1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "confparse.h"
12 #include "channeltls.h"
14 #include "connection.h"
15 #include "connection_or.h"
17 #include "directory.h"
20 #include "hibernate.h"
23 #include "microdesc.h"
24 #include "networkstatus.h"
30 #include "routerlist.h"
31 #include "routerparse.h"
32 #include "routerset.h"
37 * \brief Directory server core implementation. Manages directory
38 * contents and generates directories.
40 * This module implements most of directory cache functionality, and some of
41 * the directory authority functionality. The directory.c module delegates
42 * here in order to handle incoming requests from clients, via
43 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
44 * module is reponsible for spooling directory objects (in whole or in part)
45 * onto buf_t instances, and then closing the dir_connection_t once the
46 * objects are totally flushed.
48 * The directory.c module also delegates here for handling descriptor uploads
49 * via dirserv_add_multiple_descriptors().
51 * Additionally, this module handles some aspects of voting, including:
52 * deciding how to vote on individual flags (based on decisions reached in
53 * rephist.c), of formatting routerstatus lines, and deciding what relays to
54 * include in an authority's vote. (TODO: Those functions could profitably be
55 * split off. They only live in this file because historically they were
56 * shared among the v1, v2, and v3 directory code.)
59 /** How far in the future do we allow a router to get? (seconds) */
60 #define ROUTER_ALLOW_SKEW (60*60*12)
61 /** How many seconds do we wait before regenerating the directory? */
62 #define DIR_REGEN_SLACK_TIME 30
63 /** If we're a cache, keep this many networkstatuses around from non-trusted
64 * directory authorities. */
65 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
67 /** Total number of routers with measured bandwidth; this is set by
68 * dirserv_count_measured_bws() before the loop in
69 * dirserv_generate_networkstatus_vote_obj() and checked by
70 * dirserv_get_credible_bandwidth() and
71 * dirserv_compute_performance_thresholds() */
72 static int routers_with_measured_bw
= 0;
74 static void directory_remove_invalid(void);
75 static char *format_versions_list(config_line_t
*ln
);
76 struct authdir_config_t
;
78 dirserv_get_status_impl(const char *fp
, const char *nickname
,
79 uint32_t addr
, uint16_t or_port
,
80 const char *platform
, const char **msg
,
82 static void clear_cached_dir(cached_dir_t
*d
);
83 static const signed_descriptor_t
*get_signed_descriptor_by_fp(
86 time_t publish_cutoff
);
87 static was_router_added_t
dirserv_add_extrainfo(extrainfo_t
*ei
,
89 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
);
90 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
);
92 /************** Fingerprint handling code ************/
94 /* 1 Historically used to indicate Named */
95 #define FP_INVALID 2 /**< Believed invalid. */
96 #define FP_REJECT 4 /**< We will not publish this router. */
97 /* 8 Historically used to avoid using this as a dir. */
98 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
99 /* 32 Historically used to indicade Unnamed */
101 /** Target of status_by_digest map. */
102 typedef uint32_t router_status_t
;
104 static void add_fingerprint_to_dir(const char *fp
,
105 struct authdir_config_t
*list
,
106 router_status_t add_status
);
108 /** List of nickname-\>identity fingerprint mappings for all the routers
109 * that we name. Used to prevent router impersonation. */
110 typedef struct authdir_config_t
{
111 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
112 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
115 /** Should be static; exposed for testing. */
116 static authdir_config_t
*fingerprint_list
= NULL
;
118 /** Allocate and return a new, empty, authdir_config_t. */
119 static authdir_config_t
*
120 authdir_config_new(void)
122 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
123 list
->fp_by_name
= strmap_new();
124 list
->status_by_digest
= digestmap_new();
128 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
129 * <b>list</b>, or-ing the currently set status flags with
133 add_fingerprint_to_dir(const char *fp
, authdir_config_t
*list
,
134 router_status_t add_status
)
138 router_status_t
*status
;
142 fingerprint
= tor_strdup(fp
);
143 tor_strstrip(fingerprint
, " ");
144 if (base16_decode(d
, DIGEST_LEN
,
145 fingerprint
, strlen(fingerprint
)) != DIGEST_LEN
) {
146 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
148 tor_free(fingerprint
);
152 status
= digestmap_get(list
->status_by_digest
, d
);
154 status
= tor_malloc_zero(sizeof(router_status_t
));
155 digestmap_set(list
->status_by_digest
, d
, status
);
158 tor_free(fingerprint
);
159 *status
|= add_status
;
163 /** Add the fingerprint for this OR to the global list of recognized
164 * identity key fingerprints. */
166 dirserv_add_own_fingerprint(crypto_pk_t
*pk
)
168 char fp
[FINGERPRINT_LEN
+1];
169 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
170 log_err(LD_BUG
, "Error computing fingerprint");
173 if (!fingerprint_list
)
174 fingerprint_list
= authdir_config_new();
175 add_fingerprint_to_dir(fp
, fingerprint_list
, 0);
179 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
180 * file. The file format is line-based, with each non-blank holding one
181 * nickname, some space, and a fingerprint for that nickname. On success,
182 * replace the current fingerprint list with the new list and return 0. On
183 * failure, leave the current fingerprint list untouched, and return -1. */
185 dirserv_load_fingerprint_file(void)
189 char *nickname
, *fingerprint
;
190 authdir_config_t
*fingerprint_list_new
;
192 config_line_t
*front
=NULL
, *list
;
194 fname
= get_datadir_fname("approved-routers");
196 "Reloading approved fingerprints from \"%s\"...", fname
);
198 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
200 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
206 result
= config_get_lines(cf
, &front
, 0);
209 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
213 fingerprint_list_new
= authdir_config_new();
215 for (list
=front
; list
; list
=list
->next
) {
216 char digest_tmp
[DIGEST_LEN
];
217 router_status_t add_status
= 0;
218 nickname
= list
->key
; fingerprint
= list
->value
;
219 tor_strstrip(fingerprint
, " "); /* remove spaces */
220 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
221 base16_decode(digest_tmp
, sizeof(digest_tmp
),
222 fingerprint
, HEX_DIGEST_LEN
) != sizeof(digest_tmp
)) {
223 log_notice(LD_CONFIG
,
224 "Invalid fingerprint (nickname '%s', "
225 "fingerprint %s). Skipping.",
226 nickname
, fingerprint
);
229 if (!strcasecmp(nickname
, "!reject")) {
230 add_status
= FP_REJECT
;
231 } else if (!strcasecmp(nickname
, "!badexit")) {
232 add_status
= FP_BADEXIT
;
233 } else if (!strcasecmp(nickname
, "!invalid")) {
234 add_status
= FP_INVALID
;
236 add_fingerprint_to_dir(fingerprint
, fingerprint_list_new
, add_status
);
239 config_free_lines(front
);
240 dirserv_free_fingerprint_list();
241 fingerprint_list
= fingerprint_list_new
;
242 /* Delete any routers whose fingerprints we no longer recognize */
243 directory_remove_invalid();
247 /* If this is set, then we don't allow routers that have advertised an Ed25519
248 * identity to stop doing so. This is going to be essential for good identity
249 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
250 * just sign fake descriptors missing the Ed25519 key. But we won't actually
251 * be able to prevent that kind of thing until we're confident that there
252 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
253 * to leave this #undef.
255 #undef DISABLE_DISABLING_ED25519
257 /** Check whether <b>router</b> has a nickname/identity key combination that
258 * we recognize from the fingerprint list, or an IP we automatically act on
259 * according to our configuration. Return the appropriate router status.
261 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
262 * *<b>msg</b> to an explanation of why. */
264 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
,
268 const int key_pinning
= get_options()->AuthDirPinKeys
;
270 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
271 log_warn(LD_BUG
,"Error computing fingerprint");
273 *msg
= "Bug: Error computing fingerprint";
277 /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
278 * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
279 * But just in case a relay doesn't provide or lies about its version, or
280 * doesn't include an ntor key in its descriptor, check that it exists,
281 * and is non-zero (clients check that it's non-zero before using it). */
282 if (!routerinfo_has_curve25519_onion_key(router
)) {
283 log_fn(severity
, LD_DIR
,
284 "Descriptor from router %s is missing an ntor curve25519 onion "
285 "key.", router_describe(router
));
287 *msg
= "Missing ntor curve25519 onion key. Please upgrade!";
291 if (router
->cache_info
.signing_key_cert
) {
292 /* This has an ed25519 identity key. */
293 if (KEYPIN_MISMATCH
==
294 keypin_check((const uint8_t*)router
->cache_info
.identity_digest
,
295 router
->cache_info
.signing_key_cert
->signing_key
.pubkey
)) {
296 log_fn(severity
, LD_DIR
,
297 "Descriptor from router %s has an Ed25519 key, "
298 "but the <rsa,ed25519> keys don't match what they were before.",
299 router_describe(router
));
302 *msg
= "Ed25519 identity key or RSA identity key has changed.";
309 if (KEYPIN_MISMATCH
== keypin_check_lone_rsa(
310 (const uint8_t*)router
->cache_info
.identity_digest
)) {
311 log_fn(severity
, LD_DIR
,
312 "Descriptor from router %s has no Ed25519 key, "
313 "when we previously knew an Ed25519 for it. Ignoring for now, "
314 "since Ed25519 keys are fairly new.",
315 router_describe(router
));
316 #ifdef DISABLE_DISABLING_ED25519
319 *msg
= "Ed25519 identity key has disappeared.";
327 return dirserv_get_status_impl(d
, router
->nickname
,
328 router
->addr
, router
->or_port
,
329 router
->platform
, msg
, severity
);
332 /** Return true if there is no point in downloading the router described by
333 * <b>rs</b> because this directory would reject it. */
335 dirserv_would_reject_router(const routerstatus_t
*rs
)
339 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
340 rs
->addr
, rs
->or_port
,
341 NULL
, NULL
, LOG_DEBUG
);
343 return (res
& FP_REJECT
) != 0;
346 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
347 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
348 * port and platform (logging only) as arguments.
350 * Log messages at 'severity'. (There's not much point in
351 * logging that we're rejecting servers we'll not download.)
354 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
355 uint32_t addr
, uint16_t or_port
,
356 const char *platform
, const char **msg
, int severity
)
359 router_status_t
*status_by_digest
;
361 if (!fingerprint_list
)
362 fingerprint_list
= authdir_config_new();
364 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
365 strmap_size(fingerprint_list
->fp_by_name
),
366 digestmap_size(fingerprint_list
->status_by_digest
));
369 tor_version_t ver_tmp
;
370 if (tor_version_parse_platform(platform
, &ver_tmp
, 1) < 0) {
372 *msg
= "Malformed platform string.";
378 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
379 * missing some important security fixes too. Disable them. */
380 if (platform
&& !tor_version_as_new_as(platform
,"0.2.4.18-rc")) {
382 *msg
= "Tor version is insecure or unsupported. Please upgrade!";
386 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
388 if (status_by_digest
)
389 result
|= *status_by_digest
;
391 if (result
& FP_REJECT
) {
393 *msg
= "Fingerprint is marked rejected -- please contact us?";
395 } else if (result
& FP_INVALID
) {
397 *msg
= "Fingerprint is marked invalid";
400 if (authdir_policy_badexit_address(addr
, or_port
)) {
401 log_fn(severity
, LD_DIRSERV
,
402 "Marking '%s' as bad exit because of address '%s'",
403 nickname
, fmt_addr32(addr
));
404 result
|= FP_BADEXIT
;
407 if (!authdir_policy_permits_address(addr
, or_port
)) {
408 log_fn(severity
, LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
409 nickname
, fmt_addr32(addr
));
411 *msg
= "Suspicious relay address range -- please contact us?";
414 if (!authdir_policy_valid_address(addr
, or_port
)) {
415 log_fn(severity
, LD_DIRSERV
,
416 "Not marking '%s' valid because of address '%s'",
417 nickname
, fmt_addr32(addr
));
418 result
|= FP_INVALID
;
424 /** Clear the current fingerprint list. */
426 dirserv_free_fingerprint_list(void)
428 if (!fingerprint_list
)
431 strmap_free(fingerprint_list
->fp_by_name
, tor_free_
);
432 digestmap_free(fingerprint_list
->status_by_digest
, tor_free_
);
433 tor_free(fingerprint_list
);
440 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
441 * unless we're configured to not care. Return 0 if all ok. */
443 dirserv_router_has_valid_address(routerinfo_t
*ri
)
446 if (get_options()->DirAllowPrivateAddresses
)
447 return 0; /* whatever it is, we're fine with it */
448 tor_addr_from_ipv4h(&addr
, ri
->addr
);
450 if (tor_addr_is_internal(&addr
, 0)) {
452 "Router %s published internal IP address. Refusing.",
453 router_describe(ri
));
454 return -1; /* it's a private IP, we should reject it */
459 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
460 * set its is_valid,running fields and return 0. Otherwise, return -1.
462 * If the router is rejected, set *<b>msg</b> to an explanation of why.
464 * If <b>complain</b> then explain at log-level 'notice' why we refused
465 * a descriptor; else explain at log-level 'info'.
