1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
10 * maintain and access the global list of routerinfos for known
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
24 * Right now, routerinfo_t objects are used in these ways:
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
88 * TODO: Authority certificates should be a separate module.
90 * TODO: dir_server_t stuff should be in a separate module.
93 #define ROUTERLIST_PRIVATE
95 #include "backtrace.h"
97 #include "crypto_ed25519.h"
98 #include "circuitstats.h"
100 #include "connection.h"
102 #include "crypto_rand.h"
103 #include "directory.h"
105 #include "entrynodes.h"
108 #include "hibernate.h"
110 #include "microdesc.h"
111 #include "networkstatus.h"
112 #include "nodelist.h"
113 #include "policies.h"
115 #include "rendcommon.h"
116 #include "rendservice.h"
119 #include "routerlist.h"
120 #include "routerparse.h"
121 #include "routerset.h"
125 #include "dirauth/dirvote.h"
126 #include "dirauth/mode.h"
128 // #define DEBUG_ROUTERLIST
130 /****************************************************************************/
132 /* Typed wrappers for different digestmap types; used to avoid type
135 DECLARE_TYPED_DIGESTMAP_FNS(sdmap_
, digest_sd_map_t
, signed_descriptor_t
)
136 DECLARE_TYPED_DIGESTMAP_FNS(rimap_
, digest_ri_map_t
, routerinfo_t
)
137 DECLARE_TYPED_DIGESTMAP_FNS(eimap_
, digest_ei_map_t
, extrainfo_t
)
138 DECLARE_TYPED_DIGESTMAP_FNS(dsmap_
, digest_ds_map_t
, download_status_t
)
139 #define SDMAP_FOREACH(map, keyvar, valvar) \
140 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
142 #define RIMAP_FOREACH(map, keyvar, valvar) \
143 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
144 #define EIMAP_FOREACH(map, keyvar, valvar) \
145 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
146 #define DSMAP_FOREACH(map, keyvar, valvar) \
147 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
149 #define eimap_free(map, fn) MAP_FREE_AND_NULL(eimap, (map), (fn))
150 #define rimap_free(map, fn) MAP_FREE_AND_NULL(rimap, (map), (fn))
151 #define dsmap_free(map, fn) MAP_FREE_AND_NULL(dsmap, (map), (fn))
152 #define sdmap_free(map, fn) MAP_FREE_AND_NULL(sdmap, (map), (fn))
154 /* Forward declaration for cert_list_t */
155 typedef struct cert_list_t cert_list_t
;
157 /* static function prototypes */
158 static int compute_weighted_bandwidths(const smartlist_t
*sl
,
159 bandwidth_weight_rule_t rule
,
160 double **bandwidths_out
,
161 double *total_bandwidth_out
);
162 static const routerstatus_t
*router_pick_trusteddirserver_impl(
163 const smartlist_t
*sourcelist
, dirinfo_type_t auth
,
164 int flags
, int *n_busy_out
);
165 static const routerstatus_t
*router_pick_dirserver_generic(
166 smartlist_t
*sourcelist
,
167 dirinfo_type_t type
, int flags
);
168 static void mark_all_dirservers_up(smartlist_t
*server_list
);
169 static int signed_desc_digest_is_recognized(signed_descriptor_t
*desc
);
170 static const char *signed_descriptor_get_body_impl(
171 const signed_descriptor_t
*desc
,
172 int with_annotations
);
173 static void list_pending_downloads(digestmap_t
*result
,
174 digest256map_t
*result256
,
175 int purpose
, const char *prefix
);
176 static void list_pending_fpsk_downloads(fp_pair_map_t
*result
);
177 static void launch_dummy_descriptor_download_as_needed(time_t now
,
178 const or_options_t
*options
);
179 static void download_status_reset_by_sk_in_cl(cert_list_t
*cl
,
181 static int download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
185 /****************************************************************************/
187 /** Global list of a dir_server_t object for each directory
189 static smartlist_t
*trusted_dir_servers
= NULL
;
190 /** Global list of dir_server_t objects for all directory authorities
191 * and all fallback directory servers. */
192 static smartlist_t
*fallback_dir_servers
= NULL
;
194 /** List of certificates for a single authority, and download status for
195 * latest certificate.
199 * The keys of download status map are cert->signing_key_digest for pending
200 * downloads by (identity digest/signing key digest) pair; functions such
201 * as authority_cert_get_by_digest() already assume these are unique.
203 struct digest_ds_map_t
*dl_status_map
;
204 /* There is also a dlstatus for the download by identity key only */
205 download_status_t dl_status_by_id
;
208 /** Map from v3 identity key digest to cert_list_t. */
209 static digestmap_t
*trusted_dir_certs
= NULL
;
210 /** True iff any key certificate in at least one member of
211 * <b>trusted_dir_certs</b> has changed since we last flushed the
212 * certificates to disk. */
213 static int trusted_dir_servers_certs_changed
= 0;
215 /** Global list of all of the routers that we know about. */
216 static routerlist_t
*routerlist
= NULL
;
218 /** List of strings for nicknames we've already warned about and that are
219 * still unknown / unavailable. */
220 static smartlist_t
*warned_nicknames
= NULL
;
222 /** The last time we tried to download any routerdesc, or 0 for "never". We
223 * use this to rate-limit download attempts when the number of routerdescs to
224 * download is low. */
225 static time_t last_descriptor_download_attempted
= 0;
227 /** Return the number of directory authorities whose type matches some bit set
230 get_n_authorities(dirinfo_type_t type
)
233 if (!trusted_dir_servers
)
235 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
241 /** Initialise schedule, want_authority, and increment_on in the download
242 * status dlstatus, then call download_status_reset() on it.
243 * It is safe to call this function or download_status_reset() multiple times
244 * on a new dlstatus. But it should *not* be called after a dlstatus has been
245 * used to count download attempts or failures. */
247 download_status_cert_init(download_status_t
*dlstatus
)
249 dlstatus
->schedule
= DL_SCHED_CONSENSUS
;
250 dlstatus
->want_authority
= DL_WANT_ANY_DIRSERVER
;
251 dlstatus
->increment_on
= DL_SCHED_INCREMENT_FAILURE
;
252 dlstatus
->last_backoff_position
= 0;
253 dlstatus
->last_delay_used
= 0;
255 /* Use the new schedule to set next_attempt_at */
256 download_status_reset(dlstatus
);
259 /** Reset the download status of a specified element in a dsmap */
261 download_status_reset_by_sk_in_cl(cert_list_t
*cl
, const char *digest
)
263 download_status_t
*dlstatus
= NULL
;
268 /* Make sure we have a dsmap */
269 if (!(cl
->dl_status_map
)) {
270 cl
->dl_status_map
= dsmap_new();
272 /* Look for a download_status_t in the map with this digest */
273 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
276 /* Insert before we reset */
277 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
278 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
279 download_status_cert_init(dlstatus
);
281 tor_assert(dlstatus
);
282 /* Go ahead and reset it */
283 download_status_reset(dlstatus
);
287 * Return true if the download for this signing key digest in cl is ready
288 * to be re-attempted.
291 download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
296 download_status_t
*dlstatus
= NULL
;
301 /* Make sure we have a dsmap */
302 if (!(cl
->dl_status_map
)) {
303 cl
->dl_status_map
= dsmap_new();
305 /* Look for a download_status_t in the map with this digest */
306 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
309 /* Use download_status_is_ready() */
310 rv
= download_status_is_ready(dlstatus
, now
);
313 * If we don't know anything about it, return 1, since we haven't
314 * tried this one before. We need to create a new entry here,
317 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
318 download_status_cert_init(dlstatus
);
319 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
326 /** Helper: Return the cert_list_t for an authority whose authority ID is
327 * <b>id_digest</b>, allocating a new list if necessary. */
329 get_cert_list(const char *id_digest
)
332 if (!trusted_dir_certs
)
333 trusted_dir_certs
= digestmap_new();
334 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
336 cl
= tor_malloc_zero(sizeof(cert_list_t
));
337 download_status_cert_init(&cl
->dl_status_by_id
);
338 cl
->certs
= smartlist_new();
339 cl
->dl_status_map
= dsmap_new();
340 digestmap_set(trusted_dir_certs
, id_digest
, cl
);
345 /** Return a list of authority ID digests with potentially enumerable lists
346 * of download_status_t objects; used by controller GETINFO queries.
349 MOCK_IMPL(smartlist_t
*,
350 list_authority_ids_with_downloads
, (void))
352 smartlist_t
*ids
= smartlist_new();
358 if (trusted_dir_certs
) {
359 for (i
= digestmap_iter_init(trusted_dir_certs
);
360 !(digestmap_iter_done(i
));
361 i
= digestmap_iter_next(trusted_dir_certs
, i
)) {
363 * We always have at least dl_status_by_id to query, so no need to
364 * probe deeper than the existence of a cert_list_t.
366 digestmap_iter_get(i
, &digest
, &cl
);
367 tmp
= tor_malloc(DIGEST_LEN
);
368 memcpy(tmp
, digest
, DIGEST_LEN
);
369 smartlist_add(ids
, tmp
);
372 /* else definitely no downloads going since nothing even has a cert list */
377 /** Given an authority ID digest, return a pointer to the default download
378 * status, or NULL if there is no such entry in trusted_dir_certs */
380 MOCK_IMPL(download_status_t
*,
381 id_only_download_status_for_authority_id
, (const char *digest
))
383 download_status_t
*dl
= NULL
;
386 if (trusted_dir_certs
) {
387 cl
= digestmap_get(trusted_dir_certs
, digest
);
389 dl
= &(cl
->dl_status_by_id
);
396 /** Given an authority ID digest, return a smartlist of signing key digests
397 * for which download_status_t is potentially queryable, or NULL if no such
398 * authority ID digest is known. */
400 MOCK_IMPL(smartlist_t
*,
401 list_sk_digests_for_authority_id
, (const char *digest
))
403 smartlist_t
*sks
= NULL
;
406 const char *sk_digest
;
408 download_status_t
*dl
;
410 if (trusted_dir_certs
) {
411 cl
= digestmap_get(trusted_dir_certs
, digest
);
413 sks
= smartlist_new();
414 if (cl
->dl_status_map
) {
415 for (i
= dsmap_iter_init(cl
->dl_status_map
);
416 !(dsmap_iter_done(i
));
417 i
= dsmap_iter_next(cl
->dl_status_map
, i
)) {
418 /* Pull the digest out and add it to the list */
419 dsmap_iter_get(i
, &sk_digest
, &dl
);
420 tmp
= tor_malloc(DIGEST_LEN
);
421 memcpy(tmp
, sk_digest
, DIGEST_LEN
);
422 smartlist_add(sks
, tmp
);
431 /** Given an authority ID digest and a signing key digest, return the
432 * download_status_t or NULL if none exists. */
434 MOCK_IMPL(download_status_t
*,
435 download_status_for_authority_id_and_sk
,(const char *id_digest
,
436 const char *sk_digest
))
438 download_status_t
*dl
= NULL
;
439 cert_list_t
*cl
= NULL
;
441 if (trusted_dir_certs
) {
442 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
443 if (cl
&& cl
->dl_status_map
) {
444 dl
= dsmap_get(cl
->dl_status_map
, sk_digest
);
451 #define cert_list_free(val) \
452 FREE_AND_NULL(cert_list_t, cert_list_free_, (val))
454 /** Release all space held by a cert_list_t */
456 cert_list_free_(cert_list_t
*cl
)
461 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
462 authority_cert_free(cert
));
463 smartlist_free(cl
->certs
);
464 dsmap_free(cl
->dl_status_map
, tor_free_
);
468 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
470 cert_list_free_void(void *cl
)
475 /** Reload the cached v3 key certificates from the cached-certs file in
476 * the data directory. Return 0 on success, -1 on failure. */
478 trusted_dirs_reload_certs(void)
484 filename
= get_cachedir_fname("cached-certs");
485 contents
= read_file_to_str(filename
, RFTS_IGNORE_MISSING
, NULL
);
489 r
= trusted_dirs_load_certs_from_string(
491 TRUSTED_DIRS_CERTS_SRC_FROM_STORE
, 1, NULL
);
496 /** Helper: return true iff we already have loaded the exact cert
499 already_have_cert(authority_cert_t
*cert
)
501 cert_list_t
*cl
= get_cert_list(cert
->cache_info
.identity_digest
);
503 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
505 if (tor_memeq(c
->cache_info
.signed_descriptor_digest
,
506 cert
->cache_info
.signed_descriptor_digest
,
513 /** Load a bunch of new key certificates from the string <b>contents</b>. If
514 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
515 * from the cache, and we don't need to flush them to disk. If we are a
516 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
517 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
518 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
519 * need to flush any changed certificates to disk now. Return 0 on success,
520 * -1 if any certs fail to parse.
522 * If source_dir is non-NULL, it's the identity digest for a directory that
523 * we've just successfully retrieved certificates from, so try it first to
524 * fetch any missing certificates.
527 trusted_dirs_load_certs_from_string(const char *contents
, int source
,
528 int flush
, const char *source_dir
)
532 int failure_code
= 0;
533 int from_store
= (source
== TRUSTED_DIRS_CERTS_SRC_FROM_STORE
);
534 int added_trusted_cert
= 0;
536 for (s
= contents
; *s
; s
= eos
) {
537 authority_cert_t
*cert
= authority_cert_parse_from_string(s
, &eos
);
543 ds
= trusteddirserver_get_by_v3_auth_digest(
544 cert
->cache_info
.identity_digest
);
545 log_debug(LD_DIR
, "Parsed certificate for %s",
546 ds
? ds
->nickname
: "unknown authority");
548 if (already_have_cert(cert
)) {
549 /* we already have this one. continue. */
550 log_info(LD_DIR
, "Skipping %s certificate for %s that we "
552 from_store
? "cached" : "downloaded",
553 ds
? ds
->nickname
: "an old or new authority");
556 * A duplicate on download should be treated as a failure, so we call
557 * authority_cert_dl_failed() to reset the download status to make sure
558 * we can't try again. Since we've implemented the fp-sk mechanism
559 * to download certs by signing key, this should be much rarer than it
560 * was and is perhaps cause for concern.
563 if (authdir_mode(get_options())) {
565 "Got a certificate for %s, but we already have it. "
566 "Maybe they haven't updated it. Waiting for a while.",
567 ds
? ds
->nickname
: "an old or new authority");
570 "Got a certificate for %s, but we already have it. "
571 "Maybe they haven't updated it. Waiting for a while.",
572 ds
? ds
->nickname
: "an old or new authority");
576 * This is where we care about the source; authority_cert_dl_failed()
577 * needs to know whether the download was by fp or (fp,sk) pair to
578 * twiddle the right bit in the download map.
580 if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
) {
581 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
583 } else if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST
) {
584 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
585 cert
->signing_key_digest
, 404);
589 authority_cert_free(cert
);
594 added_trusted_cert
= 1;
595 log_info(LD_DIR
, "Adding %s certificate for directory authority %s with "
596 "signing key %s", from_store
? "cached" : "downloaded",
597 ds
->nickname
, hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
599 int adding
= we_want_to_fetch_unknown_auth_certs(get_options());
600 log_info(LD_DIR
, "%s %s certificate for unrecognized directory "
601 "authority with signing key %s",
602 adding
? "Adding" : "Not adding",
603 from_store
? "cached" : "downloaded",
604 hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
606 authority_cert_free(cert
);
611 cl
= get_cert_list(cert
->cache_info
.identity_digest
);
612 smartlist_add(cl
->certs
, cert
);
613 if (ds
&& cert
->cache_info
.published_on
> ds
->addr_current_at
) {
614 /* Check to see whether we should update our view of the authority's
616 if (cert
->addr
&& cert
->dir_port
&&
617 (ds
->addr
!= cert
->addr
||
618 ds
->dir_port
!= cert
->dir_port
)) {
619 char *a
= tor_dup_ip(cert
->addr
);
620 log_notice(LD_DIR
, "Updating address for directory authority %s "
621 "from %s:%d to %s:%d based on certificate.",
622 ds
->nickname
, ds
->address
, (int)ds
->dir_port
,
625 ds
->addr
= cert
->addr
;
626 ds
->dir_port
= cert
->dir_port
;
628 ds
->addr_current_at
= cert
->cache_info
.published_on
;
632 trusted_dir_servers_certs_changed
= 1;
636 trusted_dirs_flush_certs_to_disk();
638 /* call this even if failure_code is <0, since some certs might have
639 * succeeded, but only pass source_dir if there were no failures,
640 * and at least one more authority certificate was added to the store.
641 * This avoids retrying a directory that's serving bad or entirely duplicate
643 if (failure_code
== 0 && added_trusted_cert
) {
644 networkstatus_note_certs_arrived(source_dir
);
646 networkstatus_note_certs_arrived(NULL
);
652 /** Save all v3 key certificates to the cached-certs file. */
654 trusted_dirs_flush_certs_to_disk(void)
659 if (!trusted_dir_servers_certs_changed
|| !trusted_dir_certs
)
662 chunks
= smartlist_new();
663 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
664 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
666 sized_chunk_t
*c
= tor_malloc(sizeof(sized_chunk_t
));
667 c
->bytes
= cert
->cache_info
.signed_descriptor_body
;
668 c
->len
= cert
->cache_info
.signed_descriptor_len
;
669 smartlist_add(chunks
, c
);
671 } DIGESTMAP_FOREACH_END
;
673 filename
= get_cachedir_fname("cached-certs");
674 if (write_chunks_to_file(filename
, chunks
, 0, 0)) {
675 log_warn(LD_FS
, "Error writing certificates to disk.");
678 SMARTLIST_FOREACH(chunks
, sized_chunk_t
*, c
, tor_free(c
));
679 smartlist_free(chunks
);
681 trusted_dir_servers_certs_changed
= 0;
685 compare_certs_by_pubdates(const void **_a
, const void **_b
)
687 const authority_cert_t
*cert1
= *_a
, *cert2
=*_b
;
689 if (cert1
->cache_info
.published_on
< cert2
->cache_info
.published_on
)
691 else if (cert1
->cache_info
.published_on
> cert2
->cache_info
.published_on
)
697 /** Remove all expired v3 authority certificates that have been superseded for
698 * more than 48 hours or, if not expired, that were published more than 7 days
699 * before being superseded. (If the most recent cert was published more than 48
700 * hours ago, then we aren't going to get any consensuses signed with older
703 trusted_dirs_remove_old_certs(void)
705 time_t now
= time(NULL
);
706 #define DEAD_CERT_LIFETIME (2*24*60*60)
707 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
708 if (!trusted_dir_certs
)
711 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
712 /* Sort the list from first-published to last-published */
713 smartlist_sort(cl
->certs
, compare_certs_by_pubdates
);
715 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
716 if (cert_sl_idx
== smartlist_len(cl
->certs
) - 1) {
717 /* This is the most recently published cert. Keep it. */
720 authority_cert_t
*next_cert
= smartlist_get(cl
->certs
, cert_sl_idx
+1);
721 const time_t next_cert_published
= next_cert
->cache_info
.published_on
;
722 if (next_cert_published
> now
) {
723 /* All later certs are published in the future. Keep everything
724 * we didn't discard. */
727 int should_remove
= 0;
728 if (cert
->expires
+ DEAD_CERT_LIFETIME
< now
) {
729 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
732 } else if (next_cert_published
+ SUPERSEDED_CERT_LIFETIME
< now
) {
733 /* Certificate has been superseded for OLD_CERT_LIFETIME.
739 SMARTLIST_DEL_CURRENT_KEEPORDER(cl
->certs
, cert
);
740 authority_cert_free(cert
);
741 trusted_dir_servers_certs_changed
= 1;
743 } SMARTLIST_FOREACH_END(cert
);
745 } DIGESTMAP_FOREACH_END
;
746 #undef DEAD_CERT_LIFETIME
747 #undef OLD_CERT_LIFETIME
749 trusted_dirs_flush_certs_to_disk();
752 /** Return the newest v3 authority certificate whose v3 authority identity key
753 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
754 * or it has no certificate. */
756 authority_cert_get_newest_by_id(const char *id_digest
)
759 authority_cert_t
*best
= NULL
;
760 if (!trusted_dir_certs
||
761 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
764 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
766 if (!best
|| cert
->cache_info
.published_on
> best
->cache_info
.published_on
)
772 /** Return the newest v3 authority certificate whose directory signing key has
773 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
776 authority_cert_get_by_sk_digest(const char *sk_digest
)
779 if (!trusted_dir_certs
)
782 if ((c
= get_my_v3_authority_cert()) &&
783 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
785 if ((c
= get_my_v3_legacy_cert()) &&
786 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
789 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
790 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
792 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
795 } DIGESTMAP_FOREACH_END
;
799 /** Return the v3 authority certificate with signing key matching
800 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
801 * Return NULL if no such authority is known. */
803 authority_cert_get_by_digests(const char *id_digest
,
804 const char *sk_digest
)
807 if (!trusted_dir_certs
||
808 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
810 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
811 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
817 /** Add every known authority_cert_t to <b>certs_out</b>. */
819 authority_cert_get_all(smartlist_t
*certs_out
)
821 tor_assert(certs_out
);
822 if (!trusted_dir_certs
)
825 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
826 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
827 smartlist_add(certs_out
, c
));
828 } DIGESTMAP_FOREACH_END
;
831 /** Called when an attempt to download a certificate with the authority with
832 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
833 * fails with HTTP response code <b>status</b>: remember the failure, so we
834 * don't try again immediately. */
836 authority_cert_dl_failed(const char *id_digest
,
837 const char *signing_key_digest
, int status
)
840 download_status_t
*dlstatus
= NULL
;
841 char id_digest_str
[2*DIGEST_LEN
+1];
842 char sk_digest_str
[2*DIGEST_LEN
+1];
844 if (!trusted_dir_certs
||
845 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
849 * Are we noting a failed download of the latest cert for the id digest,
850 * or of a download by (id, signing key) digest pair?
852 if (!signing_key_digest
) {
853 /* Just by id digest */
854 download_status_failed(&cl
->dl_status_by_id
, status
);
856 /* Reset by (id, signing key) digest pair
858 * Look for a download_status_t in the map with this digest
860 dlstatus
= dsmap_get(cl
->dl_status_map
, signing_key_digest
);
863 download_status_failed(dlstatus
, status
);
866 * Do this rather than hex_str(), since hex_str clobbers
867 * old results and we call twice in the param list.
869 base16_encode(id_digest_str
, sizeof(id_digest_str
),
870 id_digest
, DIGEST_LEN
);
871 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
872 signing_key_digest
, DIGEST_LEN
);
874 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
875 "status %d, but knew nothing about the download.",
876 id_digest_str
, sk_digest_str
, status
);
881 static const char *BAD_SIGNING_KEYS
[] = {
882 "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
883 "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
884 "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
885 "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
886 "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
887 "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
888 "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
889 "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
890 "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
891 "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
895 /** Return true iff <b>cert</b> authenticates some atuhority signing key
896 * which, because of the old openssl heartbleed vulnerability, should
897 * never be trusted. */
899 authority_cert_is_blacklisted(const authority_cert_t
*cert
)
901 char hex_digest
[HEX_DIGEST_LEN
+1];
903 base16_encode(hex_digest
, sizeof(hex_digest
),
904 cert
->signing_key_digest
, sizeof(cert
->signing_key_digest
));
906 for (i
= 0; BAD_SIGNING_KEYS
[i
]; ++i
) {
907 if (!strcasecmp(hex_digest
, BAD_SIGNING_KEYS
[i
])) {
914 /** Return true iff when we've been getting enough failures when trying to
915 * download the certificate with ID digest <b>id_digest</b> that we're willing
916 * to start bugging the user about it. */
918 authority_cert_dl_looks_uncertain(const char *id_digest
)
920 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
923 if (!trusted_dir_certs
||
924 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
927 n_failures
= download_status_get_n_failures(&cl
->dl_status_by_id
);
928 return n_failures
>= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER
;
931 /* Fetch the authority certificates specified in resource.
