1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 const char dirserv_c_id
[] =
9 #define DIRSERV_PRIVATE
14 * \brief Directory server core implementation. Manages directory
15 * contents and generates directories.
18 /** How far in the future do we allow a router to get? (seconds) */
19 #define ROUTER_ALLOW_SKEW (60*60*12)
20 /** How many seconds do we wait before regenerating the directory? */
21 #define DIR_REGEN_SLACK_TIME 30
22 /** If we're a cache, keep this many networkstatuses around from non-trusted
23 * directory authorities. */
24 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
26 /** If a v1 directory is older than this, discard it. */
27 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
28 /** If a v1 running-routers is older than this, discard it. */
29 #define MAX_V1_RR_AGE (7*24*60*60)
31 extern time_t time_of_process_start
; /* from main.c */
33 /** Do we need to regenerate the directory when someone asks for it? */
34 static int the_directory_is_dirty
= 1;
35 static int runningrouters_is_dirty
= 1;
36 static int the_v2_networkstatus_is_dirty
= 1;
38 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
40 static cached_dir_t
*the_directory
= NULL
;
42 /** For authoritative directories: the current (v1) network status. */
43 static cached_dir_t the_runningrouters
= { NULL
, NULL
, 0, 0, 0, -1 };
45 static void directory_remove_invalid(void);
46 static cached_dir_t
*dirserv_regenerate_directory(void);
47 static char *format_versions_list(config_line_t
*ln
);
48 struct authdir_config_t
;
49 static int add_fingerprint_to_dir(const char *nickname
, const char *fp
,
50 struct authdir_config_t
*list
);
51 static uint32_t dirserv_router_get_status(const routerinfo_t
*router
,
54 dirserv_get_status_impl(const char *fp
, const char *nickname
,
56 uint32_t addr
, uint16_t or_port
,
57 const char *platform
, const char *contact
,
58 const char **msg
, int should_log
);
59 static void clear_cached_dir(cached_dir_t
*d
);
60 static signed_descriptor_t
*get_signed_descriptor_by_fp(const char *fp
,
62 time_t publish_cutoff
);
63 static int dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
);
65 /************** Fingerprint handling code ************/
67 #define FP_NAMED 1 /**< Listed in fingerprint file. */
68 #define FP_INVALID 2 /**< Believed invalid. */
69 #define FP_REJECT 4 /**< We will not publish this router. */
70 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
71 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
72 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
74 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
76 typedef struct router_status_t
{
77 char nickname
[MAX_NICKNAME_LEN
+1];
81 /** List of nickname-\>identity fingerprint mappings for all the routers
82 * that we name. Used to prevent router impersonation. */
83 typedef struct authdir_config_t
{
84 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
85 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
88 /** Should be static; exposed for testing. */
89 static authdir_config_t
*fingerprint_list
= NULL
;
91 /** Allocate and return a new, empty, authdir_config_t. */
92 static authdir_config_t
*
93 authdir_config_new(void)
95 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
96 list
->fp_by_name
= strmap_new();
97 list
->status_by_digest
= digestmap_new();
101 /** Add the fingerprint <b>fp</b> for the nickname <b>nickname</b> to
102 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
103 * new, or 1 if we replaced the old value.
106 add_fingerprint_to_dir(const char *nickname
, const char *fp
,
107 authdir_config_t
*list
)
111 router_status_t
*status
;
112 tor_assert(nickname
);
116 fingerprint
= tor_strdup(fp
);
117 tor_strstrip(fingerprint
, " ");
118 if (base16_decode(d
, DIGEST_LEN
, fingerprint
, strlen(fingerprint
))) {
119 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
121 tor_free(fingerprint
);
125 if (!strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
126 log_warn(LD_DIRSERV
, "Tried to add a mapping for reserved nickname %s",
127 UNNAMED_ROUTER_NICKNAME
);
128 tor_free(fingerprint
);
132 status
= digestmap_get(list
->status_by_digest
, d
);
134 status
= tor_malloc_zero(sizeof(router_status_t
));
135 digestmap_set(list
->status_by_digest
, d
, status
);
138 if (nickname
[0] != '!') {
139 char *old_fp
= strmap_get_lc(list
->fp_by_name
, nickname
);
140 if (old_fp
&& !strcasecmp(fingerprint
, old_fp
)) {
141 tor_free(fingerprint
);
144 strmap_set_lc(list
->fp_by_name
, nickname
, fingerprint
);
146 status
->status
|= FP_NAMED
;
147 strlcpy(status
->nickname
, nickname
, sizeof(status
->nickname
));
149 tor_free(fingerprint
);
150 if (!strcasecmp(nickname
, "!reject")) {
151 status
->status
|= FP_REJECT
;
152 } else if (!strcasecmp(nickname
, "!invalid")) {
153 status
->status
|= FP_INVALID
;
154 } else if (!strcasecmp(nickname
, "!baddir")) {
155 status
->status
|= FP_BADDIR
;
156 } else if (!strcasecmp(nickname
, "!badexit")) {
157 status
->status
|= FP_BADEXIT
;
163 /** Add the nickname and fingerprint for this OR to the
164 * global list of recognized identity key fingerprints. */
166 dirserv_add_own_fingerprint(const char *nickname
, crypto_pk_env_t
*pk
)
168 char fp
[FINGERPRINT_LEN
+1];
169 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
170 log_err(LD_BUG
, "Error computing fingerprint");
173 if (!fingerprint_list
)
174 fingerprint_list
= authdir_config_new();
175 add_fingerprint_to_dir(nickname
, fp
, fingerprint_list
);
179 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
180 * file. The file format is line-based, with each non-blank holding one
181 * nickname, some space, and a fingerprint for that nickname. On success,
182 * replace the current fingerprint list with the new list and return 0. On
183 * failure, leave the current fingerprint list untouched, and
186 dirserv_load_fingerprint_file(void)
190 char *nickname
, *fingerprint
;
191 authdir_config_t
*fingerprint_list_new
;
193 config_line_t
*front
=NULL
, *list
;
194 or_options_t
*options
= get_options();
196 fname
= get_datadir_fname("approved-routers");
198 "Reloading approved fingerprints from \"%s\"...", fname
);
200 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
202 if (options
->NamingAuthoritativeDir
) {
203 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. Failing.", fname
);
207 log_info(LD_FS
, "Cannot open fingerprint file '%s'. Returning.", fname
);
214 result
= config_get_lines(cf
, &front
);
217 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
221 fingerprint_list_new
= authdir_config_new();
223 for (list
=front
; list
; list
=list
->next
) {
224 nickname
= list
->key
; fingerprint
= list
->value
;
225 if (strlen(nickname
) > MAX_NICKNAME_LEN
) {
226 log_notice(LD_CONFIG
,
227 "Nickname '%s' too long in fingerprint file. Skipping.",
231 if (!is_legal_nickname(nickname
) &&
232 strcasecmp(nickname
, "!reject") &&
233 strcasecmp(nickname
, "!invalid") &&
234 strcasecmp(nickname
, "!badexit")) {
235 log_notice(LD_CONFIG
,
236 "Invalid nickname '%s' in fingerprint file. Skipping.",
240 if (strlen(fingerprint
) != FINGERPRINT_LEN
||
241 !crypto_pk_check_fingerprint_syntax(fingerprint
)) {
242 log_notice(LD_CONFIG
,
243 "Invalid fingerprint (nickname '%s', "
244 "fingerprint %s). Skipping.",
245 nickname
, fingerprint
);
248 if (0==strcasecmp(nickname
, DEFAULT_CLIENT_NICKNAME
)) {
249 /* If you approved an OR called "client", then clients who use
250 * the default nickname could all be rejected. That's no good. */
251 log_notice(LD_CONFIG
,
252 "Authorizing nickname '%s' would break "
253 "many clients; skipping.",
254 DEFAULT_CLIENT_NICKNAME
);
257 if (0==strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
258 /* If you approved an OR called "unnamed", then clients will be
260 log_notice(LD_CONFIG
,
261 "Authorizing nickname '%s' is not allowed; skipping.",
262 UNNAMED_ROUTER_NICKNAME
);
265 if (add_fingerprint_to_dir(nickname
, fingerprint
, fingerprint_list_new
)
267 log_notice(LD_CONFIG
, "Duplicate nickname '%s'.", nickname
);
270 config_free_lines(front
);
271 dirserv_free_fingerprint_list();
272 fingerprint_list
= fingerprint_list_new
;
273 /* Delete any routers whose fingerprints we no longer recognize */
274 directory_remove_invalid();
278 /** Check whether <b>router</b> has a nickname/identity key combination that
279 * we recognize from the fingerprint list, or an IP we automatically act on
280 * according to our configuration. Return the appropriate router status.
282 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
283 * *<b>msg</b> to an explanation of why. */
285 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
)
289 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
290 log_warn(LD_BUG
,"Error computing fingerprint");
292 *msg
= "Bug: Error computing fingerprint";
296 return dirserv_get_status_impl(d
, router
->nickname
,
298 router
->addr
, router
->or_port
,
299 router
->platform
, router
->contact_info
,
303 /** Return true if there is no point in downloading the router described by
304 * <b>rs</b> because this directory would reject it. */
306 dirserv_would_reject_router(routerstatus_t
*rs
)
310 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
311 "", /* address is only used in logs */
312 rs
->addr
, rs
->or_port
,
316 return (res
& FP_REJECT
) != 0;
319 /** Helper: Based only on the ID/Nickname combination,
320 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
323 dirserv_get_name_status(const char *id_digest
, const char *nickname
)
325 char fp
[HEX_DIGEST_LEN
+1];
328 base16_encode(fp
, sizeof(fp
), id_digest
, DIGEST_LEN
);
331 strmap_get_lc(fingerprint_list
->fp_by_name
, nickname
))) {
332 if (!strcasecmp(fp
, fp_by_name
)) {
335 return FP_UNNAMED
; /* Wrong fingerprint. */
341 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
342 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
343 * port, platform (logging only) and contact info (logging only) as arguments.
345 * If should_log is false, do not log messages. (There's not much point in
346 * logging that we're rejecting servers we'll not download.)