468 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
469 int complain
, int *valid_out
)
471 /* Okay. Now check whether the fingerprint is recognized. */
473 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
474 uint32_t status
= dirserv_router_get_status(ri
, msg
, severity
);
476 if (status
& FP_REJECT
)
477 return -1; /* msg is already set. */
479 /* Is there too much clock skew? */
481 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
482 log_fn(severity
, LD_DIRSERV
, "Publication time for %s is too "
483 "far (%d minutes) in the future; possible clock skew. Not adding "
486 (int)((ri
->cache_info
.published_on
-now
)/60),
487 esc_router_info(ri
));
488 *msg
= "Rejected: Your clock is set too far in the future, or your "
489 "timezone is not correct.";
492 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
493 log_fn(severity
, LD_DIRSERV
,
494 "Publication time for %s is too far "
495 "(%d minutes) in the past. Not adding (%s)",
497 (int)((now
-ri
->cache_info
.published_on
)/60),
498 esc_router_info(ri
));
499 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
500 " or your timezone is not correct.";
503 if (dirserv_router_has_valid_address(ri
) < 0) {
504 log_fn(severity
, LD_DIRSERV
,
505 "Router %s has invalid address. Not adding (%s).",
507 esc_router_info(ri
));
508 *msg
= "Rejected: Address is a private address.";
512 *valid_out
= ! (status
& FP_INVALID
);
517 /** Update the relevant flags of <b>node</b> based on our opinion as a
518 * directory authority in <b>authstatus</b>, as returned by
519 * dirserv_router_get_status or equivalent. */
521 dirserv_set_node_flags_from_authoritative_status(node_t
*node
,
524 node
->is_valid
= (authstatus
& FP_INVALID
) ? 0 : 1;
525 node
->is_bad_exit
= (authstatus
& FP_BADEXIT
) ? 1 : 0;
528 /** True iff <b>a</b> is more severe than <b>b</b>. */
530 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
535 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
536 * returns the most severe error that occurred for any one of them. */
538 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
542 was_router_added_t r
, r_tmp
;
547 time_t now
= time(NULL
);
548 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
549 char time_buf
[ISO_TIME_LEN
+1];
550 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
553 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
555 format_iso_time(time_buf
, now
);
556 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
559 "%s%s%s", time_buf
, escaped(source
),
560 !general
? "@purpose " : "",
561 !general
? router_purpose_to_string(purpose
) : "",
562 !general
? "\n" : "")<0) {
563 *msg
= "Couldn't format annotations";
568 list
= smartlist_new();
569 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
570 annotation_buf
, NULL
)) {
571 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
573 tor_assert(ri
->purpose
== purpose
);
574 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
575 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
581 n_parsed
+= smartlist_len(list
);
582 smartlist_clear(list
);
585 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
587 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
590 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
591 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
597 n_parsed
+= smartlist_len(list
);
598 smartlist_free(list
);
602 *msg
= "No descriptors found in your POST.";
603 if (WRA_WAS_ADDED(r
))
604 r
= ROUTER_IS_ALREADY_KNOWN
;
606 *msg
= "(no message)";
613 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
614 * the list of server descriptors. Set *<b>msg</b> to a message that should be
615 * passed back to the origin of this descriptor, or NULL if there is no such
616 * message. Use <b>source</b> to produce better log messages.
618 * Return the status of the operation
620 * This function is only called when fresh descriptors are posted, not when
621 * we re-load the cache.
624 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
626 was_router_added_t r
;
627 routerinfo_t
*ri_old
;
628 char *desc
, *nickname
;
629 const size_t desclen
= ri
->cache_info
.signed_descriptor_len
+
630 ri
->cache_info
.annotations_len
;
631 const int key_pinning
= get_options()->AuthDirPinKeys
;
634 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
635 * network and it'll clog everything up. */
636 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
637 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
638 " (source: %s) with size %d. Either this is an attack, or the "
639 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
640 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
641 MAX_DESCRIPTOR_UPLOAD_SIZE
);
642 *msg
= "Router descriptor was too large.";
643 control_event_or_authdir_new_descriptor("REJECTED",
644 ri
->cache_info
.signed_descriptor_body
,
647 return ROUTER_AUTHDIR_REJECTS
;
650 /* Check whether this descriptor is semantically identical to the last one
651 * from this server. (We do this here and not in router_add_to_routerlist
652 * because we want to be able to accept the newest router descriptor that
653 * another authority has, so we all converge on the same one.) */
654 ri_old
= router_get_mutable_by_digest(ri
->cache_info
.identity_digest
);
655 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
656 && router_differences_are_cosmetic(ri_old
, ri
)
657 && !router_is_me(ri
)) {
659 "Not replacing descriptor from %s (source: %s); "
660 "differences are cosmetic.",
661 router_describe(ri
), source
);
662 *msg
= "Not replacing router descriptor; no information has changed since "
663 "the last one with this identity.";
664 control_event_or_authdir_new_descriptor("DROPPED",
665 ri
->cache_info
.signed_descriptor_body
,
668 return ROUTER_IS_ALREADY_KNOWN
;
671 /* Do keypinning again ... this time, to add the pin if appropriate */
673 if (ri
->cache_info
.signing_key_cert
) {
674 keypin_status
= keypin_check_and_add(
675 (const uint8_t*)ri
->cache_info
.identity_digest
,
676 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
679 keypin_status
= keypin_check_lone_rsa(
680 (const uint8_t*)ri
->cache_info
.identity_digest
);
681 #ifndef DISABLE_DISABLING_ED25519
682 if (keypin_status
== KEYPIN_MISMATCH
)
683 keypin_status
= KEYPIN_NOT_FOUND
;
686 if (keypin_status
== KEYPIN_MISMATCH
&& key_pinning
) {
687 log_info(LD_DIRSERV
, "Dropping descriptor from %s (source: %s) because "
688 "its key did not match an older RSA/Ed25519 keypair",
689 router_describe(ri
), source
);
690 *msg
= "Looks like your keypair does not match its older value.";
691 return ROUTER_AUTHDIR_REJECTS
;
694 /* Make a copy of desc, since router_add_to_routerlist might free
695 * ri and its associated signed_descriptor_t. */
696 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
697 nickname
= tor_strdup(ri
->nickname
);
699 /* Tell if we're about to need to launch a test if we add this. */
700 ri
->needs_retest_if_added
=
701 dirserv_should_launch_reachability_test(ri
, ri_old
);
703 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
704 if (!WRA_WAS_ADDED(r
)) {
705 /* unless the routerinfo was fine, just out-of-date */
706 if (WRA_WAS_REJECTED(r
))
707 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
709 "Did not add descriptor from '%s' (source: %s): %s.",
710 nickname
, source
, *msg
? *msg
: "(no message)");
712 smartlist_t
*changed
;
713 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
715 changed
= smartlist_new();
716 smartlist_add(changed
, ri
);
717 routerlist_descriptors_added(changed
, 0);
718 smartlist_free(changed
);
720 *msg
= "Descriptor accepted";
723 "Added descriptor from '%s' (source: %s): %s.",
724 nickname
, source
, *msg
);
731 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
732 static was_router_added_t
733 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
740 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
741 * can mess with some of the flags in ri->cache_info. */
742 ri
= router_get_mutable_by_digest(ei
->cache_info
.identity_digest
);
744 *msg
= "No corresponding router descriptor for extra-info descriptor";
746 return ROUTER_BAD_EI
;
749 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
750 * network and it'll clog everything up. */
751 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
752 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
753 "with size %d. Either this is an attack, or the "
754 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
755 (int)ei
->cache_info
.signed_descriptor_len
,
756 MAX_EXTRAINFO_UPLOAD_SIZE
);
757 *msg
= "Extrainfo document was too large";
759 return ROUTER_BAD_EI
;
762 if ((r
= routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
,
763 &ri
->cache_info
, msg
))) {
765 return r
< 0 ? ROUTER_IS_ALREADY_KNOWN
: ROUTER_BAD_EI
;
767 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
768 return ROUTER_ADDED_SUCCESSFULLY
;
771 /** Remove all descriptors whose nicknames or fingerprints no longer
772 * are allowed by our fingerprint list. (Descriptors that used to be
773 * good can become bad when we reload the fingerprint list.)
776 directory_remove_invalid(void)
778 routerlist_t
*rl
= router_get_routerlist();
779 smartlist_t
*nodes
= smartlist_new();
780 smartlist_add_all(nodes
, nodelist_get_list());
782 SMARTLIST_FOREACH_BEGIN(nodes
, node_t
*, node
) {
783 const char *msg
= NULL
;
784 routerinfo_t
*ent
= node
->ri
;
785 char description
[NODE_DESC_BUF_LEN
];
789 r
= dirserv_router_get_status(ent
, &msg
, LOG_INFO
);
790 router_get_description(description
, ent
);
792 log_info(LD_DIRSERV
, "Router %s is now rejected: %s",
793 description
, msg
?msg
:"");
794 routerlist_remove(rl
, ent
, 0, time(NULL
));
797 if (bool_neq((r
& FP_INVALID
), !node
->is_valid
)) {
798 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", description
,
799 (r
&FP_INVALID
) ? "in" : "");
800 node
->is_valid
= (r
&FP_INVALID
)?0:1;
802 if (bool_neq((r
& FP_BADEXIT
), node
->is_bad_exit
)) {
803 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", description
,
804 (r
& FP_BADEXIT
) ? "bad" : "good");
805 node
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
807 } SMARTLIST_FOREACH_END(node
);
809 routerlist_assert_ok(rl
);
810 smartlist_free(nodes
);
814 * Allocate and return a description of the status of the server <b>desc</b>,
815 * for use in a v1-style router-status line. The server is listed
816 * as running iff <b>is_live</b> is true.
819 list_single_server_status(const routerinfo_t
*desc
, int is_live
)
821 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
831 node
= node_get_by_id(desc
->cache_info
.identity_digest
);
832 if (node
&& node
->is_valid
) {
833 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
838 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
840 return tor_strdup(buf
);
843 /* DOCDOC running_long_enough_to_decide_unreachable */
845 running_long_enough_to_decide_unreachable(void)
847 return time_of_process_start
848 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
851 /** Each server needs to have passed a reachability test no more
852 * than this number of seconds ago, or it is listed as down in
854 #define REACHABLE_TIMEOUT (45*60)
856 /** If we tested a router and found it reachable _at least this long_ after it
857 * declared itself hibernating, it is probably done hibernating and we just
858 * missed a descriptor from it. */
859 #define HIBERNATION_PUBLICATION_SKEW (60*60)
861 /** Treat a router as alive if
862 * - It's me, and I'm not hibernating.
863 * or - We've found it reachable recently. */
865 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
867 /*XXXX This function is a mess. Separate out the part that calculates
868 whether it's reachable and the part that tells rephist that the router was
872 const or_options_t
*options
= get_options();
873 node_t
*node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
876 if (router_is_me(router
)) {
877 /* We always know if we are down ourselves. */
878 answer
= ! we_are_hibernating();
879 } else if (router
->is_hibernating
&&
880 (router
->cache_info
.published_on
+
881 HIBERNATION_PUBLICATION_SKEW
) > node
->last_reachable
) {
882 /* A hibernating router is down unless we (somehow) had contact with it
883 * since it declared itself to be hibernating. */
885 } else if (options
->AssumeReachable
) {
886 /* If AssumeReachable, everybody is up unless they say they are down! */
889 /* Otherwise, a router counts as up if we found all announced OR
890 ports reachable in the last REACHABLE_TIMEOUT seconds.
892 XXX prop186 For now there's always one IPv4 and at most one
895 If we're not on IPv6, don't consider reachability of potential
896 IPv6 OR port since that'd kill all dual stack relays until a
897 majority of the dir auths have IPv6 connectivity. */
898 answer
= (now
< node
->last_reachable
+ REACHABLE_TIMEOUT
&&
899 (options
->AuthDirHasIPv6Connectivity
!= 1 ||
900 tor_addr_is_null(&router
->ipv6_addr
) ||
901 now
< node
->last_reachable6
+ REACHABLE_TIMEOUT
));
904 if (!answer
&& running_long_enough_to_decide_unreachable()) {
905 /* Not considered reachable. tell rephist about that.
907 Because we launch a reachability test for each router every
908 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
909 been down since at least that time after we last successfully reached
915 if (node
->last_reachable
&&
916 node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
< now
)
917 when
= node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
;
918 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, when
);
921 node
->is_running
= answer
;
924 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
925 * contents of a v1-style router-status line, and store it in
926 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
928 * If for_controller is true, include the routers with very old descriptors.