932 * If we are a bridge client, and node is a configured bridge, fetch from node
933 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
934 * rs. Otherwise, fetch from a random directory mirror. */
936 authority_certs_fetch_resource_impl(const char *resource
,
937 const char *dir_hint
,
939 const routerstatus_t
*rs
)
941 const or_options_t
*options
= get_options();
942 int get_via_tor
= purpose_needs_anonymity(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
945 /* Make sure bridge clients never connect to anything but a bridge */
946 if (options
->UseBridges
) {
947 if (node
&& !node_is_a_configured_bridge(node
)) {
948 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
951 /* If we're using bridges, and there's no node, use a 3-hop path. */
956 const dir_indirection_t indirection
= get_via_tor
? DIRIND_ANONYMOUS
959 directory_request_t
*req
= NULL
;
960 /* If we've just downloaded a consensus from a bridge, re-use that
962 if (options
->UseBridges
&& node
&& node
->ri
&& !get_via_tor
) {
963 /* clients always make OR connections to bridges */
964 tor_addr_port_t or_ap
;
965 /* we are willing to use a non-preferred address if we need to */
966 fascist_firewall_choose_address_node(node
, FIREWALL_OR_CONNECTION
, 0,
969 req
= directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE
);
970 directory_request_set_or_addr_port(req
, &or_ap
);
972 directory_request_set_directory_id_digest(req
, dir_hint
);
974 /* And if we've just downloaded a consensus from a directory, re-use that
976 req
= directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE
);
977 directory_request_set_routerstatus(req
, rs
);
981 /* We've set up a request object -- fill in the other request fields, and
982 * send the request. */
983 directory_request_set_indirection(req
, indirection
);
984 directory_request_set_resource(req
, resource
);
985 directory_initiate_request(req
);
986 directory_request_free(req
);
990 /* Otherwise, we want certs from a random fallback or directory
991 * mirror, because they will almost always succeed. */
992 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
993 resource
, PDS_RETRY_IF_NO_SERVERS
,
994 DL_WANT_ANY_DIRSERVER
);
997 /** Try to download any v3 authority certificates that we may be missing. If
998 * <b>status</b> is provided, try to get all the ones that were used to sign
999 * <b>status</b>. Additionally, try to have a non-expired certificate for
1000 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
1003 * If dir_hint is non-NULL, it's the identity digest for a directory that
1004 * we've just successfully retrieved a consensus or certificates from, so try
1005 * it first to fetch any missing certificates.
1008 authority_certs_fetch_missing(networkstatus_t
*status
, time_t now
,
1009 const char *dir_hint
)
1012 * The pending_id digestmap tracks pending certificate downloads by
1013 * identity digest; the pending_cert digestmap tracks pending downloads
1014 * by (identity digest, signing key digest) pairs.
1016 digestmap_t
*pending_id
;
1017 fp_pair_map_t
*pending_cert
;
1019 * The missing_id_digests smartlist will hold a list of id digests
1020 * we want to fetch the newest cert for; the missing_cert_digests
1021 * smartlist will hold a list of fp_pair_t with an identity and
1022 * signing key digest.
1024 smartlist_t
*missing_cert_digests
, *missing_id_digests
;
1025 char *resource
= NULL
;
1027 const or_options_t
*options
= get_options();
1028 const int keep_unknown
= we_want_to_fetch_unknown_auth_certs(options
);
1029 fp_pair_t
*fp_tmp
= NULL
;
1030 char id_digest_str
[2*DIGEST_LEN
+1];
1031 char sk_digest_str
[2*DIGEST_LEN
+1];
1033 if (should_delay_dir_fetches(options
, NULL
))
1036 pending_cert
= fp_pair_map_new();
1037 pending_id
= digestmap_new();
1038 missing_cert_digests
= smartlist_new();
1039 missing_id_digests
= smartlist_new();
1042 * First, we get the lists of already pending downloads so we don't
1045 list_pending_downloads(pending_id
, NULL
,
1046 DIR_PURPOSE_FETCH_CERTIFICATE
, "fp/");
1047 list_pending_fpsk_downloads(pending_cert
);
1050 * Now, we download any trusted authority certs we don't have by
1051 * identity digest only. This gets the latest cert for that authority.
1053 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers
, dir_server_t
*, ds
) {
1055 if (!(ds
->type
& V3_DIRINFO
))
1057 if (smartlist_contains_digest(missing_id_digests
,
1058 ds
->v3_identity_digest
))
1060 cl
= get_cert_list(ds
->v3_identity_digest
);
1061 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
1062 if (now
< cert
->expires
) {
1063 /* It's not expired, and we weren't looking for something to
1064 * verify a consensus with. Call it done. */
1065 download_status_reset(&(cl
->dl_status_by_id
));
1066 /* No sense trying to download it specifically by signing key hash */
1067 download_status_reset_by_sk_in_cl(cl
, cert
->signing_key_digest
);
1071 } SMARTLIST_FOREACH_END(cert
);
1073 download_status_is_ready(&(cl
->dl_status_by_id
), now
) &&
1074 !digestmap_get(pending_id
, ds
->v3_identity_digest
)) {
1076 "No current certificate known for authority %s "
1077 "(ID digest %s); launching request.",
1078 ds
->nickname
, hex_str(ds
->v3_identity_digest
, DIGEST_LEN
));
1079 smartlist_add(missing_id_digests
, ds
->v3_identity_digest
);
1081 } SMARTLIST_FOREACH_END(ds
);
1084 * Next, if we have a consensus, scan through it and look for anything
1085 * signed with a key from a cert we don't have. Those get downloaded
1086 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1087 * (identity digest), and it's one of the trusted dir server certs
1088 * we started off above or a pending download in pending_id, don't
1089 * try to get it yet. Most likely, the one we'll get for that will
1090 * have the right signing key too, and we'd just be downloading
1094 SMARTLIST_FOREACH_BEGIN(status
->voters
, networkstatus_voter_info_t
*,
1096 if (!smartlist_len(voter
->sigs
))
1097 continue; /* This authority never signed this consensus, so don't
1098 * go looking for a cert with key digest 0000000000. */
1099 if (!keep_unknown
&&
1100 !trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
))
1101 continue; /* We don't want unknown certs, and we don't know this
1105 * If we don't know *any* cert for this authority, and a download by ID
1106 * is pending or we added it to missing_id_digests above, skip this
1107 * one for now to avoid duplicate downloads.
1109 cl
= get_cert_list(voter
->identity_digest
);
1110 if (smartlist_len(cl
->certs
) == 0) {
1111 /* We have no certs at all for this one */
1113 /* Do we have a download of one pending? */
1114 if (digestmap_get(pending_id
, voter
->identity_digest
))
1118 * Are we about to launch a download of one due to the trusted
1119 * dir server check above?
1121 if (smartlist_contains_digest(missing_id_digests
,
1122 voter
->identity_digest
))
1126 SMARTLIST_FOREACH_BEGIN(voter
->sigs
, document_signature_t
*, sig
) {
1127 authority_cert_t
*cert
=
1128 authority_cert_get_by_digests(voter
->identity_digest
,
1129 sig
->signing_key_digest
);
1131 if (now
< cert
->expires
)
1132 download_status_reset_by_sk_in_cl(cl
, sig
->signing_key_digest
);
1135 if (download_status_is_ready_by_sk_in_cl(
1136 cl
, sig
->signing_key_digest
, now
) &&
1137 !fp_pair_map_get_by_digests(pending_cert
,
1138 voter
->identity_digest
,
1139 sig
->signing_key_digest
)) {
1141 * Do this rather than hex_str(), since hex_str clobbers
1142 * old results and we call twice in the param list.
1144 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1145 voter
->identity_digest
, DIGEST_LEN
);
1146 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1147 sig
->signing_key_digest
, DIGEST_LEN
);
1149 if (voter
->nickname
) {
1151 "We're missing a certificate from authority %s "
1152 "(ID digest %s) with signing key %s: "
1153 "launching request.",
1154 voter
->nickname
, id_digest_str
, sk_digest_str
);
1157 "We're missing a certificate from authority ID digest "
1158 "%s with signing key %s: launching request.",
1159 id_digest_str
, sk_digest_str
);
1162 /* Allocate a new fp_pair_t to append */
1163 fp_tmp
= tor_malloc(sizeof(*fp_tmp
));
1164 memcpy(fp_tmp
->first
, voter
->identity_digest
, sizeof(fp_tmp
->first
));
1165 memcpy(fp_tmp
->second
, sig
->signing_key_digest
,
1166 sizeof(fp_tmp
->second
));
1167 smartlist_add(missing_cert_digests
, fp_tmp
);
1169 } SMARTLIST_FOREACH_END(sig
);
1170 } SMARTLIST_FOREACH_END(voter
);
1173 /* Bridge clients look up the node for the dir_hint */
1174 const node_t
*node
= NULL
;
1175 /* All clients, including bridge clients, look up the routerstatus for the
1177 const routerstatus_t
*rs
= NULL
;
1179 /* If we still need certificates, try the directory that just successfully
1180 * served us a consensus or certificates.
1181 * As soon as the directory fails to provide additional certificates, we try
1182 * another, randomly selected directory. This avoids continual retries.
1183 * (We only ever have one outstanding request per certificate.)
1186 if (options
->UseBridges
) {
1187 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1188 * or something else fetched over tor, we won't find the node here, but
1189 * we will find the rs. */
1190 node
= node_get_by_id(dir_hint
);
1193 /* All clients try the consensus routerstatus, then the fallback
1195 rs
= router_get_consensus_status_by_id(dir_hint
);
1197 /* This will also find authorities */
1198 const dir_server_t
*ds
= router_get_fallback_dirserver_by_digest(
1201 rs
= &ds
->fake_status
;
1206 log_warn(LD_BUG
, "Directory %s delivered a consensus, but %s"
1207 "no routerstatus could be found for it.",
1208 options
->UseBridges
? "no node and " : "",
1209 hex_str(dir_hint
, DIGEST_LEN
));
1213 /* Do downloads by identity digest */
1214 if (smartlist_len(missing_id_digests
) > 0) {
1216 smartlist_t
*fps
= smartlist_new();
1218 smartlist_add_strdup(fps
, "fp/");
1220 SMARTLIST_FOREACH_BEGIN(missing_id_digests
, const char *, d
) {
1223 if (digestmap_get(pending_id
, d
))
1226 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1230 tor_asprintf(&fp
, "+%s", id_digest_str
);
1232 /* No need for tor_asprintf() in this case; first one gets no '+' */
1233 fp
= tor_strdup(id_digest_str
);
1237 smartlist_add(fps
, fp
);
1238 } SMARTLIST_FOREACH_END(d
);
1240 if (smartlist_len(fps
) > 1) {
1241 resource
= smartlist_join_strings(fps
, "", 0, NULL
);
1242 /* node and rs are directories that just gave us a consensus or
1244 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1247 /* else we didn't add any: they were all pending */
1249 SMARTLIST_FOREACH(fps
, char *, cp
, tor_free(cp
));
1250 smartlist_free(fps
);
1253 /* Do downloads by identity digest/signing key pair */
1254 if (smartlist_len(missing_cert_digests
) > 0) {
1256 smartlist_t
*fp_pairs
= smartlist_new();
1258 smartlist_add_strdup(fp_pairs
, "fp-sk/");
1260 SMARTLIST_FOREACH_BEGIN(missing_cert_digests
, const fp_pair_t
*, d
) {
1261 char *fp_pair
= NULL
;
1263 if (fp_pair_map_get(pending_cert
, d
))
1266 /* Construct string encodings of the digests */
1267 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1268 d
->first
, DIGEST_LEN
);
1269 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1270 d
->second
, DIGEST_LEN
);
1272 /* Now tor_asprintf() */
1274 tor_asprintf(&fp_pair
, "+%s-%s", id_digest_str
, sk_digest_str
);
1276 /* First one in the list doesn't get a '+' */
1277 tor_asprintf(&fp_pair
, "%s-%s", id_digest_str
, sk_digest_str
);
1281 /* Add it to the list of pairs to request */
1282 smartlist_add(fp_pairs
, fp_pair
);
1283 } SMARTLIST_FOREACH_END(d
);
1285 if (smartlist_len(fp_pairs
) > 1) {
1286 resource
= smartlist_join_strings(fp_pairs
, "", 0, NULL
);
1287 /* node and rs are directories that just gave us a consensus or
1289 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1292 /* else they were all pending */
1294 SMARTLIST_FOREACH(fp_pairs
, char *, p
, tor_free(p
));
1295 smartlist_free(fp_pairs
);
1298 smartlist_free(missing_id_digests
);
1299 SMARTLIST_FOREACH(missing_cert_digests
, fp_pair_t
*, p
, tor_free(p
));
1300 smartlist_free(missing_cert_digests
);
1301 digestmap_free(pending_id
, NULL
);
1302 fp_pair_map_free(pending_cert
, NULL
);
1305 /* Router descriptor storage.
1307 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1308 * routerdescs arrive, we append them to a journal file named
1309 * "cached-descriptors.new".
1311 * From time to time, we replace "cached-descriptors" with a new file
1312 * containing only the live, non-superseded descriptors, and clear
1313 * cached-routers.new.
1315 * On startup, we read both files.
1318 /** Helper: return 1 iff the router log is so big we want to rebuild the
1321 router_should_rebuild_store(desc_store_t
*store
)
1323 if (store
->store_len
> (1<<16))
1324 return (store
->journal_len
> store
->store_len
/ 2 ||
1325 store
->bytes_dropped
> store
->store_len
/ 2);
1327 return store
->journal_len
> (1<<15);
1330 /** Return the desc_store_t in <b>rl</b> that should be used to store
1332 static inline desc_store_t
*
1333 desc_get_store(routerlist_t
*rl
, const signed_descriptor_t
*sd
)
1335 if (sd
->is_extrainfo
)
1336 return &rl
->extrainfo_store
;
1338 return &rl
->desc_store
;
1341 /** Add the signed_descriptor_t in <b>desc</b> to the router
1342 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1343 * offset appropriately. */
1345 signed_desc_append_to_journal(signed_descriptor_t
*desc
,
1346 desc_store_t
*store
)
1348 char *fname
= get_cachedir_fname_suffix(store
->fname_base
, ".new");
1349 const char *body
= signed_descriptor_get_body_impl(desc
,1);
1350 size_t len
= desc
->signed_descriptor_len
+ desc
->annotations_len
;
1352 if (append_bytes_to_file(fname
, body
, len
, 1)) {
1353 log_warn(LD_FS
, "Unable to store router descriptor");
1357 desc
->saved_location
= SAVED_IN_JOURNAL
;
1360 desc
->saved_offset
= store
->journal_len
;
1361 store
->journal_len
+= len
;
1366 /** Sorting helper: return <0, 0, or >0 depending on whether the
1367 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1368 * the signed_descriptor_t* in *<b>b</b>. */
1370 compare_signed_descriptors_by_age_(const void **_a
, const void **_b
)
1372 const signed_descriptor_t
*r1
= *_a
, *r2
= *_b
;
1373 return (int)(r1
->published_on
- r2
->published_on
);
1377 #define RRS_DONT_REMOVE_OLD 2
1379 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1380 * <b>flags</b>, then atomically replace the saved router store with the
1381 * routers currently in our routerlist, and clear the journal. Unless
1382 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1383 * rebuilding the store. Return 0 on success, -1 on failure.
1386 router_rebuild_store(int flags
, desc_store_t
*store
)
1388 smartlist_t
*chunk_list
= NULL
;
1389 char *fname
= NULL
, *fname_tmp
= NULL
;
1392 smartlist_t
*signed_descriptors
= NULL
;
1394 size_t total_expected_len
= 0;
1396 int force
= flags
& RRS_FORCE
;
1398 if (!force
&& !router_should_rebuild_store(store
)) {
1407 if (store
->type
== EXTRAINFO_STORE
)
1408 had_any
= !eimap_isempty(routerlist
->extra_info_map
);
1410 had_any
= (smartlist_len(routerlist
->routers
)+
1411 smartlist_len(routerlist
->old_routers
))>0;
1413 /* Don't save deadweight. */
1414 if (!(flags
& RRS_DONT_REMOVE_OLD
))
1415 routerlist_remove_old_routers();
1417 log_info(LD_DIR
, "Rebuilding %s cache", store
->description
);
1419 fname
= get_cachedir_fname(store
->fname_base
);
1420 fname_tmp
= get_cachedir_fname_suffix(store
->fname_base
, ".tmp");
1422 chunk_list
= smartlist_new();
1424 /* We sort the routers by age to enhance locality on disk. */
1425 signed_descriptors
= smartlist_new();
1426 if (store
->type
== EXTRAINFO_STORE
) {
1428 for (iter
= eimap_iter_init(routerlist
->extra_info_map
);
1429 !eimap_iter_done(iter
);
1430 iter
= eimap_iter_next(routerlist
->extra_info_map
, iter
)) {
1433 eimap_iter_get(iter
, &key
, &ei
);
1434 smartlist_add(signed_descriptors
, &ei
->cache_info
);
1437 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
1438 smartlist_add(signed_descriptors
, sd
));
1439 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, ri
,
1440 smartlist_add(signed_descriptors
, &ri
->cache_info
));
1443 smartlist_sort(signed_descriptors
, compare_signed_descriptors_by_age_
);
1445 /* Now, add the appropriate members to chunk_list */
1446 SMARTLIST_FOREACH_BEGIN(signed_descriptors
, signed_descriptor_t
*, sd
) {
1448 const char *body
= signed_descriptor_get_body_impl(sd
, 1);
1450 log_warn(LD_BUG
, "No descriptor available for router.");
1453 if (sd
->do_not_cache
) {
1457 c
= tor_malloc(sizeof(sized_chunk_t
));
1459 c
->len
= sd
->signed_descriptor_len
+ sd
->annotations_len
;
1460 total_expected_len
+= c
->len
;
1461 smartlist_add(chunk_list
, c
);
1462 } SMARTLIST_FOREACH_END(sd
);
1464 if (write_chunks_to_file(fname_tmp
, chunk_list
, 1, 1)<0) {
1465 log_warn(LD_FS
, "Error writing router store to disk.");
1469 /* Our mmap is now invalid. */
1471 int res
= tor_munmap_file(store
->mmap
);
1474 log_warn(LD_FS
, "Unable to munmap route store in %s", fname
);
1478 if (replace_file(fname_tmp
, fname
)<0) {
1479 log_warn(LD_FS
, "Error replacing old router store: %s", strerror(errno
));
1484 store
->mmap
= tor_mmap_file(fname
);
1485 if (! store
->mmap
) {
1486 if (errno
== ERANGE
) {
1488 if (total_expected_len
) {
1489 log_warn(LD_FS
, "We wrote some bytes to a new descriptor file at '%s',"
1490 " but when we went to mmap it, it was empty!", fname
);
1491 } else if (had_any
) {
1492 log_info(LD_FS
, "We just removed every descriptor in '%s'. This is "
1493 "okay if we're just starting up after a long time. "
1494 "Otherwise, it's a bug.", fname
);
1497 log_warn(LD_FS
, "Unable to mmap new descriptor file at '%s'.",fname
);
1501 log_info(LD_DIR
, "Reconstructing pointers into cache");
1504 SMARTLIST_FOREACH_BEGIN(signed_descriptors
, signed_descriptor_t
*, sd
) {
1505 if (sd
->do_not_cache
)
1507 sd
->saved_location
= SAVED_IN_CACHE
;
1509 tor_free(sd
->signed_descriptor_body
); // sets it to null
1510 sd
->saved_offset
= offset
;
1512 offset
+= sd
->signed_descriptor_len
+ sd
->annotations_len
;
1513 signed_descriptor_get_body(sd
); /* reconstruct and assert */
1514 } SMARTLIST_FOREACH_END(sd
);
1517 fname
= get_cachedir_fname_suffix(store
->fname_base
, ".new");
1518 write_str_to_file(fname
, "", 1);
1521 store
->store_len
= (size_t) offset
;
1522 store
->journal_len
= 0;
1523 store
->bytes_dropped
= 0;
1525 smartlist_free(signed_descriptors
);
1527 tor_free(fname_tmp
);
1529 SMARTLIST_FOREACH(chunk_list
, sized_chunk_t
*, c
, tor_free(c
));
1530 smartlist_free(chunk_list
);
1536 /** Helper: Reload a cache file and its associated journal, setting metadata
1537 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1538 * else reload the router descriptor store. */
1540 router_reload_router_list_impl(desc_store_t
*store
)
1542 char *fname
= NULL
, *contents
= NULL
;
1544 int extrainfo
= (store
->type
== EXTRAINFO_STORE
);
1545 store
->journal_len
= store
->store_len
= 0;
1547 fname
= get_cachedir_fname(store
->fname_base
);
1550 /* get rid of it first */
1551 int res
= tor_munmap_file(store
->mmap
);
1554 log_warn(LD_FS
, "Failed to munmap %s", fname
);
1560 store
->mmap
= tor_mmap_file(fname
);
1562 store
->store_len
= store
->mmap
->size
;
1564 router_load_extrainfo_from_string(store
->mmap
->data
,
1565 store
->mmap
->data
+store
->mmap
->size
,
1566 SAVED_IN_CACHE
, NULL
, 0);
1568 router_load_routers_from_string(store
->mmap
->data
,
1569 store
->mmap
->data
+store
->mmap
->size
,
1570 SAVED_IN_CACHE
, NULL
, 0, NULL
);
1574 fname
= get_cachedir_fname_suffix(store
->fname_base
, ".new");
1575 /* don't load empty files - we wouldn't get any data, even if we tried */
1576 if (file_status(fname
) == FN_FILE
)
1577 contents
= read_file_to_str(fname
, RFTS_BIN
|RFTS_IGNORE_MISSING
, &st
);
1580 router_load_extrainfo_from_string(contents
, NULL
,SAVED_IN_JOURNAL
,
1583 router_load_routers_from_string(contents
, NULL
, SAVED_IN_JOURNAL
,
1585 store
->journal_len
= (size_t) st
.st_size
;
1591 if (store
->journal_len
) {
1592 /* Always clear the journal on startup.*/
1593 router_rebuild_store(RRS_FORCE
, store
);
1594 } else if (!extrainfo
) {
1595 /* Don't cache expired routers. (This is in an else because
1596 * router_rebuild_store() also calls remove_old_routers().) */
1597 routerlist_remove_old_routers();
1603 /** Load all cached router descriptors and extra-info documents from the
1604 * store. Return 0 on success and -1 on failure.
1607 router_reload_router_list(void)
1609 routerlist_t
*rl
= router_get_routerlist();
1610 if (router_reload_router_list_impl(&rl
->desc_store
))
1612 if (router_reload_router_list_impl(&rl
->extrainfo_store
))
1617 /** Return a smartlist containing a list of dir_server_t * for all
1618 * known trusted dirservers. Callers must not modify the list or its
1622 router_get_trusted_dir_servers(void)
1624 if (!trusted_dir_servers
)
1625 trusted_dir_servers
= smartlist_new();
1627 return trusted_dir_servers
;
1631 router_get_fallback_dir_servers(void)
1633 if (!fallback_dir_servers
)
1634 fallback_dir_servers
= smartlist_new();
1636 return fallback_dir_servers
;
1639 /** Try to find a running dirserver that supports operations of <b>type</b>.
1641 * If there are no running dirservers in our routerlist and the
1642 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1643 * (including authorities) as running again, and pick one.
1645 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1646 * dirservers that we can't reach.
1648 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1649 * (if we're a dirserver).
1651 * Don't pick a fallback directory mirror if any non-fallback is viable;
1652 * (the fallback directory mirrors include the authorities)
1653 * try to avoid using servers that have returned 503 recently.
1655 const routerstatus_t
*
1656 router_pick_directory_server(dirinfo_type_t type
, int flags
)
1659 const routerstatus_t
*choice
;
1664 choice
= router_pick_directory_server_impl(type
, flags
, &busy
);
1665 if (choice
|| !(flags
& PDS_RETRY_IF_NO_SERVERS
))
1669 /* If the reason that we got no server is that servers are "busy",
1670 * we must be excluding good servers because we already have serverdesc
1671 * fetches with them. Do not mark down servers up because of this. */
1672 tor_assert((flags
& (PDS_NO_EXISTING_SERVERDESC_FETCH
|
1673 PDS_NO_EXISTING_MICRODESC_FETCH
)));
1678 "No reachable router entries for dirservers. "
1679 "Trying them all again.");
1680 /* mark all fallback directory mirrors as up again */
1681 mark_all_dirservers_up(fallback_dir_servers
);
1683 choice
= router_pick_directory_server_impl(type
, flags
, NULL
);
1687 /** Return the dir_server_t for the directory authority whose identity
1688 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1691 router_get_trusteddirserver_by_digest(const char *digest
)
1693 if (!trusted_dir_servers
)
1696 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
1698 if (tor_memeq(ds
->digest
, digest
, DIGEST_LEN
))
1705 /** Return the dir_server_t for the fallback dirserver whose identity
1706 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1707 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1708 * and UseDefaultFallbackDirs torrc options.)