349 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
351 uint32_t addr
, uint16_t or_port
,
352 const char *platform
, const char *contact
,
353 const char **msg
, int should_log
)
355 int reject_unlisted
= get_options()->AuthDirRejectUnlisted
;
357 router_status_t
*status_by_digest
;
359 if (!fingerprint_list
)
360 fingerprint_list
= authdir_config_new();
363 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
364 strmap_size(fingerprint_list
->fp_by_name
),
365 digestmap_size(fingerprint_list
->status_by_digest
));
367 result
= dirserv_get_name_status(id_digest
, nickname
);
368 if (result
& FP_NAMED
) {
370 log_debug(LD_DIRSERV
,"Good fingerprint for '%s'",nickname
);
372 if (result
& FP_UNNAMED
) {
374 char *esc_contact
= esc_for_log(contact
);
376 "Mismatched fingerprint for '%s'. "
377 "ContactInfo '%s', platform '%s'.)",
380 platform
? escaped(platform
) : "");
381 tor_free(esc_contact
);
384 *msg
= "Rejected: There is already a named server with this nickname "
385 "and a different fingerprint.";
388 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
390 if (status_by_digest
)
391 result
|= (status_by_digest
->status
& ~FP_NAMED
);
393 if (result
& FP_REJECT
) {
395 *msg
= "Fingerprint is marked rejected";
397 } else if (result
& FP_INVALID
) {
399 *msg
= "Fingerprint is marked invalid";
402 if (authdir_policy_baddir_address(addr
, or_port
)) {
405 "Marking '%s' as bad directory because of address '%s'",
410 if (authdir_policy_badexit_address(addr
, or_port
)) {
412 log_info(LD_DIRSERV
, "Marking '%s' as bad exit because of address '%s'",
414 result
|= FP_BADEXIT
;
417 if (!(result
& FP_NAMED
)) {
418 if (!authdir_policy_permits_address(addr
, or_port
)) {
420 log_info(LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
423 *msg
= "Authdir is rejecting routers in this range.";
426 if (!authdir_policy_valid_address(addr
, or_port
)) {
428 log_info(LD_DIRSERV
, "Not marking '%s' valid because of address '%s'",
430 result
|= FP_INVALID
;
432 if (reject_unlisted
) {
434 *msg
= "Authdir rejects unknown routers.";
437 /* 0.1.0.2-rc was the first version that did enough self-testing that
438 * we're willing to take its word about whether it's running. */
439 if (platform
&& !tor_version_as_new_as(platform
,"0.1.0.2-rc"))
440 result
|= FP_INVALID
;
446 /** If we are an authoritative dirserver, and the list of approved
447 * servers contains one whose identity key digest is <b>digest</b>,
448 * return that router's nickname. Otherwise return NULL. */
450 dirserv_get_nickname_by_digest(const char *digest
)
452 router_status_t
*status
;
453 if (!fingerprint_list
)
457 status
= digestmap_get(fingerprint_list
->status_by_digest
, digest
);
458 return status
? status
->nickname
: NULL
;
461 /** Clear the current fingerprint list. */
463 dirserv_free_fingerprint_list(void)
465 if (!fingerprint_list
)
468 strmap_free(fingerprint_list
->fp_by_name
, _tor_free
);
469 digestmap_free(fingerprint_list
->status_by_digest
, _tor_free
);
470 tor_free(fingerprint_list
);
477 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
478 * unless we're configured to not care. Return 0 if all ok. */
480 dirserv_router_has_valid_address(routerinfo_t
*ri
)
482 struct in_addr iaddr
;
483 if (get_options()->DirAllowPrivateAddresses
)
484 return 0; /* whatever it is, we're fine with it */
485 if (!tor_inet_aton(ri
->address
, &iaddr
)) {
486 log_info(LD_DIRSERV
,"Router '%s' published non-IP address '%s'. Refusing.",
487 ri
->nickname
, ri
->address
);
490 if (is_internal_IP(ntohl(iaddr
.s_addr
), 0)) {
492 "Router '%s' published internal IP address '%s'. Refusing.",
493 ri
->nickname
, ri
->address
);
494 return -1; /* it's a private IP, we should reject it */
499 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
500 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
502 * If the router is rejected, set *<b>msg</b> to an explanation of why.
504 * If <b>complain</b> then explain at log-level 'notice' why we refused
505 * a descriptor; else explain at log-level 'info'.
508 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
511 /* Okay. Now check whether the fingerprint is recognized. */
512 uint32_t status
= dirserv_router_get_status(ri
, msg
);
514 int severity
= complain
? LOG_NOTICE
: LOG_INFO
;
516 if (status
& FP_REJECT
)
517 return -1; /* msg is already set. */
519 /* Is there too much clock skew? */
521 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
522 log_fn(severity
, LD_DIRSERV
, "Publication time for nickname '%s' is too "
523 "far (%d minutes) in the future; possible clock skew. Not adding "
525 ri
->nickname
, (int)((ri
->cache_info
.published_on
-now
)/60),
526 esc_router_info(ri
));
527 *msg
= "Rejected: Your clock is set too far in the future, or your "
528 "timezone is not correct.";
531 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
532 log_fn(severity
, LD_DIRSERV
,
533 "Publication time for router with nickname '%s' is too far "
534 "(%d minutes) in the past. Not adding (%s)",
535 ri
->nickname
, (int)((now
-ri
->cache_info
.published_on
)/60),
536 esc_router_info(ri
));
537 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
538 " or your timezone is not correct.";
541 if (dirserv_router_has_valid_address(ri
) < 0) {
542 log_fn(severity
, LD_DIRSERV
,
543 "Router with nickname '%s' has invalid address '%s'. "
545 ri
->nickname
, ri
->address
,
546 esc_router_info(ri
));
547 *msg
= "Rejected: Address is not an IP, or IP is a private address.";
550 /* Okay, looks like we're willing to accept this one. */
551 ri
->is_named
= (status
& FP_NAMED
) ? 1 : 0;
552 ri
->is_valid
= (status
& FP_INVALID
) ? 0 : 1;
553 ri
->is_bad_directory
= (status
& FP_BADDIR
) ? 1 : 0;
554 ri
->is_bad_exit
= (status
& FP_BADEXIT
) ? 1 : 0;
559 /** As for dirserv_add_descriptor, but accepts multiple documents, and
560 * returns the most severe error that occurred for any one of them. */
562 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
566 int r
=100; /* higher than any actual return value. */
572 time_t now
= time(NULL
);
573 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
574 char time_buf
[ISO_TIME_LEN
+1];
575 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
578 format_iso_time(time_buf
, now
);
579 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
582 "%s%s%s", time_buf
, escaped(source
),
583 !general
? "@purpose " : "",
584 !general
? router_purpose_to_string(purpose
) : "",
585 !general
? "\n" : "")<0) {
586 *msg
= "Couldn't format annotations";
591 list
= smartlist_create();
592 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
594 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
596 tor_assert(ri
->purpose
== purpose
);
597 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
);
604 n_parsed
+= smartlist_len(list
);
605 smartlist_clear(list
);
608 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
610 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
613 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
620 n_parsed
+= smartlist_len(list
);
621 smartlist_free(list
);
625 *msg
= "No descriptors found in your POST.";
629 *msg
= "(no message)";
633 return r
<= 2 ? r
: 2;
636 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
637 * the list of server descriptors. Set *<b>msg</b> to a message that should be
638 * passed back to the origin of this descriptor.
640 * Return 2 if descriptor is well-formed and accepted;
641 * 1 if well-formed and accepted but origin should hear *msg;
642 * 0 if well-formed but redundant with one we already have;
643 * -1 if it is rejected and origin should hear *msg;
645 * This function is only called when fresh descriptors are posted, not when
646 * we re-load the cache.
649 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
)
652 routerinfo_t
*ri_old
;
656 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
657 * network and it'll clog everything up. */
658 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
659 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor "
660 "with size %d. Either this is an attack, or the "
661 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
662 (int)ri
->cache_info
.signed_descriptor_len
,
663 MAX_DESCRIPTOR_UPLOAD_SIZE
);
664 *msg
= "Router descriptor was too large";
665 control_event_or_authdir_new_descriptor("REJECTED",
666 ri
->cache_info
.signed_descriptor_body
,
667 ri
->cache_info
.signed_descriptor_len
, *msg
);
672 /* Check whether this descriptor is semantically identical to the last one
673 * from this server. (We do this here and not in router_add_to_routerlist
674 * because we want to be able to accept the newest router descriptor that
675 * another authority has, so we all converge on the same one.) */
676 ri_old
= router_get_by_digest(ri
->cache_info
.identity_digest
);
677 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
678 && router_differences_are_cosmetic(ri_old
, ri
)
679 && !router_is_me(ri
)) {
681 "Not replacing descriptor from '%s'; differences are cosmetic.",
683 *msg
= "Not replacing router descriptor; no information has changed since "
684 "the last one with this identity.";
685 control_event_or_authdir_new_descriptor("DROPPED",
686 ri
->cache_info
.signed_descriptor_body
,
687 ri
->cache_info
.signed_descriptor_len
, *msg
);
691 if (control_event_is_interesting(EVENT_AUTHDIR_NEWDESCS
)) {
692 /* Make a copy of desc, since router_add_to_routerlist might free
693 * ri and its associated signed_descriptor_t. */
694 desclen
= ri
->cache_info
.signed_descriptor_len
;
695 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
698 if ((r
= router_add_to_routerlist(ri
, msg
, 0, 0))<0) {
699 if (r
< -1 && desc
) /* unless the routerinfo was fine, just out-of-date */
700 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
702 return r
== -1 ? 0 : -1;
704 smartlist_t
*changed
;
705 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
707 changed
= smartlist_create();
708 smartlist_add(changed
, ri
);
709 control_event_descriptors_changed(changed
);
710 smartlist_free(changed
);
712 *msg
= ri
->is_valid
? "Descriptor for valid server accepted" :
713 "Descriptor for invalid server accepted";
716 return r
== 0 ? 2 : 1;
720 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
722 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
729 ri
= router_get_by_digest(ei
->cache_info
.identity_digest
);
731 *msg
= "No corresponding router descriptor for extra-info descriptor";
736 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
737 * network and it'll clog everything up. */
738 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
739 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
740 "with size %d. Either this is an attack, or the "
741 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
742 (int)ei
->cache_info
.signed_descriptor_len
,
743 MAX_EXTRAINFO_UPLOAD_SIZE
);
744 *msg
= "Extrainfo document was too large";
749 if ((r
= routerinfo_incompatible_with_extrainfo(ri
, ei
, NULL
, msg
))) {
751 return r
< 0 ? 0 : -1;
753 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
757 /** Remove all descriptors whose nicknames or fingerprints no longer
758 * are allowed by our fingerprint list. (Descriptors that used to be
759 * good can become bad when we reload the fingerprint list.)
762 directory_remove_invalid(void)
766 routerlist_t
*rl
= router_get_routerlist();
768 routerlist_assert_ok(rl
);
770 for (i
= 0; i
< smartlist_len(rl
->routers
); ++i
) {
772 routerinfo_t
*ent
= smartlist_get(rl
->routers
, i
);
773 uint32_t r
= dirserv_router_get_status(ent
, &msg
);
775 log_info(LD_DIRSERV
, "Router '%s' is now rejected: %s",
776 ent
->nickname
, msg
?msg
:"");
777 routerlist_remove(rl
, ent
, 0);
782 if (bool_neq((r
& FP_NAMED
), ent
->is_named
)) {
784 "Router '%s' is now %snamed.", ent
->nickname
,
785 (r
&FP_NAMED
)?"":"un");
786 ent
->is_named
= (r
&FP_NAMED
)?1:0;
789 if (bool_neq((r
& FP_INVALID
), !ent
->is_valid
)) {
790 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", ent
->nickname
,
791 (r
&FP_INVALID
) ? "in" : "");
792 ent
->is_valid
= (r
&FP_INVALID
)?0:1;
795 if (bool_neq((r
& FP_BADDIR
), ent
->is_bad_directory
)) {
796 log_info(LD_DIRSERV
, "Router '%s' is now a %s directory", ent
->nickname
,
797 (r
& FP_BADDIR
) ? "bad" : "good");
798 ent
->is_bad_directory
= (r
&FP_BADDIR
) ? 1: 0;
801 if (bool_neq((r
& FP_BADEXIT
), ent
->is_bad_exit
)) {
802 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", ent
->nickname
,
803 (r
& FP_BADEXIT
) ? "bad" : "good");
804 ent
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
809 directory_set_dirty();
811 routerlist_assert_ok(rl
);
814 /** Write a list of unregistered descriptors into a newly allocated
815 * string and return it. Used by dirserv operators to keep track of
816 * fast nodes that haven't registered.
