search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r14422@tombo: nickm | 2008-02-24 17:09:56 -0500
[tor.git] / src / or / dirserv.c
blob81181f7741ca900bf13d8f269353f71bfcb182bc
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2008, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
6 const char dirserv_c_id[] =
7 "$Id$";
8
9 #define DIRSERV_PRIVATE
10 #include "or.h"
11
12 /**
13 * \file dirserv.c
14 * \brief Directory server core implementation. Manages directory
15 * contents and generates directories.
16 */
17
18 /** How far in the future do we allow a router to get? (seconds) */
19 #define ROUTER_ALLOW_SKEW (60*60*12)
20 /** How many seconds do we wait before regenerating the directory? */
21 #define DIR_REGEN_SLACK_TIME 30
22 /** If we're a cache, keep this many networkstatuses around from non-trusted
23 * directory authorities. */
24 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
25
26 /** If a v1 directory is older than this, discard it. */
27 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
28 /** If a v1 running-routers is older than this, discard it. */
29 #define MAX_V1_RR_AGE (7*24*60*60)
30
31 extern time_t time_of_process_start; /* from main.c */
32
33 /** Do we need to regenerate the directory when someone asks for it? */
34 static time_t the_directory_is_dirty = 1;
35 static time_t runningrouters_is_dirty = 1;
36 static time_t the_v2_networkstatus_is_dirty = 1;
37
38 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
39 * only.) */
40 static cached_dir_t *the_directory = NULL;
41
42 /** For authoritative directories: the current (v1) network status. */
43 static cached_dir_t the_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
44
45 static void directory_remove_invalid(void);
46 static cached_dir_t *dirserv_regenerate_directory(void);
47 static char *format_versions_list(config_line_t *ln);
48 struct authdir_config_t;
49 static int add_fingerprint_to_dir(const char *nickname, const char *fp,
50 struct authdir_config_t *list);
51 static uint32_t dirserv_router_get_status(const routerinfo_t *router,
52 const char **msg);
53 static uint32_t
54 dirserv_get_status_impl(const char *fp, const char *nickname,
55 const char *address,
56 uint32_t addr, uint16_t or_port,
57 const char *platform, const char *contact,
58 const char **msg, int should_log);
59 static void clear_cached_dir(cached_dir_t *d);
60 static signed_descriptor_t *get_signed_descriptor_by_fp(const char *fp,
61 int extrainfo,
62 time_t publish_cutoff);
63 static int dirserv_add_extrainfo(extrainfo_t *ei, const char **msg);
64
65 /************** Fingerprint handling code ************/
66
67 #define FP_NAMED 1 /**< Listed in fingerprint file. */
68 #define FP_INVALID 2 /**< Believed invalid. */
69 #define FP_REJECT 4 /**< We will not publish this router. */
70 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
71 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
72 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
73
74 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
75 * map. */
76 typedef struct router_status_t {
77 char nickname[MAX_NICKNAME_LEN+1];
78 uint32_t status;
79 } router_status_t;
80
81 /** List of nickname-\>identity fingerprint mappings for all the routers
82 * that we name. Used to prevent router impersonation. */
83 typedef struct authdir_config_t {
84 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
85 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
86 } authdir_config_t;
87
88 /** Should be static; exposed for testing. */
89 static authdir_config_t *fingerprint_list = NULL;
90
91 /** Allocate and return a new, empty, authdir_config_t. */
92 static authdir_config_t *
93 authdir_config_new(void)
94 {
95 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
96 list->fp_by_name = strmap_new();
97 list->status_by_digest = digestmap_new();
98 return list;
99 }
100
101 /** Add the fingerprint <b>fp</b> for the nickname <b>nickname</b> to
102 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
103 * new, or 1 if we replaced the old value.
104 */
105 /* static */ int
106 add_fingerprint_to_dir(const char *nickname, const char *fp,
107 authdir_config_t *list)
108 {
109 char *fingerprint;
110 char d[DIGEST_LEN];
111 router_status_t *status;
112 tor_assert(nickname);
113 tor_assert(fp);
114 tor_assert(list);
115
116 fingerprint = tor_strdup(fp);
117 tor_strstrip(fingerprint, " ");
118 if (base16_decode(d, DIGEST_LEN, fingerprint, strlen(fingerprint))) {
119 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
120 escaped(fp));
121 tor_free(fingerprint);
122 return 0;
123 }
124
125 if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
126 log_warn(LD_DIRSERV, "Tried to add a mapping for reserved nickname %s",
127 UNNAMED_ROUTER_NICKNAME);
128 tor_free(fingerprint);
129 return 0;
130 }
131
132 status = digestmap_get(list->status_by_digest, d);
133 if (!status) {
134 status = tor_malloc_zero(sizeof(router_status_t));
135 digestmap_set(list->status_by_digest, d, status);
136 }
137
138 if (nickname[0] != '!') {
139 char *old_fp = strmap_get_lc(list->fp_by_name, nickname);
140 if (old_fp && !strcasecmp(fingerprint, old_fp)) {
141 tor_free(fingerprint);
142 } else {
143 tor_free(old_fp);
144 strmap_set_lc(list->fp_by_name, nickname, fingerprint);
145 }
146 status->status |= FP_NAMED;
147 strlcpy(status->nickname, nickname, sizeof(status->nickname));
148 } else {
149 tor_free(fingerprint);
150 if (!strcasecmp(nickname, "!reject")) {
151 status->status |= FP_REJECT;
152 } else if (!strcasecmp(nickname, "!invalid")) {
153 status->status |= FP_INVALID;
154 } else if (!strcasecmp(nickname, "!baddir")) {
155 status->status |= FP_BADDIR;
156 } else if (!strcasecmp(nickname, "!badexit")) {
157 status->status |= FP_BADEXIT;
158 }
159 }
160 return 0;
161 }
162
163 /** Add the nickname and fingerprint for this OR to the
164 * global list of recognized identity key fingerprints. */
165 int
166 dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk)
167 {
168 char fp[FINGERPRINT_LEN+1];
169 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
170 log_err(LD_BUG, "Error computing fingerprint");
171 return -1;
172 }
173 if (!fingerprint_list)
174 fingerprint_list = authdir_config_new();
175 add_fingerprint_to_dir(nickname, fp, fingerprint_list);
176 return 0;
177 }
178
179 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
180 * file. The file format is line-based, with each non-blank holding one
181 * nickname, some space, and a fingerprint for that nickname. On success,
182 * replace the current fingerprint list with the new list and return 0. On
183 * failure, leave the current fingerprint list untouched, and
184 * return -1. */
185 int
186 dirserv_load_fingerprint_file(void)
187 {
188 char *fname;
189 char *cf;
190 char *nickname, *fingerprint;
191 authdir_config_t *fingerprint_list_new;
192 int result;
193 config_line_t *front=NULL, *list;
194 or_options_t *options = get_options();
195
196 fname = get_datadir_fname("approved-routers");
197 log_info(LD_GENERAL,
198 "Reloading approved fingerprints from \"%s\"...", fname);
199
200 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
201 if (!cf) {
202 if (options->NamingAuthoritativeDir) {
203 log_warn(LD_FS, "Cannot open fingerprint file '%s'. Failing.", fname);
204 tor_free(fname);
205 return -1;
206 } else {
207 log_info(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
208 tor_free(fname);
209 return 0;
210 }
211 }
212 tor_free(fname);
213
214 result = config_get_lines(cf, &front);
215 tor_free(cf);
216 if (result < 0) {
217 log_warn(LD_CONFIG, "Error reading from fingerprint file");
218 return -1;
219 }
220
221 fingerprint_list_new = authdir_config_new();
222
223 for (list=front; list; list=list->next) {
224 nickname = list->key; fingerprint = list->value;
225 if (strlen(nickname) > MAX_NICKNAME_LEN) {
226 log_notice(LD_CONFIG,
227 "Nickname '%s' too long in fingerprint file. Skipping.",
228 nickname);
229 continue;
230 }
231 if (!is_legal_nickname(nickname) &&
232 strcasecmp(nickname, "!reject") &&
233 strcasecmp(nickname, "!invalid") &&
234 strcasecmp(nickname, "!badexit")) {
235 log_notice(LD_CONFIG,
236 "Invalid nickname '%s' in fingerprint file. Skipping.",
237 nickname);
238 continue;
239 }
240 if (strlen(fingerprint) != FINGERPRINT_LEN ||
241 !crypto_pk_check_fingerprint_syntax(fingerprint)) {
242 log_notice(LD_CONFIG,
243 "Invalid fingerprint (nickname '%s', "
244 "fingerprint %s). Skipping.",
245 nickname, fingerprint);
246 continue;
247 }
248 if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
249 /* If you approved an OR called "client", then clients who use
250 * the default nickname could all be rejected. That's no good. */
251 log_notice(LD_CONFIG,
252 "Authorizing nickname '%s' would break "
253 "many clients; skipping.",
254 DEFAULT_CLIENT_NICKNAME);
255 continue;
256 }
257 if (0==strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
258 /* If you approved an OR called "unnamed", then clients will be
259 * confused. */
260 log_notice(LD_CONFIG,
261 "Authorizing nickname '%s' is not allowed; skipping.",
262 UNNAMED_ROUTER_NICKNAME);
263 continue;
264 }
265 if (add_fingerprint_to_dir(nickname, fingerprint, fingerprint_list_new)
266 != 0)
267 log_notice(LD_CONFIG, "Duplicate nickname '%s'.", nickname);
268 }
269
270 config_free_lines(front);
271 dirserv_free_fingerprint_list();
272 fingerprint_list = fingerprint_list_new;
273 /* Delete any routers whose fingerprints we no longer recognize */
274 directory_remove_invalid();
275 return 0;
276 }
277
278 /** Check whether <b>router</b> has a nickname/identity key combination that
279 * we recognize from the fingerprint list, or an IP we automatically act on
280 * according to our configuration. Return the appropriate router status.
281 *
282 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
283 * *<b>msg</b> to an explanation of why. */
284 static uint32_t
285 dirserv_router_get_status(const routerinfo_t *router, const char **msg)
286 {
287 char d[DIGEST_LEN];
288
289 if (crypto_pk_get_digest(router->identity_pkey, d)) {
290 log_warn(LD_BUG,"Error computing fingerprint");
291 if (msg)
292 *msg = "Bug: Error computing fingerprint";
293 return FP_REJECT;
294 }
295
296 return dirserv_get_status_impl(d, router->nickname,
297 router->address,
298 router->addr, router->or_port,
299 router->platform, router->contact_info,
300 msg, 1);
301 }
302
303 /** Return true if there is no point in downloading the router described by
304 * <b>rs</b> because this directory would reject it. */
305 int
306 dirserv_would_reject_router(routerstatus_t *rs)
307 {
308 uint32_t res;
309
310 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
311 "", /* address is only used in logs */
312 rs->addr, rs->or_port,
313 NULL, NULL,
314 NULL, 0);
315
316 return (res & FP_REJECT) != 0;
317 }
318
319 /** Helper: Based only on the ID/Nickname combination,
320 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
321 */
322 static uint32_t
323 dirserv_get_name_status(const char *id_digest, const char *nickname)
324 {
325 char fp[HEX_DIGEST_LEN+1];
326 char *fp_by_name;
327
328 base16_encode(fp, sizeof(fp), id_digest, DIGEST_LEN);
329
330 if ((fp_by_name =
331 strmap_get_lc(fingerprint_list->fp_by_name, nickname))) {
332 if (!strcasecmp(fp, fp_by_name)) {
333 return FP_NAMED;
334 } else {
335 return FP_UNNAMED; /* Wrong fingerprint. */
336 }
337 }
338 return 0;
339 }
340
341 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
342 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
343 * port, platform (logging only) and contact info (logging only) as arguments.
344 *
345 * If should_log is false, do not log messages. (There's not much point in
346 * logging that we're rejecting servers we'll not download.)
