, when
);
880 node
->is_running
= answer
;
883 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
884 * contents of a v1-style router-status line, and store it in
885 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
887 * If for_controller is true, include the routers with very old descriptors.
890 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
893 /* List of entries in a router-status style: An optional !, then an optional
894 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
895 smartlist_t
*rs_entries
;
896 time_t now
= time(NULL
);
897 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
898 const or_options_t
*options
= get_options();
899 /* We include v2 dir auths here too, because they need to answer
900 * controllers. Eventually we'll deprecate this whole function;
901 * see also networkstatus_getinfo_by_purpose(). */
902 int authdir
= authdir_mode_publishes_statuses(options
);
903 tor_assert(router_status_out
);
905 rs_entries
= smartlist_new();
907 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
908 const node_t
*node
= node_get_by_id(ri
->cache_info
.identity_digest
);
911 /* Update router status in routerinfo_t. */
912 dirserv_set_router_is_running(ri
, now
);
914 if (for_controller
) {
915 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
917 if (!node
->is_running
)
919 router_get_verbose_nickname(cp
, ri
);
920 smartlist_add(rs_entries
, tor_strdup(name_buf
));
921 } else if (ri
->cache_info
.published_on
>= cutoff
) {
922 smartlist_add(rs_entries
, list_single_server_status(ri
,
925 } SMARTLIST_FOREACH_END(ri
);
927 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
929 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
930 smartlist_free(rs_entries
);
935 /** Given a (possibly empty) list of config_line_t, each line of which contains
936 * a list of comma-separated version numbers surrounded by optional space,
937 * allocate and return a new string containing the version numbers, in order,
938 * separated by commas. Used to generate Recommended(Client|Server)?Versions
941 format_versions_list(config_line_t
*ln
)
943 smartlist_t
*versions
;
945 versions
= smartlist_new();
946 for ( ; ln
; ln
= ln
->next
) {
947 smartlist_split_string(versions
, ln
->value
, ",",
948 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
950 sort_version_list(versions
, 1);
951 result
= smartlist_join_strings(versions
,",",0,NULL
);
952 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
953 smartlist_free(versions
);
957 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
958 * not hibernating, having observed bw greater 0, and not too old. Else
962 router_is_active(const routerinfo_t
*ri
, const node_t
*node
, time_t now
)
964 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
965 if (ri
->cache_info
.published_on
< cutoff
) {
968 if (!node
->is_running
|| !node
->is_valid
|| ri
->is_hibernating
) {
971 /* Only require bandwith capacity in non-test networks, or
972 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
973 if (!ri
->bandwidthcapacity
) {
974 if (get_options()->TestingTorNetwork
) {
975 if (get_options()->TestingMinExitFlagThreshold
> 0) {
976 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
977 * then require bandwidthcapacity */
981 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
988 /** Generate a new v1 directory and write it into a newly allocated string.
989 * Point *<b>dir_out</b> to the allocated string. Sign the
990 * directory with <b>private_key</b>. Return 0 on success, -1 on
991 * failure. If <b>complete</b> is set, give us all the descriptors;
992 * otherwise leave out non-running and non-valid ones.
995 dirserv_dump_directory_to_string(char **dir_out
,
996 crypto_pk_t
*private_key
)
998 /* XXXX 024 Get rid of this function if we can confirm that nobody's
999 * fetching these any longer */
1001 char *identity_pkey
; /* Identity key, DER64-encoded. */
1002 char *recommended_versions
;
1003 char digest
[DIGEST_LEN
];
1004 char published
[ISO_TIME_LEN
+1];
1007 size_t identity_pkey_len
;
1008 time_t now
= time(NULL
);
1010 tor_assert(dir_out
);
1013 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1014 &identity_pkey_len
)<0) {
1015 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1019 recommended_versions
=
1020 format_versions_list(get_options()->RecommendedVersions
);
1022 format_iso_time(published
, now
);
1024 buf_len
= 2048+strlen(recommended_versions
);
1026 buf
= tor_malloc(buf_len
);
1027 /* We'll be comparing against buf_len throughout the rest of the
1028 function, though strictly speaking we shouldn't be able to exceed
1029 it. This is C, after all, so we may as well check for buffer
1032 tor_snprintf(buf
, buf_len
,
1033 "signed-directory\n"
1035 "recommended-software %s\n"
1036 "router-status %s\n"
1037 "dir-signing-key\n%s\n",
1038 published
, recommended_versions
, "",
1041 tor_free(recommended_versions
);
1042 tor_free(identity_pkey
);
1044 cp
= buf
+ strlen(buf
);
1047 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1049 if (strlcat(buf
, "directory-signature ", buf_len
) >= buf_len
)
1051 if (strlcat(buf
, get_options()->Nickname
, buf_len
) >= buf_len
)
1053 if (strlcat(buf
, "\n", buf_len
) >= buf_len
)
1056 if (router_get_dir_hash(buf
,digest
)) {
1057 log_warn(LD_BUG
,"couldn't compute digest");
1061 note_crypto_pk_op(SIGN_DIR
);
1062 if (router_append_dirobj_signature(buf
,buf_len
,digest
,DIGEST_LEN
,
1071 log_warn(LD_BUG
,"tried to exceed string length.");
1076 /********************************************************************/
1078 /* A set of functions to answer questions about how we'd like to behave
1079 * as a directory mirror/client. */
1081 /** Return 1 if we fetch our directory material directly from the
1082 * authorities, rather than from a mirror. */
1084 directory_fetches_from_authorities(const or_options_t
*options
)
1086 const routerinfo_t
*me
;
1089 if (options
->FetchDirInfoEarly
)
1091 if (options
->BridgeRelay
== 1)
1093 if (server_mode(options
) && router_pick_published_address(options
, &addr
)<0)
1094 return 1; /* we don't know our IP address; ask an authority. */
1095 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1096 should_refuse_unknown_exits(options
);
1097 if (!options
->DirPort_set
&& !refuseunknown
)
1099 if (!server_mode(options
) || !advertised_server_mode())
1101 me
= router_get_my_routerinfo();
1102 if (!me
|| (!me
->dir_port
&& !refuseunknown
))
1103 return 0; /* if dirport not advertised, return 0 too */
1107 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1108 * on the "mirror" schedule rather than the "client" schedule.
1111 directory_fetches_dir_info_early(const or_options_t
*options
)
1113 return directory_fetches_from_authorities(options
);
1116 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1117 * on a very passive schedule -- waiting long enough for ordinary clients
1118 * to probably have the info we want. These would include bridge users,
1119 * and maybe others in the future e.g. if a Tor client uses another Tor
1120 * client as a directory guard.
1123 directory_fetches_dir_info_later(const or_options_t
*options
)
1125 return options
->UseBridges
!= 0;
1128 /** Return true iff we want to fetch and keep certificates for authorities
1129 * that we don't acknowledge as authorities ourself.
1132 directory_caches_unknown_auth_certs(const or_options_t
*options
)
1134 return options
->DirPort_set
|| options
->BridgeRelay
;
1137 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1138 * and we're willing to serve them to others. Else return 0.
1141 directory_caches_dir_info(const or_options_t
*options
)
1143 if (options
->BridgeRelay
|| options
->DirPort_set
)
1145 if (!server_mode(options
) || !advertised_server_mode())
1147 /* We need an up-to-date view of network info if we're going to try to
1148 * block exit attempts from unknown relays. */
1149 return ! router_my_exit_policy_is_reject_star() &&
1150 should_refuse_unknown_exits(options
);
1153 /** Return 1 if we want to allow remote people to ask us directory
1154 * requests via the "begin_dir" interface, which doesn't require
1155 * having any separate port open. */
1157 directory_permits_begindir_requests(const or_options_t
*options
)
1159 return options
->BridgeRelay
!= 0 || options
->DirPort_set
;
1162 /** Return 1 if we have no need to fetch new descriptors. This generally
1163 * happens when we're not a dir cache and we haven't built any circuits
1167 directory_too_idle_to_fetch_descriptors(const or_options_t
*options
,
1170 return !directory_caches_dir_info(options
) &&
1171 !options
->FetchUselessDescriptors
&&
1172 rep_hist_circbuilding_dormant(now
);
1175 /********************************************************************/
1177 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1178 * currently serving. */
1179 static strmap_t
*cached_consensuses
= NULL
;
1181 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1182 * any references. */
1184 cached_dir_decref(cached_dir_t
*d
)
1186 if (!d
|| --d
->refcnt
> 0)
1188 clear_cached_dir(d
);
1192 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1193 * published at <b>published</b>. */
1195 new_cached_dir(char *s
, time_t published
)
1197 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1200 d
->dir_len
= strlen(s
);
1201 d
->published
= published
;
1202 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1204 log_warn(LD_BUG
, "Error compressing directory");
1209 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1211 clear_cached_dir(cached_dir_t
*d
)
1215 memset(d
, 0, sizeof(cached_dir_t
));
1218 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1220 free_cached_dir_(void *_d
)
1226 d
= (cached_dir_t
*)_d
;
1227 cached_dir_decref(d
);
1230 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1231 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1232 * validation is performed. */
1234 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1235 const char *flavor_name
,
1236 const digests_t
*digests
,
1239 cached_dir_t
*new_networkstatus
;
1240 cached_dir_t
*old_networkstatus
;
1241 if (!cached_consensuses
)
1242 cached_consensuses
= strmap_new();
1244 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1245 memcpy(&new_networkstatus
->digests
, digests
, sizeof(digests_t
));
1246 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1248 if (old_networkstatus
)
1249 cached_dir_decref(old_networkstatus
);
1252 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1253 * optionally compressed format, suitable for sending to clients. */
1255 dirserv_get_consensus(const char *flavor_name
)
1257 if (!cached_consensuses
)
1259 return strmap_get(cached_consensuses
, flavor_name
);
1262 /** If a router's uptime is at least this value, then it is always
1263 * considered stable, regardless of the rest of the network. This
1264 * way we resist attacks where an attacker doubles the size of the
1265 * network using allegedly high-uptime nodes, displacing all the
1266 * current guards. */
1267 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1268 /** If a router's MTBF is at least this value, then it is always stable.
1269 * See above. (Corresponds to about 7 days for current decay rates.) */
1270 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1271 /** Similarly, every node with at least this much weighted time known can be
1272 * considered familiar enough to be a guard. Corresponds to about 20 days for
1273 * current decay rates.
