search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Avoid going directly to the directory authorities even if you're a
[tor.git] / src / or / dirserv.c
blobe66cb2aa5b13e26bed29a35449eb9f6aeef0b314
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
6 const char dirserv_c_id[] =
7 "$Id$";
8
9 #define DIRSERV_PRIVATE
10 #include "or.h"
11
12 /**
13 * \file dirserv.c
14 * \brief Directory server core implementation. Manages directory
15 * contents and generates directories.
16 */
17
18 /** How far in the future do we allow a router to get? (seconds) */
19 #define ROUTER_ALLOW_SKEW (60*60*12)
20 /** How many seconds do we wait before regenerating the directory? */
21 #define DIR_REGEN_SLACK_TIME 30
22 /** If we're a cache, keep this many networkstatuses around from non-trusted
23 * directory authorities. */
24 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
25
26 /** If a v1 directory is older than this, discard it. */
27 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
28 /** If a v1 running-routers is older than this, discard it. */
29 #define MAX_V1_RR_AGE (7*24*60*60)
30
31 extern time_t time_of_process_start; /* from main.c */
32
33 /** Do we need to regenerate the directory when someone asks for it? */
34 static int the_directory_is_dirty = 1;
35 static int runningrouters_is_dirty = 1;
36 static int the_v2_networkstatus_is_dirty = 1;
37
38 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
39 * only.) */
40 static cached_dir_t *the_directory = NULL;
41
42 /** For authoritative directories: the current (v1) network status. */
43 static cached_dir_t the_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
44
45 static void directory_remove_invalid(void);
46 static cached_dir_t *dirserv_regenerate_directory(void);
47 static char *format_versions_list(config_line_t *ln);
48 struct authdir_config_t;
49 static int add_fingerprint_to_dir(const char *nickname, const char *fp,
50 struct authdir_config_t *list);
51 static uint32_t dirserv_router_get_status(const routerinfo_t *router,
52 const char **msg);
53 static uint32_t
54 dirserv_get_status_impl(const char *fp, const char *nickname,
55 const char *address,
56 uint32_t addr, uint16_t or_port,
57 const char *platform, const char *contact,
58 const char **msg, int should_log);
59 static void clear_cached_dir(cached_dir_t *d);
60 static signed_descriptor_t *get_signed_descriptor_by_fp(const char *fp,
61 int extrainfo,
62 time_t publish_cutoff);
63 static int dirserv_add_extrainfo(extrainfo_t *ei, const char **msg);
64
65 /************** Fingerprint handling code ************/
66
67 #define FP_NAMED 1 /**< Listed in fingerprint file. */
68 #define FP_INVALID 2 /**< Believed invalid. */
69 #define FP_REJECT 4 /**< We will not publish this router. */
70 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
71 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
72 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
73
74 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
75 * map. */
76 typedef struct router_status_t {
77 char nickname[MAX_NICKNAME_LEN+1];
78 uint32_t status;
79 } router_status_t;
80
81 /** List of nickname-\>identity fingerprint mappings for all the routers
82 * that we name. Used to prevent router impersonation. */
83 typedef struct authdir_config_t {
84 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
85 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
86 } authdir_config_t;
87
88 /** Should be static; exposed for testing. */
89 static authdir_config_t *fingerprint_list = NULL;
90
91 /** Allocate and return a new, empty, authdir_config_t. */
92 static authdir_config_t *
93 authdir_config_new(void)
94 {
95 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
96 list->fp_by_name = strmap_new();
97 list->status_by_digest = digestmap_new();
98 return list;
99 }
100
101 /** Add the fingerprint <b>fp</b> for the nickname <b>nickname</b> to
102 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
103 * new, or 1 if we replaced the old value.
104 */
105 /* static */ int
106 add_fingerprint_to_dir(const char *nickname, const char *fp,
107 authdir_config_t *list)
108 {
109 char *fingerprint;
110 char d[DIGEST_LEN];
111 router_status_t *status;
112 tor_assert(nickname);
113 tor_assert(fp);
114 tor_assert(list);
115
116 fingerprint = tor_strdup(fp);
117 tor_strstrip(fingerprint, " ");
118 if (base16_decode(d, DIGEST_LEN, fingerprint, strlen(fingerprint))) {
119 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
120 escaped(fp));
121 tor_free(fingerprint);
122 return 0;
123 }
124
125 if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
126 log_warn(LD_DIRSERV, "Tried to add a mapping for reserved nickname %s",
127 UNNAMED_ROUTER_NICKNAME);
128 tor_free(fingerprint);
129 return 0;
130 }
131
132 status = digestmap_get(list->status_by_digest, d);
133 if (!status) {
134 status = tor_malloc_zero(sizeof(router_status_t));
135 digestmap_set(list->status_by_digest, d, status);
136 }
137
138 if (nickname[0] != '!') {
139 char *old_fp = strmap_get_lc(list->fp_by_name, nickname);
140 if (old_fp && !strcasecmp(fingerprint, old_fp)) {
141 tor_free(fingerprint);
142 } else {
143 tor_free(old_fp);
144 strmap_set_lc(list->fp_by_name, nickname, fingerprint);
145 }
146 status->status |= FP_NAMED;
147 strlcpy(status->nickname, nickname, sizeof(status->nickname));
148 } else {
149 tor_free(fingerprint);
150 if (!strcasecmp(nickname, "!reject")) {
151 status->status |= FP_REJECT;
152 } else if (!strcasecmp(nickname, "!invalid")) {
153 status->status |= FP_INVALID;
154 } else if (!strcasecmp(nickname, "!baddir")) {
155 status->status |= FP_BADDIR;
156 } else if (!strcasecmp(nickname, "!badexit")) {
157 status->status |= FP_BADEXIT;
158 }
159 }
160 return 0;
161 }
162
163 /** Add the nickname and fingerprint for this OR to the
164 * global list of recognized identity key fingerprints. */
165 int
166 dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk)
167 {
168 char fp[FINGERPRINT_LEN+1];
169 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
170 log_err(LD_BUG, "Error computing fingerprint");
171 return -1;
172 }
173 if (!fingerprint_list)
174 fingerprint_list = authdir_config_new();
175 add_fingerprint_to_dir(nickname, fp, fingerprint_list);
176 return 0;
177 }
178
179 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
180 * file. The file format is line-based, with each non-blank holding one
181 * nickname, some space, and a fingerprint for that nickname. On success,
182 * replace the current fingerprint list with the new list and return 0. On
183 * failure, leave the current fingerprint list untouched, and
184 * return -1. */
185 int
186 dirserv_load_fingerprint_file(void)
187 {
188 char *fname;
189 char *cf;
190 char *nickname, *fingerprint;
191 authdir_config_t *fingerprint_list_new;
192 int result;
193 config_line_t *front=NULL, *list;
194 or_options_t *options = get_options();
195
196 fname = get_datadir_fname("approved-routers");
197 log_info(LD_GENERAL,
198 "Reloading approved fingerprints from \"%s\"...", fname);
199
200 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
201 if (!cf) {
202 if (options->NamingAuthoritativeDir) {
203 log_warn(LD_FS, "Cannot open fingerprint file '%s'. Failing.", fname);
204 tor_free(fname);
205 return -1;
206 } else {
207 log_info(LD_FS, "Cannot open fingerprint file '%s'. Returning.", fname);
208 tor_free(fname);
209 return 0;
210 }
211 }
212 tor_free(fname);
213
214 result = config_get_lines(cf, &front);
215 tor_free(cf);
216 if (result < 0) {
217 log_warn(LD_CONFIG, "Error reading from fingerprint file");
218 return -1;
219 }
220
221 fingerprint_list_new = authdir_config_new();
222
223 for (list=front; list; list=list->next) {
224 nickname = list->key; fingerprint = list->value;
225 if (strlen(nickname) > MAX_NICKNAME_LEN) {
226 log_notice(LD_CONFIG,
227 "Nickname '%s' too long in fingerprint file. Skipping.",
228 nickname);
229 continue;
230 }
231 if (!is_legal_nickname(nickname) &&
232 strcasecmp(nickname, "!reject") &&
233 strcasecmp(nickname, "!invalid") &&
234 strcasecmp(nickname, "!badexit")) {
235 log_notice(LD_CONFIG,
236 "Invalid nickname '%s' in fingerprint file. Skipping.",
237 nickname);
238 continue;
239 }
240 if (strlen(fingerprint) != FINGERPRINT_LEN ||
241 !crypto_pk_check_fingerprint_syntax(fingerprint)) {
242 log_notice(LD_CONFIG,
243 "Invalid fingerprint (nickname '%s', "
244 "fingerprint %s). Skipping.",
245 nickname, fingerprint);
246 continue;
247 }
248 if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
249 /* If you approved an OR called "client", then clients who use
250 * the default nickname could all be rejected. That's no good. */
251 log_notice(LD_CONFIG,
252 "Authorizing nickname '%s' would break "
253 "many clients; skipping.",
254 DEFAULT_CLIENT_NICKNAME);
255 continue;
256 }
257 if (0==strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
258 /* If you approved an OR called "unnamed", then clients will be
259 * confused. */
260 log_notice(LD_CONFIG,
261 "Authorizing nickname '%s' is not allowed; skipping.",
262 UNNAMED_ROUTER_NICKNAME);
263 continue;
264 }
265 if (add_fingerprint_to_dir(nickname, fingerprint, fingerprint_list_new)
266 != 0)
267 log_notice(LD_CONFIG, "Duplicate nickname '%s'.", nickname);
268 }
269
270 config_free_lines(front);
271 dirserv_free_fingerprint_list();
272 fingerprint_list = fingerprint_list_new;
273 /* Delete any routers whose fingerprints we no longer recognize */
274 directory_remove_invalid();
275 return 0;
276 }
277
278 /** Check whether <b>router</b> has a nickname/identity key combination that
279 * we recognize from the fingerprint list, or an IP we automatically act on
280 * according to our configuration. Return the appropriate router status.
281 *
282 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
283 * *<b>msg</b> to an explanation of why. */
284 static uint32_t
285 dirserv_router_get_status(const routerinfo_t *router, const char **msg)
286 {
287 char d[DIGEST_LEN];
288
289 if (crypto_pk_get_digest(router->identity_pkey, d)) {
290 log_warn(LD_BUG,"Error computing fingerprint");
291 if (msg)
292 *msg = "Bug: Error computing fingerprint";
293 return FP_REJECT;
294 }
295
296 return dirserv_get_status_impl(d, router->nickname,
297 router->address,
298 router->addr, router->or_port,
299 router->platform, router->contact_info,
300 msg, 1);
301 }
302
303 /** Return true if there is no point in downloading the router described by
304 * <b>rs</b> because this directory would reject it. */
305 int
306 dirserv_would_reject_router(routerstatus_t *rs)
307 {
308 uint32_t res;
309
310 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
311 "", /* address is only used in logs */
312 rs->addr, rs->or_port,
313 NULL, NULL,
314 NULL, 0);
315
316 return (res & FP_REJECT) != 0;
317 }
318
319 /** Helper: Based only on the ID/Nickname combination,
320 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
321 */
322 static uint32_t
323 dirserv_get_name_status(const char *id_digest, const char *nickname)
324 {
325 char fp[HEX_DIGEST_LEN+1];
326 char *fp_by_name;
327
328 base16_encode(fp, sizeof(fp), id_digest, DIGEST_LEN);
329
330 if ((fp_by_name =
331 strmap_get_lc(fingerprint_list->fp_by_name, nickname))) {
332 if (!strcasecmp(fp, fp_by_name)) {
333 return FP_NAMED;
334 } else {
335 return FP_UNNAMED; /* Wrong fingerprint. */
336 }
337 }
338 return 0;
339 }
340
341 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
342 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
343 * port, platform (logging only) and contact info (logging only) as arguments.
344 *
345 * If should_log is false, do not log messages. (There's not much point in
346 * logging that we're rejecting servers we'll not download.)
