1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "confparse.h"
12 #include "channeltls.h"
14 #include "connection.h"
15 #include "connection_or.h"
17 #include "directory.h"
20 #include "hibernate.h"
23 #include "microdesc.h"
24 #include "networkstatus.h"
29 #include "routerlist.h"
30 #include "routerparse.h"
31 #include "routerset.h"
36 * \brief Directory server core implementation. Manages directory
37 * contents and generates directories.
40 /** How far in the future do we allow a router to get? (seconds) */
41 #define ROUTER_ALLOW_SKEW (60*60*12)
42 /** How many seconds do we wait before regenerating the directory? */
43 #define DIR_REGEN_SLACK_TIME 30
44 /** If we're a cache, keep this many networkstatuses around from non-trusted
45 * directory authorities. */
46 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
48 /** Total number of routers with measured bandwidth; this is set by
49 * dirserv_count_measured_bws() before the loop in
50 * dirserv_generate_networkstatus_vote_obj() and checked by
51 * dirserv_get_credible_bandwidth() and
52 * dirserv_compute_performance_thresholds() */
53 static int routers_with_measured_bw
= 0;
55 static void directory_remove_invalid(void);
56 static char *format_versions_list(config_line_t
*ln
);
57 struct authdir_config_t
;
59 dirserv_get_status_impl(const char *fp
, const char *nickname
,
60 uint32_t addr
, uint16_t or_port
,
61 const char *platform
, const char **msg
,
63 static void clear_cached_dir(cached_dir_t
*d
);
64 static const signed_descriptor_t
*get_signed_descriptor_by_fp(
67 time_t publish_cutoff
);
68 static was_router_added_t
dirserv_add_extrainfo(extrainfo_t
*ei
,
70 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
);
71 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
);
73 /************** Fingerprint handling code ************/
75 /* 1 Historically used to indicate Named */
76 #define FP_INVALID 2 /**< Believed invalid. */
77 #define FP_REJECT 4 /**< We will not publish this router. */
78 /* 8 Historically used to avoid using this as a dir. */
79 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
80 /* 32 Historically used to indicade Unnamed */
82 /** Target of status_by_digest map. */
83 typedef uint32_t router_status_t
;
85 static void add_fingerprint_to_dir(const char *fp
,
86 struct authdir_config_t
*list
,
87 router_status_t add_status
);
89 /** List of nickname-\>identity fingerprint mappings for all the routers
90 * that we name. Used to prevent router impersonation. */
91 typedef struct authdir_config_t
{
92 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
93 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
96 /** Should be static; exposed for testing. */
97 static authdir_config_t
*fingerprint_list
= NULL
;
99 /** Allocate and return a new, empty, authdir_config_t. */
100 static authdir_config_t
*
101 authdir_config_new(void)
103 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
104 list
->fp_by_name
= strmap_new();
105 list
->status_by_digest
= digestmap_new();
109 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
110 * <b>list</b>, or-ing the currently set status flags with
114 add_fingerprint_to_dir(const char *fp
, authdir_config_t
*list
,
115 router_status_t add_status
)
119 router_status_t
*status
;
123 fingerprint
= tor_strdup(fp
);
124 tor_strstrip(fingerprint
, " ");
125 if (base16_decode(d
, DIGEST_LEN
,
126 fingerprint
, strlen(fingerprint
)) != DIGEST_LEN
) {
127 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
129 tor_free(fingerprint
);
133 status
= digestmap_get(list
->status_by_digest
, d
);
135 status
= tor_malloc_zero(sizeof(router_status_t
));
136 digestmap_set(list
->status_by_digest
, d
, status
);
139 tor_free(fingerprint
);
140 *status
|= add_status
;
144 /** Add the fingerprint for this OR to the global list of recognized
145 * identity key fingerprints. */
147 dirserv_add_own_fingerprint(crypto_pk_t
*pk
)
149 char fp
[FINGERPRINT_LEN
+1];
150 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
151 log_err(LD_BUG
, "Error computing fingerprint");
154 if (!fingerprint_list
)
155 fingerprint_list
= authdir_config_new();
156 add_fingerprint_to_dir(fp
, fingerprint_list
, 0);
160 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
161 * file. The file format is line-based, with each non-blank holding one
162 * nickname, some space, and a fingerprint for that nickname. On success,
163 * replace the current fingerprint list with the new list and return 0. On