1275 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1276 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1278 #define WFU_TO_GUARANTEE_GUARD (0.98)
1280 /* Thresholds for server performance: set by
1281 * dirserv_compute_performance_thresholds, and used by
1282 * generate_v2_networkstatus */
1284 /** Any router with an uptime of at least this value is stable. */
1285 static uint32_t stable_uptime
= 0; /* start at a safe value */
1286 /** Any router with an mtbf of at least this value is stable. */
1287 static double stable_mtbf
= 0.0;
1288 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1289 * than stable_uptime. */
1290 static int enough_mtbf_info
= 0;
1291 /** Any router with a weighted fractional uptime of at least this much might
1292 * be good as a guard. */
1293 static double guard_wfu
= 0.0;
1294 /** Don't call a router a guard unless we've known about it for at least this
1296 static long guard_tk
= 0;
1297 /** Any router with a bandwidth at least this high is "Fast" */
1298 static uint32_t fast_bandwidth_kb
= 0;
1299 /** If exits can be guards, then all guards must have a bandwidth this
1301 static uint32_t guard_bandwidth_including_exits_kb
= 0;
1302 /** If exits can't be guards, then all guards must have a bandwidth this
1304 static uint32_t guard_bandwidth_excluding_exits_kb
= 0;
1306 /** Helper: estimate the uptime of a router given its stated uptime and the
1307 * amount of time since it last stated its stated uptime. */
1309 real_uptime(const routerinfo_t
*router
, time_t now
)
1311 if (now
< router
->cache_info
.published_on
)
1312 return router
->uptime
;
1314 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1317 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1318 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1319 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1323 dirserv_thinks_router_is_unreliable(time_t now
,
1324 routerinfo_t
*router
,
1325 int need_uptime
, int need_capacity
)
1328 if (!enough_mtbf_info
) {
1329 /* XXX024 Once most authorities are on v3, we should change the rule from
1330 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1331 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1332 * hit a point where we need to reset a lot of authorities at once,
1333 * none of them would be in a position to declare Stable.
1335 long uptime
= real_uptime(router
, now
);
1336 if ((unsigned)uptime
< stable_uptime
&&
1337 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1341 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1342 if (mtbf
< stable_mtbf
&&
1343 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1347 if (need_capacity
) {
1348 uint32_t bw_kb
= dirserv_get_credible_bandwidth_kb(router
);
1349 if (bw_kb
< fast_bandwidth_kb
)
1355 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1356 * Right now this means it advertises support for it, it has a high uptime,
1357 * it has a DirPort open, it has the Stable and Fast flag and it's currently
1358 * considered Running.
1360 * This function needs to be called after router-\>is_running has
1364 dirserv_thinks_router_is_hs_dir(const routerinfo_t
*router
,
1365 const node_t
*node
, time_t now
)
1370 /* If we haven't been running for at least
1371 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1372 * have accurate data telling us a relay has been up for at least
1373 * that long. We also want to allow a bit of slack: Reachability
1374 * tests aren't instant. If we haven't been running long enough,
1375 * trust the relay. */
1377 if (stats_n_seconds_working
>
1378 get_options()->MinUptimeHidServDirectoryV2
* 1.1)
1379 uptime
= MIN(rep_hist_get_uptime(router
->cache_info
.identity_digest
, now
),
1380 real_uptime(router
, now
));
1382 uptime
= real_uptime(router
, now
);
1384 return (router
->wants_to_be_hs_dir
&& router
->dir_port
&&
1385 node
->is_stable
&& node
->is_fast
&&
1386 uptime
>= get_options()->MinUptimeHidServDirectoryV2
&&
1387 router_is_active(router
, node
, now
));
1390 /** Don't consider routers with less bandwidth than this when computing
1392 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1394 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1395 * include a router in our calculations, and return true iff we should; the
1396 * require_mbw parameter is passed in by
1397 * dirserv_compute_performance_thresholds() and controls whether we ever
1398 * count routers with only advertised bandwidths */
1400 router_counts_toward_thresholds(const node_t
*node
, time_t now
,
1401 const digestmap_t
*omit_as_sybil
,
1404 /* Have measured bw? */
1406 dirserv_has_measured_bw(node
->identity
);
1407 uint64_t min_bw_kb
= ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB
;
1408 const or_options_t
*options
= get_options();
1410 if (options
->TestingTorNetwork
) {
1411 min_bw_kb
= (int64_t)options
->TestingMinExitFlagThreshold
/ 1000;
1414 return node
->ri
&& router_is_active(node
->ri
, node
, now
) &&
1415 !digestmap_get(omit_as_sybil
, node
->identity
) &&
1416 (dirserv_get_credible_bandwidth_kb(node
->ri
) >= min_bw_kb
) &&
1417 (have_mbw
|| !require_mbw
);
1420 /** Look through the routerlist, the Mean Time Between Failure history, and
1421 * the Weighted Fractional Uptime history, and use them to set thresholds for
1422 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1423 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1424 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1426 * Also, set the is_exit flag of each router appropriately. */
1428 dirserv_compute_performance_thresholds(digestmap_t
*omit_as_sybil
)
1430 int n_active
, n_active_nonexit
, n_familiar
;
1431 uint32_t *uptimes
, *bandwidths_kb
, *bandwidths_excluding_exits_kb
;
1433 double *mtbfs
, *wfus
;
1434 smartlist_t
*nodelist
;
1435 time_t now
= time(NULL
);
1436 const or_options_t
*options
= get_options();
1440 (routers_with_measured_bw
>
1441 options
->MinMeasuredBWsForAuthToIgnoreAdvertised
) ? 1 : 0;
1443 /* initialize these all here, in case there are no routers */
1446 fast_bandwidth_kb
= 0;
1447 guard_bandwidth_including_exits_kb
= 0;
1448 guard_bandwidth_excluding_exits_kb
= 0;
1452 nodelist_assert_ok();
1453 nodelist
= nodelist_get_list();
1455 /* Initialize arrays that will hold values for each router. We'll
1456 * sort them and use that to compute thresholds. */
1457 n_active
= n_active_nonexit
= 0;
1458 /* Uptime for every active router. */
1459 uptimes
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1460 /* Bandwidth for every active router. */
1461 bandwidths_kb
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1462 /* Bandwidth for every active non-exit router. */
1463 bandwidths_excluding_exits_kb
=
1464 tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1465 /* Weighted mean time between failure for each active router. */
1466 mtbfs
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1467 /* Time-known for each active router. */
1468 tks
= tor_calloc(smartlist_len(nodelist
), sizeof(long));
1469 /* Weighted fractional uptime for each active router. */
1470 wfus
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1472 /* Now, fill in the arrays. */
1473 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1474 if (options
->BridgeAuthoritativeDir
&&
1476 node
->ri
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
1478 if (router_counts_toward_thresholds(node
, now
, omit_as_sybil
,
1480 routerinfo_t
*ri
= node
->ri
;
1481 const char *id
= node
->identity
;
1483 /* resolve spurious clang shallow analysis null pointer errors */
1485 node
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1486 exit_policy_is_general_exit(ri
->exit_policy
));
1487 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1488 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1489 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1490 bandwidths_kb
[n_active
] = bw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
1491 if (!node
->is_exit
|| node
->is_bad_exit
) {
1492 bandwidths_excluding_exits_kb
[n_active_nonexit
] = bw_kb
;
1497 } SMARTLIST_FOREACH_END(node
);
1499 /* Now, compute thresholds. */
1501 /* The median uptime is stable. */
1502 stable_uptime
= median_uint32(uptimes
, n_active
);
1503 /* The median mtbf is stable, if we have enough mtbf info */
1504 stable_mtbf
= median_double(mtbfs
, n_active
);
1505 /* The 12.5th percentile bandwidth is fast. */
1506 fast_bandwidth_kb
= find_nth_uint32(bandwidths_kb
, n_active
, n_active
/8);
1507 /* (Now bandwidths is sorted.) */
1508 if (fast_bandwidth_kb
< RELAY_REQUIRED_MIN_BANDWIDTH
/(2 * 1000))
1509 fast_bandwidth_kb
= bandwidths_kb
[n_active
/4];
1510 guard_bandwidth_including_exits_kb
=
1511 third_quartile_uint32(bandwidths_kb
, n_active
);
1512 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1515 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1516 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1519 /* We can vote on a parameter for the minimum and maximum. */
1520 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1521 int32_t min_fast_kb
, max_fast_kb
, min_fast
, max_fast
;
1522 min_fast
= networkstatus_get_param(NULL
, "FastFlagMinThreshold",
1523 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1524 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1526 if (options
->TestingTorNetwork
) {
1527 min_fast
= (int32_t)options
->TestingMinFastFlagThreshold
;
1529 max_fast
= networkstatus_get_param(NULL
, "FastFlagMaxThreshold",
1530 INT32_MAX
, min_fast
, INT32_MAX
);
1531 min_fast_kb
= min_fast
/ 1000;
1532 max_fast_kb
= max_fast
/ 1000;
1534 if (fast_bandwidth_kb
< (uint32_t)min_fast_kb
)
1535 fast_bandwidth_kb
= min_fast_kb
;
1536 if (fast_bandwidth_kb
> (uint32_t)max_fast_kb
)
1537 fast_bandwidth_kb
= max_fast_kb
;
1539 /* Protect sufficiently fast nodes from being pushed out of the set
1541 if (options
->AuthDirFastGuarantee
&&
1542 fast_bandwidth_kb
> options
->AuthDirFastGuarantee
/1000)
1543 fast_bandwidth_kb
= (uint32_t)options
->AuthDirFastGuarantee
/1000;
1545 /* Now that we have a time-known that 7/8 routers are known longer than,
1546 * fill wfus with the wfu of every such "familiar" router. */
1549 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1550 if (router_counts_toward_thresholds(node
, now
,
1551 omit_as_sybil
, require_mbw
)) {
1552 routerinfo_t
*ri
= node
->ri
;
1553 const char *id
= ri
->cache_info
.identity_digest
;
1554 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1557 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1559 } SMARTLIST_FOREACH_END(node
);
1561 guard_wfu
= median_double(wfus
, n_familiar
);
1562 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1563 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1565 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1567 if (n_active_nonexit
) {
1568 guard_bandwidth_excluding_exits_kb
=
1569 find_nth_uint32(bandwidths_excluding_exits_kb
,
1570 n_active_nonexit
, n_active_nonexit
*3/4);
1573 log_info(LD_DIRSERV
,
1574 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1575 "For Fast: %lu kilobytes/sec. "
1576 "For Guard: WFU %.03f%%, time-known %lu sec, "
1577 "and bandwidth %lu or %lu kilobytes/sec. "
1578 "We%s have enough stability data.",
1579 (unsigned long)stable_uptime
,
1580 (unsigned long)stable_mtbf
,
1581 (unsigned long)fast_bandwidth_kb
,
1583 (unsigned long)guard_tk
,
1584 (unsigned long)guard_bandwidth_including_exits_kb
,
1585 (unsigned long)guard_bandwidth_excluding_exits_kb
,
1586 enough_mtbf_info
? "" : " don't");
1590 tor_free(bandwidths_kb
);
1591 tor_free(bandwidths_excluding_exits_kb
);
1596 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1597 * for the status flags, specifically for bridges.
