| blob | 2f27af7f06e345ab0644354c58ae07517cc86d68 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file routerlist.c
9 * \brief Code to
10 * maintain and access the global list of routerinfos for known
11 * servers.
12 *
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
19 *
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
22 * networkstatus.
23 *
24 * Right now, routerinfo_t objects are used in these ways:
25 * <ul>
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
34 * else wants them.
35 * </ul>
36 *
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
42 *
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
48 *
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
53 *
54 * <br>
55 *
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
60 *
61 * <br>
62 *
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
66 *
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
71 *
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
77 *
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
80 *
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
87 *
88 * TODO: Authority certificates should be a separate module.
89 *
90 * TODO: dir_server_t stuff should be in a separate module.
91 **/
93 #define ROUTERLIST_PRIVATE
128 // #define DEBUG_ROUTERLIST
130 /****************************************************************************/
132 /* Typed wrappers for different digestmap types; used to avoid type
133 * confusion. */
139 #define SDMAP_FOREACH(map, keyvar, valvar) \
140 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
141 valvar)
142 #define RIMAP_FOREACH(map, keyvar, valvar) \
143 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
144 #define EIMAP_FOREACH(map, keyvar, valvar) \
145 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
146 #define DSMAP_FOREACH(map, keyvar, valvar) \
147 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
148 valvar)
149 #define eimap_free(map, fn) MAP_FREE_AND_NULL(eimap, (map), (fn))
150 #define rimap_free(map, fn) MAP_FREE_AND_NULL(rimap, (map), (fn))
151 #define dsmap_free(map, fn) MAP_FREE_AND_NULL(dsmap, (map), (fn))
152 #define sdmap_free(map, fn) MAP_FREE_AND_NULL(sdmap, (map), (fn))
154 /* Forward declaration for cert_list_t */
157 /* static function prototypes */
159 bandwidth_weight_rule_t rule,
185 /****************************************************************************/
187 /** Global list of a dir_server_t object for each directory
188 * authority. */
190 /** Global list of dir_server_t objects for all directory authorities
191 * and all fallback directory servers. */
194 /** List of certificates for a single authority, and download status for
195 * latest certificate.
196 */
198 /*
199 * The keys of download status map are cert->signing_key_digest for pending
200 * downloads by (identity digest/signing key digest) pair; functions such
201 * as authority_cert_get_by_digest() already assume these are unique.
202 */
204 /* There is also a dlstatus for the download by identity key only */
205 download_status_t dl_status_by_id;
207 };
208 /** Map from v3 identity key digest to cert_list_t. */
210 /** True iff any key certificate in at least one member of
211 * <b>trusted_dir_certs</b> has changed since we last flushed the
212 * certificates to disk. */
215 /** Global list of all of the routers that we know about. */
218 /** List of strings for nicknames we've already warned about and that are
219 * still unknown / unavailable. */
222 /** The last time we tried to download any routerdesc, or 0 for "never". We
223 * use this to rate-limit download attempts when the number of routerdescs to
224 * download is low. */
227 /** Return the number of directory authorities whose type matches some bit set
228 * in <b>type</b> */
229 int
231 {
239 }
241 /** Initialise schedule, want_authority, and increment_on in the download
242 * status dlstatus, then call download_status_reset() on it.
243 * It is safe to call this function or download_status_reset() multiple times
244 * on a new dlstatus. But it should *not* be called after a dlstatus has been
245 * used to count download attempts or failures. */
246 static void
248 {
255 /* Use the new schedule to set next_attempt_at */
257 }
259 /** Reset the download status of a specified element in a dsmap */
260 static void
262 {
268 /* Make sure we have a dsmap */
271 }
272 /* Look for a download_status_t in the map with this digest */
274 /* Got one? */
276 /* Insert before we reset */
280 }
282 /* Go ahead and reset it */
284 }
286 /**
287 * Return true if the download for this signing key digest in cl is ready
288 * to be re-attempted.
289 */
290 static int
294 {
301 /* Make sure we have a dsmap */
304 }
305 /* Look for a download_status_t in the map with this digest */
307 /* Got one? */
309 /* Use download_status_is_ready() */
312 /*
313 * If we don't know anything about it, return 1, since we haven't
314 * tried this one before. We need to create a new entry here,
315 * too.
316 */
321 }
324 }
326 /** Helper: Return the cert_list_t for an authority whose authority ID is
327 * <b>id_digest</b>, allocating a new list if necessary. */
330 {
341 }
343 }
345 /** Return a list of authority ID digests with potentially enumerable lists
346 * of download_status_t objects; used by controller GETINFO queries.
347 */
351 {
362 /*
363 * We always have at least dl_status_by_id to query, so no need to
364 * probe deeper than the existence of a cert_list_t.
365 */
370 }
371 }
372 /* else definitely no downloads going since nothing even has a cert list */
375 }
377 /** Given an authority ID digest, return a pointer to the default download
378 * status, or NULL if there is no such entry in trusted_dir_certs */
382 {
390 }
391 }
394 }
396 /** Given an authority ID digest, return a smartlist of signing key digests
397 * for which download_status_t is potentially queryable, or NULL if no such
398 * authority ID digest is known. */
402 {
418 /* Pull the digest out and add it to the list */
423 }
424 }
425 }
426 }
429 }
431 /** Given an authority ID digest and a signing key digest, return the
432 * download_status_t or NULL if none exists. */
437 {
445 }
446 }
449 }
451 #define cert_list_free(val) \
452 FREE_AND_NULL(cert_list_t, cert_list_free_, (val))
454 /** Release all space held by a cert_list_t */
455 static void
457 {
466 }
468 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
469 static void
471 {
473 }
475 /** Reload the cached v3 key certificates from the cached-certs file in
476 * the data directory. Return 0 on success, -1 on failure. */
477 int
479 {
490 contents,
494 }
496 /** Helper: return true iff we already have loaded the exact cert
497 * <b>cert</b>. */
500 {
504 {
507 DIGEST_LEN))
509 });
511 }
513 /** Load a bunch of new key certificates from the string <b>contents</b>. If
514 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
515 * from the cache, and we don't need to flush them to disk. If we are a
516 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
517 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
518 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
519 * need to flush any changed certificates to disk now. Return 0 on success,
520 * -1 if any certs fail to parse.
521 *
522 * If source_dir is non-NULL, it's the identity digest for a directory that
523 * we've just successfully retrieved certificates from, so try it first to
524 * fetch any missing certificates.
525 */
526 int
529 {
542 }
549 /* we already have this one. continue. */
555 /*
556 * A duplicate on download should be treated as a failure, so we call
557 * authority_cert_dl_failed() to reset the download status to make sure
558 * we can't try again. Since we've implemented the fp-sk mechanism
559 * to download certs by signing key, this should be much rarer than it
560 * was and is perhaps cause for concern.
561 */
565 "Got a certificate for %s, but we already have it. "
570 "Got a certificate for %s, but we already have it. "
573 }
575 /*
576 * This is where we care about the source; authority_cert_dl_failed()
577 * needs to know whether the download was by fp or (fp,sk) pair to
578 * twiddle the right bit in the download map.
579 */
586 }
587 }
591 }
608 }
609 }
614 /* Check to see whether we should update our view of the authority's
615 * address. */
627 }
629 }
633 }
638 /* call this even if failure_code is <0, since some certs might have
639 * succeeded, but only pass source_dir if there were no failures,
640 * and at least one more authority certificate was added to the store.