164 * failure, leave the current fingerprint list untouched, and return -1. */
166 dirserv_load_fingerprint_file(void)
170 char *nickname
, *fingerprint
;
171 authdir_config_t
*fingerprint_list_new
;
173 config_line_t
*front
=NULL
, *list
;
175 fname
= get_datadir_fname("approved-routers");
177 "Reloading approved fingerprints from \"%s\"...", fname
);
179 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
181 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
187 result
= config_get_lines(cf
, &front
, 0);
190 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
194 fingerprint_list_new
= authdir_config_new();
196 for (list
=front
; list
; list
=list
->next
) {
197 char digest_tmp
[DIGEST_LEN
];
198 router_status_t add_status
= 0;
199 nickname
= list
->key
; fingerprint
= list
->value
;
200 tor_strstrip(fingerprint
, " "); /* remove spaces */
201 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
202 base16_decode(digest_tmp
, sizeof(digest_tmp
),
203 fingerprint
, HEX_DIGEST_LEN
) != sizeof(digest_tmp
)) {
204 log_notice(LD_CONFIG
,
205 "Invalid fingerprint (nickname '%s', "
206 "fingerprint %s). Skipping.",
207 nickname
, fingerprint
);
210 if (!strcasecmp(nickname
, "!reject")) {
211 add_status
= FP_REJECT
;
212 } else if (!strcasecmp(nickname
, "!badexit")) {
213 add_status
= FP_BADEXIT
;
214 } else if (!strcasecmp(nickname
, "!invalid")) {
215 add_status
= FP_INVALID
;
217 add_fingerprint_to_dir(fingerprint
, fingerprint_list_new
, add_status
);
220 config_free_lines(front
);
221 dirserv_free_fingerprint_list();
222 fingerprint_list
= fingerprint_list_new
;
223 /* Delete any routers whose fingerprints we no longer recognize */
224 directory_remove_invalid();
228 /* If this is set, then we don't allow routers that have advertised an Ed25519
229 * identity to stop doing so. This is going to be essential for good identity
230 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
231 * just sign fake descriptors missing the Ed25519 key. But we won't actually
232 * be able to prevent that kind of thing until we're confident that there
233 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
234 * to leave this #undef.
236 #undef DISABLE_DISABLING_ED25519
238 /** Check whether <b>router</b> has a nickname/identity key combination that
239 * we recognize from the fingerprint list, or an IP we automatically act on
240 * according to our configuration. Return the appropriate router status.
242 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
243 * *<b>msg</b> to an explanation of why. */
245 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
,
249 const int key_pinning
= get_options()->AuthDirPinKeys
;
251 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
252 log_warn(LD_BUG
,"Error computing fingerprint");
254 *msg
= "Bug: Error computing fingerprint";
258 if (router
->cache_info
.signing_key_cert
) {
259 /* This has an ed25519 identity key. */
260 if (KEYPIN_MISMATCH
==
261 keypin_check((const uint8_t*)router
->cache_info
.identity_digest
,
262 router
->cache_info
.signing_key_cert
->signing_key
.pubkey
)) {
263 log_fn(severity
, LD_DIR
,
264 "Descriptor from router %s has an Ed25519 key, "
265 "but the <rsa,ed25519> keys don't match what they were before.",
266 router_describe(router
));
269 *msg
= "Ed25519 identity key or RSA identity key has changed.";
276 if (KEYPIN_MISMATCH
== keypin_check_lone_rsa(
277 (const uint8_t*)router
->cache_info
.identity_digest
)) {
278 log_fn(severity
, LD_DIR
,
279 "Descriptor from router %s has no Ed25519 key, "
280 "when we previously knew an Ed25519 for it. Ignoring for now, "
281 "since Ed25519 keys are fairly new.",
282 router_describe(router
));
283 #ifdef DISABLE_DISABLING_ED25519
286 *msg
= "Ed25519 identity key has disappeared.";
294 return dirserv_get_status_impl(d
, router
->nickname
,
295 router
->addr
, router
->or_port
,
296 router
->platform
, msg
, severity
);
299 /** Return true if there is no point in downloading the router described by
300 * <b>rs</b> because this directory would reject it. */
302 dirserv_would_reject_router(const routerstatus_t
*rs
)
306 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
307 rs
->addr
, rs
->or_port
,
308 NULL
, NULL
, LOG_DEBUG
);
310 return (res
& FP_REJECT
) != 0;
313 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
314 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
315 * port and platform (logging only) as arguments.