347 */
348 static uint32_t
349 dirserv_get_status_impl(const char *id_digest, const char *nickname,
350 const char *address,
351 uint32_t addr, uint16_t or_port,
352 const char *platform, const char *contact,
353 const char **msg, int should_log)
354 {
355 int reject_unlisted = get_options()->AuthDirRejectUnlisted;
356 uint32_t result = 0;
357 router_status_t *status_by_digest;
358
359 if (!fingerprint_list)
360 fingerprint_list = authdir_config_new();
361
362 if (should_log)
363 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
364 strmap_size(fingerprint_list->fp_by_name),
365 digestmap_size(fingerprint_list->status_by_digest));
366
367 result = dirserv_get_name_status(id_digest, nickname);
368 if (result & FP_NAMED) {
369 if (should_log)
370 log_debug(LD_DIRSERV,"Good fingerprint for '%s'",nickname);
371 }
372 if (result & FP_UNNAMED) {
373 if (should_log) {
374 char *esc_contact = esc_for_log(contact);
375 log_info(LD_DIRSERV,
376 "Mismatched fingerprint for '%s'. "
377 "ContactInfo '%s', platform '%s'.)",
378 nickname,
379 esc_contact,
380 platform ? escaped(platform) : "");
381 tor_free(esc_contact);
382 }
383 if (msg)
384 *msg = "Rejected: There is already a named server with this nickname "
385 "and a different fingerprint.";
386 }
387
388 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
389 id_digest);
390 if (status_by_digest)
391 result |= (status_by_digest->status & ~FP_NAMED);
392
393 if (result & FP_REJECT) {
394 if (msg)
395 *msg = "Fingerprint is marked rejected";
396 return FP_REJECT;
397 } else if (result & FP_INVALID) {
398 if (msg)
399 *msg = "Fingerprint is marked invalid";
400 }
401
402 if (authdir_policy_baddir_address(addr, or_port)) {
403 if (should_log)
404 log_info(LD_DIRSERV,
405 "Marking '%s' as bad directory because of address '%s'",
406 nickname, address);
407 result |= FP_BADDIR;
408 }
409
410 if (authdir_policy_badexit_address(addr, or_port)) {
411 if (should_log)
412 log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
413 nickname, address);
414 result |= FP_BADEXIT;
415 }
416
417 if (!(result & FP_NAMED)) {
418 if (!authdir_policy_permits_address(addr, or_port)) {
419 if (should_log)
420 log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
421 nickname, address);
422 if (msg)
423 *msg = "Authdir is rejecting routers in this range.";
424 return FP_REJECT;
425 }
426 if (!authdir_policy_valid_address(addr, or_port)) {
427 if (should_log)
428 log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
429 nickname, address);
430 result |= FP_INVALID;
431 }
432 if (reject_unlisted) {
433 if (msg)
434 *msg = "Authdir rejects unknown routers.";
435 return FP_REJECT;
436 }
437 /* 0.1.0.2-rc was the first version that did enough self-testing that
438 * we're willing to take its word about whether it's running. */
439 if (platform && !tor_version_as_new_as(platform,"0.1.0.2-rc"))
440 result |= FP_INVALID;
441 }
442
443 return result;
444 }
445
446 /** If we are an authoritative dirserver, and the list of approved
447 * servers contains one whose identity key digest is <b>digest</b>,
448 * return that router's nickname. Otherwise return NULL. */
449 const char *
450 dirserv_get_nickname_by_digest(const char *digest)
451 {
452 router_status_t *status;
453 if (!fingerprint_list)
454 return NULL;
455 tor_assert(digest);
456
457 status = digestmap_get(fingerprint_list->status_by_digest, digest);
458 return status ? status->nickname : NULL;
459 }
460
461 /** Clear the current fingerprint list. */
462 void
463 dirserv_free_fingerprint_list(void)
464 {
465 if (!fingerprint_list)
466 return;
467
468 strmap_free(fingerprint_list->fp_by_name, _tor_free);
469 digestmap_free(fingerprint_list->status_by_digest, _tor_free);
470 tor_free(fingerprint_list);
471 }
472
473 /*
474 * Descriptor list
475 */
476
477 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
478 * unless we're configured to not care. Return 0 if all ok. */
479 static int
480 dirserv_router_has_valid_address(routerinfo_t *ri)
481 {
482 struct in_addr iaddr;
483 if (get_options()->DirAllowPrivateAddresses)
484 return 0; /* whatever it is, we're fine with it */
485 if (!tor_inet_aton(ri->address, &iaddr)) {
486 log_info(LD_DIRSERV,"Router '%s' published non-IP address '%s'. Refusing.",
487 ri->nickname, ri->address);
488 return -1;
489 }
490 if (is_internal_IP(ntohl(iaddr.s_addr), 0)) {
491 log_info(LD_DIRSERV,
492 "Router '%s' published internal IP address '%s'. Refusing.",
493 ri->nickname, ri->address);
494 return -1; /* it's a private IP, we should reject it */
495 }
496 return 0;
497 }
498
499 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
500 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
501 *
502 * If the router is rejected, set *<b>msg</b> to an explanation of why.
503 *
504 * If <b>complain</b> then explain at log-level 'notice' why we refused
505 * a descriptor; else explain at log-level 'info'.
506 */
507 int
508 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
509 int complain)
510 {
511 /* Okay. Now check whether the fingerprint is recognized. */
512 uint32_t status = dirserv_router_get_status(ri, msg);
513 time_t now;
514 int severity = complain ? LOG_NOTICE : LOG_INFO;
515 tor_assert(msg);
516 if (status & FP_REJECT)
517 return -1; /* msg is already set. */
518
519 /* Is there too much clock skew? */
520 now = time(NULL);
521 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
522 log_fn(severity, LD_DIRSERV, "Publication time for nickname '%s' is too "
523 "far (%d minutes) in the future; possible clock skew. Not adding "
524 "(%s)",
525 ri->nickname, (int)((ri->cache_info.published_on-now)/60),
526 esc_router_info(ri));
527 *msg = "Rejected: Your clock is set too far in the future, or your "
528 "timezone is not correct.";
529 return -1;
530 }
531 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
532 log_fn(severity, LD_DIRSERV,
533 "Publication time for router with nickname '%s' is too far "
534 "(%d minutes) in the past. Not adding (%s)",
535 ri->nickname, (int)((now-ri->cache_info.published_on)/60),
536 esc_router_info(ri));
537 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
538 " or your timezone is not correct.";
539 return -1;
540 }
541 if (dirserv_router_has_valid_address(ri) < 0) {
542 log_fn(severity, LD_DIRSERV,
543 "Router with nickname '%s' has invalid address '%s'. "
544 "Not adding (%s).",
545 ri->nickname, ri->address,
546 esc_router_info(ri));
547 *msg = "Rejected: Address is not an IP, or IP is a private address.";
548 return -1;
549 }
550 /* Okay, looks like we're willing to accept this one. */
551 ri->is_named = (status & FP_NAMED) ? 1 : 0;
552 ri->is_valid = (status & FP_INVALID) ? 0 : 1;
553 ri->is_bad_directory = (status & FP_BADDIR) ? 1 : 0;
554 ri->is_bad_exit = (status & FP_BADEXIT) ? 1 : 0;
555
556 return 0;
557 }
558
559 /** As for dirserv_add_descriptor, but accepts multiple documents, and
560 * returns the most severe error that occurred for any one of them. */
561 int
562 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
563 const char *source,
564 const char **msg)
565 {
566 int r=100; /* higher than any actual return value. */
567 int r_tmp;
568 const char *msg_out;
569 smartlist_t *list;
570 const char *s;
571 int n_parsed = 0;
572 time_t now = time(NULL);
573 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
574 char time_buf[ISO_TIME_LEN+1];
575 int general = purpose == ROUTER_PURPOSE_GENERAL;
576 tor_assert(msg);
577
578 format_iso_time(time_buf, now);
579 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
580 "@uploaded-at %s\n"
581 "@source %s\n"
582 "%s%s%s", time_buf, escaped(source),
583 !general ? "@purpose " : "",
584 !general ? router_purpose_to_string(purpose) : "",
585 !general ? "\n" : "")<0) {
586 *msg = "Couldn't format annotations";
587 return -1;
588 }
589
590 s = desc;
591 list = smartlist_create();
592 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
593 annotation_buf)) {
594 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
595 msg_out = NULL;
596 tor_assert(ri->purpose == purpose);
597 r_tmp = dirserv_add_descriptor(ri, &msg_out);
598 if (r_tmp < r) {
599 r = r_tmp;
600 *msg = msg_out;
601 }
602 });
603 }
604 n_parsed += smartlist_len(list);
605 smartlist_clear(list);
606
607 s = desc;
608 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
609 NULL)) {
610 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
611 msg_out = NULL;
612
613 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
614 if (r_tmp < r) {
615 r = r_tmp;
616 *msg = msg_out;
617 }
618 });
619 }
620 n_parsed += smartlist_len(list);
621 smartlist_free(list);
622
623 if (! *msg) {
624 if (!n_parsed) {
625 *msg = "No descriptors found in your POST.";
626 if (r > -1)
627 r = -1;
628 } else {
629 *msg = "(no message)";
630 }
631 }
632
633 return r <= 2 ? r : 2;
634 }
635
636 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
637 * the list of server descriptors. Set *<b>msg</b> to a message that should be
638 * passed back to the origin of this descriptor.
639 *
640 * Return 2 if descriptor is well-formed and accepted;
641 * 1 if well-formed and accepted but origin should hear *msg;
642 * 0 if well-formed but redundant with one we already have;
643 * -1 if it is rejected and origin should hear *msg;
644 *
645 * This function is only called when fresh descriptors are posted, not when
646 * we re-load the cache.
647 */
648 int
649 dirserv_add_descriptor(routerinfo_t *ri, const char **msg)
650 {
651 int r;
652 routerinfo_t *ri_old;
653 char *desc = NULL;
654 size_t desclen = 0;
655
656 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
657 * network and it'll clog everything up. */
658 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
659 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor "
660 "with size %d. Either this is an attack, or the "
661 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
662 (int)ri->cache_info.signed_descriptor_len,
663 MAX_DESCRIPTOR_UPLOAD_SIZE);
664 *msg = "Router descriptor was too large";
665 control_event_or_authdir_new_descriptor("REJECTED",
666 ri->cache_info.signed_descriptor_body,
667 ri->cache_info.signed_descriptor_len, *msg);
668 routerinfo_free(ri);
669 return -1;
670 }
671
672 /* Check whether this descriptor is semantically identical to the last one
673 * from this server. (We do this here and not in router_add_to_routerlist
674 * because we want to be able to accept the newest router descriptor that
675 * another authority has, so we all converge on the same one.) */
676 ri_old = router_get_by_digest(ri->cache_info.identity_digest);
677 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
678 && router_differences_are_cosmetic(ri_old, ri)
679 && !router_is_me(ri)) {
680 log_info(LD_DIRSERV,
681 "Not replacing descriptor from '%s'; differences are cosmetic.",
682 ri->nickname);
683 *msg = "Not replacing router descriptor; no information has changed since "
684 "the last one with this identity.";
685 control_event_or_authdir_new_descriptor("DROPPED",
686 ri->cache_info.signed_descriptor_body,
687 ri->cache_info.signed_descriptor_len, *msg);
688 routerinfo_free(ri);
689 return 0;
690 }
691 if (control_event_is_interesting(EVENT_AUTHDIR_NEWDESCS)) {
692 /* Make a copy of desc, since router_add_to_routerlist might free
693 * ri and its associated signed_descriptor_t. */
694 desclen = ri->cache_info.signed_descriptor_len;
695 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
696 }
697
698 if ((r = router_add_to_routerlist(ri, msg, 0, 0))<0) {
699 if (r < -1 && desc) /* unless the routerinfo was fine, just out-of-date */
700 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
701 tor_free(desc);
702 return r == -1 ? 0 : -1;
703 } else {
704 smartlist_t *changed;
705 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
706
707 changed = smartlist_create();
708 smartlist_add(changed, ri);
709 control_event_descriptors_changed(changed);
710 smartlist_free(changed);
711 if (!*msg) {
712 *msg = ri->is_valid ? "Descriptor for valid server accepted" :
713 "Descriptor for invalid server accepted";
714 }
715 tor_free(desc);
716 return r == 0 ? 2 : 1;
717 }
718 }
719
720 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
721 static int
722 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
723 {
724 routerinfo_t *ri;
725 int r;
726 tor_assert(msg);
727 *msg = NULL;
728
729 ri = router_get_by_digest(ei->cache_info.identity_digest);
730 if (!ri) {
731 *msg = "No corresponding router descriptor for extra-info descriptor";
732 extrainfo_free(ei);
733 return -1;
734 }
735
736 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
737 * network and it'll clog everything up. */
738 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
739 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
740 "with size %d. Either this is an attack, or the "
741 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
742 (int)ei->cache_info.signed_descriptor_len,
743 MAX_EXTRAINFO_UPLOAD_SIZE);
744 *msg = "Extrainfo document was too large";
745 extrainfo_free(ei);
746 return -1;
747 }
748
749 if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) {
750 extrainfo_free(ei);
751 return r < 0 ? 0 : -1;
752 }
753 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
754 return 2;
755 }
756
757 /** Remove all descriptors whose nicknames or fingerprints no longer
758 * are allowed by our fingerprint list. (Descriptors that used to be
759 * good can become bad when we reload the fingerprint list.)
760 */
761 static void
762 directory_remove_invalid(void)
763 {
764 int i;
765 int changed = 0;
766 routerlist_t *rl = router_get_routerlist();
767
768 routerlist_assert_ok(rl);
769
770 for (i = 0; i < smartlist_len(rl->routers); ++i) {
771 const char *msg;
772 routerinfo_t *ent = smartlist_get(rl->routers, i);
773 uint32_t r = dirserv_router_get_status(ent, &msg);
774 if (r & FP_REJECT) {
775 log_info(LD_DIRSERV, "Router '%s' is now rejected: %s",
776 ent->nickname, msg?msg:"");
777 routerlist_remove(rl, ent, 0);
778 i--;
779 changed = 1;
780 continue;
781 }
782 if (bool_neq((r & FP_NAMED), ent->is_named)) {
783 log_info(LD_DIRSERV,
784 "Router '%s' is now %snamed.", ent->nickname,
785 (r&FP_NAMED)?"":"un");
786 ent->is_named = (r&FP_NAMED)?1:0;
787 changed = 1;
788 }
789 if (bool_neq((r & FP_INVALID), !ent->is_valid)) {
790 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", ent->nickname,
791 (r&FP_INVALID) ? "in" : "");
792 ent->is_valid = (r&FP_INVALID)?0:1;
793 changed = 1;
794 }
795 if (bool_neq((r & FP_BADDIR), ent->is_bad_directory)) {
796 log_info(LD_DIRSERV, "Router '%s' is now a %s directory", ent->nickname,
797 (r & FP_BADDIR) ? "bad" : "good");
798 ent->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
799 changed = 1;
800 }
801 if (bool_neq((r & FP_BADEXIT), ent->is_bad_exit)) {
802 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", ent->nickname,
803 (r & FP_BADEXIT) ? "bad" : "good");
804 ent->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
805 changed = 1;
806 }
807 }
808 if (changed)
809 directory_set_dirty();
810
811 routerlist_assert_ok(rl);
812 }
813
814 /** Write a list of unregistered descriptors into a newly allocated
815 * string and return it. Used by dirserv operators to keep track of
816 * fast nodes that haven't registered.