641 * This avoids retrying a directory that's serving bad or entirely duplicate
642 * certificates. */
647 }
650 }
652 /** Save all v3 key certificates to the cached-certs file. */
653 void
655 {
665 {
670 });
676 }
682 }
684 static int
686 {
693 else
695 }
697 /** Remove all expired v3 authority certificates that have been superseded for
698 * more than 48 hours or, if not expired, that were published more than 7 days
699 * before being superseded. (If the most recent cert was published more than 48
700 * hours ago, then we aren't going to get any consensuses signed with older
701 * keys.) */
702 static void
704 {
706 #define DEAD_CERT_LIFETIME (2*24*60*60)
707 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
712 /* Sort the list from first-published to last-published */
717 /* This is the most recently published cert. Keep it. */
719 }
723 /* All later certs are published in the future. Keep everything
724 * we didn't discard. */
726 }
729 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
730 * Remove it. */
733 /* Certificate has been superseded for OLD_CERT_LIFETIME.
734 * Remove it.
735 */
737 }
742 }
746 #undef DEAD_CERT_LIFETIME
747 #undef OLD_CERT_LIFETIME
750 }
752 /** Return the newest v3 authority certificate whose v3 authority identity key
753 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
754 * or it has no certificate. */
755 authority_cert_t *
757 {
765 {
768 });
770 }
772 /** Return the newest v3 authority certificate whose directory signing key has
773 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
774 */
775 authority_cert_t *
777 {
791 {
794 });
797 }
799 /** Return the v3 authority certificate with signing key matching
800 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
801 * Return NULL if no such authority is known. */
802 authority_cert_t *
805 {
815 }
817 /** Add every known authority_cert_t to <b>certs_out</b>. */
818 void
820 {
829 }
831 /** Called when an attempt to download a certificate with the authority with
832 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
833 * fails with HTTP response code <b>status</b>: remember the failure, so we
834 * don't try again immediately. */
835 void
838 {
848 /*
849 * Are we noting a failed download of the latest cert for the id digest,
850 * or of a download by (id, signing key) digest pair?
851 */
853 /* Just by id digest */
856 /* Reset by (id, signing key) digest pair
857 *
858 * Look for a download_status_t in the map with this digest
859 */
861 /* Got one? */
865 /*
866 * Do this rather than hex_str(), since hex_str clobbers
867 * old results and we call twice in the param list.
868 */
874 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
877 }
878 }
879 }
892 NULL,
893 };
895 /** Return true iff <b>cert</b> authenticates some atuhority signing key
896 * which, because of the old openssl heartbleed vulnerability, should
897 * never be trusted. */
898 int
900 {
909 }
910 }
912 }
914 /** Return true iff when we've been getting enough failures when trying to
915 * download the certificate with ID digest <b>id_digest</b> that we're willing
916 * to start bugging the user about it. */
917 int
919 {
920 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
929 }
931 /* Fetch the authority certificates specified in resource.
932 * If we are a bridge client, and node is a configured bridge, fetch from node
933 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
934 * rs. Otherwise, fetch from a random directory mirror. */
935 static void
940 {
943 resource);
945 /* Make sure bridge clients never connect to anything but a bridge */
948 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
951 /* If we're using bridges, and there's no node, use a 3-hop path. */
953 }
954 }
960 /* If we've just downloaded a consensus from a bridge, re-use that
961 * bridge */
963 /* clients always make OR connections to bridges */
964 tor_addr_port_t or_ap;
965 /* we are willing to use a non-preferred address if we need to */
974 /* And if we've just downloaded a consensus from a directory, re-use that
975 * directory */
978 }
981 /* We've set up a request object -- fill in the other request fields, and
982 * send the request. */
988 }
990 /* Otherwise, we want certs from a random fallback or directory
991 * mirror, because they will almost always succeed. */
994 DL_WANT_ANY_DIRSERVER);
995 }
997 /** Try to download any v3 authority certificates that we may be missing. If
998 * <b>status</b> is provided, try to get all the ones that were used to sign
999 * <b>status</b>. Additionally, try to have a non-expired certificate for
1000 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
1001 * already have.
1002 *
1003 * If dir_hint is non-NULL, it's the identity digest for a directory that
1004 * we've just successfully retrieved a consensus or certificates from, so try
1005 * it first to fetch any missing certificates.
1006 **/
1007 void
1010 {
1011 /*
1012 * The pending_id digestmap tracks pending certificate downloads by
1013 * identity digest; the pending_cert digestmap tracks pending downloads
1014 * by (identity digest, signing key digest) pairs.
1015 */
1018 /*
1019 * The missing_id_digests smartlist will hold a list of id digests
1020 * we want to fetch the newest cert for; the missing_cert_digests
1021 * smartlist will hold a list of fp_pair_t with an identity and
1022 * signing key digest.
1023 */
1041 /*
1042 * First, we get the lists of already pending downloads so we don't
1043 * duplicate effort.
1044 */
1049 /*
1050 * Now, we download any trusted authority certs we don't have by
1051 * identity digest only. This gets the latest cert for that authority.
1052 */
1063 /* It's not expired, and we weren't looking for something to
1064 * verify a consensus with. Call it done. */
1066 /* No sense trying to download it specifically by signing key hash */
1070 }
1076 "No current certificate known for authority %s "
1080 }
1083 /*
1084 * Next, if we have a consensus, scan through it and look for anything
1085 * signed with a key from a cert we don't have. Those get downloaded
1086 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1087 * (identity digest), and it's one of the trusted dir server certs
1088 * we started off above or a pending download in pending_id, don't
1089 * try to get it yet. Most likely, the one we'll get for that will
1090 * have the right signing key too, and we'd just be downloading
1091 * redundantly.
1092 */
1095 voter) {
1098 * go looking for a cert with key digest 0000000000. */
1102 * authority.*/
1104 /*
1105 * If we don't know *any* cert for this authority, and a download by ID
1106 * is pending or we added it to missing_id_digests above, skip this
1107 * one for now to avoid duplicate downloads.
1108 */
1111 /* We have no certs at all for this one */
1113 /* Do we have a download of one pending? */
1117 /*
1118 * Are we about to launch a download of one due to the trusted
1119 * dir server check above?
1120 */
1124 }
1134 }
1140 /*
1141 * Do this rather than hex_str(), since hex_str clobbers
1142 * old results and we call twice in the param list.
1143 */
1151 "We're missing a certificate from authority %s "
1152 "(ID digest %s) with signing key %s: "
1157 "We're missing a certificate from authority ID digest "
1160 }
1162 /* Allocate a new fp_pair_t to append */
1168 }
1171 }
1173 /* Bridge clients look up the node for the dir_hint */
1175 /* All clients, including bridge clients, look up the routerstatus for the
1176 * dir_hint */
1179 /* If we still need certificates, try the directory that just successfully
1180 * served us a consensus or certificates.
1181 * As soon as the directory fails to provide additional certificates, we try
1182 * another, randomly selected directory. This avoids continual retries.
1183 * (We only ever have one outstanding request per certificate.)
1184 */
1187 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1188 * or something else fetched over tor, we won't find the node here, but
1189 * we will find the rs. */
1191 }
1193 /* All clients try the consensus routerstatus, then the fallback
1194 * routerstatus */
1197 /* This will also find authorities */
1199 dir_hint);
1202 }
1203 }
1210 }
1211 }
1213 /* Do downloads by identity digest */
1232 /* No need for tor_asprintf() in this case; first one gets no '+' */
1235 }
1242 /* node and rs are directories that just gave us a consensus or
1243 * certificates */
1246 }
1247 /* else we didn't add any: they were all pending */
1251 }
1253 /* Do downloads by identity digest/signing key pair */
1266 /* Construct string encodings of the digests */
1272 /* Now tor_asprintf() */
1276 /* First one in the list doesn't get a '+' */
1279 }
1281 /* Add it to the list of pairs to request */
1287 /* node and rs are directories that just gave us a consensus or
1288 * certificates */
1291 }
1292 /* else they were all pending */
1296 }
1303 }
1305 /* Router descriptor storage.
1306 *
1307 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1308 * routerdescs arrive, we append them to a journal file named
1309 * "cached-descriptors.new".