1709 * The list of fallback directories includes the list of authorities.
1712 router_get_fallback_dirserver_by_digest(const char *digest
)
1714 if (!fallback_dir_servers
)
1720 SMARTLIST_FOREACH(fallback_dir_servers
, dir_server_t
*, ds
,
1722 if (tor_memeq(ds
->digest
, digest
, DIGEST_LEN
))
1729 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1730 * or 0 if no such fallback is in the list of fallback_dir_servers.
1731 * (fallback_dir_servers is affected by the FallbackDir and
1732 * UseDefaultFallbackDirs torrc options.)
1733 * The list of fallback directories includes the list of authorities.
1736 router_digest_is_fallback_dir(const char *digest
)
1738 return (router_get_fallback_dirserver_by_digest(digest
) != NULL
);
1741 /** Return the dir_server_t for the directory authority whose
1742 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1745 MOCK_IMPL(dir_server_t
*,
1746 trusteddirserver_get_by_v3_auth_digest
, (const char *digest
))
1748 if (!trusted_dir_servers
)
1751 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
1753 if (tor_memeq(ds
->v3_identity_digest
, digest
, DIGEST_LEN
) &&
1754 (ds
->type
& V3_DIRINFO
))
1761 /** Try to find a running directory authority. Flags are as for
1762 * router_pick_directory_server.
1764 const routerstatus_t
*
1765 router_pick_trusteddirserver(dirinfo_type_t type
, int flags
)
1767 return router_pick_dirserver_generic(trusted_dir_servers
, type
, flags
);
1770 /** Try to find a running fallback directory. Flags are as for
1771 * router_pick_directory_server.
1773 const routerstatus_t
*
1774 router_pick_fallback_dirserver(dirinfo_type_t type
, int flags
)
1776 return router_pick_dirserver_generic(fallback_dir_servers
, type
, flags
);
1779 /** Try to find a running fallback directory. Flags are as for
1780 * router_pick_directory_server.
1782 static const routerstatus_t
*
1783 router_pick_dirserver_generic(smartlist_t
*sourcelist
,
1784 dirinfo_type_t type
, int flags
)
1786 const routerstatus_t
*choice
;
1789 choice
= router_pick_trusteddirserver_impl(sourcelist
, type
, flags
, &busy
);
1790 if (choice
|| !(flags
& PDS_RETRY_IF_NO_SERVERS
))
1793 /* If the reason that we got no server is that servers are "busy",
1794 * we must be excluding good servers because we already have serverdesc
1795 * fetches with them. Do not mark down servers up because of this. */
1796 tor_assert((flags
& (PDS_NO_EXISTING_SERVERDESC_FETCH
|
1797 PDS_NO_EXISTING_MICRODESC_FETCH
)));
1802 "No dirservers are reachable. Trying them all again.");
1803 mark_all_dirservers_up(sourcelist
);
1804 return router_pick_trusteddirserver_impl(sourcelist
, type
, flags
, NULL
);
1807 /* Check if we already have a directory fetch from ap, for serverdesc
1808 * (including extrainfo) or microdesc documents.
1809 * If so, return 1, if not, return 0.
1810 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1813 router_is_already_dir_fetching(const tor_addr_port_t
*ap
, int serverdesc
,
1816 if (!ap
|| tor_addr_is_null(&ap
->addr
) || !ap
->port
) {
1820 /* XX/teor - we're not checking tunnel connections here, see #17848
1823 connection_get_by_type_addr_port_purpose(
1824 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_SERVERDESC
)
1825 || connection_get_by_type_addr_port_purpose(
1826 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_EXTRAINFO
))) {
1831 connection_get_by_type_addr_port_purpose(
1832 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_MICRODESC
))) {
1839 /* Check if we already have a directory fetch from the ipv4 or ipv6
1840 * router, for serverdesc (including extrainfo) or microdesc documents.
1841 * If so, return 1, if not, return 0.
1844 router_is_already_dir_fetching_(uint32_t ipv4_addr
,
1845 const tor_addr_t
*ipv6_addr
,
1850 tor_addr_port_t ipv4_dir_ap
, ipv6_dir_ap
;
1852 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1853 tor_addr_from_ipv4h(&ipv4_dir_ap
.addr
, ipv4_addr
);
1854 ipv4_dir_ap
.port
= dir_port
;
1855 tor_addr_copy(&ipv6_dir_ap
.addr
, ipv6_addr
);
1856 ipv6_dir_ap
.port
= dir_port
;
1858 return (router_is_already_dir_fetching(&ipv4_dir_ap
, serverdesc
, microdesc
)
1859 || router_is_already_dir_fetching(&ipv6_dir_ap
, serverdesc
, microdesc
));
1862 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1863 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1866 /* Log a message if rs is not found or not a preferred address */
1868 router_picked_poor_directory_log(const routerstatus_t
*rs
)
1870 const networkstatus_t
*usable_consensus
;
1871 usable_consensus
= networkstatus_get_reasonably_live_consensus(time(NULL
),
1872 usable_consensus_flavor());
1874 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1875 /* Don't log early in the bootstrap process, it's normal to pick from a
1876 * small pool of nodes. Of course, this won't help if we're trying to
1877 * diagnose bootstrap issues. */
1878 if (!smartlist_len(nodelist_get_list()) || !usable_consensus
1879 || !router_have_minimum_dir_info()) {
1882 #endif /* !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP */
1884 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1885 * Sometimes this is normal, sometimes it can be a reachability issue. */
1887 /* This happens a lot, so it's at debug level */
1888 log_debug(LD_DIR
, "Wanted to make an outgoing directory connection, but "
1889 "we couldn't find a directory that fit our criteria. "
1890 "Perhaps we will succeed next time with less strict criteria.");
1891 } else if (!fascist_firewall_allows_rs(rs
, FIREWALL_OR_CONNECTION
, 1)
1892 && !fascist_firewall_allows_rs(rs
, FIREWALL_DIR_CONNECTION
, 1)
1894 /* This is rare, and might be interesting to users trying to diagnose
1895 * connection issues on dual-stack machines. */
1896 log_info(LD_DIR
, "Selected a directory %s with non-preferred OR and Dir "
1897 "addresses for launching an outgoing connection: "
1898 "IPv4 %s OR %d Dir %d IPv6 %s OR %d Dir %d",
1899 routerstatus_describe(rs
),
1900 fmt_addr32(rs
->addr
), rs
->or_port
,
1901 rs
->dir_port
, fmt_addr(&rs
->ipv6_addr
),
1902 rs
->ipv6_orport
, rs
->dir_port
);
1906 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1908 /** How long do we avoid using a directory server after it's given us a 503? */
1909 #define DIR_503_TIMEOUT (60*60)
1911 /* Common retry code for router_pick_directory_server_impl and
1912 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1913 * Must be called before RETRY_WITHOUT_EXCLUDE().
1915 * If we got no result, and we are applying IP preferences, and we are a
1916 * client that could use an alternate IP version, try again with the
1917 * opposite preferences. */
1918 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1920 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1921 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1930 /* Common retry code for router_pick_directory_server_impl and
1931 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1932 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1934 * If we got no result, and we are excluding nodes, and StrictNodes is
1935 * not set, try again without excluding nodes. */
1936 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1938 if (result == NULL && try_excluding && !options->StrictNodes \
1939 && n_excluded && !n_busy) { \
1940 try_excluding = 0; \
1948 /* Common code used in the loop within router_pick_directory_server_impl and
1949 * router_pick_trusteddirserver_impl.
1951 * Check if the given <b>identity</b> supports extrainfo. If not, skip further
1954 #define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \
1956 int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \
1957 (identity), EXTRAINFO_DIRINFO); \
1958 if (((type) & EXTRAINFO_DIRINFO) && \
1959 !router_supports_extrainfo((identity), is_trusted_extrainfo)) \
1963 /* When iterating through the routerlist, can OR address/port preference
1964 * and reachability checks be skipped?
1967 router_skip_or_reachability(const or_options_t
*options
, int try_ip_pref
)
1969 /* Servers always have and prefer IPv4.
1970 * And if clients are checking against the firewall for reachability only,
1971 * but there's no firewall, don't bother checking */
1972 return server_mode(options
) || (!try_ip_pref
&& !firewall_is_fascist_or());
1975 /* When iterating through the routerlist, can Dir address/port preference
1976 * and reachability checks be skipped?
1979 router_skip_dir_reachability(const or_options_t
*options
, int try_ip_pref
)
1981 /* Servers always have and prefer IPv4.
1982 * And if clients are checking against the firewall for reachability only,
1983 * but there's no firewall, don't bother checking */
1984 return server_mode(options
) || (!try_ip_pref
&& !firewall_is_fascist_dir());
1987 /** Pick a random running valid directory server/mirror from our
1988 * routerlist. Arguments are as for router_pick_directory_server(), except:
1990 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1991 * directories that we excluded for no other reason than
1992 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1994 STATIC
const routerstatus_t
*
1995 router_pick_directory_server_impl(dirinfo_type_t type
, int flags
,
1998 const or_options_t
*options
= get_options();
1999 const node_t
*result
;
2000 smartlist_t
*direct
, *tunnel
;
2001 smartlist_t
*trusted_direct
, *trusted_tunnel
;
2002 smartlist_t
*overloaded_direct
, *overloaded_tunnel
;
2003 time_t now
= time(NULL
);
2004 const networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
2005 const int requireother
= ! (flags
& PDS_ALLOW_SELF
);
2006 const int fascistfirewall
= ! (flags
& PDS_IGNORE_FASCISTFIREWALL
);
2007 const int no_serverdesc_fetching
=(flags
& PDS_NO_EXISTING_SERVERDESC_FETCH
);
2008 const int no_microdesc_fetching
= (flags
& PDS_NO_EXISTING_MICRODESC_FETCH
);
2009 int try_excluding
= 1, n_excluded
= 0, n_busy
= 0;
2010 int try_ip_pref
= 1;
2017 direct
= smartlist_new();
2018 tunnel
= smartlist_new();
2019 trusted_direct
= smartlist_new();
2020 trusted_tunnel
= smartlist_new();
2021 overloaded_direct
= smartlist_new();
2022 overloaded_tunnel
= smartlist_new();
2024 const int skip_or_fw
= router_skip_or_reachability(options
, try_ip_pref
);
2025 const int skip_dir_fw
= router_skip_dir_reachability(options
, try_ip_pref
);
2026 const int must_have_or
= directory_must_use_begindir(options
);
2028 /* Find all the running dirservers we know about. */
2029 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t
*, node
) {
2032 const routerstatus_t
*status
= node
->rs
;
2033 const country_t country
= node
->country
;
2037 if (!node
->is_running
|| !node_is_dir(node
) || !node
->is_valid
)
2039 if (requireother
&& router_digest_is_me(node
->identity
))
2042 SKIP_MISSING_TRUSTED_EXTRAINFO(type
, node
->identity
);
2044 if (try_excluding
&&
2045 routerset_contains_routerstatus(options
->ExcludeNodes
, status
,
2051 if (router_is_already_dir_fetching_(status
->addr
,
2054 no_serverdesc_fetching
,
2055 no_microdesc_fetching
)) {
2060 is_overloaded
= status
->last_dir_503_at
+ DIR_503_TIMEOUT
> now
;
2061 is_trusted
= router_digest_is_trusted_dir(node
->identity
);
2063 /* Clients use IPv6 addresses if the server has one and the client
2065 * Add the router if its preferred address and port are reachable.
2066 * If we don't get any routers, we'll try again with the non-preferred
2067 * address for each router (if any). (To ensure correct load-balancing
2068 * we try routers that only have one address both times.)
2070 if (!fascistfirewall
|| skip_or_fw
||
2071 fascist_firewall_allows_node(node
, FIREWALL_OR_CONNECTION
,
2073 smartlist_add(is_trusted
? trusted_tunnel
:
2074 is_overloaded
? overloaded_tunnel
: tunnel
, (void*)node
);
2075 else if (!must_have_or
&& (skip_dir_fw
||
2076 fascist_firewall_allows_node(node
, FIREWALL_DIR_CONNECTION
,
2078 smartlist_add(is_trusted
? trusted_direct
:
2079 is_overloaded
? overloaded_direct
: direct
, (void*)node
);
2080 } SMARTLIST_FOREACH_END(node
);
2082 if (smartlist_len(tunnel
)) {
2083 result
= node_sl_choose_by_bandwidth(tunnel
, WEIGHT_FOR_DIR
);
2084 } else if (smartlist_len(overloaded_tunnel
)) {
2085 result
= node_sl_choose_by_bandwidth(overloaded_tunnel
,
2087 } else if (smartlist_len(trusted_tunnel
)) {
2088 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2089 * yet. Maybe one day we should. */
2090 /* FFFF We also don't load balance over authorities yet. I think this
2091 * is a feature, but it could easily be a bug. -RD */
2092 result
= smartlist_choose(trusted_tunnel
);
2093 } else if (smartlist_len(direct
)) {
2094 result
= node_sl_choose_by_bandwidth(direct
, WEIGHT_FOR_DIR
);
2095 } else if (smartlist_len(overloaded_direct
)) {
2096 result
= node_sl_choose_by_bandwidth(overloaded_direct
,
2099 result
= smartlist_choose(trusted_direct
);
2101 smartlist_free(direct
);
2102 smartlist_free(tunnel
);
2103 smartlist_free(trusted_direct
);
2104 smartlist_free(trusted_tunnel
);
2105 smartlist_free(overloaded_direct
);
2106 smartlist_free(overloaded_tunnel
);
2108 RETRY_ALTERNATE_IP_VERSION(retry_search
);
2110 RETRY_WITHOUT_EXCLUDE(retry_search
);
2113 *n_busy_out
= n_busy
;
2115 router_picked_poor_directory_log(result
? result
->rs
: NULL
);
2117 return result
? result
->rs
: NULL
;
2120 /** Pick a random element from a list of dir_server_t, weighting by their
2121 * <b>weight</b> field. */
2122 static const dir_server_t
*
2123 dirserver_choose_by_weight(const smartlist_t
*servers
, double authority_weight
)
2125 int n
= smartlist_len(servers
);
2127 double *weights_dbl
;
2128 uint64_t *weights_u64
;
2129 const dir_server_t
*ds
;
2131 weights_dbl
= tor_calloc(n
, sizeof(double));
2132 weights_u64
= tor_calloc(n
, sizeof(uint64_t));
2133 for (i
= 0; i
< n
; ++i
) {
2134 ds
= smartlist_get(servers
, i
);
2135 weights_dbl
[i
] = ds
->weight
;
2136 if (ds
->is_authority
)
2137 weights_dbl
[i
] *= authority_weight
;
2140 scale_array_elements_to_u64(weights_u64
, weights_dbl
, n
, NULL
);
2141 i
= choose_array_element_by_weight(weights_u64
, n
);
2142 tor_free(weights_dbl
);
2143 tor_free(weights_u64
);
2144 return (i
< 0) ? NULL
: smartlist_get(servers
, i
);
2147 /** Choose randomly from among the dir_server_ts in sourcelist that
2148 * are up. Flags are as for router_pick_directory_server_impl().
2150 static const routerstatus_t
*
2151 router_pick_trusteddirserver_impl(const smartlist_t
*sourcelist
,
2152 dirinfo_type_t type
, int flags
,
2155 const or_options_t
*options
= get_options();
2156 smartlist_t
*direct
, *tunnel
;
2157 smartlist_t
*overloaded_direct
, *overloaded_tunnel
;
2158 const routerinfo_t
*me
= router_get_my_routerinfo();
2159 const routerstatus_t
*result
= NULL
;
2160 time_t now
= time(NULL
);
2161 const int requireother
= ! (flags
& PDS_ALLOW_SELF
);
2162 const int fascistfirewall
= ! (flags
& PDS_IGNORE_FASCISTFIREWALL
);
2163 const int no_serverdesc_fetching
=(flags
& PDS_NO_EXISTING_SERVERDESC_FETCH
);
2164 const int no_microdesc_fetching
=(flags
& PDS_NO_EXISTING_MICRODESC_FETCH
);
2165 const double auth_weight
= (sourcelist
== fallback_dir_servers
) ?
2166 options
->DirAuthorityFallbackRate
: 1.0;
2167 smartlist_t
*pick_from
;
2169 int try_excluding
= 1, n_excluded
= 0;
2170 int try_ip_pref
= 1;
2177 direct
= smartlist_new();
2178 tunnel
= smartlist_new();
2179 overloaded_direct
= smartlist_new();
2180 overloaded_tunnel
= smartlist_new();
2182 const int skip_or_fw
= router_skip_or_reachability(options
, try_ip_pref
);
2183 const int skip_dir_fw
= router_skip_dir_reachability(options
, try_ip_pref
);
2184 const int must_have_or
= directory_must_use_begindir(options
);
2186 SMARTLIST_FOREACH_BEGIN(sourcelist
, const dir_server_t
*, d
)
2189 d
->fake_status
.last_dir_503_at
+ DIR_503_TIMEOUT
> now
;
2190 if (!d
->is_running
) continue;
2191 if ((type
& d
->type
) == 0)
2194 SKIP_MISSING_TRUSTED_EXTRAINFO(type
, d
->digest
);
2196 if (requireother
&& me
&& router_digest_is_me(d
->digest
))
2198 if (try_excluding
&&
2199 routerset_contains_routerstatus(options
->ExcludeNodes
,
2200 &d
->fake_status
, -1)) {
2205 if (router_is_already_dir_fetching_(d
->addr
,
2208 no_serverdesc_fetching
,
2209 no_microdesc_fetching
)) {
2214 /* Clients use IPv6 addresses if the server has one and the client
2216 * Add the router if its preferred address and port are reachable.
2217 * If we don't get any routers, we'll try again with the non-preferred
2218 * address for each router (if any). (To ensure correct load-balancing
2219 * we try routers that only have one address both times.)
2221 if (!fascistfirewall
|| skip_or_fw
||
2222 fascist_firewall_allows_dir_server(d
, FIREWALL_OR_CONNECTION
,
2224 smartlist_add(is_overloaded
? overloaded_tunnel
: tunnel
, (void*)d
);
2225 else if (!must_have_or
&& (skip_dir_fw
||
2226 fascist_firewall_allows_dir_server(d
, FIREWALL_DIR_CONNECTION
,
2228 smartlist_add(is_overloaded
? overloaded_direct
: direct
, (void*)d
);
2230 SMARTLIST_FOREACH_END(d
);
2232 if (smartlist_len(tunnel
)) {
2234 } else if (smartlist_len(overloaded_tunnel
)) {
2235 pick_from
= overloaded_tunnel
;
2236 } else if (smartlist_len(direct
)) {
2239 pick_from
= overloaded_direct
;
2243 const dir_server_t
*selection
=
2244 dirserver_choose_by_weight(pick_from
, auth_weight
);
2247 result
= &selection
->fake_status
;
2250 smartlist_free(direct
);
2251 smartlist_free(tunnel
);
2252 smartlist_free(overloaded_direct
);
2253 smartlist_free(overloaded_tunnel
);
2255 RETRY_ALTERNATE_IP_VERSION(retry_search
);
2257 RETRY_WITHOUT_EXCLUDE(retry_search
);
2259 router_picked_poor_directory_log(result
);
2262 *n_busy_out
= n_busy
;
2266 /** Mark as running every dir_server_t in <b>server_list</b>. */
2268 mark_all_dirservers_up(smartlist_t
*server_list
)
2271 SMARTLIST_FOREACH_BEGIN(server_list
, dir_server_t
*, dir
) {
2274 dir
->is_running
= 1;
2275 node
= node_get_mutable_by_id(dir
->digest
);
2277 node
->is_running
= 1;
2278 rs
= router_get_mutable_consensus_status_by_id(dir
->digest
);
2280 rs
->last_dir_503_at
= 0;
2281 control_event_networkstatus_changed_single(rs
);
2283 } SMARTLIST_FOREACH_END(dir
);
2285 router_dir_info_changed();
2288 /** Return true iff r1 and r2 have the same address and OR port. */
2290 routers_have_same_or_addrs(const routerinfo_t
*r1
, const routerinfo_t
*r2
)
2292 return r1
->addr
== r2
->addr
&& r1
->or_port
== r2
->or_port
&&
2293 tor_addr_eq(&r1
->ipv6_addr
, &r2
->ipv6_addr
) &&
2294 r1
->ipv6_orport
== r2
->ipv6_orport
;
2297 /** Reset all internal variables used to count failed downloads of network
2298 * status objects. */
2300 router_reset_status_download_failures(void)
2302 mark_all_dirservers_up(fallback_dir_servers
);
2305 /** Given a <b>router</b>, add every node_t in its family (including the
2306 * node itself!) to <b>sl</b>.
2308 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2312 routerlist_add_node_and_family(smartlist_t
*sl
, const routerinfo_t
*router
)
2316 const node_t
*node
= node_get_by_id(router
->cache_info
.identity_digest
);
2318 memset(&fake_node
, 0, sizeof(fake_node
));
2319 fake_node
.ri
= (routerinfo_t
*)router
;
2320 memcpy(fake_node
.identity
, router
->cache_info
.identity_digest
, DIGEST_LEN
);
2323 nodelist_add_node_and_family(sl
, node
);
2326 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2327 * we can pick a node for a circuit.
2330 router_add_running_nodes_to_smartlist(smartlist_t
*sl
, int need_uptime
,
2331 int need_capacity
, int need_guard
,
2332 int need_desc
, int pref_addr
,
2335 const int check_reach
= !router_skip_or_reachability(get_options(),
2338 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t
*, node
) {
2339 if (!node
->is_running
|| !node
->is_valid
)
2341 if (need_desc
&& !node_has_preferred_descriptor(node
, direct_conn
))
2343 if (node
->ri
&& node
->ri
->purpose
!= ROUTER_PURPOSE_GENERAL
)
2345 if (node_is_unreliable(node
, need_uptime
, need_capacity
, need_guard
))
2347 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2348 if (node
->rs
&& !routerstatus_version_supports_extend2_cells(node
->rs
, 1))
2350 /* Don't choose nodes if we are certain they can't do ntor. */
2351 if ((node
->ri
|| node
->md
) && !node_has_curve25519_onion_key(node
))
2353 /* Choose a node with an OR address that matches the firewall rules */
2354 if (direct_conn
&& check_reach
&&
2355 !fascist_firewall_allows_node(node
,
2356 FIREWALL_OR_CONNECTION
,
2360 smartlist_add(sl
, (void *)node
);
2361 } SMARTLIST_FOREACH_END(node
);
2364 /** Look through the routerlist until we find a router that has my key.
2366 const routerinfo_t
*
2367 routerlist_find_my_routerinfo(void)
2372 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, router
,
2374 if (router_is_me(router
))
2380 /** Return the smaller of the router's configured BandwidthRate
2381 * and its advertised capacity. */
2383 router_get_advertised_bandwidth(const routerinfo_t
*router
)
2385 if (router
->bandwidthcapacity
< router
->bandwidthrate
)
2386 return router
->bandwidthcapacity
;
2387 return router
->bandwidthrate
;
2390 /** Do not weight any declared bandwidth more than this much when picking
2391 * routers by bandwidth. */
2392 #define DEFAULT_MAX_BELIEVABLE_BANDWIDTH 10000000 /* 10 MB/sec */
2394 /** Return the smaller of the router's configured BandwidthRate
2395 * and its advertised capacity, capped by max-believe-bw. */
2397 router_get_advertised_bandwidth_capped(const routerinfo_t
*router
)
2399 uint32_t result
= router
->bandwidthcapacity
;
2400 if (result
> router
->bandwidthrate
)
2401 result
= router
->bandwidthrate
;
2402 if (result
> DEFAULT_MAX_BELIEVABLE_BANDWIDTH
)
2403 result
= DEFAULT_MAX_BELIEVABLE_BANDWIDTH
;
2407 /** Given an array of double/uint64_t unions that are currently being used as
2408 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2409 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2410 * the sum of all elements in the array _before_ scaling. */
2412 scale_array_elements_to_u64(uint64_t *entries_out
, const double *entries_in
,
2414 uint64_t *total_out
)
2417 double scale_factor
= 0.0;
2420 for (i
= 0; i
< n_entries
; ++i
)
2421 total
+= entries_in
[i
];
2424 scale_factor
= ((double)INT64_MAX
) / total
;
2425 scale_factor
/= 4.0; /* make sure we're very far away from overflowing */
2428 for (i
= 0; i
< n_entries
; ++i
)
2429 entries_out
[i
] = tor_llround(entries_in
[i
] * scale_factor
);
2432 *total_out
= (uint64_t) total
;
2435 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2436 * choosing each element with a probability proportional to its (uint64_t)
2437 * value, and return the index of that element. If all elements are 0, choose
2438 * an index at random. Return -1 on error.