817 */
818 int
819 getinfo_helper_dirserv_unregistered(control_connection_t *control_conn,
820 const char *question, char **answer_out)
821 {
822 smartlist_t *answerlist;
823 char buf[1024];
824 char *answer;
825 int min_bw = atoi(question);
826 routerlist_t *rl = router_get_routerlist();
827
828 (void) control_conn;
829
830 if (strcmpstart(question, "unregistered-servers-"))
831 return 0;
832 question += strlen("unregistered-servers-");
833
834 answerlist = smartlist_create();
835 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ent, {
836 uint32_t r = dirserv_router_get_status(ent, NULL);
837 if (router_get_advertised_bandwidth(ent) >= (size_t)min_bw &&
838 !(r & FP_NAMED)) {
839 /* then log this one */
840 tor_snprintf(buf, sizeof(buf),
841 "%s: BW %d on '%s'.",
842 ent->nickname, router_get_advertised_bandwidth(ent),
843 ent->platform ? ent->platform : "");
844 smartlist_add(answerlist, tor_strdup(buf));
845 }
846 });
847 answer = smartlist_join_strings(answerlist, "\r\n", 0, NULL);
848 SMARTLIST_FOREACH(answerlist, char *, cp, tor_free(cp));
849 smartlist_free(answerlist);
850 *answer_out = answer;
851 return 0;
852 }
853
854 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
855 * directory, we will rebuild it instead of reusing the most recently
856 * generated one.
857 */
858 void
859 directory_set_dirty(void)
860 {
861 time_t now = time(NULL);
862 int set_v1_dirty=0;
863
864 /* Regenerate stubs only every 8 hours.
865 * XXXX021 It would be nice to generate less often. */
866 #define STUB_REGENERATE_INTERVAL (8*60*60)
867 if (!the_directory || !the_runningrouters.dir)
868 set_v1_dirty = 1;
869 else if (the_directory->published < now - STUB_REGENERATE_INTERVAL ||
870 the_runningrouters.published < now - STUB_REGENERATE_INTERVAL)
871 set_v1_dirty = 1;
872
873 if (set_v1_dirty) {
874 if (!the_directory_is_dirty)
875 the_directory_is_dirty = now;
876 if (!runningrouters_is_dirty)
877 runningrouters_is_dirty = now;
878 }
879 if (!the_v2_networkstatus_is_dirty)
880 the_v2_networkstatus_is_dirty = now;
881 }
882
883 /**
884 * Allocate and return a description of the status of the server <b>desc</b>,
885 * for use in a v1-style router-status line. The server is listed
886 * as running iff <b>is_live</b> is true.
887 */
888 static char *
889 list_single_server_status(routerinfo_t *desc, int is_live)
890 {
891 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
892 char *cp;
893
894 tor_assert(desc);
895
896 cp = buf;
897 if (!is_live) {
898 *cp++ = '!';
899 }
900 if (desc->is_valid) {
901 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
902 cp += strlen(cp);
903 *cp++ = '=';
904 }
905 *cp++ = '$';
906 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
907 DIGEST_LEN);
908 return tor_strdup(buf);
909 }
910
911 /** Each server needs to have passed a reachability test no more
912 * than this number of seconds ago, or he is listed as down in
913 * the directory. */
914 #define REACHABLE_TIMEOUT (45*60)
915
916 /** Treat a router as alive if
917 * - It's me, and I'm not hibernating.
918 * or - We've found it reachable recently. */
919 void
920 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
921 {
922 int answer;
923
924 if (router_is_me(router) && !we_are_hibernating())
925 answer = 1;
926 else
927 answer = get_options()->AssumeReachable ||
928 now < router->last_reachable + REACHABLE_TIMEOUT;
929
930 if (router->is_running && !answer) {
931 /* it was running but now it's not. tell rephist. */
932 rep_hist_note_router_unreachable(router->cache_info.identity_digest, now);
933 }
934
935 router->is_running = answer;
936 }
937
938 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
939 * contents of a v1-style router-status line, and store it in
940 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
941 *
942 * If for_controller is true, include the routers with very old descriptors.
943 * If for_controller is &gt;1, use the verbose nickname format.
944 */
945 int
946 list_server_status_v1(smartlist_t *routers, char **router_status_out,
947 int for_controller)
948 {
949 /* List of entries in a router-status style: An optional !, then an optional
950 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
951 smartlist_t *rs_entries;
952 time_t now = time(NULL);
953 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
954 or_options_t *options = get_options();
955 /* We include v2 dir auths here too, because they need to answer
956 * controllers. Eventually we'll deprecate this whole function;
957 * see also networkstatus_getinfo_by_purpose(). */
958 int authdir = authdir_mode_publishes_statuses(options);
959 tor_assert(router_status_out);
960
961 rs_entries = smartlist_create();
962
963 SMARTLIST_FOREACH(routers, routerinfo_t *, ri,
964 {
965 if (authdir) {
966 /* Update router status in routerinfo_t. */
967 dirserv_set_router_is_running(ri, now);
968 }
969 if (for_controller == 1 || ri->cache_info.published_on >= cutoff)
970 smartlist_add(rs_entries, list_single_server_status(ri, ri->is_running));
971 else if (for_controller > 2) {
972 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
973 char *cp = name_buf;
974 if (!ri->is_running)
975 *cp++ = '!';
976 router_get_verbose_nickname(cp, ri);
977 smartlist_add(rs_entries, tor_strdup(name_buf));
978 }
979 });
980
981 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
982
983 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
984 smartlist_free(rs_entries);
985
986 return 0;
987 }
988
989 /** Given a (possibly empty) list of config_line_t, each line of which contains
990 * a list of comma-separated version numbers surrounded by optional space,
991 * allocate and return a new string containing the version numbers, in order,
992 * separated by commas. Used to generate Recommended(Client|Server)?Versions
993 */
994 static char *
995 format_versions_list(config_line_t *ln)
996 {
997 smartlist_t *versions;
998 char *result;
999 versions = smartlist_create();
1000 for ( ; ln; ln = ln->next) {
1001 smartlist_split_string(versions, ln->value, ",",
1002 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1003 }
1004 sort_version_list(versions, 1);
1005 result = smartlist_join_strings(versions,",",0,NULL);
1006 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1007 smartlist_free(versions);
1008 return result;
1009 }
1010
1011 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1012 * not hibernating, and not too old. Else return 0.
1013 */
1014 static int
1015 router_is_active(routerinfo_t *ri, time_t now)
1016 {
1017 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1018 if (ri->cache_info.published_on < cutoff)
1019 return 0;
1020 if (!ri->is_running || !ri->is_valid || ri->is_hibernating)
1021 return 0;
1022 return 1;
1023 }
1024
1025 /** Generate a new v1 directory and write it into a newly allocated string.
1026 * Point *<b>dir_out</b> to the allocated string. Sign the
1027 * directory with <b>private_key</b>. Return 0 on success, -1 on
1028 * failure. If <b>complete</b> is set, give us all the descriptors;
1029 * otherwise leave out non-running and non-valid ones.
1030 */
1031 int
1032 dirserv_dump_directory_to_string(char **dir_out,
1033 crypto_pk_env_t *private_key)
1034 {
1035 char *cp;
1036 char *identity_pkey; /* Identity key, DER64-encoded. */
1037 char *recommended_versions;
1038 char digest[DIGEST_LEN];
1039 char published[ISO_TIME_LEN+1];
1040 char *buf = NULL;
1041 size_t buf_len;
1042 size_t identity_pkey_len;
1043 time_t now = time(NULL);
1044
1045 tor_assert(dir_out);
1046 *dir_out = NULL;
1047
1048 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1049 &identity_pkey_len)<0) {
1050 log_warn(LD_BUG,"write identity_pkey to string failed!");
1051 return -1;
1052 }
1053
1054 recommended_versions =
1055 format_versions_list(get_options()->RecommendedVersions);
1056
1057 format_iso_time(published, now);
1058
1059 buf_len = 2048+strlen(recommended_versions);
1060
1061 buf = tor_malloc(buf_len);
1062 /* We'll be comparing against buf_len throughout the rest of the
1063 function, though strictly speaking we shouldn't be able to exceed
1064 it. This is C, after all, so we may as well check for buffer
1065 overruns.*/
1066
1067 tor_snprintf(buf, buf_len,
1068 "signed-directory\n"
1069 "published %s\n"
1070 "recommended-software %s\n"
1071 "router-status %s\n"
1072 "dir-signing-key\n%s\n",
1073 published, recommended_versions, "",
1074 identity_pkey);
1075
1076 tor_free(recommended_versions);
1077 tor_free(identity_pkey);
1078
1079 cp = buf + strlen(buf);
1080 *cp = '\0';
1081
1082 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1083 signature. */
1084 if (strlcat(buf, "directory-signature ", buf_len) >= buf_len)
1085 goto truncated;
1086 if (strlcat(buf, get_options()->Nickname, buf_len) >= buf_len)
1087 goto truncated;
1088 if (strlcat(buf, "\n", buf_len) >= buf_len)
1089 goto truncated;
1090
1091 if (router_get_dir_hash(buf,digest)) {
1092 log_warn(LD_BUG,"couldn't compute digest");
1093 tor_free(buf);
1094 return -1;
1095 }
1096 note_crypto_pk_op(SIGN_DIR);
1097 if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
1098 tor_free(buf);
1099 return -1;
1100 }
1101
1102 *dir_out = buf;
1103 return 0;
1104 truncated:
1105 log_warn(LD_BUG,"tried to exceed string length.");
1106 tor_free(buf);
1107 return -1;
1108 }
1109
1110 /********************************************************************/
1111
1112 /* A set of functions to answer questions about how we'd like to behave
1113 * as a directory mirror/client. */
1114
1115 /** Return 1 if we fetch our directory material directly from the
1116 * authorities, rather than from a mirror. */
1117 int
1118 directory_fetches_from_authorities(or_options_t *options)
1119 {
1120 routerinfo_t *me;
1121 uint32_t addr;
1122 if (options->FetchDirInfoEarly)
1123 return 1;
1124 if (options->BridgeRelay == 1)
1125 return 0;
1126 if (server_mode(options) && router_pick_published_address(options, &addr)<0)
1127 return 1; /* we don't know our IP address; ask an authority. */
1128 if (options->DirPort == 0)
1129 return 0;
1130 if (!server_mode(options) || !advertised_server_mode())
1131 return 0;
1132 me = router_get_my_routerinfo();
1133 if (!me || !me->dir_port)
1134 return 0; /* if dirport not advertised, return 0 too */
1135 return 1;
1136 }
1137
1138 /* Return 1 if we should fetch new networkstatuses, descriptors, etc
1139 * on the "mirror" schedule rather than the "client" schedule.
1140 */
1141 int
1142 directory_fetches_dir_info_early(or_options_t *options)
1143 {
1144 return directory_fetches_from_authorities(options);
1145 }
1146
1147 /* Return 1 if we should fetch new networkstatuses, descriptors, etc
1148 * on a very passive schedule -- waiting long enough for ordinary clients
1149 * to probably have the info we want. These would include bridge users,
1150 * and maybe others in the future e.g. if a Tor client uses another Tor
1151 * client as a directory guard.
1152 */
1153 int
1154 directory_fetches_dir_info_later(or_options_t *options)
1155 {
1156 return options->UseBridges != 0;
1157 }
1158
1159 /** Return 1 if we want to cache v2 dir info (each status file).
1160 */
1161 int
1162 directory_caches_v2_dir_info(or_options_t *options)
1163 {
1164 return options->DirPort != 0;
1165 }
1166
1167 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1168 * and we're willing to serve them to others. Else return 0.
1169 */
1170 int
1171 directory_caches_dir_info(or_options_t *options)
1172 {
1173 return options->BridgeRelay != 0 || options->DirPort != 0;
1174 }
1175
1176 /** Return 1 if we want to allow remote people to ask us directory
1177 * requests via the "begin_dir" interface, which doesn't require
1178 * having any separate port open. */
1179 int
1180 directory_permits_begindir_requests(or_options_t *options)
1181 {
1182 return options->BridgeRelay != 0 || options->DirPort != 0;
1183 }
1184
1185 /** Return 1 if we want to allow controllers to ask us directory
1186 * requests via the controller interface, which doesn't require
1187 * having any separate port open. */
1188 int
1189 directory_permits_controller_requests(or_options_t *options)
1190 {
1191 return options->DirPort != 0;
1192 }
1193
1194 /** Return 1 if we have no need to fetch new descriptors. This generally
1195 * happens when we're not a dir cache and we haven't built any circuits
1196 * lately.
1197 */
1198 int
1199 directory_too_idle_to_fetch_descriptors(or_options_t *options, time_t now)
1200 {
1201 return !options->DirPort && !options->FetchUselessDescriptors &&
1202 rep_hist_circbuilding_dormant(now);
1203 }
1204
1205 /********************************************************************/
1206
1207 /* Used only by non-v1-auth dirservers: The v1 directory and
1208 * runningrouters we'll serve when requested. */
1209 static cached_dir_t *cached_directory = NULL;
1210 static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
1211
1212 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1213 * cached_dir_t. */
1214 static digestmap_t *cached_v2_networkstatus = NULL;
1215
1216 /** The v3 consensus network status that we're currently serving. */
1217 static cached_dir_t *cached_v3_networkstatus = NULL;
1218
1219 /** Possibly replace the contents of <b>d</b> with the value of
1220 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1221 * the last value, or too far in the future.
1222 *
1223 * Does not copy <b>directory</b>; frees it if it isn't used.