1310 *
1311 * From time to time, we replace "cached-descriptors" with a new file
1312 * containing only the live, non-superseded descriptors, and clear
1313 * cached-routers.new.
1314 *
1315 * On startup, we read both files.
1316 */
1318 /** Helper: return 1 iff the router log is so big we want to rebuild the
1319 * store. */
1320 static int
1322 {
1326 else
1328 }
1330 /** Return the desc_store_t in <b>rl</b> that should be used to store
1331 * <b>sd</b>. */
1334 {
1337 else
1339 }
1341 /** Add the signed_descriptor_t in <b>desc</b> to the router
1342 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1343 * offset appropriately. */
1344 static int
1347 {
1356 }
1364 }
1366 /** Sorting helper: return <0, 0, or >0 depending on whether the
1367 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1368 * the signed_descriptor_t* in *<b>b</b>. */
1369 static int
1371 {
1374 }
1376 #define RRS_FORCE 1
1377 #define RRS_DONT_REMOVE_OLD 2
1379 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1380 * <b>flags</b>, then atomically replace the saved router store with the
1381 * routers currently in our routerlist, and clear the journal. Unless
1382 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1383 * rebuilding the store. Return 0 on success, -1 on failure.
1384 */
1385 static int
1387 {
1401 }
1405 }
1409 else
1413 /* Don't save deadweight. */
1424 /* We sort the routers by age to enhance locality on disk. */
1435 }
1441 }
1445 /* Now, add the appropriate members to chunk_list */
1452 }
1456 }
1467 }
1469 /* Our mmap is now invalid. */
1475 }
1476 }
1481 }
1487 /* empty store.*/
1493 "okay if we're just starting up after a long time. "
1495 }
1498 }
1499 }
1511 }
1524 done:
1531 }
1534 }
1536 /** Helper: Reload a cache file and its associated journal, setting metadata
1537 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1538 * else reload the router descriptor store. */
1539 static int
1541 {
1550 /* get rid of it first */
1557 }
1558 }
1567 else
1571 }
1575 /* don't load empty files - we wouldn't get any data, even if we tried */
1582 else
1587 }
1592 /* Always clear the journal on startup.*/
1595 /* Don't cache expired routers. (This is in an else because
1596 * router_rebuild_store() also calls remove_old_routers().) */
1598 }
1601 }
1603 /** Load all cached router descriptors and extra-info documents from the
1604 * store. Return 0 on success and -1 on failure.
1605 */
1606 int
1608 {
1615 }
1617 /** Return a smartlist containing a list of dir_server_t * for all
1618 * known trusted dirservers. Callers must not modify the list or its
1619 * contents.
1620 */
1623 {
1628 }
1632 {
1637 }
1639 /** Try to find a running dirserver that supports operations of <b>type</b>.
1640 *
1641 * If there are no running dirservers in our routerlist and the
1642 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1643 * (including authorities) as running again, and pick one.
1644 *
1645 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1646 * dirservers that we can't reach.
1647 *
1648 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1649 * (if we're a dirserver).
1650 *
1651 * Don't pick a fallback directory mirror if any non-fallback is viable;
1652 * (the fallback directory mirrors include the authorities)
1653 * try to avoid using servers that have returned 503 recently.
1654 */
1657 {
1669 /* If the reason that we got no server is that servers are "busy",
1670 * we must be excluding good servers because we already have serverdesc
1671 * fetches with them. Do not mark down servers up because of this. */
1673 PDS_NO_EXISTING_MICRODESC_FETCH)));
1675 }
1678 "No reachable router entries for dirservers. "
1680 /* mark all fallback directory mirrors as up again */
1682 /* try again */
1685 }
1687 /** Return the dir_server_t for the directory authority whose identity
1688 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1689 */
1690 dir_server_t *
1692 {
1697 {
1700 });
1703 }
1705 /** Return the dir_server_t for the fallback dirserver whose identity
1706 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1707 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1708 * and UseDefaultFallbackDirs torrc options.)
1709 * The list of fallback directories includes the list of authorities.
1710 */
1711 dir_server_t *
1713 {
1721 {
1724 });
1727 }
1729 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1730 * or 0 if no such fallback is in the list of fallback_dir_servers.
1731 * (fallback_dir_servers is affected by the FallbackDir and
1732 * UseDefaultFallbackDirs torrc options.)
1733 * The list of fallback directories includes the list of authorities.
1734 */
1735 int
1737 {
1739 }
1741 /** Return the dir_server_t for the directory authority whose
1742 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1743 * is known.
1744 */
1747 {
1752 {
1756 });
1759 }
1761 /** Try to find a running directory authority. Flags are as for
1762 * router_pick_directory_server.
1763 */
1766 {
1768 }
1770 /** Try to find a running fallback directory. Flags are as for
1771 * router_pick_directory_server.
1772 */
1775 {
1777 }
1779 /** Try to find a running fallback directory. Flags are as for
1780 * router_pick_directory_server.
1781 */
1785 {
1793 /* If the reason that we got no server is that servers are "busy",
1794 * we must be excluding good servers because we already have serverdesc
1795 * fetches with them. Do not mark down servers up because of this. */
1797 PDS_NO_EXISTING_MICRODESC_FETCH)));
1799 }
1805 }
1807 /* Check if we already have a directory fetch from ap, for serverdesc
1808 * (including extrainfo) or microdesc documents.
1809 * If so, return 1, if not, return 0.
1810 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1811 */
1812 STATIC int
1815 {
1818 }
1820 /* XX/teor - we're not checking tunnel connections here, see #17848
1821 */
1828 }
1834 }
1837 }
1839 /* Check if we already have a directory fetch from the ipv4 or ipv6
1840 * router, for serverdesc (including extrainfo) or microdesc documents.
1841 * If so, return 1, if not, return 0.
1842 */
1843 static int
1849 {
1852 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1860 }
1862 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1863 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1864 #endif
1866 /* Log a message if rs is not found or not a preferred address */
1867 static void
1869 {
1874 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1875 /* Don't log early in the bootstrap process, it's normal to pick from a
1876 * small pool of nodes. Of course, this won't help if we're trying to
1877 * diagnose bootstrap issues. */
1881 }
1884 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1885 * Sometimes this is normal, sometimes it can be a reachability issue. */
1887 /* This happens a lot, so it's at debug level */
1889 "we couldn't find a directory that fit our criteria. "
1893 ) {
1894 /* This is rare, and might be interesting to users trying to diagnose
1895 * connection issues on dual-stack machines. */
1897 "addresses for launching an outgoing connection: "
1903 }
1904 }
1906 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1908 /** How long do we avoid using a directory server after it's given us a 503? */
1909 #define DIR_503_TIMEOUT (60*60)
1911 /* Common retry code for router_pick_directory_server_impl and
1912 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1913 * Must be called before RETRY_WITHOUT_EXCLUDE().
1914 *
1915 * If we got no result, and we are applying IP preferences, and we are a
1916 * client that could use an alternate IP version, try again with the
1917 * opposite preferences. */
1918 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1919 STMT_BEGIN \
1920 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1921 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1922 && !n_busy) { \
1923 n_excluded = 0; \
1924 n_busy = 0; \
1925 try_ip_pref = 0; \
1926 goto retry_label; \
1927 } \
1928 STMT_END \
1930 /* Common retry code for router_pick_directory_server_impl and
1931 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1932 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1933 *
1934 * If we got no result, and we are excluding nodes, and StrictNodes is
1935 * not set, try again without excluding nodes. */
1936 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1937 STMT_BEGIN \
1938 if (result == NULL && try_excluding && !options->StrictNodes \
1939 && n_excluded && !n_busy) { \
1940 try_excluding = 0; \
1941 n_excluded = 0; \
1942 n_busy = 0; \
1943 try_ip_pref = 1; \
1944 goto retry_label; \
1945 } \
1946 STMT_END
1948 /* Common code used in the loop within router_pick_directory_server_impl and
1949 * router_pick_trusteddirserver_impl.