1599 * This is only called by a Bridge Authority from
1600 * networkstatus_getinfo_by_purpose().
1603 dirserv_compute_bridge_flag_thresholds(void)
1605 digestmap_t
*omit_as_sybil
= digestmap_new();
1606 dirserv_compute_performance_thresholds(omit_as_sybil
);
1607 digestmap_free(omit_as_sybil
, NULL
);
1610 /** Measured bandwidth cache entry */
1611 typedef struct mbw_cache_entry_s
{
1614 } mbw_cache_entry_t
;
1616 /** Measured bandwidth cache - keys are identity_digests, values are
1617 * mbw_cache_entry_t *. */
1618 static digestmap_t
*mbw_cache
= NULL
;
1620 /** Store a measured bandwidth cache entry when reading the measured
1621 * bandwidths file. */
1623 dirserv_cache_measured_bw(const measured_bw_line_t
*parsed_line
,
1626 mbw_cache_entry_t
*e
= NULL
;
1628 tor_assert(parsed_line
);
1630 /* Allocate a cache if we need */
1631 if (!mbw_cache
) mbw_cache
= digestmap_new();
1633 /* Check if we have an existing entry */
1634 e
= digestmap_get(mbw_cache
, parsed_line
->node_id
);
1635 /* If we do, we can re-use it */
1637 /* Check that we really are newer, and update */
1638 if (as_of
> e
->as_of
) {
1639 e
->mbw_kb
= parsed_line
->bw_kb
;
1643 /* We'll have to insert a new entry */
1644 e
= tor_malloc(sizeof(*e
));
1645 e
->mbw_kb
= parsed_line
->bw_kb
;
1647 digestmap_set(mbw_cache
, parsed_line
->node_id
, e
);
1651 /** Clear and free the measured bandwidth cache */
1653 dirserv_clear_measured_bw_cache(void)
1656 /* Free the map and all entries */
1657 digestmap_free(mbw_cache
, tor_free_
);
1662 /** Scan the measured bandwidth cache and remove expired entries */
1664 dirserv_expire_measured_bw_cache(time_t now
)
1668 /* Iterate through the cache and check each entry */
1669 DIGESTMAP_FOREACH_MODIFY(mbw_cache
, k
, mbw_cache_entry_t
*, e
) {
1670 if (now
> e
->as_of
+ MAX_MEASUREMENT_AGE
) {
1674 } DIGESTMAP_FOREACH_END
;
1676 /* Check if we cleared the whole thing and free if so */
1677 if (digestmap_size(mbw_cache
) == 0) {
1678 digestmap_free(mbw_cache
, tor_free_
);
1684 /** Get the current size of the measured bandwidth cache */
1686 dirserv_get_measured_bw_cache_size(void)
1688 if (mbw_cache
) return digestmap_size(mbw_cache
);
1692 /** Query the cache by identity digest, return value indicates whether
1693 * we found it. The bw_out and as_of_out pointers receive the cached
1694 * bandwidth value and the time it was cached if not NULL. */
1696 dirserv_query_measured_bw_cache_kb(const char *node_id
, long *bw_kb_out
,
1699 mbw_cache_entry_t
*v
= NULL
;
1702 if (mbw_cache
&& node_id
) {
1703 v
= digestmap_get(mbw_cache
, node_id
);
1705 /* Found something */
1707 if (bw_kb_out
) *bw_kb_out
= v
->mbw_kb
;
1708 if (as_of_out
) *as_of_out
= v
->as_of
;
1715 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1717 dirserv_has_measured_bw(const char *node_id
)
1719 return dirserv_query_measured_bw_cache_kb(node_id
, NULL
, NULL
);
1722 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1723 * preferring measured to advertised values if available. */
1726 dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
)
1730 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1731 * signed) longs and the ones router_get_advertised_bandwidth() returns
1738 * * First try to see if we have a measured bandwidth; don't bother with
1739 * as_of_out here, on the theory that a stale measured bandwidth is still
1740 * better to trust than an advertised one.
1742 if (dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1745 bw_kb
= (uint32_t)mbw_kb
;
1747 /* If not, fall back to advertised */
1748 bw_kb
= router_get_advertised_bandwidth(ri
) / 1000;
1755 /** Look through the routerlist, and using the measured bandwidth cache count
1756 * how many measured bandwidths we know. This is used to decide whether we
1757 * ever trust advertised bandwidths for purposes of assigning flags. */
1759 dirserv_count_measured_bws(const smartlist_t
*routers
)
1761 /* Initialize this first */
1762 routers_with_measured_bw
= 0;
1764 /* Iterate over the routerlist and count measured bandwidths */
1765 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
1766 /* Check if we know a measured bandwidth for this one */
1767 if (dirserv_has_measured_bw(ri
->cache_info
.identity_digest
)) {
1768 ++routers_with_measured_bw
;
1770 } SMARTLIST_FOREACH_END(ri
);
1773 /** Return the bandwidth we believe for assigning flags; prefer measured
1774 * over advertised, and if we have above a threshold quantity of measured
1775 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1778 dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
)
1785 /* Check if we have a measured bandwidth, and check the threshold if not */
1786 if (!(dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1788 threshold
= get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1789 if (routers_with_measured_bw
> threshold
) {
1790 /* Return zero for unmeasured bandwidth if we are above threshold */
1793 /* Return an advertised bandwidth otherwise */
1794 bw_kb
= router_get_advertised_bandwidth_capped(ri
) / 1000;
1797 /* We have the measured bandwidth in mbw */
1798 bw_kb
= (uint32_t)mbw_kb
;
1804 /** Give a statement of our current performance thresholds for inclusion
1805 * in a vote document. */
1807 dirserv_get_flag_thresholds_line(void)
1810 const int measured_threshold
=
1811 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1812 const int enough_measured_bw
= routers_with_measured_bw
> measured_threshold
;
1814 tor_asprintf(&result
,
1815 "stable-uptime=%lu stable-mtbf=%lu "
1817 "guard-wfu=%.03f%% guard-tk=%lu "
1818 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1819 "enough-mtbf=%d ignoring-advertised-bws=%d",
1820 (unsigned long)stable_uptime
,
1821 (unsigned long)stable_mtbf
,
1822 (unsigned long)fast_bandwidth_kb
*1000,
1824 (unsigned long)guard_tk
,
1825 (unsigned long)guard_bandwidth_including_exits_kb
*1000,
1826 (unsigned long)guard_bandwidth_excluding_exits_kb
*1000,
1827 enough_mtbf_info
? 1 : 0,
1828 enough_measured_bw
? 1 : 0);
1833 /** Given a platform string as in a routerinfo_t (possibly null), return a
1834 * newly allocated version string for a networkstatus document, or NULL if the
1835 * platform doesn't give a Tor version. */
1837 version_from_platform(const char *platform
)
1839 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1840 const char *eos
= find_whitespace(platform
+4);
1841 if (eos
&& !strcmpstart(eos
, " (r")) {
1842 /* XXXX Unify this logic with the other version extraction
1843 * logic in routerparse.c. */
1844 eos
= find_whitespace(eos
+1);
1847 return tor_strndup(platform
, eos
-platform
);
1853 /** Helper: write the router-status information in <b>rs</b> into a newly
1854 * allocated character buffer. Use the same format as in network-status
1855 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1856 * Return 0 on success, -1 on failure.
1858 * The format argument has one of the following values:
1859 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1860 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1861 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1863 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1864 * it contains additional information for the vote.
1865 * NS_CONTROL_PORT - Output a NS document for the control port
1868 routerstatus_format_entry(const routerstatus_t
*rs
, const char *version
,
1869 routerstatus_format_type_t format
,
1870 const vote_routerstatus_t
*vrs
)
1873 char *result
= NULL
;
1875 char published
[ISO_TIME_LEN
+1];
1876 char identity64
[BASE64_DIGEST_LEN
+1];
1877 char digest64
[BASE64_DIGEST_LEN
+1];
1878 smartlist_t
*chunks
= smartlist_new();
1880 format_iso_time(published
, rs
->published_on
);
1881 digest_to_base64(identity64
, rs
->identity_digest
);
1882 digest_to_base64(digest64
, rs
->descriptor_digest
);
1884 smartlist_add_asprintf(chunks
,
1885 "r %s %s %s%s%s %s %d %d\n",
1888 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
1889 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
1891 fmt_addr32(rs
->addr
),
1895 /* TODO: Maybe we want to pass in what we need to build the rest of
1896 * this here, instead of in the caller. Then we could use the
1897 * networkstatus_type_t values, with an additional control port value
1900 /* V3 microdesc consensuses don't have "a" lines. */
1901 if (format
== NS_V3_CONSENSUS_MICRODESC
)
1904 /* Possible "a" line. At most one for now. */
1905 if (!tor_addr_is_null(&rs
->ipv6_addr
)) {
1906 smartlist_add_asprintf(chunks
, "a %s\n",
1907 fmt_addrport(&rs
->ipv6_addr
, rs
->ipv6_orport
));
1910 if (format
== NS_V3_CONSENSUS
)
1913 smartlist_add_asprintf(chunks
,
1914 "s%s%s%s%s%s%s%s%s%s%s\n",
1915 /* These must stay in alphabetical order. */
1916 rs
->is_authority
?" Authority":"",
1917 rs
->is_bad_exit
?" BadExit":"",
1918 rs
->is_exit
?" Exit":"",
1919 rs
->is_fast
?" Fast":"",
1920 rs
->is_possible_guard
?" Guard":"",
1921 rs
->is_hs_dir
?" HSDir":"",
1922 rs
->is_flagged_running
?" Running":"",
1923 rs
->is_stable
?" Stable":"",
1924 (rs
->dir_port
!=0)?" V2Dir":"",
1925 rs
->is_valid
?" Valid":"");
1927 /* length of "opt v \n" */
1928 #define V_LINE_OVERHEAD 7
1929 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
1930 smartlist_add_asprintf(chunks
, "v %s\n", version
);
1933 if (format
!= NS_V2
) {
1934 const routerinfo_t
* desc
= router_get_by_id_digest(rs
->identity_digest
);
1937 if (format
!= NS_CONTROL_PORT
) {
1938 /* Blow up more or less nicely if we didn't get anything or not the
1939 * thing we expected.