2441 choose_array_element_by_weight(const uint64_t *entries
, int n_entries
)
2447 for (i
= 0; i
< n_entries
; ++i
)
2448 total
+= entries
[i
];
2454 return crypto_rand_int(n_entries
);
2456 tor_assert(total
< INT64_MAX
);
2458 rand_val
= crypto_rand_uint64(total
);
2460 return select_array_member_cumulative_timei(
2461 entries
, n_entries
, total
, rand_val
);
2464 /** When weighting bridges, enforce these values as lower and upper
2465 * bound for believable bandwidth, because there is no way for us
2466 * to verify a bridge's bandwidth currently. */
2467 #define BRIDGE_MIN_BELIEVABLE_BANDWIDTH 20000 /* 20 kB/sec */
2468 #define BRIDGE_MAX_BELIEVABLE_BANDWIDTH 100000 /* 100 kB/sec */
2470 /** Return the smaller of the router's configured BandwidthRate
2471 * and its advertised capacity, making sure to stay within the
2472 * interval between bridge-min-believe-bw and
2473 * bridge-max-believe-bw. */
2475 bridge_get_advertised_bandwidth_bounded(routerinfo_t
*router
)
2477 uint32_t result
= router
->bandwidthcapacity
;
2478 if (result
> router
->bandwidthrate
)
2479 result
= router
->bandwidthrate
;
2480 if (result
> BRIDGE_MAX_BELIEVABLE_BANDWIDTH
)
2481 result
= BRIDGE_MAX_BELIEVABLE_BANDWIDTH
;
2482 else if (result
< BRIDGE_MIN_BELIEVABLE_BANDWIDTH
)
2483 result
= BRIDGE_MIN_BELIEVABLE_BANDWIDTH
;
2487 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2489 static inline int32_t
2490 kb_to_bytes(uint32_t bw
)
2492 return (bw
> (INT32_MAX
/1000)) ? INT32_MAX
: bw
*1000;
2495 /** Helper function:
2496 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2497 * the advertised bandwidth of each element using the consensus
2498 * bandwidth weights.
2500 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2501 * nodes' bandwidth equally regardless of their Exit status, since there may
2502 * be some in the list because they exit to obscure ports. If
2503 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2504 * exit-node's bandwidth less depending on the smallness of the fraction of
2505 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2506 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2507 * guards proportionally less.
2509 static const node_t
*
2510 smartlist_choose_node_by_bandwidth_weights(const smartlist_t
*sl
,
2511 bandwidth_weight_rule_t rule
)
2513 double *bandwidths_dbl
=NULL
;
2514 uint64_t *bandwidths_u64
=NULL
;
2516 if (compute_weighted_bandwidths(sl
, rule
, &bandwidths_dbl
, NULL
) < 0)
2519 bandwidths_u64
= tor_calloc(smartlist_len(sl
), sizeof(uint64_t));
2520 scale_array_elements_to_u64(bandwidths_u64
, bandwidths_dbl
,
2521 smartlist_len(sl
), NULL
);
2524 int idx
= choose_array_element_by_weight(bandwidths_u64
,
2526 tor_free(bandwidths_dbl
);
2527 tor_free(bandwidths_u64
);
2528 return idx
< 0 ? NULL
: smartlist_get(sl
, idx
);
2532 /** Given a list of routers and a weighting rule as in
2533 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2534 * values for each node and store them in a freshly allocated
2535 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2536 * as doubles. If <b>total_bandwidth_out</b> is non-NULL, set it to the total
2537 * of all the bandwidths.
2538 * Return 0 on success, -1 on failure. */
2540 compute_weighted_bandwidths(const smartlist_t
*sl
,
2541 bandwidth_weight_rule_t rule
,
2542 double **bandwidths_out
,
2543 double *total_bandwidth_out
)
2545 int64_t weight_scale
;
2546 double Wg
= -1, Wm
= -1, We
= -1, Wd
= -1;
2547 double Wgb
= -1, Wmb
= -1, Web
= -1, Wdb
= -1;
2548 guardfraction_bandwidth_t guardfraction_bw
;
2549 double *bandwidths
= NULL
;
2550 double total_bandwidth
= 0.0;
2553 tor_assert(bandwidths_out
);
2555 /* Can't choose exit and guard at same time */
2556 tor_assert(rule
== NO_WEIGHTING
||
2557 rule
== WEIGHT_FOR_EXIT
||
2558 rule
== WEIGHT_FOR_GUARD
||
2559 rule
== WEIGHT_FOR_MID
||
2560 rule
== WEIGHT_FOR_DIR
);
2562 *bandwidths_out
= NULL
;
2564 if (total_bandwidth_out
) {
2565 *total_bandwidth_out
= 0.0;
2568 if (smartlist_len(sl
) == 0) {
2570 "Empty routerlist passed in to consensus weight node "
2571 "selection for rule %s",
2572 bandwidth_weight_rule_to_string(rule
));
2576 weight_scale
= networkstatus_get_weight_scale_param(NULL
);
2578 if (rule
== WEIGHT_FOR_GUARD
) {
2579 Wg
= networkstatus_get_bw_weight(NULL
, "Wgg", -1);
2580 Wm
= networkstatus_get_bw_weight(NULL
, "Wgm", -1); /* Bridges */
2582 Wd
= networkstatus_get_bw_weight(NULL
, "Wgd", -1);
2584 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2585 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2586 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2587 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2588 } else if (rule
== WEIGHT_FOR_MID
) {
2589 Wg
= networkstatus_get_bw_weight(NULL
, "Wmg", -1);
2590 Wm
= networkstatus_get_bw_weight(NULL
, "Wmm", -1);
2591 We
= networkstatus_get_bw_weight(NULL
, "Wme", -1);
2592 Wd
= networkstatus_get_bw_weight(NULL
, "Wmd", -1);
2594 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2595 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2596 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2597 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2598 } else if (rule
== WEIGHT_FOR_EXIT
) {
2599 // Guards CAN be exits if they have weird exit policies
2600 // They are d then I guess...
2601 We
= networkstatus_get_bw_weight(NULL
, "Wee", -1);
2602 Wm
= networkstatus_get_bw_weight(NULL
, "Wem", -1); /* Odd exit policies */
2603 Wd
= networkstatus_get_bw_weight(NULL
, "Wed", -1);
2604 Wg
= networkstatus_get_bw_weight(NULL
, "Weg", -1); /* Odd exit policies */
2606 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2607 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2608 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2609 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2610 } else if (rule
== WEIGHT_FOR_DIR
) {
2611 We
= networkstatus_get_bw_weight(NULL
, "Wbe", -1);
2612 Wm
= networkstatus_get_bw_weight(NULL
, "Wbm", -1);
2613 Wd
= networkstatus_get_bw_weight(NULL
, "Wbd", -1);
2614 Wg
= networkstatus_get_bw_weight(NULL
, "Wbg", -1);
2616 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2617 } else if (rule
== NO_WEIGHTING
) {
2618 Wg
= Wm
= We
= Wd
= weight_scale
;
2619 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2622 if (Wg
< 0 || Wm
< 0 || We
< 0 || Wd
< 0 || Wgb
< 0 || Wmb
< 0 || Wdb
< 0
2625 "Got negative bandwidth weights. Defaulting to naive selection"
2627 Wg
= Wm
= We
= Wd
= weight_scale
;
2628 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2636 Wgb
/= weight_scale
;
2637 Wmb
/= weight_scale
;
2638 Web
/= weight_scale
;
2639 Wdb
/= weight_scale
;
2641 bandwidths
= tor_calloc(smartlist_len(sl
), sizeof(double));
2643 // Cycle through smartlist and total the bandwidth.
2644 static int warned_missing_bw
= 0;
2645 SMARTLIST_FOREACH_BEGIN(sl
, const node_t
*, node
) {
2646 int is_exit
= 0, is_guard
= 0, is_dir
= 0, this_bw
= 0;
2648 double weight_without_guard_flag
= 0; /* Used for guardfraction */
2649 double final_weight
= 0;
2650 is_exit
= node
->is_exit
&& ! node
->is_bad_exit
;
2651 is_guard
= node
->is_possible_guard
;
2652 is_dir
= node_is_dir(node
);
2654 if (!node
->rs
->has_bandwidth
) {
2655 /* This should never happen, unless all the authorities downgrade
2656 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2657 if (! warned_missing_bw
) {
2659 "Consensus is missing some bandwidths. Using a naive "
2660 "router selection algorithm");
2661 warned_missing_bw
= 1;
2663 this_bw
= 30000; /* Chosen arbitrarily */
2665 this_bw
= kb_to_bytes(node
->rs
->bandwidth_kb
);
2667 } else if (node
->ri
) {
2668 /* bridge or other descriptor not in our consensus */
2669 this_bw
= bridge_get_advertised_bandwidth_bounded(node
->ri
);
2671 /* We can't use this one. */
2675 if (is_guard
&& is_exit
) {
2676 weight
= (is_dir
? Wdb
*Wd
: Wd
);
2677 weight_without_guard_flag
= (is_dir
? Web
*We
: We
);
2678 } else if (is_guard
) {
2679 weight
= (is_dir
? Wgb
*Wg
: Wg
);
2680 weight_without_guard_flag
= (is_dir
? Wmb
*Wm
: Wm
);
2681 } else if (is_exit
) {
2682 weight
= (is_dir
? Web
*We
: We
);
2684 weight
= (is_dir
? Wmb
*Wm
: Wm
);
2686 /* These should be impossible; but overflows here would be bad, so let's
2692 if (weight_without_guard_flag
< 0.0)
2693 weight_without_guard_flag
= 0.0;
2695 /* If guardfraction information is available in the consensus, we
2696 * want to calculate this router's bandwidth according to its
2697 * guardfraction. Quoting from proposal236:
2699 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2700 * client would apply to N for position p if it had the guard
2701 * flag, Wpn the weight if it did not have the guard flag, and B the
2702 * measured bandwidth of N in the consensus. Then instead of choosing
2703 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2704 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2706 if (node
->rs
&& node
->rs
->has_guardfraction
&& rule
!= WEIGHT_FOR_GUARD
) {
2707 /* XXX The assert should actually check for is_guard. However,
2708 * that crashes dirauths because of #13297. This should be
2710 tor_assert(node
->rs
->is_possible_guard
);
2712 guard_get_guardfraction_bandwidth(&guardfraction_bw
,
2714 node
->rs
->guardfraction_percentage
);
2716 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2718 guardfraction_bw
.guard_bw
* weight
+
2719 guardfraction_bw
.non_guard_bw
* weight_without_guard_flag
;
2721 log_debug(LD_GENERAL
, "%s: Guardfraction weight %f instead of %f (%s)",
2722 node
->rs
->nickname
, final_weight
, weight
*this_bw
,
2723 bandwidth_weight_rule_to_string(rule
));
2724 } else { /* no guardfraction information. calculate the weight normally. */
2725 final_weight
= weight
*this_bw
;
2728 bandwidths
[node_sl_idx
] = final_weight
;
2729 total_bandwidth
+= final_weight
;
2730 } SMARTLIST_FOREACH_END(node
);
2732 log_debug(LD_CIRC
, "Generated weighted bandwidths for rule %s based "
2734 "Wg=%f Wm=%f We=%f Wd=%f with total bw %f",
2735 bandwidth_weight_rule_to_string(rule
),
2736 Wg
, Wm
, We
, Wd
, total_bandwidth
);
2738 *bandwidths_out
= bandwidths
;
2740 if (total_bandwidth_out
) {
2741 *total_bandwidth_out
= total_bandwidth
;
2747 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2748 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2751 frac_nodes_with_descriptors(const smartlist_t
*sl
,
2752 bandwidth_weight_rule_t rule
)
2754 double *bandwidths
= NULL
;
2755 double total
, present
;
2757 if (smartlist_len(sl
) == 0)
2760 if (compute_weighted_bandwidths(sl
, rule
, &bandwidths
, &total
) < 0 ||
2762 int n_with_descs
= 0;
2763 SMARTLIST_FOREACH(sl
, const node_t
*, node
, {
2764 if (node_has_any_descriptor(node
))
2767 tor_free(bandwidths
);
2768 return ((double)n_with_descs
) / smartlist_len(sl
);
2772 SMARTLIST_FOREACH_BEGIN(sl
, const node_t
*, node
) {
2773 if (node_has_any_descriptor(node
))
2774 present
+= bandwidths
[node_sl_idx
];
2775 } SMARTLIST_FOREACH_END(node
);
2777 tor_free(bandwidths
);
2779 return present
/ total
;
2782 /** Choose a random element of status list <b>sl</b>, weighted by
2783 * the advertised bandwidth of each node */
2785 node_sl_choose_by_bandwidth(const smartlist_t
*sl
,
2786 bandwidth_weight_rule_t rule
)
2788 return smartlist_choose_node_by_bandwidth_weights(sl
, rule
);
2791 /** Return a random running node from the nodelist. Never
2792 * pick a node that is in
2793 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2794 * even if they are the only nodes available.
2795 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2796 * a minimum uptime, return one of those.
2797 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2798 * advertised capacity of each router.
2799 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2800 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2801 * picking an exit node, otherwise we weight bandwidths for picking a relay
2802 * node (that is, possibly discounting exit nodes).
2803 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2804 * have a routerinfo or microdescriptor -- that is, enough info to be
2805 * used to build a circuit.
2806 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2807 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2808 * (regardless of this flag, we exclude nodes that aren't allowed by the
2809 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2812 router_choose_random_node(smartlist_t
*excludedsmartlist
,
2813 routerset_t
*excludedset
,
2814 router_crn_flags_t flags
)
2816 const int need_uptime
= (flags
& CRN_NEED_UPTIME
) != 0;
2817 const int need_capacity
= (flags
& CRN_NEED_CAPACITY
) != 0;
2818 const int need_guard
= (flags
& CRN_NEED_GUARD
) != 0;
2819 const int weight_for_exit
= (flags
& CRN_WEIGHT_AS_EXIT
) != 0;
2820 const int need_desc
= (flags
& CRN_NEED_DESC
) != 0;
2821 const int pref_addr
= (flags
& CRN_PREF_ADDR
) != 0;
2822 const int direct_conn
= (flags
& CRN_DIRECT_CONN
) != 0;
2823 const int rendezvous_v3
= (flags
& CRN_RENDEZVOUS_V3
) != 0;
2825 smartlist_t
*sl
=smartlist_new(),
2826 *excludednodes
=smartlist_new();
2827 const node_t
*choice
= NULL
;
2828 const routerinfo_t
*r
;
2829 bandwidth_weight_rule_t rule
;
2831 tor_assert(!(weight_for_exit
&& need_guard
));
2832 rule
= weight_for_exit
? WEIGHT_FOR_EXIT
:
2833 (need_guard
? WEIGHT_FOR_GUARD
: WEIGHT_FOR_MID
);
2835 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t
*, node
) {
2836 if (node_allows_single_hop_exits(node
)) {
2837 /* Exclude relays that allow single hop exit circuits. This is an
2838 * obsolete option since 0.2.9.2-alpha and done by default in
2840 smartlist_add(excludednodes
, node
);
2841 } else if (rendezvous_v3
&&
2842 !node_supports_v3_rendezvous_point(node
)) {
2843 /* Exclude relays that do not support to rendezvous for a hidden service
2845 smartlist_add(excludednodes
, node
);
2847 } SMARTLIST_FOREACH_END(node
);
2849 /* If the node_t is not found we won't be to exclude ourself but we
2850 * won't be able to pick ourself in router_choose_random_node() so
2851 * this is fine to at least try with our routerinfo_t object. */
2852 if ((r
= router_get_my_routerinfo()))
2853 routerlist_add_node_and_family(excludednodes
, r
);
2855 router_add_running_nodes_to_smartlist(sl
, need_uptime
, need_capacity
,
2856 need_guard
, need_desc
, pref_addr
,
2859 "We found %d running nodes.",
2862 smartlist_subtract(sl
,excludednodes
);
2864 "We removed %d excludednodes, leaving %d nodes.",
2865 smartlist_len(excludednodes
),
2868 if (excludedsmartlist
) {
2869 smartlist_subtract(sl
,excludedsmartlist
);
2871 "We removed %d excludedsmartlist, leaving %d nodes.",
2872 smartlist_len(excludedsmartlist
),
2876 routerset_subtract_nodes(sl
,excludedset
);
2878 "We removed excludedset, leaving %d nodes.",
2882 // Always weight by bandwidth
2883 choice
= node_sl_choose_by_bandwidth(sl
, rule
);
2886 if (!choice
&& (need_uptime
|| need_capacity
|| need_guard
|| pref_addr
)) {
2887 /* try once more -- recurse but with fewer restrictions. */
2889 "We couldn't find any live%s%s%s routers; falling back "
2890 "to list of all routers.",
2891 need_capacity
?", fast":"",
2892 need_uptime
?", stable":"",
2893 need_guard
?", guard":"");
2894 flags
&= ~ (CRN_NEED_UPTIME
|CRN_NEED_CAPACITY
|CRN_NEED_GUARD
|
2896 choice
= router_choose_random_node(
2897 excludedsmartlist
, excludedset
, flags
);
2899 smartlist_free(excludednodes
);
2902 "No available nodes when trying to choose node. Failing.");
2907 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2908 * Return 0 on success, -1 on failure. Store the result into the
2909 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2910 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2911 * at <b>nickname_out</b>.
2913 * The recognized format is:
2914 * HexName = Dollar? HexDigest NamePart?
2916 * HexDigest = HexChar*20
2917 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2918 * NamePart = QualChar Name
2919 * QualChar = '=' | '~'
2920 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2921 * NameChar = Any ASCII alphanumeric character
2924 hex_digest_nickname_decode(const char *hexdigest
,
2926 char *nickname_qualifier_char_out
,
2931 tor_assert(hexdigest
);
2932 if (hexdigest
[0] == '$')
2935 len
= strlen(hexdigest
);
2936 if (len
< HEX_DIGEST_LEN
) {
2938 } else if (len
> HEX_DIGEST_LEN
&& (hexdigest
[HEX_DIGEST_LEN
] == '=' ||
2939 hexdigest
[HEX_DIGEST_LEN
] == '~') &&
2940 len
<= HEX_DIGEST_LEN
+1+MAX_NICKNAME_LEN
) {
2941 *nickname_qualifier_char_out
= hexdigest
[HEX_DIGEST_LEN
];
2942 strlcpy(nickname_out
, hexdigest
+HEX_DIGEST_LEN
+1 , MAX_NICKNAME_LEN
+1);
2943 } else if (len
== HEX_DIGEST_LEN
) {
2949 if (base16_decode(digest_out
, DIGEST_LEN
,
2950 hexdigest
, HEX_DIGEST_LEN
) != DIGEST_LEN
)
2955 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2956 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2957 * (which is optionally prefixed with a single dollar sign). Return false if
2958 * <b>hexdigest</b> is malformed, or it doesn't match. */
2960 hex_digest_nickname_matches(const char *hexdigest
, const char *identity_digest
,
2961 const char *nickname
)
2963 char digest
[DIGEST_LEN
];
2965 char nn_buf
[MAX_NICKNAME_LEN
+1];
2967 if (hex_digest_nickname_decode(hexdigest
, digest
, &nn_char
, nn_buf
) == -1)
2970 if (nn_char
== '=') {
2974 if (nn_char
== '~') {
2975 if (!nickname
) // XXX This seems wrong. -NM
2977 if (strcasecmp(nn_buf
, nickname
))
2981 return tor_memeq(digest
, identity_digest
, DIGEST_LEN
);
2984 /** Return true iff <b>digest</b> is the digest of the identity key of a
2985 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2986 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2988 router_digest_is_trusted_dir_type(const char *digest
, dirinfo_type_t type
)
2990 if (!trusted_dir_servers
)
2992 if (authdir_mode(get_options()) && router_digest_is_me(digest
))
2994 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ent
,
2995 if (tor_memeq(digest
, ent
->digest
, DIGEST_LEN
)) {
2996 return (!type
) || ((type
& ent
->type
) != 0);
3001 /** If hexdigest is correctly formed, base16_decode it into
3002 * digest, which must have DIGEST_LEN space in it.
3003 * Return 0 on success, -1 on failure.
3006 hexdigest_to_digest(const char *hexdigest
, char *digest
)
3008 if (hexdigest
[0]=='$')
3010 if (strlen(hexdigest
) < HEX_DIGEST_LEN
||
3011 base16_decode(digest
,DIGEST_LEN
,hexdigest
,HEX_DIGEST_LEN
) != DIGEST_LEN
)
3016 /** As router_get_by_id_digest,but return a pointer that you're allowed to
3019 router_get_mutable_by_digest(const char *digest
)
3023 if (!routerlist
) return NULL
;
3025 // routerlist_assert_ok(routerlist);
3027 return rimap_get(routerlist
->identity_map
, digest
);
3030 /** Return the router in our routerlist whose 20-byte key digest
3031 * is <b>digest</b>. Return NULL if no such router is known. */
3032 const routerinfo_t
*
3033 router_get_by_id_digest(const char *digest
)
3035 return router_get_mutable_by_digest(digest
);
3038 /** Return the router in our routerlist whose 20-byte descriptor
3039 * is <b>digest</b>. Return NULL if no such router is known. */
3040 signed_descriptor_t
*
3041 router_get_by_descriptor_digest(const char *digest
)
3045 if (!routerlist
) return NULL
;
3047 return sdmap_get(routerlist
->desc_digest_map
, digest
);
3050 /** Return the signed descriptor for the router in our routerlist whose
3051 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3053 MOCK_IMPL(signed_descriptor_t
*,
3054 router_get_by_extrainfo_digest
,(const char *digest
))
3058 if (!routerlist
) return NULL
;
3060 return sdmap_get(routerlist
->desc_by_eid_map
, digest
);
3063 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3064 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3065 * document is known. */
3066 MOCK_IMPL(signed_descriptor_t
*,
3067 extrainfo_get_by_descriptor_digest
,(const char *digest
))
3071 if (!routerlist
) return NULL
;
3072 ei
= eimap_get(routerlist
->extra_info_map
, digest
);
3073 return ei
? &ei
->cache_info
: NULL
;
3076 /** Return a pointer to the signed textual representation of a descriptor.
3077 * The returned string is not guaranteed to be NUL-terminated: the string's
3078 * length will be in desc-\>signed_descriptor_len.
3080 * If <b>with_annotations</b> is set, the returned string will include
3082 * (if any) preceding the descriptor. This will increase the length of the
3083 * string by desc-\>annotations_len.
3085 * The caller must not free the string returned.
3088 signed_descriptor_get_body_impl(const signed_descriptor_t
*desc
,
3089 int with_annotations
)
3091 const char *r
= NULL
;
3092 size_t len
= desc
->signed_descriptor_len
;
3093 off_t offset
= desc
->saved_offset
;
3094 if (with_annotations
)
3095 len
+= desc
->annotations_len
;
3097 offset
+= desc
->annotations_len
;
3099 tor_assert(len
> 32);
3100 if (desc
->saved_location
== SAVED_IN_CACHE
&& routerlist
) {
3101 desc_store_t
*store
= desc_get_store(router_get_routerlist(), desc
);
3102 if (store
&& store
->mmap
) {
3103 tor_assert(desc
->saved_offset
+ len
<= store
->mmap
->size
);
3104 r
= store
->mmap
->data
+ offset
;
3106 log_err(LD_DIR
, "We couldn't read a descriptor that is supposedly "
3107 "mmaped in our cache. Is another process running in our data "
3108 "directory? Exiting.");
3109 exit(1); // XXXX bad exit: should recover.
3112 if (!r
) /* no mmap, or not in cache. */
3113 r
= desc
->signed_descriptor_body
+
3114 (with_annotations
? 0 : desc
->annotations_len
);
3117 if (!with_annotations
) {
3118 if (fast_memcmp("router ", r
, 7) && fast_memcmp("extra-info ", r
, 11)) {
3119 char *cp
= tor_strndup(r
, 64);
3120 log_err(LD_DIR
, "descriptor at %p begins with unexpected string %s. "
3121 "Is another process running in our data directory? Exiting.",
3123 exit(1); // XXXX bad exit: should recover.
