| blob | e31abb247f9b8de97442536a9da87e593454accb |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file node_select.c
9 * \brief Code to choose nodes randomly based on restrictions and
10 * weighted probabilities.
11 **/
13 #define NODE_SELECT_PRIVATE
43 bandwidth_weight_rule_t rule,
53 /** Try to find a running dirserver that supports operations of <b>type</b>.
54 *
55 * If there are no running dirservers in our routerlist and the
56 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
57 * (including authorities) as running again, and pick one.
58 *
59 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
60 * dirservers that we can't reach.
61 *
62 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
63 * (if we're a dirserver).
64 *
65 * Don't pick a fallback directory mirror if any non-fallback is viable;
66 * (the fallback directory mirrors include the authorities)
67 * try to avoid using servers that have returned 503 recently.
68 */
71 {
80 /* If the reason that we got no server is that servers are "busy",
81 * we must be excluding good servers because we already have serverdesc
82 * fetches with them. Do not mark down servers up because of this. */
84 PDS_NO_EXISTING_MICRODESC_FETCH)));
86 }
89 "No reachable router entries for dirservers. "
91 /* mark all fallback directory mirrors as up again */
93 /* try again */
96 }
98 /** Try to find a running fallback directory. Flags are as for
99 * router_pick_directory_server.
100 */
104 {
109 /* If there's only one choice, then we should disable the logic that
110 * would otherwise prevent us from choosing ourself. */
112 }
118 /* If the reason that we got no server is that servers are "busy",
119 * we must be excluding good servers because we already have serverdesc
120 * fetches with them. Do not mark down servers up because of this. */
122 PDS_NO_EXISTING_MICRODESC_FETCH)));
124 }
130 }
132 /* Common retry code for router_pick_directory_server_impl and
133 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
134 * Must be called before RETRY_WITHOUT_EXCLUDE().
135 *
136 * If we got no result, and we are applying IP preferences, and we are a
137 * client that could use an alternate IP version, try again with the
138 * opposite preferences. */
139 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
140 STMT_BEGIN \
141 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
142 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
143 && !n_busy) { \
144 n_excluded = 0; \
145 n_busy = 0; \
146 try_ip_pref = 0; \
147 goto retry_label; \
148 } \
149 STMT_END \
151 /* Common retry code for router_pick_directory_server_impl and
152 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
153 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
154 *
155 * If we got no result, and we are excluding nodes, and StrictNodes is
156 * not set, try again without excluding nodes. */
157 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
158 STMT_BEGIN \
159 if (result == NULL && try_excluding && !options->StrictNodes \
160 && n_excluded && !n_busy) { \
161 try_excluding = 0; \
162 n_excluded = 0; \
163 n_busy = 0; \
164 try_ip_pref = 1; \
165 goto retry_label; \
166 } \
167 STMT_END
169 /* Common code used in the loop within router_pick_directory_server_impl and
170 * router_pick_trusteddirserver_impl.
171 *
172 * Check if the given <b>identity</b> supports extrainfo. If not, skip further
173 * checks.
174 */
175 #define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \
176 STMT_BEGIN \
177 int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \
178 (identity), EXTRAINFO_DIRINFO); \
179 if (((type) & EXTRAINFO_DIRINFO) && \
180 !router_supports_extrainfo((identity), is_trusted_extrainfo)) \
181 continue; \
182 STMT_END
184 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
185 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
186 #endif
188 /* Log a message if rs is not found or not a preferred address */
189 static void
191 {
196 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
197 /* Don't log early in the bootstrap process, it's normal to pick from a
198 * small pool of nodes. Of course, this won't help if we're trying to
199 * diagnose bootstrap issues. */
203 }
206 /* We couldn't find a node, or the one we have doesn't fit our preferences.
207 * Sometimes this is normal, sometimes it can be a reachability issue. */
209 /* This happens a lot, so it's at debug level */
211 "we couldn't find a directory that fit our criteria. "
215 ) {
216 /* This is rare, and might be interesting to users trying to diagnose
217 * connection issues on dual-stack machines. */
219 "addresses for launching an outgoing connection: "
225 }
226 }
228 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
230 /* Check if we already have a directory fetch from ap, for serverdesc
231 * (including extrainfo) or microdesc documents.
232 * If so, return 1, if not, return 0.