1942 char id
[HEX_DIGEST_LEN
+1];
1943 char dd
[HEX_DIGEST_LEN
+1];
1945 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1946 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
1947 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
1948 "(wanted descriptor %s).",
1953 /* This assert could fire for the control port, because
1954 * it can request NS documents before all descriptors
1955 * have been fetched. Therefore, we only do this test when
1956 * format != NS_CONTROL_PORT. */
1957 if (tor_memneq(desc
->cache_info
.signed_descriptor_digest
,
1958 rs
->descriptor_digest
,
1960 char rl_d
[HEX_DIGEST_LEN
+1];
1961 char rs_d
[HEX_DIGEST_LEN
+1];
1962 char id
[HEX_DIGEST_LEN
+1];
1964 base16_encode(rl_d
, sizeof(rl_d
),
1965 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
1966 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
1967 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1968 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
1969 "the one in routerstatus: %s vs %s "
1973 tor_assert(tor_memeq(desc
->cache_info
.signed_descriptor_digest
,
1974 rs
->descriptor_digest
,
1979 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
1980 bw_kb
= rs
->bandwidth_kb
;
1983 bw_kb
= router_get_advertised_bandwidth_capped(desc
) / 1000;
1985 smartlist_add_asprintf(chunks
,
1986 "w Bandwidth=%d", bw_kb
);
1988 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->has_measured_bw
) {
1989 smartlist_add_asprintf(chunks
,
1990 " Measured=%d", vrs
->measured_bw_kb
);
1992 /* Write down guardfraction information if we have it. */
1993 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->status
.has_guardfraction
) {
1994 smartlist_add_asprintf(chunks
,
1995 " GuardFraction=%d",
1996 vrs
->status
.guardfraction_percentage
);
1999 smartlist_add(chunks
, tor_strdup("\n"));
2002 summary
= policy_summarize(desc
->exit_policy
, AF_INET
);
2003 smartlist_add_asprintf(chunks
, "p %s\n", summary
);
2007 if (format
== NS_V3_VOTE
&& vrs
) {
2008 if (tor_mem_is_zero((char*)vrs
->ed25519_id
, ED25519_PUBKEY_LEN
)) {
2009 smartlist_add(chunks
, tor_strdup("id ed25519 none\n"));
2011 char ed_b64
[BASE64_DIGEST256_LEN
+1];
2012 digest256_to_base64(ed_b64
, (const char*)vrs
->ed25519_id
);
2013 smartlist_add_asprintf(chunks
, "id ed25519 %s\n", ed_b64
);
2019 result
= smartlist_join_strings(chunks
, "", 0, NULL
);
2022 SMARTLIST_FOREACH(chunks
, char *, cp
, tor_free(cp
));
2023 smartlist_free(chunks
);
2028 /** Helper for sorting: compares two routerinfos first by address, and then by
2029 * descending order of "usefulness". (An authority is more useful than a
2030 * non-authority; a running router is more useful than a non-running router;
2031 * and a router with more bandwidth is more useful than one with less.)
2034 compare_routerinfo_by_ip_and_bw_(const void **a
, const void **b
)
2036 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2037 int first_is_auth
, second_is_auth
;
2038 uint32_t bw_kb_first
, bw_kb_second
;
2039 const node_t
*node_first
, *node_second
;
2040 int first_is_running
, second_is_running
;
2042 /* we return -1 if first should appear before second... that is,
2043 * if first is a better router. */
2044 if (first
->addr
< second
->addr
)
2046 else if (first
->addr
> second
->addr
)
2049 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2050 * reality, we will almost never get here, since addresses will usually be
2054 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2056 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2058 if (first_is_auth
&& !second_is_auth
)
2060 else if (!first_is_auth
&& second_is_auth
)
2063 node_first
= node_get_by_id(first
->cache_info
.identity_digest
);
2064 node_second
= node_get_by_id(second
->cache_info
.identity_digest
);
2065 first_is_running
= node_first
&& node_first
->is_running
;
2066 second_is_running
= node_second
&& node_second
->is_running
;
2068 if (first_is_running
&& !second_is_running
)
2070 else if (!first_is_running
&& second_is_running
)
2073 bw_kb_first
= dirserv_get_bandwidth_for_router_kb(first
);
2074 bw_kb_second
= dirserv_get_bandwidth_for_router_kb(second
);
2076 if (bw_kb_first
> bw_kb_second
)
2078 else if (bw_kb_first
< bw_kb_second
)
2081 /* They're equal! Compare by identity digest, so there's a
2082 * deterministic order and we avoid flapping. */
2083 return fast_memcmp(first
->cache_info
.identity_digest
,
2084 second
->cache_info
.identity_digest
,
2088 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2089 * whose keys are the identity digests of those routers that we're going to
2090 * exclude for Sybil-like appearance. */
2091 static digestmap_t
*
2092 get_possible_sybil_list(const smartlist_t
*routers
)
2094 const or_options_t
*options
= get_options();
2095 digestmap_t
*omit_as_sybil
;
2096 smartlist_t
*routers_by_ip
= smartlist_new();
2099 /* Allow at most this number of Tor servers on a single IP address, ... */
2100 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2101 /* ... unless it's a directory authority, in which case allow more. */
2102 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2103 if (max_with_same_addr
<= 0)
2104 max_with_same_addr
= INT_MAX
;
2105 if (max_with_same_addr_on_authority
<= 0)
2106 max_with_same_addr_on_authority
= INT_MAX
;
2108 smartlist_add_all(routers_by_ip
, routers
);
2109 smartlist_sort(routers_by_ip
, compare_routerinfo_by_ip_and_bw_
);
2110 omit_as_sybil
= digestmap_new();
2114 SMARTLIST_FOREACH_BEGIN(routers_by_ip
, routerinfo_t
*, ri
) {
2115 if (last_addr
!= ri
->addr
) {
2116 last_addr
= ri
->addr
;
2118 } else if (++addr_count
> max_with_same_addr
) {
2119 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2120 addr_count
> max_with_same_addr_on_authority
)
2121 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2123 } SMARTLIST_FOREACH_END(ri
);
2125 smartlist_free(routers_by_ip
);
2126 return omit_as_sybil
;
2129 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2130 * remove the older one. If they are exactly the same age, remove the one
2131 * with the greater descriptor digest. May alter the order of the list. */
2133 routers_make_ed_keys_unique(smartlist_t
*routers
)
2136 digest256map_t
*by_ed_key
= digest256map_new();
2138 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2139 ri
->omit_from_vote
= 0;
2140 if (ri
->signing_key_cert
== NULL
)
2141 continue; /* No ed key */
2142 const uint8_t *pk
= ri
->signing_key_cert
->signing_key
.pubkey
;
2143 if ((ri2
= digest256map_get(by_ed_key
, pk
))) {
2144 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2145 * one has the earlier published_on. */
2146 const time_t ri_pub
= ri
->cache_info
.published_on
;
2147 const time_t ri2_pub
= ri2
->cache_info
.published_on
;
2148 if (ri2_pub
< ri_pub
||
2149 (ri2_pub
== ri_pub
&&
2150 memcmp(ri
->cache_info
.signed_descriptor_digest
,
2151 ri2
->cache_info
.signed_descriptor_digest
,DIGEST_LEN
)<0)) {
2152 digest256map_set(by_ed_key
, pk
, ri
);
2153 ri2
->omit_from_vote
= 1;
2155 ri
->omit_from_vote
= 1;
2159 digest256map_set(by_ed_key
, pk
, ri
);
2161 } SMARTLIST_FOREACH_END(ri
);
2163 digest256map_free(by_ed_key
, NULL
);
2165 /* Now remove every router where the omit_from_vote flag got set. */
2166 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
2167 if (ri
->omit_from_vote
) {
2168 SMARTLIST_DEL_CURRENT(routers
, ri
);
2170 } SMARTLIST_FOREACH_END(ri
);
2173 /** Extract status information from <b>ri</b> and from other authority
2174 * functions and store it in <b>rs</b>>.
2176 * We assume that ri-\>is_running has already been set, e.g. by
2177 * dirserv_set_router_is_running(ri, now);
2180 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2186 const or_options_t
*options
= get_options();
2187 uint32_t routerbw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
2189 memset(rs
, 0, sizeof(routerstatus_t
));
2192 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2194 /* Already set by compute_performance_thresholds. */
2195 rs
->is_exit
= node
->is_exit
;
2196 rs
->is_stable
= node
->is_stable
=
2197 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0);
2198 rs
->is_fast
= node
->is_fast
=
2199 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2200 rs
->is_flagged_running
= node
->is_running
; /* computed above */
2202 rs
->is_valid
= node
->is_valid
;
2204 if (node
->is_fast
&&
2205 ((options
->AuthDirGuardBWGuarantee
&&
2206 routerbw_kb
>= options
->AuthDirGuardBWGuarantee
/1000) ||
2207 routerbw_kb
>= MIN(guard_bandwidth_including_exits_kb
,
2208 guard_bandwidth_excluding_exits_kb
))) {
2209 long tk
= rep_hist_get_weighted_time_known(
2210 node
->identity
, now
);
2211 double wfu
= rep_hist_get_weighted_fractional_uptime(
2212 node
->identity
, now
);
2213 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2215 rs
->is_possible_guard
= 0;
2218 rs
->is_bad_exit
= listbadexits
&& node
->is_bad_exit
;
2219 rs
->is_hs_dir
= node
->is_hs_dir
=
2220 dirserv_thinks_router_is_hs_dir(ri
, node
, now
);
2222 rs
->is_named
= rs
->is_unnamed
= 0;
2224 rs
->published_on
= ri
->cache_info
.published_on
;
2225 memcpy(rs
->identity_digest
, node
->identity
, DIGEST_LEN
);
2226 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2228 rs
->addr
= ri
->addr
;
2229 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2230 rs
->or_port
= ri
->or_port
;
2231 rs
->dir_port
= ri
->dir_port
;
2232 if (options
->AuthDirHasIPv6Connectivity
== 1 &&
2233 !tor_addr_is_null(&ri
->ipv6_addr
) &&
2234 node
->last_reachable6
>= now
- REACHABLE_TIMEOUT
) {
2235 /* We're configured as having IPv6 connectivity. There's an IPv6
2236 OR port and it's reachable so copy it to the routerstatus. */
2237 tor_addr_copy(&rs
->ipv6_addr
, &ri
->ipv6_addr
);
2238 rs
->ipv6_orport
= ri
->ipv6_orport
;
2241 if (options
->TestingTorNetwork
) {
2242 dirserv_set_routerstatus_testing(rs
);
2246 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2247 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2248 * respectively. But don't set the corresponding node flags.