819 getinfo_helper_dirserv_unregistered(control_connection_t
*control_conn
,
820 const char *question
, char **answer_out
)
822 smartlist_t
*answerlist
;
825 int min_bw
= atoi(question
);
826 routerlist_t
*rl
= router_get_routerlist();
830 if (strcmpstart(question
, "unregistered-servers-"))
832 question
+= strlen("unregistered-servers-");
834 answerlist
= smartlist_create();
835 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ent
, {
836 uint32_t r
= dirserv_router_get_status(ent
, NULL
);
837 if (router_get_advertised_bandwidth(ent
) >= (size_t)min_bw
&&
839 /* then log this one */
840 tor_snprintf(buf
, sizeof(buf
),
841 "%s: BW %d on '%s'.",
842 ent
->nickname
, router_get_advertised_bandwidth(ent
),
843 ent
->platform
? ent
->platform
: "");
844 smartlist_add(answerlist
, tor_strdup(buf
));
847 answer
= smartlist_join_strings(answerlist
, "\r\n", 0, NULL
);
848 SMARTLIST_FOREACH(answerlist
, char *, cp
, tor_free(cp
));
849 smartlist_free(answerlist
);
850 *answer_out
= answer
;
854 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
855 * directory, we will rebuild it instead of reusing the most recently
859 directory_set_dirty(void)
861 time_t now
= time(NULL
);
864 /* Regenerate stubs only every 8 hours. XXXX020 */
865 #define STUB_REGENERATE_INTERVAL (8*60*60)
866 if (!the_directory
|| !the_runningrouters
.dir
)
868 else if (the_directory
->published
< now
- STUB_REGENERATE_INTERVAL
||
869 the_runningrouters
.published
< now
- STUB_REGENERATE_INTERVAL
)
873 if (!the_directory_is_dirty
)
874 the_directory_is_dirty
= now
;
875 if (!runningrouters_is_dirty
)
876 runningrouters_is_dirty
= now
;
878 if (!the_v2_networkstatus_is_dirty
)
879 the_v2_networkstatus_is_dirty
= now
;
883 * Allocate and return a description of the status of the server <b>desc</b>,
884 * for use in a v1-style router-status line. The server is listed
885 * as running iff <b>is_live</b> is true.
888 list_single_server_status(routerinfo_t
*desc
, int is_live
)
890 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
899 if (desc
->is_valid
) {
900 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
905 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
907 return tor_strdup(buf
);
910 /** Each server needs to have passed a reachability test no more
911 * than this number of seconds ago, or he is listed as down in
913 #define REACHABLE_TIMEOUT (45*60)
915 /** Treat a router as alive if
916 * - It's me, and I'm not hibernating.
917 * or - We've found it reachable recently. */
919 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
923 if (router_is_me(router
) && !we_are_hibernating())
926 answer
= get_options()->AssumeReachable
||
927 now
< router
->last_reachable
+ REACHABLE_TIMEOUT
;
929 if (router
->is_running
&& !answer
) {
930 /* it was running but now it's not. tell rephist. */
931 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, now
);
934 router
->is_running
= answer
;
937 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
938 * contents of a v1-style router-status line, and store it in
939 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
941 * If for_controller is true, include the routers with very old descriptors.
942 * If for_controller is >1, use the verbose nickname format.
945 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
948 /* List of entries in a router-status style: An optional !, then an optional
949 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
950 smartlist_t
*rs_entries
;
951 time_t now
= time(NULL
);
952 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
953 or_options_t
*options
= get_options();
954 /* We include v2 dir auths here too, because they need to answer
955 * controllers. Eventually we'll deprecate this whole function;
956 * see also networkstatus_getinfo_by_purpose(). */
957 int authdir
= authdir_mode_publishes_statuses(options
);
958 tor_assert(router_status_out
);
960 rs_entries
= smartlist_create();
962 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
,
965 /* Update router status in routerinfo_t. */
966 dirserv_set_router_is_running(ri
, now
);
968 if (for_controller
== 1 || ri
->cache_info
.published_on
>= cutoff
)
969 smartlist_add(rs_entries
, list_single_server_status(ri
, ri
->is_running
));
970 else if (for_controller
> 2) {
971 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
975 router_get_verbose_nickname(cp
, ri
);
976 smartlist_add(rs_entries
, tor_strdup(name_buf
));
980 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
982 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
983 smartlist_free(rs_entries
);
988 /** Given a (possibly empty) list of config_line_t, each line of which contains
989 * a list of comma-separated version numbers surrounded by optional space,
990 * allocate and return a new string containing the version numbers, in order,
991 * separated by commas. Used to generate Recommended(Client|Server)?Versions
994 format_versions_list(config_line_t
*ln
)
996 smartlist_t
*versions
;
998 versions
= smartlist_create();
999 for ( ; ln
; ln
= ln
->next
) {
1000 smartlist_split_string(versions
, ln
->value
, ",",
1001 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
1003 sort_version_list(versions
, 1);
1004 result
= smartlist_join_strings(versions
,",",0,NULL
);
1005 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
1006 smartlist_free(versions
);
1010 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1011 * not hibernating, and not too old. Else return 0.
1014 router_is_active(routerinfo_t
*ri
, time_t now
)
1016 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1017 if (ri
->cache_info
.published_on
< cutoff
)
1019 if (!ri
->is_running
|| !ri
->is_valid
|| ri
->is_hibernating
)
1024 /** Generate a new v1 directory and write it into a newly allocated string.
1025 * Point *<b>dir_out</b> to the allocated string. Sign the
1026 * directory with <b>private_key</b>. Return 0 on success, -1 on
1027 * failure. If <b>complete</b> is set, give us all the descriptors;
1028 * otherwise leave out non-running and non-valid ones.
1031 dirserv_dump_directory_to_string(char **dir_out
,
1032 crypto_pk_env_t
*private_key
)
1035 char *identity_pkey
; /* Identity key, DER64-encoded. */
1036 char *recommended_versions
;
1037 char digest
[DIGEST_LEN
];
1038 char published
[ISO_TIME_LEN
+1];
1041 size_t identity_pkey_len
;
1042 time_t now
= time(NULL
);
1044 tor_assert(dir_out
);
1047 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1048 &identity_pkey_len
)<0) {
1049 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1053 recommended_versions
=
1054 format_versions_list(get_options()->RecommendedVersions
);
1056 format_iso_time(published
, now
);
1058 buf_len
= 2048+strlen(recommended_versions
);
1060 buf
= tor_malloc(buf_len
);
1061 /* We'll be comparing against buf_len throughout the rest of the
1062 function, though strictly speaking we shouldn't be able to exceed
1063 it. This is C, after all, so we may as well check for buffer
1066 tor_snprintf(buf
, buf_len
,
1067 "signed-directory\n"
1069 "recommended-software %s\n"
1070 "router-status %s\n"
1071 "dir-signing-key\n%s\n",
1072 published
, recommended_versions
, "",
1075 tor_free(recommended_versions
);
1076 tor_free(identity_pkey
);
1078 cp
= buf
+ strlen(buf
);
1081 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1083 if (strlcat(buf
, "directory-signature ", buf_len
) >= buf_len
)
1085 if (strlcat(buf
, get_options()->Nickname
, buf_len
) >= buf_len
)
1087 if (strlcat(buf
, "\n", buf_len
) >= buf_len
)
1090 if (router_get_dir_hash(buf
,digest
)) {
1091 log_warn(LD_BUG
,"couldn't compute digest");
1095 note_crypto_pk_op(SIGN_DIR
);
1096 if (router_append_dirobj_signature(buf
,buf_len
,digest
,private_key
)<0) {
1104 log_warn(LD_BUG
,"tried to exceed string length.");
1109 /********************************************************************/
1111 /* A set of functions to answer questions about how we'd like to behave
1112 * as a directory mirror/client. */
1114 /** Return 1 if we fetch our directory material directly from the
1115 * authorities, rather than from a mirror. */
1117 directory_fetches_from_authorities(or_options_t
*options
)
1120 if (options
->FetchDirInfoEarly
)
1122 if (options
->DirPort
== 0)
1124 if (options
->BridgeRelay
== 1)
1126 if (!server_mode(options
) || !advertised_server_mode())
1128 me
= router_get_my_routerinfo();
1129 if (!me
|| !me
->dir_port
)
1130 return 0; /* if dirport not advertised, return 0 too */
1134 /* Return 1 if we should fetch new networkstatuses, descriptors, etc
1135 * on the "mirror" schedule rather than the "client" schedule.
1138 directory_fetches_dir_info_early(or_options_t
*options
)
1140 return directory_fetches_from_authorities(options
);
1143 /* Return 1 if we should fetch new networkstatuses, descriptors, etc
1144 * on a very passive schedule -- waiting long enough for ordinary clients
1145 * to probably have the info we want. These would include bridge users,
1146 * and maybe others in the future e.g. if a Tor client uses another Tor
1147 * client as a directory guard.
1150 directory_fetches_dir_info_later(or_options_t
*options
)
1152 return options
->UseBridges
!= 0;
1155 /** Return 1 if we want to cache v2 dir info (each status file).
1158 directory_caches_v2_dir_info(or_options_t
*options
)
1160 return options
->DirPort
!= 0;
1163 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1164 * and we're willing to serve them to others. Else return 0.
1167 directory_caches_dir_info(or_options_t
*options
)
1169 return options
->BridgeRelay
!= 0 || options
->DirPort
!= 0;
1172 /** Return 1 if we want to allow remote people to ask us directory
1173 * requests via the "begin_dir" interface, which doesn't require
1174 * having any separate port open. */
1176 directory_permits_begindir_requests(or_options_t
*options
)
1178 return options
->BridgeRelay
!= 0 || options
->DirPort
!= 0;
1181 /** Return 1 if we want to allow controllers to ask us directory
1182 * requests via the controller interface, which doesn't require
1183 * having any separate port open. */
1185 directory_permits_controller_requests(or_options_t
*options
)
1187 return options
->DirPort
!= 0;
1190 /** Return 1 if we have no need to fetch new descriptors. This generally
1191 * happens when we're not a dir cache and we haven't built any circuits
1195 directory_too_idle_to_fetch_descriptors(or_options_t
*options
, time_t now
)
1197 return !options
->DirPort
&& !options
->FetchUselessDescriptors
&&
1198 rep_hist_circbuilding_dormant(now
);
1201 /********************************************************************/
1203 /* Used only by non-v1-auth dirservers: The v1 directory and
1204 * runningrouters we'll serve when requested. */
1205 static cached_dir_t
*cached_directory
= NULL
;
1206 static cached_dir_t cached_runningrouters
= { NULL
, NULL
, 0, 0, 0, -1 };
1208 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1210 static digestmap_t
*cached_v2_networkstatus
= NULL
;
1212 /** The v3 consensus network status that we're currently serving. */
1213 static cached_dir_t
*cached_v3_networkstatus
= NULL
;
1215 /** Possibly replace the contents of <b>d</b> with the value of
1216 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1217 * the last value, or too far in the future.
1219 * Does not copy <b>directory</b>; frees it if it isn't used.
1222 set_cached_dir(cached_dir_t
*d
, char *directory
, time_t when
)
1224 time_t now
= time(NULL
);
1225 if (when
<=d
->published
) {
1226 log_info(LD_DIRSERV
, "Ignoring old directory; not caching.");
1227 tor_free(directory
);
1228 } else if (when
>=now
+ROUTER_MAX_AGE_TO_PUBLISH
) {
1229 log_info(LD_DIRSERV
, "Ignoring future directory; not caching.");
1230 tor_free(directory
);
1232 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1233 log_debug(LD_DIRSERV
, "Caching directory.");
1236 d
->dir_len
= strlen(directory
);
1238 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1240 log_warn(LD_BUG
,"Error compressing cached directory");
1242 d
->published
= when
;
1246 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1247 * any references. */
1249 cached_dir_decref(cached_dir_t
*d
)
1251 if (!d
|| --d
->refcnt
> 0)
1253 clear_cached_dir(d
);
1257 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1258 * published at <b>published</b>. */
1260 new_cached_dir(char *s
, time_t published
)
1262 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1265 d
->dir_len
= strlen(s
);
1266 d
->published
= published
;
1267 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1269 log_warn(LD_BUG
, "Error compressing directory");
1274 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1276 clear_cached_dir(cached_dir_t
*d
)
1280 memset(d
, 0, sizeof(cached_dir_t
));
1283 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1285 _free_cached_dir(void *_d
)
1287 cached_dir_t
*d
= (cached_dir_t
*)_d
;
1288 cached_dir_decref(d
);
1291 /** If we have no cached directory, or it is older than <b>published</b>,
1292 * then replace it with <b>directory</b>, published at <b>published</b>.
1294 * If <b>published</b> is too old, do nothing.
1296 * If <b>is_running_routers</b>, this is really a v1 running_routers
1297 * document rather than a v1 directory.