1950 *
1951 * Check if the given <b>identity</b> supports extrainfo. If not, skip further
1952 * checks.
1953 */
1954 #define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \
1955 STMT_BEGIN \
1956 int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \
1957 (identity), EXTRAINFO_DIRINFO); \
1958 if (((type) & EXTRAINFO_DIRINFO) && \
1959 !router_supports_extrainfo((identity), is_trusted_extrainfo)) \
1960 continue; \
1961 STMT_END
1963 /* When iterating through the routerlist, can OR address/port preference
1964 * and reachability checks be skipped?
1965 */
1966 int
1968 {
1969 /* Servers always have and prefer IPv4.
1970 * And if clients are checking against the firewall for reachability only,
1971 * but there's no firewall, don't bother checking */
1973 }
1975 /* When iterating through the routerlist, can Dir address/port preference
1976 * and reachability checks be skipped?
1977 */
1978 static int
1980 {
1981 /* Servers always have and prefer IPv4.
1982 * And if clients are checking against the firewall for reachability only,
1983 * but there's no firewall, don't bother checking */
1985 }
1987 /** Pick a random running valid directory server/mirror from our
1988 * routerlist. Arguments are as for router_pick_directory_server(), except:
1989 *
1990 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1991 * directories that we excluded for no other reason than
1992 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1993 */
1997 {
2015 retry_search:
2028 /* Find all the running dirservers we know about. */
2046 country)) {
2049 }
2054 no_serverdesc_fetching,
2055 no_microdesc_fetching)) {
2058 }
2063 /* Clients use IPv6 addresses if the server has one and the client
2064 * prefers IPv6.
2065 * Add the router if its preferred address and port are reachable.
2066 * If we don't get any routers, we'll try again with the non-preferred
2067 * address for each router (if any). (To ensure correct load-balancing
2068 * we try routers that only have one address both times.)
2069 */
2072 try_ip_pref))
2077 try_ip_pref)))
2086 WEIGHT_FOR_DIR);
2088 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2089 * yet. Maybe one day we should. */
2090 /* FFFF We also don't load balance over authorities yet. I think this
2091 * is a feature, but it could easily be a bug. -RD */
2097 WEIGHT_FOR_DIR);
2100 }
2118 }
2120 /** Pick a random element from a list of dir_server_t, weighting by their
2121 * <b>weight</b> field. */
2124 {
2138 }
2145 }
2147 /** Choose randomly from among the dir_server_ts in sourcelist that
2148 * are up. Flags are as for router_pick_directory_server_impl().
2149 */
2154 {
2175 retry_search:
2187 {
2203 }
2208 no_serverdesc_fetching,
2209 no_microdesc_fetching)) {
2212 }
2214 /* Clients use IPv6 addresses if the server has one and the client
2215 * prefers IPv6.
2216 * Add the router if its preferred address and port are reachable.
2217 * If we don't get any routers, we'll try again with the non-preferred
2218 * address for each router (if any). (To ensure correct load-balancing
2219 * we try routers that only have one address both times.)
2220 */
2223 try_ip_pref))
2227 try_ip_pref)))
2229 }
2240 }
2242 {
2248 }
2264 }
2266 /** Mark as running every dir_server_t in <b>server_list</b>. */
2267 static void
2269 {
2282 }
2284 }
2286 }
2288 /** Return true iff r1 and r2 have the same address and OR port. */
2289 int
2291 {
2295 }
2297 /** Reset all internal variables used to count failed downloads of network
2298 * status objects. */
2299 void
2301 {
2303 }
2305 /** Given a <b>router</b>, add every node_t in its family (including the
2306 * node itself!) to <b>sl</b>.
2307 *
2308 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2309 * to the smartlist!
2310 */
2311 static void
2313 {
2314 /* XXXX MOVE ? */
2315 node_t fake_node;
2322 }
2324 }
2326 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2327 * we can pick a node for a circuit.
2328 */
2329 void
2334 {
2336 pref_addr);
2337 /* XXXX MOVE */
2347 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2350 /* Don't choose nodes if we are certain they can't do ntor. */
2353 /* Choose a node with an OR address that matches the firewall rules */
2356 FIREWALL_OR_CONNECTION,
2357 pref_addr))
2362 }
2364 /** Look through the routerlist until we find a router that has my key.
2365 Return it. */
2368 {
2373 {
2376 });
2378 }
2380 /** Return the smaller of the router's configured BandwidthRate
2381 * and its advertised capacity. */
2382 uint32_t
2384 {
2388 }
2390 /** Do not weight any declared bandwidth more than this much when picking
2391 * routers by bandwidth. */
2394 /** Return the smaller of the router's configured BandwidthRate
2395 * and its advertised capacity, capped by max-believe-bw. */
2396 uint32_t
2398 {
2405 }
2407 /** Given an array of double/uint64_t unions that are currently being used as
2408 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2409 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2410 * the sum of all elements in the array _before_ scaling. */
2411 STATIC void
2415 {
2426 }
2433 }
2435 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2436 * choosing each element with a probability proportional to its (uint64_t)
2437 * value, and return the index of that element. If all elements are 0, choose
2438 * an index at random. Return -1 on error.
2439 */
2440 STATIC int
2442 {
2462 }
2464 /** When weighting bridges, enforce these values as lower and upper
2465 * bound for believable bandwidth, because there is no way for us
2466 * to verify a bridge's bandwidth currently. */
2470 /** Return the smaller of the router's configured BandwidthRate
2471 * and its advertised capacity, making sure to stay within the
2472 * interval between bridge-min-believe-bw and
2473 * bridge-max-believe-bw. */
2474 static uint32_t
2476 {
2485 }
2487 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2488 * INT32_MAX. */
2491 {
2493 }
2495 /** Helper function:
2496 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2497 * the advertised bandwidth of each element using the consensus
2498 * bandwidth weights.
2499 *
2500 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2501 * nodes' bandwidth equally regardless of their Exit status, since there may
2502 * be some in the list because they exit to obscure ports. If
2503 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2504 * exit-node's bandwidth less depending on the smallness of the fraction of
2505 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2506 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2507 * guards proportionally less.
2508 */
2511 bandwidth_weight_rule_t rule)
2512 {
2523 {
2529 }
2530 }
2532 /** Given a list of routers and a weighting rule as in
2533 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2534 * values for each node and store them in a freshly allocated
2535 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2536 * as doubles. If <b>total_bandwidth_out</b> is non-NULL, set it to the total
2537 * of all the bandwidths.
2538 * Return 0 on success, -1 on failure. */
2539 static int
2541 bandwidth_weight_rule_t rule,
2544 {
2548 guardfraction_bandwidth_t guardfraction_bw;
2555 /* Can't choose exit and guard at same time */
2566 }
2570 "Empty routerlist passed in to consensus weight node "
2574 }
2599 // Guards CAN be exits if they have weird exit policies
2600 // They are d then I guess...
2620 }
2625 "Got negative bandwidth weights. Defaulting to naive selection"
2629 }
2643 // Cycle through smartlist and total the bandwidth.