3130 /** Return a pointer to the signed textual representation of a descriptor.
3131 * The returned string is not guaranteed to be NUL-terminated: the string's
3132 * length will be in desc-\>signed_descriptor_len.
3134 * The caller must not free the string returned.
3137 signed_descriptor_get_body(const signed_descriptor_t
*desc
)
3139 return signed_descriptor_get_body_impl(desc
, 0);
3142 /** As signed_descriptor_get_body(), but points to the beginning of the
3143 * annotations section rather than the beginning of the descriptor. */
3145 signed_descriptor_get_annotations(const signed_descriptor_t
*desc
)
3147 return signed_descriptor_get_body_impl(desc
, 1);
3150 /** Return the current list of all known routers. */
3152 router_get_routerlist(void)
3154 if (PREDICT_UNLIKELY(!routerlist
)) {
3155 routerlist
= tor_malloc_zero(sizeof(routerlist_t
));
3156 routerlist
->routers
= smartlist_new();
3157 routerlist
->old_routers
= smartlist_new();
3158 routerlist
->identity_map
= rimap_new();
3159 routerlist
->desc_digest_map
= sdmap_new();
3160 routerlist
->desc_by_eid_map
= sdmap_new();
3161 routerlist
->extra_info_map
= eimap_new();
3163 routerlist
->desc_store
.fname_base
= "cached-descriptors";
3164 routerlist
->extrainfo_store
.fname_base
= "cached-extrainfo";
3166 routerlist
->desc_store
.type
= ROUTER_STORE
;
3167 routerlist
->extrainfo_store
.type
= EXTRAINFO_STORE
;
3169 routerlist
->desc_store
.description
= "router descriptors";
3170 routerlist
->extrainfo_store
.description
= "extra-info documents";
3175 /** Free all storage held by <b>router</b>. */
3177 routerinfo_free_(routerinfo_t
*router
)
3182 tor_free(router
->cache_info
.signed_descriptor_body
);
3183 tor_free(router
->nickname
);
3184 tor_free(router
->platform
);
3185 tor_free(router
->protocol_list
);
3186 tor_free(router
->contact_info
);
3187 if (router
->onion_pkey
)
3188 crypto_pk_free(router
->onion_pkey
);
3189 tor_free(router
->onion_curve25519_pkey
);
3190 if (router
->identity_pkey
)
3191 crypto_pk_free(router
->identity_pkey
);
3192 tor_cert_free(router
->cache_info
.signing_key_cert
);
3193 if (router
->declared_family
) {
3194 SMARTLIST_FOREACH(router
->declared_family
, char *, s
, tor_free(s
));
3195 smartlist_free(router
->declared_family
);
3197 addr_policy_list_free(router
->exit_policy
);
3198 short_policy_free(router
->ipv6_exit_policy
);
3200 memset(router
, 77, sizeof(routerinfo_t
));
3205 /** Release all storage held by <b>extrainfo</b> */
3207 extrainfo_free_(extrainfo_t
*extrainfo
)
3211 tor_cert_free(extrainfo
->cache_info
.signing_key_cert
);
3212 tor_free(extrainfo
->cache_info
.signed_descriptor_body
);
3213 tor_free(extrainfo
->pending_sig
);
3215 memset(extrainfo
, 88, sizeof(extrainfo_t
)); /* debug bad memory usage */
3216 tor_free(extrainfo
);
3219 #define signed_descriptor_free(val) \
3220 FREE_AND_NULL(signed_descriptor_t, signed_descriptor_free_, (val))
3222 /** Release storage held by <b>sd</b>. */
3224 signed_descriptor_free_(signed_descriptor_t
*sd
)
3229 tor_free(sd
->signed_descriptor_body
);
3230 tor_cert_free(sd
->signing_key_cert
);
3232 memset(sd
, 99, sizeof(signed_descriptor_t
)); /* Debug bad mem usage */
3236 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3237 * memory inside the object and by zeroing its content. */
3239 signed_descriptor_reset(signed_descriptor_t
*sd
)
3242 tor_free(sd
->signed_descriptor_body
);
3243 tor_cert_free(sd
->signing_key_cert
);
3244 memset(sd
, 0, sizeof(*sd
));
3247 /** Copy src into dest, and steal all references inside src so that when
3248 * we free src, we don't mess up dest. */
3250 signed_descriptor_move(signed_descriptor_t
*dest
,
3251 signed_descriptor_t
*src
)
3253 tor_assert(dest
!= src
);
3254 /* Cleanup destination object before overwriting it.*/
3255 signed_descriptor_reset(dest
);
3256 memcpy(dest
, src
, sizeof(signed_descriptor_t
));
3257 src
->signed_descriptor_body
= NULL
;
3258 src
->signing_key_cert
= NULL
;
3259 dest
->routerlist_index
= -1;
3262 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3265 static signed_descriptor_t
*
3266 signed_descriptor_from_routerinfo(routerinfo_t
*ri
)
3268 signed_descriptor_t
*sd
;
3269 tor_assert(ri
->purpose
== ROUTER_PURPOSE_GENERAL
);
3270 sd
= tor_malloc_zero(sizeof(signed_descriptor_t
));
3271 signed_descriptor_move(sd
, &ri
->cache_info
);
3272 routerinfo_free(ri
);
3276 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3278 extrainfo_free_void(void *e
)
3283 /** Free all storage held by a routerlist <b>rl</b>. */
3285 routerlist_free_(routerlist_t
*rl
)
3289 rimap_free(rl
->identity_map
, NULL
);
3290 sdmap_free(rl
->desc_digest_map
, NULL
);
3291 sdmap_free(rl
->desc_by_eid_map
, NULL
);
3292 eimap_free(rl
->extra_info_map
, extrainfo_free_void
);
3293 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3294 routerinfo_free(r
));
3295 SMARTLIST_FOREACH(rl
->old_routers
, signed_descriptor_t
*, sd
,
3296 signed_descriptor_free(sd
));
3297 smartlist_free(rl
->routers
);
3298 smartlist_free(rl
->old_routers
);
3299 if (rl
->desc_store
.mmap
) {
3300 int res
= tor_munmap_file(routerlist
->desc_store
.mmap
);
3302 log_warn(LD_FS
, "Failed to munmap routerlist->desc_store.mmap");
3305 if (rl
->extrainfo_store
.mmap
) {
3306 int res
= tor_munmap_file(routerlist
->extrainfo_store
.mmap
);
3308 log_warn(LD_FS
, "Failed to munmap routerlist->extrainfo_store.mmap");
3313 router_dir_info_changed();
3316 /** Log information about how much memory is being used for routerlist,
3317 * at log level <b>severity</b>. */
3319 dump_routerlist_mem_usage(int severity
)
3321 uint64_t livedescs
= 0;
3322 uint64_t olddescs
= 0;
3325 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, r
,
3326 livedescs
+= r
->cache_info
.signed_descriptor_len
);
3327 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
3328 olddescs
+= sd
->signed_descriptor_len
);
3330 tor_log(severity
, LD_DIR
,
3331 "In %d live descriptors: "U64_FORMAT
" bytes. "
3332 "In %d old descriptors: "U64_FORMAT
" bytes.",
3333 smartlist_len(routerlist
->routers
), U64_PRINTF_ARG(livedescs
),
3334 smartlist_len(routerlist
->old_routers
), U64_PRINTF_ARG(olddescs
));
3337 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3338 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3339 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3340 * is not in <b>sl</b>. */
3342 routerlist_find_elt_(smartlist_t
*sl
, void *ri
, int idx
)
3346 SMARTLIST_FOREACH(sl
, routerinfo_t
*, r
,
3352 tor_assert(idx
< smartlist_len(sl
));
3353 tor_assert(smartlist_get(sl
, idx
) == ri
);
3358 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3359 * as needed. There must be no previous member of <b>rl</b> with the same
3360 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3364 routerlist_insert(routerlist_t
*rl
, routerinfo_t
*ri
)
3366 routerinfo_t
*ri_old
;
3367 signed_descriptor_t
*sd_old
;
3369 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3370 tor_assert(ri_generated
!= ri
);
3372 tor_assert(ri
->cache_info
.routerlist_index
== -1);
3374 ri_old
= rimap_set(rl
->identity_map
, ri
->cache_info
.identity_digest
, ri
);
3375 tor_assert(!ri_old
);
3377 sd_old
= sdmap_set(rl
->desc_digest_map
,
3378 ri
->cache_info
.signed_descriptor_digest
,
3381 int idx
= sd_old
->routerlist_index
;
3382 sd_old
->routerlist_index
= -1;
3383 smartlist_del(rl
->old_routers
, idx
);
3384 if (idx
< smartlist_len(rl
->old_routers
)) {
3385 signed_descriptor_t
*d
= smartlist_get(rl
->old_routers
, idx
);
3386 d
->routerlist_index
= idx
;
3388 rl
->desc_store
.bytes_dropped
+= sd_old
->signed_descriptor_len
;
3389 sdmap_remove(rl
->desc_by_eid_map
, sd_old
->extra_info_digest
);
3390 signed_descriptor_free(sd_old
);
3393 if (!tor_digest_is_zero(ri
->cache_info
.extra_info_digest
))
3394 sdmap_set(rl
->desc_by_eid_map
, ri
->cache_info
.extra_info_digest
,
3396 smartlist_add(rl
->routers
, ri
);
3397 ri
->cache_info
.routerlist_index
= smartlist_len(rl
->routers
) - 1;
3398 nodelist_set_routerinfo(ri
, NULL
);
3399 router_dir_info_changed();
3400 #ifdef DEBUG_ROUTERLIST
3401 routerlist_assert_ok(rl
);
3405 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3406 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3407 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3408 MOCK_IMPL(STATIC was_router_added_t
,
3409 extrainfo_insert
,(routerlist_t
*rl
, extrainfo_t
*ei
, int warn_if_incompatible
))
3411 was_router_added_t r
;
3412 const char *compatibility_error_msg
;
3413 routerinfo_t
*ri
= rimap_get(rl
->identity_map
,
3414 ei
->cache_info
.identity_digest
);
3415 signed_descriptor_t
*sd
=
3416 sdmap_get(rl
->desc_by_eid_map
, ei
->cache_info
.signed_descriptor_digest
);
3417 extrainfo_t
*ei_tmp
;
3418 const int severity
= warn_if_incompatible
? LOG_WARN
: LOG_INFO
;
3421 extrainfo_t
*ei_generated
= router_get_my_extrainfo();
3422 tor_assert(ei_generated
!= ei
);
3426 /* This router is unknown; we can't even verify the signature. Give up.*/
3427 r
= ROUTER_NOT_IN_CONSENSUS
;
3431 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3432 * This just won't work. */;
3433 static ratelim_t no_sd_ratelim
= RATELIM_INIT(1800);
3435 log_fn_ratelim(&no_sd_ratelim
, severity
, LD_BUG
,
3436 "No entry found in extrainfo map.");
3439 if (tor_memneq(ei
->cache_info
.signed_descriptor_digest
,
3440 sd
->extra_info_digest
, DIGEST_LEN
)) {
3441 static ratelim_t digest_mismatch_ratelim
= RATELIM_INIT(1800);
3442 /* The sd we got from the map doesn't match the digest we used to look
3443 * it up. This makes no sense. */
3445 log_fn_ratelim(&digest_mismatch_ratelim
, severity
, LD_BUG
,
3446 "Mismatch in digest in extrainfo map.");
3449 if (routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
, sd
,
3450 &compatibility_error_msg
)) {
3451 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
3452 r
= (ri
->cache_info
.extrainfo_is_bogus
) ?
3453 ROUTER_BAD_EI
: ROUTER_NOT_IN_CONSENSUS
;
3455 base16_encode(d1
, sizeof(d1
), ri
->cache_info
.identity_digest
, DIGEST_LEN
);
3456 base16_encode(d2
, sizeof(d2
), ei
->cache_info
.identity_digest
, DIGEST_LEN
);
3458 log_fn(severity
,LD_DIR
,
3459 "router info incompatible with extra info (ri id: %s, ei id %s, "
3460 "reason: %s)", d1
, d2
, compatibility_error_msg
);
3465 /* Okay, if we make it here, we definitely have a router corresponding to
3466 * this extrainfo. */
3468 ei_tmp
= eimap_set(rl
->extra_info_map
,
3469 ei
->cache_info
.signed_descriptor_digest
,
3471 r
= ROUTER_ADDED_SUCCESSFULLY
;
3473 rl
->extrainfo_store
.bytes_dropped
+=
3474 ei_tmp
->cache_info
.signed_descriptor_len
;
3475 extrainfo_free(ei_tmp
);
3479 if (r
!= ROUTER_ADDED_SUCCESSFULLY
)
3482 #ifdef DEBUG_ROUTERLIST
3483 routerlist_assert_ok(rl
);
3488 #define should_cache_old_descriptors() \
3489 directory_caches_dir_info(get_options())
3491 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3492 * a copy of router <b>ri</b> yet, add it to the list of old (not
3493 * recommended but still served) descriptors. Else free it. */
3495 routerlist_insert_old(routerlist_t
*rl
, routerinfo_t
*ri
)
3498 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3499 tor_assert(ri_generated
!= ri
);
3501 tor_assert(ri
->cache_info
.routerlist_index
== -1);
3503 if (should_cache_old_descriptors() &&
3504 ri
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3505 !sdmap_get(rl
->desc_digest_map
,
3506 ri
->cache_info
.signed_descriptor_digest
)) {
3507 signed_descriptor_t
*sd
= signed_descriptor_from_routerinfo(ri
);
3508 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3509 smartlist_add(rl
->old_routers
, sd
);
3510 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3511 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3512 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3514 routerinfo_free(ri
);
3516 #ifdef DEBUG_ROUTERLIST
3517 routerlist_assert_ok(rl
);
3521 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3522 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl->routers,
3523 * idx) == ri, we don't need to do a linear search over the list to decide
3524 * which to remove. We fill the gap in rl->routers with a later element in
3525 * the list, if any exists. <b>ri</b> is freed.
3527 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3528 * it to rl->old_routers. */
3530 routerlist_remove(routerlist_t
*rl
, routerinfo_t
*ri
, int make_old
, time_t now
)
3532 routerinfo_t
*ri_tmp
;
3533 extrainfo_t
*ei_tmp
;
3534 int idx
= ri
->cache_info
.routerlist_index
;
3535 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->routers
));
3536 tor_assert(smartlist_get(rl
->routers
, idx
) == ri
);
3538 nodelist_remove_routerinfo(ri
);
3540 /* make sure the rephist module knows that it's not running */
3541 rep_hist_note_router_unreachable(ri
->cache_info
.identity_digest
, now
);
3543 ri
->cache_info
.routerlist_index
= -1;
3544 smartlist_del(rl
->routers
, idx
);
3545 if (idx
< smartlist_len(rl
->routers
)) {
3546 routerinfo_t
*r
= smartlist_get(rl
->routers
, idx
);
3547 r
->cache_info
.routerlist_index
= idx
;
3550 ri_tmp
= rimap_remove(rl
->identity_map
, ri
->cache_info
.identity_digest
);
3551 router_dir_info_changed();
3552 tor_assert(ri_tmp
== ri
);
3554 if (make_old
&& should_cache_old_descriptors() &&
3555 ri
->purpose
== ROUTER_PURPOSE_GENERAL
) {
3556 signed_descriptor_t
*sd
;
3557 sd
= signed_descriptor_from_routerinfo(ri
);
3558 smartlist_add(rl
->old_routers
, sd
);
3559 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3560 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3561 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3562 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3564 signed_descriptor_t
*sd_tmp
;
3565 sd_tmp
= sdmap_remove(rl
->desc_digest_map
,
3566 ri
->cache_info
.signed_descriptor_digest
);
3567 tor_assert(sd_tmp
== &(ri
->cache_info
));
3568 rl
->desc_store
.bytes_dropped
+= ri
->cache_info
.signed_descriptor_len
;
3569 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3570 ri
->cache_info
.extra_info_digest
);
3572 rl
->extrainfo_store
.bytes_dropped
+=
3573 ei_tmp
->cache_info
.signed_descriptor_len
;
3574 extrainfo_free(ei_tmp
);
3576 if (!tor_digest_is_zero(ri
->cache_info
.extra_info_digest
))
3577 sdmap_remove(rl
->desc_by_eid_map
, ri
->cache_info
.extra_info_digest
);
3578 routerinfo_free(ri
);
3580 #ifdef DEBUG_ROUTERLIST
3581 routerlist_assert_ok(rl
);
3585 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3586 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3589 routerlist_remove_old(routerlist_t
*rl
, signed_descriptor_t
*sd
, int idx
)
3591 signed_descriptor_t
*sd_tmp
;
3592 extrainfo_t
*ei_tmp
;
3593 desc_store_t
*store
;
3595 idx
= sd
->routerlist_index
;
3597 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->old_routers
));
3598 /* XXXX edmanm's bridge relay triggered the following assert while
3599 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3600 * can get a backtrace. */
3601 tor_assert(smartlist_get(rl
->old_routers
, idx
) == sd
);
3602 tor_assert(idx
== sd
->routerlist_index
);
3604 sd
->routerlist_index
= -1;
3605 smartlist_del(rl
->old_routers
, idx
);
3606 if (idx
< smartlist_len(rl
->old_routers
)) {
3607 signed_descriptor_t
*d
= smartlist_get(rl
->old_routers
, idx
);
3608 d
->routerlist_index
= idx
;
3610 sd_tmp
= sdmap_remove(rl
->desc_digest_map
,
3611 sd
->signed_descriptor_digest
);
3612 tor_assert(sd_tmp
== sd
);
3613 store
= desc_get_store(rl
, sd
);
3615 store
->bytes_dropped
+= sd
->signed_descriptor_len
;
3617 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3618 sd
->extra_info_digest
);
3620 rl
->extrainfo_store
.bytes_dropped
+=
3621 ei_tmp
->cache_info
.signed_descriptor_len
;
3622 extrainfo_free(ei_tmp
);
3624 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3625 sdmap_remove(rl
->desc_by_eid_map
, sd
->extra_info_digest
);
3627 signed_descriptor_free(sd
);
3628 #ifdef DEBUG_ROUTERLIST
3629 routerlist_assert_ok(rl
);
3633 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3634 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3635 * smartlist_get(rl->routers, idx) == ri, we don't need to do a linear
3636 * search over the list to decide which to remove. We put ri_new in the same
3637 * index as ri_old, if possible. ri is freed as appropriate.
3639 * If should_cache_descriptors() is true, instead of deleting the router,
3640 * we add it to rl->old_routers. */
3642 routerlist_replace(routerlist_t
*rl
, routerinfo_t
*ri_old
,
3643 routerinfo_t
*ri_new
)
3646 int same_descriptors
;
3648 routerinfo_t
*ri_tmp
;
3649 extrainfo_t
*ei_tmp
;
3651 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3652 tor_assert(ri_generated
!= ri_new
);
3654 tor_assert(ri_old
!= ri_new
);
3655 tor_assert(ri_new
->cache_info
.routerlist_index
== -1);
3657 idx
= ri_old
->cache_info
.routerlist_index
;
3658 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->routers
));
3659 tor_assert(smartlist_get(rl
->routers
, idx
) == ri_old
);
3662 routerinfo_t
*ri_old_tmp
=NULL
;
3663 nodelist_set_routerinfo(ri_new
, &ri_old_tmp
);
3664 tor_assert(ri_old
== ri_old_tmp
);
3667 router_dir_info_changed();
3669 smartlist_set(rl
->routers
, idx
, ri_new
);
3670 ri_old
->cache_info
.routerlist_index
= -1;
3671 ri_new
->cache_info
.routerlist_index
= idx
;
3672 /* Check that ri_old is not in rl->routers anymore: */
3673 tor_assert( routerlist_find_elt_(rl
->routers
, ri_old
, -1) == -1 );
3675 log_warn(LD_BUG
, "Appending entry from routerlist_replace.");
3676 routerlist_insert(rl
, ri_new
);
3679 if (tor_memneq(ri_old
->cache_info
.identity_digest
,
3680 ri_new
->cache_info
.identity_digest
, DIGEST_LEN
)) {
3681 /* digests don't match; digestmap_set won't replace */
3682 rimap_remove(rl
->identity_map
, ri_old
->cache_info
.identity_digest
);
3684 ri_tmp
= rimap_set(rl
->identity_map
,
3685 ri_new
->cache_info
.identity_digest
, ri_new
);
3686 tor_assert(!ri_tmp
|| ri_tmp
== ri_old
);
3687 sdmap_set(rl
->desc_digest_map
,
3688 ri_new
->cache_info
.signed_descriptor_digest
,
3689 &(ri_new
->cache_info
));
3691 if (!tor_digest_is_zero(ri_new
->cache_info
.extra_info_digest
)) {
3692 sdmap_set(rl
->desc_by_eid_map
, ri_new
->cache_info
.extra_info_digest
,
3693 &ri_new
->cache_info
);
3696 same_descriptors
= tor_memeq(ri_old
->cache_info
.signed_descriptor_digest
,
3697 ri_new
->cache_info
.signed_descriptor_digest
,
3700 if (should_cache_old_descriptors() &&
3701 ri_old
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3702 !same_descriptors
) {
3703 /* ri_old is going to become a signed_descriptor_t and go into
3705 signed_descriptor_t
*sd
= signed_descriptor_from_routerinfo(ri_old
);
3706 smartlist_add(rl
->old_routers
, sd
);
3707 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3708 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3709 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3710 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3712 /* We're dropping ri_old. */
3713 if (!same_descriptors
) {
3714 /* digests don't match; The sdmap_set above didn't replace */
3715 sdmap_remove(rl
->desc_digest_map
,
3716 ri_old
->cache_info
.signed_descriptor_digest
);
3718 if (tor_memneq(ri_old
->cache_info
.extra_info_digest
,
3719 ri_new
->cache_info
.extra_info_digest
, DIGEST_LEN
)) {
3720 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3721 ri_old
->cache_info
.extra_info_digest
);
3723 rl
->extrainfo_store
.bytes_dropped
+=
3724 ei_tmp
->cache_info
.signed_descriptor_len
;
3725 extrainfo_free(ei_tmp
);
3729 if (!tor_digest_is_zero(ri_old
->cache_info
.extra_info_digest
)) {
3730 sdmap_remove(rl
->desc_by_eid_map
,
3731 ri_old
->cache_info
.extra_info_digest
);
3734 rl
->desc_store
.bytes_dropped
+= ri_old
->cache_info
.signed_descriptor_len
;
3735 routerinfo_free(ri_old
);
3737 #ifdef DEBUG_ROUTERLIST
3738 routerlist_assert_ok(rl
);
3742 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3743 * it as a fresh routerinfo_t. */
3744 static routerinfo_t
*
3745 routerlist_reparse_old(routerlist_t
*rl
, signed_descriptor_t
*sd
)
3750 body
= signed_descriptor_get_annotations(sd
);
3752 ri
= router_parse_entry_from_string(body
,
3753 body
+sd
->signed_descriptor_len
+sd
->annotations_len
,
3757 signed_descriptor_move(&ri
->cache_info
, sd
);
3759 routerlist_remove_old(rl
, sd
, -1);
3764 /** Free all memory held by the routerlist module.
3765 * Note: Calling routerlist_free_all() should always be paired with
3766 * a call to nodelist_free_all(). These should only be called during
3770 routerlist_free_all(void)
3772 routerlist_free(routerlist
);
3774 if (warned_nicknames
) {
3775 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
3776 smartlist_free(warned_nicknames
);
3777 warned_nicknames
= NULL
;
3779 clear_dir_servers();
3780 smartlist_free(trusted_dir_servers
);
3781 smartlist_free(fallback_dir_servers
);
3782 trusted_dir_servers
= fallback_dir_servers
= NULL
;
3783 if (trusted_dir_certs
) {
3784 digestmap_free(trusted_dir_certs
, cert_list_free_void
);
3785 trusted_dir_certs
= NULL
;
3789 /** Forget that we have issued any router-related warnings, so that we'll
3790 * warn again if we see the same errors. */
3792 routerlist_reset_warnings(void)
3794 if (!warned_nicknames
)
3795 warned_nicknames
= smartlist_new();
3796 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
3797 smartlist_clear(warned_nicknames
); /* now the list is empty. */
3799 networkstatus_reset_warnings();
3802 /** Return 1 if the signed descriptor of this router is older than
3803 * <b>seconds</b> seconds. Otherwise return 0. */
3805 router_descriptor_is_older_than
,(const routerinfo_t
*router
, int seconds
))
3807 return router
->cache_info
.published_on
< approx_time() - seconds
;
3810 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3811 * older entries (if any) with the same key. Note: Callers should not hold
3812 * their pointers to <b>router</b> if this function fails; <b>router</b>
3813 * will either be inserted into the routerlist or freed. Similarly, even
3814 * if this call succeeds, they should not hold their pointers to
3815 * <b>router</b> after subsequent calls with other routerinfo's -- they
3816 * might cause the original routerinfo to get freed.