1300 dirserv_set_cached_directory(const char *directory
, time_t published
,
1301 int is_running_routers
)
1303 time_t now
= time(NULL
);
1305 if (is_running_routers
) {
1306 if (published
>= now
- MAX_V1_RR_AGE
)
1307 set_cached_dir(&cached_runningrouters
, tor_strdup(directory
), published
);
1309 if (published
>= now
- MAX_V1_DIRECTORY_AGE
) {
1310 cached_dir_decref(cached_directory
);
1311 cached_directory
= new_cached_dir(tor_strdup(directory
), published
);
1316 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1317 * network-status for an authoritative directory with identity digest
1318 * <b>identity</b> published at <b>published</b> -- store it so we can
1319 * serve it to others.
1321 * If <b>networkstatus</b> is NULL, remove the entry with the given
1322 * identity fingerprint from the v2 cache.
1325 dirserv_set_cached_networkstatus_v2(const char *networkstatus
,
1326 const char *identity
,
1329 cached_dir_t
*d
, *old_d
;
1330 smartlist_t
*trusted_dirs
;
1331 if (!cached_v2_networkstatus
)
1332 cached_v2_networkstatus
= digestmap_new();
1334 old_d
= digestmap_get(cached_v2_networkstatus
, identity
);
1335 if (!old_d
&& !networkstatus
)
1338 if (networkstatus
) {
1339 if (!old_d
|| published
> old_d
->published
) {
1340 d
= new_cached_dir(tor_strdup(networkstatus
), published
);
1341 digestmap_set(cached_v2_networkstatus
, identity
, d
);
1343 cached_dir_decref(old_d
);
1347 digestmap_remove(cached_v2_networkstatus
, identity
);
1348 cached_dir_decref(old_d
);
1352 /* Now purge old entries. */
1353 trusted_dirs
= router_get_trusted_dir_servers();
1354 if (digestmap_size(cached_v2_networkstatus
) >
1355 smartlist_len(trusted_dirs
) + MAX_UNTRUSTED_NETWORKSTATUSES
) {
1356 /* We need to remove the oldest untrusted networkstatus. */
1357 const char *oldest
= NULL
;
1358 time_t oldest_published
= TIME_MAX
;
1359 digestmap_iter_t
*iter
;
1361 for (iter
= digestmap_iter_init(cached_v2_networkstatus
);
1362 !digestmap_iter_done(iter
);
1363 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
)) {
1366 digestmap_iter_get(iter
, &ident
, &val
);
1368 if (d
->published
< oldest_published
&&
1369 !router_digest_is_trusted_dir(ident
)) {
1371 oldest_published
= d
->published
;
1375 d
= digestmap_remove(cached_v2_networkstatus
, oldest
);
1377 cached_dir_decref(d
);
1381 /** Replace the v3 consensus networkstatus that we're serving with
1382 * <b>networkstatus</b>, published at <b>published</b>. No validation is
1385 dirserv_set_cached_networkstatus_v3(const char *networkstatus
,
1388 if (cached_v3_networkstatus
)
1389 cached_dir_decref(cached_v3_networkstatus
);
1390 cached_v3_networkstatus
= new_cached_dir(
1391 tor_strdup(networkstatus
), published
);
1394 /** Remove any v2 networkstatus from the directory cache that was published
1395 * before <b>cutoff</b>. */
1397 dirserv_clear_old_networkstatuses(time_t cutoff
)
1399 digestmap_iter_t
*iter
;
1401 if (!cached_v2_networkstatus
)
1404 for (iter
= digestmap_iter_init(cached_v2_networkstatus
);
1405 !digestmap_iter_done(iter
); ) {
1409 digestmap_iter_get(iter
, &ident
, &val
);
1411 if (dir
->published
< cutoff
) {
1413 iter
= digestmap_iter_next_rmv(cached_v2_networkstatus
, iter
);
1414 fname
= networkstatus_get_cache_filename(ident
);
1415 if (file_status(fname
) == FN_FILE
) {
1416 log_info(LD_DIR
, "Removing too-old untrusted networkstatus in %s",
1421 cached_dir_decref(dir
);
1423 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
);
1428 /** Remove any v1 info from the directory cache that was published
1431 dirserv_clear_old_v1_info(time_t now
)
1433 if (cached_directory
&&
1434 cached_directory
->published
< (now
- MAX_V1_DIRECTORY_AGE
)) {
1435 cached_dir_decref(cached_directory
);
1436 cached_directory
= NULL
;
1438 if (cached_runningrouters
.published
< (now
- MAX_V1_RR_AGE
)) {
1439 clear_cached_dir(&cached_runningrouters
);
1443 /** Helper: If we're an authority for the right directory version
1444 * (based on <b>auth_type</b>), try to regenerate
1445 * auth_src as appropriate and return it, falling back to cache_src on
1446 * failure. If we're a cache, simply return cache_src.
1448 static cached_dir_t
*
1449 dirserv_pick_cached_dir_obj(cached_dir_t
*cache_src
,
1450 cached_dir_t
*auth_src
,
1451 time_t dirty
, cached_dir_t
*(*regenerate
)(void),
1453 authority_type_t auth_type
)
1455 or_options_t
*options
= get_options();
1456 int authority
= (auth_type
== V1_AUTHORITY
&& authdir_mode_v1(options
)) ||
1457 (auth_type
== V2_AUTHORITY
&& authdir_mode_v2(options
));
1458 /* XXX020 eventually use authdir_mode_publishes_statuses() here */
1460 if (!authority
|| authdir_mode_bridge(options
)) {
1463 /* We're authoritative. */
1464 if (regenerate
!= NULL
) {
1465 if (dirty
&& dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
)) {
1466 if (!(auth_src
= regenerate())) {
1467 log_err(LD_BUG
, "Couldn't generate %s?", name
);
1471 log_info(LD_DIRSERV
, "The %s is still clean; reusing.", name
);
1474 return auth_src
? auth_src
: cache_src
;
1478 /** Return the most recently generated encoded signed v1 directory,
1479 * generating a new one as necessary. If not a v1 authoritative directory
1480 * may return NULL if no directory is yet cached. */
1482 dirserv_get_directory(void)
1484 return dirserv_pick_cached_dir_obj(cached_directory
, the_directory
,
1485 the_directory_is_dirty
,
1486 dirserv_regenerate_directory
,
1487 "server directory", V1_AUTHORITY
);
1490 /** Only called by v1 auth dirservers.
1491 * Generate a fresh v1 directory; set the_directory and return a pointer
1494 static cached_dir_t
*
1495 dirserv_regenerate_directory(void)
1497 char *new_directory
=NULL
;
1499 if (dirserv_dump_directory_to_string(&new_directory
, get_identity_key())) {
1500 log_warn(LD_BUG
, "Error creating directory.");
1501 tor_free(new_directory
);
1504 cached_dir_decref(the_directory
);
1505 the_directory
= new_cached_dir(new_directory
, time(NULL
));
1506 log_info(LD_DIRSERV
,"New directory (size %d) has been built.",
1507 (int)the_directory
->dir_len
);
1508 log_debug(LD_DIRSERV
,"New directory (size %d):\n%s",
1509 (int)the_directory
->dir_len
, the_directory
->dir
);
1511 the_directory_is_dirty
= 0;
1513 /* Save the directory to disk so we re-load it quickly on startup.
1515 dirserv_set_cached_directory(the_directory
->dir
, time(NULL
), 0);
1517 return the_directory
;
1520 /** Only called by v1 auth dirservers.
1521 * Replace the current running-routers list with a newly generated one. */
1522 static cached_dir_t
*
1523 generate_runningrouters(void)
1526 char digest
[DIGEST_LEN
];
1527 char published
[ISO_TIME_LEN
+1];
1529 crypto_pk_env_t
*private_key
= get_identity_key();
1530 char *identity_pkey
; /* Identity key, DER64-encoded. */
1531 size_t identity_pkey_len
;
1533 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1534 &identity_pkey_len
)<0) {
1535 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1538 format_iso_time(published
, time(NULL
));
1541 s
= tor_malloc_zero(len
);
1542 tor_snprintf(s
, len
,
1545 "router-status %s\n"
1546 "dir-signing-key\n%s"
1547 "directory-signature %s\n",
1548 published
, "", identity_pkey
,
1549 get_options()->Nickname
);
1550 tor_free(identity_pkey
);
1551 if (router_get_runningrouters_hash(s
,digest
)) {
1552 log_warn(LD_BUG
,"couldn't compute digest");
1555 note_crypto_pk_op(SIGN_DIR
);
1556 if (router_append_dirobj_signature(s
, len
, digest
, private_key
)<0)
1559 set_cached_dir(&the_runningrouters
, s
, time(NULL
));
1560 runningrouters_is_dirty
= 0;
1562 return &the_runningrouters
;
1568 /** Set *<b>rr</b> to the most recently generated encoded signed
1569 * running-routers list, generating a new one as necessary. Return the
1570 * size of the directory on success, and 0 on failure. */
1572 dirserv_get_runningrouters(void)
1574 return dirserv_pick_cached_dir_obj(
1575 &cached_runningrouters
, &the_runningrouters
,
1576 runningrouters_is_dirty
,
1577 generate_runningrouters
,
1578 "v1 network status list", V1_AUTHORITY
);
1582 dirserv_get_consensus(void)
1584 return cached_v3_networkstatus
;
1587 /** For authoritative directories: the current (v2) network status. */
1588 static cached_dir_t
*the_v2_networkstatus
= NULL
;
1590 /** Return true iff our opinion of the routers has been stale for long
1591 * enough that we should generate a new v2 network status doc. */
1593 should_generate_v2_networkstatus(void)
1595 return authdir_mode_v2(get_options()) &&
1596 the_v2_networkstatus_is_dirty
&&
1597 the_v2_networkstatus_is_dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
);
1600 /** If a router's uptime is at least this value, then it is always
1601 * considered stable, regardless of the rest of the network. This
1602 * way we resist attacks where an attacker doubles the size of the
1603 * network using allegedly high-uptime nodes, displacing all the
1604 * current guards. */
1605 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1606 /** If a router's MTBF is at least this value, then it is always stable.
1607 * See above. (Corresponds to about 7 days for current decay rates.) */
1608 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1609 /** Similarly, we protect sufficiently fast nodes from being pushed
1610 * out of the set of Fast nodes. */
1611 #define BANDWIDTH_TO_GUARANTEE_FAST (100*1024)
1612 /** Similarly, every node with sufficient bandwidth can be considered
1613 * for Guard status. */
1614 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1615 /** Similarly, every node with at least this much weighted time known can be
1616 * considered familiar enough to be a guard. Corresponds to about 20 days for
1617 * current decay rates.
1619 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1620 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1622 #define WFU_TO_GUARANTEE_GUARD (0.995)
1624 /* Thresholds for server performance: set by
1625 * dirserv_compute_performance_thresholds, and used by
1626 * generate_v2_networkstatus */
1627 static uint32_t stable_uptime
= 0; /* start at a safe value */
1628 static double stable_mtbf
= 0.0;
1629 static int enough_mtbf_info
= 0;
1630 static double guard_wfu
= 0.0;
1631 static long guard_tk
= 0;
1632 static uint32_t fast_bandwidth
= 0;
1633 static uint32_t guard_bandwidth_including_exits
= 0;
1634 static uint32_t guard_bandwidth_excluding_exits
= 0;
1635 static uint64_t total_bandwidth
= 0;
1636 static uint64_t total_exit_bandwidth
= 0;
1638 /** Helper: estimate the uptime of a router given its stated uptime and the
1639 * amount of time since it last stated its stated uptime. */
1641 real_uptime(routerinfo_t
*router
, time_t now
)
1643 if (now
< router
->cache_info
.published_on
)
1644 return router
->uptime
;
1646 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1649 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1650 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1651 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1655 dirserv_thinks_router_is_unreliable(time_t now
,
1656 routerinfo_t
*router
,
1657 int need_uptime
, int need_capacity
)
1660 if (!enough_mtbf_info
) {
1661 /* XXXX Once most authorities are on v3, we should change the rule from
1662 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1663 * v3 if we don't have enough mtbf data." */
1664 int uptime
= real_uptime(router
, now
);
1665 if ((unsigned)uptime
< stable_uptime
&&
1666 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1670 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1671 if (mtbf
< stable_mtbf
)
1675 if (need_capacity
) {
1676 uint32_t bw
= router_get_advertised_bandwidth(router
);
1677 if (bw
< fast_bandwidth
)
1683 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1684 * Right now this means it advertises support for it, it has a high
1685 * uptime, and it's currently considered Running.