2249 * Should only be called if TestingTorNetwork is set. */
2251 dirserv_set_routerstatus_testing(routerstatus_t
*rs
)
2253 const or_options_t
*options
= get_options();
2255 tor_assert(options
->TestingTorNetwork
);
2257 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteExit
,
2260 } else if (options
->TestingDirAuthVoteExitIsStrict
) {
2264 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteGuard
,
2266 rs
->is_possible_guard
= 1;
2267 } else if (options
->TestingDirAuthVoteGuardIsStrict
) {
2268 rs
->is_possible_guard
= 0;
2271 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteHSDir
,
2274 } else if (options
->TestingDirAuthVoteHSDirIsStrict
) {
2279 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2280 * too narrow an IP-space. Clear out its flags: we don't want people
2284 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2286 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2287 rs
->is_flagged_running
= rs
->is_named
= rs
->is_valid
=
2288 rs
->is_hs_dir
= rs
->is_possible_guard
= rs
->is_bad_exit
= 0;
2289 /* FFFF we might want some mechanism to check later on if we
2290 * missed zeroing any flags: it's easy to add a new flag but
2291 * forget to add it to this clause. */
2294 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2295 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2296 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2297 * information to it.
2299 * Return 1 if we applied the information and 0 if we couldn't find a
2302 * Requires that <b>vote_routerstatuses</b> be sorted.
2305 guardfraction_line_apply(const char *guard_id
,
2306 uint32_t guardfraction_percentage
,
2307 smartlist_t
*vote_routerstatuses
)
2309 vote_routerstatus_t
*vrs
= NULL
;
2311 tor_assert(vote_routerstatuses
);
2313 vrs
= smartlist_bsearch(vote_routerstatuses
, guard_id
,
2314 compare_digest_to_vote_routerstatus_entry
);
2320 vrs
->status
.has_guardfraction
= 1;
2321 vrs
->status
.guardfraction_percentage
= guardfraction_percentage
;
2326 /* Given a guard line from a guardfraction file, parse it and register
2327 * its information to <b>vote_routerstatuses</b>.
2330 * * 1 if the line was proper and its information got registered.
2331 * * 0 if the line was proper but no currently active guard was found
2332 * to register the guardfraction information to.
2333 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2334 newly allocated string containing the error message.
2337 guardfraction_file_parse_guard_line(const char *guard_line
,
2338 smartlist_t
*vote_routerstatuses
,
2341 char guard_id
[DIGEST_LEN
];
2342 uint32_t guardfraction
;
2343 char *inputs_tmp
= NULL
;
2346 smartlist_t
*sl
= smartlist_new();
2349 tor_assert(err_msg
);
2351 /* guard_line should contain something like this:
2352 <hex digest> <guardfraction> <appearances> */
2353 smartlist_split_string(sl
, guard_line
, " ",
2354 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2355 if (smartlist_len(sl
) < 3) {
2356 tor_asprintf(err_msg
, "bad line '%s'", guard_line
);
2360 inputs_tmp
= smartlist_get(sl
, 0);
2361 if (strlen(inputs_tmp
) != HEX_DIGEST_LEN
||
2362 base16_decode(guard_id
, DIGEST_LEN
, inputs_tmp
, HEX_DIGEST_LEN
)) {
2363 tor_asprintf(err_msg
, "bad digest '%s'", inputs_tmp
);
2367 inputs_tmp
= smartlist_get(sl
, 1);
2368 /* Guardfraction is an integer in [0, 100]. */
2370 (uint32_t) tor_parse_long(inputs_tmp
, 10, 0, 100, &num_ok
, NULL
);
2372 tor_asprintf(err_msg
, "wrong percentage '%s'", inputs_tmp
);
2376 /* If routerstatuses were provided, apply this info to actual routers. */
2377 if (vote_routerstatuses
) {
2378 retval
= guardfraction_line_apply(guard_id
, guardfraction
,
2379 vote_routerstatuses
);
2381 retval
= 0; /* If we got this far, line was correctly formatted. */
2386 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2392 /** Given an inputs line from a guardfraction file, parse it and
2393 * register its information to <b>total_consensuses</b> and
2394 * <b>total_days</b>.
2396 * Return 0 if it parsed well. Return -1 if there was an error, and
2397 * set <b>err_msg</b> to a newly allocated string containing the
2401 guardfraction_file_parse_inputs_line(const char *inputs_line
,
2402 int *total_consensuses
,
2407 char *inputs_tmp
= NULL
;
2409 smartlist_t
*sl
= smartlist_new();
2411 tor_assert(err_msg
);
2413 /* Second line is inputs information:
2414 * n-inputs <total_consensuses> <total_days>. */
2415 smartlist_split_string(sl
, inputs_line
, " ",
2416 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2417 if (smartlist_len(sl
) < 2) {
2418 tor_asprintf(err_msg
, "incomplete line '%s'", inputs_line
);
2422 inputs_tmp
= smartlist_get(sl
, 0);
2423 *total_consensuses
=
2424 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2426 tor_asprintf(err_msg
, "unparseable consensus '%s'", inputs_tmp
);
2430 inputs_tmp
= smartlist_get(sl
, 1);
2432 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2434 tor_asprintf(err_msg
, "unparseable days '%s'", inputs_tmp
);
2441 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2447 /* Maximum age of a guardfraction file that we are willing to accept. */
2448 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2450 /** Static strings of guardfraction files. */
2451 #define GUARDFRACTION_DATE_STR "written-at"
2452 #define GUARDFRACTION_INPUTS "n-inputs"
2453 #define GUARDFRACTION_GUARD "guard-seen"
2454 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2456 /** Given a guardfraction file in a string, parse it and register the
2457 * guardfraction information to the provided vote routerstatuses.
2459 * This is the rough format of the guardfraction file:
2461 * guardfraction-file-version 1
2462 * written-at <date and time>
2463 * n-inputs <number of consesuses parsed> <number of days considered>
2465 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2466 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2467 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2468 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2469 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2472 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2473 * should tolerate errors in all lines but the written-at header.
2476 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str
,
2477 smartlist_t
*vote_routerstatuses
)
2479 config_line_t
*front
=NULL
, *line
;
2482 int current_line_n
= 0; /* line counter for better log messages */
2484 /* Guardfraction info to be parsed */
2485 int total_consensuses
= 0;
2489 int guards_read_n
= 0;
2490 int guards_applied_n
= 0;
2492 /* Parse file and split it in lines */
2493 ret_tmp
= config_get_lines(guardfraction_file_str
, &front
, 0);
2495 log_warn(LD_CONFIG
, "Error reading from guardfraction file");
2499 /* Sort routerstatuses (needed later when applying guardfraction info) */
2500 if (vote_routerstatuses
)
2501 smartlist_sort(vote_routerstatuses
, compare_vote_routerstatus_entries
);
2503 for (line
= front
; line
; line
=line
->next
) {
2506 if (!strcmp(line
->key
, GUARDFRACTION_VERSION
)) {
2508 unsigned int version
;
2511 (unsigned int) tor_parse_long(line
->value
,
2512 10, 0, INT_MAX
, &num_ok
, NULL
);
2514 if (!num_ok
|| version
!= 1) {
2515 log_warn(LD_GENERAL
, "Got unknown guardfraction version %d.", version
);
2518 } else if (!strcmp(line
->key
, GUARDFRACTION_DATE_STR
)) {
2519 time_t file_written_at
;
2520 time_t now
= time(NULL
);
2522 /* First line is 'written-at <date>' */
2523 if (parse_iso_time(line
->value
, &file_written_at
) < 0) {
2524 log_warn(LD_CONFIG
, "Guardfraction:%d: Bad date '%s'. Ignoring",
2525 current_line_n
, line
->value
);
2526 goto done
; /* don't tolerate failure here. */
2528 if (file_written_at
< now
- MAX_GUARDFRACTION_FILE_AGE
) {
2529 log_warn(LD_CONFIG
, "Guardfraction:%d: was written very long ago '%s'",
2530 current_line_n
, line
->value
);
2531 goto done
; /* don't tolerate failure here. */
2533 } else if (!strcmp(line
->key
, GUARDFRACTION_INPUTS
)) {
2534 char *err_msg
= NULL
;
2536 if (guardfraction_file_parse_inputs_line(line
->value
,
2540 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2541 current_line_n
, err_msg
);
2546 } else if (!strcmp(line
->key
, GUARDFRACTION_GUARD
)) {
2547 char *err_msg
= NULL
;
2549 ret_tmp
= guardfraction_file_parse_guard_line(line
->value
,
2550 vote_routerstatuses
,
2552 if (ret_tmp
< 0) { /* failed while parsing the guard line */
2553 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2554 current_line_n
, err_msg
);
2559 /* Successfully parsed guard line. Check if it was applied properly. */
2565 log_warn(LD_CONFIG
, "Unknown guardfraction line %d (%s %s)",
2566 current_line_n
, line
->key
, line
->value
);
2573 "Successfully parsed guardfraction file with %d consensuses over "
2574 "%d days. Parsed %d nodes and applied %d of them%s.",
2575 total_consensuses
, total_days
, guards_read_n
, guards_applied_n
,
2576 vote_routerstatuses
? "" : " (no routerstatus provided)" );
2579 config_free_lines(front
);
2584 return guards_read_n
;
2588 /** Read a guardfraction file at <b>fname</b> and load all its
2589 * information to <b>vote_routerstatuses</b>. */
2591 dirserv_read_guardfraction_file(const char *fname
,
2592 smartlist_t
*vote_routerstatuses
)
2594 char *guardfraction_file_str
;
2596 /* Read file to a string */
2597 guardfraction_file_str
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
2598 if (!guardfraction_file_str
) {
2599 log_warn(LD_FS
, "Cannot open guardfraction file '%s'. Failing.", fname
);
2603 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str
,
2604 vote_routerstatuses
);
2608 * Helper function to parse out a line in the measured bandwidth file
2609 * into a measured_bw_line_t output structure. Returns -1 on failure
2613 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2615 char *line
= tor_strdup(orig_line
);
2618 int got_node_id
= 0;
2619 char *strtok_state
; /* lame sauce d'jour */
2620 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2623 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2624 escaped(orig_line
));
2629 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2630 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2631 escaped(orig_line
));
2637 if (strcmpstart(cp
, "bw=") == 0) {
2641 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2642 escaped(orig_line
));
2648 out
->bw_kb
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2649 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2650 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2651 escaped(orig_line
));
2656 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2658 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2659 escaped(orig_line
));
2663 cp
+=strlen("node_id=$");
2665 if (strlen(cp