1224 */
1225 static void
1226 set_cached_dir(cached_dir_t *d, char *directory, time_t when)
1227 {
1228 time_t now = time(NULL);
1229 if (when<=d->published) {
1230 log_info(LD_DIRSERV, "Ignoring old directory; not caching.");
1231 tor_free(directory);
1232 } else if (when>=now+ROUTER_MAX_AGE_TO_PUBLISH) {
1233 log_info(LD_DIRSERV, "Ignoring future directory; not caching.");
1234 tor_free(directory);
1235 } else {
1236 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1237 log_debug(LD_DIRSERV, "Caching directory.");
1238 tor_free(d->dir);
1239 d->dir = directory;
1240 d->dir_len = strlen(directory);
1241 tor_free(d->dir_z);
1242 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1243 ZLIB_METHOD)) {
1244 log_warn(LD_BUG,"Error compressing cached directory");
1245 }
1246 d->published = when;
1247 }
1248 }
1249
1250 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1251 * any references. */
1252 void
1253 cached_dir_decref(cached_dir_t *d)
1254 {
1255 if (!d || --d->refcnt > 0)
1256 return;
1257 clear_cached_dir(d);
1258 tor_free(d);
1259 }
1260
1261 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1262 * published at <b>published</b>. */
1263 cached_dir_t *
1264 new_cached_dir(char *s, time_t published)
1265 {
1266 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1267 d->refcnt = 1;
1268 d->dir = s;
1269 d->dir_len = strlen(s);
1270 d->published = published;
1271 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1272 ZLIB_METHOD)) {
1273 log_warn(LD_BUG, "Error compressing directory");
1274 }
1275 return d;
1276 }
1277
1278 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1279 static void
1280 clear_cached_dir(cached_dir_t *d)
1281 {
1282 tor_free(d->dir);
1283 tor_free(d->dir_z);
1284 memset(d, 0, sizeof(cached_dir_t));
1285 }
1286
1287 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1288 static void
1289 _free_cached_dir(void *_d)
1290 {
1291 cached_dir_t *d = (cached_dir_t *)_d;
1292 cached_dir_decref(d);
1293 }
1294
1295 /** If we have no cached directory, or it is older than <b>published</b>,
1296 * then replace it with <b>directory</b>, published at <b>published</b>.
1297 *
1298 * If <b>published</b> is too old, do nothing.
1299 *
1300 * If <b>is_running_routers</b>, this is really a v1 running_routers
1301 * document rather than a v1 directory.
1302 */
1303 void
1304 dirserv_set_cached_directory(const char *directory, time_t published,
1305 int is_running_routers)
1306 {
1307 time_t now = time(NULL);
1308
1309 if (is_running_routers) {
1310 if (published >= now - MAX_V1_RR_AGE)
1311 set_cached_dir(&cached_runningrouters, tor_strdup(directory), published);
1312 } else {
1313 if (published >= now - MAX_V1_DIRECTORY_AGE) {
1314 cached_dir_decref(cached_directory);
1315 cached_directory = new_cached_dir(tor_strdup(directory), published);
1316 }
1317 }
1318 }
1319
1320 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1321 * network-status for an authoritative directory with identity digest
1322 * <b>identity</b> published at <b>published</b> -- store it so we can
1323 * serve it to others.
1324 *
1325 * If <b>networkstatus</b> is NULL, remove the entry with the given
1326 * identity fingerprint from the v2 cache.
1327 */
1328 void
1329 dirserv_set_cached_networkstatus_v2(const char *networkstatus,
1330 const char *identity,
1331 time_t published)
1332 {
1333 cached_dir_t *d, *old_d;
1334 smartlist_t *trusted_dirs;
1335 if (!cached_v2_networkstatus)
1336 cached_v2_networkstatus = digestmap_new();
1337
1338 old_d = digestmap_get(cached_v2_networkstatus, identity);
1339 if (!old_d && !networkstatus)
1340 return;
1341
1342 if (networkstatus) {
1343 if (!old_d || published > old_d->published) {
1344 d = new_cached_dir(tor_strdup(networkstatus), published);
1345 digestmap_set(cached_v2_networkstatus, identity, d);
1346 if (old_d)
1347 cached_dir_decref(old_d);
1348 }
1349 } else {
1350 if (old_d) {
1351 digestmap_remove(cached_v2_networkstatus, identity);
1352 cached_dir_decref(old_d);
1353 }
1354 }
1355
1356 /* Now purge old entries. */
1357 trusted_dirs = router_get_trusted_dir_servers();
1358 if (digestmap_size(cached_v2_networkstatus) >
1359 smartlist_len(trusted_dirs) + MAX_UNTRUSTED_NETWORKSTATUSES) {
1360 /* We need to remove the oldest untrusted networkstatus. */
1361 const char *oldest = NULL;
1362 time_t oldest_published = TIME_MAX;
1363 digestmap_iter_t *iter;
1364
1365 for (iter = digestmap_iter_init(cached_v2_networkstatus);
1366 !digestmap_iter_done(iter);
1367 iter = digestmap_iter_next(cached_v2_networkstatus, iter)) {
1368 const char *ident;
1369 void *val;
1370 digestmap_iter_get(iter, &ident, &val);
1371 d = val;
1372 if (d->published < oldest_published &&
1373 !router_digest_is_trusted_dir(ident)) {
1374 oldest = ident;
1375 oldest_published = d->published;
1376 }
1377 }
1378 tor_assert(oldest);
1379 d = digestmap_remove(cached_v2_networkstatus, oldest);
1380 if (d)
1381 cached_dir_decref(d);
1382 }
1383 }
1384
1385 /** Replace the v3 consensus networkstatus that we're serving with
1386 * <b>networkstatus</b>, published at <b>published</b>. No validation is
1387 * performed. */
1388 void
1389 dirserv_set_cached_networkstatus_v3(const char *networkstatus,
1390 time_t published)
1391 {
1392 if (cached_v3_networkstatus)
1393 cached_dir_decref(cached_v3_networkstatus);
1394 cached_v3_networkstatus = new_cached_dir(
1395 tor_strdup(networkstatus), published);
1396 }
1397
1398 /** Remove any v2 networkstatus from the directory cache that was published
1399 * before <b>cutoff</b>. */
1400 void
1401 dirserv_clear_old_networkstatuses(time_t cutoff)
1402 {
1403 if (!cached_v2_networkstatus)
1404 return;
1405
1406 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus, id, cached_dir_t *, dir) {
1407 if (dir->published < cutoff) {
1408 char *fname;
1409 fname = networkstatus_get_cache_filename(id);
1410 if (file_status(fname) == FN_FILE) {
1411 log_info(LD_DIR, "Removing too-old untrusted networkstatus in %s",
1412 fname);
1413 unlink(fname);
1414 }
1415 tor_free(fname);
1416 cached_dir_decref(dir);
1417 MAP_DEL_CURRENT(id);
1418 }
1419 } DIGESTMAP_FOREACH_END
1420 }
1421
1422 /** Remove any v1 info from the directory cache that was published
1423 * too long ago. */
1424 void
1425 dirserv_clear_old_v1_info(time_t now)
1426 {
1427 if (cached_directory &&
1428 cached_directory->published < (now - MAX_V1_DIRECTORY_AGE)) {
1429 cached_dir_decref(cached_directory);
1430 cached_directory = NULL;
1431 }
1432 if (cached_runningrouters.published < (now - MAX_V1_RR_AGE)) {
1433 clear_cached_dir(&cached_runningrouters);
1434 }
1435 }
1436
1437 /** Helper: If we're an authority for the right directory version (v1 or v2)
1438 * (based on <b>auth_type</b>), try to regenerate
1439 * auth_src as appropriate and return it, falling back to cache_src on
1440 * failure. If we're a cache, simply return cache_src.
1441 */
1442 static cached_dir_t *
1443 dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
1444 cached_dir_t *auth_src,
1445 time_t dirty, cached_dir_t *(*regenerate)(void),
1446 const char *name,
1447 authority_type_t auth_type)
1448 {
1449 or_options_t *options = get_options();
1450 int authority = (auth_type == V1_AUTHORITY && authdir_mode_v1(options)) ||
1451 (auth_type == V2_AUTHORITY && authdir_mode_v2(options));
1452
1453 if (!authority || authdir_mode_bridge(options)) {
1454 return cache_src;
1455 } else {
1456 /* We're authoritative. */
1457 if (regenerate != NULL) {
1458 if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) {
1459 if (!(auth_src = regenerate())) {
1460 log_err(LD_BUG, "Couldn't generate %s?", name);
1461 exit(1);
1462 }
1463 } else {
1464 log_info(LD_DIRSERV, "The %s is still clean; reusing.", name);
1465 }
1466 }
1467 return auth_src ? auth_src : cache_src;
1468 }
1469 }
1470
1471 /** Return the most recently generated encoded signed v1 directory,
1472 * generating a new one as necessary. If not a v1 authoritative directory
1473 * may return NULL if no directory is yet cached. */
1474 cached_dir_t *
1475 dirserv_get_directory(void)
1476 {
1477 return dirserv_pick_cached_dir_obj(cached_directory, the_directory,
1478 the_directory_is_dirty,
1479 dirserv_regenerate_directory,
1480 "server directory", V1_AUTHORITY);
1481 }
1482
1483 /** Only called by v1 auth dirservers.
1484 * Generate a fresh v1 directory; set the_directory and return a pointer
1485 * to the new value.
1486 */
1487 static cached_dir_t *
1488 dirserv_regenerate_directory(void)
1489 {
1490 char *new_directory=NULL;
1491
1492 if (dirserv_dump_directory_to_string(&new_directory, get_identity_key())) {
1493 log_warn(LD_BUG, "Error creating directory.");
1494 tor_free(new_directory);
1495 return NULL;
1496 }
1497 cached_dir_decref(the_directory);
1498 the_directory = new_cached_dir(new_directory, time(NULL));
1499 log_info(LD_DIRSERV,"New directory (size %d) has been built.",
1500 (int)the_directory->dir_len);
1501 log_debug(LD_DIRSERV,"New directory (size %d):\n%s",
1502 (int)the_directory->dir_len, the_directory->dir);
1503
1504 the_directory_is_dirty = 0;
1505
1506 /* Save the directory to disk so we re-load it quickly on startup.
1507 */
1508 dirserv_set_cached_directory(the_directory->dir, time(NULL), 0);
1509
1510 return the_directory;
1511 }
1512
1513 /** Only called by v1 auth dirservers.
1514 * Replace the current running-routers list with a newly generated one. */
1515 static cached_dir_t *
1516 generate_runningrouters(void)
1517 {
1518 char *s=NULL;
1519 char digest[DIGEST_LEN];
1520 char published[ISO_TIME_LEN+1];
1521 size_t len;
1522 crypto_pk_env_t *private_key = get_identity_key();
1523 char *identity_pkey; /* Identity key, DER64-encoded. */
1524 size_t identity_pkey_len;
1525
1526 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1527 &identity_pkey_len)<0) {
1528 log_warn(LD_BUG,"write identity_pkey to string failed!");
1529 goto err;
1530 }
1531 format_iso_time(published, time(NULL));
1532
1533 len = 2048;
1534 s = tor_malloc_zero(len);
1535 tor_snprintf(s, len,
1536 "network-status\n"
1537 "published %s\n"
1538 "router-status %s\n"
1539 "dir-signing-key\n%s"
1540 "directory-signature %s\n",
1541 published, "", identity_pkey,
1542 get_options()->Nickname);
1543 tor_free(identity_pkey);
1544 if (router_get_runningrouters_hash(s,digest)) {
1545 log_warn(LD_BUG,"couldn't compute digest");
1546 goto err;
1547 }
1548 note_crypto_pk_op(SIGN_DIR);
1549 if (router_append_dirobj_signature(s, len, digest, private_key)<0)
1550 goto err;
1551
1552 set_cached_dir(&the_runningrouters, s, time(NULL));
1553 runningrouters_is_dirty = 0;
1554
1555 return &the_runningrouters;
1556 err:
1557 tor_free(s);
1558 return NULL;
1559 }
1560
1561 /** Set *<b>rr</b> to the most recently generated encoded signed
1562 * running-routers list, generating a new one as necessary. Return the
1563 * size of the directory on success, and 0 on failure. */
1564 cached_dir_t *
1565 dirserv_get_runningrouters(void)
1566 {
1567 return dirserv_pick_cached_dir_obj(
1568 &cached_runningrouters, &the_runningrouters,
1569 runningrouters_is_dirty,
1570 generate_runningrouters,
1571 "v1 network status list", V1_AUTHORITY);
1572 }
1573
1574 cached_dir_t *
1575 dirserv_get_consensus(void)
1576 {
1577 return cached_v3_networkstatus;
1578 }
1579
1580 /** For authoritative directories: the current (v2) network status. */
1581 static cached_dir_t *the_v2_networkstatus = NULL;
1582
1583 /** Return true iff our opinion of the routers has been stale for long
1584 * enough that we should generate a new v2 network status doc. */
1585 static int
1586 should_generate_v2_networkstatus(void)
1587 {
1588 return authdir_mode_v2(get_options()) &&
1589 the_v2_networkstatus_is_dirty &&
1590 the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
1591 }
1592
1593 /** If a router's uptime is at least this value, then it is always
1594 * considered stable, regardless of the rest of the network. This
1595 * way we resist attacks where an attacker doubles the size of the
1596 * network using allegedly high-uptime nodes, displacing all the
1597 * current guards. */
1598 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1599 /** If a router's MTBF is at least this value, then it is always stable.
1600 * See above. (Corresponds to about 7 days for current decay rates.) */
1601 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1602 /** Similarly, we protect sufficiently fast nodes from being pushed
1603 * out of the set of Fast nodes. */
1604 #define BANDWIDTH_TO_GUARANTEE_FAST (100*1024)
1605 /** Similarly, every node with sufficient bandwidth can be considered
1606 * for Guard status. */
1607 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1608 /** Similarly, every node with at least this much weighted time known can be
1609 * considered familiar enough to be a guard. Corresponds to about 20 days for
1610 * current decay rates.
1611 */
1612 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1613 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1614 */
1615 #define WFU_TO_GUARANTEE_GUARD (0.995)
1616
1617 /* Thresholds for server performance: set by
1618 * dirserv_compute_performance_thresholds, and used by
1619 * generate_v2_networkstatus */
1620 /* XXXX stick these all in a struct. */
1621 static uint32_t stable_uptime = 0; /* start at a safe value */
1622 static double stable_mtbf = 0.0;
1623 static int enough_mtbf_info = 0;
1624 static double guard_wfu = 0.0;
1625 static long guard_tk = 0;
1626 static uint32_t fast_bandwidth = 0;
1627 static uint32_t guard_bandwidth_including_exits = 0;
1628 static uint32_t guard_bandwidth_excluding_exits = 0;
1629 static uint64_t total_bandwidth = 0;
1630 static uint64_t total_exit_bandwidth = 0;
1631
1632 /** Helper: estimate the uptime of a router given its stated uptime and the
1633 * amount of time since it last stated its stated uptime. */
1634 static INLINE long
1635 real_uptime(routerinfo_t *router, time_t now)
1636 {
1637 if (now < router->cache_info.published_on)
1638 return router->uptime;
1639 else
1640 return router->uptime + (now - router->cache_info.published_on);
1641 }
1642
1643 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1644 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1645 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1646 * bandwidth.