317 * Log messages at 'severity'. (There's not much point in
318 * logging that we're rejecting servers we'll not download.)
321 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
322 uint32_t addr
, uint16_t or_port
,
323 const char *platform
, const char **msg
, int severity
)
326 router_status_t
*status_by_digest
;
328 if (!fingerprint_list
)
329 fingerprint_list
= authdir_config_new();
331 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
332 strmap_size(fingerprint_list
->fp_by_name
),
333 digestmap_size(fingerprint_list
->status_by_digest
));
335 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
336 * missing some important security fixes too. Disable them. */
337 if (platform
&& !tor_version_as_new_as(platform
,"0.2.4.18-rc")) {
339 *msg
= "Tor version is insecure or unsupported. Please upgrade!";
343 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
345 if (status_by_digest
)
346 result
|= *status_by_digest
;
348 if (result
& FP_REJECT
) {
350 *msg
= "Fingerprint is marked rejected -- please contact us?";
352 } else if (result
& FP_INVALID
) {
354 *msg
= "Fingerprint is marked invalid";
357 if (authdir_policy_badexit_address(addr
, or_port
)) {
358 log_fn(severity
, LD_DIRSERV
,
359 "Marking '%s' as bad exit because of address '%s'",
360 nickname
, fmt_addr32(addr
));
361 result
|= FP_BADEXIT
;
364 if (!authdir_policy_permits_address(addr
, or_port
)) {
365 log_fn(severity
, LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
366 nickname
, fmt_addr32(addr
));
368 *msg
= "Suspicious relay address range -- please contact us?";
371 if (!authdir_policy_valid_address(addr
, or_port
)) {
372 log_fn(severity
, LD_DIRSERV
,
373 "Not marking '%s' valid because of address '%s'",
374 nickname
, fmt_addr32(addr
));
375 result
|= FP_INVALID
;
381 /** Clear the current fingerprint list. */
383 dirserv_free_fingerprint_list(void)
385 if (!fingerprint_list
)
388 strmap_free(fingerprint_list
->fp_by_name
, tor_free_
);
389 digestmap_free(fingerprint_list
->status_by_digest
, tor_free_
);
390 tor_free(fingerprint_list
);
397 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
398 * unless we're configured to not care. Return 0 if all ok. */
400 dirserv_router_has_valid_address(routerinfo_t
*ri
)
403 if (get_options()->DirAllowPrivateAddresses
)
404 return 0; /* whatever it is, we're fine with it */
405 tor_addr_from_ipv4h(&addr
, ri
->addr
);
407 if (tor_addr_is_internal(&addr
, 0)) {
409 "Router %s published internal IP address. Refusing.",
410 router_describe(ri
));
411 return -1; /* it's a private IP, we should reject it */
416 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
417 * set its is_valid,running fields and return 0. Otherwise, return -1.
419 * If the router is rejected, set *<b>msg</b> to an explanation of why.
421 * If <b>complain</b> then explain at log-level 'notice' why we refused
422 * a descriptor; else explain at log-level 'info'.