931 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
934 /* List of entries in a router-status style: An optional !, then an optional
935 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
936 smartlist_t
*rs_entries
;
937 time_t now
= time(NULL
);
938 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
939 const or_options_t
*options
= get_options();
940 /* We include v2 dir auths here too, because they need to answer
941 * controllers. Eventually we'll deprecate this whole function;
942 * see also networkstatus_getinfo_by_purpose(). */
943 int authdir
= authdir_mode_publishes_statuses(options
);
944 tor_assert(router_status_out
);
946 rs_entries
= smartlist_new();
948 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
949 const node_t
*node
= node_get_by_id(ri
->cache_info
.identity_digest
);
952 /* Update router status in routerinfo_t. */
953 dirserv_set_router_is_running(ri
, now
);
955 if (for_controller
) {
956 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
958 if (!node
->is_running
)
960 router_get_verbose_nickname(cp
, ri
);
961 smartlist_add(rs_entries
, tor_strdup(name_buf
));
962 } else if (ri
->cache_info
.published_on
>= cutoff
) {
963 smartlist_add(rs_entries
, list_single_server_status(ri
,
966 } SMARTLIST_FOREACH_END(ri
);
968 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
970 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
971 smartlist_free(rs_entries
);
976 /** Given a (possibly empty) list of config_line_t, each line of which contains
977 * a list of comma-separated version numbers surrounded by optional space,
978 * allocate and return a new string containing the version numbers, in order,
979 * separated by commas. Used to generate Recommended(Client|Server)?Versions
982 format_versions_list(config_line_t
*ln
)
984 smartlist_t
*versions
;
986 versions
= smartlist_new();
987 for ( ; ln
; ln
= ln
->next
) {
988 smartlist_split_string(versions
, ln
->value
, ",",
989 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
991 sort_version_list(versions
, 1);
992 result
= smartlist_join_strings(versions
,",",0,NULL
);
993 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
994 smartlist_free(versions
);
998 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
999 * not hibernating, having observed bw greater 0, and not too old. Else
1003 router_is_active(const routerinfo_t
*ri
, const node_t
*node
, time_t now
)
1005 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1006 if (ri
->cache_info
.published_on
< cutoff
) {
1009 if (!node
->is_running
|| !node
->is_valid
|| ri
->is_hibernating
) {
1012 /* Only require bandwith capacity in non-test networks, or
1013 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
1014 if (!ri
->bandwidthcapacity
) {
1015 if (get_options()->TestingTorNetwork
) {
1016 if (get_options()->TestingMinExitFlagThreshold
> 0) {
1017 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
1018 * then require bandwidthcapacity */
1022 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
1029 /********************************************************************/
1031 /* A set of functions to answer questions about how we'd like to behave
1032 * as a directory mirror/client. */
1034 /** Return 1 if we fetch our directory material directly from the
1035 * authorities, rather than from a mirror. */
1037 directory_fetches_from_authorities(const or_options_t
*options
)
1039 const routerinfo_t
*me
;
1042 if (options
->FetchDirInfoEarly
)
1044 if (options
->BridgeRelay
== 1)
1046 if (server_mode(options
) &&
1047 router_pick_published_address(options
, &addr
, 1) < 0)
1048 return 1; /* we don't know our IP address; ask an authority. */
1049 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1050 should_refuse_unknown_exits(options
);
1051 if (!dir_server_mode(options
) && !refuseunknown
)
1053 if (!server_mode(options
) || !advertised_server_mode())
1055 me
= router_get_my_routerinfo();
1056 if (!me
|| (!me
->supports_tunnelled_dir_requests
&& !refuseunknown
))
1057 return 0; /* if we don't service directory requests, return 0 too */
1061 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1062 * on the "mirror" schedule rather than the "client" schedule.
1065 directory_fetches_dir_info_early(const or_options_t
*options
)
1067 return directory_fetches_from_authorities(options
);
1070 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1071 * on a very passive schedule -- waiting long enough for ordinary clients
1072 * to probably have the info we want. These would include bridge users,
1073 * and maybe others in the future e.g. if a Tor client uses another Tor
1074 * client as a directory guard.
1077 directory_fetches_dir_info_later(const or_options_t
*options
)
1079 return options
->UseBridges
!= 0;
1082 /** Return true iff we want to fetch and keep certificates for authorities
1083 * that we don't acknowledge as authorities ourself.
1086 directory_caches_unknown_auth_certs(const or_options_t
*options
)
1088 return dir_server_mode(options
) || options
->BridgeRelay
;
1091 /** Return 1 if we want to keep descriptors, networkstatuses, etc around.
1093 * Check options->DirPort_set and directory_permits_begindir_requests()
1094 * to see if we are willing to serve these directory documents to others via
1095 * the DirPort and begindir-over-ORPort, respectively.
1098 directory_caches_dir_info(const or_options_t
*options
)
1100 if (options
->BridgeRelay
|| dir_server_mode(options
))
1102 if (!server_mode(options
) || !advertised_server_mode())
1104 /* We need an up-to-date view of network info if we're going to try to
1105 * block exit attempts from unknown relays. */
1106 return ! router_my_exit_policy_is_reject_star() &&
1107 should_refuse_unknown_exits(options
);
1110 /** Return 1 if we want to allow remote people to ask us directory
1111 * requests via the "begin_dir" interface, which doesn't require
1112 * having any separate port open. */
1114 directory_permits_begindir_requests(const or_options_t
*options
)
1116 return options
->BridgeRelay
!= 0 || dir_server_mode(options
);
1119 /** Return 1 if we have no need to fetch new descriptors. This generally
1120 * happens when we're not a dir cache and we haven't built any circuits
1124 directory_too_idle_to_fetch_descriptors(const or_options_t
*options
,
1127 return !directory_caches_dir_info(options
) &&
1128 !options
->FetchUselessDescriptors
&&
1129 rep_hist_circbuilding_dormant(now
);
1132 /********************************************************************/
1134 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1135 * currently serving. */
1136 static strmap_t
*cached_consensuses
= NULL
;
1138 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1139 * any references. */
1141 cached_dir_decref(cached_dir_t
*d
)
1143 if (!d
|| --d
->refcnt
> 0)
1145 clear_cached_dir(d
);
1149 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1150 * published at <b>published</b>. */
1152 new_cached_dir(char *s
, time_t published
)
1154 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1157 d
->dir_len
= strlen(s
);
1158 d
->published
= published
;
1159 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1161 log_warn(LD_BUG
, "Error compressing directory");
1166 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1168 clear_cached_dir(cached_dir_t
*d
)
1172 memset(d
, 0, sizeof(cached_dir_t
));
1175 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1177 free_cached_dir_(void *_d
)
1183 d
= (cached_dir_t
*)_d
;
1184 cached_dir_decref(d
);
1187 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1188 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1189 * validation is performed. */
1191 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1192 const char *flavor_name
,
1193 const common_digests_t
*digests
,
1196 cached_dir_t
*new_networkstatus
;
1197 cached_dir_t
*old_networkstatus
;
1198 if (!cached_consensuses
)
1199 cached_consensuses
= strmap_new();
1201 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1202 memcpy(&new_networkstatus
->digests
, digests
, sizeof(common_digests_t
));
1203 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1205 if (old_networkstatus
)
1206 cached_dir_decref(old_networkstatus
);
1209 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1210 * optionally compressed format, suitable for sending to clients. */
1212 dirserv_get_consensus(const char *flavor_name
)
1214 if (!cached_consensuses
)
1216 return strmap_get(cached_consensuses
, flavor_name
);
1219 /** If a router's uptime is at least this value, then it is always
1220 * considered stable, regardless of the rest of the network. This
1221 * way we resist attacks where an attacker doubles the size of the
1222 * network using allegedly high-uptime nodes, displacing all the
1223 * current guards. */
1224 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1225 /** If a router's MTBF is at least this value, then it is always stable.
1226 * See above. (Corresponds to about 7 days for current decay rates.) */
1227 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1228 /** Similarly, every node with at least this much weighted time known can be
1229 * considered familiar enough to be a guard. Corresponds to about 20 days for
1230 * current decay rates.
1232 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1233 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1235 #define WFU_TO_GUARANTEE_GUARD (0.98)
1237 /* Thresholds for server performance: set by
1238 * dirserv_compute_performance_thresholds, and used by
1239 * generate_v2_networkstatus */
1241 /** Any router with an uptime of at least this value is stable. */
1242 static uint32_t stable_uptime
= 0; /* start at a safe value */
1243 /** Any router with an mtbf of at least this value is stable. */
1244 static double stable_mtbf
= 0.0;
1245 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1246 * than stable_uptime. */
1247 static int enough_mtbf_info
= 0;
1248 /** Any router with a weighted fractional uptime of at least this much might
1249 * be good as a guard. */
1250 static double guard_wfu
= 0.0;
1251 /** Don't call a router a guard unless we've known about it for at least this
1253 static long guard_tk
= 0;
1254 /** Any router with a bandwidth at least this high is "Fast" */
1255 static uint32_t fast_bandwidth_kb
= 0;
1256 /** If exits can be guards, then all guards must have a bandwidth this
1258 static uint32_t guard_bandwidth_including_exits_kb
= 0;
1259 /** If exits can't be guards, then all guards must have a bandwidth this
1261 static uint32_t guard_bandwidth_excluding_exits_kb
= 0;
1263 /** Helper: estimate the uptime of a router given its stated uptime and the
1264 * amount of time since it last stated its stated uptime. */
1266 real_uptime(const routerinfo_t
*router
, time_t now
)
1268 if (now
< router
->cache_info
.published_on
)
1269 return router
->uptime
;
1271 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1274 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1275 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1276 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1280 dirserv_thinks_router_is_unreliable(time_t now
,
1281 routerinfo_t
*router
,
1282 int need_uptime
, int need_capacity
)
1285 if (!enough_mtbf_info
) {
1286 /* XXXX We should change the rule from
1287 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1288 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1289 * hit a point where we need to reset a lot of authorities at once,
1290 * none of them would be in a position to declare Stable.
1292 long uptime
= real_uptime(router
, now
);
1293 if ((unsigned)uptime
< stable_uptime
&&
1294 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1298 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1299 if (mtbf
< stable_mtbf
&&
1300 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1304 if (need_capacity
) {
1305 uint32_t bw_kb
= dirserv_get_credible_bandwidth_kb(router
);
1306 if (bw_kb
< fast_bandwidth_kb
)
1312 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1314 * Right now this means it advertises support for it, it has a high uptime,
1315 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1316 * considered Running.
1318 * This function needs to be called after router-\>is_running has
1322 dirserv_thinks_router_is_hs_dir(const routerinfo_t
*router
,
1323 const node_t
*node
, time_t now
)
1328 /* If we haven't been running for at least
1329 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1330 * have accurate data telling us a relay has been up for at least
1331 * that long. We also want to allow a bit of slack: Reachability
1332 * tests aren't instant. If we haven't been running long enough,
1333 * trust the relay. */
1335 if (stats_n_seconds_working
>
1336 get_options()->MinUptimeHidServDirectoryV2
* 1.1)
1337 uptime
= MIN(rep_hist_get_uptime(router
->cache_info
.identity_digest
, now
),
1338 real_uptime(router
, now
));
1340 uptime
= real_uptime(router
, now
);
1342 return (router
->wants_to_be_hs_dir
&&
1343 router
->supports_tunnelled_dir_requests
&&
1344 node
->is_stable
&& node
->is_fast
&&
1345 uptime
>= get_options()->MinUptimeHidServDirectoryV2
&&
1346 router_is_active(router
, node
, now
));
1349 /** Don't consider routers with less bandwidth than this when computing
1351 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1353 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1354 * include a router in our calculations, and return true iff we should; the
1355 * require_mbw parameter is passed in by
1356 * dirserv_compute_performance_thresholds() and controls whether we ever
1357 * count routers with only advertised bandwidths */
1359 router_counts_toward_thresholds(const node_t
*node
, time_t now
,
1360 const digestmap_t
*omit_as_sybil
,
1363 /* Have measured bw? */
1365 dirserv_has_measured_bw(node
->identity
);
1366 uint64_t min_bw_kb
= ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB
;
1367 const or_options_t
*options
= get_options();
1369 if (options
->TestingTorNetwork
) {
1370 min_bw_kb
= (int64_t)options
->TestingMinExitFlagThreshold
/ 1000;
1373 return node
->ri
&& router_is_active(node
->ri
, node
, now
) &&
1374 !digestmap_get(omit_as_sybil
, node
->identity
) &&
1375 (dirserv_get_credible_bandwidth_kb(node
->ri
) >= min_bw_kb
) &&
1376 (have_mbw
|| !require_mbw
);
1379 /** Look through the routerlist, the Mean Time Between Failure history, and
1380 * the Weighted Fractional Uptime history, and use them to set thresholds for
1381 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1382 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1383 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1385 * Also, set the is_exit flag of each router appropriately. */
1387 dirserv_compute_performance_thresholds(digestmap_t
*omit_as_sybil
)
1389 int n_active
, n_active_nonexit
, n_familiar
;
1390 uint32_t *uptimes
, *bandwidths_kb
, *bandwidths_excluding_exits_kb
;
1392 double *mtbfs
, *wfus
;
1393 smartlist_t
*nodelist
;
1394 time_t now
= time(NULL
);
1395 const or_options_t
*options
= get_options();
1399 (routers_with_measured_bw
>
1400 options
->MinMeasuredBWsForAuthToIgnoreAdvertised
) ? 1 : 0;
1402 /* initialize these all here, in case there are no routers */
1405 fast_bandwidth_kb
= 0;
1406 guard_bandwidth_including_exits_kb
= 0;
1407 guard_bandwidth_excluding_exits_kb
= 0;
1411 nodelist_assert_ok();
1412 nodelist
= nodelist_get_list();
1414 /* Initialize arrays that will hold values for each router. We'll
1415 * sort them and use that to compute thresholds. */
1416 n_active
= n_active_nonexit
= 0;
1417 /* Uptime for every active router. */
1418 uptimes
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1419 /* Bandwidth for every active router. */
1420 bandwidths_kb
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1421 /* Bandwidth for every active non-exit router. */
1422 bandwidths_excluding_exits_kb
=
1423 tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1424 /* Weighted mean time between failure for each active router. */
1425 mtbfs
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1426 /* Time-known for each active router. */
1427 tks
= tor_calloc(smartlist_len(nodelist
), sizeof(long));
1428 /* Weighted fractional uptime for each active router. */
1429 wfus
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1431 /* Now, fill in the arrays. */
1432 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1433 if (options
->BridgeAuthoritativeDir
&&
1435 node
->ri
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
1437 if (router_counts_toward_thresholds(node
, now
, omit_as_sybil
,
1439 routerinfo_t
*ri
= node
->ri
;
1440 const char *id
= node
->identity
;
1442 /* resolve spurious clang shallow analysis null pointer errors */
1444 node
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1445 exit_policy_is_general_exit(ri
->exit_policy
));
1446 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1447 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1448 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1449 bandwidths_kb
[n_active
] = bw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
1450 if (!node
->is_exit
|| node
->is_bad_exit
) {
1451 bandwidths_excluding_exits_kb
[n_active_nonexit
] = bw_kb
;
1456 } SMARTLIST_FOREACH_END(node
);
1458 /* Now, compute thresholds. */
1460 /* The median uptime is stable. */
1461 stable_uptime
= median_uint32(uptimes
, n_active
);
1462 /* The median mtbf is stable, if we have enough mtbf info */
1463 stable_mtbf
= median_double(mtbfs
, n_active
);
1464 /* The 12.5th percentile bandwidth is fast. */
1465 fast_bandwidth_kb
= find_nth_uint32(bandwidths_kb
, n_active
, n_active
/8);
1466 /* (Now bandwidths is sorted.) */
1467 if (fast_bandwidth_kb
< RELAY_REQUIRED_MIN_BANDWIDTH
/(2 * 1000))
1468 fast_bandwidth_kb
= bandwidths_kb
[n_active
/4];
1469 guard_bandwidth_including_exits_kb
=
1470 third_quartile_uint32(bandwidths_kb
, n_active
);
1471 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1474 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1475 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1478 /* We can vote on a parameter for the minimum and maximum. */
1479 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1480 int32_t min_fast_kb
, max_fast_kb
, min_fast
, max_fast
;
1481 min_fast
= networkstatus_get_param(NULL
, "FastFlagMinThreshold",
1482 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1483 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1485 if (options
->TestingTorNetwork
) {
1486 min_fast
= (int32_t)options
->TestingMinFastFlagThreshold
;
1488 max_fast
= networkstatus_get_param(NULL
, "FastFlagMaxThreshold",
1489 INT32_MAX
, min_fast
, INT32_MAX
);
1490 min_fast_kb
= min_fast
/ 1000;
1491 max_fast_kb
= max_fast
/ 1000;
1493 if (fast_bandwidth_kb
< (uint32_t)min_fast_kb
)
1494 fast_bandwidth_kb
= min_fast_kb
;
1495 if (fast_bandwidth_kb
> (uint32_t)max_fast_kb
)
1496 fast_bandwidth_kb
= max_fast_kb
;
1498 /* Protect sufficiently fast nodes from being pushed out of the set
1500 if (options
->AuthDirFastGuarantee
&&
1501 fast_bandwidth_kb
> options
->AuthDirFastGuarantee
/1000)
1502 fast_bandwidth_kb
= (uint32_t)options
->AuthDirFastGuarantee
/1000;
1504 /* Now that we have a time-known that 7/8 routers are known longer than,
1505 * fill wfus with the wfu of every such "familiar" router. */
1508 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1509 if (router_counts_toward_thresholds(node
, now
,
1510 omit_as_sybil
, require_mbw
)) {
1511 routerinfo_t
*ri
= node
->ri
;
1512 const char *id
= ri
->cache_info
.identity_digest
;
1513 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1516 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1518 } SMARTLIST_FOREACH_END(node
);
1520 guard_wfu
= median_double(wfus
, n_familiar
);
1521 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1522 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1524 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1526 if (n_active_nonexit
) {
1527 guard_bandwidth_excluding_exits_kb
=
1528 find_nth_uint32(bandwidths_excluding_exits_kb
,
1529 n_active_nonexit
, n_active_nonexit
*3/4);
1532 log_info(LD_DIRSERV
,
1533 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1534 "For Fast: %lu kilobytes/sec. "
1535 "For Guard: WFU %.03f%%, time-known %lu sec, "
1536 "and bandwidth %lu or %lu kilobytes/sec. "
1537 "We%s have enough stability data.",
1538 (unsigned long)stable_uptime
,
1539 (unsigned long)stable_mtbf
,
1540 (unsigned long)fast_bandwidth_kb
,
1542 (unsigned long)guard_tk
,
1543 (unsigned long)guard_bandwidth_including_exits_kb
,
1544 (unsigned long)guard_bandwidth_excluding_exits_kb
,
1545 enough_mtbf_info
? "" : " don't");
1549 tor_free(bandwidths_kb
);
1550 tor_free(bandwidths_excluding_exits_kb
);
1555 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1556 * for the status flags, specifically for bridges.