1687 * This function needs to be called after router-\>is_running has
1691 dirserv_thinks_router_is_hs_dir(routerinfo_t
*router
, time_t now
)
1693 int uptime
= real_uptime(router
, now
);
1695 return (router
->wants_to_be_hs_dir
&&
1696 uptime
> get_options()->MinUptimeHidServDirectoryV2
&&
1697 router
->is_running
);
1700 /** Look through the routerlist, and assign the median uptime of running valid
1701 * servers to stable_uptime, and the relative bandwidth capacities to
1702 * fast_bandwidth and guard_bandwidth. Set total_bandwidth to the total
1703 * capacity of all running valid servers and total_exit_bandwidth to the
1704 * capacity of all running valid exits. Set the is_exit flag of each router
1707 dirserv_compute_performance_thresholds(routerlist_t
*rl
)
1709 int n_active
, n_active_nonexit
, n_familiar
;
1710 uint32_t *uptimes
, *bandwidths
, *bandwidths_excluding_exits
;
1712 double *mtbfs
, *wfus
;
1713 time_t now
= time(NULL
);
1715 /* DOCDOC this is a litle tricky; comment this function better. */
1717 /* initialize these all here, in case there are no routers */
1721 guard_bandwidth_including_exits
= 0;
1722 guard_bandwidth_excluding_exits
= 0;
1726 total_bandwidth
= 0;
1727 total_exit_bandwidth
= 0;
1729 n_active
= n_active_nonexit
= 0;
1730 uptimes
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1731 bandwidths
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1732 bandwidths_excluding_exits
=
1733 tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1734 mtbfs
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1735 tks
= tor_malloc(sizeof(long)*smartlist_len(rl
->routers
));
1736 wfus
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1738 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
1739 if (router_is_active(ri
, now
)) {
1740 const char *id
= ri
->cache_info
.identity_digest
;
1742 ri
->is_exit
= exit_policy_is_general_exit(ri
->exit_policy
);
1743 uptimes
[n_active
] = real_uptime(ri
, now
);
1744 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1745 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1746 bandwidths
[n_active
] = bw
= router_get_advertised_bandwidth(ri
);
1747 total_bandwidth
+= bw
;
1748 if (ri
->is_exit
&& !ri
->is_bad_exit
) {
1749 total_exit_bandwidth
+= bw
;
1751 bandwidths_excluding_exits
[n_active_nonexit
] = bw
;
1759 stable_uptime
= median_uint32(uptimes
, n_active
);
1760 stable_mtbf
= median_double(mtbfs
, n_active
);
1761 fast_bandwidth
= find_nth_uint32(bandwidths
, n_active
, n_active
/8);
1762 /* Now bandwidths is sorted. */
1763 if (fast_bandwidth
< ROUTER_REQUIRED_MIN_BANDWIDTH
)
1764 fast_bandwidth
= bandwidths
[n_active
/4];
1765 guard_bandwidth_including_exits
= bandwidths
[(n_active
-1)/2];
1766 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1769 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1770 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1772 if (fast_bandwidth
> BANDWIDTH_TO_GUARANTEE_FAST
)
1773 fast_bandwidth
= BANDWIDTH_TO_GUARANTEE_FAST
;
1776 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
1777 if (router_is_active(ri
, now
)) {
1778 const char *id
= ri
->cache_info
.identity_digest
;
1779 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1782 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1786 guard_wfu
= median_double(wfus
, n_familiar
);
1787 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1788 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1790 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1792 if (n_active_nonexit
) {
1793 guard_bandwidth_excluding_exits
=
1794 median_uint32(bandwidths_excluding_exits
, n_active_nonexit
);
1797 log(LOG_INFO
, LD_DIRSERV
,
1798 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1799 "For Fast: %lu bytes/sec. "
1800 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1801 "and bandwidth %lu or %lu bytes/sec.",
1802 (unsigned long)stable_uptime
,
1803 (unsigned long)stable_mtbf
,
1804 (unsigned long)fast_bandwidth
,
1806 (unsigned long)guard_tk
,
1807 (unsigned long)guard_bandwidth_including_exits
,
1808 (unsigned long)guard_bandwidth_excluding_exits
);
1812 tor_free(bandwidths
);
1813 tor_free(bandwidths_excluding_exits
);
1818 /** Given a platform string as in a routerinfo_t (possibly null), return a
1819 * newly allocated version string for a networkstatus document, or NULL if the
1820 * platform doesn't give a Tor version. */
1822 version_from_platform(const char *platform
)
1824 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1825 const char *eos
= find_whitespace(platform
+4);
1826 if (eos
&& !strcmpstart(eos
, " (r")) {
1827 /* XXXX020 Unify this logic with the other version extraction
1829 eos
= find_whitespace(eos
+1);
1832 return tor_strndup(platform
, eos
-platform
);
1838 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1839 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1840 * Use the same format as in network-status documents. If <b>version</b> is
1841 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1842 * failure. If <b>first_line_only<b> is true, don't include any flags
1846 routerstatus_format_entry(char *buf
, size_t buf_len
,
1847 routerstatus_t
*rs
, const char *version
,
1848 int first_line_only
)
1854 char published
[ISO_TIME_LEN
+1];
1855 char ipaddr
[INET_NTOA_BUF_LEN
];
1856 char identity64
[BASE64_DIGEST_LEN
+1];
1857 char digest64
[BASE64_DIGEST_LEN
+1];
1859 format_iso_time(published
, rs
->published_on
);
1860 digest_to_base64(identity64
, rs
->identity_digest
);
1861 digest_to_base64(digest64
, rs
->descriptor_digest
);
1862 in
.s_addr
= htonl(rs
->addr
);
1863 tor_inet_ntoa(&in
, ipaddr
, sizeof(ipaddr
));
1865 r
= tor_snprintf(buf
, buf_len
,
1866 "r %s %s %s %s %s %d %d\n",
1875 log_warn(LD_BUG
, "Not enough space in buffer.");
1878 if (first_line_only
)
1880 cp
= buf
+ strlen(buf
);
1881 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
1882 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
1883 /* These must stay in alphabetical order. */
1884 rs
->is_authority
?" Authority":"",
1885 rs
->is_bad_directory
?" BadDirectory":"",
1886 rs
->is_bad_exit
?" BadExit":"",
1887 rs
->is_exit
?" Exit":"",
1888 rs
->is_fast
?" Fast":"",
1889 rs
->is_possible_guard
?" Guard":"",
1890 rs
->is_hs_dir
?" HSDir":"",
1891 rs
->is_named
?" Named":"",
1892 rs
->is_running
?" Running":"",
1893 rs
->is_stable
?" Stable":"",
1894 rs
->is_unnamed
?" Unnamed":"",
1895 rs
->is_v2_dir
?" V2Dir":"",
1896 rs
->is_valid
?" Valid":"");
1898 log_warn(LD_BUG
, "Not enough space in buffer.");
1904 if (tor_snprintf(cp
, buf_len
- (cp
-buf
), "opt v %s\n", version
)<0) {
1905 log_warn(LD_BUG
, "Unable to print router version.");
1913 /** Helper for sorting: compares two routerinfos first by address, and then by
1914 * descending order of "usefulness". (An authority is more useful than a
1915 * non-authority; a running router is more useful than a non-running router;
1916 * and a router with more bandwidth is more useful than one with less.)
1919 _compare_routerinfo_by_ip_and_bw(const void **a
, const void **b
)
1921 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
1922 int first_is_auth
, second_is_auth
;
1923 uint32_t bw_first
, bw_second
;
1925 /* we return -1 if first should appear before second... that is,
1926 * if first is a better router. */
1927 if (first
->addr
< second
->addr
)
1929 else if (first
->addr
> second
->addr
)
1932 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
1933 * reality, we will almost never get here, since addresses will usually be
1937 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
1939 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
1941 if (first_is_auth
&& !second_is_auth
)
1943 else if (!first_is_auth
&& second_is_auth
)
1946 else if (first
->is_running
&& !second
->is_running
)
1948 else if (!first
->is_running
&& second
->is_running
)
1951 bw_first
= router_get_advertised_bandwidth(first
);
1952 bw_second
= router_get_advertised_bandwidth(second
);
1954 if (bw_first
> bw_second
)
1956 else if (bw_first
< bw_second
)
1959 /* They're equal! Compare by identity digest, so there's a
1960 * deterministic order and we avoid flapping. */
1961 return memcmp(first
->cache_info
.identity_digest
,
1962 second
->cache_info
.identity_digest
,
1966 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
1967 * whose keys are the identity digests of those routers that we're going to
1968 * exclude for Sybil-like appearance. */
1969 static digestmap_t
*
1970 get_possible_sybil_list(const smartlist_t
*routers
)
1972 or_options_t
*options
= get_options();
1973 digestmap_t
*omit_as_sybil
;
1974 smartlist_t
*routers_by_ip
= smartlist_create();
1977 /* Allow at most this number of Tor servers on a single IP address, ... */
1978 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
1979 /* ... unless it's a directory authority, in which case allow more. */
1980 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
1981 if (max_with_same_addr
<= 0)
1982 max_with_same_addr
= INT_MAX
;
1983 if (max_with_same_addr_on_authority
<= 0)
1984 max_with_same_addr_on_authority
= INT_MAX
;
1986 smartlist_add_all(routers_by_ip
, routers
);
1987 smartlist_sort(routers_by_ip
, _compare_routerinfo_by_ip_and_bw
);
1988 omit_as_sybil
= digestmap_new();
1992 SMARTLIST_FOREACH(routers_by_ip
, routerinfo_t
*, ri
,
1994 if (last_addr
!= ri
->addr
) {
1995 last_addr
= ri
->addr
;
1997 } else if (++addr_count
> max_with_same_addr
) {
1998 if (!router_addr_is_trusted_dir(ri
->addr
) ||
1999 addr_count
> max_with_same_addr_on_authority
)
2000 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2004 smartlist_free(routers_by_ip
);
2005 return omit_as_sybil
;
2008 /** Extract status information from <b>ri</b> and from other authority
2009 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2010 * the named flag in <b>rs</b>. If not <b>exits_can_be_guards</b>, never mark
2011 * an exit as a guard. If <b>listbadexits</b>, consider setting the badexit
2014 * We assume that ri-\>is_running has already been set, e.g. by
2015 * dirserv_set_router_is_running(ri, now);
2018 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2019 routerinfo_t
*ri
, time_t now
,
2020 int naming
, int exits_can_be_guards
,
2021 int listbadexits
, int listbaddirs
)
2023 int unstable_version
=
2024 tor_version_as_new_as(ri
->platform
,"0.1.1.10-alpha") &&
2025 !tor_version_as_new_as(ri
->platform
,"0.1.1.16-rc-cvs");
2026 memset(rs
, 0, sizeof(routerstatus_t
));
2029 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2031 /* Already set by compute_performance_thresholds. */
2032 rs
->is_exit
= ri
->is_exit
;
2033 rs
->is_stable
= ri
->is_stable
=
2034 router_is_active(ri
, now
) &&
2035 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0) &&
2037 rs
->is_fast
= ri
->is_fast
=
2038 router_is_active(ri
, now
) &&
2039 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2040 rs
->is_running
= ri