425 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
426 int complain
, int *valid_out
)
428 /* Okay. Now check whether the fingerprint is recognized. */
430 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
431 uint32_t status
= dirserv_router_get_status(ri
, msg
, severity
);
433 if (status
& FP_REJECT
)
434 return -1; /* msg is already set. */
436 /* Is there too much clock skew? */
438 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
439 log_fn(severity
, LD_DIRSERV
, "Publication time for %s is too "
440 "far (%d minutes) in the future; possible clock skew. Not adding "
443 (int)((ri
->cache_info
.published_on
-now
)/60),
444 esc_router_info(ri
));
445 *msg
= "Rejected: Your clock is set too far in the future, or your "
446 "timezone is not correct.";
449 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
450 log_fn(severity
, LD_DIRSERV
,
451 "Publication time for %s is too far "
452 "(%d minutes) in the past. Not adding (%s)",
454 (int)((now
-ri
->cache_info
.published_on
)/60),
455 esc_router_info(ri
));
456 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
457 " or your timezone is not correct.";
460 if (dirserv_router_has_valid_address(ri
) < 0) {
461 log_fn(severity
, LD_DIRSERV
,
462 "Router %s has invalid address. Not adding (%s).",
464 esc_router_info(ri
));
465 *msg
= "Rejected: Address is a private address.";
469 *valid_out
= ! (status
& FP_INVALID
);
474 /** Update the relevant flags of <b>node</b> based on our opinion as a
475 * directory authority in <b>authstatus</b>, as returned by
476 * dirserv_router_get_status or equivalent. */
478 dirserv_set_node_flags_from_authoritative_status(node_t
*node
,
481 node
->is_valid
= (authstatus
& FP_INVALID
) ? 0 : 1;
482 node
->is_bad_exit
= (authstatus
& FP_BADEXIT
) ? 1 : 0;
485 /** True iff <b>a</b> is more severe than <b>b</b>. */
487 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
492 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
493 * returns the most severe error that occurred for any one of them. */
495 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
499 was_router_added_t r
, r_tmp
;
504 time_t now
= time(NULL
);
505 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
506 char time_buf
[ISO_TIME_LEN
+1];
507 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
510 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
512 format_iso_time(time_buf
, now
);
513 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
516 "%s%s%s", time_buf
, escaped(source
),
517 !general
? "@purpose " : "",
518 !general
? router_purpose_to_string(purpose
) : "",
519 !general
? "\n" : "")<0) {
520 *msg
= "Couldn't format annotations";
525 list
= smartlist_new();
526 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
527 annotation_buf
, NULL
)) {
528 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
530 tor_assert(ri
->purpose
== purpose
);
531 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
532 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
538 n_parsed
+= smartlist_len(list
);
539 smartlist_clear(list
);
542 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
544 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
547 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
548 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
554 n_parsed
+= smartlist_len(list
);
555 smartlist_free(list
);
559 *msg
= "No descriptors found in your POST.";
560 if (WRA_WAS_ADDED(r
))
561 r
= ROUTER_IS_ALREADY_KNOWN
;
563 *msg
= "(no message)";
570 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
571 * the list of server descriptors. Set *<b>msg</b> to a message that should be
572 * passed back to the origin of this descriptor, or NULL if there is no such
573 * message. Use <b>source</b> to produce better log messages.
575 * Return the status of the operation
577 * This function is only called when fresh descriptors are posted, not when
578 * we re-load the cache.
581 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
583 was_router_added_t r
;
584 routerinfo_t
*ri_old
;
585 char *desc
, *nickname
;
586 const size_t desclen
= ri
->cache_info
.signed_descriptor_len
+
587 ri
->cache_info
.annotations_len
;
588 const int key_pinning
= get_options()->AuthDirPinKeys
;
591 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
592 * network and it'll clog everything up. */
593 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
594 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
595 " (source: %s) with size %d. Either this is an attack, or the "