233 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
234 */
235 STATIC int
238 {
241 }
243 /* XX/teor - we're not checking tunnel connections here, see #17848
244 */
251 }
257 }
260 }
262 /* Check if we already have a directory fetch from the ipv4 or ipv6
263 * router, for serverdesc (including extrainfo) or microdesc documents.
264 * If so, return 1, if not, return 0.
265 */
266 static int
272 {
275 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
283 }
285 /** Pick a random running valid directory server/mirror from our
286 * routerlist. Arguments are as for router_pick_directory_server(), except:
287 *
288 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
289 * directories that we excluded for no other reason than
290 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
291 */
295 {
313 retry_search:
326 /* Find all the running dirservers we know about. */
344 country)) {
347 }
352 no_serverdesc_fetching,
353 no_microdesc_fetching)) {
356 }
361 /* Clients use IPv6 addresses if the server has one and the client
362 * prefers IPv6.
363 * Add the router if its preferred address and port are reachable.
364 * If we don't get any routers, we'll try again with the non-preferred
365 * address for each router (if any). (To ensure correct load-balancing
366 * we try routers that only have one address both times.)
367 */
370 try_ip_pref))
375 try_ip_pref)))
384 WEIGHT_FOR_DIR);
386 /* FFFF We don't distinguish between trusteds and overloaded trusteds
387 * yet. Maybe one day we should. */
388 /* FFFF We also don't load balance over authorities yet. I think this
389 * is a feature, but it could easily be a bug. -RD */
395 WEIGHT_FOR_DIR);
398 }
416 }
418 /** Given an array of double/uint64_t unions that are currently being used as
419 * doubles, convert them to uint64_t, and try to scale them linearly so as to
420 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
421 * the sum of all elements in the array _before_ scaling. */
422 STATIC void
426 {
437 }
444 }
446 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
447 * choosing each element with a probability proportional to its (uint64_t)
448 * value, and return the index of that element. If all elements are 0, choose
449 * an index at random. Return -1 on error.
450 */
451 STATIC int
453 {
473 }
475 /** Return bw*1000, unless bw*1000 would overflow, in which case return
476 * INT32_MAX. */
479 {
481 }
483 /** Helper function:
484 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
485 * the advertised bandwidth of each element using the consensus
486 * bandwidth weights.
487 *
488 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
489 * nodes' bandwidth equally regardless of their Exit status, since there may
490 * be some in the list because they exit to obscure ports. If
491 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
492 * exit-node's bandwidth less depending on the smallness of the fraction of
493 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
494 * guard node: consider all guard's bandwidth equally. Otherwise, weight
495 * guards proportionally less.
496 */
499 bandwidth_weight_rule_t rule)
500 {
511 {
517 }
518 }
520 /** When weighting bridges, enforce these values as lower and upper
521 * bound for believable bandwidth, because there is no way for us
522 * to verify a bridge's bandwidth currently. */
526 /** Return the smaller of the router's configured BandwidthRate
527 * and its advertised capacity, making sure to stay within the
528 * interval between bridge-min-believe-bw and
529 * bridge-max-believe-bw. */
530 static uint32_t
532 {
541 }
543 /** Given a list of routers and a weighting rule as in
544 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
545 * values for each node and store them in a freshly allocated
546 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
547 * as doubles. If <b>total_bandwidth_out</b> is non-NULL, set it to the total
548 * of all the bandwidths.
549 * Return 0 on success, -1 on failure. */
550 static int
552 bandwidth_weight_rule_t rule,
555 {
559 guardfraction_bandwidth_t guardfraction_bw;
566 /* Can't choose exit and guard at same time */
577 }
581 "Empty routerlist passed in to consensus weight node "
585 }
610 // Guards CAN be exits if they have weird exit policies
611 // They are d then I guess...
631 }
636 "Got negative bandwidth weights. Defaulting to naive selection"
640 }
654 // Cycle through smartlist and total the bandwidth.