->is_running
; /* computed above */
2043 uint32_t name_status
= dirserv_get_name_status(
2044 ri
->cache_info
.identity_digest
, ri
->nickname
);
2045 rs
->is_named
= (naming
&& (name_status
& FP_NAMED
)) ? 1 : 0;
2046 rs
->is_unnamed
= (naming
&& (name_status
& FP_UNNAMED
)) ? 1 : 0;
2048 rs
->is_valid
= ri
->is_valid
;
2051 (!rs
->is_exit
|| exits_can_be_guards
) &&
2052 (router_get_advertised_bandwidth(ri
) >= BANDWIDTH_TO_GUARANTEE_GUARD
||
2053 router_get_advertised_bandwidth(ri
) >=
2054 (exits_can_be_guards
? guard_bandwidth_including_exits
:
2055 guard_bandwidth_excluding_exits
))) {
2056 long tk
= rep_hist_get_weighted_time_known(
2057 ri
->cache_info
.identity_digest
, now
);
2058 double wfu
= rep_hist_get_weighted_fractional_uptime(
2059 ri
->cache_info
.identity_digest
, now
);
2060 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2062 rs
->is_possible_guard
= 0;
2064 rs
->is_bad_directory
= listbaddirs
&& ri
->is_bad_directory
;
2065 rs
->is_bad_exit
= listbadexits
&& ri
->is_bad_exit
;
2066 ri
->is_hs_dir
= dirserv_thinks_router_is_hs_dir(ri
, now
);
2067 rs
->is_hs_dir
= ri
->is_hs_dir
;
2068 /* 0.1.1.9-alpha is the first version to support fetch by descriptor
2070 rs
->is_v2_dir
= ri
->dir_port
&&
2071 tor_version_as_new_as(ri
->platform
,"0.1.1.9-alpha");
2073 if (!strcasecmp(ri
->nickname
, UNNAMED_ROUTER_NICKNAME
))
2074 rs
->is_named
= rs
->is_unnamed
= 0;
2076 rs
->published_on
= ri
->cache_info
.published_on
;
2077 memcpy(rs
->identity_digest
, ri
->cache_info
.identity_digest
, DIGEST_LEN
);
2078 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2080 rs
->addr
= ri
->addr
;
2081 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2082 rs
->or_port
= ri
->or_port
;
2083 rs
->dir_port
= ri
->dir_port
;
2086 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2087 * too narrow an IP-space. Clear out its flags: we don't want people
2091 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2093 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2094 rs
->is_running
= rs
->is_named
= rs
->is_valid
= rs
->is_v2_dir
=
2095 rs
->is_hs_dir
= rs
->is_possible_guard
= rs
->is_bad_exit
=
2096 rs
->is_bad_directory
= 0;
2097 /* FFFF we might want some mechanism to check later on if we
2098 * missed zeroing any flags: it's easy to add a new flag but
2099 * forget to add it to this clause. */
2102 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2103 * function here because it's eerily similar to
2104 * clear_status_flags_on_sybil() above. One day we should merge them. */
2106 router_clear_status_flags(routerinfo_t
*router
)
2108 router
->is_valid
= router
->is_running
= router
->is_hs_dir
=
2109 router
->is_fast
= router
->is_stable
=
2110 router
->is_possible_guard
= router
->is_exit
=
2111 router
->is_bad_exit
= router
->is_bad_directory
= 0;
2114 /** If we've been around for less than this amount of time, our reachability
2115 * information is not accurate. */
2116 #define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60)
2118 /** Return a new networkstatus_vote_t* containing our current opinion. (For v3
2120 networkstatus_vote_t
*
2121 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t
*private_key
,
2122 authority_cert_t
*cert
)
2124 or_options_t
*options
= get_options();
2125 networkstatus_vote_t
*v3_out
= NULL
;
2127 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2128 const char *contact
;
2129 smartlist_t
*routers
, *routerstatuses
;
2130 char identity_digest
[DIGEST_LEN
];
2131 char signing_key_digest
[DIGEST_LEN
];
2132 int naming
= options
->NamingAuthoritativeDir
;
2133 int listbadexits
= options
->AuthDirListBadExits
;
2134 int listbaddirs
= options
->AuthDirListBadDirs
;
2135 int exits_can_be_guards
;
2136 routerlist_t
*rl
= router_get_routerlist();
2137 time_t now
= time(NULL
);
2138 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2139 networkstatus_voter_info_t
*voter
= NULL
;
2140 vote_timing_t timing
;
2141 digestmap_t
*omit_as_sybil
= NULL
;
2142 int vote_on_reachability
= 1;
2144 tor_assert(private_key
);
2147 if (now
- time_of_process_start
< DIRSERV_TIME_TO_GET_REACHABILITY_INFO
)
2148 vote_on_reachability
= 0;
2150 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2151 log_warn(LD_NET
, "Couldn't resolve my hostname");
2154 if (!strchr(hostname
, '.')) {
2156 hostname
= tor_dup_addr(addr
);
2158 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2159 log_err(LD_BUG
, "Error computing signing key digest");
2162 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2163 log_err(LD_BUG
, "Error computing identity key digest");
2167 if (options
->VersioningAuthoritativeDir
) {
2168 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2169 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2172 contact
= get_options()->ContactInfo
;
2176 /* precompute this part, since we need it to decide what "stable"
2178 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2179 dirserv_set_router_is_running(ri
, now
);
2182 dirserv_compute_performance_thresholds(rl
);
2184 /* XXXX We should take steps to keep this from oscillating if
2185 * total_exit_bandwidth is close to total_bandwidth/3. */
2186 exits_can_be_guards
= total_exit_bandwidth
>= (total_bandwidth
/ 3);
2188 routers
= smartlist_create();
2189 smartlist_add_all(routers
, rl
->routers
);
2190 routers_sort_by_identity(routers
);
2191 omit_as_sybil
= get_possible_sybil_list(routers
);
2193 routerstatuses
= smartlist_create();
2195 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
, {
2196 if (ri
->cache_info
.published_on
>= cutoff
) {
2198 vote_routerstatus_t
*vrs
;
2200 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2202 set_routerstatus_from_routerinfo(rs
, ri
, now
,
2203 naming
, exits_can_be_guards
,
2204 listbadexits
, listbaddirs
);
2206 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2207 clear_status_flags_on_sybil(rs
);
2209 if (!vote_on_reachability
)
2212 vrs
->version
= version_from_platform(ri
->platform
);
2213 smartlist_add(routerstatuses
, vrs
);
2216 smartlist_free(routers
);
2217 digestmap_free(omit_as_sybil
, NULL
);
2219 v3_out
= tor_malloc_zero(sizeof(networkstatus_vote_t
));
2221 v3_out
->is_vote
= 1;
2222 dirvote_get_preferred_voting_intervals(&timing
);
2223 v3_out
->published
= now
;
2225 char tbuf
[ISO_TIME_LEN
+1];
2226 networkstatus_vote_t
*current_consensus
=
2227 networkstatus_get_live_consensus(now
);
2228 time_t last_consensus_interval
; /* only used to pick a valid_after */
2229 if (current_consensus
)
2230 last_consensus_interval
= current_consensus
->fresh_until
-
2231 current_consensus
->valid_after
;
2233 last_consensus_interval
= DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS
;
2234 v3_out
->valid_after
=
2235 dirvote_get_start_of_next_interval(now
, last_consensus_interval
);
2236 format_iso_time(tbuf
, v3_out
->valid_after
);
2237 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2238 "consensus_set=%d, last_interval=%d",
2239 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2241 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2242 v3_out
->valid_until
= v3_out
->valid_after
+
2243 (timing
.vote_interval
* timing
.n_intervals_valid
);
2244 v3_out
->vote_seconds
= timing
.vote_delay
;
2245 v3_out
->dist_seconds
= timing
.dist_delay
;
2246 tor_assert(v3_out
->vote_seconds
> 0);
2247 tor_assert(v3_out
->dist_seconds
> 0);
2248 tor_assert(timing
.n_intervals_valid
> 0);
2250 v3_out
->client_versions
= client_versions
;
2251 v3_out
->server_versions
= server_versions
;
2252 v3_out
->known_flags
= smartlist_create();
2253 smartlist_split_string(v3_out
->known_flags
,
2254 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2255 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2256 if (vote_on_reachability
)
2257 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2259 smartlist_add(v3_out
->known_flags
, tor_strdup("BadDirectory"));
2261 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2263 smartlist_add(v3_out
->known_flags
, tor_strdup("Named"));
2264 smartlist_add(v3_out
->known_flags
, tor_strdup("Unnamed"));
2266 smartlist_sort_strings(v3_out
->known_flags
);
2268 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2269 voter
->nickname
= tor_strdup(options
->Nickname
);
2270 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
2271 voter
->address
= hostname
;
2273 voter
->dir_port
= options
->DirPort
;
2274 voter
->or_port
= options
->ORPort
;
2275 voter
->contact
= tor_strdup(contact
);
2276 memcpy(voter
->signing_key_digest
, signing_key_digest
, DIGEST_LEN
);
2277 v3_out
->voters
= smartlist_create();
2278 smartlist_add(v3_out
->voters
, voter
);
2279 v3_out
->cert
= authority_cert_dup(cert
);
2280 v3_out
->routerstatus_list
= routerstatuses
;
2281 /* Note: networkstatus_digest is unset; it won't get set until we actually
2282 * format the vote. */
2287 /** For v2 authoritative directories only: Replace the contents of
2288 * <b>the_v2_networkstatus</b> with a newly generated network status
2290 static cached_dir_t
*
2291 generate_v2_networkstatus_opinion(void)
2293 /** Longest status flag name that we generate. */
2294 #define LONGEST_STATUS_FLAG_NAME_LEN 9
2295 /** Maximum number of status flags we'll apply to one router. */
2296 #define N_STATUS_FLAGS 10
2297 /** Amount of space to allocate for each entry. (r line and s line.) */
2298 #define RS_ENTRY_LEN \
2299 ( /* first line */ \
2300 MAX_NICKNAME_LEN+BASE64_DIGEST_LEN*2+ISO_TIME_LEN+INET_NTOA_BUF_LEN+ \
2301 5*2 /* ports */ + 10 /* punctuation */ + \
2303 (LONGEST_STATUS_FLAG_NAME_LEN+1)*N_STATUS_FLAGS + 2)
2305 cached_dir_t
*r
= NULL
;
2306 size_t len
, identity_pkey_len
;
2307 char *status
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
,
2308 *identity_pkey
= NULL
, *hostname
= NULL
;
2310 or_options_t
*options
= get_options();
2311 char fingerprint
[FINGERPRINT_LEN
+1];
2312 char ipaddr
[INET_NTOA_BUF_LEN
];
2313 char published
[ISO_TIME_LEN
+1];
2314 char digest
[DIGEST_LEN
];
2317 crypto_pk_env_t
*private_key
;
2318 routerlist_t
*rl
= router_get_routerlist();
2319 time_t now
= time(NULL
);
2320 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2321 int naming
= options
->NamingAuthoritativeDir
;
2322 int versioning
= options
->VersioningAuthoritativeDir
;
2323 int listbaddirs
= options
->AuthDirListBadDirs
;
2324 int listbadexits
= options
->AuthDirListBadExits
;
2325 int exits_can_be_guards
;
2326 const char *contact
;
2327 char *version_lines
= NULL
;
2328 smartlist_t
*routers
= NULL
;
2329 digestmap_t
*omit_as_sybil
= NULL
;
2331 private_key
= get_identity_key();
2333 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2334 log_warn(LD_NET
, "Couldn't resolve my hostname");
2337 in
.s_addr
= htonl(addr
);
2338 tor_inet_ntoa(&in
, ipaddr
, sizeof(ipaddr
));
2340 format_iso_time(published
, now
);
2342 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2343 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2345 if (crypto_pk_write_public_key_to_string(private_key