1558 * This is only called by a Bridge Authority from
1559 * networkstatus_getinfo_by_purpose().
1562 dirserv_compute_bridge_flag_thresholds(void)
1564 digestmap_t
*omit_as_sybil
= digestmap_new();
1565 dirserv_compute_performance_thresholds(omit_as_sybil
);
1566 digestmap_free(omit_as_sybil
, NULL
);
1569 /** Measured bandwidth cache entry */
1570 typedef struct mbw_cache_entry_s
{
1573 } mbw_cache_entry_t
;
1575 /** Measured bandwidth cache - keys are identity_digests, values are
1576 * mbw_cache_entry_t *. */
1577 static digestmap_t
*mbw_cache
= NULL
;
1579 /** Store a measured bandwidth cache entry when reading the measured
1580 * bandwidths file. */
1582 dirserv_cache_measured_bw(const measured_bw_line_t
*parsed_line
,
1585 mbw_cache_entry_t
*e
= NULL
;
1587 tor_assert(parsed_line
);
1589 /* Allocate a cache if we need */
1590 if (!mbw_cache
) mbw_cache
= digestmap_new();
1592 /* Check if we have an existing entry */
1593 e
= digestmap_get(mbw_cache
, parsed_line
->node_id
);
1594 /* If we do, we can re-use it */
1596 /* Check that we really are newer, and update */
1597 if (as_of
> e
->as_of
) {
1598 e
->mbw_kb
= parsed_line
->bw_kb
;
1602 /* We'll have to insert a new entry */
1603 e
= tor_malloc(sizeof(*e
));
1604 e
->mbw_kb
= parsed_line
->bw_kb
;
1606 digestmap_set(mbw_cache
, parsed_line
->node_id
, e
);
1610 /** Clear and free the measured bandwidth cache */
1612 dirserv_clear_measured_bw_cache(void)
1615 /* Free the map and all entries */
1616 digestmap_free(mbw_cache
, tor_free_
);
1621 /** Scan the measured bandwidth cache and remove expired entries */
1623 dirserv_expire_measured_bw_cache(time_t now
)
1627 /* Iterate through the cache and check each entry */
1628 DIGESTMAP_FOREACH_MODIFY(mbw_cache
, k
, mbw_cache_entry_t
*, e
) {
1629 if (now
> e
->as_of
+ MAX_MEASUREMENT_AGE
) {
1633 } DIGESTMAP_FOREACH_END
;
1635 /* Check if we cleared the whole thing and free if so */
1636 if (digestmap_size(mbw_cache
) == 0) {
1637 digestmap_free(mbw_cache
, tor_free_
);
1643 /** Get the current size of the measured bandwidth cache */
1645 dirserv_get_measured_bw_cache_size(void)
1647 if (mbw_cache
) return digestmap_size(mbw_cache
);
1651 /** Query the cache by identity digest, return value indicates whether
1652 * we found it. The bw_out and as_of_out pointers receive the cached
1653 * bandwidth value and the time it was cached if not NULL. */
1655 dirserv_query_measured_bw_cache_kb(const char *node_id
, long *bw_kb_out
,
1658 mbw_cache_entry_t
*v
= NULL
;
1661 if (mbw_cache
&& node_id
) {
1662 v
= digestmap_get(mbw_cache
, node_id
);
1664 /* Found something */
1666 if (bw_kb_out
) *bw_kb_out
= v
->mbw_kb
;
1667 if (as_of_out
) *as_of_out
= v
->as_of
;
1674 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1676 dirserv_has_measured_bw(const char *node_id
)
1678 return dirserv_query_measured_bw_cache_kb(node_id
, NULL
, NULL
);
1681 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1682 * preferring measured to advertised values if available. */
1685 dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
)
1689 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1690 * signed) longs and the ones router_get_advertised_bandwidth() returns
1697 * * First try to see if we have a measured bandwidth; don't bother with
1698 * as_of_out here, on the theory that a stale measured bandwidth is still
1699 * better to trust than an advertised one.
1701 if (dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1704 bw_kb
= (uint32_t)mbw_kb
;
1706 /* If not, fall back to advertised */
1707 bw_kb
= router_get_advertised_bandwidth(ri
) / 1000;
1714 /** Look through the routerlist, and using the measured bandwidth cache count
1715 * how many measured bandwidths we know. This is used to decide whether we
1716 * ever trust advertised bandwidths for purposes of assigning flags. */
1718 dirserv_count_measured_bws(const smartlist_t
*routers
)
1720 /* Initialize this first */
1721 routers_with_measured_bw
= 0;
1723 /* Iterate over the routerlist and count measured bandwidths */
1724 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
1725 /* Check if we know a measured bandwidth for this one */
1726 if (dirserv_has_measured_bw(ri
->cache_info
.identity_digest
)) {
1727 ++routers_with_measured_bw
;
1729 } SMARTLIST_FOREACH_END(ri
);
1732 /** Return the bandwidth we believe for assigning flags; prefer measured
1733 * over advertised, and if we have above a threshold quantity of measured
1734 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1737 dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
)
1744 /* Check if we have a measured bandwidth, and check the threshold if not */
1745 if (!(dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1747 threshold
= get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1748 if (routers_with_measured_bw
> threshold
) {
1749 /* Return zero for unmeasured bandwidth if we are above threshold */
1752 /* Return an advertised bandwidth otherwise */
1753 bw_kb
= router_get_advertised_bandwidth_capped(ri
) / 1000;
1756 /* We have the measured bandwidth in mbw */
1757 bw_kb
= (uint32_t)mbw_kb
;
1763 /** Give a statement of our current performance thresholds for inclusion
1764 * in a vote document. */
1766 dirserv_get_flag_thresholds_line(void)
1769 const int measured_threshold
=
1770 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1771 const int enough_measured_bw
= routers_with_measured_bw
> measured_threshold
;
1773 tor_asprintf(&result
,
1774 "stable-uptime=%lu stable-mtbf=%lu "
1776 "guard-wfu=%.03f%% guard-tk=%lu "
1777 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1778 "enough-mtbf=%d ignoring-advertised-bws=%d",
1779 (unsigned long)stable_uptime
,
1780 (unsigned long)stable_mtbf
,
1781 (unsigned long)fast_bandwidth_kb
*1000,
1783 (unsigned long)guard_tk
,
1784 (unsigned long)guard_bandwidth_including_exits_kb
*1000,
1785 (unsigned long)guard_bandwidth_excluding_exits_kb
*1000,
1786 enough_mtbf_info
? 1 : 0,
1787 enough_measured_bw
? 1 : 0);
1792 /** Given a platform string as in a routerinfo_t (possibly null), return a
1793 * newly allocated version string for a networkstatus document, or NULL if the
1794 * platform doesn't give a Tor version. */
1796 version_from_platform(const char *platform
)
1798 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1799 const char *eos
= find_whitespace(platform
+4);
1800 if (eos
&& !strcmpstart(eos
, " (r")) {
1801 /* XXXX Unify this logic with the other version extraction
1802 * logic in routerparse.c. */
1803 eos
= find_whitespace(eos
+1);
1806 return tor_strndup(platform
, eos
-platform
);
1812 /** Helper: write the router-status information in <b>rs</b> into a newly
1813 * allocated character buffer. Use the same format as in network-status
1814 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1815 * Return 0 on success, -1 on failure.
1817 * The format argument has one of the following values:
1818 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1819 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1820 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1822 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1823 * it contains additional information for the vote.
1824 * NS_CONTROL_PORT - Output a NS document for the control port
1827 routerstatus_format_entry(const routerstatus_t
*rs
, const char *version
,
1828 const char *protocols
,
1829 routerstatus_format_type_t format
,
1830 const vote_routerstatus_t
*vrs
)
1833 char *result
= NULL
;
1835 char published
[ISO_TIME_LEN
+1];
1836 char identity64
[BASE64_DIGEST_LEN
+1];
1837 char digest64
[BASE64_DIGEST_LEN
+1];
1838 smartlist_t
*chunks
= smartlist_new();
1840 format_iso_time(published
, rs
->published_on
);
1841 digest_to_base64(identity64
, rs
->identity_digest
);
1842 digest_to_base64(digest64
, rs
->descriptor_digest
);
1844 smartlist_add_asprintf(chunks
,
1845 "r %s %s %s%s%s %s %d %d\n",
1848 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
1849 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
1851 fmt_addr32(rs
->addr
),
1855 /* TODO: Maybe we want to pass in what we need to build the rest of
1856 * this here, instead of in the caller. Then we could use the
1857 * networkstatus_type_t values, with an additional control port value
1860 /* V3 microdesc consensuses don't have "a" lines. */
1861 if (format
== NS_V3_CONSENSUS_MICRODESC
)
1864 /* Possible "a" line. At most one for now. */
1865 if (!tor_addr_is_null(&rs
->ipv6_addr
)) {
1866 smartlist_add_asprintf(chunks
, "a %s\n",
1867 fmt_addrport(&rs
->ipv6_addr
, rs
->ipv6_orport
));
1870 if (format
== NS_V3_CONSENSUS
)
1873 smartlist_add_asprintf(chunks
,
1874 "s%s%s%s%s%s%s%s%s%s%s\n",
1875 /* These must stay in alphabetical order. */
1876 rs
->is_authority
?" Authority":"",
1877 rs
->is_bad_exit
?" BadExit":"",
1878 rs
->is_exit
?" Exit":"",
1879 rs
->is_fast
?" Fast":"",
1880 rs
->is_possible_guard
?" Guard":"",
1881 rs
->is_hs_dir
?" HSDir":"",
1882 rs
->is_flagged_running
?" Running":"",
1883 rs
->is_stable
?" Stable":"",
1884 rs
->is_v2_dir
?" V2Dir":"",
1885 rs
->is_valid
?" Valid":"");
1887 /* length of "opt v \n" */
1888 #define V_LINE_OVERHEAD 7
1889 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
1890 smartlist_add_asprintf(chunks
, "v %s\n", version
);
1893 smartlist_add_asprintf(chunks
, "pr %s\n", protocols
);
1896 if (format
!= NS_V2
) {
1897 const routerinfo_t
* desc
= router_get_by_id_digest(rs
->identity_digest
);
1900 if (format
!= NS_CONTROL_PORT
) {
1901 /* Blow up more or less nicely if we didn't get anything or not the
1902 * thing we expected.