) != HEX_DIGEST_LEN
||
2666 base16_decode(out
->node_id
, DIGEST_LEN
, cp
, HEX_DIGEST_LEN
)) {
2667 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2668 escaped(orig_line
));
2672 strlcpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2675 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2677 if (got_bw
&& got_node_id
) {
2681 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2682 escaped(orig_line
));
2689 * Helper function to apply a parsed measurement line to a list
2690 * of bandwidth statuses. Returns true if a line is found,
2694 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2695 smartlist_t
*routerstatuses
)
2697 vote_routerstatus_t
*rs
= NULL
;
2698 if (!routerstatuses
)
2701 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2702 compare_digest_to_vote_routerstatus_entry
);
2705 rs
->has_measured_bw
= 1;
2706 rs
->measured_bw_kb
= (uint32_t)parsed_line
->bw_kb
;
2708 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2709 parsed_line
->node_hex
);
2716 * Read the measured bandwidth file and apply it to the list of
2717 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2720 dirserv_read_measured_bandwidths(const char *from_file
,
2721 smartlist_t
*routerstatuses
)
2724 FILE *fp
= tor_fopen_cloexec(from_file
, "r");
2725 int applied_lines
= 0;
2726 time_t file_time
, now
;
2730 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2735 if (!fgets(line
, sizeof(line
), fp
)
2736 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2737 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2743 line
[strlen(line
)-1] = '\0';
2744 file_time
= (time_t)tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2746 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2753 if ((now
- file_time
) > MAX_MEASUREMENT_AGE
) {
2754 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2755 (unsigned)(time(NULL
) - file_time
));
2761 smartlist_sort(routerstatuses
, compare_vote_routerstatus_entries
);
2764 measured_bw_line_t parsed_line
;
2765 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2766 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2767 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2768 dirserv_cache_measured_bw(&parsed_line
, file_time
);
2769 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2775 /* Now would be a nice time to clean the cache, too */
2776 dirserv_expire_measured_bw_cache(now
);
2779 log_info(LD_DIRSERV
,
2780 "Bandwidth measurement file successfully read. "
2781 "Applied %d measurements.", applied_lines
);
2785 /** Return a new networkstatus_t* containing our current opinion. (For v3
2788 dirserv_generate_networkstatus_vote_obj(crypto_pk_t
*private_key
,
2789 authority_cert_t
*cert
)
2791 const or_options_t
*options
= get_options();
2792 networkstatus_t
*v3_out
= NULL
;
2794 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2795 const char *contact
;
2796 smartlist_t
*routers
, *routerstatuses
;
2797 char identity_digest
[DIGEST_LEN
];
2798 char signing_key_digest
[DIGEST_LEN
];
2799 int listbadexits
= options
->AuthDirListBadExits
;
2800 routerlist_t
*rl
= router_get_routerlist();
2801 time_t now
= time(NULL
);
2802 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2803 networkstatus_voter_info_t
*voter
= NULL
;
2804 vote_timing_t timing
;
2805 digestmap_t
*omit_as_sybil
= NULL
;
2806 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2807 smartlist_t
*microdescriptors
= NULL
;
2809 tor_assert(private_key
);
2812 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2813 log_err(LD_BUG
, "Error computing signing key digest");
2816 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2817 log_err(LD_BUG
, "Error computing identity key digest");
2820 if (resolve_my_address(LOG_WARN
, options
, &addr
, NULL
, &hostname
)<0) {
2821 log_warn(LD_NET
, "Couldn't resolve my hostname");
2824 if (!hostname
|| !strchr(hostname
, '.')) {
2826 hostname
= tor_dup_ip(addr
);
2829 if (options
->VersioningAuthoritativeDir
) {
2830 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2831 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2834 contact
= get_options()->ContactInfo
;
2839 * Do this so dirserv_compute_performance_thresholds() and
2840 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2842 if (options
->V3BandwidthsFile
) {
2843 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
, NULL
);
2846 * No bandwidths file; clear the measured bandwidth cache in case we had
2847 * one last time around.
2849 if (dirserv_get_measured_bw_cache_size() > 0) {
2850 dirserv_clear_measured_bw_cache();
2854 /* precompute this part, since we need it to decide what "stable"
2856 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2857 dirserv_set_router_is_running(ri
, now
);
2860 routers
= smartlist_new();
2861 smartlist_add_all(routers
, rl
->routers
);
2862 routers_make_ed_keys_unique(routers
);
2863 /* After this point, don't use rl->routers; use 'routers' instead. */
2864 routers_sort_by_identity(routers
);
2865 omit_as_sybil
= get_possible_sybil_list(routers
);
2867 DIGESTMAP_FOREACH(omit_as_sybil
, sybil_id
, void *, ignore
) {
2869 rep_hist_make_router_pessimal(sybil_id
, now
);
2870 } DIGESTMAP_FOREACH_END
;
2872 /* Count how many have measured bandwidths so we know how to assign flags;
2873 * this must come before dirserv_compute_performance_thresholds() */
2874 dirserv_count_measured_bws(routers
);
2876 dirserv_compute_performance_thresholds(omit_as_sybil
);
2878 routerstatuses
= smartlist_new();
2879 microdescriptors
= smartlist_new();
2881 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2882 if (ri
->cache_info
.published_on
>= cutoff
) {
2884 vote_routerstatus_t
*vrs
;
2885 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2889 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2891 set_routerstatus_from_routerinfo(rs
, node
, ri
, now
,
2894 if (ri
->signing_key_cert
) {
2895 memcpy(vrs
->ed25519_id
, ri
->signing_key_cert
->signing_key
.pubkey
,
2896 ED25519_PUBKEY_LEN
);
2899 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2900 clear_status_flags_on_sybil(rs
);
2902 if (!vote_on_reachability
)
2903 rs
->is_flagged_running
= 0;
2905 vrs
->version
= version_from_platform(ri
->platform
);
2906 vrs
->microdesc
= dirvote_format_all_microdesc_vote_lines(ri
, now
,
2909 smartlist_add(routerstatuses
, vrs
);
2911 } SMARTLIST_FOREACH_END(ri
);
2914 smartlist_t
*added
=
2915 microdescs_add_list_to_cache(get_microdesc_cache(),
2916 microdescriptors
, SAVED_NOWHERE
, 0);
2917 smartlist_free(added
);
2918 smartlist_free(microdescriptors
);
2921 smartlist_free(routers
);
2922 digestmap_free(omit_as_sybil
, NULL
);
2924 /* Apply guardfraction information to routerstatuses. */
2925 if (options
->GuardfractionFile
) {
2926 dirserv_read_guardfraction_file(options
->GuardfractionFile
,
2930 /* This pass through applies the measured bw lines to the routerstatuses */
2931 if (options
->V3BandwidthsFile
) {
2932 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2936 * No bandwidths file; clear the measured bandwidth cache in case we had
2937 * one last time around.
2939 if (dirserv_get_measured_bw_cache_size() > 0) {
2940 dirserv_clear_measured_bw_cache();
2944 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2946 v3_out
->type
= NS_TYPE_VOTE
;
2947 dirvote_get_preferred_voting_intervals(&timing
);
2948 v3_out
->published
= now
;
2950 char tbuf
[ISO_TIME_LEN
+1];
2951 networkstatus_t
*current_consensus
=
2952 networkstatus_get_live_consensus(now
);
2953 long last_consensus_interval
; /* only used to pick a valid_after */
2954 if (current_consensus
)
2955 last_consensus_interval
= current_consensus
->fresh_until
-
2956 current_consensus
->valid_after
;
2958 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2959 v3_out
->valid_after
=
2960 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
,
2961 options
->TestingV3AuthVotingStartOffset
);
2962 format_iso_time(tbuf
, v3_out
->valid_after
);
2963 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2964 "consensus_set=%d, last_interval=%d",
2965 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2967 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2968 v3_out
->valid_until
= v3_out
->valid_after
+
2969 (timing
.vote_interval
* timing
.n_intervals_valid
);
2970 v3_out
->vote_seconds
= timing
.vote_delay
;
2971 v3_out
->dist_seconds
= timing
.dist_delay
;
2972 tor_assert(v3_out
->vote_seconds
> 0);
2973 tor_assert(v3_out
->dist_seconds
> 0);
2974 tor_assert(timing
.n_intervals_valid
> 0);
2976 v3_out
->client_versions
= client_versions
;
2977 v3_out
->server_versions
= server_versions
;
2978 v3_out
->package_lines
= smartlist_new();
2981 for (cl
= get_options()->RecommendedPackages
; cl
; cl
= cl
->next
) {
2982 if (validate_recommended_package_line(cl
->value
))
2983 smartlist_add(v3_out
->package_lines
, tor_strdup(cl
->value
));
2987 v3_out
->known_flags
= smartlist_new();
2988 smartlist_split_string(v3_out
->known_flags
,
2989 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
2990 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2991 if (vote_on_reachability
)
2992 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2994 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2995 smartlist_sort_strings(v3_out
->known_flags
);
2997 if (options
->ConsensusParams
) {
2998 v3_out
->net_params
= smartlist_new();
2999 smartlist_split_string(v3_out
->net_params
,
3000 options
->ConsensusParams
, NULL
, 0, 0);
3001 smartlist_sort_strings(v3_out
->net_params
);
3004 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
3005 voter
->nickname
= tor_strdup(options
->Nickname
);
3006 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
3007 voter
->sigs
= smartlist_new();
3008 voter
->address
= hostname
;
3010 voter
->dir_port
= router_get_advertised_dir_port(options
, 0);
3011 voter
->or_port
= router_get_advertised_or_port(options
);
3012 voter
->contact
= tor_strdup(contact
);
3013 if (options
->V3AuthUseLegacyKey
) {
3014 authority_cert_t
*c
= get_my_v3_legacy_cert();
3016 if (crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
)) {
3017 log_warn(LD_BUG
, "Unable to compute digest of legacy v3 identity key");
3018 memset(voter
->legacy_id_digest
, 0, DIGEST_LEN
);
3023 v3_out
->voters
= smartlist_new();
3024 smartlist_add(v3_out
->voters
, voter
);
3025 v3_out
->cert
= authority_cert_dup(cert
);
3026 v3_out
->routerstatus_list
= routerstatuses
;
3027 /* Note: networkstatus_digest is unset; it won't get set until we actually
3028 * format the vote. */
3033 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3034 * pointers, adds copies of digests to fps_out, and doesn't use the
3035 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3036 * requests, adds identity digests.