, &identity_pkey
,
2346 &identity_pkey_len
)<0) {
2347 log_warn(LD_BUG
,"Writing public key to string failed.");
2351 if (crypto_pk_get_fingerprint(private_key
, fingerprint
, 0)<0) {
2352 log_err(LD_BUG
, "Error computing fingerprint");
2356 contact
= get_options()->ContactInfo
;
2361 size_t v_len
= 64+strlen(client_versions
)+strlen(server_versions
);
2362 version_lines
= tor_malloc(v_len
);
2363 tor_snprintf(version_lines
, v_len
,
2364 "client-versions %s\nserver-versions %s\n",
2365 client_versions
, server_versions
);
2367 version_lines
= tor_strdup("");
2370 len
= 4096+strlen(client_versions
)+strlen(server_versions
);
2371 len
+= identity_pkey_len
*2;
2372 len
+= (RS_ENTRY_LEN
)*smartlist_len(rl
->routers
);
2374 status
= tor_malloc(len
);
2375 tor_snprintf(status
, len
,
2376 "network-status-version 2\n"
2377 "dir-source %s %s %d\n"
2381 "dir-options%s%s%s%s\n"
2382 "%s" /* client version line, server version line. */
2383 "dir-signing-key\n%s",
2384 hostname
, ipaddr
, (int)options
->DirPort
,
2388 naming
? " Names" : "",
2389 listbaddirs
? " BadDirectories" : "",
2390 listbadexits
? " BadExits" : "",
2391 versioning
? " Versions" : "",
2394 outp
= status
+ strlen(status
);
2395 endp
= status
+ len
;
2397 /* precompute this part, since we need it to decide what "stable"
2399 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2400 dirserv_set_router_is_running(ri
, now
);
2403 dirserv_compute_performance_thresholds(rl
);
2405 /* XXXX We should take steps to keep this from oscillating if
2406 * total_exit_bandwidth is close to total_bandwidth/3. */
2407 exits_can_be_guards
= total_exit_bandwidth
>= (total_bandwidth
/ 3);
2409 routers
= smartlist_create();
2410 smartlist_add_all(routers
, rl
->routers
);
2411 routers_sort_by_identity(routers
);
2413 omit_as_sybil
= get_possible_sybil_list(routers
);
2415 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
, {
2416 if (ri
->cache_info
.published_on
>= cutoff
) {
2418 char *version
= version_from_platform(ri
->platform
);
2420 set_routerstatus_from_routerinfo(&rs
, ri
, now
,
2421 naming
, exits_can_be_guards
,
2422 listbadexits
, listbaddirs
);
2424 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2425 clear_status_flags_on_sybil(&rs
);
2427 if (routerstatus_format_entry(outp
, endp
-outp
, &rs
, version
, 0)) {
2428 log_warn(LD_BUG
, "Unable to print router status.");
2433 outp
+= strlen(outp
);
2437 if (tor_snprintf(outp
, endp
-outp
, "directory-signature %s\n",
2438 get_options()->Nickname
)<0) {
2439 log_warn(LD_BUG
, "Unable to write signature line.");
2442 if (router_get_networkstatus_v2_hash(status
, digest
)<0) {
2443 log_warn(LD_BUG
, "Unable to hash network status");
2446 outp
+= strlen(outp
);
2448 note_crypto_pk_op(SIGN_DIR
);
2449 if (router_append_dirobj_signature(outp
,endp
-outp
,digest
,private_key
)<0) {
2450 log_warn(LD_BUG
, "Unable to sign router status.");
2455 networkstatus_v2_t
*ns
;
2456 if (!(ns
= networkstatus_v2_parse_from_string(status
))) {
2457 log_err(LD_BUG
,"Generated a networkstatus we couldn't parse.");
2460 networkstatus_v2_free(ns
);
2464 cached_dir_t
**ns_ptr
= &the_v2_networkstatus
;
2466 cached_dir_decref(*ns_ptr
);
2467 *ns_ptr
= new_cached_dir(status
, now
);
2468 status
= NULL
; /* So it doesn't get double-freed. */
2469 the_v2_networkstatus_is_dirty
= 0;
2470 router_set_networkstatus_v2((*ns_ptr
)->dir
, now
, NS_GENERATED
, NULL
);
2475 tor_free(client_versions
);
2476 tor_free(server_versions
);
2477 tor_free(version_lines
);
2480 tor_free(identity_pkey
);
2482 smartlist_free(routers
);
2484 digestmap_free(omit_as_sybil
, NULL
);
2488 /** Given the portion of a networkstatus request URL after "tor/status/" in
2489 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2490 * networkstatus objects that the client has requested. */
2492 dirserv_get_networkstatus_v2_fingerprints(smartlist_t
*result
,
2497 if (!cached_v2_networkstatus
)
2498 cached_v2_networkstatus
= digestmap_new();
2500 if (should_generate_v2_networkstatus())
2501 generate_v2_networkstatus_opinion();
2503 if (!strcmp(key
,"authority")) {
2504 if (authdir_mode_v2(get_options())) {
2505 routerinfo_t
*me
= router_get_my_routerinfo();
2507 smartlist_add(result
,
2508 tor_memdup(me
->cache_info
.identity_digest
, DIGEST_LEN
));
2510 } else if (!strcmp(key
, "all")) {
2511 if (digestmap_size(cached_v2_networkstatus
)) {
2512 digestmap_iter_t
*iter
;
2513 iter
= digestmap_iter_init(cached_v2_networkstatus
);
2514 while (!digestmap_iter_done(iter
)) {
2517 digestmap_iter_get(iter
, &ident
, &val
);
2518 smartlist_add(result
, tor_memdup(ident
, DIGEST_LEN
));
2519 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
);
2522 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2523 trusted_dir_server_t
*, ds
,
2524 if (ds
->type
& V2_AUTHORITY
)
2525 smartlist_add(result
, tor_memdup(ds
->digest
, DIGEST_LEN
)));
2527 smartlist_sort_digests(result
);
2528 if (smartlist_len(result
) == 0)
2529 log_warn(LD_DIRSERV
,
2530 "Client requested 'all' network status objects; we have none.");
2531 } else if (!strcmpstart(key
, "fp/")) {
2532 dir_split_resource_into_fingerprints(key
+3, result
, NULL
, 1, 1);
2536 /** Look for a network status object as specified by <b>key</b>, which should
2537 * be either "authority" (to find a network status generated by us), a hex
2538 * identity digest (to find a network status generated by given directory), or
2539 * "all" (to return all the v2 network status objects we have).
2542 dirserv_get_networkstatus_v2(smartlist_t
*result
,
2545 cached_dir_t
*cached
;
2546 smartlist_t
*fingerprints
= smartlist_create();
2549 if (!cached_v2_networkstatus
)
2550 cached_v2_networkstatus
= digestmap_new();
2552 dirserv_get_networkstatus_v2_fingerprints(fingerprints
, key
);
2553 SMARTLIST_FOREACH(fingerprints
, const char *, fp
,
2555 if (router_digest_is_me(fp
) && should_generate_v2_networkstatus())
2556 generate_v2_networkstatus_opinion();
2557 cached
= digestmap_get(cached_v2_networkstatus
, fp
);
2559 smartlist_add(result
, cached
);
2561 char hexbuf
[HEX_DIGEST_LEN
+1];
2562 base16_encode(hexbuf
, sizeof(hexbuf
), fp
, DIGEST_LEN
);
2563 log_info(LD_DIRSERV
, "Don't know about any network status with "
2564 "fingerprint '%s'", hexbuf
);
2567 SMARTLIST_FOREACH(fingerprints
, char *, cp
, tor_free(cp
));
2568 smartlist_free(fingerprints
);
2571 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2572 * pointers, adds copies of digests to fps_out, and doesn't use the
2573 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2574 * requests, adds identity digests.
2577 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
2578 const char **msg
, int for_unencrypted_conn
)
2583 if (!strcmp(key
, "all")) {
2584 routerlist_t
*rl
= router_get_routerlist();
2585 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
2586 smartlist_add(fps_out
,
2587 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
2588 } else if (!strcmp(key
, "authority")) {
2589 routerinfo_t
*ri
= router_get_my_routerinfo();
2591 smartlist_add(fps_out
,
2592 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
2593 } else if (!strcmpstart(key
, "d/")) {
2595 key
+= strlen("d/");
2596 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
, 1, 1);
2597 } else if (!strcmpstart(key
, "fp/")) {
2598 key
+= strlen("fp/");
2599 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
, 1, 1);
2601 *msg
= "Key not recognized";
2605 if (for_unencrypted_conn
) {
2606 /* Remove anything whose purpose isn't general. */
2607 SMARTLIST_FOREACH(fps_out
, char *, cp
, {
2608 signed_descriptor_t
*sd
=
2609 by_id
? get_signed_descriptor_by_fp(cp
,0,0) :
2610 router_get_by_descriptor_digest(cp
);
2611 if (sd
&& !sd
->send_unencrypted
) {
2613 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
2618 if (!smartlist_len(fps_out
)) {
2619 *msg
= "Servers unavailable";
2625 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
2626 * <b>key</b>. The key should be either
2627 * - "/tor/server/authority" for our own routerinfo;
2628 * - "/tor/server/all" for all the routerinfos we have, concatenated;
2629 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
2630 * hex identity digests; or
2631 * - "/tor/server/d/D" where D is a plus-separated sequence
2632 * of server descriptor digests, in hex.
2634 * Return 0 if we found some matching descriptors, or -1 if we do not
2635 * have any descriptors, no matching descriptors, or if we did not
2636 * recognize the key (URL).
2637 * If -1 is returned *<b>msg</b> will be set to an appropriate error
2640 * XXXX020 rename this function. IT's only called from the controller.
2641 * XXXX020 in fact, refactor this function, mergeing as much as possible.
2644 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
2649 if (!strcmp(key
, "/tor/server/all")) {
2650 routerlist_t
*rl
= router_get_routerlist();
2651 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
2652 smartlist_add(descs_out
, &(r
->cache_info
)));
2653 } else if (!strcmp(key
, "/tor/server/authority")) {
2654 routerinfo_t
*ri
= router_get_my_routerinfo();
2656 smartlist_add(descs_out
, &(ri
->cache_info
));
2657 } else if (!strcmpstart(key
, "/tor/server/d/")) {
2658 smartlist_t
*digests
= smartlist_create();
2659 key
+= strlen("/tor/server/d/");
2660 dir_split_resource_into_fingerprints(key
, digests
, NULL
, 1, 1);
2661 SMARTLIST_FOREACH(digests
, const char *, d
,
2663 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
2665 smartlist_add(descs_out
,sd
);
2667 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
2668 smartlist_free(digests
);
2669 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
2670 smartlist_t
*digests
= smartlist_create();
2671 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
2672 key
+= strlen("/tor/server/fp/");
2673 dir_split_resource_into_fingerprints(key
, digests
, NULL
, 1, 1);
2674 SMARTLIST_FOREACH(digests
, const char *, d
,
2676 if (router_digest_is_me(d
)) {
2677 smartlist_add(descs_out
, &(router_get_my_routerinfo()->cache_info
));
2679 routerinfo_t
*ri
= router_get_by_digest(d
);
2680 /* Don't actually serve a descriptor that everyone will think is
2681 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
2682 * Tors from downloading descriptors that they will throw away.
2684 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
2685 smartlist_add(descs_out
, &(ri
->cache_info
));
2688 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
2689 smartlist_free(digests
);
2691 *msg
= "Key not recognized";
2695 if (!smartlist_len(descs_out
)) {
2696 *msg
= "Servers unavailable";
2702 /** Called when a TLS handshake has completed successfully with a
2703 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
2704 * a certificate with digest <b>digest_rcvd</b>.
2706 * Also, if as_advertised is 1, then inform the reachability checker
2707 * that we could get to this guy.