3818 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3819 * the poster of the router to know something.
3821 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3822 * <b>from_fetch</b>, we received it in response to a request we made.
3823 * (If both are false, that means it was uploaded to us as an auth dir
3824 * server or via the controller.)
3826 * This function should be called *after*
3827 * routers_update_status_from_consensus_networkstatus; subsequently, you
3828 * should call router_rebuild_store and routerlist_descriptors_added.
3831 router_add_to_routerlist(routerinfo_t
*router
, const char **msg
,
3832 int from_cache
, int from_fetch
)
3834 const char *id_digest
;
3835 const or_options_t
*options
= get_options();
3836 int authdir
= authdir_mode_handles_descs(options
, router
->purpose
);
3837 int authdir_believes_valid
= 0;
3838 routerinfo_t
*old_router
;
3839 networkstatus_t
*consensus
=
3840 networkstatus_get_latest_consensus_by_flavor(FLAV_NS
);
3841 int in_consensus
= 0;
3846 router_get_routerlist();
3848 id_digest
= router
->cache_info
.identity_digest
;
3850 old_router
= router_get_mutable_by_digest(id_digest
);
3852 /* Make sure that it isn't expired. */
3853 if (router
->cert_expiration_time
< approx_time()) {
3854 routerinfo_free(router
);
3855 *msg
= "Some certs on this router are expired.";
3856 return ROUTER_CERTS_EXPIRED
;
3859 /* Make sure that we haven't already got this exact descriptor. */
3860 if (sdmap_get(routerlist
->desc_digest_map
,
3861 router
->cache_info
.signed_descriptor_digest
)) {
3862 /* If we have this descriptor already and the new descriptor is a bridge
3863 * descriptor, replace it. If we had a bridge descriptor before and the
3864 * new one is not a bridge descriptor, don't replace it. */
3866 /* Only members of routerlist->identity_map can be bridges; we don't
3867 * put bridges in old_routers. */
3868 const int was_bridge
= old_router
&&
3869 old_router
->purpose
== ROUTER_PURPOSE_BRIDGE
;
3871 if (routerinfo_is_a_configured_bridge(router
) &&
3872 router
->purpose
== ROUTER_PURPOSE_BRIDGE
&&
3874 log_info(LD_DIR
, "Replacing non-bridge descriptor with bridge "
3875 "descriptor for router %s",
3876 router_describe(router
));
3879 "Dropping descriptor that we already have for router %s",
3880 router_describe(router
));
3881 *msg
= "Router descriptor was not new.";
3882 routerinfo_free(router
);
3883 return ROUTER_IS_ALREADY_KNOWN
;
3888 if (authdir_wants_to_reject_router(router
, msg
,
3889 !from_cache
&& !from_fetch
,
3890 &authdir_believes_valid
)) {
3892 routerinfo_free(router
);
3893 return ROUTER_AUTHDIR_REJECTS
;
3895 } else if (from_fetch
) {
3896 /* Only check the descriptor digest against the network statuses when
3897 * we are receiving in response to a fetch. */
3899 if (!signed_desc_digest_is_recognized(&router
->cache_info
) &&
3900 !routerinfo_is_a_configured_bridge(router
)) {
3901 /* We asked for it, so some networkstatus must have listed it when we
3902 * did. Save it if we're a cache in case somebody else asks for it. */
3904 "Received a no-longer-recognized descriptor for router %s",
3905 router_describe(router
));
3906 *msg
= "Router descriptor is not referenced by any network-status.";
3908 /* Only journal this desc if we want to keep old descriptors */
3909 if (!from_cache
&& should_cache_old_descriptors())
3910 signed_desc_append_to_journal(&router
->cache_info
,
3911 &routerlist
->desc_store
);
3912 routerlist_insert_old(routerlist
, router
);
3913 return ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS
;
3917 /* We no longer need a router with this descriptor digest. */
3919 routerstatus_t
*rs
= networkstatus_vote_find_mutable_entry(
3920 consensus
, id_digest
);
3921 if (rs
&& tor_memeq(rs
->descriptor_digest
,
3922 router
->cache_info
.signed_descriptor_digest
,
3928 if (router
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3929 consensus
&& !in_consensus
&& !authdir
) {
3930 /* If it's a general router not listed in the consensus, then don't
3931 * consider replacing the latest router with it. */
3932 if (!from_cache
&& should_cache_old_descriptors())
3933 signed_desc_append_to_journal(&router
->cache_info
,
3934 &routerlist
->desc_store
);
3935 routerlist_insert_old(routerlist
, router
);
3936 *msg
= "Skipping router descriptor: not in consensus.";
3937 return ROUTER_NOT_IN_CONSENSUS
;
3940 /* If we're reading a bridge descriptor from our cache, and we don't
3941 * recognize it as one of our currently configured bridges, drop the
3942 * descriptor. Otherwise we could end up using it as one of our entry
3943 * guards even if it isn't in our Bridge config lines. */
3944 if (router
->purpose
== ROUTER_PURPOSE_BRIDGE
&& from_cache
&&
3945 !authdir_mode_bridge(options
) &&
3946 !routerinfo_is_a_configured_bridge(router
)) {
3947 log_info(LD_DIR
, "Dropping bridge descriptor for %s because we have "
3948 "no bridge configured at that address.",
3949 safe_str_client(router_describe(router
)));
3950 *msg
= "Router descriptor was not a configured bridge.";
3951 routerinfo_free(router
);
3952 return ROUTER_WAS_NOT_WANTED
;
3955 /* If we have a router with the same identity key, choose the newer one. */
3957 if (!in_consensus
&& (router
->cache_info
.published_on
<=
3958 old_router
->cache_info
.published_on
)) {
3959 /* Same key, but old. This one is not listed in the consensus. */
3960 log_debug(LD_DIR
, "Not-new descriptor for router %s",
3961 router_describe(router
));
3962 /* Only journal this desc if we'll be serving it. */
3963 if (!from_cache
&& should_cache_old_descriptors())
3964 signed_desc_append_to_journal(&router
->cache_info
,
3965 &routerlist
->desc_store
);
3966 routerlist_insert_old(routerlist
, router
);
3967 *msg
= "Router descriptor was not new.";
3968 return ROUTER_IS_ALREADY_KNOWN
;
3970 /* Same key, and either new, or listed in the consensus. */
3971 log_debug(LD_DIR
, "Replacing entry for router %s",
3972 router_describe(router
));
3973 routerlist_replace(routerlist
, old_router
, router
);
3975 signed_desc_append_to_journal(&router
->cache_info
,
3976 &routerlist
->desc_store
);
3978 *msg
= authdir_believes_valid
? "Valid server updated" :
3979 ("Invalid server updated. (This dirserver is marking your "
3980 "server as unapproved.)");
3981 return ROUTER_ADDED_SUCCESSFULLY
;
3985 if (!in_consensus
&& from_cache
&&
3986 router_descriptor_is_older_than(router
, OLD_ROUTER_DESC_MAX_AGE
)) {
3987 *msg
= "Router descriptor was really old.";
3988 routerinfo_free(router
);
3989 return ROUTER_WAS_TOO_OLD
;
3992 /* We haven't seen a router with this identity before. Add it to the end of
3994 routerlist_insert(routerlist
, router
);
3996 signed_desc_append_to_journal(&router
->cache_info
,
3997 &routerlist
->desc_store
);
3999 return ROUTER_ADDED_SUCCESSFULLY
;
4002 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
4003 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
4004 * we actually inserted it, ROUTER_BAD_EI otherwise.
4007 router_add_extrainfo_to_routerlist(extrainfo_t
*ei
, const char **msg
,
4008 int from_cache
, int from_fetch
)
4010 was_router_added_t inserted
;
4012 if (msg
) *msg
= NULL
;
4013 /*XXXX Do something with msg */
4015 inserted
= extrainfo_insert(router_get_routerlist(), ei
, !from_cache
);
4017 if (WRA_WAS_ADDED(inserted
) && !from_cache
)
4018 signed_desc_append_to_journal(&ei
->cache_info
,
4019 &routerlist
->extrainfo_store
);
4024 /** Sorting helper: return <0, 0, or >0 depending on whether the
4025 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4026 * to, or later than that of *<b>b</b>. */
4028 compare_old_routers_by_identity_(const void **_a
, const void **_b
)
4031 const signed_descriptor_t
*r1
= *_a
, *r2
= *_b
;
4032 if ((i
= fast_memcmp(r1
->identity_digest
, r2
->identity_digest
, DIGEST_LEN
)))
4034 return (int)(r1
->published_on
- r2
->published_on
);
4037 /** Internal type used to represent how long an old descriptor was valid,
4038 * where it appeared in the list of old descriptors, and whether it's extra
4039 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4040 struct duration_idx_t
{
4046 /** Sorting helper: compare two duration_idx_t by their duration. */
4048 compare_duration_idx_(const void *_d1
, const void *_d2
)
4050 const struct duration_idx_t
*d1
= _d1
;
4051 const struct duration_idx_t
*d2
= _d2
;
4052 return d1
->duration
- d2
->duration
;
4055 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4056 * must contain routerinfo_t with the same identity and with publication time
4057 * in ascending order. Remove members from this range until there are no more
4058 * than max_descriptors_per_router() remaining. Start by removing the oldest
4059 * members from before <b>cutoff</b>, then remove members which were current
4060 * for the lowest amount of time. The order of members of old_routers at
4061 * indices <b>lo</b> or higher may be changed.
4064 routerlist_remove_old_cached_routers_with_id(time_t now
,
4065 time_t cutoff
, int lo
, int hi
,
4066 digestset_t
*retain
)
4069 unsigned n_extra
, n_rmv
= 0;
4070 struct duration_idx_t
*lifespans
;
4071 uint8_t *rmv
, *must_keep
;
4072 smartlist_t
*lst
= routerlist
->old_routers
;
4075 tor_assert(hi
< smartlist_len(lst
));
4076 tor_assert(lo
<= hi
);
4077 ident
= ((signed_descriptor_t
*)smartlist_get(lst
, lo
))->identity_digest
;
4078 for (i
= lo
+1; i
<= hi
; ++i
) {
4079 signed_descriptor_t
*r
= smartlist_get(lst
, i
);
4080 tor_assert(tor_memeq(ident
, r
->identity_digest
, DIGEST_LEN
));
4083 /* Check whether we need to do anything at all. */
4085 int mdpr
= directory_caches_dir_info(get_options()) ? 2 : 1;
4091 lifespans
= tor_calloc(n
, sizeof(struct duration_idx_t
));
4092 rmv
= tor_calloc(n
, sizeof(uint8_t));
4093 must_keep
= tor_calloc(n
, sizeof(uint8_t));
4094 /* Set lifespans to contain the lifespan and index of each server. */
4095 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4096 for (i
= lo
; i
<= hi
; ++i
) {
4097 signed_descriptor_t
*r
= smartlist_get(lst
, i
);
4098 signed_descriptor_t
*r_next
;
4099 lifespans
[i
-lo
].idx
= i
;
4100 if (r
->last_listed_as_valid_until
>= now
||
4101 (retain
&& digestset_contains(retain
, r
->signed_descriptor_digest
))) {
4102 must_keep
[i
-lo
] = 1;
4105 r_next
= smartlist_get(lst
, i
+1);
4106 tor_assert(r
->published_on
<= r_next
->published_on
);
4107 lifespans
[i
-lo
].duration
= (int)(r_next
->published_on
- r
->published_on
);
4110 lifespans
[i
-lo
].duration
= INT_MAX
;
4112 if (!must_keep
[i
-lo
] && r
->published_on
< cutoff
&& n_rmv
< n_extra
) {
4114 lifespans
[i
-lo
].old
= 1;
4119 if (n_rmv
< n_extra
) {
4121 * We aren't removing enough servers for being old. Sort lifespans by
4122 * the duration of liveness, and remove the ones we're not already going to
4123 * remove based on how long they were alive.
4125 qsort(lifespans
, n
, sizeof(struct duration_idx_t
), compare_duration_idx_
);
4126 for (i
= 0; i
< n
&& n_rmv
< n_extra
; ++i
) {
4127 if (!must_keep
[lifespans
[i
].idx
-lo
] && !lifespans
[i
].old
) {
4128 rmv
[lifespans
[i
].idx
-lo
] = 1;
4137 routerlist_remove_old(routerlist
, smartlist_get(lst
, i
), i
);
4138 } while (--i
>= lo
);
4139 tor_free(must_keep
);
4141 tor_free(lifespans
);
4144 /** Deactivate any routers from the routerlist that are more than
4145 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4146 * remove old routers from the list of cached routers if we have too many.
4149 routerlist_remove_old_routers(void)
4152 const char *cur_id
= NULL
;
4153 time_t now
= time(NULL
);
4155 routerinfo_t
*router
;
4156 signed_descriptor_t
*sd
;
4157 digestset_t
*retain
;
4158 const networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
4160 trusted_dirs_remove_old_certs();
4162 if (!routerlist
|| !consensus
)
4165 // routerlist_assert_ok(routerlist);
4167 /* We need to guess how many router descriptors we will wind up wanting to
4168 retain, so that we can be sure to allocate a large enough Bloom filter
4169 to hold the digest set. Overestimating is fine; underestimating is bad.
4172 /* We'll probably retain everything in the consensus. */
4173 int n_max_retain
= smartlist_len(consensus
->routerstatus_list
);
4174 retain
= digestset_new(n_max_retain
);
4177 cutoff
= now
- OLD_ROUTER_DESC_MAX_AGE
;
4178 /* Retain anything listed in the consensus. */
4180 SMARTLIST_FOREACH(consensus
->routerstatus_list
, routerstatus_t
*, rs
,
4181 if (rs
->published_on
>= cutoff
)
4182 digestset_add(retain
, rs
->descriptor_digest
));
4185 /* If we have a consensus, we should consider pruning current routers that
4186 * are too old and that nobody recommends. (If we don't have a consensus,
4187 * then we should get one before we decide to kill routers.) */
4190 cutoff
= now
- ROUTER_MAX_AGE
;
4191 /* Remove too-old unrecommended members of routerlist->routers. */
4192 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
4193 router
= smartlist_get(routerlist
->routers
, i
);
4194 if (router
->cache_info
.published_on
<= cutoff
&&
4195 router
->cache_info
.last_listed_as_valid_until
< now
&&
4196 !digestset_contains(retain
,
4197 router
->cache_info
.signed_descriptor_digest
)) {
4198 /* Too old: remove it. (If we're a cache, just move it into
4201 "Forgetting obsolete (too old) routerinfo for router %s",
4202 router_describe(router
));
4203 routerlist_remove(routerlist
, router
, 1, now
);
4209 //routerlist_assert_ok(routerlist);
4211 /* Remove far-too-old members of routerlist->old_routers. */
4212 cutoff
= now
- OLD_ROUTER_DESC_MAX_AGE
;
4213 for (i
= 0; i
< smartlist_len(routerlist
->old_routers
); ++i
) {
4214 sd
= smartlist_get(routerlist
->old_routers
, i
);
4215 if (sd
->published_on
<= cutoff
&&
4216 sd
->last_listed_as_valid_until
< now
&&
4217 !digestset_contains(retain
, sd
->signed_descriptor_digest
)) {
4218 /* Too old. Remove it. */
4219 routerlist_remove_old(routerlist
, sd
, i
--);
4223 //routerlist_assert_ok(routerlist);
4225 log_info(LD_DIR
, "We have %d live routers and %d old router descriptors.",
4226 smartlist_len(routerlist
->routers
),
4227 smartlist_len(routerlist
->old_routers
));
4229 /* Now we might have to look at routerlist->old_routers for extraneous
4230 * members. (We'd keep all the members if we could, but we need to save
4231 * space.) First, check whether we have too many router descriptors, total.
4232 * We're okay with having too many for some given router, so long as the
4233 * total number doesn't approach max_descriptors_per_router()*len(router).
4235 if (smartlist_len(routerlist
->old_routers
) <
4236 smartlist_len(routerlist
->routers
))
4239 /* Sort by identity, then fix indices. */
4240 smartlist_sort(routerlist
->old_routers
, compare_old_routers_by_identity_
);
4242 for (i
= 0; i
< smartlist_len(routerlist
->old_routers
); ++i
) {
4243 signed_descriptor_t
*r
= smartlist_get(routerlist
->old_routers
, i
);
4244 r
->routerlist_index
= i
;
4247 /* Iterate through the list from back to front, so when we remove descriptors
4248 * we don't mess up groups we haven't gotten to. */
4249 for (i
= smartlist_len(routerlist
->old_routers
)-1; i
>= 0; --i
) {
4250 signed_descriptor_t
*r
= smartlist_get(routerlist
->old_routers
, i
);
4252 cur_id
= r
->identity_digest
;
4255 if (tor_memneq(cur_id
, r
->identity_digest
, DIGEST_LEN
)) {
4256 routerlist_remove_old_cached_routers_with_id(now
,
4257 cutoff
, i
+1, hi
, retain
);
4258 cur_id
= r
->identity_digest
;
4263 routerlist_remove_old_cached_routers_with_id(now
, cutoff
, 0, hi
, retain
);
4264 //routerlist_assert_ok(routerlist);
4267 digestset_free(retain
);
4268 router_rebuild_store(RRS_DONT_REMOVE_OLD
, &routerlist
->desc_store
);
4269 router_rebuild_store(RRS_DONT_REMOVE_OLD
,&routerlist
->extrainfo_store
);
4272 /** We just added a new set of descriptors. Take whatever extra steps
4275 routerlist_descriptors_added(smartlist_t
*sl
, int from_cache
)
4278 control_event_descriptors_changed(sl
);
4279 SMARTLIST_FOREACH_BEGIN(sl
, routerinfo_t
*, ri
) {
4280 if (ri
->purpose
== ROUTER_PURPOSE_BRIDGE
)
4281 learned_bridge_descriptor(ri
, from_cache
);
4282 if (ri
->needs_retest_if_added
) {
4283 ri
->needs_retest_if_added
= 0;
4284 dirserv_single_reachability_test(approx_time(), ri
);
4286 } SMARTLIST_FOREACH_END(ri
);
4290 * Code to parse a single router descriptor and insert it into the
4291 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4292 * descriptor was well-formed but could not be added; and 1 if the
4293 * descriptor was added.
4295 * If we don't add it and <b>msg</b> is not NULL, then assign to
4296 * *<b>msg</b> a static string describing the reason for refusing the
4299 * This is used only by the controller.
4302 router_load_single_router(const char *s
, uint8_t purpose
, int cache
,
4306 was_router_added_t r
;
4308 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
4312 tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
4313 "@source controller\n"
4314 "@purpose %s\n", router_purpose_to_string(purpose
));
4316 if (!(ri
= router_parse_entry_from_string(s
, NULL
, 1, 0,
4317 annotation_buf
, NULL
))) {
4318 log_warn(LD_DIR
, "Error parsing router descriptor; dropping.");
4319 *msg
= "Couldn't parse router descriptor.";
4322 tor_assert(ri
->purpose
== purpose
);
4323 if (router_is_me(ri
)) {
4324 log_warn(LD_DIR
, "Router's identity key matches mine; dropping.");
4325 *msg
= "Router's identity key matches mine.";
4326 routerinfo_free(ri
);
4330 if (!cache
) /* obey the preference of the controller */
4331 ri
->cache_info
.do_not_cache
= 1;
4333 lst
= smartlist_new();
4334 smartlist_add(lst
, ri
);
4335 routers_update_status_from_consensus_networkstatus(lst
, 0);
4337 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
4338 if (!WRA_WAS_ADDED(r
)) {
4339 /* we've already assigned to *msg now, and ri is already freed */
4341 if (r
== ROUTER_AUTHDIR_REJECTS
)
4342 log_warn(LD_DIR
, "Couldn't add router to list: %s Dropping.", *msg
);
4343 smartlist_free(lst
);
4346 routerlist_descriptors_added(lst
, 0);
4347 smartlist_free(lst
);
4348 log_debug(LD_DIR
, "Added router to list");
4353 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4354 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4355 * are in response to a query to the network: cache them by adding them to
4358 * Return the number of routers actually added.
4360 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4361 * uppercased fingerprints. Do not update any router whose
4362 * fingerprint is not on the list; after updating a router, remove its
4363 * fingerprint from the list.
4365 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4366 * are descriptor digests. Otherwise they are identity digests.
4369 router_load_routers_from_string(const char *s
, const char *eos
,
4370 saved_location_t saved_location
,
4371 smartlist_t
*requested_fingerprints
,
4372 int descriptor_digests
,
4373 const char *prepend_annotations
)
4375 smartlist_t
*routers
= smartlist_new(), *changed
= smartlist_new();
4376 char fp
[HEX_DIGEST_LEN
+1];
4378 int from_cache
= (saved_location
!= SAVED_NOWHERE
);
4379 int allow_annotations
= (saved_location
!= SAVED_NOWHERE
);
4380 int any_changed
= 0;
4381 smartlist_t
*invalid_digests
= smartlist_new();
4383 router_parse_list_from_string(&s
, eos
, routers
, saved_location
, 0,
4384 allow_annotations
, prepend_annotations
,
4387 routers_update_status_from_consensus_networkstatus(routers
, !from_cache
);
4389 log_info(LD_DIR
, "%d elements to add", smartlist_len(routers
));
4391 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
4392 was_router_added_t r
;
4394 if (requested_fingerprints
) {
4395 base16_encode(fp
, sizeof(fp
), descriptor_digests
?
4396 ri
->cache_info
.signed_descriptor_digest
:
4397 ri
->cache_info
.identity_digest
,
4399 if (smartlist_contains_string(requested_fingerprints
, fp
)) {
4400 smartlist_string_remove(requested_fingerprints
, fp
);
4403 smartlist_join_strings(requested_fingerprints
," ",0,NULL
);
4405 "We received a router descriptor with a fingerprint (%s) "
4406 "that we never requested. (We asked for: %s.) Dropping.",
4408 tor_free(requested
);
4409 routerinfo_free(ri
);
4414 memcpy(d
, ri
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
4415 r
= router_add_to_routerlist(ri
, &msg
, from_cache
, !from_cache
);
4416 if (WRA_WAS_ADDED(r
)) {
4418 smartlist_add(changed
, ri
);
4419 routerlist_descriptors_added(changed
, from_cache
);
4420 smartlist_clear(changed
);
4421 } else if (WRA_NEVER_DOWNLOADABLE(r
)) {
4422 download_status_t
*dl_status
;
4423 dl_status
= router_get_dl_status_by_descriptor_digest(d
);
4425 log_info(LD_GENERAL
, "Marking router %s as never downloadable",
4426 hex_str(d
, DIGEST_LEN
));
4427 download_status_mark_impossible(dl_status
);
4430 } SMARTLIST_FOREACH_END(ri
);
4432 SMARTLIST_FOREACH_BEGIN(invalid_digests
, const uint8_t *, bad_digest
) {
4433 /* This digest is never going to be parseable. */
4434 base16_encode(fp
, sizeof(fp
), (char*)bad_digest
, DIGEST_LEN
);
4435 if (requested_fingerprints
&& descriptor_digests
) {
4436 if (! smartlist_contains_string(requested_fingerprints
, fp
)) {
4437 /* But we didn't ask for it, so we should assume shennanegans. */
4440 smartlist_string_remove(requested_fingerprints
, fp
);
4442 download_status_t
*dls
;
4443 dls
= router_get_dl_status_by_descriptor_digest((char*)bad_digest
);
4445 log_info(LD_GENERAL
, "Marking router with descriptor %s as unparseable, "
4446 "and therefore undownloadable", fp
);
4447 download_status_mark_impossible(dls
);
4449 } SMARTLIST_FOREACH_END(bad_digest
);
4450 SMARTLIST_FOREACH(invalid_digests
, uint8_t *, d
, tor_free(d
));
4451 smartlist_free(invalid_digests
);
4453 routerlist_assert_ok(routerlist
);
4456 router_rebuild_store(0, &routerlist
->desc_store
);
4458 smartlist_free(routers
);
4459 smartlist_free(changed
);
4464 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4465 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4466 * router_load_routers_from_string(). */
4468 router_load_extrainfo_from_string(const char *s
, const char *eos
,
4469 saved_location_t saved_location
,
4470 smartlist_t
*requested_fingerprints
,
4471 int descriptor_digests
)
4473 smartlist_t
*extrainfo_list
= smartlist_new();
4475 int from_cache
= (saved_location
!= SAVED_NOWHERE
);
4476 smartlist_t
*invalid_digests
= smartlist_new();
4478 router_parse_list_from_string(&s
, eos
, extrainfo_list
, saved_location
, 1, 0,
4479 NULL
, invalid_digests
);
4481 log_info(LD_DIR
, "%d elements to add", smartlist_len(extrainfo_list
));
4483 SMARTLIST_FOREACH_BEGIN(extrainfo_list
, extrainfo_t
*, ei
) {
4484 uint8_t d
[DIGEST_LEN
];
4485 memcpy(d
, ei
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
4486 was_router_added_t added
=
4487 router_add_extrainfo_to_routerlist(ei
, &msg
, from_cache
, !from_cache
);
4488 if (WRA_WAS_ADDED(added
) && requested_fingerprints
) {
4489 char fp
[HEX_DIGEST_LEN
+1];
4490 base16_encode(fp
, sizeof(fp
), descriptor_digests
?