1647 */
1648 static int
1649 dirserv_thinks_router_is_unreliable(time_t now,
1650 routerinfo_t *router,
1651 int need_uptime, int need_capacity)
1652 {
1653 if (need_uptime) {
1654 if (!enough_mtbf_info) {
1655 /* XXXX Once most authorities are on v3, we should change the rule from
1656 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1657 * v3 if we don't have enough mtbf data." */
1658 long uptime = real_uptime(router, now);
1659 if ((unsigned)uptime < stable_uptime &&
1660 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1661 return 1;
1662 } else {
1663 double mtbf =
1664 rep_hist_get_stability(router->cache_info.identity_digest, now);
1665 if (mtbf < stable_mtbf)
1666 return 1;
1667 }
1668 }
1669 if (need_capacity) {
1670 uint32_t bw = router_get_advertised_bandwidth(router);
1671 if (bw < fast_bandwidth)
1672 return 1;
1673 }
1674 return 0;
1675 }
1676
1677 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1678 * Right now this means it advertises support for it, it has a high
1679 * uptime, and it's currently considered Running.
1680 *
1681 * This function needs to be called after router-\>is_running has
1682 * been set.
1683 */
1684 static int
1685 dirserv_thinks_router_is_hs_dir(routerinfo_t *router, time_t now)
1686 {
1687 long uptime = real_uptime(router, now);
1688
1689 return (router->wants_to_be_hs_dir &&
1690 uptime > get_options()->MinUptimeHidServDirectoryV2 &&
1691 router->is_running);
1692 }
1693
1694 /** Look through the routerlist, the Mean Time Between Failure history, and
1695 * the Weighted Fractional Uptime history, and use them to set thresholds for
1696 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1697 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1698 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1699 * total_bandwidth, and total_exit_bandwidth.
1700 *
1701 * Also, set the is_exit flag of each router appropriately. */
1702 static void
1703 dirserv_compute_performance_thresholds(routerlist_t *rl)
1704 {
1705 int n_active, n_active_nonexit, n_familiar;
1706 uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
1707 long *tks;
1708 double *mtbfs, *wfus;
1709 time_t now = time(NULL);
1710
1711 /* initialize these all here, in case there are no routers */
1712 stable_uptime = 0;
1713 stable_mtbf = 0;
1714 fast_bandwidth = 0;
1715 guard_bandwidth_including_exits = 0;
1716 guard_bandwidth_excluding_exits = 0;
1717 guard_tk = 0;
1718 guard_wfu = 0;
1719 total_bandwidth = 0;
1720 total_exit_bandwidth = 0;
1721
1722 /* Initialize arrays that will hold values for each router. We'll
1723 * sort them and use that to compute thresholds. */
1724 n_active = n_active_nonexit = 0;
1725 /* Uptime for every active router. */
1726 uptimes = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1727 /* Bandwidth for every active router. */
1728 bandwidths = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1729 /* Bandwidth for every active non-exit router. */
1730 bandwidths_excluding_exits =
1731 tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1732 /* Weighted mean time between failure for each active router. */
1733 mtbfs = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1734 /* Time-known for each active router. */
1735 tks = tor_malloc(sizeof(long)*smartlist_len(rl->routers));
1736 /* Weighted fractional uptime for each active router. */
1737 wfus = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1738
1739 /* Now, fill in the arrays. */
1740 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1741 if (router_is_active(ri, now)) {
1742 const char *id = ri->cache_info.identity_digest;
1743 uint32_t bw;
1744 ri->is_exit = exit_policy_is_general_exit(ri->exit_policy);
1745 uptimes[n_active] = (uint32_t)real_uptime(ri, now);
1746 mtbfs[n_active] = rep_hist_get_stability(id, now);
1747 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1748 bandwidths[n_active] = bw = router_get_advertised_bandwidth(ri);
1749 total_bandwidth += bw;
1750 if (ri->is_exit && !ri->is_bad_exit) {
1751 total_exit_bandwidth += bw;
1752 } else {
1753 bandwidths_excluding_exits[n_active_nonexit] = bw;
1754 ++n_active_nonexit;
1755 }
1756 ++n_active;
1757 }
1758 });
1759
1760 /* Now, compute thresholds. */
1761 if (n_active) {
1762 /* The median uptime is stable. */
1763 stable_uptime = median_uint32(uptimes, n_active);
1764 /* The median mtbf is stable, if we have enough mtbf info */
1765 stable_mtbf = median_double(mtbfs, n_active);
1766 /* The 12.5th percentile bandwidth is fast. */
1767 fast_bandwidth = find_nth_uint32(bandwidths, n_active, n_active/8);
1768 /* (Now bandwidths is sorted.) */
1769 if (fast_bandwidth < ROUTER_REQUIRED_MIN_BANDWIDTH)
1770 fast_bandwidth = bandwidths[n_active/4];
1771 guard_bandwidth_including_exits = bandwidths[(n_active-1)/2];
1772 guard_tk = find_nth_long(tks, n_active, n_active/8);
1773 }
1774
1775 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1776 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1777
1778 if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
1779 fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
1780
1781 /* Now that we have a time-known that 7/8 routers are known longer than,
1782 * fill wfus with the wfu of every such "familiar" router. */
1783 n_familiar = 0;
1784 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1785 if (router_is_active(ri, now)) {
1786 const char *id = ri->cache_info.identity_digest;
1787 long tk = rep_hist_get_weighted_time_known(id, now);
1788 if (tk < guard_tk)
1789 continue;
1790 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1791 }
1792 });
1793 if (n_familiar)
1794 guard_wfu = median_double(wfus, n_familiar);
1795 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1796 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1797
1798 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1799
1800 if (n_active_nonexit) {
1801 guard_bandwidth_excluding_exits =
1802 median_uint32(bandwidths_excluding_exits, n_active_nonexit);
1803 }
1804
1805 log(LOG_INFO, LD_DIRSERV,
1806 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1807 "For Fast: %lu bytes/sec. "
1808 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1809 "and bandwidth %lu or %lu bytes/sec.",
1810 (unsigned long)stable_uptime,
1811 (unsigned long)stable_mtbf,
1812 (unsigned long)fast_bandwidth,
1813 guard_wfu*100,
1814 (unsigned long)guard_tk,
1815 (unsigned long)guard_bandwidth_including_exits,
1816 (unsigned long)guard_bandwidth_excluding_exits);
1817
1818 tor_free(uptimes);
1819 tor_free(mtbfs);
1820 tor_free(bandwidths);
1821 tor_free(bandwidths_excluding_exits);
1822 tor_free(tks);
1823 tor_free(wfus);
1824 }
1825
1826 /** Given a platform string as in a routerinfo_t (possibly null), return a
1827 * newly allocated version string for a networkstatus document, or NULL if the
1828 * platform doesn't give a Tor version. */
1829 static char *
1830 version_from_platform(const char *platform)
1831 {
1832 if (platform && !strcmpstart(platform, "Tor ")) {
1833 const char *eos = find_whitespace(platform+4);
1834 if (eos && !strcmpstart(eos, " (r")) {
1835 /* XXXX021 Unify this logic with the other version extraction
1836 * logic */
1837 eos = find_whitespace(eos+1);
1838 }
1839 if (eos) {
1840 return tor_strndup(platform, eos-platform);
1841 }
1842 }
1843 return NULL;
1844 }
1845
1846 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1847 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1848 * Use the same format as in network-status documents. If <b>version</b> is
1849 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1850 * failure. If <b>first_line_only<b> is true, don't include any flags
1851 * or version line.
1852 */
1853 int
1854 routerstatus_format_entry(char *buf, size_t buf_len,
1855 routerstatus_t *rs, const char *version,
1856 int first_line_only)
1857 {
1858 int r;
1859 struct in_addr in;
1860 char *cp;
1861
1862 char published[ISO_TIME_LEN+1];
1863 char ipaddr[INET_NTOA_BUF_LEN];
1864 char identity64[BASE64_DIGEST_LEN+1];
1865 char digest64[BASE64_DIGEST_LEN+1];
1866
1867 format_iso_time(published, rs->published_on);
1868 digest_to_base64(identity64, rs->identity_digest);
1869 digest_to_base64(digest64, rs->descriptor_digest);
1870 in.s_addr = htonl(rs->addr);
1871 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
1872
1873 r = tor_snprintf(buf, buf_len,
1874 "r %s %s %s %s %s %d %d\n",
1875 rs->nickname,
1876 identity64,
1877 digest64,
1878 published,
1879 ipaddr,
1880 (int)rs->or_port,
1881 (int)rs->dir_port);
1882 if (r<0) {
1883 log_warn(LD_BUG, "Not enough space in buffer.");
1884 return -1;
1885 }
1886 if (first_line_only)
1887 return 0;
1888 cp = buf + strlen(buf);
1889 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
1890 r = tor_snprintf(cp, buf_len - (cp-buf),
1891 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
1892 /* These must stay in alphabetical order. */
1893 rs->is_authority?" Authority":"",
1894 rs->is_bad_directory?" BadDirectory":"",
1895 rs->is_bad_exit?" BadExit":"",
1896 rs->is_exit?" Exit":"",
1897 rs->is_fast?" Fast":"",
1898 rs->is_possible_guard?" Guard":"",
1899 rs->is_hs_dir?" HSDir":"",
1900 rs->is_named?" Named":"",
1901 rs->is_running?" Running":"",
1902 rs->is_stable?" Stable":"",
1903 rs->is_unnamed?" Unnamed":"",
1904 rs->is_v2_dir?" V2Dir":"",
1905 rs->is_valid?" Valid":"");
1906 if (r<0) {
1907 log_warn(LD_BUG, "Not enough space in buffer.");
1908 return -1;
1909 }
1910 cp += strlen(cp);
1911
1912 /* length of "opt v \n" */
1913 #define V_LINE_OVERHEAD 7
1914 if (version && strlen(version) < MAX_V_LINE_LEN - V_LINE_OVERHEAD) {
1915 if (tor_snprintf(cp, buf_len - (cp-buf), "opt v %s\n", version)<0) {
1916 log_warn(LD_BUG, "Unable to print router version.");
1917 return -1;
1918 }
1919 }
1920
1921 return 0;
1922 }
1923
1924 /** Helper for sorting: compares two routerinfos first by address, and then by
1925 * descending order of "usefulness". (An authority is more useful than a
1926 * non-authority; a running router is more useful than a non-running router;
1927 * and a router with more bandwidth is more useful than one with less.)
1928 **/
1929 static int
1930 _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
1931 {
1932 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
1933 int first_is_auth, second_is_auth;
1934 uint32_t bw_first, bw_second;
1935
1936 /* we return -1 if first should appear before second... that is,
1937 * if first is a better router. */
1938 if (first->addr < second->addr)
1939 return -1;
1940 else if (first->addr > second->addr)
1941 return 1;
1942
1943 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
1944 * reality, we will almost never get here, since addresses will usually be
1945 * different. */
1946
1947 first_is_auth =
1948 router_digest_is_trusted_dir(first->cache_info.identity_digest);
1949 second_is_auth =
1950 router_digest_is_trusted_dir(second->cache_info.identity_digest);
1951
1952 if (first_is_auth && !second_is_auth)
1953 return -1;
1954 else if (!first_is_auth && second_is_auth)
1955 return 1;
1956
1957 else if (first->is_running && !second->is_running)
1958 return -1;
1959 else if (!first->is_running && second->is_running)
1960 return 1;
1961
1962 bw_first = router_get_advertised_bandwidth(first);
1963 bw_second = router_get_advertised_bandwidth(second);
1964
1965 if (bw_first > bw_second)
1966 return -1;
1967 else if (bw_first < bw_second)
1968 return 1;
1969
1970 /* They're equal! Compare by identity digest, so there's a
1971 * deterministic order and we avoid flapping. */
1972 return memcmp(first->cache_info.identity_digest,
1973 second->cache_info.identity_digest,
1974 DIGEST_LEN);
1975 }
1976
1977 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
1978 * whose keys are the identity digests of those routers that we're going to
1979 * exclude for Sybil-like appearance. */
1980 static digestmap_t *
1981 get_possible_sybil_list(const smartlist_t *routers)
1982 {
1983 or_options_t *options = get_options();
1984 digestmap_t *omit_as_sybil;
1985 smartlist_t *routers_by_ip = smartlist_create();
1986 uint32_t last_addr;
1987 int addr_count;
1988 /* Allow at most this number of Tor servers on a single IP address, ... */
1989 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
1990 /* ... unless it's a directory authority, in which case allow more. */
1991 int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
1992 if (max_with_same_addr <= 0)
1993 max_with_same_addr = INT_MAX;
1994 if (max_with_same_addr_on_authority <= 0)
1995 max_with_same_addr_on_authority = INT_MAX;
1996
1997 smartlist_add_all(routers_by_ip, routers);
1998 smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
1999 omit_as_sybil = digestmap_new();
2000
2001 last_addr = 0;
2002 addr_count = 0;
2003 SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
2004 {
2005 if (last_addr != ri->addr) {
2006 last_addr = ri->addr;
2007 addr_count = 1;
2008 } else if (++addr_count > max_with_same_addr) {
2009 if (!router_addr_is_trusted_dir(ri->addr) ||
2010 addr_count > max_with_same_addr_on_authority)
2011 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2012 }
2013 });
2014
2015 smartlist_free(routers_by_ip);
2016 return omit_as_sybil;
2017 }
2018
2019 /** Extract status information from <b>ri</b> and from other authority
2020 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2021 * the named flag in <b>rs</b>. If not <b>exits_can_be_guards</b>, never mark
2022 * an exit as a guard. If <b>listbadexits</b>, consider setting the badexit
2023 * flag.