3039 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
3040 const char **msg
, int for_unencrypted_conn
,
3046 if (!strcmp(key
, "all")) {
3047 routerlist_t
*rl
= router_get_routerlist();
3048 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3049 smartlist_add(fps_out
,
3050 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
3051 /* Treat "all" requests as if they were unencrypted */
3052 for_unencrypted_conn
= 1;
3053 } else if (!strcmp(key
, "authority")) {
3054 const routerinfo_t
*ri
= router_get_my_routerinfo();
3056 smartlist_add(fps_out
,
3057 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
3058 } else if (!strcmpstart(key
, "d/")) {
3060 key
+= strlen("d/");
3061 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3062 DSR_HEX
|DSR_SORT_UNIQ
);
3063 } else if (!strcmpstart(key
, "fp/")) {
3064 key
+= strlen("fp/");
3065 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3066 DSR_HEX
|DSR_SORT_UNIQ
);
3068 *msg
= "Key not recognized";
3072 if (for_unencrypted_conn
) {
3073 /* Remove anything that insists it not be sent unencrypted. */
3074 SMARTLIST_FOREACH_BEGIN(fps_out
, char *, cp
) {
3075 const signed_descriptor_t
*sd
;
3077 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
3078 else if (is_extrainfo
)
3079 sd
= extrainfo_get_by_descriptor_digest(cp
);
3081 sd
= router_get_by_descriptor_digest(cp
);
3082 if (sd
&& !sd
->send_unencrypted
) {
3084 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
3086 } SMARTLIST_FOREACH_END(cp
);
3089 if (!smartlist_len(fps_out
)) {
3090 *msg
= "Servers unavailable";
3096 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3097 * <b>key</b>. The key should be either
3098 * - "/tor/server/authority" for our own routerinfo;
3099 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3100 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3101 * hex identity digests; or
3102 * - "/tor/server/d/D" where D is a plus-separated sequence
3103 * of server descriptor digests, in hex.
3105 * Return 0 if we found some matching descriptors, or -1 if we do not
3106 * have any descriptors, no matching descriptors, or if we did not
3107 * recognize the key (URL).
3108 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3111 * XXXX rename this function. It's only called from the controller.
3112 * XXXX in fact, refactor this function, merging as much as possible.
3115 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3120 if (!strcmp(key
, "/tor/server/all")) {
3121 routerlist_t
*rl
= router_get_routerlist();
3122 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3123 smartlist_add(descs_out
, &(r
->cache_info
)));
3124 } else if (!strcmp(key
, "/tor/server/authority")) {
3125 const routerinfo_t
*ri
= router_get_my_routerinfo();
3127 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3128 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3129 smartlist_t
*digests
= smartlist_new();
3130 key
+= strlen("/tor/server/d/");
3131 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3132 DSR_HEX
|DSR_SORT_UNIQ
);
3133 SMARTLIST_FOREACH(digests
, const char *, d
,
3135 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3137 smartlist_add(descs_out
,sd
);
3139 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3140 smartlist_free(digests
);
3141 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3142 smartlist_t
*digests
= smartlist_new();
3143 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3144 key
+= strlen("/tor/server/fp/");
3145 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3146 DSR_HEX
|DSR_SORT_UNIQ
);
3147 SMARTLIST_FOREACH_BEGIN(digests
, const char *, d
) {
3148 if (router_digest_is_me(d
)) {
3149 /* make sure desc_routerinfo exists */
3150 const routerinfo_t
*ri
= router_get_my_routerinfo();
3152 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3154 const routerinfo_t
*ri
= router_get_by_id_digest(d
);
3155 /* Don't actually serve a descriptor that everyone will think is
3156 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3157 * Tors from downloading descriptors that they will throw away.
3159 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3160 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3162 } SMARTLIST_FOREACH_END(d
);
3163 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3164 smartlist_free(digests
);
3166 *msg
= "Key not recognized";
3170 if (!smartlist_len(descs_out
)) {
3171 *msg
= "Servers unavailable";
3177 /** Called when a TLS handshake has completed successfully with a
3178 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3179 * a certificate with digest <b>digest_rcvd</b>.
3181 * Inform the reachability checker that we could get to this guy.
3184 dirserv_orconn_tls_done(const tor_addr_t
*addr
,
3186 const char *digest_rcvd
)
3188 node_t
*node
= NULL
;
3189 tor_addr_port_t orport
;
3190 routerinfo_t
*ri
= NULL
;
3191 time_t now
= time(NULL
);
3193 tor_assert(digest_rcvd
);
3195 node
= node_get_mutable_by_id(digest_rcvd
);
3196 if (node
== NULL
|| node
->ri
== NULL
)
3200 tor_addr_copy(&orport
.addr
, addr
);
3201 orport
.port
= or_port
;
3202 if (router_has_orport(ri
, &orport
)) {
3203 /* Found the right router. */
3204 if (!authdir_mode_bridge(get_options()) ||
3205 ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3206 char addrstr
[TOR_ADDR_BUF_LEN
];
3207 /* This is a bridge or we're not a bridge authorititative --
3208 mark it as reachable. */
3209 log_info(LD_DIRSERV
, "Found router %s to be reachable at %s:%d. Yay.",
3210 router_describe(ri
),
3211 tor_addr_to_str(addrstr
, addr
, sizeof(addrstr
), 1),
3213 if (tor_addr_family(addr
) == AF_INET
) {
3214 rep_hist_note_router_reachable(digest_rcvd
, addr
, or_port
, now
);
3215 node
->last_reachable
= now
;
3216 } else if (tor_addr_family(addr
) == AF_INET6
) {
3217 /* No rephist for IPv6. */
3218 node
->last_reachable6
= now
;
3224 /** Called when we, as an authority, receive a new router descriptor either as
3225 * an upload or a download. Used to decide whether to relaunch reachability
3226 * testing for the server. */
3228 dirserv_should_launch_reachability_test(const routerinfo_t
*ri
,
3229 const routerinfo_t
*ri_old
)
3231 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3234 /* New router: Launch an immediate reachability test, so we will have an
3235 * opinion soon in case we're generating a consensus soon */
3238 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3239 /* It just came out of hibernation; launch a reachability test */
3242 if (! routers_have_same_or_addrs(ri
, ri_old
)) {
3243 /* Address or port changed; launch a reachability test */
3249 /** Helper function for dirserv_test_reachability(). Start a TLS
3250 * connection to <b>router</b>, and annotate it with when we started
3253 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3255 channel_t
*chan
= NULL
;
3256 node_t
*node
= NULL
;
3257 tor_addr_t router_addr
;
3261 node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
3265 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3266 router
->nickname
, fmt_addr32(router
->addr
), router
->or_port
);
3267 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3268 chan
= channel_tls_connect(&router_addr
, router
->or_port
,
3269 router
->cache_info
.identity_digest
);
3270 if (chan
) command_setup_channel(chan
);
3272 /* Possible IPv6. */
3273 if (get_options()->AuthDirHasIPv6Connectivity
== 1 &&
3274 !tor_addr_is_null(&router
->ipv6_addr
)) {
3275 char addrstr
[TOR_ADDR_BUF_LEN
];
3276 log_debug(LD_OR
, "Testing reachability of %s at %s:%u.",
3278 tor_addr_to_str(addrstr
, &router
->ipv6_addr
, sizeof(addrstr
), 1),
3279 router
->ipv6_orport
);
3280 chan
= channel_tls_connect(&router
->ipv6_addr
, router
->ipv6_orport
,
3281 router
->cache_info
.identity_digest
);
3282 if (chan
) command_setup_channel(chan
);
3286 /** Auth dir server only: load balance such that we only
3287 * try a few connections per call.
3289 * The load balancing is such that if we get called once every ten
3290 * seconds, we will cycle through all the tests in
3291 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3294 dirserv_test_reachability(time_t now
)
3296 /* XXX decide what to do here; see or-talk thread "purging old router
3297 * information, revocation." -NM
3298 * We can't afford to mess with this in 0.1.2.x. The reason is that
3299 * if we stop doing reachability tests on some of routerlist, then
3300 * we'll for-sure think they're down, which may have unexpected
3301 * effects in other parts of the code. It doesn't hurt much to do
3302 * the testing, and directory authorities are easy to upgrade. Let's
3303 * wait til 0.2.0. -RD */
3304 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3305 routerlist_t
*rl
= router_get_routerlist();
3306 static char ctr
= 0;
3307 int bridge_auth
= authdir_mode_bridge(get_options());
3309 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3310 const char *id_digest
= router
->cache_info
.identity_digest
;
3311 if (router_is_me(router
))
3313 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3314 continue; /* bridge authorities only test reachability on bridges */
3315 // if (router->cache_info.published_on > cutoff)
3317 if ((((uint8_t)id_digest
[0]) % REACHABILITY_MODULO_PER_TEST
) == ctr
) {
3318 dirserv_single_reachability_test(now
, router
);
3320 } SMARTLIST_FOREACH_END(router
);
3321 ctr
= (ctr
+ 1) % REACHABILITY_MODULO_PER_TEST
; /* increment ctr */
3324 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3325 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3326 * flavor name if we want a flavored v3 status, return a pointer to the
3327 * appropriate cached dir object, or NULL if there isn't one available. */
3328 static cached_dir_t
*
3329 lookup_cached_dir_by_fp(const char *fp
)
3331 cached_dir_t
*d
= NULL
;
3332 if (tor_digest_is_zero(fp
) && cached_consensuses
) {
3333 d
= strmap_get(cached_consensuses
, "ns");
3334 } else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
&&
3335 (d
= strmap_get(cached_consensuses
, fp
))) {
3336 /* this here interface is a nasty hack XXXX024 */;
3341 /** Remove from <b>fps</b> every networkstatus key where both
3342 * a) we have a networkstatus document and
3343 * b) it is not newer than <b>cutoff</b>.
3345 * Return 1 if any items were present at all; else return 0.
3348 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
3351 SMARTLIST_FOREACH_BEGIN(fps
, char *, digest
) {
3352 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
3356 if (d
->published
<= cutoff
) {
3358 SMARTLIST_DEL_CURRENT(fps
, digest
);
3360 } SMARTLIST_FOREACH_END(digest
);
3365 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3366 * its extra-info document if <b>extrainfo</b> is true. Return
3367 * NULL if not found or if the descriptor is older than
3368 * <b>publish_cutoff</b>. */
3369 static const signed_descriptor_t
*
3370 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
3371 time_t publish_cutoff
)
3373 if (router_digest_is_me(fp
)) {
3375 return &(router_get_my_extrainfo()->cache_info
);
3377 return &(router_get_my_routerinfo()->cache_info
);
3379 const routerinfo_t
*ri
= router_get_by_id_digest(fp
);
3381 ri
->cache_info
.published_on
> publish_cutoff
) {
3383 return extrainfo_get_by_descriptor_digest(
3384 ri
->cache_info
.extra_info_digest
);
3386 return &ri
->cache_info
;
3392 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3393 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3394 * decide whether to send a 404. */
3396 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
3398 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3399 SMARTLIST_FOREACH_BEGIN(fps
, const char *, fp
) {
3402 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3403 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
3405 case DIR_SPOOL_SERVER_BY_DIGEST
:
3406 if (router_get_by_descriptor_digest(fp
)) return 1;
3408 case DIR_SPOOL_EXTRA_BY_FP
:
3409 case DIR_SPOOL_SERVER_BY_FP
:
3410 if (get_signed_descriptor_by_fp(fp
,
3411 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3415 } SMARTLIST_FOREACH_END(fp
);
3419 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3420 * a microdescriptor we have. */
3422 dirserv_have_any_microdesc(const smartlist_t
*fps
)
3424 microdesc_cache_t
*cache
= get_microdesc_cache();
3425 SMARTLIST_FOREACH(fps
, const char *, fp
,
3426 if (microdesc_cache_lookup_by_digest256(cache
, fp
))
3431 /** Return an approximate estimate of the number of bytes that will
3432 * be needed to transmit the server descriptors (if is_serverdescs --
3433 * they can be either d/ or fp/ queries) or networkstatus objects (if
3434 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3435 * we guess how large the data will be after compression.