4491 ei
->cache_info
.signed_descriptor_digest
:
4492 ei
->cache_info
.identity_digest
,
4494 smartlist_string_remove(requested_fingerprints
, fp
);
4495 /* We silently let relays stuff us with extrainfos we didn't ask for,
4496 * so long as we would have wanted them anyway. Since we always fetch
4497 * all the extrainfos we want, and we never actually act on them
4498 * inside Tor, this should be harmless. */
4499 } else if (WRA_NEVER_DOWNLOADABLE(added
)) {
4500 signed_descriptor_t
*sd
= router_get_by_extrainfo_digest((char*)d
);
4502 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
4503 "unparseable, and therefore undownloadable",
4504 hex_str((char*)d
,DIGEST_LEN
));
4505 download_status_mark_impossible(&sd
->ei_dl_status
);
4508 } SMARTLIST_FOREACH_END(ei
);
4510 SMARTLIST_FOREACH_BEGIN(invalid_digests
, const uint8_t *, bad_digest
) {
4511 /* This digest is never going to be parseable. */
4512 char fp
[HEX_DIGEST_LEN
+1];
4513 base16_encode(fp
, sizeof(fp
), (char*)bad_digest
, DIGEST_LEN
);
4514 if (requested_fingerprints
) {
4515 if (! smartlist_contains_string(requested_fingerprints
, fp
)) {
4516 /* But we didn't ask for it, so we should assume shennanegans. */
4519 smartlist_string_remove(requested_fingerprints
, fp
);
4521 signed_descriptor_t
*sd
=
4522 router_get_by_extrainfo_digest((char*)bad_digest
);
4524 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
4525 "unparseable, and therefore undownloadable", fp
);
4526 download_status_mark_impossible(&sd
->ei_dl_status
);
4528 } SMARTLIST_FOREACH_END(bad_digest
);
4529 SMARTLIST_FOREACH(invalid_digests
, uint8_t *, d
, tor_free(d
));
4530 smartlist_free(invalid_digests
);
4532 routerlist_assert_ok(routerlist
);
4533 router_rebuild_store(0, &router_get_routerlist()->extrainfo_store
);
4535 smartlist_free(extrainfo_list
);
4538 /** Return true iff the latest ns-flavored consensus includes a descriptor
4539 * whose digest is that of <b>desc</b>. */
4541 signed_desc_digest_is_recognized(signed_descriptor_t
*desc
)
4543 const routerstatus_t
*rs
;
4544 networkstatus_t
*consensus
= networkstatus_get_latest_consensus_by_flavor(
4548 rs
= networkstatus_vote_find_entry(consensus
, desc
->identity_digest
);
4549 if (rs
&& tor_memeq(rs
->descriptor_digest
,
4550 desc
->signed_descriptor_digest
, DIGEST_LEN
))
4556 /** Update downloads for router descriptors and/or microdescriptors as
4559 update_all_descriptor_downloads(time_t now
)
4561 if (should_delay_dir_fetches(get_options(), NULL
))
4563 update_router_descriptor_downloads(now
);
4564 update_microdesc_downloads(now
);
4565 launch_dummy_descriptor_download_as_needed(now
, get_options());
4568 /** Clear all our timeouts for fetching v3 directory stuff, and then
4569 * give it all a try again. */
4571 routerlist_retry_directory_downloads(time_t now
)
4575 log_debug(LD_GENERAL
,
4576 "In routerlist_retry_directory_downloads()");
4578 router_reset_status_download_failures();
4579 router_reset_descriptor_download_failures();
4580 reschedule_directory_downloads();
4583 /** Return true iff <b>router</b> does not permit exit streams.
4586 router_exit_policy_rejects_all(const routerinfo_t
*router
)
4588 return router
->policy_is_reject_star
;
4591 /** Create a directory server at <b>address</b>:<b>port</b>, with OR identity
4592 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4593 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4594 * the new directory server entry on success or NULL on failure. */
4595 static dir_server_t
*
4596 dir_server_new(int is_authority
,
4597 const char *nickname
,
4598 const tor_addr_t
*addr
,
4599 const char *hostname
,
4600 uint16_t dir_port
, uint16_t or_port
,
4601 const tor_addr_port_t
*addrport_ipv6
,
4602 const char *digest
, const char *v3_auth_digest
,
4603 dirinfo_type_t type
,
4608 char *hostname_
= NULL
;
4615 if (tor_addr_family(addr
) == AF_INET
)
4616 a
= tor_addr_to_ipv4h(addr
);
4621 hostname_
= tor_addr_to_str_dup(addr
);
4623 hostname_
= tor_strdup(hostname
);
4625 ent
= tor_malloc_zero(sizeof(dir_server_t
));
4626 ent
->nickname
= nickname
? tor_strdup(nickname
) : NULL
;
4627 ent
->address
= hostname_
;
4629 ent
->dir_port
= dir_port
;
4630 ent
->or_port
= or_port
;
4631 ent
->is_running
= 1;
4632 ent
->is_authority
= is_authority
;
4634 ent
->weight
= weight
;
4635 if (addrport_ipv6
) {
4636 if (tor_addr_family(&addrport_ipv6
->addr
) != AF_INET6
) {
4637 log_warn(LD_BUG
, "Hey, I got a non-ipv6 addr as addrport_ipv6.");
4638 tor_addr_make_unspec(&ent
->ipv6_addr
);
4640 tor_addr_copy(&ent
->ipv6_addr
, &addrport_ipv6
->addr
);
4641 ent
->ipv6_orport
= addrport_ipv6
->port
;
4644 tor_addr_make_unspec(&ent
->ipv6_addr
);
4647 memcpy(ent
->digest
, digest
, DIGEST_LEN
);
4648 if (v3_auth_digest
&& (type
& V3_DIRINFO
))
4649 memcpy(ent
->v3_identity_digest
, v3_auth_digest
, DIGEST_LEN
);
4652 tor_asprintf(&ent
->description
, "directory server \"%s\" at %s:%d",
4653 nickname
, hostname_
, (int)dir_port
);
4655 tor_asprintf(&ent
->description
, "directory server at %s:%d",
4656 hostname_
, (int)dir_port
);
4658 ent
->fake_status
.addr
= ent
->addr
;
4659 tor_addr_copy(&ent
->fake_status
.ipv6_addr
, &ent
->ipv6_addr
);
4660 memcpy(ent
->fake_status
.identity_digest
, digest
, DIGEST_LEN
);
4662 strlcpy(ent
->fake_status
.nickname
, nickname
,
4663 sizeof(ent
->fake_status
.nickname
));
4665 ent
->fake_status
.nickname
[0] = '\0';
4666 ent
->fake_status
.dir_port
= ent
->dir_port
;
4667 ent
->fake_status
.or_port
= ent
->or_port
;
4668 ent
->fake_status
.ipv6_orport
= ent
->ipv6_orport
;
4673 /** Create an authoritative directory server at
4674 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4675 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4676 * server entry on success or NULL if we couldn't add it. */
4678 trusted_dir_server_new(const char *nickname
, const char *address
,
4679 uint16_t dir_port
, uint16_t or_port
,
4680 const tor_addr_port_t
*ipv6_addrport
,
4681 const char *digest
, const char *v3_auth_digest
,
4682 dirinfo_type_t type
, double weight
)
4686 char *hostname
=NULL
;
4687 dir_server_t
*result
;
4689 if (!address
) { /* The address is us; we should guess. */
4690 if (resolve_my_address(LOG_WARN
, get_options(),
4691 &a
, NULL
, &hostname
) < 0) {
4693 "Couldn't find a suitable address when adding ourself as a "
4694 "trusted directory server.");
4698 hostname
= tor_dup_ip(a
);
4700 if (tor_lookup_hostname(address
, &a
)) {
4702 "Unable to lookup address for directory server at '%s'",
4706 hostname
= tor_strdup(address
);
4708 tor_addr_from_ipv4h(&addr
, a
);
4710 result
= dir_server_new(1, nickname
, &addr
, hostname
,
4714 v3_auth_digest
, type
, weight
);
4719 /** Return a new dir_server_t for a fallback directory server at
4720 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4721 * <b>id_digest</b> */
4723 fallback_dir_server_new(const tor_addr_t
*addr
,
4724 uint16_t dir_port
, uint16_t or_port
,
4725 const tor_addr_port_t
*addrport_ipv6
,
4726 const char *id_digest
, double weight
)
4728 return dir_server_new(0, NULL
, addr
, NULL
, dir_port
, or_port
,
4731 NULL
, ALL_DIRINFO
, weight
);
4734 /** Add a directory server to the global list(s). */
4736 dir_server_add(dir_server_t
*ent
)
4738 if (!trusted_dir_servers
)
4739 trusted_dir_servers
= smartlist_new();
4740 if (!fallback_dir_servers
)
4741 fallback_dir_servers
= smartlist_new();
4743 if (ent
->is_authority
)
4744 smartlist_add(trusted_dir_servers
, ent
);
4746 smartlist_add(fallback_dir_servers
, ent
);
4747 router_dir_info_changed();
4750 /** Free storage held in <b>cert</b>. */
4752 authority_cert_free_(authority_cert_t
*cert
)
4757 tor_free(cert
->cache_info
.signed_descriptor_body
);
4758 crypto_pk_free(cert
->signing_key
);
4759 crypto_pk_free(cert
->identity_key
);
4764 #define dir_server_free(val) \
4765 FREE_AND_NULL(dir_server_t, dir_server_free_, (val))
4767 /** Free storage held in <b>ds</b>. */
4769 dir_server_free_(dir_server_t
*ds
)
4774 tor_free(ds
->nickname
);
4775 tor_free(ds
->description
);
4776 tor_free(ds
->address
);
4780 /** Remove all members from the list of dir servers. */
4782 clear_dir_servers(void)
4784 if (fallback_dir_servers
) {
4785 SMARTLIST_FOREACH(fallback_dir_servers
, dir_server_t
*, ent
,
4786 dir_server_free(ent
));
4787 smartlist_clear(fallback_dir_servers
);
4789 fallback_dir_servers
= smartlist_new();
4791 if (trusted_dir_servers
) {
4792 smartlist_clear(trusted_dir_servers
);
4794 trusted_dir_servers
= smartlist_new();
4796 router_dir_info_changed();
4799 /** For every current directory connection whose purpose is <b>purpose</b>,
4800 * and where the resource being downloaded begins with <b>prefix</b>, split
4801 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4802 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4803 * corresponding elements of <b>result</b> to a nonzero value.
4806 list_pending_downloads(digestmap_t
*result
, digest256map_t
*result256
,
4807 int purpose
, const char *prefix
)
4809 const size_t p_len
= strlen(prefix
);
4810 smartlist_t
*tmp
= smartlist_new();
4811 smartlist_t
*conns
= get_connection_array();
4812 int flags
= DSR_HEX
;
4813 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
)
4814 flags
= DSR_DIGEST256
|DSR_BASE64
;
4816 tor_assert(result
|| result256
);
4818 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
4819 if (conn
->type
== CONN_TYPE_DIR
&&
4820 conn
->purpose
== purpose
&&
4821 !conn
->marked_for_close
) {
4822 const char *resource
= TO_DIR_CONN(conn
)->requested_resource
;
4823 if (!strcmpstart(resource
, prefix
))
4824 dir_split_resource_into_fingerprints(resource
+ p_len
,
4827 } SMARTLIST_FOREACH_END(conn
);
4830 SMARTLIST_FOREACH(tmp
, char *, d
,
4832 digestmap_set(result
, d
, (void*)1);
4835 } else if (result256
) {
4836 SMARTLIST_FOREACH(tmp
, uint8_t *, d
,
4838 digest256map_set(result256
, d
, (void*)1);
4842 smartlist_free(tmp
);
4845 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4846 * true) we are currently downloading by descriptor digest, set result[d] to
4849 list_pending_descriptor_downloads(digestmap_t
*result
, int extrainfo
)
4852 extrainfo
? DIR_PURPOSE_FETCH_EXTRAINFO
: DIR_PURPOSE_FETCH_SERVERDESC
;
4853 list_pending_downloads(result
, NULL
, purpose
, "d/");
4856 /** For every microdescriptor we are currently downloading by descriptor
4857 * digest, set result[d] to (void*)1.
4860 list_pending_microdesc_downloads(digest256map_t
*result
)
4862 list_pending_downloads(NULL
, result
, DIR_PURPOSE_FETCH_MICRODESC
, "d/");
4865 /** For every certificate we are currently downloading by (identity digest,
4866 * signing key digest) pair, set result[fp_pair] to (void *1).
4869 list_pending_fpsk_downloads(fp_pair_map_t
*result
)
4871 const char *pfx
= "fp-sk/";
4874 const char *resource
;
4878 tmp
= smartlist_new();
4879 conns
= get_connection_array();
4881 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
4882 if (conn
->type
== CONN_TYPE_DIR
&&
4883 conn
->purpose
== DIR_PURPOSE_FETCH_CERTIFICATE
&&
4884 !conn
->marked_for_close
) {
4885 resource
= TO_DIR_CONN(conn
)->requested_resource
;
4886 if (!strcmpstart(resource
, pfx
))
4887 dir_split_resource_into_fingerprint_pairs(resource
+ strlen(pfx
),
4890 } SMARTLIST_FOREACH_END(conn
);
4892 SMARTLIST_FOREACH_BEGIN(tmp
, fp_pair_t
*, fp
) {
4893 fp_pair_map_set(result
, fp
, (void*)1);
4895 } SMARTLIST_FOREACH_END(fp
);
4897 smartlist_free(tmp
);
4900 /** Launch downloads for all the descriptors whose digests or digests256
4901 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4902 * range.) If <b>source</b> is given, download from <b>source</b>;
4903 * otherwise, download from an appropriate random directory server.
4905 MOCK_IMPL(STATIC
void,
4906 initiate_descriptor_downloads
,(const routerstatus_t
*source
,
4907 int purpose
, smartlist_t
*digests
,
4908 int lo
, int hi
, int pds_flags
))
4910 char *resource
, *cp
;
4911 int digest_len
, enc_digest_len
;
4916 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
) {
4917 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4918 * 256-bit digests. */
4919 digest_len
= DIGEST256_LEN
;
4920 enc_digest_len
= BASE64_DIGEST256_LEN
+ 1;
4924 digest_len
= DIGEST_LEN
;
4925 enc_digest_len
= HEX_DIGEST_LEN
+ 1;
4932 if (hi
> smartlist_len(digests
))
4933 hi
= smartlist_len(digests
);
4938 tmp
= smartlist_new();
4940 for (; lo
< hi
; ++lo
) {
4941 cp
= tor_malloc(enc_digest_len
);
4943 digest256_to_base64(cp
, smartlist_get(digests
, lo
));
4945 base16_encode(cp
, enc_digest_len
, smartlist_get(digests
, lo
),
4948 smartlist_add(tmp
, cp
);
4951 cp
= smartlist_join_strings(tmp
, sep
, 0, NULL
);
4952 tor_asprintf(&resource
, "d/%s.z", cp
);
4954 SMARTLIST_FOREACH(tmp
, char *, cp1
, tor_free(cp1
));
4955 smartlist_free(tmp
);
4959 /* We know which authority or directory mirror we want. */
4960 directory_request_t
*req
= directory_request_new(purpose
);
4961 directory_request_set_routerstatus(req
, source
);
4962 directory_request_set_resource(req
, resource
);
4963 directory_initiate_request(req
);
4964 directory_request_free(req
);
4966 directory_get_from_dirserver(purpose
, ROUTER_PURPOSE_GENERAL
, resource
,
4967 pds_flags
, DL_WANT_ANY_DIRSERVER
);
4972 /** Return the max number of hashes to put in a URL for a given request.
4975 max_dl_per_request(const or_options_t
*options
, int purpose
)
4977 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4978 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4979 * /tor/server/d/.z) == 4026
4980 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4981 * So use 96 because it's a nice number.
4983 * For microdescriptors, the calculation is
4984 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4985 * /tor/micro/d/.z) == 4027
4986 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4987 * So use 90 because it's a nice number.
4990 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
) {
4993 /* If we're going to tunnel our connections, we can ask for a lot more
4995 if (directory_must_use_begindir(options
)) {
5001 /** Don't split our requests so finely that we are requesting fewer than
5002 * this number per server. (Grouping more than this at once leads to
5003 * diminishing returns.) */
5004 #define MIN_DL_PER_REQUEST 32
5005 /** To prevent a single screwy cache from confusing us by selective reply,
5006 * try to split our requests into at least this many requests. */
5007 #define MIN_REQUESTS 3
5008 /** If we want fewer than this many descriptors, wait until we
5009 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
5010 #define MAX_DL_TO_DELAY 16
5012 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
5013 * router descriptor digests or microdescriptor digest256s in
5014 * <b>downloadable</b>, decide whether to delay fetching until we have more.
5015 * If we don't want to delay, launch one or more requests to the appropriate
5016 * directory authorities.
5019 launch_descriptor_downloads(int purpose
,
5020 smartlist_t
*downloadable
,
5021 const routerstatus_t
*source
, time_t now
)
5023 const or_options_t
*options
= get_options();
5024 const char *descname
;
5025 const int fetch_microdesc
= (purpose
== DIR_PURPOSE_FETCH_MICRODESC
);
5026 int n_downloadable
= smartlist_len(downloadable
);
5028 int i
, n_per_request
, max_dl_per_req
;
5029 const char *req_plural
= "", *rtr_plural
= "";
5030 int pds_flags
= PDS_RETRY_IF_NO_SERVERS
;
5032 tor_assert(fetch_microdesc
|| purpose
== DIR_PURPOSE_FETCH_SERVERDESC
);
5033 descname
= fetch_microdesc
? "microdesc" : "routerdesc";
5035 if (!n_downloadable
)
5038 if (!directory_fetches_dir_info_early(options
)) {
5039 if (n_downloadable
>= MAX_DL_TO_DELAY
) {
5041 "There are enough downloadable %ss to launch requests.",
5043 } else if (! router_have_minimum_dir_info()) {
5045 "We are only missing %d %ss, but we'll fetch anyway, since "
5046 "we don't yet have enough directory info.",
5047 n_downloadable
, descname
);
5051 if ((last_descriptor_download_attempted
+
5052 options
->TestingClientMaxIntervalWithoutRequest
) > now
)
5055 if (last_descriptor_download_attempted
) {
5057 "There are not many downloadable %ss, but we've "
5058 "been waiting long enough (%d seconds). Downloading.",
5060 (int)(now
-last_descriptor_download_attempted
));
5063 "There are not many downloadable %ss, but we haven't "
5064 "tried downloading descriptors recently. Downloading.",
5070 if (!authdir_mode(options
)) {
5071 /* If we wind up going to the authorities, we want to only open one
5072 * connection to each authority at a time, so that we don't overload
5073 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5074 * regardless of whether we're a cache or not.
5076 * Setting this flag can make initiate_descriptor_downloads() ignore
5077 * requests. We need to make sure that we do in fact call
5078 * update_router_descriptor_downloads() later on, once the connections
5079 * have succeeded or failed.
5081 pds_flags
|= fetch_microdesc
?
5082 PDS_NO_EXISTING_MICRODESC_FETCH
:
5083 PDS_NO_EXISTING_SERVERDESC_FETCH
;
5086 n_per_request
= CEIL_DIV(n_downloadable
, MIN_REQUESTS
);
5087 max_dl_per_req
= max_dl_per_request(options
, purpose
);
5089 if (n_per_request
> max_dl_per_req
)
5090 n_per_request
= max_dl_per_req
;
5092 if (n_per_request
< MIN_DL_PER_REQUEST
) {
5093 n_per_request
= MIN(MIN_DL_PER_REQUEST
, n_downloadable
);
5096 if (n_downloadable
> n_per_request
)
5097 req_plural
= rtr_plural
= "s";
5098 else if (n_downloadable
> 1)
5102 "Launching %d request%s for %d %s%s, %d at a time",
5103 CEIL_DIV(n_downloadable
, n_per_request
), req_plural
,
5104 n_downloadable
, descname
, rtr_plural
, n_per_request
);
5105 smartlist_sort_digests(downloadable
);
5106 for (i
=0; i
< n_downloadable
; i
+= n_per_request
) {
5107 initiate_descriptor_downloads(source
, purpose
,
5108 downloadable
, i
, i
+n_per_request
,
5111 last_descriptor_download_attempted
= now
;
5114 /** For any descriptor that we want that's currently listed in
5115 * <b>consensus</b>, download it as appropriate. */
5117 update_consensus_router_descriptor_downloads(time_t now
, int is_vote
,
5118 networkstatus_t
*consensus
)
5120 const or_options_t
*options
= get_options();
5121 digestmap_t
*map
= NULL
;
5122 smartlist_t
*no_longer_old
= smartlist_new();
5123 smartlist_t
*downloadable
= smartlist_new();
5124 routerstatus_t
*source
= NULL
;
5125 int authdir
= authdir_mode(options
);
5126 int n_delayed
=0, n_have
=0, n_would_reject
=0, n_wouldnt_use
=0,
5127 n_inprogress
=0, n_in_oldrouters
=0;
5129 if (directory_too_idle_to_fetch_descriptors(options
, now
))
5135 /* where's it from, so we know whom to ask for descriptors */
5137 networkstatus_voter_info_t
*voter
= smartlist_get(consensus
->voters
, 0);
5139 ds
= trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
);
5141 source
= &(ds
->fake_status
);
5143 log_warn(LD_DIR
, "couldn't lookup source from vote?");
5146 map
= digestmap_new();
5147 list_pending_descriptor_downloads(map
, 0);
5148 SMARTLIST_FOREACH_BEGIN(consensus
->routerstatus_list
, void *, rsp
) {
5149 routerstatus_t
*rs
=
5150 is_vote
? &(((vote_routerstatus_t
*)rsp
)->status
) : rsp
;
5151 signed_descriptor_t
*sd
;
5152 if ((sd
= router_get_by_descriptor_digest(rs
->descriptor_digest
))) {
5153 const routerinfo_t
*ri
;
5155 if (!(ri
= router_get_by_id_digest(rs
->identity_digest
)) ||
5156 tor_memneq(ri
->cache_info
.signed_descriptor_digest
,
5157 sd
->signed_descriptor_digest
, DIGEST_LEN
)) {
5158 /* We have a descriptor with this digest, but either there is no
5159 * entry in routerlist with the same ID (!ri), or there is one,
5160 * but the identity digest differs (memneq).