2024 *
2025 * We assume that ri-\>is_running has already been set, e.g. by
2026 * dirserv_set_router_is_running(ri, now);
2027 */
2028 void
2029 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2030 routerinfo_t *ri, time_t now,
2031 int naming, int exits_can_be_guards,
2032 int listbadexits, int listbaddirs)
2033 {
2034 int unstable_version =
2035 tor_version_as_new_as(ri->platform,"0.1.1.10-alpha") &&
2036 !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
2037 memset(rs, 0, sizeof(routerstatus_t));
2038
2039 rs->is_authority =
2040 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2041
2042 /* Already set by compute_performance_thresholds. */
2043 rs->is_exit = ri->is_exit;
2044 rs->is_stable = ri->is_stable =
2045 router_is_active(ri, now) &&
2046 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0) &&
2047 !unstable_version;
2048 rs->is_fast = ri->is_fast =
2049 router_is_active(ri, now) &&
2050 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2051 rs->is_running = ri->is_running; /* computed above */
2052
2053 if (naming) {
2054 uint32_t name_status = dirserv_get_name_status(
2055 ri->cache_info.identity_digest, ri->nickname);
2056 rs->is_named = (naming && (name_status & FP_NAMED)) ? 1 : 0;
2057 rs->is_unnamed = (naming && (name_status & FP_UNNAMED)) ? 1 : 0;
2058 }
2059 rs->is_valid = ri->is_valid;
2060
2061 if (rs->is_fast &&
2062 (!rs->is_exit || exits_can_be_guards) &&
2063 (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
2064 router_get_advertised_bandwidth(ri) >=
2065 (exits_can_be_guards ? guard_bandwidth_including_exits :
2066 guard_bandwidth_excluding_exits))) {
2067 long tk = rep_hist_get_weighted_time_known(
2068 ri->cache_info.identity_digest, now);
2069 double wfu = rep_hist_get_weighted_fractional_uptime(
2070 ri->cache_info.identity_digest, now);
2071 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2072 } else {
2073 rs->is_possible_guard = 0;
2074 }
2075 rs->is_bad_directory = listbaddirs && ri->is_bad_directory;
2076 rs->is_bad_exit = listbadexits && ri->is_bad_exit;
2077 ri->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, now);
2078 rs->is_hs_dir = ri->is_hs_dir;
2079 /* 0.1.1.9-alpha is the first version to support fetch by descriptor
2080 * hash. */
2081 rs->is_v2_dir = ri->dir_port &&
2082 tor_version_as_new_as(ri->platform,"0.1.1.9-alpha");
2083
2084 if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME))
2085 rs->is_named = rs->is_unnamed = 0;
2086
2087 rs->published_on = ri->cache_info.published_on;
2088 memcpy(rs->identity_digest, ri->cache_info.identity_digest, DIGEST_LEN);
2089 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2090 DIGEST_LEN);
2091 rs->addr = ri->addr;
2092 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2093 rs->or_port = ri->or_port;
2094 rs->dir_port = ri->dir_port;
2095 }
2096
2097 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2098 * too narrow an IP-space. Clear out its flags: we don't want people
2099 * using it.
2100 */
2101 static void
2102 clear_status_flags_on_sybil(routerstatus_t *rs)
2103 {
2104 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2105 rs->is_running = rs->is_named = rs->is_valid = rs->is_v2_dir =
2106 rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit =
2107 rs->is_bad_directory = 0;
2108 /* FFFF we might want some mechanism to check later on if we
2109 * missed zeroing any flags: it's easy to add a new flag but
2110 * forget to add it to this clause. */
2111 }
2112
2113 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2114 * function here because it's eerily similar to
2115 * clear_status_flags_on_sybil() above. One day we should merge them. */
2116 void
2117 router_clear_status_flags(routerinfo_t *router)
2118 {
2119 router->is_valid = router->is_running = router->is_hs_dir =
2120 router->is_fast = router->is_stable =
2121 router->is_possible_guard = router->is_exit =
2122 router->is_bad_exit = router->is_bad_directory = 0;
2123 }
2124
2125 /** If we've been around for less than this amount of time, our reachability
2126 * information is not accurate. */
2127 #define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60)
2128
2129 /** Return a new networkstatus_t* containing our current opinion. (For v3
2130 * authorities) */
2131 networkstatus_t *
2132 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
2133 authority_cert_t *cert)
2134 {
2135 or_options_t *options = get_options();
2136 networkstatus_t *v3_out = NULL;
2137 uint32_t addr;
2138 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2139 const char *contact;
2140 smartlist_t *routers, *routerstatuses;
2141 char identity_digest[DIGEST_LEN];
2142 char signing_key_digest[DIGEST_LEN];
2143 int naming = options->NamingAuthoritativeDir;
2144 int listbadexits = options->AuthDirListBadExits;
2145 int listbaddirs = options->AuthDirListBadDirs;
2146 int exits_can_be_guards;
2147 routerlist_t *rl = router_get_routerlist();
2148 time_t now = time(NULL);
2149 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2150 networkstatus_voter_info_t *voter = NULL;
2151 vote_timing_t timing;
2152 digestmap_t *omit_as_sybil = NULL;
2153 int vote_on_reachability = 1;
2154
2155 tor_assert(private_key);
2156 tor_assert(cert);
2157
2158 if (now - time_of_process_start < DIRSERV_TIME_TO_GET_REACHABILITY_INFO)
2159 vote_on_reachability = 0;
2160
2161 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2162 log_warn(LD_NET, "Couldn't resolve my hostname");
2163 return NULL;
2164 }
2165 if (!strchr(hostname, '.')) {
2166 tor_free(hostname);
2167 hostname = tor_dup_addr(addr);
2168 }
2169 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2170 log_err(LD_BUG, "Error computing signing key digest");
2171 return NULL;
2172 }
2173 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2174 log_err(LD_BUG, "Error computing identity key digest");
2175 return NULL;
2176 }
2177
2178 if (options->VersioningAuthoritativeDir) {
2179 client_versions = format_versions_list(options->RecommendedClientVersions);
2180 server_versions = format_versions_list(options->RecommendedServerVersions);
2181 }
2182
2183 contact = get_options()->ContactInfo;
2184 if (!contact)
2185 contact = "(none)";
2186
2187 /* precompute this part, since we need it to decide what "stable"
2188 * means. */
2189 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2190 dirserv_set_router_is_running(ri, now);
2191 });
2192
2193 dirserv_compute_performance_thresholds(rl);
2194
2195 /* XXXX We should take steps to keep this from oscillating if
2196 * total_exit_bandwidth is close to total_bandwidth/3. */
2197 exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
2198
2199 routers = smartlist_create();
2200 smartlist_add_all(routers, rl->routers);
2201 routers_sort_by_identity(routers);
2202 omit_as_sybil = get_possible_sybil_list(routers);
2203
2204 routerstatuses = smartlist_create();
2205
2206 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2207 if (ri->cache_info.published_on >= cutoff) {
2208 routerstatus_t *rs;
2209 vote_routerstatus_t *vrs;
2210
2211 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2212 rs = &vrs->status;
2213 set_routerstatus_from_routerinfo(rs, ri, now,
2214 naming, exits_can_be_guards,
2215 listbadexits, listbaddirs);
2216
2217 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2218 clear_status_flags_on_sybil(rs);
2219
2220 if (!vote_on_reachability)
2221 rs->is_running = 0;
2222
2223 vrs->version = version_from_platform(ri->platform);
2224 smartlist_add(routerstatuses, vrs);
2225 }
2226 });
2227 smartlist_free(routers);
2228 digestmap_free(omit_as_sybil, NULL);
2229
2230 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
2231
2232 v3_out->is_vote = 1;
2233 dirvote_get_preferred_voting_intervals(&timing);
2234 v3_out->published = now;
2235 {
2236 char tbuf[ISO_TIME_LEN+1];
2237 networkstatus_t *current_consensus =
2238 networkstatus_get_live_consensus(now);
2239 long last_consensus_interval; /* only used to pick a valid_after */
2240 if (current_consensus)
2241 last_consensus_interval = current_consensus->fresh_until -
2242 current_consensus->valid_after;
2243 else
2244 last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
2245 v3_out->valid_after =
2246 dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
2247 format_iso_time(tbuf, v3_out->valid_after);
2248 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
2249 "consensus_set=%d, last_interval=%d",
2250 tbuf, current_consensus?1:0, (int)last_consensus_interval);
2251 }
2252 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
2253 v3_out->valid_until = v3_out->valid_after +
2254 (timing.vote_interval * timing.n_intervals_valid);
2255 v3_out->vote_seconds = timing.vote_delay;
2256 v3_out->dist_seconds = timing.dist_delay;
2257 tor_assert(v3_out->vote_seconds > 0);
2258 tor_assert(v3_out->dist_seconds > 0);
2259 tor_assert(timing.n_intervals_valid > 0);
2260
2261 v3_out->client_versions = client_versions;
2262 v3_out->server_versions = server_versions;
2263 v3_out->known_flags = smartlist_create();
2264 smartlist_split_string(v3_out->known_flags,
2265 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2266 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
2267 if (vote_on_reachability)
2268 smartlist_add(v3_out->known_flags, tor_strdup("Running"));
2269 if (listbaddirs)
2270 smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
2271 if (listbadexits)
2272 smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
2273 if (naming) {
2274 smartlist_add(v3_out->known_flags, tor_strdup("Named"));
2275 smartlist_add(v3_out->known_flags, tor_strdup("Unnamed"));
2276 }
2277 smartlist_sort_strings(v3_out->known_flags);
2278
2279 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2280 voter->nickname = tor_strdup(options->Nickname);
2281 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
2282 voter->address = hostname;
2283 voter->addr = addr;
2284 voter->dir_port = options->DirPort;
2285 voter->or_port = options->ORPort;
2286 voter->contact = tor_strdup(contact);
2287 memcpy(voter->signing_key_digest, signing_key_digest, DIGEST_LEN);
2288 v3_out->voters = smartlist_create();
2289 smartlist_add(v3_out->voters, voter);
2290 v3_out->cert = authority_cert_dup(cert);
2291 v3_out->routerstatus_list = routerstatuses;
2292 /* Note: networkstatus_digest is unset; it won't get set until we actually
2293 * format the vote. */
2294
2295 return v3_out;
2296 }
2297
2298 /** For v2 authoritative directories only: Replace the contents of
2299 * <b>the_v2_networkstatus</b> with a newly generated network status
2300 * object. */
2301 static cached_dir_t *
2302 generate_v2_networkstatus_opinion(void)
2303 {
2304 cached_dir_t *r = NULL;
2305 size_t len, identity_pkey_len;
2306 char *status = NULL, *client_versions = NULL, *server_versions = NULL,
2307 *identity_pkey = NULL, *hostname = NULL;
2308 char *outp, *endp;
2309 or_options_t *options = get_options();
2310 char fingerprint[FINGERPRINT_LEN+1];
2311 char ipaddr[INET_NTOA_BUF_LEN];
2312 char published[ISO_TIME_LEN+1];
2313 char digest[DIGEST_LEN];
2314 struct in_addr in;
2315 uint32_t addr;
2316 crypto_pk_env_t *private_key;
2317 routerlist_t *rl = router_get_routerlist();
2318 time_t now = time(NULL);
2319 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2320 int naming = options->NamingAuthoritativeDir;
2321 int versioning = options->VersioningAuthoritativeDir;
2322 int listbaddirs = options->AuthDirListBadDirs;
2323 int listbadexits = options->AuthDirListBadExits;
2324 int exits_can_be_guards;
2325 const char *contact;
2326 char *version_lines = NULL;
2327 smartlist_t *routers = NULL;
2328 digestmap_t *omit_as_sybil = NULL;
2329
2330 private_key = get_identity_key();
2331
2332 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2333 log_warn(LD_NET, "Couldn't resolve my hostname");
2334 goto done;
2335 }
2336 in.s_addr = htonl(addr);
2337 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
2338
2339 format_iso_time(published, now);
2340
2341 client_versions = format_versions_list(options->RecommendedClientVersions);
2342 server_versions = format_versions_list(options->RecommendedServerVersions);
2343
2344 if (crypto_pk_write_public_key_to_string(private_key, &identity_pkey,
2345 &identity_pkey_len)<0) {
2346 log_warn(LD_BUG,"Writing public key to string failed.");
2347 goto done;
2348 }
2349
2350 if (crypto_pk_get_fingerprint(private_key, fingerprint, 0)<0) {
2351 log_err(LD_BUG, "Error computing fingerprint");
2352 goto done;
2353 }
2354
2355 contact = get_options()->ContactInfo;
2356 if (!contact)
2357 contact = "(none)";
2358
2359 if (versioning) {
2360 size_t v_len = 64+strlen(client_versions)+strlen(server_versions);
2361 version_lines = tor_malloc(v_len);
2362 tor_snprintf(version_lines, v_len,
2363 "client-versions %s\nserver-versions %s\n",
2364 client_versions, server_versions);
2365 } else {
2366 version_lines = tor_strdup("");
2367 }
2368
2369 len = 4096+strlen(client_versions)+strlen(server_versions);