596 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
597 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
598 MAX_DESCRIPTOR_UPLOAD_SIZE
);
599 *msg
= "Router descriptor was too large.";
600 control_event_or_authdir_new_descriptor("REJECTED",
601 ri
->cache_info
.signed_descriptor_body
,
604 return ROUTER_AUTHDIR_REJECTS
;
607 /* Check whether this descriptor is semantically identical to the last one
608 * from this server. (We do this here and not in router_add_to_routerlist
609 * because we want to be able to accept the newest router descriptor that
610 * another authority has, so we all converge on the same one.) */
611 ri_old
= router_get_mutable_by_digest(ri
->cache_info
.identity_digest
);
612 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
613 && router_differences_are_cosmetic(ri_old
, ri
)
614 && !router_is_me(ri
)) {
616 "Not replacing descriptor from %s (source: %s); "
617 "differences are cosmetic.",
618 router_describe(ri
), source
);
619 *msg
= "Not replacing router descriptor; no information has changed since "
620 "the last one with this identity.";
621 control_event_or_authdir_new_descriptor("DROPPED",
622 ri
->cache_info
.signed_descriptor_body
,
625 return ROUTER_IS_ALREADY_KNOWN
;
628 /* Do keypinning again ... this time, to add the pin if appropriate */
630 if (ri
->cache_info
.signing_key_cert
) {
631 keypin_status
= keypin_check_and_add(
632 (const uint8_t*)ri
->cache_info
.identity_digest
,
633 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
636 keypin_status
= keypin_check_lone_rsa(
637 (const uint8_t*)ri
->cache_info
.identity_digest
);
638 #ifndef DISABLE_DISABLING_ED25519
639 if (keypin_status
== KEYPIN_MISMATCH
)
640 keypin_status
= KEYPIN_NOT_FOUND
;
643 if (keypin_status
== KEYPIN_MISMATCH
&& key_pinning
) {
644 log_info(LD_DIRSERV
, "Dropping descriptor from %s (source: %s) because "
645 "its key did not match an older RSA/Ed25519 keypair",
646 router_describe(ri
), source
);
647 *msg
= "Looks like your keypair does not match its older value.";
648 return ROUTER_AUTHDIR_REJECTS
;
651 /* Make a copy of desc, since router_add_to_routerlist might free
652 * ri and its associated signed_descriptor_t. */
653 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
654 nickname
= tor_strdup(ri
->nickname
);
656 /* Tell if we're about to need to launch a test if we add this. */
657 ri
->needs_retest_if_added
=
658 dirserv_should_launch_reachability_test(ri
, ri_old
);
660 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
661 if (!WRA_WAS_ADDED(r
)) {
662 /* unless the routerinfo was fine, just out-of-date */
663 if (WRA_WAS_REJECTED(r
))
664 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
666 "Did not add descriptor from '%s' (source: %s): %s.",
667 nickname
, source
, *msg
? *msg
: "(no message)");
669 smartlist_t
*changed
;
670 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
672 changed
= smartlist_new();
673 smartlist_add(changed
, ri
);
674 routerlist_descriptors_added(changed
, 0);
675 smartlist_free(changed
);
677 *msg
= "Descriptor accepted";
680 "Added descriptor from '%s' (source: %s): %s.",
681 nickname
, source
, *msg
);
688 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
689 static was_router_added_t
690 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
697 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
698 * can mess with some of the flags in ri->cache_info. */
699 ri
= router_get_mutable_by_digest(ei
->cache_info
.identity_digest
);
701 *msg
= "No corresponding router descriptor for extra-info descriptor";
703 return ROUTER_BAD_EI
;
706 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
707 * network and it'll clog everything up. */
708 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
709 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
710 "with size %d. Either this is an attack, or the "
711 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
712 (int)ei
->cache_info
.signed_descriptor_len
,
713 MAX_EXTRAINFO_UPLOAD_SIZE
);
714 *msg
= "Extrainfo document was too large";
716 return ROUTER_BAD_EI
;
719 if ((r
= routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
,
720 &ri
->cache_info
, msg
))) {
722 return r
< 0 ? ROUTER_IS_ALREADY_KNOWN
: ROUTER_BAD_EI
;
724 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
725 return ROUTER_ADDED_SUCCESSFULLY
;
728 /** Remove all descriptors whose nicknames or fingerprints no longer
729 * are allowed by our fingerprint list. (Descriptors that used to be
730 * good can become bad when we reload the fingerprint list.)