1905 char id
[HEX_DIGEST_LEN
+1];
1906 char dd
[HEX_DIGEST_LEN
+1];
1908 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1909 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
1910 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
1911 "(wanted descriptor %s).",
1916 /* This assert could fire for the control port, because
1917 * it can request NS documents before all descriptors
1918 * have been fetched. Therefore, we only do this test when
1919 * format != NS_CONTROL_PORT. */
1920 if (tor_memneq(desc
->cache_info
.signed_descriptor_digest
,
1921 rs
->descriptor_digest
,
1923 char rl_d
[HEX_DIGEST_LEN
+1];
1924 char rs_d
[HEX_DIGEST_LEN
+1];
1925 char id
[HEX_DIGEST_LEN
+1];
1927 base16_encode(rl_d
, sizeof(rl_d
),
1928 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
1929 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
1930 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1931 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
1932 "the one in routerstatus: %s vs %s "
1936 tor_assert(tor_memeq(desc
->cache_info
.signed_descriptor_digest
,
1937 rs
->descriptor_digest
,
1942 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
1943 bw_kb
= rs
->bandwidth_kb
;
1946 bw_kb
= router_get_advertised_bandwidth_capped(desc
) / 1000;
1948 smartlist_add_asprintf(chunks
,
1949 "w Bandwidth=%d", bw_kb
);
1951 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->has_measured_bw
) {
1952 smartlist_add_asprintf(chunks
,
1953 " Measured=%d", vrs
->measured_bw_kb
);
1955 /* Write down guardfraction information if we have it. */
1956 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->status
.has_guardfraction
) {
1957 smartlist_add_asprintf(chunks
,
1958 " GuardFraction=%d",
1959 vrs
->status
.guardfraction_percentage
);
1962 smartlist_add(chunks
, tor_strdup("\n"));
1965 summary
= policy_summarize(desc
->exit_policy
, AF_INET
);
1966 smartlist_add_asprintf(chunks
, "p %s\n", summary
);
1970 if (format
== NS_V3_VOTE
&& vrs
) {
1971 if (tor_mem_is_zero((char*)vrs
->ed25519_id
, ED25519_PUBKEY_LEN
)) {
1972 smartlist_add(chunks
, tor_strdup("id ed25519 none\n"));
1974 char ed_b64
[BASE64_DIGEST256_LEN
+1];
1975 digest256_to_base64(ed_b64
, (const char*)vrs
->ed25519_id
);
1976 smartlist_add_asprintf(chunks
, "id ed25519 %s\n", ed_b64
);
1982 result
= smartlist_join_strings(chunks
, "", 0, NULL
);
1985 SMARTLIST_FOREACH(chunks
, char *, cp
, tor_free(cp
));
1986 smartlist_free(chunks
);
1991 /** Helper for sorting: compares two routerinfos first by address, and then by
1992 * descending order of "usefulness". (An authority is more useful than a
1993 * non-authority; a running router is more useful than a non-running router;
1994 * and a router with more bandwidth is more useful than one with less.)
1997 compare_routerinfo_by_ip_and_bw_(const void **a
, const void **b
)
1999 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2000 int first_is_auth
, second_is_auth
;
2001 uint32_t bw_kb_first
, bw_kb_second
;
2002 const node_t
*node_first
, *node_second
;
2003 int first_is_running
, second_is_running
;
2005 /* we return -1 if first should appear before second... that is,
2006 * if first is a better router. */
2007 if (first
->addr
< second
->addr
)
2009 else if (first
->addr
> second
->addr
)
2012 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2013 * reality, we will almost never get here, since addresses will usually be
2017 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2019 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2021 if (first_is_auth
&& !second_is_auth
)
2023 else if (!first_is_auth
&& second_is_auth
)
2026 node_first
= node_get_by_id(first
->cache_info
.identity_digest
);
2027 node_second
= node_get_by_id(second
->cache_info
.identity_digest
);
2028 first_is_running
= node_first
&& node_first
->is_running
;
2029 second_is_running
= node_second
&& node_second
->is_running
;
2031 if (first_is_running
&& !second_is_running
)
2033 else if (!first_is_running
&& second_is_running
)
2036 bw_kb_first
= dirserv_get_bandwidth_for_router_kb(first
);
2037 bw_kb_second
= dirserv_get_bandwidth_for_router_kb(second
);
2039 if (bw_kb_first
> bw_kb_second
)
2041 else if (bw_kb_first
< bw_kb_second
)
2044 /* They're equal! Compare by identity digest, so there's a
2045 * deterministic order and we avoid flapping. */
2046 return fast_memcmp(first
->cache_info
.identity_digest
,
2047 second
->cache_info
.identity_digest
,
2051 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2052 * whose keys are the identity digests of those routers that we're going to
2053 * exclude for Sybil-like appearance. */
2054 static digestmap_t
*
2055 get_possible_sybil_list(const smartlist_t
*routers
)
2057 const or_options_t
*options
= get_options();
2058 digestmap_t
*omit_as_sybil
;
2059 smartlist_t
*routers_by_ip
= smartlist_new();
2062 /* Allow at most this number of Tor servers on a single IP address, ... */
2063 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2064 /* ... unless it's a directory authority, in which case allow more. */
2065 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2066 if (max_with_same_addr
<= 0)
2067 max_with_same_addr
= INT_MAX
;
2068 if (max_with_same_addr_on_authority
<= 0)
2069 max_with_same_addr_on_authority
= INT_MAX
;
2071 smartlist_add_all(routers_by_ip
, routers
);
2072 smartlist_sort(routers_by_ip
, compare_routerinfo_by_ip_and_bw_
);
2073 omit_as_sybil
= digestmap_new();
2077 SMARTLIST_FOREACH_BEGIN(routers_by_ip
, routerinfo_t
*, ri
) {
2078 if (last_addr
!= ri
->addr
) {
2079 last_addr
= ri
->addr
;
2081 } else if (++addr_count
> max_with_same_addr
) {
2082 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2083 addr_count
> max_with_same_addr_on_authority
)
2084 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2086 } SMARTLIST_FOREACH_END(ri
);
2088 smartlist_free(routers_by_ip
);
2089 return omit_as_sybil
;
2092 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2093 * remove the older one. If they are exactly the same age, remove the one
2094 * with the greater descriptor digest. May alter the order of the list. */
2096 routers_make_ed_keys_unique(smartlist_t
*routers
)
2099 digest256map_t
*by_ed_key
= digest256map_new();
2101 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2102 ri
->omit_from_vote
= 0;
2103 if (ri
->cache_info
.signing_key_cert
== NULL
)
2104 continue; /* No ed key */
2105 const uint8_t *pk
= ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
;
2106 if ((ri2
= digest256map_get(by_ed_key
, pk
))) {
2107 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2108 * one has the earlier published_on. */
2109 const time_t ri_pub
= ri
->cache_info
.published_on
;
2110 const time_t ri2_pub
= ri2
->cache_info
.published_on
;
2111 if (ri2_pub
< ri_pub
||
2112 (ri2_pub
== ri_pub
&&
2113 fast_memcmp(ri
->cache_info
.signed_descriptor_digest
,
2114 ri2
->cache_info
.signed_descriptor_digest
,DIGEST_LEN
)<0)) {
2115 digest256map_set(by_ed_key
, pk
, ri
);
2116 ri2
->omit_from_vote
= 1;
2118 ri
->omit_from_vote
= 1;
2122 digest256map_set(by_ed_key
, pk
, ri
);
2124 } SMARTLIST_FOREACH_END(ri
);
2126 digest256map_free(by_ed_key
, NULL
);
2128 /* Now remove every router where the omit_from_vote flag got set. */
2129 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
2130 if (ri
->omit_from_vote
) {
2131 SMARTLIST_DEL_CURRENT(routers
, ri
);
2133 } SMARTLIST_FOREACH_END(ri
);
2136 /** Extract status information from <b>ri</b> and from other authority
2137 * functions and store it in <b>rs</b>>.
2139 * We assume that ri-\>is_running has already been set, e.g. by
2140 * dirserv_set_router_is_running(ri, now);
2143 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2149 const or_options_t
*options
= get_options();
2150 uint32_t routerbw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
2152 memset(rs
, 0, sizeof(routerstatus_t
));
2155 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2157 /* Already set by compute_performance_thresholds. */
2158 rs
->is_exit
= node
->is_exit
;
2159 rs
->is_stable
= node
->is_stable
=
2160 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0);
2161 rs
->is_fast
= node
->is_fast
=
2162 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2163 rs
->is_flagged_running
= node
->is_running
; /* computed above */
2165 rs
->is_valid
= node
->is_valid
;
2167 if (node
->is_fast
&& node
->is_stable
&&
2168 ((options
->AuthDirGuardBWGuarantee
&&
2169 routerbw_kb
>= options
->AuthDirGuardBWGuarantee
/1000) ||
2170 routerbw_kb
>= MIN(guard_bandwidth_including_exits_kb
,
2171 guard_bandwidth_excluding_exits_kb
))) {
2172 long tk
= rep_hist_get_weighted_time_known(
2173 node
->identity
, now
);
2174 double wfu
= rep_hist_get_weighted_fractional_uptime(
2175 node
->identity
, now
);
2176 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2178 rs
->is_possible_guard
= 0;
2181 rs
->is_bad_exit
= listbadexits
&& node
->is_bad_exit
;
2182 rs
->is_hs_dir
= node
->is_hs_dir
=
2183 dirserv_thinks_router_is_hs_dir(ri
, node
, now
);
2185 rs
->is_named
= rs
->is_unnamed
= 0;
2187 rs
->published_on
= ri
->cache_info
.published_on
;
2188 memcpy(rs
->identity_digest
, node
->identity
, DIGEST_LEN
);
2189 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2191 rs
->addr
= ri
->addr
;
2192 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2193 rs
->or_port
= ri
->or_port
;
2194 rs
->dir_port
= ri
->dir_port
;
2195 rs
->is_v2_dir
= ri
->supports_tunnelled_dir_requests
;
2196 if (options
->AuthDirHasIPv6Connectivity
== 1 &&
2197 !tor_addr_is_null(&ri
->ipv6_addr
) &&
2198 node
->last_reachable6
>= now
- REACHABLE_TIMEOUT
) {
2199 /* We're configured as having IPv6 connectivity. There's an IPv6
2200 OR port and it's reachable so copy it to the routerstatus. */
2201 tor_addr_copy(&rs
->ipv6_addr
, &ri
->ipv6_addr
);
2202 rs
->ipv6_orport
= ri
->ipv6_orport
;
2205 if (options
->TestingTorNetwork
) {
2206 dirserv_set_routerstatus_testing(rs
);
2210 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2211 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2212 * respectively. But don't set the corresponding node flags.
2213 * Should only be called if TestingTorNetwork is set. */
2215 dirserv_set_routerstatus_testing(routerstatus_t
*rs
)
2217 const or_options_t
*options
= get_options();
2219 tor_assert(options
->TestingTorNetwork
);
2221 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteExit
,
2224 } else if (options
->TestingDirAuthVoteExitIsStrict
) {
2228 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteGuard
,
2230 rs
->is_possible_guard
= 1;
2231 } else if (options
->TestingDirAuthVoteGuardIsStrict
) {
2232 rs
->is_possible_guard
= 0;
2235 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteHSDir
,
2238 } else if (options
->TestingDirAuthVoteHSDirIsStrict
) {
2243 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2244 * too narrow an IP-space. Clear out its flags: we don't want people
2247 * Leave its BadExit flag alone though, since if we think it's a bad exit,
2248 * we want to vote that way in case all the other authorities are voting
2252 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2254 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2255 rs
->is_flagged_running
= rs
->is_named
= rs
->is_valid
=
2256 rs
->is_hs_dir
= rs
->is_v2_dir
= rs
->is_possible_guard
= 0;
2257 /* FFFF we might want some mechanism to check later on if we
2258 * missed zeroing any flags: it's easy to add a new flag but
2259 * forget to add it to this clause. */
2262 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2263 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2264 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2265 * information to it.
2267 * Return 1 if we applied the information and 0 if we couldn't find a
2270 * Requires that <b>vote_routerstatuses</b> be sorted.
2273 guardfraction_line_apply(const char *guard_id
,
2274 uint32_t guardfraction_percentage
,
2275 smartlist_t
*vote_routerstatuses
)
2277 vote_routerstatus_t
*vrs
= NULL
;
2279 tor_assert(vote_routerstatuses
);
2281 vrs
= smartlist_bsearch(vote_routerstatuses
, guard_id
,
2282 compare_digest_to_vote_routerstatus_entry
);
2288 vrs
->status
.has_guardfraction
= 1;
2289 vrs
->status
.guardfraction_percentage
= guardfraction_percentage
;
2294 /* Given a guard line from a guardfraction file, parse it and register
2295 * its information to <b>vote_routerstatuses</b>.
2298 * * 1 if the line was proper and its information got registered.
2299 * * 0 if the line was proper but no currently active guard was found
2300 * to register the guardfraction information to.
2301 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2302 newly allocated string containing the error message.