2655 /* This should never happen, unless all the authorities downgrade
2656 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2659 "Consensus is missing some bandwidths. Using a naive "
2662 }
2666 }
2668 /* bridge or other descriptor not in our consensus */
2671 /* We can't use this one. */
2673 }
2685 }
2686 /* These should be impossible; but overflows here would be bad, so let's
2687 * make sure. */
2695 /* If guardfraction information is available in the consensus, we
2696 * want to calculate this router's bandwidth according to its
2697 * guardfraction. Quoting from proposal236:
2698 *
2699 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2700 * client would apply to N for position p if it had the guard
2701 * flag, Wpn the weight if it did not have the guard flag, and B the
2702 * measured bandwidth of N in the consensus. Then instead of choosing
2703 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2704 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2705 */
2707 /* XXX The assert should actually check for is_guard. However,
2708 * that crashes dirauths because of #13297. This should be
2709 * equivalent: */
2713 this_bw,
2716 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2717 final_weight =
2726 }
2733 "on weights "
2742 }
2745 }
2747 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2748 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2749 * descriptors. */
2750 double
2752 bandwidth_weight_rule_t rule)
2753 {
2765 n_with_descs++;
2766 });
2769 }
2780 }
2782 /** Choose a random element of status list <b>sl</b>, weighted by
2783 * the advertised bandwidth of each node */
2786 bandwidth_weight_rule_t rule)
2789 }
2791 /** Return a random running node from the nodelist. Never
2792 * pick a node that is in
2793 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2794 * even if they are the only nodes available.
2795 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2796 * a minimum uptime, return one of those.
2797 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2798 * advertised capacity of each router.
2799 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2800 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2801 * picking an exit node, otherwise we weight bandwidths for picking a relay
2802 * node (that is, possibly discounting exit nodes).
2803 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2804 * have a routerinfo or microdescriptor -- that is, enough info to be
2805 * used to build a circuit.
2806 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2807 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2808 * (regardless of this flag, we exclude nodes that aren't allowed by the
2809 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2810 */
2814 router_crn_flags_t flags)
2829 bandwidth_weight_rule_t rule;
2837 /* Exclude relays that allow single hop exit circuits. This is an
2838 * obsolete option since 0.2.9.2-alpha and done by default in
2839 * 0.3.1.0-alpha. */
2843 /* Exclude relays that do not support to rendezvous for a hidden service
2844 * version 3. */
2846 }
2849 /* If the node_t is not found we won't be to exclude ourself but we
2850 * won't be able to pick ourself in router_choose_random_node() so
2851 * this is fine to at least try with our routerinfo_t object. */
2857 direct_conn);
2874 }
2880 }
2882 // Always weight by bandwidth
2887 /* try once more -- recurse but with fewer restrictions. */
2889 "We couldn't find any live%s%s%s routers; falling back "
2895 CRN_PREF_ADDR);
2898 }
2903 }
2905 }
2907 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2908 * Return 0 on success, -1 on failure. Store the result into the
2909 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2910 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2911 * at <b>nickname_out</b>.
2912 *
2913 * The recognized format is:
2914 * HexName = Dollar? HexDigest NamePart?
2915 * Dollar = '?'
2916 * HexDigest = HexChar*20
2917 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2918 * NamePart = QualChar Name
2919 * QualChar = '=' | '~'
2920 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2921 * NameChar = Any ASCII alphanumeric character
2922 */
2923 int
2928 {
2944 ;
2947 }
2953 }
2955 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2956 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2957 * (which is optionally prefixed with a single dollar sign). Return false if
2958 * <b>hexdigest</b> is malformed, or it doesn't match. */
2959 int
2962 {
2972 }
2979 }
2982 }
2984 /** Return true iff <b>digest</b> is the digest of the identity key of a
2985 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2986 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2987 int
2989 {
2997 });
2999 }
3001 /** If hexdigest is correctly formed, base16_decode it into
3002 * digest, which must have DIGEST_LEN space in it.
3003 * Return 0 on success, -1 on failure.
3004 */
3005 int
3007 {
3014 }
3016 /** As router_get_by_id_digest,but return a pointer that you're allowed to
3017 * modify */
3018 routerinfo_t *
3020 {
3025 // routerlist_assert_ok(routerlist);
3028 }
3030 /** Return the router in our routerlist whose 20-byte key digest
3031 * is <b>digest</b>. Return NULL if no such router is known. */
3034 {
3036 }
3038 /** Return the router in our routerlist whose 20-byte descriptor
3039 * is <b>digest</b>. Return NULL if no such router is known. */
3040 signed_descriptor_t *
3042 {
3048 }
3050 /** Return the signed descriptor for the router in our routerlist whose
3051 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3052 * is known. */
3055 {
3061 }
3063 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3064 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3065 * document is known. */
3068 {
3074 }
3076 /** Return a pointer to the signed textual representation of a descriptor.
3077 * The returned string is not guaranteed to be NUL-terminated: the string's
3078 * length will be in desc-\>signed_descriptor_len.
3079 *
3080 * If <b>with_annotations</b> is set, the returned string will include
3081 * the annotations
3082 * (if any) preceding the descriptor. This will increase the length of the
3083 * string by desc-\>annotations_len.
3084 *
3085 * The caller must not free the string returned.
3086 */
3090 {
3096 else
3107 "mmaped in our cache. Is another process running in our data "
3110 }
3111 }
3124 }
3125 }
3128 }
3130 /** Return a pointer to the signed textual representation of a descriptor.
3131 * The returned string is not guaranteed to be NUL-terminated: the string's
3132 * length will be in desc-\>signed_descriptor_len.
3133 *
3134 * The caller must not free the string returned.
3135 */
3138 {
3140 }
3142 /** As signed_descriptor_get_body(), but points to the beginning of the
3143 * annotations section rather than the beginning of the descriptor. */
3146 {
3148 }
3150 /** Return the current list of all known routers. */
3151 routerlist_t *
3153 {
3171 }
3173 }
3175 /** Free all storage held by <b>router</b>. */
3176 void
3178 {
3196 }
3203 }
3205 /** Release all storage held by <b>extrainfo</b> */
3206 void
3208 {
3217 }
3219 #define signed_descriptor_free(val) \
3220 FREE_AND_NULL(signed_descriptor_t, signed_descriptor_free_, (val))
3222 /** Release storage held by <b>sd</b>. */
3223 static void
3225 {
3234 }
3236 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3237 * memory inside the object and by zeroing its content. */
3238 static void
3240 {
3245 }
3247 /** Copy src into dest, and steal all references inside src so that when
3248 * we free src, we don't mess up dest. */
3249 static void
3252 {
3254 /* Cleanup destination object before overwriting it.*/
3260 }
3262 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3263 * routerinfo.
3264 */
3267 {
3274 }
3276 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3277 static void
3279 {
3281 }
3283 /** Free all storage held by a routerlist <b>rl</b>. */
3284 void
3286 {
3303 }
3304 }
3309 }
3310 }
3314 }
3316 /** Log information about how much memory is being used for routerlist,
3317 * at log level <b>severity</b>. */
3318 void
3320 {
3335 }
3337 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3338 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3339 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3340 * is not in <b>sl</b>. */
3343 {
3350 });
3354 };
3356 }
3358 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3359 * as needed. There must be no previous member of <b>rl</b> with the same
3360 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3361 * instead.
3362 */
3363 static void
3365 {
3368 {
3371 }
3387 }
3391 }
3400 #ifdef DEBUG_ROUTERLIST
3402 #endif
3403 }
3405 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3406 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3407 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3410 {
3411 was_router_added_t r;
3420 {
3423 }
3426 /* This router is unknown; we can't even verify the signature. Give up.*/
3429 }
3431 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3438 }
3442 /* The sd we got from the map doesn't match the digest we used to look
3443 * it up. This makes no sense. */
3448 }
3459 "router info incompatible with extra info (ri id: %s, ei id %s, "
3463 }
3465 /* Okay, if we make it here, we definitely have a router corresponding to
3466 * this extrainfo. */
3470 ei);
3476 }
3478 done:
3482 #ifdef DEBUG_ROUTERLIST
3484 #endif
3486 }
3488 #define should_cache_old_descriptors() \
3489 directory_caches_dir_info(get_options())
3491 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3492 * a copy of router <b>ri</b> yet, add it to the list of old (not
3493 * recommended but still served) descriptors. Else free it. */
3494 static void
3496 {
3497 {
3500 }
3515 }
3516 #ifdef DEBUG_ROUTERLIST
3518 #endif
3519 }
3521 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3522 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl->routers,
3523 * idx) == ri, we don't need to do a linear search over the list to decide
3524 * which to remove. We fill the gap in rl->routers with a later element in
3525 * the list, if any exists. <b>ri</b> is freed.