347 */
348 static uint32_t
349 dirserv_get_status_impl(const char *id_digest, const char *nickname,
350 const char *address,
351 uint32_t addr, uint16_t or_port,
352 const char *platform, const char *contact,
353 const char **msg, int should_log)
354 {
355 int reject_unlisted = get_options()->AuthDirRejectUnlisted;
356 uint32_t result = 0;
357 router_status_t *status_by_digest;
358
359 if (!fingerprint_list)
360 fingerprint_list = authdir_config_new();
361
362 if (should_log)
363 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
364 strmap_size(fingerprint_list->fp_by_name),
365 digestmap_size(fingerprint_list->status_by_digest));
366
367 result = dirserv_get_name_status(id_digest, nickname);
368 if (result & FP_NAMED) {
369 if (should_log)
370 log_debug(LD_DIRSERV,"Good fingerprint for '%s'",nickname);
371 }
372 if (result & FP_UNNAMED) {
373 if (should_log) {
374 char *esc_contact = esc_for_log(contact);
375 log_info(LD_DIRSERV,
376 "Mismatched fingerprint for '%s'. "
377 "ContactInfo '%s', platform '%s'.)",
378 nickname,
379 esc_contact,
380 platform ? escaped(platform) : "");
381 tor_free(esc_contact);
382 }
383 if (msg)
384 *msg = "Rejected: There is already a named server with this nickname "
385 "and a different fingerprint.";
386 }
387
388 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
389 id_digest);
390 if (status_by_digest)
391 result |= (status_by_digest->status & ~FP_NAMED);
392
393 if (result & FP_REJECT) {
394 if (msg)
395 *msg = "Fingerprint is marked rejected";
396 return FP_REJECT;
397 } else if (result & FP_INVALID) {
398 if (msg)
399 *msg = "Fingerprint is marked invalid";
400 }
401
402 if (authdir_policy_baddir_address(addr, or_port)) {
403 if (should_log)
404 log_info(LD_DIRSERV,
405 "Marking '%s' as bad directory because of address '%s'",
406 nickname, address);
407 result |= FP_BADDIR;
408 }
409
410 if (authdir_policy_badexit_address(addr, or_port)) {
411 if (should_log)
412 log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
413 nickname, address);
414 result |= FP_BADEXIT;
415 }
416
417 if (!(result & FP_NAMED)) {
418 if (!authdir_policy_permits_address(addr, or_port)) {
419 if (should_log)
420 log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
421 nickname, address);
422 if (msg)
423 *msg = "Authdir is rejecting routers in this range.";
424 return FP_REJECT;
425 }
426 if (!authdir_policy_valid_address(addr, or_port)) {
427 if (should_log)
428 log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
429 nickname, address);
430 result |= FP_INVALID;
431 }
432 if (reject_unlisted) {
433 if (msg)
434 *msg = "Authdir rejects unknown routers.";
435 return FP_REJECT;
436 }
437 /* 0.1.0.2-rc was the first version that did enough self-testing that
438 * we're willing to take its word about whether it's running. */
439 if (platform && !tor_version_as_new_as(platform,"0.1.0.2-rc"))
440 result |= FP_INVALID;
441 }
442
443 return result;
444 }
445
446 /** If we are an authoritative dirserver, and the list of approved
447 * servers contains one whose identity key digest is <b>digest</b>,
448 * return that router's nickname. Otherwise return NULL. */
449 const char *
450 dirserv_get_nickname_by_digest(const char *digest)
451 {
452 router_status_t *status;
453 if (!fingerprint_list)
454 return NULL;
455 tor_assert(digest);
456
457 status = digestmap_get(fingerprint_list->status_by_digest, digest);
458 return status ? status->nickname : NULL;
459 }
460
461 /** Clear the current fingerprint list. */
462 void
463 dirserv_free_fingerprint_list(void)
464 {
465 if (!fingerprint_list)
466 return;
467
468 strmap_free(fingerprint_list->fp_by_name, _tor_free);
469 digestmap_free(fingerprint_list->status_by_digest, _tor_free);
470 tor_free(fingerprint_list);
471 }
472
473 /*
474 * Descriptor list
475 */
476
477 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
478 * unless we're configured to not care. Return 0 if all ok. */
479 static int
480 dirserv_router_has_valid_address(routerinfo_t *ri)
481 {
482 struct in_addr iaddr;
483 if (get_options()->DirAllowPrivateAddresses)
484 return 0; /* whatever it is, we're fine with it */
485 if (!tor_inet_aton(ri->address, &iaddr)) {
486 log_info(LD_DIRSERV,"Router '%s' published non-IP address '%s'. Refusing.",
487 ri->nickname, ri->address);
488 return -1;
489 }
490 if (is_internal_IP(ntohl(iaddr.s_addr), 0)) {
491 log_info(LD_DIRSERV,
492 "Router '%s' published internal IP address '%s'. Refusing.",
493 ri->nickname, ri->address);
494 return -1; /* it's a private IP, we should reject it */
495 }
496 return 0;
497 }
498
499 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
500 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
501 *
502 * If the router is rejected, set *<b>msg</b> to an explanation of why.
503 *
504 * If <b>complain</b> then explain at log-level 'notice' why we refused
505 * a descriptor; else explain at log-level 'info'.
506 */
507 int
508 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
509 int complain)
510 {
511 /* Okay. Now check whether the fingerprint is recognized. */
512 uint32_t status = dirserv_router_get_status(ri, msg);
513 time_t now;
514 int severity = complain ? LOG_NOTICE : LOG_INFO;
515 tor_assert(msg);
516 if (status & FP_REJECT)
517 return -1; /* msg is already set. */
518
519 /* Is there too much clock skew? */
520 now = time(NULL);
521 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
522 log_fn(severity, LD_DIRSERV, "Publication time for nickname '%s' is too "
523 "far (%d minutes) in the future; possible clock skew. Not adding "
524 "(%s)",
525 ri->nickname, (int)((ri->cache_info.published_on-now)/60),
526 esc_router_info(ri));
527 *msg = "Rejected: Your clock is set too far in the future, or your "
528 "timezone is not correct.";
529 return -1;
530 }
531 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
532 log_fn(severity, LD_DIRSERV,
533 "Publication time for router with nickname '%s' is too far "
534 "(%d minutes) in the past. Not adding (%s)",
535 ri->nickname, (int)((now-ri->cache_info.published_on)/60),
536 esc_router_info(ri));
537 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
538 " or your timezone is not correct.";
539 return -1;
540 }
541 if (dirserv_router_has_valid_address(ri) < 0) {
542 log_fn(severity, LD_DIRSERV,
543 "Router with nickname '%s' has invalid address '%s'. "
544 "Not adding (%s).",
545 ri->nickname, ri->address,
546 esc_router_info(ri));
547 *msg = "Rejected: Address is not an IP, or IP is a private address.";
548 return -1;
549 }
550 /* Okay, looks like we're willing to accept this one. */
551 ri->is_named = (status & FP_NAMED) ? 1 : 0;
552 ri->is_valid = (status & FP_INVALID) ? 0 : 1;
553 ri->is_bad_directory = (status & FP_BADDIR) ? 1 : 0;
554 ri->is_bad_exit = (status & FP_BADEXIT) ? 1 : 0;
555
556 return 0;
557 }
558
559 /** As for dirserv_add_descriptor, but accepts multiple documents, and
560 * returns the most severe error that occurred for any one of them. */
561 int
562 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
563 const char *source,
564 const char **msg)
565 {
566 int r=100; /* higher than any actual return value. */
567 int r_tmp;
568 const char *msg_out;
569 smartlist_t *list;
570 const char *s;
571 int n_parsed = 0;
572 time_t now = time(NULL);
573 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
574 char time_buf[ISO_TIME_LEN+1];
575 int general = purpose == ROUTER_PURPOSE_GENERAL;
576 tor_assert(msg);
577
578 format_iso_time(time_buf, now);
579 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
580 "@uploaded-at %s\n"
581 "@source %s\n"
582 "%s%s%s", time_buf, escaped(source),
583 !general ? "@purpose " : "",
584 !general ? router_purpose_to_string(purpose) : "",
585 !general ? "\n" : "")<0) {
586 *msg = "Couldn't format annotations";
587 return -1;
588 }
589
590 s = desc;
591 list = smartlist_create();
592 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
593 annotation_buf)) {
594 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
595 msg_out = NULL;
596 tor_assert(ri->purpose == purpose);
597 r_tmp = dirserv_add_descriptor(ri, &msg_out);
598 if (r_tmp < r) {
599 r = r_tmp;
600 *msg = msg_out;
601 }
602 });
603 }
604 n_parsed += smartlist_len(list);
605 smartlist_clear(list);
606
607 s = desc;
608 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
609 NULL)) {
610 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
611 msg_out = NULL;
612
613 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
614 if (r_tmp < r) {
615 r = r_tmp;
616 *msg = msg_out;
617 }
618 });
619 }
620 n_parsed += smartlist_len(list);
621 smartlist_free(list);
622
623 if (! *msg) {
624 if (!n_parsed) {
625 *msg = "No descriptors found in your POST.";
626 if (r > -1)
627 r = -1;
628 } else {
629 *msg = "(no message)";
630 }
631 }
632
633 return r <= 2 ? r : 2;
634 }
635
636 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
637 * the list of server descriptors. Set *<b>msg</b> to a message that should be
638 * passed back to the origin of this descriptor.
639 *
640 * Return 2 if descriptor is well-formed and accepted;
641 * 1 if well-formed and accepted but origin should hear *msg;
642 * 0 if well-formed but redundant with one we already have;
643 * -1 if it is rejected and origin should hear *msg;
644 *
645 * This function is only called when fresh descriptors are posted, not when
646 * we re-load the cache.
647 */
648 int
649 dirserv_add_descriptor(routerinfo_t *ri, const char **msg)
650 {
651 int r;
652 routerinfo_t *ri_old;
653 char *desc = NULL;
654 size_t desclen = 0;
655
656 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
657 * network and it'll clog everything up. */
658 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
659 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor "
660 "with size %d. Either this is an attack, or the "
661 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
662 (int)ri->cache_info.signed_descriptor_len,
663 MAX_DESCRIPTOR_UPLOAD_SIZE);
664 *msg = "Router descriptor was too large";
665 control_event_or_authdir_new_descriptor("REJECTED",
666 ri->cache_info.signed_descriptor_body,
667 ri->cache_info.signed_descriptor_len, *msg);
668 routerinfo_free(ri);
669 return -1;
670 }
671
672 /* Check whether this descriptor is semantically identical to the last one
673 * from this server. (We do this here and not in router_add_to_routerlist
674 * because we want to be able to accept the newest router descriptor that
675 * another authority has, so we all converge on the same one.) */
676 ri_old = router_get_by_digest(ri->cache_info.identity_digest);
677 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
678 && router_differences_are_cosmetic(ri_old, ri)
679 && !router_is_me(ri)) {
680 log_info(LD_DIRSERV,
681 "Not replacing descriptor from '%s'; differences are cosmetic.",
682 ri->nickname);
683 *msg = "Not replacing router descriptor; no information has changed since "
684 "the last one with this identity.";
685 control_event_or_authdir_new_descriptor("DROPPED",
686 ri->cache_info.signed_descriptor_body,
687 ri->cache_info.signed_descriptor_len, *msg);
688 routerinfo_free(ri);
689 return 0;
690 }
691 if (control_event_is_interesting(EVENT_AUTHDIR_NEWDESCS)) {
692 /* Make a copy of desc, since router_add_to_routerlist might free
693 * ri and its associated signed_descriptor_t. */
694 desclen = ri->cache_info.signed_descriptor_len;
695 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
696 }
697
698 if ((r = router_add_to_routerlist(ri, msg, 0, 0))<0) {
699 if (r < -1 && desc) /* unless the routerinfo was fine, just out-of-date */
700 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
701 tor_free(desc);
702 return r == -1 ? 0 : -1;
703 } else {
704 smartlist_t *changed;
705 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
706
707 changed = smartlist_create();
708 smartlist_add(changed, ri);
709 control_event_descriptors_changed(changed);
710 smartlist_free(changed);
711 if (!*msg) {
712 *msg = ri->is_valid ? "Descriptor for valid server accepted" :
713 "Descriptor for invalid server accepted";
714 }
715 tor_free(desc);
716 return r == 0 ? 2 : 1;
717 }
718 }
719
720 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
721 static int
722 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
723 {
724 routerinfo_t *ri;
725 int r;
726 tor_assert(msg);
727 *msg = NULL;
728
729 ri = router_get_by_digest(ei->cache_info.identity_digest);
730 if (!ri) {
731 *msg = "No corresponding router descriptor for extra-info descriptor";
732 extrainfo_free(ei);
733 return -1;
734 }
735
736 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
737 * network and it'll clog everything up. */
738 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
739 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
740 "with size %d. Either this is an attack, or the "
741 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
742 (int)ei->cache_info.signed_descriptor_len,
743 MAX_EXTRAINFO_UPLOAD_SIZE);
744 *msg = "Extrainfo document was too large";
745 extrainfo_free(ei);
746 return -1;
747 }
748
749 if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) {
750 extrainfo_free(ei);
751 return r < 0 ? 0 : -1;
752 }
753 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
754 return 2;
755 }
756
757 /** Remove all descriptors whose nicknames or fingerprints no longer
758 * are allowed by our fingerprint list. (Descriptors that used to be
759 * good can become bad when we reload the fingerprint list.)
760 */
761 static void
762 directory_remove_invalid(void)
763 {
764 int i;
765 int changed = 0;
766 routerlist_t *rl = router_get_routerlist();
767
768 routerlist_assert_ok(rl);
769
770 for (i = 0; i < smartlist_len(rl->routers); ++i) {
771 const char *msg;
772 routerinfo_t *ent = smartlist_get(rl->routers, i);
773 uint32_t r = dirserv_router_get_status(ent, &msg);
774 if (r & FP_REJECT) {
775 log_info(LD_DIRSERV, "Router '%s' is now rejected: %s",
776 ent->nickname, msg?msg:"");
777 routerlist_remove(rl, ent, 0);
778 i--;
779 changed = 1;
780 continue;
781 }
782 if (bool_neq((r & FP_NAMED), ent->is_named)) {
783 log_info(LD_DIRSERV,
784 "Router '%s' is now %snamed.", ent->nickname,
785 (r&FP_NAMED)?"":"un");
786 ent->is_named = (r&FP_NAMED)?1:0;
787 changed = 1;
788 }
789 if (bool_neq((r & FP_INVALID), !ent->is_valid)) {
790 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", ent->nickname,
791 (r&FP_INVALID) ? "in" : "");
792 ent->is_valid = (r&FP_INVALID)?0:1;
793 changed = 1;
794 }
795 if (bool_neq((r & FP_BADDIR), ent->is_bad_directory)) {
796 log_info(LD_DIRSERV, "Router '%s' is now a %s directory", ent->nickname,
797 (r & FP_BADDIR) ? "bad" : "good");
798 ent->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
799 changed = 1;
800 }
801 if (bool_neq((r & FP_BADEXIT), ent->is_bad_exit)) {
802 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", ent->nickname,
803 (r & FP_BADEXIT) ? "bad" : "good");
804 ent->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
805 changed = 1;
806 }
807 }
808 if (changed)
809 directory_set_dirty();
810
811 routerlist_assert_ok(rl);
812 }
813
814 /** Write a list of unregistered descriptors into a newly allocated
815 * string and return it. Used by dirserv operators to keep track of
816 * fast nodes that haven't registered.