2305 guardfraction_file_parse_guard_line(const char *guard_line
,
2306 smartlist_t
*vote_routerstatuses
,
2309 char guard_id
[DIGEST_LEN
];
2310 uint32_t guardfraction
;
2311 char *inputs_tmp
= NULL
;
2314 smartlist_t
*sl
= smartlist_new();
2317 tor_assert(err_msg
);
2319 /* guard_line should contain something like this:
2320 <hex digest> <guardfraction> <appearances> */
2321 smartlist_split_string(sl
, guard_line
, " ",
2322 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2323 if (smartlist_len(sl
) < 3) {
2324 tor_asprintf(err_msg
, "bad line '%s'", guard_line
);
2328 inputs_tmp
= smartlist_get(sl
, 0);
2329 if (strlen(inputs_tmp
) != HEX_DIGEST_LEN
||
2330 base16_decode(guard_id
, DIGEST_LEN
,
2331 inputs_tmp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2332 tor_asprintf(err_msg
, "bad digest '%s'", inputs_tmp
);
2336 inputs_tmp
= smartlist_get(sl
, 1);
2337 /* Guardfraction is an integer in [0, 100]. */
2339 (uint32_t) tor_parse_long(inputs_tmp
, 10, 0, 100, &num_ok
, NULL
);
2341 tor_asprintf(err_msg
, "wrong percentage '%s'", inputs_tmp
);
2345 /* If routerstatuses were provided, apply this info to actual routers. */
2346 if (vote_routerstatuses
) {
2347 retval
= guardfraction_line_apply(guard_id
, guardfraction
,
2348 vote_routerstatuses
);
2350 retval
= 0; /* If we got this far, line was correctly formatted. */
2355 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2361 /** Given an inputs line from a guardfraction file, parse it and
2362 * register its information to <b>total_consensuses</b> and
2363 * <b>total_days</b>.
2365 * Return 0 if it parsed well. Return -1 if there was an error, and
2366 * set <b>err_msg</b> to a newly allocated string containing the
2370 guardfraction_file_parse_inputs_line(const char *inputs_line
,
2371 int *total_consensuses
,
2376 char *inputs_tmp
= NULL
;
2378 smartlist_t
*sl
= smartlist_new();
2380 tor_assert(err_msg
);
2382 /* Second line is inputs information:
2383 * n-inputs <total_consensuses> <total_days>. */
2384 smartlist_split_string(sl
, inputs_line
, " ",
2385 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2386 if (smartlist_len(sl
) < 2) {
2387 tor_asprintf(err_msg
, "incomplete line '%s'", inputs_line
);
2391 inputs_tmp
= smartlist_get(sl
, 0);
2392 *total_consensuses
=
2393 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2395 tor_asprintf(err_msg
, "unparseable consensus '%s'", inputs_tmp
);
2399 inputs_tmp
= smartlist_get(sl
, 1);
2401 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2403 tor_asprintf(err_msg
, "unparseable days '%s'", inputs_tmp
);
2410 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2416 /* Maximum age of a guardfraction file that we are willing to accept. */
2417 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2419 /** Static strings of guardfraction files. */
2420 #define GUARDFRACTION_DATE_STR "written-at"
2421 #define GUARDFRACTION_INPUTS "n-inputs"
2422 #define GUARDFRACTION_GUARD "guard-seen"
2423 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2425 /** Given a guardfraction file in a string, parse it and register the
2426 * guardfraction information to the provided vote routerstatuses.
2428 * This is the rough format of the guardfraction file:
2430 * guardfraction-file-version 1
2431 * written-at <date and time>
2432 * n-inputs <number of consesuses parsed> <number of days considered>
2434 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2435 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2436 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2437 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2438 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2441 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2442 * should tolerate errors in all lines but the written-at header.
2445 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str
,
2446 smartlist_t
*vote_routerstatuses
)
2448 config_line_t
*front
=NULL
, *line
;
2451 int current_line_n
= 0; /* line counter for better log messages */
2453 /* Guardfraction info to be parsed */
2454 int total_consensuses
= 0;
2458 int guards_read_n
= 0;
2459 int guards_applied_n
= 0;
2461 /* Parse file and split it in lines */
2462 ret_tmp
= config_get_lines(guardfraction_file_str
, &front
, 0);
2464 log_warn(LD_CONFIG
, "Error reading from guardfraction file");
2468 /* Sort routerstatuses (needed later when applying guardfraction info) */
2469 if (vote_routerstatuses
)
2470 smartlist_sort(vote_routerstatuses
, compare_vote_routerstatus_entries
);
2472 for (line
= front
; line
; line
=line
->next
) {
2475 if (!strcmp(line
->key
, GUARDFRACTION_VERSION
)) {
2477 unsigned int version
;
2480 (unsigned int) tor_parse_long(line
->value
,
2481 10, 0, INT_MAX
, &num_ok
, NULL
);
2483 if (!num_ok
|| version
!= 1) {
2484 log_warn(LD_GENERAL
, "Got unknown guardfraction version %d.", version
);
2487 } else if (!strcmp(line
->key
, GUARDFRACTION_DATE_STR
)) {
2488 time_t file_written_at
;
2489 time_t now
= time(NULL
);
2491 /* First line is 'written-at <date>' */
2492 if (parse_iso_time(line
->value
, &file_written_at
) < 0) {
2493 log_warn(LD_CONFIG
, "Guardfraction:%d: Bad date '%s'. Ignoring",
2494 current_line_n
, line
->value
);
2495 goto done
; /* don't tolerate failure here. */
2497 if (file_written_at
< now
- MAX_GUARDFRACTION_FILE_AGE
) {
2498 log_warn(LD_CONFIG
, "Guardfraction:%d: was written very long ago '%s'",
2499 current_line_n
, line
->value
);
2500 goto done
; /* don't tolerate failure here. */
2502 } else if (!strcmp(line
->key
, GUARDFRACTION_INPUTS
)) {
2503 char *err_msg
= NULL
;
2505 if (guardfraction_file_parse_inputs_line(line
->value
,
2509 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2510 current_line_n
, err_msg
);
2515 } else if (!strcmp(line
->key
, GUARDFRACTION_GUARD
)) {
2516 char *err_msg
= NULL
;
2518 ret_tmp
= guardfraction_file_parse_guard_line(line
->value
,
2519 vote_routerstatuses
,
2521 if (ret_tmp
< 0) { /* failed while parsing the guard line */
2522 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2523 current_line_n
, err_msg
);
2528 /* Successfully parsed guard line. Check if it was applied properly. */
2534 log_warn(LD_CONFIG
, "Unknown guardfraction line %d (%s %s)",
2535 current_line_n
, line
->key
, line
->value
);
2542 "Successfully parsed guardfraction file with %d consensuses over "
2543 "%d days. Parsed %d nodes and applied %d of them%s.",
2544 total_consensuses
, total_days
, guards_read_n
, guards_applied_n
,
2545 vote_routerstatuses
? "" : " (no routerstatus provided)" );
2548 config_free_lines(front
);
2553 return guards_read_n
;
2557 /** Read a guardfraction file at <b>fname</b> and load all its
2558 * information to <b>vote_routerstatuses</b>. */
2560 dirserv_read_guardfraction_file(const char *fname
,
2561 smartlist_t
*vote_routerstatuses
)
2563 char *guardfraction_file_str
;
2565 /* Read file to a string */
2566 guardfraction_file_str
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
2567 if (!guardfraction_file_str
) {
2568 log_warn(LD_FS
, "Cannot open guardfraction file '%s'. Failing.", fname
);
2572 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str
,
2573 vote_routerstatuses
);
2577 * Helper function to parse out a line in the measured bandwidth file
2578 * into a measured_bw_line_t output structure. Returns -1 on failure
2582 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2584 char *line
= tor_strdup(orig_line
);
2587 int got_node_id
= 0;
2588 char *strtok_state
; /* lame sauce d'jour */
2589 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2592 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2593 escaped(orig_line
));
2598 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2599 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2600 escaped(orig_line
));
2606 if (strcmpstart(cp
, "bw=") == 0) {
2610 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2611 escaped(orig_line
));
2617 out
->bw_kb
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2618 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2619 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2620 escaped(orig_line
));
2625 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2627 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2628 escaped(orig_line
));
2632 cp
+=strlen("node_id=$");
2634 if (strlen(cp
) != HEX_DIGEST_LEN
||
2635 base16_decode(out
->node_id
, DIGEST_LEN
,
2636 cp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2637 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2638 escaped(orig_line
));
2642 strlcpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2645 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2647 if (got_bw
&& got_node_id
) {
2651 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2652 escaped(orig_line
));
2659 * Helper function to apply a parsed measurement line to a list
2660 * of bandwidth statuses. Returns true if a line is found,
2664 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2665 smartlist_t
*routerstatuses
)
2667 vote_routerstatus_t
*rs
= NULL
;
2668 if (!routerstatuses
)
2671 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2672 compare_digest_to_vote_routerstatus_entry
);
2675 rs
->has_measured_bw
= 1;
2676 rs
->measured_bw_kb
= (uint32_t)parsed_line
->bw_kb
;
2678 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2679 parsed_line
->node_hex
);
2686 * Read the measured bandwidth file and apply it to the list of
2687 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2690 dirserv_read_measured_bandwidths(const char *from_file
,
2691 smartlist_t
*routerstatuses
)
2694 FILE *fp
= tor_fopen_cloexec(from_file
, "r");
2695 int applied_lines
= 0;
2696 time_t file_time
, now
;
2700 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2705 if (!fgets(line
, sizeof(line
), fp
)
2706 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2707 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2713 line
[strlen(line
)-1] = '\0';
2714 file_time
= (time_t)tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2716 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2723 if ((now
- file_time
) > MAX_MEASUREMENT_AGE
) {
2724 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2725 (unsigned)(time(NULL
) - file_time
));
2731 smartlist_sort(routerstatuses
, compare_vote_routerstatus_entries
);
2734 measured_bw_line_t parsed_line
;
2735 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2736 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2737 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2738 dirserv_cache_measured_bw(&parsed_line
, file_time
);
2739 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2745 /* Now would be a nice time to clean the cache, too */
2746 dirserv_expire_measured_bw_cache(now
);
2749 log_info(LD_DIRSERV
,
2750 "Bandwidth measurement file successfully read. "
2751 "Applied %d measurements.", applied_lines
);
2755 /** Return a new networkstatus_t* containing our current opinion. (For v3
2758 dirserv_generate_networkstatus_vote_obj(crypto_pk_t
*private_key
,
2759 authority_cert_t
*cert
)
2761 const or_options_t
*options
= get_options();
2762 networkstatus_t
*v3_out
= NULL
;
2764 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2765 const char *contact
;
2766 smartlist_t
*routers
, *routerstatuses
;
2767 char identity_digest
[DIGEST_LEN
];
2768 char signing_key_digest
[DIGEST_LEN
];
2769 int listbadexits
= options
->AuthDirListBadExits
;
2770 routerlist_t
*rl
= router_get_routerlist();
2771 time_t now
= time(NULL
);
2772 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2773 networkstatus_voter_info_t
*voter
= NULL
;
2774 vote_timing_t timing
;
2775 digestmap_t
*omit_as_sybil
= NULL
;
2776 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2777 smartlist_t
*microdescriptors
= NULL
;
2779 tor_assert(private_key
);
2782 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2783 log_err(LD_BUG
, "Error computing signing key digest");
2786 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2787 log_err(LD_BUG
, "Error computing identity key digest");
2790 if (resolve_my_address(LOG_WARN
, options
, &addr
, NULL
, &hostname
)<0) {
2791 log_warn(LD_NET
, "Couldn't resolve my hostname");
2794 if (!hostname
|| !strchr(hostname
, '.')) {
2796 hostname
= tor_dup_ip(addr
);
2799 if (options
->VersioningAuthoritativeDir
) {
2800 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2801 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2804 contact
= get_options()->ContactInfo
;
2809 * Do this so dirserv_compute_performance_thresholds() and
2810 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2812 if (options
->V3BandwidthsFile
) {
2813 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
, NULL
);
2816 * No bandwidths file; clear the measured bandwidth cache in case we had
2817 * one last time around.
2819 if (dirserv_get_measured_bw_cache_size() > 0) {
2820 dirserv_clear_measured_bw_cache();
2824 /* precompute this part, since we need it to decide what "stable"
2826 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2827 dirserv_set_router_is_running(ri
, now
);
2830 routers
= smartlist_new();
2831 smartlist_add_all(routers
, rl
->routers
);
2832 routers_make_ed_keys_unique(routers
);
2833 /* After this point, don't use rl->routers; use 'routers' instead. */
2834 routers_sort_by_identity(routers
);
2835 omit_as_sybil
= get_possible_sybil_list(routers
);
2837 DIGESTMAP_FOREACH(omit_as_sybil
, sybil_id
, void *, ignore
) {
2839 rep_hist_make_router_pessimal(sybil_id
, now
);
2840 } DIGESTMAP_FOREACH_END
;
2842 /* Count how many have measured bandwidths so we know how to assign flags;
2843 * this must come before dirserv_compute_performance_thresholds() */
2844 dirserv_count_measured_bws(routers
);
2846 dirserv_compute_performance_thresholds(omit_as_sybil
);
2848 routerstatuses
= smartlist_new();
2849 microdescriptors
= smartlist_new();
2851 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2852 if (ri
->cache_info
.published_on
>= cutoff
) {
2854 vote_routerstatus_t
*vrs
;
2855 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2859 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2861 set_routerstatus_from_routerinfo(rs
, node
, ri
, now
,
2864 if (ri
->cache_info
.signing_key_cert
) {
2865 memcpy(vrs
->ed25519_id
,
2866 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
2867 ED25519_PUBKEY_LEN
);
2870 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2871 clear_status_flags_on_sybil(rs
);
2873 if (!vote_on_reachability
)
2874 rs
->is_flagged_running
= 0;
2876 vrs
->version
= version_from_platform(ri
->platform
);
2877 if (ri
->protocol_list
) {
2878 vrs
->protocols
= tor_strdup(ri
->protocol_list
);
2880 vrs
->protocols
= tor_strdup(
2881 protover_compute_for_old_tor(vrs
->version
));
2883 vrs
->microdesc
= dirvote_format_all_microdesc_vote_lines(ri
, now
,
2886 smartlist_add(routerstatuses
, vrs
);
2888 } SMARTLIST_FOREACH_END(ri
);
2891 smartlist_t
*added
=
2892 microdescs_add_list_to_cache(get_microdesc_cache(),
2893 microdescriptors
, SAVED_NOWHERE
, 0);
2894 smartlist_free(added
);
2895 smartlist_free(microdescriptors
);
2898 smartlist_free(routers
);
2899 digestmap_free(omit_as_sybil
, NULL
);
2901 /* Apply guardfraction information to routerstatuses. */
2902 if (options
->GuardfractionFile
) {
2903 dirserv_read_guardfraction_file(options
->GuardfractionFile
,
2907 /* This pass through applies the measured bw lines to the routerstatuses */
2908 if (options
->V3BandwidthsFile
) {
2909 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2913 * No bandwidths file; clear the measured bandwidth cache in case we had
2914 * one last time around.