3437 * The return value is an estimate; it might be larger or smaller.
3440 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3445 if (is_serverdescs
) {
3446 int n
= smartlist_len(fps
);
3447 const routerinfo_t
*me
= router_get_my_routerinfo();
3448 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3450 result
/= 2; /* observed compressibility is between 35 and 55%. */
3453 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3454 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3456 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3462 /** Given a list of microdescriptor hashes, guess how many bytes will be
3463 * needed to transmit them, and return the guess. */
3465 dirserv_estimate_microdesc_size(const smartlist_t
*fps
, int compressed
)
3467 size_t result
= smartlist_len(fps
) * microdesc_average_size(NULL
);
3473 /** When we're spooling data onto our outbuf, add more whenever we dip
3474 * below this threshold. */
3475 #define DIRSERV_BUFFER_MIN 16384
3477 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3478 * Flushes any remaining data to be (un)compressed, and changes the spool
3479 * source to NONE. Returns 0 on success, negative on failure. */
3481 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3483 if (conn
->zlib_state
) {
3484 connection_write_to_buf_zlib("", 0, conn
, 1);
3485 tor_zlib_free(conn
->zlib_state
);
3486 conn
->zlib_state
= NULL
;
3488 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3492 /** Spooling helper: called when we're sending a bunch of server descriptors,
3493 * and the outbuf has become too empty. Pulls some entries from
3494 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3495 * run out of entries, flushes the zlib state and sets the spool source to
3496 * NONE. Returns 0 on success, negative on failure.
3499 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3501 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3502 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3503 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3504 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3505 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3507 const or_options_t
*options
= get_options();
3509 while (smartlist_len(conn
->fingerprint_stack
) &&
3510 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3512 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3513 const signed_descriptor_t
*sd
= NULL
;
3515 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3517 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3518 : router_get_by_descriptor_digest(fp
);
3523 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3524 /* we did this check once before (so we could have an accurate size
3525 * estimate and maybe send a 404 if somebody asked for only bridges on a
3526 * connection), but we need to do it again in case a previously
3527 * unknown bridge descriptor has shown up between then and now. */
3531 /** If we are the bridge authority and the descriptor is a bridge
3532 * descriptor, remember that we served this descriptor for desc stats. */
3533 if (options
->BridgeAuthoritativeDir
&& by_fp
) {
3534 const routerinfo_t
*router
=
3535 router_get_by_id_digest(sd
->identity_digest
);
3536 /* router can be NULL here when the bridge auth is asked for its own
3538 if (router
&& router
->purpose
== ROUTER_PURPOSE_BRIDGE
)
3539 rep_hist_note_desc_served(sd
->identity_digest
);
3541 body
= signed_descriptor_get_body(sd
);
3542 if (conn
->zlib_state
) {
3543 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3544 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3547 tor_zlib_free(conn
->zlib_state
);
3548 conn
->zlib_state
= NULL
;
3551 connection_write_to_buf(body
,
3552 sd
->signed_descriptor_len
,
3557 if (!smartlist_len(conn
->fingerprint_stack
)) {
3558 /* We just wrote the last one; finish up. */
3559 if (conn
->zlib_state
) {
3560 connection_write_to_buf_zlib("", 0, conn
, 1);
3561 tor_zlib_free(conn
->zlib_state
);
3562 conn
->zlib_state
= NULL
;
3564 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3565 smartlist_free(conn
->fingerprint_stack
);
3566 conn
->fingerprint_stack
= NULL
;
3571 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3572 * and the outbuf has become too empty. Pulls some entries from
3573 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3574 * we run out of entries, flushes the zlib state and sets the spool source to
3575 * NONE. Returns 0 on success, negative on failure.
3578 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t
*conn
)
3580 microdesc_cache_t
*cache
= get_microdesc_cache();
3581 while (smartlist_len(conn
->fingerprint_stack
) &&
3582 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3583 char *fp256
= smartlist_pop_last(conn
->fingerprint_stack
);
3584 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(cache
, fp256
);
3586 if (!md
|| !md
->body
)
3588 if (conn
->zlib_state
) {
3589 int last
= !smartlist_len(conn
->fingerprint_stack
);
3590 connection_write_to_buf_zlib(md
->body
, md
->bodylen
, conn
, last
);
3592 tor_zlib_free(conn
->zlib_state
);
3593 conn
->zlib_state
= NULL
;
3596 connection_write_to_buf(md
->body
, md
->bodylen
, TO_CONN(conn
));
3599 if (!smartlist_len(conn
->fingerprint_stack
)) {
3600 if (conn
->zlib_state
) {
3601 connection_write_to_buf_zlib("", 0, conn
, 1);
3602 tor_zlib_free(conn
->zlib_state
);
3603 conn
->zlib_state
= NULL
;
3605 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3606 smartlist_free(conn
->fingerprint_stack
);
3607 conn
->fingerprint_stack
= NULL
;
3612 /** Spooling helper: Called when we're sending a directory or networkstatus,
3613 * and the outbuf has become too empty. Pulls some bytes from
3614 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3615 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3616 * and sets the spool source to NONE. Returns 0 on success, negative on
3619 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3624 bytes
= DIRSERV_BUFFER_MIN
- connection_get_outbuf_len(TO_CONN(conn
));
3625 tor_assert(bytes
> 0);
3626 tor_assert(conn
->cached_dir
);
3629 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3630 if (bytes
> remaining
)
3631 bytes
= (ssize_t
) remaining
;
3633 if (conn
->zlib_state
) {
3634 connection_write_to_buf_zlib(
3635 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3636 bytes
, conn
, bytes
== remaining
);
3638 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3639 bytes
, TO_CONN(conn
));
3641 conn
->cached_dir_offset
+= bytes
;
3642 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3643 /* We just wrote the last one; finish up. */
3644 connection_dirserv_finish_spooling(conn
);
3645 cached_dir_decref(conn
->cached_dir
);
3646 conn
->cached_dir
= NULL
;
3651 /** Spooling helper: Called when we're spooling networkstatus objects on
3652 * <b>conn</b>, and the outbuf has become too empty. If the current
3653 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3654 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3655 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3656 * treated as a request for the current consensus.) If we run out of entries,
3657 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3658 * success, negative on failure. */
3660 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3663 while (connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3664 if (conn
->cached_dir
) {
3665 int uncompressing
= (conn
->zlib_state
!= NULL
);
3666 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3667 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3668 /* add_dir_bytes thinks we're done with the cached_dir. But we
3669 * may have more cached_dirs! */
3670 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3671 /* This bit is tricky. If we were uncompressing the last
3672 * networkstatus, we may need to make a new zlib object to
3673 * uncompress the next one. */
3674 if (uncompressing
&& ! conn
->zlib_state
&&
3675 conn
->fingerprint_stack
&&
3676 smartlist_len(conn
->fingerprint_stack
)) {
3677 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
, HIGH_COMPRESSION
);
3681 } else if (conn
->fingerprint_stack
&&
3682 smartlist_len(conn
->fingerprint_stack
)) {
3683 /* Add another networkstatus; start serving it. */
3684 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3685 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3689 conn
->cached_dir
= d
;
3690 conn
->cached_dir_offset
= 0;
3693 connection_dirserv_finish_spooling(conn
);
3694 smartlist_free(conn
->fingerprint_stack
);
3695 conn
->fingerprint_stack
= NULL
;
3702 /** Called whenever we have flushed some directory data in state
3703 * SERVER_WRITING. */
3705 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3707 tor_assert(conn
->base_
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3709 if (connection_get_outbuf_len(TO_CONN(conn
)) >= DIRSERV_BUFFER_MIN
)
3712 switch (conn
->dir_spool_src
) {
3713 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3714 case DIR_SPOOL_EXTRA_BY_FP
:
3715 case DIR_SPOOL_SERVER_BY_DIGEST
:
3716 case DIR_SPOOL_SERVER_BY_FP
:
3717 return connection_dirserv_add_servers_to_outbuf(conn
);
3718 case DIR_SPOOL_MICRODESC
:
3719 return connection_dirserv_add_microdescs_to_outbuf(conn
);
3720 case DIR_SPOOL_CACHED_DIR
:
3721 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3722 case DIR_SPOOL_NETWORKSTATUS
:
3723 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3724 case DIR_SPOOL_NONE
:
3730 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3735 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3737 PACKAGENAME = NONSPACE
3740 DIGESTS = DIGEST | DIGESTS SP DIGEST
3741 DIGEST = DIGESTTYPE "=" DIGESTVAL
3743 NONSPACE = one or more non-space printing characters
3745 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3752 validate_recommended_package_line(const char *line
)
3754 const char *cp
= line
;
3760 cp = strchr(cp, ' '); \
3765 WORD(); /* skip packagename */
3767 WORD(); /* skip version */
3769 WORD(); /* Skip URL */
3772 /* Skip digesttype=digestval + */
3775 const char *start_of_word
= cp
;
3776 const char *end_of_word
= strchr(cp
, ' ');
3778 end_of_word
= cp
+ strlen(cp
);
3780 if (start_of_word
== end_of_word
)
3783 const char *eq
= memchr(start_of_word
, '=', end_of_word
- start_of_word
);
3787 if (eq
== start_of_word
)
3789 if (eq
== end_of_word
- 1)
3791 if (memchr(eq
+1, '=', end_of_word
- (eq
+1)))
3795 if (0 == *end_of_word
)
3798 cp
= end_of_word
+ 1;
3801 /* If we reach this point, we have at least 1 entry. */
3802 tor_assert(n_entries
> 0);
3806 /** Release all storage used by the directory server. */
3808 dirserv_free_all(void)
3810 dirserv_free_fingerprint_list();
3812 strmap_free(cached_consensuses
, free_cached_dir_
);
3813 cached_consensuses
= NULL
;
3815 dirserv_clear_measured_bw_cache();