817 */
818 int
819 getinfo_helper_dirserv_unregistered(control_connection_t *control_conn,
820 const char *question, char **answer_out)
821 {
822 smartlist_t *answerlist;
823 char buf[1024];
824 char *answer;
825 int min_bw = atoi(question);
826 routerlist_t *rl = router_get_routerlist();
827
828 (void) control_conn;
829
830 if (strcmpstart(question, "unregistered-servers-"))
831 return 0;
832 question += strlen("unregistered-servers-");
833
834 answerlist = smartlist_create();
835 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ent, {
836 uint32_t r = dirserv_router_get_status(ent, NULL);
837 if (router_get_advertised_bandwidth(ent) >= (size_t)min_bw &&
838 !(r & FP_NAMED)) {
839 /* then log this one */
840 tor_snprintf(buf, sizeof(buf),
841 "%s: BW %d on '%s'.",
842 ent->nickname, router_get_advertised_bandwidth(ent),
843 ent->platform ? ent->platform : "");
844 smartlist_add(answerlist, tor_strdup(buf));
845 }
846 });
847 answer = smartlist_join_strings(answerlist, "\r\n", 0, NULL);
848 SMARTLIST_FOREACH(answerlist, char *, cp, tor_free(cp));
849 smartlist_free(answerlist);
850 *answer_out = answer;
851 return 0;
852 }
853
854 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
855 * directory, we will rebuild it instead of reusing the most recently
856 * generated one.
857 */
858 void
859 directory_set_dirty(void)
860 {
861 time_t now = time(NULL);
862 int set_v1_dirty=0;
863
864 /* Regenerate stubs only every 8 hours. XXXX020 */
865 #define STUB_REGENERATE_INTERVAL (8*60*60)
866 if (!the_directory || !the_runningrouters.dir)
867 set_v1_dirty = 1;
868 else if (the_directory->published < now - STUB_REGENERATE_INTERVAL ||
869 the_runningrouters.published < now - STUB_REGENERATE_INTERVAL)
870 set_v1_dirty = 1;
871
872 if (set_v1_dirty) {
873 if (!the_directory_is_dirty)
874 the_directory_is_dirty = now;
875 if (!runningrouters_is_dirty)
876 runningrouters_is_dirty = now;
877 }
878 if (!the_v2_networkstatus_is_dirty)
879 the_v2_networkstatus_is_dirty = now;
880 }
881
882 /**
883 * Allocate and return a description of the status of the server <b>desc</b>,
884 * for use in a v1-style router-status line. The server is listed
885 * as running iff <b>is_live</b> is true.
886 */
887 static char *
888 list_single_server_status(routerinfo_t *desc, int is_live)
889 {
890 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
891 char *cp;
892
893 tor_assert(desc);
894
895 cp = buf;
896 if (!is_live) {
897 *cp++ = '!';
898 }
899 if (desc->is_valid) {
900 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
901 cp += strlen(cp);
902 *cp++ = '=';
903 }
904 *cp++ = '$';
905 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
906 DIGEST_LEN);
907 return tor_strdup(buf);
908 }
909
910 /** Each server needs to have passed a reachability test no more
911 * than this number of seconds ago, or he is listed as down in
912 * the directory. */
913 #define REACHABLE_TIMEOUT (45*60)
914
915 /** Treat a router as alive if
916 * - It's me, and I'm not hibernating.
917 * or - We've found it reachable recently. */
918 void
919 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
920 {
921 int answer;
922
923 if (router_is_me(router) && !we_are_hibernating())
924 answer = 1;
925 else
926 answer = get_options()->AssumeReachable ||
927 now < router->last_reachable + REACHABLE_TIMEOUT;
928
929 if (router->is_running && !answer) {
930 /* it was running but now it's not. tell rephist. */
931 rep_hist_note_router_unreachable(router->cache_info.identity_digest, now);
932 }
933
934 router->is_running = answer;
935 }
936
937 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
938 * contents of a v1-style router-status line, and store it in
939 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
940 *
941 * If for_controller is true, include the routers with very old descriptors.
942 * If for_controller is &gt;1, use the verbose nickname format.
943 */
944 int
945 list_server_status_v1(smartlist_t *routers, char **router_status_out,
946 int for_controller)
947 {
948 /* List of entries in a router-status style: An optional !, then an optional
949 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
950 smartlist_t *rs_entries;
951 time_t now = time(NULL);
952 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
953 or_options_t *options = get_options();
954 /* We include v2 dir auths here too, because they need to answer
955 * controllers. Eventually we'll deprecate this whole function;
956 * see also networkstatus_getinfo_by_purpose(). */
957 int authdir = authdir_mode_publishes_statuses(options);
958 tor_assert(router_status_out);
959
960 rs_entries = smartlist_create();
961
962 SMARTLIST_FOREACH(routers, routerinfo_t *, ri,
963 {
964 if (authdir) {
965 /* Update router status in routerinfo_t. */
966 dirserv_set_router_is_running(ri, now);
967 }
968 if (for_controller == 1 || ri->cache_info.published_on >= cutoff)
969 smartlist_add(rs_entries, list_single_server_status(ri, ri->is_running));
970 else if (for_controller > 2) {
971 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
972 char *cp = name_buf;
973 if (!ri->is_running)
974 *cp++ = '!';
975 router_get_verbose_nickname(cp, ri);
976 smartlist_add(rs_entries, tor_strdup(name_buf));
977 }
978 });
979
980 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
981
982 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
983 smartlist_free(rs_entries);
984
985 return 0;
986 }
987
988 /** Given a (possibly empty) list of config_line_t, each line of which contains
989 * a list of comma-separated version numbers surrounded by optional space,
990 * allocate and return a new string containing the version numbers, in order,
991 * separated by commas. Used to generate Recommended(Client|Server)?Versions
992 */
993 static char *
994 format_versions_list(config_line_t *ln)
995 {
996 smartlist_t *versions;
997 char *result;
998 versions = smartlist_create();
999 for ( ; ln; ln = ln->next) {
1000 smartlist_split_string(versions, ln->value, ",",
1001 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1002 }
1003 sort_version_list(versions, 1);
1004 result = smartlist_join_strings(versions,",",0,NULL);
1005 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1006 smartlist_free(versions);
1007 return result;
1008 }
1009
1010 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1011 * not hibernating, and not too old. Else return 0.
1012 */
1013 static int
1014 router_is_active(routerinfo_t *ri, time_t now)
1015 {
1016 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1017 if (ri->cache_info.published_on < cutoff)
1018 return 0;
1019 if (!ri->is_running || !ri->is_valid || ri->is_hibernating)
1020 return 0;
1021 return 1;
1022 }
1023
1024 /** Generate a new v1 directory and write it into a newly allocated string.
1025 * Point *<b>dir_out</b> to the allocated string. Sign the
1026 * directory with <b>private_key</b>. Return 0 on success, -1 on
1027 * failure. If <b>complete</b> is set, give us all the descriptors;
1028 * otherwise leave out non-running and non-valid ones.
1029 */
1030 int
1031 dirserv_dump_directory_to_string(char **dir_out,
1032 crypto_pk_env_t *private_key)
1033 {
1034 char *cp;
1035 char *identity_pkey; /* Identity key, DER64-encoded. */
1036 char *recommended_versions;
1037 char digest[DIGEST_LEN];
1038 char published[ISO_TIME_LEN+1];
1039 char *buf = NULL;
1040 size_t buf_len;
1041 size_t identity_pkey_len;
1042 time_t now = time(NULL);
1043
1044 tor_assert(dir_out);
1045 *dir_out = NULL;
1046
1047 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1048 &identity_pkey_len)<0) {
1049 log_warn(LD_BUG,"write identity_pkey to string failed!");
1050 return -1;
1051 }
1052
1053 recommended_versions =
1054 format_versions_list(get_options()->RecommendedVersions);
1055
1056 format_iso_time(published, now);
1057
1058 buf_len = 2048+strlen(recommended_versions);
1059
1060 buf = tor_malloc(buf_len);
1061 /* We'll be comparing against buf_len throughout the rest of the
1062 function, though strictly speaking we shouldn't be able to exceed
1063 it. This is C, after all, so we may as well check for buffer
1064 overruns.*/
1065
1066 tor_snprintf(buf, buf_len,
1067 "signed-directory\n"
1068 "published %s\n"
1069 "recommended-software %s\n"
1070 "router-status %s\n"
1071 "dir-signing-key\n%s\n",
1072 published, recommended_versions, "",
1073 identity_pkey);
1074
1075 tor_free(recommended_versions);
1076 tor_free(identity_pkey);
1077
1078 cp = buf + strlen(buf);
1079 *cp = '\0';
1080
1081 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1082 signature. */
1083 if (strlcat(buf, "directory-signature ", buf_len) >= buf_len)
1084 goto truncated;
1085 if (strlcat(buf, get_options()->Nickname, buf_len) >= buf_len)
1086 goto truncated;
1087 if (strlcat(buf, "\n", buf_len) >= buf_len)
1088 goto truncated;
1089
1090 if (router_get_dir_hash(buf,digest)) {
1091 log_warn(LD_BUG,"couldn't compute digest");
1092 tor_free(buf);
1093 return -1;
1094 }
1095 note_crypto_pk_op(SIGN_DIR);
1096 if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
1097 tor_free(buf);
1098 return -1;
1099 }
1100
1101 *dir_out = buf;
1102 return 0;
1103 truncated:
1104 log_warn(LD_BUG,"tried to exceed string length.");
1105 tor_free(buf);
1106 return -1;
1107 }
1108
1109 /********************************************************************/
1110
1111 /* A set of functions to answer questions about how we'd like to behave
1112 * as a directory mirror/client. */
1113
1114 /** Return 1 if we fetch our directory material directly from the
1115 * authorities, rather than from a mirror. */
1116 int
1117 directory_fetches_from_authorities(or_options_t *options)
1118 {
1119 routerinfo_t *me;
1120 if (options->FetchDirInfoEarly)
1121 return 1;
1122 if (options->DirPort == 0)
1123 return 0;
1124 if (options->BridgeRelay == 1)
1125 return 0;
1126 if (!server_mode(options) || !advertised_server_mode())
1127 return 0;
1128 me = router_get_my_routerinfo();
1129 if (!me || !me->dir_port)
1130 return 0; /* if dirport not advertised, return 0 too */
1131 return 1;
1132 }
1133
1134 /* Return 1 if we should fetch new networkstatuses, descriptors, etc
1135 * on the "mirror" schedule rather than the "client" schedule.
1136 */
1137 int
1138 directory_fetches_dir_info_early(or_options_t *options)
1139 {
1140 return directory_fetches_from_authorities(options);
1141 }
1142
1143 /* Return 1 if we should fetch new networkstatuses, descriptors, etc
1144 * on a very passive schedule -- waiting long enough for ordinary clients
1145 * to probably have the info we want. These would include bridge users,
1146 * and maybe others in the future e.g. if a Tor client uses another Tor
1147 * client as a directory guard.
1148 */
1149 int
1150 directory_fetches_dir_info_later(or_options_t *options)
1151 {
1152 return options->UseBridges != 0;
1153 }
1154
1155 /** Return 1 if we want to cache v2 dir info (each status file).
1156 */
1157 int
1158 directory_caches_v2_dir_info(or_options_t *options)
1159 {
1160 return options->DirPort != 0;
1161 }
1162
1163 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1164 * and we're willing to serve them to others. Else return 0.
1165 */
1166 int
1167 directory_caches_dir_info(or_options_t *options)
1168 {
1169 return options->BridgeRelay != 0 || options->DirPort != 0;
1170 }
1171
1172 /** Return 1 if we want to allow remote people to ask us directory
1173 * requests via the "begin_dir" interface, which doesn't require
1174 * having any separate port open. */
1175 int
1176 directory_permits_begindir_requests(or_options_t *options)
1177 {
1178 return options->BridgeRelay != 0 || options->DirPort != 0;
1179 }
1180
1181 /** Return 1 if we want to allow controllers to ask us directory
1182 * requests via the controller interface, which doesn't require
1183 * having any separate port open. */
1184 int
1185 directory_permits_controller_requests(or_options_t *options)
1186 {
1187 return options->DirPort != 0;
1188 }
1189
1190 /** Return 1 if we have no need to fetch new descriptors. This generally
1191 * happens when we're not a dir cache and we haven't built any circuits
1192 * lately.
1193 */
1194 int
1195 directory_too_idle_to_fetch_descriptors(or_options_t *options, time_t now)
1196 {
1197 return !options->DirPort && !options->FetchUselessDescriptors &&
1198 rep_hist_circbuilding_dormant(now);
1199 }
1200
1201 /********************************************************************/
1202
1203 /* Used only by non-v1-auth dirservers: The v1 directory and
1204 * runningrouters we'll serve when requested. */
1205 static cached_dir_t *cached_directory = NULL;
1206 static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
1207
1208 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1209 * cached_dir_t. */
1210 static digestmap_t *cached_v2_networkstatus = NULL;
1211
1212 /** The v3 consensus network status that we're currently serving. */
1213 static cached_dir_t *cached_v3_networkstatus = NULL;
1214
1215 /** Possibly replace the contents of <b>d</b> with the value of
1216 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1217 * the last value, or too far in the future.
1218 *
1219 * Does not copy <b>directory</b>; frees it if it isn't used.
1220 */
1221 static void
1222 set_cached_dir(cached_dir_t *d, char *directory, time_t when)
1223 {
1224 time_t now = time(NULL);
1225 if (when<=d->published) {
1226 log_info(LD_DIRSERV, "Ignoring old directory; not caching.");
1227 tor_free(directory);
1228 } else if (when>=now+ROUTER_MAX_AGE_TO_PUBLISH) {
1229 log_info(LD_DIRSERV, "Ignoring future directory; not caching.");
1230 tor_free(directory);
1231 } else {
1232 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1233 log_debug(LD_DIRSERV, "Caching directory.");
1234 tor_free(d->dir);
1235 d->dir = directory;
1236 d->dir_len = strlen(directory);
1237 tor_free(d->dir_z);
1238 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1239 ZLIB_METHOD)) {
1240 log_warn(LD_BUG,"Error compressing cached directory");
1241 }
1242 d->published = when;
1243 }
1244 }
1245
1246 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1247 * any references. */
1248 void
1249 cached_dir_decref(cached_dir_t *d)
1250 {
1251 if (!d || --d->refcnt > 0)
1252 return;
1253 clear_cached_dir(d);
1254 tor_free(d);
1255 }
1256
1257 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1258 * published at <b>published</b>. */
1259 cached_dir_t *
1260 new_cached_dir(char *s, time_t published)
1261 {
1262 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1263 d->refcnt = 1;
1264 d->dir = s;
1265 d->dir_len = strlen(s);
1266 d->published = published;
1267 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1268 ZLIB_METHOD)) {
1269 log_warn(LD_BUG, "Error compressing directory");
1270 }
1271 return d;
1272 }
1273
1274 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1275 static void
1276 clear_cached_dir(cached_dir_t *d)
1277 {
1278 tor_free(d->dir);
1279 tor_free(d->dir_z);
1280 memset(d, 0, sizeof(cached_dir_t));
1281 }
1282
1283 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1284 static void
1285 _free_cached_dir(void *_d)
1286 {
1287 cached_dir_t *d = (cached_dir_t *)_d;
1288 cached_dir_decref(d);
1289 }
1290
1291 /** If we have no cached directory, or it is older than <b>published</b>,
1292 * then replace it with <b>directory</b>, published at <b>published</b>.