3526 *
3527 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3528 * it to rl->old_routers. */
3529 void
3531 {
3540 /* make sure the rephist module knows that it's not running */
3548 }
3575 }
3579 }
3580 #ifdef DEBUG_ROUTERLIST
3582 #endif
3583 }
3585 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3586 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3587 * <b>sd</b>. */
3588 static void
3590 {
3596 }
3598 /* XXXX edmanm's bridge relay triggered the following assert while
3599 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3600 * can get a backtrace. */
3609 }
3623 }
3628 #ifdef DEBUG_ROUTERLIST
3630 #endif
3631 }
3633 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3634 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3635 * smartlist_get(rl->routers, idx) == ri, we don't need to do a linear
3636 * search over the list to decide which to remove. We put ri_new in the same
3637 * index as ri_old, if possible. ri is freed as appropriate.
3638 *
3639 * If should_cache_descriptors() is true, instead of deleting the router,
3640 * we add it to rl->old_routers. */
3641 static void
3644 {
3650 {
3653 }
3661 {
3665 }
3672 /* Check that ri_old is not in rl->routers anymore: */
3678 }
3681 /* digests don't match; digestmap_set won't replace */
3683 }
3694 }
3698 DIGEST_LEN);
3703 /* ri_old is going to become a signed_descriptor_t and go into
3704 * old_routers */
3712 /* We're dropping ri_old. */
3714 /* digests don't match; The sdmap_set above didn't replace */
3726 }
3727 }
3732 }
3733 }
3736 }
3737 #ifdef DEBUG_ROUTERLIST
3739 #endif
3740 }
3742 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3743 * it as a fresh routerinfo_t. */
3746 {
3762 }
3764 /** Free all memory held by the routerlist module.
3765 * Note: Calling routerlist_free_all() should always be paired with
3766 * a call to nodelist_free_all(). These should only be called during
3767 * cleanup.
3768 */
3769 void
3771 {
3778 }
3786 }
3787 }
3789 /** Forget that we have issued any router-related warnings, so that we'll
3790 * warn again if we see the same errors. */
3791 void
3793 {
3800 }
3802 /** Return 1 if the signed descriptor of this router is older than
3803 * <b>seconds</b> seconds. Otherwise return 0. */
3806 {
3808 }
3810 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3811 * older entries (if any) with the same key. Note: Callers should not hold
3812 * their pointers to <b>router</b> if this function fails; <b>router</b>
3813 * will either be inserted into the routerlist or freed. Similarly, even
3814 * if this call succeeds, they should not hold their pointers to
3815 * <b>router</b> after subsequent calls with other routerinfo's -- they
3816 * might cause the original routerinfo to get freed.
3817 *
3818 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3819 * the poster of the router to know something.
3820 *
3821 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3822 * <b>from_fetch</b>, we received it in response to a request we made.
3823 * (If both are false, that means it was uploaded to us as an auth dir
3824 * server or via the controller.)
3825 *
3826 * This function should be called *after*
3827 * routers_update_status_from_consensus_networkstatus; subsequently, you
3828 * should call router_rebuild_store and routerlist_descriptors_added.
3829 */
3830 was_router_added_t
3833 {
3852 /* Make sure that it isn't expired. */
3857 }
3859 /* Make sure that we haven't already got this exact descriptor. */
3862 /* If we have this descriptor already and the new descriptor is a bridge
3863 * descriptor, replace it. If we had a bridge descriptor before and the
3864 * new one is not a bridge descriptor, don't replace it. */
3866 /* Only members of routerlist->identity_map can be bridges; we don't
3867 * put bridges in old_routers. */
3884 }
3885 }
3894 }
3896 /* Only check the descriptor digest against the network statuses when
3897 * we are receiving in response to a fetch. */
3901 /* We asked for it, so some networkstatus must have listed it when we
3902 * did. Save it if we're a cache in case somebody else asks for it. */
3908 /* Only journal this desc if we want to keep old descriptors */
3914 }
3915 }
3917 /* We no longer need a router with this descriptor digest. */
3923 DIGEST_LEN)) {
3925 }
3926 }
3930 /* If it's a general router not listed in the consensus, then don't
3931 * consider replacing the latest router with it. */
3938 }
3940 /* If we're reading a bridge descriptor from our cache, and we don't
3941 * recognize it as one of our currently configured bridges, drop the
3942 * descriptor. Otherwise we could end up using it as one of our entry
3943 * guards even if it isn't in our Bridge config lines. */
3953 }
3955 /* If we have a router with the same identity key, choose the newer one. */
3959 /* Same key, but old. This one is not listed in the consensus. */
3962 /* Only journal this desc if we'll be serving it. */
3970 /* Same key, and either new, or listed in the consensus. */
3977 }
3982 }
3983 }
3990 }
3992 /* We haven't seen a router with this identity before. Add it to the end of
3993 * the list. */
3998 }
4000 }
4002 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
4003 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
4004 * we actually inserted it, ROUTER_BAD_EI otherwise.
4005 */
4006 was_router_added_t
4009 {
4010 was_router_added_t inserted;
4013 /*XXXX Do something with msg */
4022 }
4024 /** Sorting helper: return <0, 0, or >0 depending on whether the
4025 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4026 * to, or later than that of *<b>b</b>. */
4027 static int
4029 {
4035 }
4037 /** Internal type used to represent how long an old descriptor was valid,
4038 * where it appeared in the list of old descriptors, and whether it's extra
4039 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4044 };
4046 /** Sorting helper: compare two duration_idx_t by their duration. */
4047 static int
4049 {
4053 }
4055 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4056 * must contain routerinfo_t with the same identity and with publication time
4057 * in ascending order. Remove members from this range until there are no more
4058 * than max_descriptors_per_router() remaining. Start by removing the oldest
4059 * members from before <b>cutoff</b>, then remove members which were current
4060 * for the lowest amount of time. The order of members of old_routers at
4061 * indices <b>lo</b> or higher may be changed.
4062 */
4063 static void
4067 {
4073 #if 1
4081 }
4083 /* Check whether we need to do anything at all. */
4084 {
4089 }
4094 /* Set lifespans to contain the lifespan and index of each server. */
4095 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4103 }
4111 }
4116 }
4117 }
4120 /**
4121 * We aren't removing enough servers for being old. Sort lifespans by
4122 * the duration of liveness, and remove the ones we're not already going to
4123 * remove based on how long they were alive.
4124 **/
4130 }
4131 }
4132 }
4142 }
4144 /** Deactivate any routers from the routerlist that are more than
4145 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4146 * remove old routers from the list of cached routers if we have too many.
4147 */
4148 void
4150 {
4165 // routerlist_assert_ok(routerlist);
4167 /* We need to guess how many router descriptors we will wind up wanting to
4168 retain, so that we can be sure to allocate a large enough Bloom filter
4169 to hold the digest set. Overestimating is fine; underestimating is bad.
4170 */
4171 {
4172 /* We'll probably retain everything in the consensus. */
4175 }
4178 /* Retain anything listed in the consensus. */
4183 }
4185 /* If we have a consensus, we should consider pruning current routers that
4186 * are too old and that nobody recommends. (If we don't have a consensus,
4187 * then we should get one before we decide to kill routers.) */
4191 /* Remove too-old unrecommended members of routerlist->routers. */
4198 /* Too old: remove it. (If we're a cache, just move it into
4199 * old_routers.) */
4204 i--;
4205 }
4206 }
4207 }
4209 //routerlist_assert_ok(routerlist);
4211 /* Remove far-too-old members of routerlist->old_routers. */
4218 /* Too old. Remove it. */
4220 }
4221 }
4223 //routerlist_assert_ok(routerlist);
4229 /* Now we might have to look at routerlist->old_routers for extraneous
4230 * members. (We'd keep all the members if we could, but we need to save
4231 * space.) First, check whether we have too many router descriptors, total.