733 directory_remove_invalid(void)
735 routerlist_t
*rl
= router_get_routerlist();
736 smartlist_t
*nodes
= smartlist_new();
737 smartlist_add_all(nodes
, nodelist_get_list());
739 SMARTLIST_FOREACH_BEGIN(nodes
, node_t
*, node
) {
740 const char *msg
= NULL
;
741 routerinfo_t
*ent
= node
->ri
;
742 char description
[NODE_DESC_BUF_LEN
];
746 r
= dirserv_router_get_status(ent
, &msg
, LOG_INFO
);
747 router_get_description(description
, ent
);
749 log_info(LD_DIRSERV
, "Router %s is now rejected: %s",
750 description
, msg
?msg
:"");
751 routerlist_remove(rl
, ent
, 0, time(NULL
));
754 if (bool_neq((r
& FP_INVALID
), !node
->is_valid
)) {
755 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", description
,
756 (r
&FP_INVALID
) ? "in" : "");
757 node
->is_valid
= (r
&FP_INVALID
)?0:1;
759 if (bool_neq((r
& FP_BADEXIT
), node
->is_bad_exit
)) {
760 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", description
,
761 (r
& FP_BADEXIT
) ? "bad" : "good");
762 node
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
764 } SMARTLIST_FOREACH_END(node
);
766 routerlist_assert_ok(rl
);
767 smartlist_free(nodes
);
771 * Allocate and return a description of the status of the server <b>desc</b>,
772 * for use in a v1-style router-status line. The server is listed
773 * as running iff <b>is_live</b> is true.
776 list_single_server_status(const routerinfo_t
*desc
, int is_live
)
778 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
788 node
= node_get_by_id(desc
->cache_info
.identity_digest
);
789 if (node
&& node
->is_valid
) {
790 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
795 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
797 return tor_strdup(buf
);
800 /* DOCDOC running_long_enough_to_decide_unreachable */
802 running_long_enough_to_decide_unreachable(void)
804 return time_of_process_start
805 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
808 /** Each server needs to have passed a reachability test no more
809 * than this number of seconds ago, or it is listed as down in
811 #define REACHABLE_TIMEOUT (45*60)
813 /** If we tested a router and found it reachable _at least this long_ after it
814 * declared itself hibernating, it is probably done hibernating and we just
815 * missed a descriptor from it. */
816 #define HIBERNATION_PUBLICATION_SKEW (60*60)
818 /** Treat a router as alive if
819 * - It's me, and I'm not hibernating.
820 * or - We've found it reachable recently. */
822 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
824 /*XXXX This function is a mess. Separate out the part that calculates
825 whether it's reachable and the part that tells rephist that the router was
829 const or_options_t
*options
= get_options();
830 node_t
*node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
833 if (router_is_me(router
)) {
834 /* We always know if we are down ourselves. */
835 answer
= ! we_are_hibernating();
836 } else if (router
->is_hibernating
&&
837 (router
->cache_info
.published_on
+
838 HIBERNATION_PUBLICATION_SKEW
) > node
->last_reachable
) {
839 /* A hibernating router is down unless we (somehow) had contact with it
840 * since it declared itself to be hibernating. */
842 } else if (options
->AssumeReachable
) {
843 /* If AssumeReachable, everybody is up unless they say they are down! */
846 /* Otherwise, a router counts as up if we found all announced OR
847 ports reachable in the last REACHABLE_TIMEOUT seconds.
849 XXX prop186 For now there's always one IPv4 and at most one
852 If we're not on IPv6, don't consider reachability of potential
853 IPv6 OR port since that'd kill all dual stack relays until a
854 majority of the dir auths have IPv6 connectivity. */
855 answer
= (now
< node
->last_reachable
+ REACHABLE_TIMEOUT
&&
856 (options
->AuthDirHasIPv6Connectivity
!= 1 ||
857 tor_addr_is_null(&router
->ipv6_addr
) ||
858 now
< node
->last_reachable6
+ REACHABLE_TIMEOUT
));
861 if (!answer
&& running_long_enough_to_decide_unreachable()) {
862 /* Not considered reachable. tell rephist about that.
864 Because we launch a reachability test for each router every
865 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
866 been down since at least that time after we last successfully reached
872 if (node
->last_reachable
&&
873 node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
< now
)
874 when
= node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
;
875 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, when
);
878 node
->is_running
= answer
;
881 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
882 * contents of a v1-style router-status line, and store it in
883 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
885 * If for_controller is true, include the routers with very old descriptors.