2370 len += identity_pkey_len*2;
2371 len += (RS_ENTRY_LEN)*smartlist_len(rl->routers);
2372
2373 status = tor_malloc(len);
2374 tor_snprintf(status, len,
2375 "network-status-version 2\n"
2376 "dir-source %s %s %d\n"
2377 "fingerprint %s\n"
2378 "contact %s\n"
2379 "published %s\n"
2380 "dir-options%s%s%s%s\n"
2381 "%s" /* client version line, server version line. */
2382 "dir-signing-key\n%s",
2383 hostname, ipaddr, (int)options->DirPort,
2384 fingerprint,
2385 contact,
2386 published,
2387 naming ? " Names" : "",
2388 listbaddirs ? " BadDirectories" : "",
2389 listbadexits ? " BadExits" : "",
2390 versioning ? " Versions" : "",
2391 version_lines,
2392 identity_pkey);
2393 outp = status + strlen(status);
2394 endp = status + len;
2395
2396 /* precompute this part, since we need it to decide what "stable"
2397 * means. */
2398 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2399 dirserv_set_router_is_running(ri, now);
2400 });
2401
2402 dirserv_compute_performance_thresholds(rl);
2403
2404 /* XXXX We should take steps to keep this from oscillating if
2405 * total_exit_bandwidth is close to total_bandwidth/3. */
2406 exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
2407
2408 routers = smartlist_create();
2409 smartlist_add_all(routers, rl->routers);
2410 routers_sort_by_identity(routers);
2411
2412 omit_as_sybil = get_possible_sybil_list(routers);
2413
2414 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2415 if (ri->cache_info.published_on >= cutoff) {
2416 routerstatus_t rs;
2417 char *version = version_from_platform(ri->platform);
2418
2419 set_routerstatus_from_routerinfo(&rs, ri, now,
2420 naming, exits_can_be_guards,
2421 listbadexits, listbaddirs);
2422
2423 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2424 clear_status_flags_on_sybil(&rs);
2425
2426 if (routerstatus_format_entry(outp, endp-outp, &rs, version, 0)) {
2427 log_warn(LD_BUG, "Unable to print router status.");
2428 tor_free(version);
2429 goto done;
2430 }
2431 tor_free(version);
2432 outp += strlen(outp);
2433 }
2434 });
2435
2436 if (tor_snprintf(outp, endp-outp, "directory-signature %s\n",
2437 get_options()->Nickname)<0) {
2438 log_warn(LD_BUG, "Unable to write signature line.");
2439 goto done;
2440 }
2441 if (router_get_networkstatus_v2_hash(status, digest)<0) {
2442 log_warn(LD_BUG, "Unable to hash network status");
2443 goto done;
2444 }
2445 outp += strlen(outp);
2446
2447 note_crypto_pk_op(SIGN_DIR);
2448 if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
2449 log_warn(LD_BUG, "Unable to sign router status.");
2450 goto done;
2451 }
2452
2453 {
2454 networkstatus_v2_t *ns;
2455 if (!(ns = networkstatus_v2_parse_from_string(status))) {
2456 log_err(LD_BUG,"Generated a networkstatus we couldn't parse.");
2457 goto done;
2458 }
2459 networkstatus_v2_free(ns);
2460 }
2461
2462 {
2463 cached_dir_t **ns_ptr = &the_v2_networkstatus;
2464 if (*ns_ptr)
2465 cached_dir_decref(*ns_ptr);
2466 *ns_ptr = new_cached_dir(status, now);
2467 status = NULL; /* So it doesn't get double-freed. */
2468 the_v2_networkstatus_is_dirty = 0;
2469 router_set_networkstatus_v2((*ns_ptr)->dir, now, NS_GENERATED, NULL);
2470 r = *ns_ptr;
2471 }
2472
2473 done:
2474 tor_free(client_versions);
2475 tor_free(server_versions);
2476 tor_free(version_lines);
2477 tor_free(status);
2478 tor_free(hostname);
2479 tor_free(identity_pkey);
2480 if (routers)
2481 smartlist_free(routers);
2482 if (omit_as_sybil)
2483 digestmap_free(omit_as_sybil, NULL);
2484 return r;
2485 }
2486
2487 /** Given the portion of a networkstatus request URL after "tor/status/" in
2488 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2489 * networkstatus objects that the client has requested. */
2490 void
2491 dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
2492 const char *key)
2493 {
2494 tor_assert(result);
2495
2496 if (!cached_v2_networkstatus)
2497 cached_v2_networkstatus = digestmap_new();
2498
2499 if (should_generate_v2_networkstatus())
2500 generate_v2_networkstatus_opinion();
2501
2502 if (!strcmp(key,"authority")) {
2503 if (authdir_mode_v2(get_options())) {
2504 routerinfo_t *me = router_get_my_routerinfo();
2505 if (me)
2506 smartlist_add(result,
2507 tor_memdup(me->cache_info.identity_digest, DIGEST_LEN));
2508 }
2509 } else if (!strcmp(key, "all")) {
2510 if (digestmap_size(cached_v2_networkstatus)) {
2511 digestmap_iter_t *iter;
2512 iter = digestmap_iter_init(cached_v2_networkstatus);
2513 while (!digestmap_iter_done(iter)) {
2514 const char *ident;
2515 void *val;
2516 digestmap_iter_get(iter, &ident, &val);
2517 smartlist_add(result, tor_memdup(ident, DIGEST_LEN));
2518 iter = digestmap_iter_next(cached_v2_networkstatus, iter);
2519 }
2520 } else {
2521 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2522 trusted_dir_server_t *, ds,
2523 if (ds->type & V2_AUTHORITY)
2524 smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
2525 }
2526 smartlist_sort_digests(result);
2527 if (smartlist_len(result) == 0)
2528 log_info(LD_DIRSERV,
2529 "Client requested 'all' network status objects; we have none.");
2530 } else if (!strcmpstart(key, "fp/")) {
2531 dir_split_resource_into_fingerprints(key+3, result, NULL, 1, 1);
2532 }
2533 }
2534
2535 /** Look for a network status object as specified by <b>key</b>, which should
2536 * be either "authority" (to find a network status generated by us), a hex
2537 * identity digest (to find a network status generated by given directory), or
2538 * "all" (to return all the v2 network status objects we have).
2539 */
2540 void
2541 dirserv_get_networkstatus_v2(smartlist_t *result,
2542 const char *key)
2543 {
2544 cached_dir_t *cached;
2545 smartlist_t *fingerprints = smartlist_create();
2546 tor_assert(result);
2547
2548 if (!cached_v2_networkstatus)
2549 cached_v2_networkstatus = digestmap_new();
2550
2551 dirserv_get_networkstatus_v2_fingerprints(fingerprints, key);
2552 SMARTLIST_FOREACH(fingerprints, const char *, fp,
2553 {
2554 if (router_digest_is_me(fp) && should_generate_v2_networkstatus())
2555 generate_v2_networkstatus_opinion();
2556 cached = digestmap_get(cached_v2_networkstatus, fp);
2557 if (cached) {
2558 smartlist_add(result, cached);
2559 } else {
2560 char hexbuf[HEX_DIGEST_LEN+1];
2561 base16_encode(hexbuf, sizeof(hexbuf), fp, DIGEST_LEN);
2562 log_info(LD_DIRSERV, "Don't know about any network status with "
2563 "fingerprint '%s'", hexbuf);
2564 }
2565 });
2566 SMARTLIST_FOREACH(fingerprints, char *, cp, tor_free(cp));
2567 smartlist_free(fingerprints);
2568 }
2569
2570 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2571 * pointers, adds copies of digests to fps_out, and doesn't use the
2572 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2573 * requests, adds identity digests.
2574 */
2575 int
2576 dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
2577 const char **msg, int for_unencrypted_conn)
2578 {
2579 int by_id = 1;
2580 *msg = NULL;
2581
2582 if (!strcmp(key, "all")) {
2583 routerlist_t *rl = router_get_routerlist();
2584 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2585 smartlist_add(fps_out,
2586 tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
2587 } else if (!strcmp(key, "authority")) {
2588 routerinfo_t *ri = router_get_my_routerinfo();
2589 if (ri)
2590 smartlist_add(fps_out,
2591 tor_memdup(ri->cache_info.identity_digest, DIGEST_LEN));
2592 } else if (!strcmpstart(key, "d/")) {
2593 by_id = 0;
2594 key += strlen("d/");
2595 dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
2596 } else if (!strcmpstart(key, "fp/")) {
2597 key += strlen("fp/");
2598 dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
2599 } else {
2600 *msg = "Key not recognized";
2601 return -1;
2602 }
2603
2604 if (for_unencrypted_conn) {
2605 /* Remove anything whose purpose isn't general. */
2606 SMARTLIST_FOREACH(fps_out, char *, cp, {
2607 signed_descriptor_t *sd =
2608 by_id ? get_signed_descriptor_by_fp(cp,0,0) :
2609 router_get_by_descriptor_digest(cp);
2610 if (sd && !sd->send_unencrypted) {
2611 tor_free(cp);
2612 SMARTLIST_DEL_CURRENT(fps_out, cp);
2613 }
2614 });
2615 }
2616
2617 if (!smartlist_len(fps_out)) {
2618 *msg = "Servers unavailable";
2619 return -1;
2620 }
2621 return 0;
2622 }
2623
2624 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
2625 * <b>key</b>. The key should be either
2626 * - "/tor/server/authority" for our own routerinfo;
2627 * - "/tor/server/all" for all the routerinfos we have, concatenated;
2628 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
2629 * hex identity digests; or
2630 * - "/tor/server/d/D" where D is a plus-separated sequence
2631 * of server descriptor digests, in hex.
2632 *
2633 * Return 0 if we found some matching descriptors, or -1 if we do not
2634 * have any descriptors, no matching descriptors, or if we did not
2635 * recognize the key (URL).
2636 * If -1 is returned *<b>msg</b> will be set to an appropriate error
2637 * message.
2638 *
2639 * XXXX021 rename this function. It's only called from the controller.
2640 * XXXX021 in fact, refactor this function, mergeing as much as possible.
2641 */
2642 int
2643 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
2644 const char **msg)
2645 {
2646 *msg = NULL;
2647
2648 if (!strcmp(key, "/tor/server/all")) {
2649 routerlist_t *rl = router_get_routerlist();
2650 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2651 smartlist_add(descs_out, &(r->cache_info)));
2652 } else if (!strcmp(key, "/tor/server/authority")) {
2653 routerinfo_t *ri = router_get_my_routerinfo();
2654 if (ri)
2655 smartlist_add(descs_out, &(ri->cache_info));
2656 } else if (!strcmpstart(key, "/tor/server/d/")) {
2657 smartlist_t *digests = smartlist_create();
2658 key += strlen("/tor/server/d/");
2659 dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
2660 SMARTLIST_FOREACH(digests, const char *, d,
2661 {
2662 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
2663 if (sd)
2664 smartlist_add(descs_out,sd);
2665 });
2666 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
2667 smartlist_free(digests);
2668 } else if (!strcmpstart(key, "/tor/server/fp/")) {
2669 smartlist_t *digests = smartlist_create();
2670 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
2671 key += strlen("/tor/server/fp/");
2672 dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
2673 SMARTLIST_FOREACH(digests, const char *, d,
2674 {
2675 if (router_digest_is_me(d)) {
2676 /* make sure desc_routerinfo exists */
2677 routerinfo_t *ri = router_get_my_routerinfo();
2678 if (ri)
2679 smartlist_add(descs_out, &(ri->cache_info));
2680 } else {
2681 routerinfo_t *ri = router_get_by_digest(d);
2682 /* Don't actually serve a descriptor that everyone will think is
2683 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
2684 * Tors from downloading descriptors that they will throw away.
2685 */
2686 if (ri && ri->cache_info.published_on > cutoff)
2687 smartlist_add(descs_out, &(ri->cache_info));
2688 }
2689 });
2690 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
2691 smartlist_free(digests);
2692 } else {
2693 *msg = "Key not recognized";
2694 return -1;
2695 }
2696
2697 if (!smartlist_len(descs_out)) {
2698 *msg = "Servers unavailable";
2699 return -1;
2700 }
2701 return 0;
2702 }
2703
2704 /** Called when a TLS handshake has completed successfully with a
2705 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
2706 * a certificate with digest <b>digest_rcvd</b>.
2707 *
2708 * Also, if as_advertised is 1, then inform the reachability checker
2709 * that we could get to this guy.
2710 */
2711 void
2712 dirserv_orconn_tls_done(const char *address,
2713 uint16_t or_port,
2714 const char *digest_rcvd,
2715 int as_advertised)
2716 {
2717 routerlist_t *rl = router_get_routerlist();
2718 time_t now = time(NULL);
2719 int bridge_auth = authdir_mode_bridge(get_options());
2720 tor_assert(address);
2721 tor_assert(digest_rcvd);
2722
2723 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2724 if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
2725 as_advertised &&
2726 !memcmp(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
2727 /* correct digest. mark this router reachable! */
2728 if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) {
2729 log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.",
2730 ri->nickname);
2731 rep_hist_note_router_reachable(digest_rcvd, now);
2732 ri->last_reachable = now;
2733 }
2734 }
2735 });
2736 /* FFFF Maybe we should reinstate the code that dumps routers with the same
2737 * addr/port but with nonmatching keys, but instead of dumping, we should
2738 * skip testing. */
2739 }
2740
2741 /** Auth dir server only: if <b>try_all</b> is 1, launch connections to
2742 * all known routers; else we want to load balance such that we only
2743 * try a few connections per call.
2744 *
2745 * The load balancing is such that if we get called once every ten
2746 * seconds, we will cycle through all the tests in 1280 seconds (a
2747 * bit over 20 minutes).