1293 *
1294 * If <b>published</b> is too old, do nothing.
1295 *
1296 * If <b>is_running_routers</b>, this is really a v1 running_routers
1297 * document rather than a v1 directory.
1298 */
1299 void
1300 dirserv_set_cached_directory(const char *directory, time_t published,
1301 int is_running_routers)
1302 {
1303 time_t now = time(NULL);
1304
1305 if (is_running_routers) {
1306 if (published >= now - MAX_V1_RR_AGE)
1307 set_cached_dir(&cached_runningrouters, tor_strdup(directory), published);
1308 } else {
1309 if (published >= now - MAX_V1_DIRECTORY_AGE) {
1310 cached_dir_decref(cached_directory);
1311 cached_directory = new_cached_dir(tor_strdup(directory), published);
1312 }
1313 }
1314 }
1315
1316 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1317 * network-status for an authoritative directory with identity digest
1318 * <b>identity</b> published at <b>published</b> -- store it so we can
1319 * serve it to others.
1320 *
1321 * If <b>networkstatus</b> is NULL, remove the entry with the given
1322 * identity fingerprint from the v2 cache.
1323 */
1324 void
1325 dirserv_set_cached_networkstatus_v2(const char *networkstatus,
1326 const char *identity,
1327 time_t published)
1328 {
1329 cached_dir_t *d, *old_d;
1330 smartlist_t *trusted_dirs;
1331 if (!cached_v2_networkstatus)
1332 cached_v2_networkstatus = digestmap_new();
1333
1334 old_d = digestmap_get(cached_v2_networkstatus, identity);
1335 if (!old_d && !networkstatus)
1336 return;
1337
1338 if (networkstatus) {
1339 if (!old_d || published > old_d->published) {
1340 d = new_cached_dir(tor_strdup(networkstatus), published);
1341 digestmap_set(cached_v2_networkstatus, identity, d);
1342 if (old_d)
1343 cached_dir_decref(old_d);
1344 }
1345 } else {
1346 if (old_d) {
1347 digestmap_remove(cached_v2_networkstatus, identity);
1348 cached_dir_decref(old_d);
1349 }
1350 }
1351
1352 /* Now purge old entries. */
1353 trusted_dirs = router_get_trusted_dir_servers();
1354 if (digestmap_size(cached_v2_networkstatus) >
1355 smartlist_len(trusted_dirs) + MAX_UNTRUSTED_NETWORKSTATUSES) {
1356 /* We need to remove the oldest untrusted networkstatus. */
1357 const char *oldest = NULL;
1358 time_t oldest_published = TIME_MAX;
1359 digestmap_iter_t *iter;
1360
1361 for (iter = digestmap_iter_init(cached_v2_networkstatus);
1362 !digestmap_iter_done(iter);
1363 iter = digestmap_iter_next(cached_v2_networkstatus, iter)) {
1364 const char *ident;
1365 void *val;
1366 digestmap_iter_get(iter, &ident, &val);
1367 d = val;
1368 if (d->published < oldest_published &&
1369 !router_digest_is_trusted_dir(ident)) {
1370 oldest = ident;
1371 oldest_published = d->published;
1372 }
1373 }
1374 tor_assert(oldest);
1375 d = digestmap_remove(cached_v2_networkstatus, oldest);
1376 if (d)
1377 cached_dir_decref(d);
1378 }
1379 }
1380
1381 /** Replace the v3 consensus networkstatus that we're serving with
1382 * <b>networkstatus</b>, published at <b>published</b>. No validation is
1383 * performed. */
1384 void
1385 dirserv_set_cached_networkstatus_v3(const char *networkstatus,
1386 time_t published)
1387 {
1388 if (cached_v3_networkstatus)
1389 cached_dir_decref(cached_v3_networkstatus);
1390 cached_v3_networkstatus = new_cached_dir(
1391 tor_strdup(networkstatus), published);
1392 }
1393
1394 /** Remove any v2 networkstatus from the directory cache that was published
1395 * before <b>cutoff</b>. */
1396 void
1397 dirserv_clear_old_networkstatuses(time_t cutoff)
1398 {
1399 digestmap_iter_t *iter;
1400
1401 if (!cached_v2_networkstatus)
1402 return;
1403
1404 for (iter = digestmap_iter_init(cached_v2_networkstatus);
1405 !digestmap_iter_done(iter); ) {
1406 const char *ident;
1407 void *val;
1408 cached_dir_t *dir;
1409 digestmap_iter_get(iter, &ident, &val);
1410 dir = val;
1411 if (dir->published < cutoff) {
1412 char *fname;
1413 iter = digestmap_iter_next_rmv(cached_v2_networkstatus, iter);
1414 fname = networkstatus_get_cache_filename(ident);
1415 if (file_status(fname) == FN_FILE) {
1416 log_info(LD_DIR, "Removing too-old untrusted networkstatus in %s",
1417 fname);
1418 unlink(fname);
1419 }
1420 tor_free(fname);
1421 cached_dir_decref(dir);
1422 } else {
1423 iter = digestmap_iter_next(cached_v2_networkstatus, iter);
1424 }
1425 }
1426 }
1427
1428 /** Remove any v1 info from the directory cache that was published
1429 * too long ago. */
1430 void
1431 dirserv_clear_old_v1_info(time_t now)
1432 {
1433 if (cached_directory &&
1434 cached_directory->published < (now - MAX_V1_DIRECTORY_AGE)) {
1435 cached_dir_decref(cached_directory);
1436 cached_directory = NULL;
1437 }
1438 if (cached_runningrouters.published < (now - MAX_V1_RR_AGE)) {
1439 clear_cached_dir(&cached_runningrouters);
1440 }
1441 }
1442
1443 /** Helper: If we're an authority for the right directory version
1444 * (based on <b>auth_type</b>), try to regenerate
1445 * auth_src as appropriate and return it, falling back to cache_src on
1446 * failure. If we're a cache, simply return cache_src.
1447 */
1448 static cached_dir_t *
1449 dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
1450 cached_dir_t *auth_src,
1451 time_t dirty, cached_dir_t *(*regenerate)(void),
1452 const char *name,
1453 authority_type_t auth_type)
1454 {
1455 or_options_t *options = get_options();
1456 int authority = (auth_type == V1_AUTHORITY && authdir_mode_v1(options)) ||
1457 (auth_type == V2_AUTHORITY && authdir_mode_v2(options));
1458 /* XXX020 eventually use authdir_mode_publishes_statuses() here */
1459
1460 if (!authority || authdir_mode_bridge(options)) {
1461 return cache_src;
1462 } else {
1463 /* We're authoritative. */
1464 if (regenerate != NULL) {
1465 if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) {
1466 if (!(auth_src = regenerate())) {
1467 log_err(LD_BUG, "Couldn't generate %s?", name);
1468 exit(1);
1469 }
1470 } else {
1471 log_info(LD_DIRSERV, "The %s is still clean; reusing.", name);
1472 }
1473 }
1474 return auth_src ? auth_src : cache_src;
1475 }
1476 }
1477
1478 /** Return the most recently generated encoded signed v1 directory,
1479 * generating a new one as necessary. If not a v1 authoritative directory
1480 * may return NULL if no directory is yet cached. */
1481 cached_dir_t *
1482 dirserv_get_directory(void)
1483 {
1484 return dirserv_pick_cached_dir_obj(cached_directory, the_directory,
1485 the_directory_is_dirty,
1486 dirserv_regenerate_directory,
1487 "server directory", V1_AUTHORITY);
1488 }
1489
1490 /** Only called by v1 auth dirservers.
1491 * Generate a fresh v1 directory; set the_directory and return a pointer
1492 * to the new value.
1493 */
1494 static cached_dir_t *
1495 dirserv_regenerate_directory(void)
1496 {
1497 char *new_directory=NULL;
1498
1499 if (dirserv_dump_directory_to_string(&new_directory, get_identity_key())) {
1500 log_warn(LD_BUG, "Error creating directory.");
1501 tor_free(new_directory);
1502 return NULL;
1503 }
1504 cached_dir_decref(the_directory);
1505 the_directory = new_cached_dir(new_directory, time(NULL));
1506 log_info(LD_DIRSERV,"New directory (size %d) has been built.",
1507 (int)the_directory->dir_len);
1508 log_debug(LD_DIRSERV,"New directory (size %d):\n%s",
1509 (int)the_directory->dir_len, the_directory->dir);
1510
1511 the_directory_is_dirty = 0;
1512
1513 /* Save the directory to disk so we re-load it quickly on startup.
1514 */
1515 dirserv_set_cached_directory(the_directory->dir, time(NULL), 0);
1516
1517 return the_directory;
1518 }
1519
1520 /** Only called by v1 auth dirservers.
1521 * Replace the current running-routers list with a newly generated one. */
1522 static cached_dir_t *
1523 generate_runningrouters(void)
1524 {
1525 char *s=NULL;
1526 char digest[DIGEST_LEN];
1527 char published[ISO_TIME_LEN+1];
1528 size_t len;
1529 crypto_pk_env_t *private_key = get_identity_key();
1530 char *identity_pkey; /* Identity key, DER64-encoded. */
1531 size_t identity_pkey_len;
1532
1533 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1534 &identity_pkey_len)<0) {
1535 log_warn(LD_BUG,"write identity_pkey to string failed!");
1536 goto err;
1537 }
1538 format_iso_time(published, time(NULL));
1539
1540 len = 2048;
1541 s = tor_malloc_zero(len);
1542 tor_snprintf(s, len,
1543 "network-status\n"
1544 "published %s\n"
1545 "router-status %s\n"
1546 "dir-signing-key\n%s"
1547 "directory-signature %s\n",
1548 published, "", identity_pkey,
1549 get_options()->Nickname);
1550 tor_free(identity_pkey);
1551 if (router_get_runningrouters_hash(s,digest)) {
1552 log_warn(LD_BUG,"couldn't compute digest");
1553 goto err;
1554 }
1555 note_crypto_pk_op(SIGN_DIR);
1556 if (router_append_dirobj_signature(s, len, digest, private_key)<0)
1557 goto err;
1558
1559 set_cached_dir(&the_runningrouters, s, time(NULL));
1560 runningrouters_is_dirty = 0;
1561
1562 return &the_runningrouters;
1563 err:
1564 tor_free(s);
1565 return NULL;
1566 }
1567
1568 /** Set *<b>rr</b> to the most recently generated encoded signed
1569 * running-routers list, generating a new one as necessary. Return the
1570 * size of the directory on success, and 0 on failure. */
1571 cached_dir_t *
1572 dirserv_get_runningrouters(void)
1573 {
1574 return dirserv_pick_cached_dir_obj(
1575 &cached_runningrouters, &the_runningrouters,
1576 runningrouters_is_dirty,
1577 generate_runningrouters,
1578 "v1 network status list", V1_AUTHORITY);
1579 }
1580
1581 cached_dir_t *
1582 dirserv_get_consensus(void)
1583 {
1584 return cached_v3_networkstatus;
1585 }
1586
1587 /** For authoritative directories: the current (v2) network status. */
1588 static cached_dir_t *the_v2_networkstatus = NULL;
1589
1590 /** Return true iff our opinion of the routers has been stale for long
1591 * enough that we should generate a new v2 network status doc. */
1592 static int
1593 should_generate_v2_networkstatus(void)
1594 {
1595 return authdir_mode_v2(get_options()) &&
1596 the_v2_networkstatus_is_dirty &&
1597 the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
1598 }
1599
1600 /** If a router's uptime is at least this value, then it is always
1601 * considered stable, regardless of the rest of the network. This
1602 * way we resist attacks where an attacker doubles the size of the
1603 * network using allegedly high-uptime nodes, displacing all the
1604 * current guards. */
1605 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1606 /** If a router's MTBF is at least this value, then it is always stable.
1607 * See above. (Corresponds to about 7 days for current decay rates.) */
1608 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1609 /** Similarly, we protect sufficiently fast nodes from being pushed
1610 * out of the set of Fast nodes. */
1611 #define BANDWIDTH_TO_GUARANTEE_FAST (100*1024)
1612 /** Similarly, every node with sufficient bandwidth can be considered
1613 * for Guard status. */
1614 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1615 /** Similarly, every node with at least this much weighted time known can be
1616 * considered familiar enough to be a guard. Corresponds to about 20 days for
1617 * current decay rates.
1618 */
1619 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1620 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1621 */
1622 #define WFU_TO_GUARANTEE_GUARD (0.995)
1623
1624 /* Thresholds for server performance: set by
1625 * dirserv_compute_performance_thresholds, and used by
1626 * generate_v2_networkstatus */
1627 static uint32_t stable_uptime = 0; /* start at a safe value */
1628 static double stable_mtbf = 0.0;
1629 static int enough_mtbf_info = 0;
1630 static double guard_wfu = 0.0;
1631 static long guard_tk = 0;
1632 static uint32_t fast_bandwidth = 0;
1633 static uint32_t guard_bandwidth_including_exits = 0;
1634 static uint32_t guard_bandwidth_excluding_exits = 0;
1635 static uint64_t total_bandwidth = 0;
1636 static uint64_t total_exit_bandwidth = 0;
1637
1638 /** Helper: estimate the uptime of a router given its stated uptime and the
1639 * amount of time since it last stated its stated uptime. */
1640 static INLINE int
1641 real_uptime(routerinfo_t *router, time_t now)
1642 {
1643 if (now < router->cache_info.published_on)
1644 return router->uptime;
1645 else
1646 return router->uptime + (now - router->cache_info.published_on);
1647 }
1648
1649 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1650 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1651 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1652 * bandwidth.