666 /* This should never happen, unless all the authorities downgrade
667 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
670 "Consensus is missing some bandwidths. Using a naive "
673 }
677 }
679 /* bridge or other descriptor not in our consensus */
682 /* We can't use this one. */
684 }
696 }
697 /* These should be impossible; but overflows here would be bad, so let's
698 * make sure. */
706 /* If guardfraction information is available in the consensus, we
707 * want to calculate this router's bandwidth according to its
708 * guardfraction. Quoting from proposal236:
709 *
710 * Let Wpf denote the weight from the 'bandwidth-weights' line a
711 * client would apply to N for position p if it had the guard
712 * flag, Wpn the weight if it did not have the guard flag, and B the
713 * measured bandwidth of N in the consensus. Then instead of choosing
714 * N for position p proportionally to Wpf*B or Wpn*B, clients should
715 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
716 */
718 /* XXX The assert should actually check for is_guard. However,
719 * that crashes dirauths because of #13297. This should be
720 * equivalent: */
724 this_bw,
727 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
728 final_weight =
737 }
744 "on weights "
753 }
756 }
758 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
759 * by their weighted bandwidths with rule <b>rule</b>, for which we have
760 * descriptors.
761 *
762 * If <b>for_direct_connect</b> is true, we intend to connect to the node
763 * directly, as the first hop of a circuit; otherwise, we intend to connect
764 * to it indirectly, or use it as if we were connecting to it indirectly. */
765 double
767 bandwidth_weight_rule_t rule,
769 {
781 n_with_descs++;
782 });
785 }
796 }
798 /** Choose a random element of status list <b>sl</b>, weighted by
799 * the advertised bandwidth of each node */
802 bandwidth_weight_rule_t rule)
805 }
807 /** Given a <b>router</b>, add every node_t in its family (including the
808 * node itself!) to <b>sl</b>.
809 *
810 * Note the type mismatch: This function takes a routerinfo, but adds nodes
811 * to the smartlist!
812 */
813 static void
815 {
816 /* XXXX MOVE ? */
817 node_t fake_node;
824 }
826 }
828 /** Return a random running node from the nodelist. Never
829 * pick a node that is in
830 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
831 * even if they are the only nodes available.
832 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
833 * a minimum uptime, return one of those.
834 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
835 * advertised capacity of each router.
836 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
837 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
838 * picking an exit node, otherwise we weight bandwidths for picking a relay
839 * node (that is, possibly discounting exit nodes).
840 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
841 * have a routerinfo or microdescriptor -- that is, enough info to be
842 * used to build a circuit.
843 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
844 * have an address that is preferred by the ClientPreferIPv6ORPort setting
845 * (regardless of this flag, we exclude nodes that aren't allowed by the
846 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
847 */
851 router_crn_flags_t flags)
866 bandwidth_weight_rule_t rule;
874 /* Exclude relays that allow single hop exit circuits. This is an
875 * obsolete option since 0.2.9.2-alpha and done by default in
876 * 0.3.1.0-alpha. */
880 /* Exclude relays that do not support to rendezvous for a hidden service
881 * version 3. */
883 }
886 /* If the node_t is not found we won't be to exclude ourself but we
887 * won't be able to pick ourself in router_choose_random_node() so
888 * this is fine to at least try with our routerinfo_t object. */
894 direct_conn);
911 }
917 }
919 // Always weight by bandwidth
924 /* try once more -- recurse but with fewer restrictions. */
926 "We couldn't find any live%s%s%s routers; falling back "
932 CRN_PREF_ADDR);
935 }
940 }
942 }
944 /** Try to find a running directory authority. Flags are as for
945 * router_pick_directory_server.
946 */
949 {
953 }
955 /** Try to find a running fallback directory. Flags are as for
956 * router_pick_directory_server.
957 */
960 {
964 }
966 /** Pick a random element from a list of dir_server_t, weighting by their
967 * <b>weight</b> field. */
970 {
984 }
991 }
993 /** Choose randomly from among the dir_server_ts in sourcelist that
994 * are up. Flags are as for router_pick_directory_server_impl().
995 */
1000 {
1022 retry_search:
1034 {
1050 }
1055 no_serverdesc_fetching,
1056 no_microdesc_fetching)) {
1059 }
1061 /* Clients use IPv6 addresses if the server has one and the client
1062 * prefers IPv6.
1063 * Add the router if its preferred address and port are reachable.
1064 * If we don't get any routers, we'll try again with the non-preferred
1065 * address for each router (if any). (To ensure correct load-balancing
1066 * we try routers that only have one address both times.)
1067 */
1070 try_ip_pref))
1074 try_ip_pref)))
1076 }
1087 }
1089 {
1095 }
1111 }