4232 * We're okay with having too many for some given router, so long as the
4233 * total number doesn't approach max_descriptors_per_router()*len(router).
4234 */
4239 /* Sort by identity, then fix indices. */
4241 /* Fix indices. */
4245 }
4247 /* Iterate through the list from back to front, so when we remove descriptors
4248 * we don't mess up groups we haven't gotten to. */
4254 }
4260 }
4261 }
4264 //routerlist_assert_ok(routerlist);
4266 done:
4270 }
4272 /** We just added a new set of descriptors. Take whatever extra steps
4273 * we need. */
4274 void
4276 {
4285 }
4287 }
4289 /**
4290 * Code to parse a single router descriptor and insert it into the
4291 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4292 * descriptor was well-formed but could not be added; and 1 if the
4293 * descriptor was added.
4294 *
4295 * If we don't add it and <b>msg</b> is not NULL, then assign to
4296 * *<b>msg</b> a static string describing the reason for refusing the
4297 * descriptor.
4298 *
4299 * This is used only by the controller.
4300 */
4301 int
4304 {
4306 was_router_added_t r;
4321 }
4328 }
4339 /* we've already assigned to *msg now, and ri is already freed */
4350 }
4351 }
4353 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4354 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4355 * are in response to a query to the network: cache them by adding them to
4356 * the journal.
4357 *
4358 * Return the number of routers actually added.
4359 *
4360 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4361 * uppercased fingerprints. Do not update any router whose
4362 * fingerprint is not on the list; after updating a router, remove its
4363 * fingerprint from the list.
4364 *
4365 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4366 * are descriptor digests. Otherwise they are identity digests.
4367 */
4368 int
4370 saved_location_t saved_location,
4374 {
4385 invalid_digests);
4392 was_router_added_t r;
4398 DIGEST_LEN);
4405 "We received a router descriptor with a fingerprint (%s) "
4411 }
4412 }
4417 any_changed++;
4428 }
4429 }
4433 /* This digest is never going to be parseable. */
4437 /* But we didn't ask for it, so we should assume shennanegans. */
4439 }
4441 }
4448 }
4462 }
4464 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4465 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4466 * router_load_routers_from_string(). */
4467 void
4469 saved_location_t saved_location,
4472 {
4486 was_router_added_t added =
4493 DIGEST_LEN);
4495 /* We silently let relays stuff us with extrainfos we didn't ask for,
4496 * so long as we would have wanted them anyway. Since we always fetch
4497 * all the extrainfos we want, and we never actually act on them
4498 * inside Tor, this should be harmless. */
4506 }
4507 }
4511 /* This digest is never going to be parseable. */
4516 /* But we didn't ask for it, so we should assume shennanegans. */
4518 }
4520 }
4527 }
4536 }
4538 /** Return true iff the latest ns-flavored consensus includes a descriptor
4539 * whose digest is that of <b>desc</b>. */
4540 static int
4542 {
4545 FLAV_NS);
4552 }
4554 }
4556 /** Update downloads for router descriptors and/or microdescriptors as
4557 * appropriate. */
4558 void
4560 {
4566 }
4568 /** Clear all our timeouts for fetching v3 directory stuff, and then
4569 * give it all a try again. */
4570 void
4572 {
4581 }
4583 /** Return true iff <b>router</b> does not permit exit streams.
4584 */
4585 int
4587 {
4589 }
4591 /** Create a directory server at <b>address</b>:<b>port</b>, with OR identity
4592 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4593 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4594 * the new directory server entry on success or NULL on failure. */
4603 dirinfo_type_t type,
4605 {
4617 else
4622 else
4642 }
4645 }
4654 else
4664 else
4671 }
4673 /** Create an authoritative directory server at
4674 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4675 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4676 * server entry on success or NULL if we couldn't add it. */
4677 dir_server_t *
4683 {
4685 tor_addr_t addr;
4693 "Couldn't find a suitable address when adding ourself as a "
4696 }
4703 address);
4705 }
4707 }
4712 ipv6_addrport,
4713 digest,
4717 }
4719 /** Return a new dir_server_t for a fallback directory server at
4720 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4721 * <b>id_digest</b> */
4722 dir_server_t *
4727 {
4729 addrport_ipv6,
4730 id_digest,
4732 }
4734 /** Add a directory server to the global list(s). */
4735 void
4737 {
4748 }
4750 /** Free storage held in <b>cert</b>. */
4751 void
4753 {
4762 }
4764 #define dir_server_free(val) \
4765 FREE_AND_NULL(dir_server_t, dir_server_free_, (val))
4767 /** Free storage held in <b>ds</b>. */
4768 static void
4770 {
4778 }
4780 /** Remove all members from the list of dir servers. */
4781 void
4783 {
4790 }
4795 }
4797 }
4799 /** For every current directory connection whose purpose is <b>purpose</b>,
4800 * and where the resource being downloaded begins with <b>prefix</b>, split
4801 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4802 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4803 * corresponding elements of <b>result</b> to a nonzero value.
4804 */
4805 static void
4808 {
4826 }
4831 {
4834 });
4837 {
4840 });
4841 }
4843 }
4845 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4846 * true) we are currently downloading by descriptor digest, set result[d] to
4847 * (void*)1. */
4848 static void
4850 {
4854 }
4856 /** For every microdescriptor we are currently downloading by descriptor
4857 * digest, set result[d] to (void*)1.
4858 */
4859 void
4861 {
4863 }
4865 /** For every certificate we are currently downloading by (identity digest,
4866 * signing key digest) pair, set result[fp_pair] to (void *1).
4867 */
4868 static void
4870 {
4888 tmp);
4889 }
4898 }
4900 /** Launch downloads for all the descriptors whose digests or digests256
4901 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4902 * range.) If <b>source</b> is given, download from <b>source</b>;
4903 * otherwise, download from an appropriate random directory server.
4904 */
4909 {
4917 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4918 * 256-bit digests. */
4928 }
4946 digest_len);
4947 }
4949 }
4959 /* We know which authority or directory mirror we want. */
4968 }
4970 }
4972 /** Return the max number of hashes to put in a URL for a given request.
4973 */
4974 static int
4976 {
4977 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4978 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4979 * /tor/server/d/.z) == 4026
4980 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4981 * So use 96 because it's a nice number.
4982 *
4983 * For microdescriptors, the calculation is
4984 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4985 * /tor/micro/d/.z) == 4027
4986 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4987 * So use 90 because it's a nice number.
4988 */
4992 }
4993 /* If we're going to tunnel our connections, we can ask for a lot more
4994 * in a request. */
4997 }
4999 }
5001 /** Don't split our requests so finely that we are requesting fewer than
5002 * this number per server. (Grouping more than this at once leads to
5003 * diminishing returns.) */
5004 #define MIN_DL_PER_REQUEST 32
5005 /** To prevent a single screwy cache from confusing us by selective reply,
5006 * try to split our requests into at least this many requests. */
5007 #define MIN_REQUESTS 3
5008 /** If we want fewer than this many descriptors, wait until we
5009 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
5010 #define MAX_DL_TO_DELAY 16
5012 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
5013 * router descriptor digests or microdescriptor digest256s in
5014 * <b>downloadable</b>, decide whether to delay fetching until we have more.
5015 * If we don't want to delay, launch one or more requests to the appropriate
5016 * directory authorities.