1653 */
1654 static int
1655 dirserv_thinks_router_is_unreliable(time_t now,
1656 routerinfo_t *router,
1657 int need_uptime, int need_capacity)
1658 {
1659 if (need_uptime) {
1660 if (!enough_mtbf_info) {
1661 /* XXXX Once most authorities are on v3, we should change the rule from
1662 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1663 * v3 if we don't have enough mtbf data." */
1664 int uptime = real_uptime(router, now);
1665 if ((unsigned)uptime < stable_uptime &&
1666 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1667 return 1;
1668 } else {
1669 double mtbf =
1670 rep_hist_get_stability(router->cache_info.identity_digest, now);
1671 if (mtbf < stable_mtbf)
1672 return 1;
1673 }
1674 }
1675 if (need_capacity) {
1676 uint32_t bw = router_get_advertised_bandwidth(router);
1677 if (bw < fast_bandwidth)
1678 return 1;
1679 }
1680 return 0;
1681 }
1682
1683 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1684 * Right now this means it advertises support for it, it has a high
1685 * uptime, and it's currently considered Running.
1686 *
1687 * This function needs to be called after router-\>is_running has
1688 * been set.
1689 */
1690 static int
1691 dirserv_thinks_router_is_hs_dir(routerinfo_t *router, time_t now)
1692 {
1693 int uptime = real_uptime(router, now);
1694
1695 return (router->wants_to_be_hs_dir &&
1696 uptime > get_options()->MinUptimeHidServDirectoryV2 &&
1697 router->is_running);
1698 }
1699
1700 /** Look through the routerlist, and assign the median uptime of running valid
1701 * servers to stable_uptime, and the relative bandwidth capacities to
1702 * fast_bandwidth and guard_bandwidth. Set total_bandwidth to the total
1703 * capacity of all running valid servers and total_exit_bandwidth to the
1704 * capacity of all running valid exits. Set the is_exit flag of each router
1705 * appropriately. */
1706 static void
1707 dirserv_compute_performance_thresholds(routerlist_t *rl)
1708 {
1709 int n_active, n_active_nonexit, n_familiar;
1710 uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
1711 long *tks;
1712 double *mtbfs, *wfus;
1713 time_t now = time(NULL);
1714
1715 /* DOCDOC this is a litle tricky; comment this function better. */
1716
1717 /* initialize these all here, in case there are no routers */
1718 stable_uptime = 0;
1719 stable_mtbf = 0;
1720 fast_bandwidth = 0;
1721 guard_bandwidth_including_exits = 0;
1722 guard_bandwidth_excluding_exits = 0;
1723 guard_tk = 0;
1724 guard_wfu = 0;
1725
1726 total_bandwidth = 0;
1727 total_exit_bandwidth = 0;
1728
1729 n_active = n_active_nonexit = 0;
1730 uptimes = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1731 bandwidths = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1732 bandwidths_excluding_exits =
1733 tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1734 mtbfs = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1735 tks = tor_malloc(sizeof(long)*smartlist_len(rl->routers));
1736 wfus = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1737
1738 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1739 if (router_is_active(ri, now)) {
1740 const char *id = ri->cache_info.identity_digest;
1741 uint32_t bw;
1742 ri->is_exit = exit_policy_is_general_exit(ri->exit_policy);
1743 uptimes[n_active] = real_uptime(ri, now);
1744 mtbfs[n_active] = rep_hist_get_stability(id, now);
1745 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1746 bandwidths[n_active] = bw = router_get_advertised_bandwidth(ri);
1747 total_bandwidth += bw;
1748 if (ri->is_exit && !ri->is_bad_exit) {
1749 total_exit_bandwidth += bw;
1750 } else {
1751 bandwidths_excluding_exits[n_active_nonexit] = bw;
1752 ++n_active_nonexit;
1753 }
1754 ++n_active;
1755 }
1756 });
1757
1758 if (n_active) {
1759 stable_uptime = median_uint32(uptimes, n_active);
1760 stable_mtbf = median_double(mtbfs, n_active);
1761 fast_bandwidth = find_nth_uint32(bandwidths, n_active, n_active/8);
1762 /* Now bandwidths is sorted. */
1763 if (fast_bandwidth < ROUTER_REQUIRED_MIN_BANDWIDTH)
1764 fast_bandwidth = bandwidths[n_active/4];
1765 guard_bandwidth_including_exits = bandwidths[(n_active-1)/2];
1766 guard_tk = find_nth_long(tks, n_active, n_active/8);
1767 }
1768
1769 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1770 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1771
1772 if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
1773 fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
1774
1775 n_familiar = 0;
1776 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1777 if (router_is_active(ri, now)) {
1778 const char *id = ri->cache_info.identity_digest;
1779 long tk = rep_hist_get_weighted_time_known(id, now);
1780 if (tk < guard_tk)
1781 continue;
1782 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1783 }
1784 });
1785 if (n_familiar)
1786 guard_wfu = median_double(wfus, n_familiar);
1787 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1788 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1789
1790 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1791
1792 if (n_active_nonexit) {
1793 guard_bandwidth_excluding_exits =
1794 median_uint32(bandwidths_excluding_exits, n_active_nonexit);
1795 }
1796
1797 log(LOG_INFO, LD_DIRSERV,
1798 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1799 "For Fast: %lu bytes/sec. "
1800 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1801 "and bandwidth %lu or %lu bytes/sec.",
1802 (unsigned long)stable_uptime,
1803 (unsigned long)stable_mtbf,
1804 (unsigned long)fast_bandwidth,
1805 guard_wfu*100,
1806 (unsigned long)guard_tk,
1807 (unsigned long)guard_bandwidth_including_exits,
1808 (unsigned long)guard_bandwidth_excluding_exits);
1809
1810 tor_free(uptimes);
1811 tor_free(mtbfs);
1812 tor_free(bandwidths);
1813 tor_free(bandwidths_excluding_exits);
1814 tor_free(tks);
1815 tor_free(wfus);
1816 }
1817
1818 /** Given a platform string as in a routerinfo_t (possibly null), return a
1819 * newly allocated version string for a networkstatus document, or NULL if the
1820 * platform doesn't give a Tor version. */
1821 static char *
1822 version_from_platform(const char *platform)
1823 {
1824 if (platform && !strcmpstart(platform, "Tor ")) {
1825 const char *eos = find_whitespace(platform+4);
1826 if (eos && !strcmpstart(eos, " (r")) {
1827 /* XXXX020 Unify this logic with the other version extraction
1828 * logic */
1829 eos = find_whitespace(eos+1);
1830 }
1831 if (eos) {
1832 return tor_strndup(platform, eos-platform);
1833 }
1834 }
1835 return NULL;
1836 }
1837
1838 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1839 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1840 * Use the same format as in network-status documents. If <b>version</b> is
1841 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1842 * failure. If <b>first_line_only<b> is true, don't include any flags
1843 * or version line.
1844 */
1845 int
1846 routerstatus_format_entry(char *buf, size_t buf_len,
1847 routerstatus_t *rs, const char *version,
1848 int first_line_only)
1849 {
1850 int r;
1851 struct in_addr in;
1852 char *cp;
1853
1854 char published[ISO_TIME_LEN+1];
1855 char ipaddr[INET_NTOA_BUF_LEN];
1856 char identity64[BASE64_DIGEST_LEN+1];
1857 char digest64[BASE64_DIGEST_LEN+1];
1858
1859 format_iso_time(published, rs->published_on);
1860 digest_to_base64(identity64, rs->identity_digest);
1861 digest_to_base64(digest64, rs->descriptor_digest);
1862 in.s_addr = htonl(rs->addr);
1863 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
1864
1865 r = tor_snprintf(buf, buf_len,
1866 "r %s %s %s %s %s %d %d\n",
1867 rs->nickname,
1868 identity64,
1869 digest64,
1870 published,
1871 ipaddr,
1872 (int)rs->or_port,
1873 (int)rs->dir_port);
1874 if (r<0) {
1875 log_warn(LD_BUG, "Not enough space in buffer.");
1876 return -1;
1877 }
1878 if (first_line_only)
1879 return 0;
1880 cp = buf + strlen(buf);
1881 r = tor_snprintf(cp, buf_len - (cp-buf),
1882 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
1883 /* These must stay in alphabetical order. */
1884 rs->is_authority?" Authority":"",
1885 rs->is_bad_directory?" BadDirectory":"",
1886 rs->is_bad_exit?" BadExit":"",
1887 rs->is_exit?" Exit":"",
1888 rs->is_fast?" Fast":"",
1889 rs->is_possible_guard?" Guard":"",
1890 rs->is_hs_dir?" HSDir":"",
1891 rs->is_named?" Named":"",
1892 rs->is_running?" Running":"",
1893 rs->is_stable?" Stable":"",
1894 rs->is_unnamed?" Unnamed":"",
1895 rs->is_v2_dir?" V2Dir":"",
1896 rs->is_valid?" Valid":"");
1897 if (r<0) {
1898 log_warn(LD_BUG, "Not enough space in buffer.");
1899 return -1;
1900 }
1901 cp += strlen(cp);
1902
1903 if (version) {
1904 if (tor_snprintf(cp, buf_len - (cp-buf), "opt v %s\n", version)<0) {
1905 log_warn(LD_BUG, "Unable to print router version.");
1906 return -1;
1907 }
1908 }
1909
1910 return 0;
1911 }
1912
1913 /** Helper for sorting: compares two routerinfos first by address, and then by
1914 * descending order of "usefulness". (An authority is more useful than a
1915 * non-authority; a running router is more useful than a non-running router;
1916 * and a router with more bandwidth is more useful than one with less.)
1917 **/
1918 static int
1919 _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
1920 {
1921 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
1922 int first_is_auth, second_is_auth;
1923 uint32_t bw_first, bw_second;
1924
1925 /* we return -1 if first should appear before second... that is,
1926 * if first is a better router. */
1927 if (first->addr < second->addr)
1928 return -1;
1929 else if (first->addr > second->addr)
1930 return 1;
1931
1932 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
1933 * reality, we will almost never get here, since addresses will usually be
1934 * different. */
1935
1936 first_is_auth =
1937 router_digest_is_trusted_dir(first->cache_info.identity_digest);
1938 second_is_auth =
1939 router_digest_is_trusted_dir(second->cache_info.identity_digest);
1940
1941 if (first_is_auth && !second_is_auth)
1942 return -1;
1943 else if (!first_is_auth && second_is_auth)
1944 return 1;
1945
1946 else if (first->is_running && !second->is_running)
1947 return -1;
1948 else if (!first->is_running && second->is_running)
1949 return 1;
1950
1951 bw_first = router_get_advertised_bandwidth(first);
1952 bw_second = router_get_advertised_bandwidth(second);
1953
1954 if (bw_first > bw_second)
1955 return -1;
1956 else if (bw_first < bw_second)
1957 return 1;
1958
1959 /* They're equal! Compare by identity digest, so there's a
1960 * deterministic order and we avoid flapping. */
1961 return memcmp(first->cache_info.identity_digest,
1962 second->cache_info.identity_digest,
1963 DIGEST_LEN);
1964 }
1965
1966 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
1967 * whose keys are the identity digests of those routers that we're going to
1968 * exclude for Sybil-like appearance. */
1969 static digestmap_t *
1970 get_possible_sybil_list(const smartlist_t *routers)
1971 {
1972 or_options_t *options = get_options();
1973 digestmap_t *omit_as_sybil;
1974 smartlist_t *routers_by_ip = smartlist_create();
1975 uint32_t last_addr;
1976 int addr_count;
1977 /* Allow at most this number of Tor servers on a single IP address, ... */
1978 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
1979 /* ... unless it's a directory authority, in which case allow more. */
1980 int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
1981 if (max_with_same_addr <= 0)
1982 max_with_same_addr = INT_MAX;
1983 if (max_with_same_addr_on_authority <= 0)
1984 max_with_same_addr_on_authority = INT_MAX;
1985
1986 smartlist_add_all(routers_by_ip, routers);
1987 smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
1988 omit_as_sybil = digestmap_new();
1989
1990 last_addr = 0;
1991 addr_count = 0;
1992 SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
1993 {
1994 if (last_addr != ri->addr) {
1995 last_addr = ri->addr;
1996 addr_count = 1;
1997 } else if (++addr_count > max_with_same_addr) {
1998 if (!router_addr_is_trusted_dir(ri->addr) ||
1999 addr_count > max_with_same_addr_on_authority)
2000 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2001 }
2002 });
2003
2004 smartlist_free(routers_by_ip);
2005 return omit_as_sybil;
2006 }
2007
2008 /** Extract status information from <b>ri</b> and from other authority
2009 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2010 * the named flag in <b>rs</b>. If not <b>exits_can_be_guards</b>, never mark
2011 * an exit as a guard. If <b>listbadexits</b>, consider setting the badexit
2012 * flag.