5162 smartlist_add(no_longer_old
, sd
);
5163 ++n_in_oldrouters
; /* We have it in old_routers. */
5165 continue; /* We have it already. */
5167 if (digestmap_get(map
, rs
->descriptor_digest
)) {
5169 continue; /* We have an in-progress download. */
5171 if (!download_status_is_ready(&rs
->dl_status
, now
)) {
5172 ++n_delayed
; /* Not ready for retry. */
5175 if (authdir
&& dirserv_would_reject_router(rs
)) {
5177 continue; /* We would throw it out immediately. */
5179 if (!we_want_to_fetch_flavor(options
, consensus
->flavor
) &&
5180 !client_would_use_router(rs
, now
)) {
5182 continue; /* We would never use it ourself. */
5184 if (is_vote
&& source
) {
5185 char time_bufnew
[ISO_TIME_LEN
+1];
5186 char time_bufold
[ISO_TIME_LEN
+1];
5187 const routerinfo_t
*oldrouter
;
5188 oldrouter
= router_get_by_id_digest(rs
->identity_digest
);
5189 format_iso_time(time_bufnew
, rs
->published_on
);
5191 format_iso_time(time_bufold
, oldrouter
->cache_info
.published_on
);
5192 log_info(LD_DIR
, "Learned about %s (%s vs %s) from %s's vote (%s)",
5193 routerstatus_describe(rs
),
5195 oldrouter
? time_bufold
: "none",
5196 source
->nickname
, oldrouter
? "known" : "unknown");
5198 smartlist_add(downloadable
, rs
->descriptor_digest
);
5199 } SMARTLIST_FOREACH_END(rsp
);
5201 if (!authdir_mode_v3(options
)
5202 && smartlist_len(no_longer_old
)) {
5203 routerlist_t
*rl
= router_get_routerlist();
5204 log_info(LD_DIR
, "%d router descriptors listed in consensus are "
5205 "currently in old_routers; making them current.",
5206 smartlist_len(no_longer_old
));
5207 SMARTLIST_FOREACH_BEGIN(no_longer_old
, signed_descriptor_t
*, sd
) {
5209 was_router_added_t r
;
5210 time_t tmp_cert_expiration_time
;
5211 routerinfo_t
*ri
= routerlist_reparse_old(rl
, sd
);
5213 log_warn(LD_BUG
, "Failed to re-parse a router.");
5216 /* need to remember for below, since add_to_routerlist may free. */
5217 tmp_cert_expiration_time
= ri
->cert_expiration_time
;
5219 r
= router_add_to_routerlist(ri
, &msg
, 1, 0);
5220 if (WRA_WAS_OUTDATED(r
)) {
5221 log_warn(LD_DIR
, "Couldn't add re-parsed router: %s. This isn't "
5222 "usually a big deal, but you should make sure that your "
5223 "clock and timezone are set correctly.",
5225 if (r
== ROUTER_CERTS_EXPIRED
) {
5226 char time_cons
[ISO_TIME_LEN
+1];
5227 char time_cert_expires
[ISO_TIME_LEN
+1];
5228 format_iso_time(time_cons
, consensus
->valid_after
);
5229 format_iso_time(time_cert_expires
, tmp_cert_expiration_time
);
5230 log_warn(LD_DIR
, " (I'm looking at a consensus from %s; This "
5231 "router's certificates began expiring at %s.)",
5232 time_cons
, time_cert_expires
);
5235 } SMARTLIST_FOREACH_END(sd
);
5236 routerlist_assert_ok(rl
);
5240 "%d router descriptors downloadable. %d delayed; %d present "
5241 "(%d of those were in old_routers); %d would_reject; "
5242 "%d wouldnt_use; %d in progress.",
5243 smartlist_len(downloadable
), n_delayed
, n_have
, n_in_oldrouters
,
5244 n_would_reject
, n_wouldnt_use
, n_inprogress
);
5246 launch_descriptor_downloads(DIR_PURPOSE_FETCH_SERVERDESC
,
5247 downloadable
, source
, now
);
5249 digestmap_free(map
, NULL
);
5251 smartlist_free(downloadable
);
5252 smartlist_free(no_longer_old
);
5255 /** How often should we launch a server/authority request to be sure of getting
5256 * a guess for our IP? */
5257 /*XXXX+ this info should come from netinfo cells or something, or we should
5258 * do this only when we aren't seeing incoming data. see bug 652. */
5259 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5261 /** As needed, launch a dummy router descriptor fetch to see if our
5262 * address has changed. */
5264 launch_dummy_descriptor_download_as_needed(time_t now
,
5265 const or_options_t
*options
)
5267 static time_t last_dummy_download
= 0;
5268 /* XXXX+ we could be smarter here; see notes on bug 652. */
5269 /* If we're a server that doesn't have a configured address, we rely on
5270 * directory fetches to learn when our address changes. So if we haven't
5271 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5272 if (!options
->Address
&&
5273 server_mode(options
) &&
5274 last_descriptor_download_attempted
+ DUMMY_DOWNLOAD_INTERVAL
< now
&&
5275 last_dummy_download
+ DUMMY_DOWNLOAD_INTERVAL
< now
) {
5276 last_dummy_download
= now
;
5277 /* XX/teor - do we want an authority here, because they are less likely
5278 * to give us the wrong address? (See #17782)
5279 * I'm leaving the previous behaviour intact, because I don't like
5280 * the idea of some relays contacting an authority every 20 minutes. */
5281 directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC
,
5282 ROUTER_PURPOSE_GENERAL
, "authority.z",
5283 PDS_RETRY_IF_NO_SERVERS
,
5284 DL_WANT_ANY_DIRSERVER
);
5288 /** Launch downloads for router status as needed. */
5290 update_router_descriptor_downloads(time_t now
)
5292 const or_options_t
*options
= get_options();
5293 if (should_delay_dir_fetches(options
, NULL
))
5295 if (!we_fetch_router_descriptors(options
))
5298 update_consensus_router_descriptor_downloads(now
, 0,
5299 networkstatus_get_reasonably_live_consensus(now
, FLAV_NS
));
5302 /** Launch extrainfo downloads as needed. */
5304 update_extrainfo_downloads(time_t now
)
5306 const or_options_t
*options
= get_options();
5308 smartlist_t
*wanted
;
5309 digestmap_t
*pending
;
5310 int old_routers
, i
, max_dl_per_req
;
5311 int n_no_ei
= 0, n_pending
= 0, n_have
= 0, n_delay
= 0, n_bogus
[2] = {0,0};
5312 if (! options
->DownloadExtraInfo
)
5314 if (should_delay_dir_fetches(options
, NULL
))
5316 if (!router_have_minimum_dir_info())
5319 pending
= digestmap_new();
5320 list_pending_descriptor_downloads(pending
, 1);
5321 rl
= router_get_routerlist();
5322 wanted
= smartlist_new();
5323 for (old_routers
= 0; old_routers
< 2; ++old_routers
) {
5324 smartlist_t
*lst
= old_routers
? rl
->old_routers
: rl
->routers
;
5325 for (i
= 0; i
< smartlist_len(lst
); ++i
) {
5326 signed_descriptor_t
*sd
;
5329 sd
= smartlist_get(lst
, i
);
5331 sd
= &((routerinfo_t
*)smartlist_get(lst
, i
))->cache_info
;
5332 if (sd
->is_extrainfo
)
5333 continue; /* This should never happen. */
5334 if (old_routers
&& !router_get_by_id_digest(sd
->identity_digest
))
5335 continue; /* Couldn't check the signature if we got it. */
5336 if (sd
->extrainfo_is_bogus
)
5338 d
= sd
->extra_info_digest
;
5339 if (tor_digest_is_zero(d
)) {
5343 if (eimap_get(rl
->extra_info_map
, d
)) {
5347 if (!download_status_is_ready(&sd
->ei_dl_status
, now
)) {
5351 if (digestmap_get(pending
, d
)) {
5356 const signed_descriptor_t
*sd2
= router_get_by_extrainfo_digest(d
);
5359 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
5360 char d3
[HEX_DIGEST_LEN
+1], d4
[HEX_DIGEST_LEN
+1];
5361 base16_encode(d1
, sizeof(d1
), sd
->identity_digest
, DIGEST_LEN
);
5362 base16_encode(d2
, sizeof(d2
), sd2
->identity_digest
, DIGEST_LEN
);
5363 base16_encode(d3
, sizeof(d3
), d
, DIGEST_LEN
);
5364 base16_encode(d4
, sizeof(d3
), sd2
->extra_info_digest
, DIGEST_LEN
);
5366 log_info(LD_DIR
, "Found an entry in %s with mismatched "
5367 "router_get_by_extrainfo_digest() value. This has ID %s "
5368 "but the entry in the map has ID %s. This has EI digest "
5369 "%s and the entry in the map has EI digest %s.",
5370 old_routers
?"old_routers":"routers",
5373 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
5374 base16_encode(d1
, sizeof(d1
), sd
->identity_digest
, DIGEST_LEN
);
5375 base16_encode(d2
, sizeof(d2
), d
, DIGEST_LEN
);
5377 log_info(LD_DIR
, "Found an entry in %s with NULL "
5378 "router_get_by_extrainfo_digest() value. This has ID %s "
5379 "and EI digest %s.",
5380 old_routers
?"old_routers":"routers",
5383 ++n_bogus
[old_routers
];
5386 smartlist_add(wanted
, d
);
5389 digestmap_free(pending
, NULL
);
5391 log_info(LD_DIR
, "Extrainfo download status: %d router with no ei, %d "
5392 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5393 "bogus in routers, %d bogus in old_routers",
5394 n_no_ei
, n_have
, n_delay
, n_pending
, smartlist_len(wanted
),
5395 n_bogus
[0], n_bogus
[1]);
5397 smartlist_shuffle(wanted
);
5399 max_dl_per_req
= max_dl_per_request(options
, DIR_PURPOSE_FETCH_EXTRAINFO
);
5400 for (i
= 0; i
< smartlist_len(wanted
); i
+= max_dl_per_req
) {
5401 initiate_descriptor_downloads(NULL
, DIR_PURPOSE_FETCH_EXTRAINFO
,
5402 wanted
, i
, i
+max_dl_per_req
,
5403 PDS_RETRY_IF_NO_SERVERS
|PDS_NO_EXISTING_SERVERDESC_FETCH
);
5406 smartlist_free(wanted
);
5409 /** Reset the consensus and extra-info download failure count on all routers.
5410 * When we get a new consensus,
5411 * routers_update_status_from_consensus_networkstatus() will reset the
5412 * download statuses on the descriptors in that consensus.
5415 router_reset_descriptor_download_failures(void)
5417 log_debug(LD_GENERAL
,
5418 "In router_reset_descriptor_download_failures()");
5420 networkstatus_reset_download_failures();
5421 last_descriptor_download_attempted
= 0;
5424 /* We want to download *all* extra-info descriptors, not just those in
5425 * the consensus we currently have (or are about to have) */
5426 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, ri
,
5428 download_status_reset(&ri
->cache_info
.ei_dl_status
);
5430 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
5432 download_status_reset(&sd
->ei_dl_status
);
5436 /** Any changes in a router descriptor's publication time larger than this are
5437 * automatically non-cosmetic. */
5438 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5440 /** We allow uptime to vary from how much it ought to be by this much. */
5441 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5443 /** Return true iff the only differences between r1 and r2 are such that
5444 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5447 router_differences_are_cosmetic(const routerinfo_t
*r1
, const routerinfo_t
*r2
)
5449 time_t r1pub
, r2pub
;
5450 long time_difference
;
5451 tor_assert(r1
&& r2
);
5453 /* r1 should be the one that was published first. */
5454 if (r1
->cache_info
.published_on
> r2
->cache_info
.published_on
) {
5455 const routerinfo_t
*ri_tmp
= r2
;
5460 /* If any key fields differ, they're different. */
5461 if (r1
->addr
!= r2
->addr
||
5462 strcasecmp(r1
->nickname
, r2
->nickname
) ||
5463 r1
->or_port
!= r2
->or_port
||
5464 !tor_addr_eq(&r1
->ipv6_addr
, &r2
->ipv6_addr
) ||
5465 r1
->ipv6_orport
!= r2
->ipv6_orport
||
5466 r1
->dir_port
!= r2
->dir_port
||
5467 r1
->purpose
!= r2
->purpose
||
5468 !crypto_pk_eq_keys(r1
->onion_pkey
, r2
->onion_pkey
) ||
5469 !crypto_pk_eq_keys(r1
->identity_pkey
, r2
->identity_pkey
) ||
5470 strcasecmp(r1
->platform
, r2
->platform
) ||
5471 (r1
->contact_info
&& !r2
->contact_info
) || /* contact_info is optional */
5472 (!r1
->contact_info
&& r2
->contact_info
) ||
5473 (r1
->contact_info
&& r2
->contact_info
&&
5474 strcasecmp(r1
->contact_info
, r2
->contact_info
)) ||
5475 r1
->is_hibernating
!= r2
->is_hibernating
||
5476 ! addr_policies_eq(r1
->exit_policy
, r2
->exit_policy
) ||
5477 (r1
->supports_tunnelled_dir_requests
!=
5478 r2
->supports_tunnelled_dir_requests
))
5480 if ((r1
->declared_family
== NULL
) != (r2
->declared_family
== NULL
))
5482 if (r1
->declared_family
&& r2
->declared_family
) {
5484 if (smartlist_len(r1
->declared_family
)!=smartlist_len(r2
->declared_family
))
5486 n
= smartlist_len(r1
->declared_family
);
5487 for (i
=0; i
< n
; ++i
) {
5488 if (strcasecmp(smartlist_get(r1
->declared_family
, i
),
5489 smartlist_get(r2
->declared_family
, i
)))
5494 /* Did bandwidth change a lot? */
5495 if ((r1
->bandwidthcapacity
< r2
->bandwidthcapacity
/2) ||
5496 (r2
->bandwidthcapacity
< r1
->bandwidthcapacity
/2))
5499 /* Did the bandwidthrate or bandwidthburst change? */
5500 if ((r1
->bandwidthrate
!= r2
->bandwidthrate
) ||
5501 (r1
->bandwidthburst
!= r2
->bandwidthburst
))
5504 /* Did more than 12 hours pass? */
5505 if (r1
->cache_info
.published_on
+ ROUTER_MAX_COSMETIC_TIME_DIFFERENCE
5506 < r2
->cache_info
.published_on
)
5509 /* Did uptime fail to increase by approximately the amount we would think,
5510 * give or take some slop? */
5511 r1pub
= r1
->cache_info
.published_on
;
5512 r2pub
= r2
->cache_info
.published_on
;
5513 time_difference
= labs(r2
->uptime
- (r1
->uptime
+ (r2pub
- r1pub
)));
5514 if (time_difference
> ROUTER_ALLOW_UPTIME_DRIFT
&&
5515 time_difference
> r1
->uptime
* .05 &&
5516 time_difference
> r2
->uptime
* .05)
5519 /* Otherwise, the difference is cosmetic. */
5523 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5524 * extrainfo document <b>ei</b>.
5526 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5527 * for the router. We use it to check the signature of the extrainfo document,
5528 * if it has not already been checked.
5530 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5531 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5532 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5533 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5534 * incompatibility (if any).
5536 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5537 * but the extrainfo was nonetheless incompatible.
5540 routerinfo_incompatible_with_extrainfo(const crypto_pk_t
*identity_pkey
,
5542 signed_descriptor_t
*sd
,
5545 int digest_matches
, digest256_matches
, r
=1;
5546 tor_assert(identity_pkey
);
5551 if (msg
) *msg
= "Extrainfo signature was bad, or signed with wrong key.";
5555 digest_matches
= tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5556 sd
->extra_info_digest
, DIGEST_LEN
);
5557 /* Set digest256_matches to 1 if the digest is correct, or if no
5558 * digest256 was in the ri. */
5559 digest256_matches
= tor_memeq(ei
->digest256
,
5560 sd
->extra_info_digest256
, DIGEST256_LEN
);
5561 digest256_matches
|=
5562 tor_mem_is_zero(sd
->extra_info_digest256
, DIGEST256_LEN
);
5564 /* The identity must match exactly to have been generated at the same time
5565 * by the same router. */
5566 if (tor_memneq(sd
->identity_digest
,
5567 ei
->cache_info
.identity_digest
,
5569 if (msg
) *msg
= "Extrainfo nickname or identity did not match routerinfo";
5570 goto err
; /* different servers */
5573 if (! tor_cert_opt_eq(sd
->signing_key_cert
,
5574 ei
->cache_info
.signing_key_cert
)) {
5575 if (msg
) *msg
= "Extrainfo signing key cert didn't match routerinfo";
5576 goto err
; /* different servers */
5579 if (ei
->pending_sig
) {
5580 char signed_digest
[128];
5581 if (crypto_pk_public_checksig(identity_pkey
,
5582 signed_digest
, sizeof(signed_digest
),
5583 ei
->pending_sig
, ei
->pending_sig_len
) != DIGEST_LEN
||
5584 tor_memneq(signed_digest
, ei
->cache_info
.signed_descriptor_digest
,
5587 tor_free(ei
->pending_sig
);
5588 if (msg
) *msg
= "Extrainfo signature bad, or signed with wrong key";
5589 goto err
; /* Bad signature, or no match. */
5592 ei
->cache_info
.send_unencrypted
= sd
->send_unencrypted
;
5593 tor_free(ei
->pending_sig
);
5596 if (ei
->cache_info
.published_on
< sd
->published_on
) {
5597 if (msg
) *msg
= "Extrainfo published time did not match routerdesc";
5599 } else if (ei
->cache_info
.published_on
> sd
->published_on
) {
5600 if (msg
) *msg
= "Extrainfo published time did not match routerdesc";
5605 if (!digest256_matches
&& !digest_matches
) {
5606 if (msg
) *msg
= "Neither digest256 or digest matched "
5607 "digest from routerdesc";
5611 if (!digest256_matches
) {
5612 if (msg
) *msg
= "Extrainfo digest did not match digest256 from routerdesc";
5613 goto err
; /* Digest doesn't match declared value. */
5616 if (!digest_matches
) {
5617 if (msg
) *msg
= "Extrainfo digest did not match value from routerdesc";
5618 goto err
; /* Digest doesn't match declared value. */
5623 if (digest_matches
) {
5624 /* This signature was okay, and the digest was right: This is indeed the
5625 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5626 * that lists it. Don't try to fetch this one again. */
5627 sd
->extrainfo_is_bogus
= 1;
5633 /* Does ri have a valid ntor onion key?
5634 * Valid ntor onion keys exist and have at least one non-zero byte. */
5636 routerinfo_has_curve25519_onion_key(const routerinfo_t
*ri
)
5642 if (!ri
->onion_curve25519_pkey
) {
5646 if (tor_mem_is_zero((const char*)ri
->onion_curve25519_pkey
->public_key
,
5647 CURVE25519_PUBKEY_LEN
)) {
5654 /* Is rs running a tor version known to support EXTEND2 cells?
5655 * If allow_unknown_versions is true, return true if we can't tell
5656 * (from a versions line or a protocols line) whether it supports extend2
5658 * Otherwise, return false if the version is unknown. */
5660 routerstatus_version_supports_extend2_cells(const routerstatus_t
*rs
,
5661 int allow_unknown_versions
)
5664 return allow_unknown_versions
;
5667 if (!rs
->pv
.protocols_known
) {
5668 return allow_unknown_versions
;
5671 return rs
->pv
.supports_extend2_cells
;
5674 /** Assert that the internal representation of <b>rl</b> is
5675 * self-consistent. */
5677 routerlist_assert_ok(const routerlist_t
*rl
)
5680 signed_descriptor_t
*sd2
;
5683 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, r
) {
5684 r2
= rimap_get(rl
->identity_map
, r
->cache_info
.identity_digest
);
5685 tor_assert(r
== r2
);
5686 sd2
= sdmap_get(rl
->desc_digest_map
,
5687 r
->cache_info
.signed_descriptor_digest
);
5688 tor_assert(&(r
->cache_info
) == sd2
);
5689 tor_assert(r
->cache_info
.routerlist_index
== r_sl_idx
);
5692 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5693 * commenting this out is just a band-aid.
5695 * The problem is that, although well-behaved router descriptors
5696 * should never have the same value for their extra_info_digest, it's
5697 * possible for ill-behaved routers to claim whatever they like there.
5699 * The real answer is to trash desc_by_eid_map and instead have
5700 * something that indicates for a given extra-info digest we want,
5701 * what its download status is. We'll do that as a part of routerlist
5702 * refactoring once consensus directories are in. For now,
5703 * this rep violation is probably harmless: an adversary can make us
5704 * reset our retry count for an extrainfo, but that's not the end
5705 * of the world. Changing the representation in 0.2.0.x would just
5706 * destabilize the codebase.
5707 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5708 signed_descriptor_t *sd3 =
5709 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5710 tor_assert(sd3 == &(r->cache_info));
5713 } SMARTLIST_FOREACH_END(r
);
5714 SMARTLIST_FOREACH_BEGIN(rl
->old_routers
, signed_descriptor_t
*, sd
) {
5715 r2
= rimap_get(rl
->identity_map
, sd
->identity_digest
);
5716 tor_assert(!r2
|| sd
!= &(r2
->cache_info
));
5717 sd2
= sdmap_get(rl
->desc_digest_map
, sd
->signed_descriptor_digest
);
5718 tor_assert(sd
== sd2
);
5719 tor_assert(sd
->routerlist_index
== sd_sl_idx
);
5721 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5722 signed_descriptor_t *sd3 =
5723 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5724 tor_assert(sd3 == sd);
5727 } SMARTLIST_FOREACH_END(sd
);
5729 RIMAP_FOREACH(rl
->identity_map
, d
, r
) {
5730 tor_assert(tor_memeq(r
->cache_info
.identity_digest
, d
, DIGEST_LEN
));
5731 } DIGESTMAP_FOREACH_END
;
5732 SDMAP_FOREACH(rl
->desc_digest_map
, d
, sd
) {
5733 tor_assert(tor_memeq(sd
->signed_descriptor_digest
, d
, DIGEST_LEN
));
5734 } DIGESTMAP_FOREACH_END
;
5735 SDMAP_FOREACH(rl
->desc_by_eid_map
, d
, sd
) {
5736 tor_assert(!tor_digest_is_zero(d
));
5738 tor_assert(tor_memeq(sd
->extra_info_digest
, d
, DIGEST_LEN
));
5739 } DIGESTMAP_FOREACH_END
;
5740 EIMAP_FOREACH(rl
->extra_info_map
, d
, ei
) {
5741 signed_descriptor_t
*sd
;
5742 tor_assert(tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5744 sd
= sdmap_get(rl
->desc_by_eid_map
,
5745 ei
->cache_info
.signed_descriptor_digest
);
5746 // tor_assert(sd); // XXXX see above
5748 tor_assert(tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5749 sd
->extra_info_digest
, DIGEST_LEN
));
5751 } DIGESTMAP_FOREACH_END
;
5754 /** Allocate and return a new string representing the contact info
5755 * and platform string for <b>router</b>,
5756 * surrounded by quotes and using standard C escapes.
5758 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5759 * thread. Also, each call invalidates the last-returned value, so don't
5760 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5762 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5765 esc_router_info(const routerinfo_t
*router
)
5767 static char *info
=NULL
;
5768 char *esc_contact
, *esc_platform
;
5772 return NULL
; /* we're exiting; just free the memory we use */
5774 esc_contact
= esc_for_log(router
->contact_info
);
5775 esc_platform
= esc_for_log(router
->platform
);
5777 tor_asprintf(&info
, "Contact %s, Platform %s", esc_contact
, esc_platform
);
5778 tor_free(esc_contact
);
5779 tor_free(esc_platform
);
5784 /** Helper for sorting: compare two routerinfos by their identity
5787 compare_routerinfo_by_id_digest_(const void **a
, const void **b
)
5789 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
5790 return fast_memcmp(first
->cache_info
.identity_digest
,
5791 second
->cache_info
.identity_digest
,
5795 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5797 routers_sort_by_identity(smartlist_t
*routers
)
5799 smartlist_sort(routers
, compare_routerinfo_by_id_digest_
);
5802 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5803 * recompute all country info in all configuration node sets and in the
5806 refresh_all_country_info(void)
5808 const or_options_t
*options
= get_options();
5810 if (options
->EntryNodes
)
5811 routerset_refresh_countries(options
->EntryNodes
);
5812 if (options
->ExitNodes
)
5813 routerset_refresh_countries(options
->ExitNodes
);
5814 if (options
->ExcludeNodes
)
5815 routerset_refresh_countries(options
->ExcludeNodes
);
5816 if (options
->ExcludeExitNodes
)
5817 routerset_refresh_countries(options
->ExcludeExitNodes
);
5818 if (options
->ExcludeExitNodesUnion_
)
5819 routerset_refresh_countries(options
->ExcludeExitNodesUnion_
);
5821 nodelist_refresh_countries();