2710 dirserv_orconn_tls_done(const char *address
,
2712 const char *digest_rcvd
,
2715 routerlist_t
*rl
= router_get_routerlist();
2716 time_t now
= time(NULL
);
2717 int bridge_auth
= authdir_mode_bridge(get_options());
2718 tor_assert(address
);
2719 tor_assert(digest_rcvd
);
2721 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2722 if (!strcasecmp(address
, ri
->address
) && or_port
== ri
->or_port
&&
2724 !memcmp(ri
->cache_info
.identity_digest
, digest_rcvd
, DIGEST_LEN
)) {
2725 /* correct digest. mark this router reachable! */
2726 if (!bridge_auth
|| ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
2727 log_info(LD_DIRSERV
, "Found router %s to be reachable. Yay.",
2729 rep_hist_note_router_reachable(digest_rcvd
, now
);
2730 ri
->last_reachable
= now
;
2734 /* FFFF Maybe we should reinstate the code that dumps routers with the same
2735 * addr/port but with nonmatching keys, but instead of dumping, we should
2739 /** Auth dir server only: if <b>try_all</b> is 1, launch connections to
2740 * all known routers; else we want to load balance such that we only
2741 * try a few connections per call.
2743 * The load balancing is such that if we get called once every ten
2744 * seconds, we will cycle through all the tests in 1280 seconds (a
2745 * bit over 20 minutes).
2748 dirserv_test_reachability(time_t now
, int try_all
)
2750 /* XXX decide what to do here; see or-talk thread "purging old router
2751 * information, revocation." -NM
2752 * We can't afford to mess with this in 0.1.2.x. The reason is that
2753 * if we stop doing reachability tests on some of routerlist, then
2754 * we'll for-sure think they're down, which may have unexpected
2755 * effects in other parts of the code. It doesn't hurt much to do
2756 * the testing, and directory authorities are easy to upgrade. Let's
2757 * wait til 0.2.0. -RD */
2758 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2759 routerlist_t
*rl
= router_get_routerlist();
2760 static char ctr
= 0;
2761 int bridge_auth
= authdir_mode_bridge(get_options());
2763 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, router
, {
2764 const char *id_digest
= router
->cache_info
.identity_digest
;
2765 if (router_is_me(router
))
2767 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
2768 continue; /* bridge authorities only test reachability on bridges */
2769 // if (router->cache_info.published_on > cutoff)
2771 if (try_all
|| (((uint8_t)id_digest
[0]) % 128) == ctr
) {
2772 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
2773 router
->nickname
, router
->address
, router
->or_port
);
2774 /* Remember when we started trying to determine reachability */
2775 if (!router
->testing_since
)
2776 router
->testing_since
= now
;
2777 connection_or_connect(router
->addr
, router
->or_port
,
2781 if (!try_all
) /* increment ctr */
2782 ctr
= (ctr
+ 1) % 128;
2785 /** Given a fingerprint <b>fp</b> which is either set if we're looking
2786 * for a v2 status, or zeroes if we're looking for a v3 status, return
2787 * a pointer to the appropriate cached dir object, or NULL if there isn't
2789 static cached_dir_t
*
2790 lookup_cached_dir_by_fp(const char *fp
)
2792 cached_dir_t
*d
= NULL
;
2793 if (tor_digest_is_zero(fp
) && cached_v3_networkstatus
)
2794 d
= cached_v3_networkstatus
;
2795 else if (router_digest_is_me(fp
) && the_v2_networkstatus
)
2796 d
= the_v2_networkstatus
;
2797 else if (cached_v2_networkstatus
)
2798 d
= digestmap_get(cached_v2_networkstatus
, fp
);
2802 /** Remove from <b>fps</b> every networkstatus key where both
2803 * a) we have a networkstatus document and
2804 * b) it is not newer than <b>cutoff</b>.
2806 * Return 1 if any items were present at all; else return 0.
2809 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
2812 SMARTLIST_FOREACH(fps
, char *, digest
,
2814 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
2818 if (d
->published
<= cutoff
) {
2820 SMARTLIST_DEL_CURRENT(fps
, digest
);
2827 /** Return the cache-info for identity fingerprint <b>fp</b>, or
2828 * its extra-info document if <b>extrainfo</b> is true. Return
2829 * NULL if not found or if the descriptor is older than
2830 * <b>publish_cutoff</b>. */
2831 static signed_descriptor_t
*
2832 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
2833 time_t publish_cutoff
)
2835 if (router_digest_is_me(fp
)) {
2837 return &(router_get_my_extrainfo()->cache_info
);
2839 return &(router_get_my_routerinfo()->cache_info
);
2841 routerinfo_t
*ri
= router_get_by_digest(fp
);
2843 ri
->cache_info
.published_on
> publish_cutoff
) {
2845 return extrainfo_get_by_descriptor_digest(
2846 ri
->cache_info
.extra_info_digest
);
2848 return &ri
->cache_info
;
2854 /** Return true iff we have any of the docments (extrainfo or routerdesc)
2855 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
2856 * decide whether to send a 404. */
2858 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
2860 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
2861 SMARTLIST_FOREACH(fps
, const char *, fp
, {
2864 case DIR_SPOOL_EXTRA_BY_DIGEST
:
2865 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
2867 case DIR_SPOOL_SERVER_BY_DIGEST
:
2868 if (router_get_by_descriptor_digest(fp
)) return 1;
2870 case DIR_SPOOL_EXTRA_BY_FP
:
2871 case DIR_SPOOL_SERVER_BY_FP
:
2872 if (get_signed_descriptor_by_fp(fp
,
2873 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
2881 /** Return an approximate estimate of the number of bytes that will
2882 * be needed to transmit the server descriptors (if is_serverdescs --
2883 * they can be either d/ or fp/ queries) or networkstatus objects (if
2884 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
2885 * we guess how large the data will be after compression.
2887 * The return value is an estimate; it might be larger or smaller.
2890 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
2895 if (is_serverdescs
) {
2896 int n
= smartlist_len(fps
);
2897 routerinfo_t
*me
= router_get_my_routerinfo();
2898 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
2900 result
/= 2; /* observed compressability is between 35 and 55%. */
2903 SMARTLIST_FOREACH(fps
, const char *, digest
, {
2904 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
2906 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
2912 /** When we're spooling data onto our outbuf, add more whenever we dip
2913 * below this threshold. */
2914 #define DIRSERV_BUFFER_MIN 16384
2916 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
2917 * Flushes any remaining data to be (un)compressed, and changes the spool
2918 * source to NONE. Returns 0 on success, negative on failure. */
2920 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
2922 if (conn
->zlib_state
) {
2923 connection_write_to_buf_zlib("", 0, conn
, 1);
2924 tor_zlib_free(conn
->zlib_state
);
2925 conn
->zlib_state
= NULL
;
2927 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
2931 /** Spooling helper: called when we're sending a bunch of server descriptors,
2932 * and the outbuf has become too empty. Pulls some entries from
2933 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
2934 * run out of entries, flushes the zlib state and sets the spool source to
2935 * NONE. Returns 0 on success, negative on failure.
2938 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
2940 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
2941 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
2942 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
2943 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
2944 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
2946 while (smartlist_len(conn
->fingerprint_stack
) &&
2947 buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
2949 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
2950 signed_descriptor_t
*sd
= NULL
;
2952 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
2954 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
2955 : router_get_by_descriptor_digest(fp
);
2960 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
2961 /* we did this check once before (so we could have an accurate size
2962 * estimate and maybe send a 404 if somebody asked for only bridges on a
2963 * connection), but we need to do it again in case a previously
2964 * unknown bridge descriptor has shown up between then and now. */
2968 body
= signed_descriptor_get_body(sd
);
2969 if (conn
->zlib_state
) {
2970 int last
= ! smartlist_len(conn
->fingerprint_stack
);
2971 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
2974 tor_zlib_free(conn
->zlib_state
);
2975 conn
->zlib_state
= NULL
;
2978 connection_write_to_buf(body
,
2979 sd
->signed_descriptor_len
,
2984 if (!smartlist_len(conn
->fingerprint_stack
)) {
2985 /* We just wrote the last one; finish up. */
2986 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
2987 smartlist_free(conn
->fingerprint_stack
);
2988 conn
->fingerprint_stack
= NULL
;
2993 /** Spooling helper: Called when we're sending a directory or networkstatus,
2994 * and the outbuf has become too empty. Pulls some bytes from
2995 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
2996 * puts them on the outbuf. If we run out of entries, flushes the zlib state
2997 * and sets the spool source to NONE. Returns 0 on success, negative on
3000 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3005 bytes
= DIRSERV_BUFFER_MIN
- buf_datalen(conn
->_base
.outbuf
);
3006 tor_assert(bytes
> 0);
3007 tor_assert(conn
->cached_dir
);
3010 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3011 if (bytes
> remaining
)
3012 bytes
= (ssize_t
) remaining
;
3014 if (conn
->zlib_state
) {
3015 connection_write_to_buf_zlib(
3016 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3017 bytes
, conn
, bytes
== remaining
);
3019 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3020 bytes
, TO_CONN(conn
));
3022 conn
->cached_dir_offset
+= bytes
;
3023 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3024 /* We just wrote the last one; finish up. */
3025 connection_dirserv_finish_spooling(conn
);
3026 cached_dir_decref(conn
->cached_dir
);
3027 conn
->cached_dir
= NULL
;
3032 /** Spooling helper: Called when we're spooling networkstatus objects on
3033 * <b>conn</b>, and the outbuf has become too empty. If the current
3034 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3035 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3036 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3037 * treated as a request for the current consensus.) If we run out of entries,
3038 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3039 * success, negative on failure. */
3041 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3044 while (buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
3045 if (conn
->cached_dir
) {
3046 int uncompressing
= (conn
->zlib_state
!= NULL
);
3047 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3048 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3049 /* add_dir_bytes thinks we're done with the cached_dir. But we
3050 * may have more cached_dirs! */
3051 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3052 /* This bit is tricky. If we were uncompressing the last
3053 * networkstatus, we may need to make a new zlib object to
3054 * uncompress the next one. */
3055 if (uncompressing
&& ! conn
->zlib_state
&&
3056 conn
->fingerprint_stack
&&
3057 smartlist_len(conn
->fingerprint_stack
)) {
3058 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
);
3062 } else if (conn
->fingerprint_stack
&&
3063 smartlist_len(conn
->fingerprint_stack
)) {
3064 /* Add another networkstatus; start serving it. */
3065 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3066 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3070 conn
->cached_dir
= d
;
3071 conn
->cached_dir_offset
= 0;
3074 connection_dirserv_finish_spooling(conn
);
3075 if (conn
->fingerprint_stack
)
3076 smartlist_free(conn
->fingerprint_stack
);
3077 conn
->fingerprint_stack
= NULL
;
3084 /** Called whenever we have flushed some directory data in state
3085 * SERVER_WRITING. */
3087 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3089 tor_assert(conn
->_base
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3091 if (buf_datalen(conn
->_base
.outbuf
) >= DIRSERV_BUFFER_MIN
)
3094 switch (conn
->dir_spool_src
) {
3095 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3096 case DIR_SPOOL_EXTRA_BY_FP
:
3097 case DIR_SPOOL_SERVER_BY_DIGEST
:
3098 case DIR_SPOOL_SERVER_BY_FP
:
3099 return connection_dirserv_add_servers_to_outbuf(conn
);
3100 case DIR_SPOOL_CACHED_DIR
:
3101 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3102 case DIR_SPOOL_NETWORKSTATUS
:
3103 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3104 case DIR_SPOOL_NONE
:
3110 /** Release all storage used by the directory server. */
3112 dirserv_free_all(void)
3114 dirserv_free_fingerprint_list();
3116 cached_dir_decref(the_directory
);
3117 clear_cached_dir(&the_runningrouters
);
3118 cached_dir_decref(the_v2_networkstatus
);
3119 cached_dir_decref(cached_directory
);
3120 clear_cached_dir(&cached_runningrouters
);
3121 if (cached_v2_networkstatus
) {
3122 digestmap_free(cached_v2_networkstatus
, _free_cached_dir
);
3123 cached_v2_networkstatus
= NULL
;
3125 cached_dir_decref(cached_v3_networkstatus
);