2013 *
2014 * We assume that ri-\>is_running has already been set, e.g. by
2015 * dirserv_set_router_is_running(ri, now);
2016 */
2017 void
2018 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2019 routerinfo_t *ri, time_t now,
2020 int naming, int exits_can_be_guards,
2021 int listbadexits, int listbaddirs)
2022 {
2023 int unstable_version =
2024 tor_version_as_new_as(ri->platform,"0.1.1.10-alpha") &&
2025 !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
2026 memset(rs, 0, sizeof(routerstatus_t));
2027
2028 rs->is_authority =
2029 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2030
2031 /* Already set by compute_performance_thresholds. */
2032 rs->is_exit = ri->is_exit;
2033 rs->is_stable = ri->is_stable =
2034 router_is_active(ri, now) &&
2035 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0) &&
2036 !unstable_version;
2037 rs->is_fast = ri->is_fast =
2038 router_is_active(ri, now) &&
2039 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2040 rs->is_running = ri->is_running; /* computed above */
2041
2042 if (naming) {
2043 uint32_t name_status = dirserv_get_name_status(
2044 ri->cache_info.identity_digest, ri->nickname);
2045 rs->is_named = (naming && (name_status & FP_NAMED)) ? 1 : 0;
2046 rs->is_unnamed = (naming && (name_status & FP_UNNAMED)) ? 1 : 0;
2047 }
2048 rs->is_valid = ri->is_valid;
2049
2050 if (rs->is_fast &&
2051 (!rs->is_exit || exits_can_be_guards) &&
2052 (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
2053 router_get_advertised_bandwidth(ri) >=
2054 (exits_can_be_guards ? guard_bandwidth_including_exits :
2055 guard_bandwidth_excluding_exits))) {
2056 long tk = rep_hist_get_weighted_time_known(
2057 ri->cache_info.identity_digest, now);
2058 double wfu = rep_hist_get_weighted_fractional_uptime(
2059 ri->cache_info.identity_digest, now);
2060 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2061 } else {
2062 rs->is_possible_guard = 0;
2063 }
2064 rs->is_bad_directory = listbaddirs && ri->is_bad_directory;
2065 rs->is_bad_exit = listbadexits && ri->is_bad_exit;
2066 ri->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, now);
2067 rs->is_hs_dir = ri->is_hs_dir;
2068 /* 0.1.1.9-alpha is the first version to support fetch by descriptor
2069 * hash. */
2070 rs->is_v2_dir = ri->dir_port &&
2071 tor_version_as_new_as(ri->platform,"0.1.1.9-alpha");
2072
2073 if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME))
2074 rs->is_named = rs->is_unnamed = 0;
2075
2076 rs->published_on = ri->cache_info.published_on;
2077 memcpy(rs->identity_digest, ri->cache_info.identity_digest, DIGEST_LEN);
2078 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2079 DIGEST_LEN);
2080 rs->addr = ri->addr;
2081 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2082 rs->or_port = ri->or_port;
2083 rs->dir_port = ri->dir_port;
2084 }
2085
2086 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2087 * too narrow an IP-space. Clear out its flags: we don't want people
2088 * using it.
2089 */
2090 static void
2091 clear_status_flags_on_sybil(routerstatus_t *rs)
2092 {
2093 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2094 rs->is_running = rs->is_named = rs->is_valid = rs->is_v2_dir =
2095 rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit =
2096 rs->is_bad_directory = 0;
2097 /* FFFF we might want some mechanism to check later on if we
2098 * missed zeroing any flags: it's easy to add a new flag but
2099 * forget to add it to this clause. */
2100 }
2101
2102 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2103 * function here because it's eerily similar to
2104 * clear_status_flags_on_sybil() above. One day we should merge them. */
2105 void
2106 router_clear_status_flags(routerinfo_t *router)
2107 {
2108 router->is_valid = router->is_running = router->is_hs_dir =
2109 router->is_fast = router->is_stable =
2110 router->is_possible_guard = router->is_exit =
2111 router->is_bad_exit = router->is_bad_directory = 0;
2112 }
2113
2114 /** If we've been around for less than this amount of time, our reachability
2115 * information is not accurate. */
2116 #define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60)
2117
2118 /** Return a new networkstatus_vote_t* containing our current opinion. (For v3
2119 * authorities) */
2120 networkstatus_vote_t *
2121 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
2122 authority_cert_t *cert)
2123 {
2124 or_options_t *options = get_options();
2125 networkstatus_vote_t *v3_out = NULL;
2126 uint32_t addr;
2127 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2128 const char *contact;
2129 smartlist_t *routers, *routerstatuses;
2130 char identity_digest[DIGEST_LEN];
2131 char signing_key_digest[DIGEST_LEN];
2132 int naming = options->NamingAuthoritativeDir;
2133 int listbadexits = options->AuthDirListBadExits;
2134 int listbaddirs = options->AuthDirListBadDirs;
2135 int exits_can_be_guards;
2136 routerlist_t *rl = router_get_routerlist();
2137 time_t now = time(NULL);
2138 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2139 networkstatus_voter_info_t *voter = NULL;
2140 vote_timing_t timing;
2141 digestmap_t *omit_as_sybil = NULL;
2142 int vote_on_reachability = 1;
2143
2144 tor_assert(private_key);
2145 tor_assert(cert);
2146
2147 if (now - time_of_process_start < DIRSERV_TIME_TO_GET_REACHABILITY_INFO)
2148 vote_on_reachability = 0;
2149
2150 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2151 log_warn(LD_NET, "Couldn't resolve my hostname");
2152 return NULL;
2153 }
2154 if (!strchr(hostname, '.')) {
2155 tor_free(hostname);
2156 hostname = tor_dup_addr(addr);
2157 }
2158 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2159 log_err(LD_BUG, "Error computing signing key digest");
2160 return NULL;
2161 }
2162 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2163 log_err(LD_BUG, "Error computing identity key digest");
2164 return NULL;
2165 }
2166
2167 if (options->VersioningAuthoritativeDir) {
2168 client_versions = format_versions_list(options->RecommendedClientVersions);
2169 server_versions = format_versions_list(options->RecommendedServerVersions);
2170 }
2171
2172 contact = get_options()->ContactInfo;
2173 if (!contact)
2174 contact = "(none)";
2175
2176 /* precompute this part, since we need it to decide what "stable"
2177 * means. */
2178 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2179 dirserv_set_router_is_running(ri, now);
2180 });
2181
2182 dirserv_compute_performance_thresholds(rl);
2183
2184 /* XXXX We should take steps to keep this from oscillating if
2185 * total_exit_bandwidth is close to total_bandwidth/3. */
2186 exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
2187
2188 routers = smartlist_create();
2189 smartlist_add_all(routers, rl->routers);
2190 routers_sort_by_identity(routers);
2191 omit_as_sybil = get_possible_sybil_list(routers);
2192
2193 routerstatuses = smartlist_create();
2194
2195 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2196 if (ri->cache_info.published_on >= cutoff) {
2197 routerstatus_t *rs;
2198 vote_routerstatus_t *vrs;
2199
2200 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2201 rs = &vrs->status;
2202 set_routerstatus_from_routerinfo(rs, ri, now,
2203 naming, exits_can_be_guards,
2204 listbadexits, listbaddirs);
2205
2206 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2207 clear_status_flags_on_sybil(rs);
2208
2209 if (!vote_on_reachability)
2210 rs->is_running = 0;
2211
2212 vrs->version = version_from_platform(ri->platform);
2213 smartlist_add(routerstatuses, vrs);
2214 }
2215 });
2216 smartlist_free(routers);
2217 digestmap_free(omit_as_sybil, NULL);
2218
2219 v3_out = tor_malloc_zero(sizeof(networkstatus_vote_t));
2220
2221 v3_out->is_vote = 1;
2222 dirvote_get_preferred_voting_intervals(&timing);
2223 v3_out->published = now;
2224 {
2225 char tbuf[ISO_TIME_LEN+1];
2226 networkstatus_vote_t *current_consensus =
2227 networkstatus_get_live_consensus(now);
2228 time_t last_consensus_interval; /* only used to pick a valid_after */
2229 if (current_consensus)
2230 last_consensus_interval = current_consensus->fresh_until -
2231 current_consensus->valid_after;
2232 else
2233 last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
2234 v3_out->valid_after =
2235 dirvote_get_start_of_next_interval(now, last_consensus_interval);
2236 format_iso_time(tbuf, v3_out->valid_after);
2237 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
2238 "consensus_set=%d, last_interval=%d",
2239 tbuf, current_consensus?1:0, (int)last_consensus_interval);
2240 }
2241 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
2242 v3_out->valid_until = v3_out->valid_after +
2243 (timing.vote_interval * timing.n_intervals_valid);
2244 v3_out->vote_seconds = timing.vote_delay;
2245 v3_out->dist_seconds = timing.dist_delay;
2246 tor_assert(v3_out->vote_seconds > 0);
2247 tor_assert(v3_out->dist_seconds > 0);
2248 tor_assert(timing.n_intervals_valid > 0);
2249
2250 v3_out->client_versions = client_versions;
2251 v3_out->server_versions = server_versions;
2252 v3_out->known_flags = smartlist_create();
2253 smartlist_split_string(v3_out->known_flags,
2254 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2255 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
2256 if (vote_on_reachability)
2257 smartlist_add(v3_out->known_flags, tor_strdup("Running"));
2258 if (listbaddirs)
2259 smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
2260 if (listbadexits)
2261 smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
2262 if (naming) {
2263 smartlist_add(v3_out->known_flags, tor_strdup("Named"));
2264 smartlist_add(v3_out->known_flags, tor_strdup("Unnamed"));
2265 }
2266 smartlist_sort_strings(v3_out->known_flags);
2267
2268 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2269 voter->nickname = tor_strdup(options->Nickname);
2270 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
2271 voter->address = hostname;
2272 voter->addr = addr;
2273 voter->dir_port = options->DirPort;
2274 voter->or_port = options->ORPort;
2275 voter->contact = tor_strdup(contact);
2276 memcpy(voter->signing_key_digest, signing_key_digest, DIGEST_LEN);
2277 v3_out->voters = smartlist_create();
2278 smartlist_add(v3_out->voters, voter);
2279 v3_out->cert = authority_cert_dup(cert);
2280 v3_out->routerstatus_list = routerstatuses;
2281 /* Note: networkstatus_digest is unset; it won't get set until we actually
2282 * format the vote. */
2283
2284 return v3_out;
2285 }
2286
2287 /** For v2 authoritative directories only: Replace the contents of
2288 * <b>the_v2_networkstatus</b> with a newly generated network status
2289 * object. */
2290 static cached_dir_t *
2291 generate_v2_networkstatus_opinion(void)
2292 {
2293 /** Longest status flag name that we generate. */
2294 #define LONGEST_STATUS_FLAG_NAME_LEN 9
2295 /** Maximum number of status flags we'll apply to one router. */
2296 #define N_STATUS_FLAGS 10
2297 /** Amount of space to allocate for each entry. (r line and s line.) */
2298 #define RS_ENTRY_LEN \
2299 ( /* first line */ \
2300 MAX_NICKNAME_LEN+BASE64_DIGEST_LEN*2+ISO_TIME_LEN+INET_NTOA_BUF_LEN+ \
2301 5*2 /* ports */ + 10 /* punctuation */ + \
2302 /* second line */ \
2303 (LONGEST_STATUS_FLAG_NAME_LEN+1)*N_STATUS_FLAGS + 2)
2304
2305 cached_dir_t *r = NULL;
2306 size_t len, identity_pkey_len;
2307 char *status = NULL, *client_versions = NULL, *server_versions = NULL,
2308 *identity_pkey = NULL, *hostname = NULL;
2309 char *outp, *endp;
2310 or_options_t *options = get_options();
2311 char fingerprint[FINGERPRINT_LEN+1];
2312 char ipaddr[INET_NTOA_BUF_LEN];
2313 char published[ISO_TIME_LEN+1];
2314 char digest[DIGEST_LEN];
2315 struct in_addr in;
2316 uint32_t addr;
2317 crypto_pk_env_t *private_key;
2318 routerlist_t *rl = router_get_routerlist();
2319 time_t now = time(NULL);
2320 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2321 int naming = options->NamingAuthoritativeDir;
2322 int versioning = options->VersioningAuthoritativeDir;
2323 int listbaddirs = options->AuthDirListBadDirs;
2324 int listbadexits = options->AuthDirListBadExits;
2325 int exits_can_be_guards;
2326 const char *contact;
2327 char *version_lines = NULL;
2328 smartlist_t *routers = NULL;
2329 digestmap_t *omit_as_sybil = NULL;
2330
2331 private_key = get_identity_key();
2332
2333 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2334 log_warn(LD_NET, "Couldn't resolve my hostname");
2335 goto done;
2336 }
2337 in.s_addr = htonl(addr);
2338 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
2339
2340 format_iso_time(published, now);
2341
2342 client_versions = format_versions_list(options->RecommendedClientVersions);
2343 server_versions = format_versions_list(options->RecommendedServerVersions);
2344
2345 if (crypto_pk_write_public_key_to_string(private_key, &identity_pkey,
2346 &identity_pkey_len)<0) {
2347 log_warn(LD_BUG,"Writing public key to string failed.");
2348 goto done;
2349 }
2350
2351 if (crypto_pk_get_fingerprint(private_key, fingerprint, 0)<0) {
2352 log_err(LD_BUG, "Error computing fingerprint");
2353 goto done;
2354 }
2355
2356 contact = get_options()->ContactInfo;
2357 if (!contact)
2358 contact = "(none)";
2359
2360 if (versioning) {
2361 size_t v_len = 64+strlen(client_versions)+strlen(server_versions);