2748 */
2749 void
2750 dirserv_test_reachability(time_t now, int try_all)
2751 {
2752 /* XXX decide what to do here; see or-talk thread "purging old router
2753 * information, revocation." -NM
2754 * We can't afford to mess with this in 0.1.2.x. The reason is that
2755 * if we stop doing reachability tests on some of routerlist, then
2756 * we'll for-sure think they're down, which may have unexpected
2757 * effects in other parts of the code. It doesn't hurt much to do
2758 * the testing, and directory authorities are easy to upgrade. Let's
2759 * wait til 0.2.0. -RD */
2760 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2761 routerlist_t *rl = router_get_routerlist();
2762 static char ctr = 0;
2763 int bridge_auth = authdir_mode_bridge(get_options());
2764
2765 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, router, {
2766 const char *id_digest = router->cache_info.identity_digest;
2767 if (router_is_me(router))
2768 continue;
2769 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
2770 continue; /* bridge authorities only test reachability on bridges */
2771 // if (router->cache_info.published_on > cutoff)
2772 // continue;
2773 if (try_all || (((uint8_t)id_digest[0]) % 128) == ctr) {
2774 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
2775 router->nickname, router->address, router->or_port);
2776 /* Remember when we started trying to determine reachability */
2777 if (!router->testing_since)
2778 router->testing_since = now;
2779 connection_or_connect(router->addr, router->or_port,
2780 id_digest);
2781 }
2782 });
2783 if (!try_all) /* increment ctr */
2784 ctr = (ctr + 1) % 128;
2785 }
2786
2787 /** Given a fingerprint <b>fp</b> which is either set if we're looking
2788 * for a v2 status, or zeroes if we're looking for a v3 status, return
2789 * a pointer to the appropriate cached dir object, or NULL if there isn't
2790 * one available. */
2791 static cached_dir_t *
2792 lookup_cached_dir_by_fp(const char *fp)
2793 {
2794 cached_dir_t *d = NULL;
2795 if (tor_digest_is_zero(fp) && cached_v3_networkstatus)
2796 d = cached_v3_networkstatus;
2797 else if (router_digest_is_me(fp) && the_v2_networkstatus)
2798 d = the_v2_networkstatus;
2799 else if (cached_v2_networkstatus)
2800 d = digestmap_get(cached_v2_networkstatus, fp);
2801 return d;
2802 }
2803
2804 /** Remove from <b>fps</b> every networkstatus key where both
2805 * a) we have a networkstatus document and
2806 * b) it is not newer than <b>cutoff</b>.
2807 *
2808 * Return 1 if any items were present at all; else return 0.
2809 */
2810 int
2811 dirserv_remove_old_statuses(smartlist_t *fps, time_t cutoff)
2812 {
2813 int found_any = 0;
2814 SMARTLIST_FOREACH(fps, char *, digest,
2815 {
2816 cached_dir_t *d = lookup_cached_dir_by_fp(digest);
2817 if (!d)
2818 continue;
2819 found_any = 1;
2820 if (d->published <= cutoff) {
2821 tor_free(digest);
2822 SMARTLIST_DEL_CURRENT(fps, digest);
2823 }
2824 });
2825
2826 return found_any;
2827 }
2828
2829 /** Return the cache-info for identity fingerprint <b>fp</b>, or
2830 * its extra-info document if <b>extrainfo</b> is true. Return
2831 * NULL if not found or if the descriptor is older than
2832 * <b>publish_cutoff</b>. */
2833 static signed_descriptor_t *
2834 get_signed_descriptor_by_fp(const char *fp, int extrainfo,
2835 time_t publish_cutoff)
2836 {
2837 if (router_digest_is_me(fp)) {
2838 if (extrainfo)
2839 return &(router_get_my_extrainfo()->cache_info);
2840 else
2841 return &(router_get_my_routerinfo()->cache_info);
2842 } else {
2843 routerinfo_t *ri = router_get_by_digest(fp);
2844 if (ri &&
2845 ri->cache_info.published_on > publish_cutoff) {
2846 if (extrainfo)
2847 return extrainfo_get_by_descriptor_digest(
2848 ri->cache_info.extra_info_digest);
2849 else
2850 return &ri->cache_info;
2851 }
2852 }
2853 return NULL;
2854 }
2855
2856 /** Return true iff we have any of the docments (extrainfo or routerdesc)
2857 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
2858 * decide whether to send a 404. */
2859 int
2860 dirserv_have_any_serverdesc(smartlist_t *fps, int spool_src)
2861 {
2862 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
2863 SMARTLIST_FOREACH(fps, const char *, fp, {
2864 switch (spool_src)
2865 {
2866 case DIR_SPOOL_EXTRA_BY_DIGEST:
2867 if (extrainfo_get_by_descriptor_digest(fp)) return 1;
2868 break;
2869 case DIR_SPOOL_SERVER_BY_DIGEST:
2870 if (router_get_by_descriptor_digest(fp)) return 1;
2871 break;
2872 case DIR_SPOOL_EXTRA_BY_FP:
2873 case DIR_SPOOL_SERVER_BY_FP:
2874 if (get_signed_descriptor_by_fp(fp,
2875 spool_src == DIR_SPOOL_EXTRA_BY_FP, publish_cutoff))
2876 return 1;
2877 break;
2878 }
2879 });
2880 return 0;
2881 }
2882
2883 /** Return an approximate estimate of the number of bytes that will
2884 * be needed to transmit the server descriptors (if is_serverdescs --
2885 * they can be either d/ or fp/ queries) or networkstatus objects (if
2886 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
2887 * we guess how large the data will be after compression.
2888 *
2889 * The return value is an estimate; it might be larger or smaller.
2890 **/
2891 size_t
2892 dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
2893 int compressed)
2894 {
2895 size_t result;
2896 tor_assert(fps);
2897 if (is_serverdescs) {
2898 int n = smartlist_len(fps);
2899 routerinfo_t *me = router_get_my_routerinfo();
2900 result = (me?me->cache_info.signed_descriptor_len:2048) * n;
2901 if (compressed)
2902 result /= 2; /* observed compressability is between 35 and 55%. */
2903 } else {
2904 result = 0;
2905 SMARTLIST_FOREACH(fps, const char *, digest, {
2906 cached_dir_t *dir = lookup_cached_dir_by_fp(digest);
2907 if (dir)
2908 result += compressed ? dir->dir_z_len : dir->dir_len;
2909 });
2910 }
2911 return result;
2912 }
2913
2914 /** When we're spooling data onto our outbuf, add more whenever we dip
2915 * below this threshold. */
2916 #define DIRSERV_BUFFER_MIN 16384
2917
2918 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
2919 * Flushes any remaining data to be (un)compressed, and changes the spool
2920 * source to NONE. Returns 0 on success, negative on failure. */
2921 static int
2922 connection_dirserv_finish_spooling(dir_connection_t *conn)
2923 {
2924 if (conn->zlib_state) {
2925 connection_write_to_buf_zlib("", 0, conn, 1);
2926 tor_zlib_free(conn->zlib_state);
2927 conn->zlib_state = NULL;
2928 }
2929 conn->dir_spool_src = DIR_SPOOL_NONE;
2930 return 0;
2931 }
2932
2933 /** Spooling helper: called when we're sending a bunch of server descriptors,
2934 * and the outbuf has become too empty. Pulls some entries from
2935 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
2936 * run out of entries, flushes the zlib state and sets the spool source to
2937 * NONE. Returns 0 on success, negative on failure.
2938 */
2939 static int
2940 connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
2941 {
2942 int by_fp = (conn->dir_spool_src == DIR_SPOOL_SERVER_BY_FP ||
2943 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP);
2944 int extra = (conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP ||
2945 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_DIGEST);
2946 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
2947
2948 while (smartlist_len(conn->fingerprint_stack) &&
2949 buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
2950 const char *body;
2951 char *fp = smartlist_pop_last(conn->fingerprint_stack);
2952 signed_descriptor_t *sd = NULL;
2953 if (by_fp) {
2954 sd = get_signed_descriptor_by_fp(fp, extra, publish_cutoff);
2955 } else {
2956 sd = extra ? extrainfo_get_by_descriptor_digest(fp)
2957 : router_get_by_descriptor_digest(fp);
2958 }
2959 tor_free(fp);
2960 if (!sd)
2961 continue;
2962 if (!connection_dir_is_encrypted(conn) && !sd->send_unencrypted) {
2963 /* we did this check once before (so we could have an accurate size
2964 * estimate and maybe send a 404 if somebody asked for only bridges on a
2965 * connection), but we need to do it again in case a previously
2966 * unknown bridge descriptor has shown up between then and now. */
2967 continue;
2968 }
2969
2970 body = signed_descriptor_get_body(sd);
2971 if (conn->zlib_state) {
2972 int last = ! smartlist_len(conn->fingerprint_stack);
2973 connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
2974 last);
2975 if (last) {
2976 tor_zlib_free(conn->zlib_state);
2977 conn->zlib_state = NULL;
2978 }
2979 } else {
2980 connection_write_to_buf(body,
2981 sd->signed_descriptor_len,
2982 TO_CONN(conn));
2983 }
2984 }
2985
2986 if (!smartlist_len(conn->fingerprint_stack)) {
2987 /* We just wrote the last one; finish up. */
2988 conn->dir_spool_src = DIR_SPOOL_NONE;
2989 smartlist_free(conn->fingerprint_stack);
2990 conn->fingerprint_stack = NULL;
2991 }
2992 return 0;
2993 }
2994
2995 /** Spooling helper: Called when we're sending a directory or networkstatus,
2996 * and the outbuf has become too empty. Pulls some bytes from
2997 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
2998 * puts them on the outbuf. If we run out of entries, flushes the zlib state
2999 * and sets the spool source to NONE. Returns 0 on success, negative on
3000 * failure. */
3001 static int
3002 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t *conn)
3003 {
3004 ssize_t bytes;
3005 int64_t remaining;
3006
3007 bytes = DIRSERV_BUFFER_MIN - buf_datalen(conn->_base.outbuf);
3008 tor_assert(bytes > 0);
3009 tor_assert(conn->cached_dir);
3010 if (bytes < 8192)
3011 bytes = 8192;
3012 remaining = conn->cached_dir->dir_z_len - conn->cached_dir_offset;
3013 if (bytes > remaining)
3014 bytes = (ssize_t) remaining;
3015
3016 if (conn->zlib_state) {
3017 connection_write_to_buf_zlib(
3018 conn->cached_dir->dir_z + conn->cached_dir_offset,
3019 bytes, conn, bytes == remaining);
3020 } else {
3021 connection_write_to_buf(conn->cached_dir->dir_z + conn->cached_dir_offset,
3022 bytes, TO_CONN(conn));
3023 }
3024 conn->cached_dir_offset += bytes;
3025 if (conn->cached_dir_offset == (int)conn->cached_dir->dir_z_len) {
3026 /* We just wrote the last one; finish up. */
3027 connection_dirserv_finish_spooling(conn);
3028 cached_dir_decref(conn->cached_dir);
3029 conn->cached_dir = NULL;
3030 }
3031 return 0;
3032 }
3033
3034 /** Spooling helper: Called when we're spooling networkstatus objects on
3035 * <b>conn</b>, and the outbuf has become too empty. If the current
3036 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3037 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3038 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3039 * treated as a request for the current consensus.) If we run out of entries,
3040 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3041 * success, negative on failure. */
3042 static int
3043 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
3044 {
3045
3046 while (buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3047 if (conn->cached_dir) {
3048 int uncompressing = (conn->zlib_state != NULL);
3049 int r = connection_dirserv_add_dir_bytes_to_outbuf(conn);
3050 if (conn->dir_spool_src == DIR_SPOOL_NONE) {
3051 /* add_dir_bytes thinks we're done with the cached_dir. But we
3052 * may have more cached_dirs! */
3053 conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
3054 /* This bit is tricky. If we were uncompressing the last
3055 * networkstatus, we may need to make a new zlib object to
3056 * uncompress the next one. */
3057 if (uncompressing && ! conn->zlib_state &&
3058 conn->fingerprint_stack &&
3059 smartlist_len(conn->fingerprint_stack)) {
3060 conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
3061 }
3062 }
3063 if (r) return r;
3064 } else if (conn->fingerprint_stack &&
3065 smartlist_len(conn->fingerprint_stack)) {
3066 /* Add another networkstatus; start serving it. */
3067 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3068 cached_dir_t *d = lookup_cached_dir_by_fp(fp);
3069 tor_free(fp);
3070 if (d) {
3071 ++d->refcnt;
3072 conn->cached_dir = d;
3073 conn->cached_dir_offset = 0;
3074 }
3075 } else {
3076 connection_dirserv_finish_spooling(conn);
3077 if (conn->fingerprint_stack)
3078 smartlist_free(conn->fingerprint_stack);
3079 conn->fingerprint_stack = NULL;
3080 return 0;
3081 }
3082 }
3083 return 0;
3084 }
3085
3086 /** Called whenever we have flushed some directory data in state
3087 * SERVER_WRITING. */
3088 int
3089 connection_dirserv_flushed_some(dir_connection_t *conn)
3090 {
3091 tor_assert(conn->_base.state == DIR_CONN_STATE_SERVER_WRITING);
3092
3093 if (buf_datalen(conn->_base.outbuf) >= DIRSERV_BUFFER_MIN)
3094 return 0;
3095
3096 switch (conn->dir_spool_src) {
3097 case DIR_SPOOL_EXTRA_BY_DIGEST:
3098 case DIR_SPOOL_EXTRA_BY_FP:
3099 case DIR_SPOOL_SERVER_BY_DIGEST:
3100 case DIR_SPOOL_SERVER_BY_FP:
3101 return connection_dirserv_add_servers_to_outbuf(conn);
3102 case DIR_SPOOL_CACHED_DIR:
3103 return connection_dirserv_add_dir_bytes_to_outbuf(conn);
3104 case DIR_SPOOL_NETWORKSTATUS:
3105 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn);
3106 case DIR_SPOOL_NONE:
3107 default:
3108 return 0;
3109 }
3110 }
3111
3112 /** Release all storage used by the directory server. */
3113 void
3114 dirserv_free_all(void)
3115 {
3116 dirserv_free_fingerprint_list();
3117
3118 cached_dir_decref(the_directory);
3119 clear_cached_dir(&the_runningrouters);
3120 cached_dir_decref(the_v2_networkstatus);
3121 cached_dir_decref(cached_directory);
3122 clear_cached_dir(&cached_runningrouters);
3123 if (cached_v2_networkstatus) {
3124 digestmap_free(cached_v2_networkstatus, _free_cached_dir);
3125 cached_v2_networkstatus = NULL;
3126 }
3127 cached_dir_decref(cached_v3_networkstatus);
3128 }
3129
The Onion Router