2916 if (dirserv_get_measured_bw_cache_size() > 0) {
2917 dirserv_clear_measured_bw_cache();
2921 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2923 v3_out
->type
= NS_TYPE_VOTE
;
2924 dirvote_get_preferred_voting_intervals(&timing
);
2925 v3_out
->published
= now
;
2927 char tbuf
[ISO_TIME_LEN
+1];
2928 networkstatus_t
*current_consensus
=
2929 networkstatus_get_live_consensus(now
);
2930 long last_consensus_interval
; /* only used to pick a valid_after */
2931 if (current_consensus
)
2932 last_consensus_interval
= current_consensus
->fresh_until
-
2933 current_consensus
->valid_after
;
2935 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2936 v3_out
->valid_after
=
2937 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
,
2938 options
->TestingV3AuthVotingStartOffset
);
2939 format_iso_time(tbuf
, v3_out
->valid_after
);
2940 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2941 "consensus_set=%d, last_interval=%d",
2942 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2944 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2945 v3_out
->valid_until
= v3_out
->valid_after
+
2946 (timing
.vote_interval
* timing
.n_intervals_valid
);
2947 v3_out
->vote_seconds
= timing
.vote_delay
;
2948 v3_out
->dist_seconds
= timing
.dist_delay
;
2949 tor_assert(v3_out
->vote_seconds
> 0);
2950 tor_assert(v3_out
->dist_seconds
> 0);
2951 tor_assert(timing
.n_intervals_valid
> 0);
2953 v3_out
->client_versions
= client_versions
;
2954 v3_out
->server_versions
= server_versions
;
2956 /* These are hardwired, to avoid disaster. */
2957 v3_out
->recommended_relay_protocols
=
2958 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
2959 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
2960 v3_out
->recommended_client_protocols
=
2961 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
2962 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
2963 v3_out
->required_client_protocols
=
2964 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
2965 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
2966 v3_out
->required_relay_protocols
=
2967 tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
2968 "Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
2970 /* We are not allowed to vote to require anything we don't have. */
2971 tor_assert(protover_all_supported(v3_out
->required_relay_protocols
, NULL
));
2972 tor_assert(protover_all_supported(v3_out
->required_client_protocols
, NULL
));
2974 /* We should not recommend anything we don't have. */
2975 tor_assert_nonfatal(protover_all_supported(
2976 v3_out
->recommended_relay_protocols
, NULL
));
2977 tor_assert_nonfatal(protover_all_supported(
2978 v3_out
->recommended_client_protocols
, NULL
));
2980 v3_out
->package_lines
= smartlist_new();
2983 for (cl
= get_options()->RecommendedPackages
; cl
; cl
= cl
->next
) {
2984 if (validate_recommended_package_line(cl
->value
))
2985 smartlist_add(v3_out
->package_lines
, tor_strdup(cl
->value
));
2989 v3_out
->known_flags
= smartlist_new();
2990 smartlist_split_string(v3_out
->known_flags
,
2991 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
2992 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2993 if (vote_on_reachability
)
2994 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2996 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2997 smartlist_sort_strings(v3_out
->known_flags
);
2999 if (options
->ConsensusParams
) {
3000 v3_out
->net_params
= smartlist_new();
3001 smartlist_split_string(v3_out
->net_params
,
3002 options
->ConsensusParams
, NULL
, 0, 0);
3003 smartlist_sort_strings(v3_out
->net_params
);
3006 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
3007 voter
->nickname
= tor_strdup(options
->Nickname
);
3008 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
3009 voter
->sigs
= smartlist_new();
3010 voter
->address
= hostname
;
3012 voter
->dir_port
= router_get_advertised_dir_port(options
, 0);
3013 voter
->or_port
= router_get_advertised_or_port(options
);
3014 voter
->contact
= tor_strdup(contact
);
3015 if (options
->V3AuthUseLegacyKey
) {
3016 authority_cert_t
*c
= get_my_v3_legacy_cert();
3018 if (crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
)) {
3019 log_warn(LD_BUG
, "Unable to compute digest of legacy v3 identity key");
3020 memset(voter
->legacy_id_digest
, 0, DIGEST_LEN
);
3025 v3_out
->voters
= smartlist_new();
3026 smartlist_add(v3_out
->voters
, voter
);
3027 v3_out
->cert
= authority_cert_dup(cert
);
3028 v3_out
->routerstatus_list
= routerstatuses
;
3029 /* Note: networkstatus_digest is unset; it won't get set until we actually
3030 * format the vote. */
3035 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3036 * pointers, adds copies of digests to fps_out, and doesn't use the
3037 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3038 * requests, adds identity digests.
3041 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
3042 const char **msg
, int for_unencrypted_conn
,
3048 if (!strcmp(key
, "all")) {
3049 routerlist_t
*rl
= router_get_routerlist();
3050 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3051 smartlist_add(fps_out
,
3052 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
3053 /* Treat "all" requests as if they were unencrypted */
3054 for_unencrypted_conn
= 1;
3055 } else if (!strcmp(key
, "authority")) {
3056 const routerinfo_t
*ri
= router_get_my_routerinfo();
3058 smartlist_add(fps_out
,
3059 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
3060 } else if (!strcmpstart(key
, "d/")) {
3062 key
+= strlen("d/");
3063 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3064 DSR_HEX
|DSR_SORT_UNIQ
);
3065 } else if (!strcmpstart(key
, "fp/")) {
3066 key
+= strlen("fp/");
3067 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3068 DSR_HEX
|DSR_SORT_UNIQ
);
3070 *msg
= "Key not recognized";
3074 if (for_unencrypted_conn
) {
3075 /* Remove anything that insists it not be sent unencrypted. */
3076 SMARTLIST_FOREACH_BEGIN(fps_out
, char *, cp
) {
3077 const signed_descriptor_t
*sd
;
3079 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
3080 else if (is_extrainfo
)
3081 sd
= extrainfo_get_by_descriptor_digest(cp
);
3083 sd
= router_get_by_descriptor_digest(cp
);
3084 if (sd
&& !sd
->send_unencrypted
) {
3086 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
3088 } SMARTLIST_FOREACH_END(cp
);
3091 if (!smartlist_len(fps_out
)) {
3092 *msg
= "Servers unavailable";
3098 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3099 * <b>key</b>. The key should be either
3100 * - "/tor/server/authority" for our own routerinfo;
3101 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3102 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3103 * hex identity digests; or
3104 * - "/tor/server/d/D" where D is a plus-separated sequence
3105 * of server descriptor digests, in hex.
3107 * Return 0 if we found some matching descriptors, or -1 if we do not
3108 * have any descriptors, no matching descriptors, or if we did not
3109 * recognize the key (URL).
3110 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3113 * XXXX rename this function. It's only called from the controller.
3114 * XXXX in fact, refactor this function, merging as much as possible.
3117 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3122 if (!strcmp(key
, "/tor/server/all")) {
3123 routerlist_t
*rl
= router_get_routerlist();
3124 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3125 smartlist_add(descs_out
, &(r
->cache_info
)));
3126 } else if (!strcmp(key
, "/tor/server/authority")) {
3127 const routerinfo_t
*ri
= router_get_my_routerinfo();
3129 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3130 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3131 smartlist_t
*digests
= smartlist_new();
3132 key
+= strlen("/tor/server/d/");
3133 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3134 DSR_HEX
|DSR_SORT_UNIQ
);
3135 SMARTLIST_FOREACH(digests
, const char *, d
,
3137 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3139 smartlist_add(descs_out
,sd
);
3141 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3142 smartlist_free(digests
);
3143 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3144 smartlist_t
*digests
= smartlist_new();
3145 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3146 key
+= strlen("/tor/server/fp/");
3147 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3148 DSR_HEX
|DSR_SORT_UNIQ
);
3149 SMARTLIST_FOREACH_BEGIN(digests
, const char *, d
) {
3150 if (router_digest_is_me(d
)) {
3151 /* calling router_get_my_routerinfo() to make sure it exists */
3152 const routerinfo_t
*ri
= router_get_my_routerinfo();
3154 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3156 const routerinfo_t
*ri
= router_get_by_id_digest(d
);
3157 /* Don't actually serve a descriptor that everyone will think is
3158 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3159 * Tors from downloading descriptors that they will throw away.
3161 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3162 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3164 } SMARTLIST_FOREACH_END(d
);
3165 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3166 smartlist_free(digests
);
3168 *msg
= "Key not recognized";
3172 if (!smartlist_len(descs_out
)) {
3173 *msg
= "Servers unavailable";
3179 /** Called when a TLS handshake has completed successfully with a
3180 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3181 * a certificate with digest <b>digest_rcvd</b>.
3183 * Inform the reachability checker that we could get to this relay.
3186 dirserv_orconn_tls_done(const tor_addr_t
*addr
,
3188 const char *digest_rcvd
)
3190 node_t
*node
= NULL
;
3191 tor_addr_port_t orport
;
3192 routerinfo_t
*ri
= NULL
;
3193 time_t now
= time(NULL
);
3195 tor_assert(digest_rcvd
);
3197 node
= node_get_mutable_by_id(digest_rcvd
);
3198 if (node
== NULL
|| node
->ri
== NULL
)
3202 tor_addr_copy(&orport
.addr
, addr
);
3203 orport
.port
= or_port
;
3204 if (router_has_orport(ri
, &orport
)) {
3205 /* Found the right router. */
3206 if (!authdir_mode_bridge(get_options()) ||
3207 ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3208 char addrstr
[TOR_ADDR_BUF_LEN
];
3209 /* This is a bridge or we're not a bridge authorititative --
3210 mark it as reachable. */
3211 log_info(LD_DIRSERV
, "Found router %s to be reachable at %s:%d. Yay.",
3212 router_describe(ri
),
3213 tor_addr_to_str(addrstr
, addr
, sizeof(addrstr
), 1),
3215 if (tor_addr_family(addr
) == AF_INET
) {
3216 rep_hist_note_router_reachable(digest_rcvd
, addr
, or_port
, now
);
3217 node
->last_reachable
= now
;
3218 } else if (tor_addr_family(addr
) == AF_INET6
) {
3219 /* No rephist for IPv6. */
3220 node
->last_reachable6
= now
;
3226 /** Called when we, as an authority, receive a new router descriptor either as
3227 * an upload or a download. Used to decide whether to relaunch reachability
3228 * testing for the server. */
3230 dirserv_should_launch_reachability_test(const routerinfo_t
*ri
,
3231 const routerinfo_t
*ri_old
)
3233 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3236 /* New router: Launch an immediate reachability test, so we will have an
3237 * opinion soon in case we're generating a consensus soon */
3240 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3241 /* It just came out of hibernation; launch a reachability test */
3244 if (! routers_have_same_or_addrs(ri
, ri_old
)) {
3245 /* Address or port changed; launch a reachability test */
3251 /** Helper function for dirserv_test_reachability(). Start a TLS
3252 * connection to <b>router</b>, and annotate it with when we started
3255 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3257 channel_t
*chan
= NULL
;
3258 node_t
*node
= NULL
;
3259 tor_addr_t router_addr
;
3263 node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
3267 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3268 router
->nickname
, fmt_addr32(router
->addr
), router
->or_port
);
3269 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3270 chan
= channel_tls_connect(&router_addr
, router
->or_port
,
3271 router
->cache_info
.identity_digest
);
3272 if (chan
) command_setup_channel(chan
);
3274 /* Possible IPv6. */
3275 if (get_options()->AuthDirHasIPv6Connectivity
== 1 &&
3276 !tor_addr_is_null(&router
->ipv6_addr
)) {
3277 char addrstr
[TOR_ADDR_BUF_LEN
];
3278 log_debug(LD_OR
, "Testing reachability of %s at %s:%u.",
3280 tor_addr_to_str(addrstr
, &router
->ipv6_addr
, sizeof(addrstr
), 1),
3281 router
->ipv6_orport
);
3282 chan
= channel_tls_connect(&router
->ipv6_addr
, router
->ipv6_orport
,
3283 router
->cache_info
.identity_digest
);
3284 if (chan
) command_setup_channel(chan
);
3288 /** Auth dir server only: load balance such that we only
3289 * try a few connections per call.