2362 version_lines = tor_malloc(v_len);
2363 tor_snprintf(version_lines, v_len,
2364 "client-versions %s\nserver-versions %s\n",
2365 client_versions, server_versions);
2366 } else {
2367 version_lines = tor_strdup("");
2368 }
2369
2370 len = 4096+strlen(client_versions)+strlen(server_versions);
2371 len += identity_pkey_len*2;
2372 len += (RS_ENTRY_LEN)*smartlist_len(rl->routers);
2373
2374 status = tor_malloc(len);
2375 tor_snprintf(status, len,
2376 "network-status-version 2\n"
2377 "dir-source %s %s %d\n"
2378 "fingerprint %s\n"
2379 "contact %s\n"
2380 "published %s\n"
2381 "dir-options%s%s%s%s\n"
2382 "%s" /* client version line, server version line. */
2383 "dir-signing-key\n%s",
2384 hostname, ipaddr, (int)options->DirPort,
2385 fingerprint,
2386 contact,
2387 published,
2388 naming ? " Names" : "",
2389 listbaddirs ? " BadDirectories" : "",
2390 listbadexits ? " BadExits" : "",
2391 versioning ? " Versions" : "",
2392 version_lines,
2393 identity_pkey);
2394 outp = status + strlen(status);
2395 endp = status + len;
2396
2397 /* precompute this part, since we need it to decide what "stable"
2398 * means. */
2399 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2400 dirserv_set_router_is_running(ri, now);
2401 });
2402
2403 dirserv_compute_performance_thresholds(rl);
2404
2405 /* XXXX We should take steps to keep this from oscillating if
2406 * total_exit_bandwidth is close to total_bandwidth/3. */
2407 exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
2408
2409 routers = smartlist_create();
2410 smartlist_add_all(routers, rl->routers);
2411 routers_sort_by_identity(routers);
2412
2413 omit_as_sybil = get_possible_sybil_list(routers);
2414
2415 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2416 if (ri->cache_info.published_on >= cutoff) {
2417 routerstatus_t rs;
2418 char *version = version_from_platform(ri->platform);
2419
2420 set_routerstatus_from_routerinfo(&rs, ri, now,
2421 naming, exits_can_be_guards,
2422 listbadexits, listbaddirs);
2423
2424 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2425 clear_status_flags_on_sybil(&rs);
2426
2427 if (routerstatus_format_entry(outp, endp-outp, &rs, version, 0)) {
2428 log_warn(LD_BUG, "Unable to print router status.");
2429 tor_free(version);
2430 goto done;
2431 }
2432 tor_free(version);
2433 outp += strlen(outp);
2434 }
2435 });
2436
2437 if (tor_snprintf(outp, endp-outp, "directory-signature %s\n",
2438 get_options()->Nickname)<0) {
2439 log_warn(LD_BUG, "Unable to write signature line.");
2440 goto done;
2441 }
2442 if (router_get_networkstatus_v2_hash(status, digest)<0) {
2443 log_warn(LD_BUG, "Unable to hash network status");
2444 goto done;
2445 }
2446 outp += strlen(outp);
2447
2448 note_crypto_pk_op(SIGN_DIR);
2449 if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
2450 log_warn(LD_BUG, "Unable to sign router status.");
2451 goto done;
2452 }
2453
2454 {
2455 networkstatus_v2_t *ns;
2456 if (!(ns = networkstatus_v2_parse_from_string(status))) {
2457 log_err(LD_BUG,"Generated a networkstatus we couldn't parse.");
2458 goto done;
2459 }
2460 networkstatus_v2_free(ns);
2461 }
2462
2463 {
2464 cached_dir_t **ns_ptr = &the_v2_networkstatus;
2465 if (*ns_ptr)
2466 cached_dir_decref(*ns_ptr);
2467 *ns_ptr = new_cached_dir(status, now);
2468 status = NULL; /* So it doesn't get double-freed. */
2469 the_v2_networkstatus_is_dirty = 0;
2470 router_set_networkstatus_v2((*ns_ptr)->dir, now, NS_GENERATED, NULL);
2471 r = *ns_ptr;
2472 }
2473
2474 done:
2475 tor_free(client_versions);
2476 tor_free(server_versions);
2477 tor_free(version_lines);
2478 tor_free(status);
2479 tor_free(hostname);
2480 tor_free(identity_pkey);
2481 if (routers)
2482 smartlist_free(routers);
2483 if (omit_as_sybil)
2484 digestmap_free(omit_as_sybil, NULL);
2485 return r;
2486 }
2487
2488 /** Given the portion of a networkstatus request URL after "tor/status/" in
2489 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2490 * networkstatus objects that the client has requested. */
2491 void
2492 dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
2493 const char *key)
2494 {
2495 tor_assert(result);
2496
2497 if (!cached_v2_networkstatus)
2498 cached_v2_networkstatus = digestmap_new();
2499
2500 if (should_generate_v2_networkstatus())
2501 generate_v2_networkstatus_opinion();
2502
2503 if (!strcmp(key,"authority")) {
2504 if (authdir_mode_v2(get_options())) {
2505 routerinfo_t *me = router_get_my_routerinfo();
2506 if (me)
2507 smartlist_add(result,
2508 tor_memdup(me->cache_info.identity_digest, DIGEST_LEN));
2509 }
2510 } else if (!strcmp(key, "all")) {
2511 if (digestmap_size(cached_v2_networkstatus)) {
2512 digestmap_iter_t *iter;
2513 iter = digestmap_iter_init(cached_v2_networkstatus);
2514 while (!digestmap_iter_done(iter)) {
2515 const char *ident;
2516 void *val;
2517 digestmap_iter_get(iter, &ident, &val);
2518 smartlist_add(result, tor_memdup(ident, DIGEST_LEN));
2519 iter = digestmap_iter_next(cached_v2_networkstatus, iter);
2520 }
2521 } else {
2522 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2523 trusted_dir_server_t *, ds,
2524 if (ds->type & V2_AUTHORITY)
2525 smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
2526 }
2527 smartlist_sort_digests(result);
2528 if (smartlist_len(result) == 0)
2529 log_warn(LD_DIRSERV,
2530 "Client requested 'all' network status objects; we have none.");
2531 } else if (!strcmpstart(key, "fp/")) {
2532 dir_split_resource_into_fingerprints(key+3, result, NULL, 1, 1);
2533 }
2534 }
2535
2536 /** Look for a network status object as specified by <b>key</b>, which should
2537 * be either "authority" (to find a network status generated by us), a hex
2538 * identity digest (to find a network status generated by given directory), or
2539 * "all" (to return all the v2 network status objects we have).
2540 */
2541 void
2542 dirserv_get_networkstatus_v2(smartlist_t *result,
2543 const char *key)
2544 {
2545 cached_dir_t *cached;
2546 smartlist_t *fingerprints = smartlist_create();
2547 tor_assert(result);
2548
2549 if (!cached_v2_networkstatus)
2550 cached_v2_networkstatus = digestmap_new();
2551
2552 dirserv_get_networkstatus_v2_fingerprints(fingerprints, key);
2553 SMARTLIST_FOREACH(fingerprints, const char *, fp,
2554 {
2555 if (router_digest_is_me(fp) && should_generate_v2_networkstatus())
2556 generate_v2_networkstatus_opinion();
2557 cached = digestmap_get(cached_v2_networkstatus, fp);
2558 if (cached) {
2559 smartlist_add(result, cached);
2560 } else {
2561 char hexbuf[HEX_DIGEST_LEN+1];
2562 base16_encode(hexbuf, sizeof(hexbuf), fp, DIGEST_LEN);
2563 log_info(LD_DIRSERV, "Don't know about any network status with "
2564 "fingerprint '%s'", hexbuf);
2565 }
2566 });
2567 SMARTLIST_FOREACH(fingerprints, char *, cp, tor_free(cp));
2568 smartlist_free(fingerprints);
2569 }
2570
2571 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2572 * pointers, adds copies of digests to fps_out, and doesn't use the
2573 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2574 * requests, adds identity digests.
2575 */
2576 int
2577 dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
2578 const char **msg, int for_unencrypted_conn)
2579 {
2580 int by_id = 1;
2581 *msg = NULL;
2582
2583 if (!strcmp(key, "all")) {
2584 routerlist_t *rl = router_get_routerlist();
2585 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2586 smartlist_add(fps_out,
2587 tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
2588 } else if (!strcmp(key, "authority")) {
2589 routerinfo_t *ri = router_get_my_routerinfo();
2590 if (ri)
2591 smartlist_add(fps_out,
2592 tor_memdup(ri->cache_info.identity_digest, DIGEST_LEN));
2593 } else if (!strcmpstart(key, "d/")) {
2594 by_id = 0;
2595 key += strlen("d/");
2596 dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
2597 } else if (!strcmpstart(key, "fp/")) {
2598 key += strlen("fp/");
2599 dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
2600 } else {
2601 *msg = "Key not recognized";
2602 return -1;
2603 }
2604
2605 if (for_unencrypted_conn) {
2606 /* Remove anything whose purpose isn't general. */
2607 SMARTLIST_FOREACH(fps_out, char *, cp, {
2608 signed_descriptor_t *sd =
2609 by_id ? get_signed_descriptor_by_fp(cp,0,0) :
2610 router_get_by_descriptor_digest(cp);
2611 if (sd && !sd->send_unencrypted) {
2612 tor_free(cp);
2613 SMARTLIST_DEL_CURRENT(fps_out, cp);
2614 }
2615 });
2616 }
2617
2618 if (!smartlist_len(fps_out)) {
2619 *msg = "Servers unavailable";
2620 return -1;
2621 }
2622 return 0;
2623 }
2624
2625 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
2626 * <b>key</b>. The key should be either
2627 * - "/tor/server/authority" for our own routerinfo;
2628 * - "/tor/server/all" for all the routerinfos we have, concatenated;
2629 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
2630 * hex identity digests; or
2631 * - "/tor/server/d/D" where D is a plus-separated sequence
2632 * of server descriptor digests, in hex.
2633 *
2634 * Return 0 if we found some matching descriptors, or -1 if we do not
2635 * have any descriptors, no matching descriptors, or if we did not
2636 * recognize the key (URL).
2637 * If -1 is returned *<b>msg</b> will be set to an appropriate error
2638 * message.
2639 *
2640 * XXXX020 rename this function. IT's only called from the controller.
2641 * XXXX020 in fact, refactor this function, mergeing as much as possible.
2642 */
2643 int
2644 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
2645 const char **msg)
2646 {
2647 *msg = NULL;
2648
2649 if (!strcmp(key, "/tor/server/all")) {
2650 routerlist_t *rl = router_get_routerlist();
2651 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2652 smartlist_add(descs_out, &(r->cache_info)));
2653 } else if (!strcmp(key, "/tor/server/authority")) {
2654 routerinfo_t *ri = router_get_my_routerinfo();
2655 if (ri)
2656 smartlist_add(descs_out, &(ri->cache_info));
2657 } else if (!strcmpstart(key, "/tor/server/d/")) {
2658 smartlist_t *digests = smartlist_create();
2659 key += strlen("/tor/server/d/");
2660 dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
2661 SMARTLIST_FOREACH(digests, const char *, d,
2662 {
2663 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
2664 if (sd)
2665 smartlist_add(descs_out,sd);
2666 });
2667 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
2668 smartlist_free(digests);
2669 } else if (!strcmpstart(key, "/tor/server/fp/")) {
2670 smartlist_t *digests = smartlist_create();
2671 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
2672 key += strlen("/tor/server/fp/");
2673 dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
2674 SMARTLIST_FOREACH(digests, const char *, d,
2675 {
2676 if (router_digest_is_me(d)) {
2677 smartlist_add(descs_out, &(router_get_my_routerinfo()->cache_info));
2678 } else {
2679 routerinfo_t *ri = router_get_by_digest(d);
2680 /* Don't actually serve a descriptor that everyone will think is
2681 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
2682 * Tors from downloading descriptors that they will throw away.
2683 */
2684 if (ri && ri->cache_info.published_on > cutoff)
2685 smartlist_add(descs_out, &(ri->cache_info));
2686 }
2687 });
2688 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
2689 smartlist_free(digests);
2690 } else {
2691 *msg = "Key not recognized";
2692 return -1;
2693 }
2694
2695 if (!smartlist_len(descs_out)) {
2696 *msg = "Servers unavailable";
2697 return -1;
2698 }
2699 return 0;
2700 }
2701
2702 /** Called when a TLS handshake has completed successfully with a
2703 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
2704 * a certificate with digest <b>digest_rcvd</b>.
2705 *
2706 * Also, if as_advertised is 1, then inform the reachability checker
2707 * that we could get to this guy.
2708 */
2709 void
2710 dirserv_orconn_tls_done(const char *address,
2711 uint16_t or_port,
2712 const char *digest_rcvd,
2713 int as_advertised)
2714 {
2715 routerlist_t *rl = router_get_routerlist();
2716 time_t now = time(NULL);
2717 int bridge_auth = authdir_mode_bridge(get_options());
2718 tor_assert(address);
2719 tor_assert(digest_rcvd);
2720
2721 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2722 if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
2723 as_advertised &&
2724 !memcmp(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
2725 /* correct digest. mark this router reachable! */
2726 if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) {
2727 log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.",
2728 ri->nickname);
2729 rep_hist_note_router_reachable(digest_rcvd, now);
2730 ri->last_reachable = now;
2731 }
2732 }
2733 });
2734 /* FFFF Maybe we should reinstate the code that dumps routers with the same
2735 * addr/port but with nonmatching keys, but instead of dumping, we should
2736 * skip testing. */
2737 }
2738
2739 /** Auth dir server only: if <b>try_all</b> is 1, launch connections to
2740 * all known routers; else we want to load balance such that we only
2741 * try a few connections per call.
2742 *
2743 * The load balancing is such that if we get called once every ten
2744 * seconds, we will cycle through all the tests in 1280 seconds (a
2745 * bit over 20 minutes).