5017 */
5018 void
5022 {
5042 descname);
5045 "We are only missing %d %ss, but we'll fetch anyway, since "
5050 /* should delay */
5057 "There are not many downloadable %ss, but we've "
5059 descname,
5063 "There are not many downloadable %ss, but we haven't "
5065 descname);
5066 }
5067 }
5068 }
5071 /* If we wind up going to the authorities, we want to only open one
5072 * connection to each authority at a time, so that we don't overload
5073 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5074 * regardless of whether we're a cache or not.
5075 *
5076 * Setting this flag can make initiate_descriptor_downloads() ignore
5077 * requests. We need to make sure that we do in fact call
5078 * update_router_descriptor_downloads() later on, once the connections
5079 * have succeeded or failed.
5080 */
5082 PDS_NO_EXISTING_MICRODESC_FETCH :
5083 PDS_NO_EXISTING_SERVERDESC_FETCH;
5084 }
5094 }
5109 pds_flags);
5110 }
5112 }
5114 /** For any descriptor that we want that's currently listed in
5115 * <b>consensus</b>, download it as appropriate. */
5116 void
5119 {
5135 /* where's it from, so we know whom to ask for descriptors */
5142 else
5144 }
5158 /* We have a descriptor with this digest, but either there is no
5159 * entry in routerlist with the same ID (!ri), or there is one,
5160 * but the identity digest differs (memneq).
5161 */
5164 }
5166 }
5170 }
5174 }
5178 }
5183 }
5194 time_bufnew,
5197 }
5209 was_router_added_t r;
5215 }
5216 /* need to remember for below, since add_to_routerlist may free. */
5222 "usually a big deal, but you should make sure that your "
5233 }
5234 }
5237 }
5240 "%d router descriptors downloadable. %d delayed; %d present "
5241 "(%d of those were in old_routers); %d would_reject; "
5250 done:
5253 }
5255 /** How often should we launch a server/authority request to be sure of getting
5256 * a guess for our IP? */
5257 /*XXXX+ this info should come from netinfo cells or something, or we should
5258 * do this only when we aren't seeing incoming data. see bug 652. */
5259 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5261 /** As needed, launch a dummy router descriptor fetch to see if our
5262 * address has changed. */
5263 static void
5266 {
5268 /* XXXX+ we could be smarter here; see notes on bug 652. */
5269 /* If we're a server that doesn't have a configured address, we rely on
5270 * directory fetches to learn when our address changes. So if we haven't
5271 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5277 /* XX/teor - do we want an authority here, because they are less likely
5278 * to give us the wrong address? (See #17782)
5279 * I'm leaving the previous behaviour intact, because I don't like
5280 * the idea of some relays contacting an authority every 20 minutes. */
5283 PDS_RETRY_IF_NO_SERVERS,
5284 DL_WANT_ANY_DIRSERVER);
5285 }
5286 }
5288 /** Launch downloads for router status as needed. */
5289 void
5291 {
5300 }
5302 /** Launch extrainfo downloads as needed. */
5303 void
5305 {
5330 else
5342 }
5346 }
5350 }
5354 }
5367 "router_get_by_extrainfo_digest() value. This has ID %s "
5368 "but the entry in the map has ID %s. This has EI digest "
5378 "router_get_by_extrainfo_digest() value. This has ID %s "
5382 }
5385 }
5387 }
5388 }
5392 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5404 }
5407 }
5409 /** Reset the consensus and extra-info download failure count on all routers.
5410 * When we get a new consensus,
5411 * routers_update_status_from_consensus_networkstatus() will reset the
5412 * download statuses on the descriptors in that consensus.
5413 */
5414 void
5416 {
5424 /* We want to download *all* extra-info descriptors, not just those in
5425 * the consensus we currently have (or are about to have) */
5427 {
5429 });
5431 {
5433 });
5434 }
5436 /** Any changes in a router descriptor's publication time larger than this are
5437 * automatically non-cosmetic. */
5438 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5440 /** We allow uptime to vary from how much it ought to be by this much. */
5441 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5443 /** Return true iff the only differences between r1 and r2 are such that
5444 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5445 */
5446 int
5448 {
5453 /* r1 should be the one that was published first. */
5458 }
5460 /* If any key fields differ, they're different. */
5491 }
5492 }
5494 /* Did bandwidth change a lot? */
5499 /* Did the bandwidthrate or bandwidthburst change? */
5504 /* Did more than 12 hours pass? */
5509 /* Did uptime fail to increase by approximately the amount we would think,
5510 * give or take some slop? */
5519 /* Otherwise, the difference is cosmetic. */
5521 }
5523 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5524 * extrainfo document <b>ei</b>.
5525 *
5526 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5527 * for the router. We use it to check the signature of the extrainfo document,
5528 * if it has not already been checked.
5529 *
5530 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5531 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5532 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5533 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5534 * incompatibility (if any).
5535 *
5536 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5537 * but the extrainfo was nonetheless incompatible.
5538 **/
5539 int
5544 {
5553 }
5557 /* Set digest256_matches to 1 if the digest is correct, or if no
5558 * digest256 was in the ri. */
5561 digest256_matches |=
5564 /* The identity must match exactly to have been generated at the same time
5565 * by the same router. */
5568 DIGEST_LEN)) {
5571 }
5577 }
5585 DIGEST_LEN)) {
5590 }
5594 }
5603 }
5609 }
5614 }
5619 }
5622 err:
5624 /* This signature was okay, and the digest was right: This is indeed the
5625 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5626 * that lists it. Don't try to fetch this one again. */
5628 }
5631 }
5633 /* Does ri have a valid ntor onion key?
5634 * Valid ntor onion keys exist and have at least one non-zero byte. */
5635 int
5637 {
5640 }
5644 }
5647 CURVE25519_PUBKEY_LEN)) {
5649 }
5652 }
5654 /* Is rs running a tor version known to support EXTEND2 cells?
5655 * If allow_unknown_versions is true, return true if we can't tell
5656 * (from a versions line or a protocols line) whether it supports extend2
5657 * cells.
5658 * Otherwise, return false if the version is unknown. */
5659 int
5662 {
5665 }
5669 }
5672 }
5674 /** Assert that the internal representation of <b>rl</b> is
5675 * self-consistent. */
5676 void
5678 {
5690 /* XXXX
5691 *
5692 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5693 * commenting this out is just a band-aid.
5694 *
5695 * The problem is that, although well-behaved router descriptors
5696 * should never have the same value for their extra_info_digest, it's
5697 * possible for ill-behaved routers to claim whatever they like there.
5698 *
5699 * The real answer is to trash desc_by_eid_map and instead have
5700 * something that indicates for a given extra-info digest we want,
5701 * what its download status is. We'll do that as a part of routerlist
5702 * refactoring once consensus directories are in. For now,
5703 * this rep violation is probably harmless: an adversary can make us
5704 * reset our retry count for an extrainfo, but that's not the end
5705 * of the world. Changing the representation in 0.2.0.x would just
5706 * destabilize the codebase.
5707 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5708 signed_descriptor_t *sd3 =
5709 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5710 tor_assert(sd3 == &(r->cache_info));
5711 }
5712 */
5720 /* XXXX see above.
5721 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5722 signed_descriptor_t *sd3 =
5723 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5724 tor_assert(sd3 == sd);
5725 }
5726 */
5746 // tor_assert(sd); // XXXX see above
5750 }
5752 }
5754 /** Allocate and return a new string representing the contact info
5755 * and platform string for <b>router</b>,
5756 * surrounded by quotes and using standard C escapes.
5757 *
5758 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5759 * thread. Also, each call invalidates the last-returned value, so don't
5760 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5761 *
5762 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5763 */
5766 {
5782 }
5784 /** Helper for sorting: compare two routerinfos by their identity
5785 * digest. */
5786 static int
5788 {
5792 DIGEST_LEN);
5793 }
5795 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5796 void
5798 {
5800 }
5802 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5803 * recompute all country info in all configuration node sets and in the
5804 * routerlist. */
5805 void
5807 {
5822 }