3291 * The load balancing is such that if we get called once every ten
3292 * seconds, we will cycle through all the tests in
3293 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3296 dirserv_test_reachability(time_t now
)
3298 /* XXX decide what to do here; see or-talk thread "purging old router
3299 * information, revocation." -NM
3300 * We can't afford to mess with this in 0.1.2.x. The reason is that
3301 * if we stop doing reachability tests on some of routerlist, then
3302 * we'll for-sure think they're down, which may have unexpected
3303 * effects in other parts of the code. It doesn't hurt much to do
3304 * the testing, and directory authorities are easy to upgrade. Let's
3305 * wait til 0.2.0. -RD */
3306 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3307 routerlist_t
*rl
= router_get_routerlist();
3308 static char ctr
= 0;
3309 int bridge_auth
= authdir_mode_bridge(get_options());
3311 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3312 const char *id_digest
= router
->cache_info
.identity_digest
;
3313 if (router_is_me(router
))
3315 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3316 continue; /* bridge authorities only test reachability on bridges */
3317 // if (router->cache_info.published_on > cutoff)
3319 if ((((uint8_t)id_digest
[0]) % REACHABILITY_MODULO_PER_TEST
) == ctr
) {
3320 dirserv_single_reachability_test(now
, router
);
3322 } SMARTLIST_FOREACH_END(router
);
3323 ctr
= (ctr
+ 1) % REACHABILITY_MODULO_PER_TEST
; /* increment ctr */
3326 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3327 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3328 * flavor name if we want a flavored v3 status, return a pointer to the
3329 * appropriate cached dir object, or NULL if there isn't one available. */
3330 static cached_dir_t
*
3331 lookup_cached_dir_by_fp(const char *fp
)
3333 cached_dir_t
*d
= NULL
;
3334 if (tor_digest_is_zero(fp
) && cached_consensuses
) {
3335 d
= strmap_get(cached_consensuses
, "ns");
3336 } else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
&&
3337 (d
= strmap_get(cached_consensuses
, fp
))) {
3338 /* this here interface is a nasty hack XXXX */;
3343 /** Remove from <b>fps</b> every networkstatus key where both
3344 * a) we have a networkstatus document and
3345 * b) it is not newer than <b>cutoff</b>.
3347 * Return 1 if any items were present at all; else return 0.
3350 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
3353 SMARTLIST_FOREACH_BEGIN(fps
, char *, digest
) {
3354 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
3358 if (d
->published
<= cutoff
) {
3360 SMARTLIST_DEL_CURRENT(fps
, digest
);
3362 } SMARTLIST_FOREACH_END(digest
);
3367 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3368 * its extra-info document if <b>extrainfo</b> is true. Return
3369 * NULL if not found or if the descriptor is older than
3370 * <b>publish_cutoff</b>. */
3371 static const signed_descriptor_t
*
3372 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
3373 time_t publish_cutoff
)
3375 if (router_digest_is_me(fp
)) {
3377 return &(router_get_my_extrainfo()->cache_info
);
3379 return &(router_get_my_routerinfo()->cache_info
);
3381 const routerinfo_t
*ri
= router_get_by_id_digest(fp
);
3383 ri
->cache_info
.published_on
> publish_cutoff
) {
3385 return extrainfo_get_by_descriptor_digest(
3386 ri
->cache_info
.extra_info_digest
);
3388 return &ri
->cache_info
;
3394 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3395 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3396 * decide whether to send a 404. */
3398 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
3400 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3401 SMARTLIST_FOREACH_BEGIN(fps
, const char *, fp
) {
3404 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3405 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
3407 case DIR_SPOOL_SERVER_BY_DIGEST
:
3408 if (router_get_by_descriptor_digest(fp
)) return 1;
3410 case DIR_SPOOL_EXTRA_BY_FP
:
3411 case DIR_SPOOL_SERVER_BY_FP
:
3412 if (get_signed_descriptor_by_fp(fp
,
3413 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3417 } SMARTLIST_FOREACH_END(fp
);
3421 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3422 * a microdescriptor we have. */
3424 dirserv_have_any_microdesc(const smartlist_t
*fps
)
3426 microdesc_cache_t
*cache
= get_microdesc_cache();
3427 SMARTLIST_FOREACH(fps
, const char *, fp
,
3428 if (microdesc_cache_lookup_by_digest256(cache
, fp
))
3433 /** Return an approximate estimate of the number of bytes that will
3434 * be needed to transmit the server descriptors (if is_serverdescs --
3435 * they can be either d/ or fp/ queries) or networkstatus objects (if
3436 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3437 * we guess how large the data will be after compression.
3439 * The return value is an estimate; it might be larger or smaller.
3442 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3447 if (is_serverdescs
) {
3448 int n
= smartlist_len(fps
);
3449 const routerinfo_t
*me
= router_get_my_routerinfo();
3450 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3452 result
/= 2; /* observed compressibility is between 35 and 55%. */
3455 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3456 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3458 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3464 /** Given a list of microdescriptor hashes, guess how many bytes will be
3465 * needed to transmit them, and return the guess. */
3467 dirserv_estimate_microdesc_size(const smartlist_t
*fps
, int compressed
)
3469 size_t result
= smartlist_len(fps
) * microdesc_average_size(NULL
);
3475 /** When we're spooling data onto our outbuf, add more whenever we dip
3476 * below this threshold. */
3477 #define DIRSERV_BUFFER_MIN 16384
3479 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3480 * Flushes any remaining data to be (un)compressed, and changes the spool
3481 * source to NONE. Returns 0 on success, negative on failure. */
3483 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3485 if (conn
->zlib_state
) {
3486 connection_write_to_buf_zlib("", 0, conn
, 1);
3487 tor_zlib_free(conn
->zlib_state
);
3488 conn
->zlib_state
= NULL
;
3490 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3494 /** Spooling helper: called when we're sending a bunch of server descriptors,
3495 * and the outbuf has become too empty. Pulls some entries from
3496 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3497 * run out of entries, flushes the zlib state and sets the spool source to
3498 * NONE. Returns 0 on success, negative on failure.
3501 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3503 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3504 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3505 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3506 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3507 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3509 const or_options_t
*options
= get_options();
3511 while (smartlist_len(conn
->fingerprint_stack
) &&
3512 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3514 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3515 const signed_descriptor_t
*sd
= NULL
;
3517 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3519 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3520 : router_get_by_descriptor_digest(fp
);
3525 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3526 /* we did this check once before (so we could have an accurate size
3527 * estimate and maybe send a 404 if somebody asked for only bridges on a
3528 * connection), but we need to do it again in case a previously
3529 * unknown bridge descriptor has shown up between then and now. */
3533 /** If we are the bridge authority and the descriptor is a bridge
3534 * descriptor, remember that we served this descriptor for desc stats. */
3535 if (options
->BridgeAuthoritativeDir
&& by_fp
) {
3536 const routerinfo_t
*router
=
3537 router_get_by_id_digest(sd
->identity_digest
);
3538 /* router can be NULL here when the bridge auth is asked for its own
3540 if (router
&& router
->purpose
== ROUTER_PURPOSE_BRIDGE
)
3541 rep_hist_note_desc_served(sd
->identity_digest
);
3543 body
= signed_descriptor_get_body(sd
);
3544 if (conn
->zlib_state
) {
3545 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3546 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3549 tor_zlib_free(conn
->zlib_state
);
3550 conn
->zlib_state
= NULL
;
3553 connection_write_to_buf(body
,
3554 sd
->signed_descriptor_len
,
3559 if (!smartlist_len(conn
->fingerprint_stack
)) {
3560 /* We just wrote the last one; finish up. */
3561 if (conn
->zlib_state
) {
3562 connection_write_to_buf_zlib("", 0, conn
, 1);
3563 tor_zlib_free(conn
->zlib_state
);
3564 conn
->zlib_state
= NULL
;
3566 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3567 smartlist_free(conn
->fingerprint_stack
);
3568 conn
->fingerprint_stack
= NULL
;
3573 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3574 * and the outbuf has become too empty. Pulls some entries from
3575 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3576 * we run out of entries, flushes the zlib state and sets the spool source to
3577 * NONE. Returns 0 on success, negative on failure.
3580 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t
*conn
)
3582 microdesc_cache_t
*cache
= get_microdesc_cache();
3583 while (smartlist_len(conn
->fingerprint_stack
) &&
3584 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3585 char *fp256
= smartlist_pop_last(conn
->fingerprint_stack
);
3586 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(cache
, fp256
);
3588 if (!md
|| !md
->body
)
3590 if (conn
->zlib_state
) {
3591 int last
= !smartlist_len(conn
->fingerprint_stack
);
3592 connection_write_to_buf_zlib(md
->body
, md
->bodylen
, conn
, last
);
3594 tor_zlib_free(conn
->zlib_state
);
3595 conn
->zlib_state
= NULL
;
3598 connection_write_to_buf(md
->body
, md
->bodylen
, TO_CONN(conn
));
3601 if (!smartlist_len(conn
->fingerprint_stack
)) {
3602 if (conn
->zlib_state
) {
3603 connection_write_to_buf_zlib("", 0, conn
, 1);
3604 tor_zlib_free(conn
->zlib_state
);
3605 conn
->zlib_state
= NULL
;
3607 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3608 smartlist_free(conn
->fingerprint_stack
);
3609 conn
->fingerprint_stack
= NULL
;
3614 /** Spooling helper: Called when we're sending a directory or networkstatus,
3615 * and the outbuf has become too empty. Pulls some bytes from
3616 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3617 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3618 * and sets the spool source to NONE. Returns 0 on success, negative on
3621 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3626 bytes
= DIRSERV_BUFFER_MIN
- connection_get_outbuf_len(TO_CONN(conn
));
3627 tor_assert(bytes
> 0);
3628 tor_assert(conn
->cached_dir
);
3631 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3632 if (bytes
> remaining
)
3633 bytes
= (ssize_t
) remaining
;
3635 if (conn
->zlib_state
) {
3636 connection_write_to_buf_zlib(
3637 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3638 bytes
, conn
, bytes
== remaining
);
3640 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3641 bytes
, TO_CONN(conn
));
3643 conn
->cached_dir_offset
+= bytes
;
3644 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3645 /* We just wrote the last one; finish up. */
3646 connection_dirserv_finish_spooling(conn
);
3647 cached_dir_decref(conn
->cached_dir
);
3648 conn
->cached_dir
= NULL
;
3653 /** Spooling helper: Called when we're spooling networkstatus objects on
3654 * <b>conn</b>, and the outbuf has become too empty. If the current
3655 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3656 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3657 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3658 * treated as a request for the current consensus.) If we run out of entries,
3659 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3660 * success, negative on failure. */
3662 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3665 while (connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3666 if (conn
->cached_dir
) {
3667 int uncompressing
= (conn
->zlib_state
!= NULL
);
3668 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3669 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3670 /* add_dir_bytes thinks we're done with the cached_dir. But we
3671 * may have more cached_dirs! */
3672 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3673 /* This bit is tricky. If we were uncompressing the last
3674 * networkstatus, we may need to make a new zlib object to
3675 * uncompress the next one. */
3676 if (uncompressing
&& ! conn
->zlib_state
&&
3677 conn
->fingerprint_stack
&&
3678 smartlist_len(conn
->fingerprint_stack
)) {
3679 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
, HIGH_COMPRESSION
);
3683 } else if (conn
->fingerprint_stack
&&
3684 smartlist_len(conn
->fingerprint_stack
)) {
3685 /* Add another networkstatus; start serving it. */
3686 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3687 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3691 conn
->cached_dir
= d
;
3692 conn
->cached_dir_offset
= 0;
3695 connection_dirserv_finish_spooling(conn
);
3696 smartlist_free(conn
->fingerprint_stack
);
3697 conn
->fingerprint_stack
= NULL
;
3704 /** Called whenever we have flushed some directory data in state
3705 * SERVER_WRITING. */
3707 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3709 tor_assert(conn
->base_
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3711 if (connection_get_outbuf_len(TO_CONN(conn
)) >= DIRSERV_BUFFER_MIN
)
3714 switch (conn
->dir_spool_src
) {
3715 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3716 case DIR_SPOOL_EXTRA_BY_FP
:
3717 case DIR_SPOOL_SERVER_BY_DIGEST
:
3718 case DIR_SPOOL_SERVER_BY_FP
:
3719 return connection_dirserv_add_servers_to_outbuf(conn
);
3720 case DIR_SPOOL_MICRODESC
:
3721 return connection_dirserv_add_microdescs_to_outbuf(conn
);
3722 case DIR_SPOOL_CACHED_DIR
:
3723 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3724 case DIR_SPOOL_NETWORKSTATUS
:
3725 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3726 case DIR_SPOOL_NONE
:
3732 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3737 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3739 PACKAGENAME = NONSPACE
3742 DIGESTS = DIGEST | DIGESTS SP DIGEST
3743 DIGEST = DIGESTTYPE "=" DIGESTVAL
3745 NONSPACE = one or more non-space printing characters
3747 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3754 validate_recommended_package_line(const char *line
)
3756 const char *cp
= line
;
3762 cp = strchr(cp, ' '); \
3767 WORD(); /* skip packagename */
3769 WORD(); /* skip version */
3771 WORD(); /* Skip URL */
3774 /* Skip digesttype=digestval + */
3777 const char *start_of_word
= cp
;
3778 const char *end_of_word
= strchr(cp
, ' ');
3780 end_of_word
= cp
+ strlen(cp
);
3782 if (start_of_word
== end_of_word
)
3785 const char *eq
= memchr(start_of_word
, '=', end_of_word
- start_of_word
);
3789 if (eq
== start_of_word
)
3791 if (eq
== end_of_word
- 1)
3793 if (memchr(eq
+1, '=', end_of_word
- (eq
+1)))
3797 if (0 == *end_of_word
)
3800 cp
= end_of_word
+ 1;
3803 /* If we reach this point, we have at least 1 entry. */
3804 tor_assert(n_entries
> 0);
3808 /** Release all storage used by the directory server. */
3810 dirserv_free_all(void)
3812 dirserv_free_fingerprint_list();
3814 strmap_free(cached_consensuses
, free_cached_dir_
);
3815 cached_consensuses
= NULL
;
3817 dirserv_clear_measured_bw_cache();