2746 */
2747 void
2748 dirserv_test_reachability(time_t now, int try_all)
2749 {
2750 /* XXX decide what to do here; see or-talk thread "purging old router
2751 * information, revocation." -NM
2752 * We can't afford to mess with this in 0.1.2.x. The reason is that
2753 * if we stop doing reachability tests on some of routerlist, then
2754 * we'll for-sure think they're down, which may have unexpected
2755 * effects in other parts of the code. It doesn't hurt much to do
2756 * the testing, and directory authorities are easy to upgrade. Let's
2757 * wait til 0.2.0. -RD */
2758 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2759 routerlist_t *rl = router_get_routerlist();
2760 static char ctr = 0;
2761 int bridge_auth = authdir_mode_bridge(get_options());
2762
2763 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, router, {
2764 const char *id_digest = router->cache_info.identity_digest;
2765 if (router_is_me(router))
2766 continue;
2767 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
2768 continue; /* bridge authorities only test reachability on bridges */
2769 // if (router->cache_info.published_on > cutoff)
2770 // continue;
2771 if (try_all || (((uint8_t)id_digest[0]) % 128) == ctr) {
2772 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
2773 router->nickname, router->address, router->or_port);
2774 /* Remember when we started trying to determine reachability */
2775 if (!router->testing_since)
2776 router->testing_since = now;
2777 connection_or_connect(router->addr, router->or_port,
2778 id_digest);
2779 }
2780 });
2781 if (!try_all) /* increment ctr */
2782 ctr = (ctr + 1) % 128;
2783 }
2784
2785 /** Given a fingerprint <b>fp</b> which is either set if we're looking
2786 * for a v2 status, or zeroes if we're looking for a v3 status, return
2787 * a pointer to the appropriate cached dir object, or NULL if there isn't
2788 * one available. */
2789 static cached_dir_t *
2790 lookup_cached_dir_by_fp(const char *fp)
2791 {
2792 cached_dir_t *d = NULL;
2793 if (tor_digest_is_zero(fp) && cached_v3_networkstatus)
2794 d = cached_v3_networkstatus;
2795 else if (router_digest_is_me(fp) && the_v2_networkstatus)
2796 d = the_v2_networkstatus;
2797 else if (cached_v2_networkstatus)
2798 d = digestmap_get(cached_v2_networkstatus, fp);
2799 return d;
2800 }
2801
2802 /** Remove from <b>fps</b> every networkstatus key where both
2803 * a) we have a networkstatus document and
2804 * b) it is not newer than <b>cutoff</b>.
2805 *
2806 * Return 1 if any items were present at all; else return 0.
2807 */
2808 int
2809 dirserv_remove_old_statuses(smartlist_t *fps, time_t cutoff)
2810 {
2811 int found_any = 0;
2812 SMARTLIST_FOREACH(fps, char *, digest,
2813 {
2814 cached_dir_t *d = lookup_cached_dir_by_fp(digest);
2815 if (!d)
2816 continue;
2817 found_any = 1;
2818 if (d->published <= cutoff) {
2819 tor_free(digest);
2820 SMARTLIST_DEL_CURRENT(fps, digest);
2821 }
2822 });
2823
2824 return found_any;
2825 }
2826
2827 /** Return the cache-info for identity fingerprint <b>fp</b>, or
2828 * its extra-info document if <b>extrainfo</b> is true. Return
2829 * NULL if not found or if the descriptor is older than
2830 * <b>publish_cutoff</b>. */
2831 static signed_descriptor_t *
2832 get_signed_descriptor_by_fp(const char *fp, int extrainfo,
2833 time_t publish_cutoff)
2834 {
2835 if (router_digest_is_me(fp)) {
2836 if (extrainfo)
2837 return &(router_get_my_extrainfo()->cache_info);
2838 else
2839 return &(router_get_my_routerinfo()->cache_info);
2840 } else {
2841 routerinfo_t *ri = router_get_by_digest(fp);
2842 if (ri &&
2843 ri->cache_info.published_on > publish_cutoff) {
2844 if (extrainfo)
2845 return extrainfo_get_by_descriptor_digest(
2846 ri->cache_info.extra_info_digest);
2847 else
2848 return &ri->cache_info;
2849 }
2850 }
2851 return NULL;
2852 }
2853
2854 /** Return true iff we have any of the docments (extrainfo or routerdesc)
2855 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
2856 * decide whether to send a 404. */
2857 int
2858 dirserv_have_any_serverdesc(smartlist_t *fps, int spool_src)
2859 {
2860 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
2861 SMARTLIST_FOREACH(fps, const char *, fp, {
2862 switch (spool_src)
2863 {
2864 case DIR_SPOOL_EXTRA_BY_DIGEST:
2865 if (extrainfo_get_by_descriptor_digest(fp)) return 1;
2866 break;
2867 case DIR_SPOOL_SERVER_BY_DIGEST:
2868 if (router_get_by_descriptor_digest(fp)) return 1;
2869 break;
2870 case DIR_SPOOL_EXTRA_BY_FP:
2871 case DIR_SPOOL_SERVER_BY_FP:
2872 if (get_signed_descriptor_by_fp(fp,
2873 spool_src == DIR_SPOOL_EXTRA_BY_FP, publish_cutoff))
2874 return 1;
2875 break;
2876 }
2877 });
2878 return 0;
2879 }
2880
2881 /** Return an approximate estimate of the number of bytes that will
2882 * be needed to transmit the server descriptors (if is_serverdescs --
2883 * they can be either d/ or fp/ queries) or networkstatus objects (if
2884 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
2885 * we guess how large the data will be after compression.
2886 *
2887 * The return value is an estimate; it might be larger or smaller.
2888 **/
2889 size_t
2890 dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
2891 int compressed)
2892 {
2893 size_t result;
2894 tor_assert(fps);
2895 if (is_serverdescs) {
2896 int n = smartlist_len(fps);
2897 routerinfo_t *me = router_get_my_routerinfo();
2898 result = (me?me->cache_info.signed_descriptor_len:2048) * n;
2899 if (compressed)
2900 result /= 2; /* observed compressability is between 35 and 55%. */
2901 } else {
2902 result = 0;
2903 SMARTLIST_FOREACH(fps, const char *, digest, {
2904 cached_dir_t *dir = lookup_cached_dir_by_fp(digest);
2905 if (dir)
2906 result += compressed ? dir->dir_z_len : dir->dir_len;
2907 });
2908 }
2909 return result;
2910 }
2911
2912 /** When we're spooling data onto our outbuf, add more whenever we dip
2913 * below this threshold. */
2914 #define DIRSERV_BUFFER_MIN 16384
2915
2916 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
2917 * Flushes any remaining data to be (un)compressed, and changes the spool
2918 * source to NONE. Returns 0 on success, negative on failure. */
2919 static int
2920 connection_dirserv_finish_spooling(dir_connection_t *conn)
2921 {
2922 if (conn->zlib_state) {
2923 connection_write_to_buf_zlib("", 0, conn, 1);
2924 tor_zlib_free(conn->zlib_state);
2925 conn->zlib_state = NULL;
2926 }
2927 conn->dir_spool_src = DIR_SPOOL_NONE;
2928 return 0;
2929 }
2930
2931 /** Spooling helper: called when we're sending a bunch of server descriptors,
2932 * and the outbuf has become too empty. Pulls some entries from
2933 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
2934 * run out of entries, flushes the zlib state and sets the spool source to
2935 * NONE. Returns 0 on success, negative on failure.
2936 */
2937 static int
2938 connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
2939 {
2940 int by_fp = (conn->dir_spool_src == DIR_SPOOL_SERVER_BY_FP ||
2941 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP);
2942 int extra = (conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP ||
2943 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_DIGEST);
2944 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
2945
2946 while (smartlist_len(conn->fingerprint_stack) &&
2947 buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
2948 const char *body;
2949 char *fp = smartlist_pop_last(conn->fingerprint_stack);
2950 signed_descriptor_t *sd = NULL;
2951 if (by_fp) {
2952 sd = get_signed_descriptor_by_fp(fp, extra, publish_cutoff);
2953 } else {
2954 sd = extra ? extrainfo_get_by_descriptor_digest(fp)
2955 : router_get_by_descriptor_digest(fp);
2956 }
2957 tor_free(fp);
2958 if (!sd)
2959 continue;
2960 if (!connection_dir_is_encrypted(conn) && !sd->send_unencrypted) {
2961 /* we did this check once before (so we could have an accurate size
2962 * estimate and maybe send a 404 if somebody asked for only bridges on a
2963 * connection), but we need to do it again in case a previously
2964 * unknown bridge descriptor has shown up between then and now. */
2965 continue;
2966 }
2967
2968 body = signed_descriptor_get_body(sd);
2969 if (conn->zlib_state) {
2970 int last = ! smartlist_len(conn->fingerprint_stack);
2971 connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
2972 last);
2973 if (last) {
2974 tor_zlib_free(conn->zlib_state);
2975 conn->zlib_state = NULL;
2976 }
2977 } else {
2978 connection_write_to_buf(body,
2979 sd->signed_descriptor_len,
2980 TO_CONN(conn));
2981 }
2982 }
2983
2984 if (!smartlist_len(conn->fingerprint_stack)) {
2985 /* We just wrote the last one; finish up. */
2986 conn->dir_spool_src = DIR_SPOOL_NONE;
2987 smartlist_free(conn->fingerprint_stack);
2988 conn->fingerprint_stack = NULL;
2989 }
2990 return 0;
2991 }
2992
2993 /** Spooling helper: Called when we're sending a directory or networkstatus,
2994 * and the outbuf has become too empty. Pulls some bytes from
2995 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
2996 * puts them on the outbuf. If we run out of entries, flushes the zlib state
2997 * and sets the spool source to NONE. Returns 0 on success, negative on
2998 * failure. */
2999 static int
3000 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t *conn)
3001 {
3002 ssize_t bytes;
3003 int64_t remaining;
3004
3005 bytes = DIRSERV_BUFFER_MIN - buf_datalen(conn->_base.outbuf);
3006 tor_assert(bytes > 0);
3007 tor_assert(conn->cached_dir);
3008 if (bytes < 8192)
3009 bytes = 8192;
3010 remaining = conn->cached_dir->dir_z_len - conn->cached_dir_offset;
3011 if (bytes > remaining)
3012 bytes = (ssize_t) remaining;
3013
3014 if (conn->zlib_state) {
3015 connection_write_to_buf_zlib(
3016 conn->cached_dir->dir_z + conn->cached_dir_offset,
3017 bytes, conn, bytes == remaining);
3018 } else {
3019 connection_write_to_buf(conn->cached_dir->dir_z + conn->cached_dir_offset,
3020 bytes, TO_CONN(conn));
3021 }
3022 conn->cached_dir_offset += bytes;
3023 if (conn->cached_dir_offset == (int)conn->cached_dir->dir_z_len) {
3024 /* We just wrote the last one; finish up. */
3025 connection_dirserv_finish_spooling(conn);
3026 cached_dir_decref(conn->cached_dir);
3027 conn->cached_dir = NULL;
3028 }
3029 return 0;
3030 }
3031
3032 /** Spooling helper: Called when we're spooling networkstatus objects on
3033 * <b>conn</b>, and the outbuf has become too empty. If the current
3034 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3035 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3036 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3037 * treated as a request for the current consensus.) If we run out of entries,
3038 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3039 * success, negative on failure. */
3040 static int
3041 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
3042 {
3043
3044 while (buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3045 if (conn->cached_dir) {
3046 int uncompressing = (conn->zlib_state != NULL);
3047 int r = connection_dirserv_add_dir_bytes_to_outbuf(conn);
3048 if (conn->dir_spool_src == DIR_SPOOL_NONE) {
3049 /* add_dir_bytes thinks we're done with the cached_dir. But we
3050 * may have more cached_dirs! */
3051 conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
3052 /* This bit is tricky. If we were uncompressing the last
3053 * networkstatus, we may need to make a new zlib object to
3054 * uncompress the next one. */
3055 if (uncompressing && ! conn->zlib_state &&
3056 conn->fingerprint_stack &&
3057 smartlist_len(conn->fingerprint_stack)) {
3058 conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
3059 }
3060 }
3061 if (r) return r;
3062 } else if (conn->fingerprint_stack &&
3063 smartlist_len(conn->fingerprint_stack)) {
3064 /* Add another networkstatus; start serving it. */
3065 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3066 cached_dir_t *d = lookup_cached_dir_by_fp(fp);
3067 tor_free(fp);
3068 if (d) {
3069 ++d->refcnt;
3070 conn->cached_dir = d;
3071 conn->cached_dir_offset = 0;
3072 }
3073 } else {
3074 connection_dirserv_finish_spooling(conn);
3075 if (conn->fingerprint_stack)
3076 smartlist_free(conn->fingerprint_stack);
3077 conn->fingerprint_stack = NULL;
3078 return 0;
3079 }
3080 }
3081 return 0;
3082 }
3083
3084 /** Called whenever we have flushed some directory data in state
3085 * SERVER_WRITING. */
3086 int
3087 connection_dirserv_flushed_some(dir_connection_t *conn)
3088 {
3089 tor_assert(conn->_base.state == DIR_CONN_STATE_SERVER_WRITING);
3090
3091 if (buf_datalen(conn->_base.outbuf) >= DIRSERV_BUFFER_MIN)
3092 return 0;
3093
3094 switch (conn->dir_spool_src) {
3095 case DIR_SPOOL_EXTRA_BY_DIGEST:
3096 case DIR_SPOOL_EXTRA_BY_FP:
3097 case DIR_SPOOL_SERVER_BY_DIGEST:
3098 case DIR_SPOOL_SERVER_BY_FP:
3099 return connection_dirserv_add_servers_to_outbuf(conn);
3100 case DIR_SPOOL_CACHED_DIR:
3101 return connection_dirserv_add_dir_bytes_to_outbuf(conn);
3102 case DIR_SPOOL_NETWORKSTATUS:
3103 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn);
3104 case DIR_SPOOL_NONE:
3105 default:
3106 return 0;
3107 }
3108 }
3109
3110 /** Release all storage used by the directory server. */
3111 void
3112 dirserv_free_all(void)
3113 {
3114 dirserv_free_fingerprint_list();
3115
3116 cached_dir_decref(the_directory);
3117 clear_cached_dir(&the_runningrouters);
3118 cached_dir_decref(the_v2_networkstatus);
3119 cached_dir_decref(cached_directory);
3120 clear_cached_dir(&cached_runningrouters);
3121 if (cached_v2_networkstatus) {
3122 digestmap_free(cached_v2_networkstatus, _free_cached_dir);
3123 cached_v2_networkstatus = NULL;
3124 }
3125 cached_dir_decref(cached_v3_networkstatus);
3126 }
3127
The Onion Router