888 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
891 /* List of entries in a router-status style: An optional !, then an optional
892 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
893 smartlist_t
*rs_entries
;
894 time_t now
= time(NULL
);
895 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
896 const or_options_t
*options
= get_options();
897 /* We include v2 dir auths here too, because they need to answer
898 * controllers. Eventually we'll deprecate this whole function;
899 * see also networkstatus_getinfo_by_purpose(). */
900 int authdir
= authdir_mode_publishes_statuses(options
);
901 tor_assert(router_status_out
);
903 rs_entries
= smartlist_new();
905 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
906 const node_t
*node
= node_get_by_id(ri
->cache_info
.identity_digest
);
909 /* Update router status in routerinfo_t. */
910 dirserv_set_router_is_running(ri
, now
);
912 if (for_controller
) {
913 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
915 if (!node
->is_running
)
917 router_get_verbose_nickname(cp
, ri
);
918 smartlist_add(rs_entries
, tor_strdup(name_buf
));
919 } else if (ri
->cache_info
.published_on
>= cutoff
) {
920 smartlist_add(rs_entries
, list_single_server_status(ri
,
923 } SMARTLIST_FOREACH_END(ri
);
925 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
927 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
928 smartlist_free(rs_entries
);
933 /** Given a (possibly empty) list of config_line_t, each line of which contains
934 * a list of comma-separated version numbers surrounded by optional space,
935 * allocate and return a new string containing the version numbers, in order,
936 * separated by commas. Used to generate Recommended(Client|Server)?Versions
939 format_versions_list(config_line_t
*ln
)
941 smartlist_t
*versions
;
943 versions
= smartlist_new();
944 for ( ; ln
; ln
= ln
->next
) {
945 smartlist_split_string(versions
, ln
->value
, ",",
946 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
948 sort_version_list(versions
, 1);
949 result
= smartlist_join_strings(versions
,",",0,NULL
);
950 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
951 smartlist_free(versions
);
955 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
956 * not hibernating, having observed bw greater 0, and not too old. Else
960 router_is_active(const routerinfo_t
*ri
, const node_t
*node
, time_t now
)
962 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
963 if (ri
->cache_info
.published_on
< cutoff
) {
966 if (!node
->is_running
|| !node
->is_valid
|| ri
->is_hibernating
) {
969 /* Only require bandwith capacity in non-test networks, or
970 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
971 if (!ri
->bandwidthcapacity
) {
972 if (get_options()->TestingTorNetwork
) {
973 if (get_options()->TestingMinExitFlagThreshold
> 0) {
974 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
975 * then require bandwidthcapacity */
979 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
986 /********************************************************************/
988 /* A set of functions to answer questions about how we'd like to behave
989 * as a directory mirror/client. */
991 /** Return 1 if we fetch our directory material directly from the
992 * authorities, rather than from a mirror. */
994 directory_fetches_from_authorities(const or_options_t
*options
)
996 const routerinfo_t
*me
;
999 if (options
->FetchDirInfoEarly
)
1001 if (options
->BridgeRelay
== 1)
1003 if (server_mode(options
) && router_pick_published_address(options
, &addr
)<0)
1004 return 1; /* we don't know our IP address; ask an authority. */
1005 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1006 should_refuse_unknown_exits(options
);
1007 if (!dir_server_mode(options
) && !refuseunknown
)
1009 if (!server_mode(options
) || !advertised_server_mode())
1011 me
= router_get_my_routerinfo();
1012 if (!me
|| (!me
->supports_tunnelled_dir_requests
&& !refuseunknown
))
1013 return 0; /* if we don't service directory requests, return 0 too */
1017 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1018 * on the "mirror" schedule rather than the "client" schedule.
1021 directory_fetches_dir_info_early(const or_options_t
*options
)
1023 return directory_fetches_from_authorities(options
);
1026 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1027 * on a very passive schedule -- waiting long enough for ordinary clients
1028 * to probably have the info we want. These would include bridge users,
1029 * and maybe others in the future e.g. if a Tor client uses another Tor
1030 * client as a directory guard.
1033 directory_fetches_dir_info_later(const or_options_t
*options
)
1035 return options
->UseBridges
!= 0;
1038 /** Return true iff we want to fetch and keep certificates for authorities
1039 * that we don't acknowledge as authorities ourself.
1042 directory_caches_unknown_auth_certs(const or_options_t
*options
)
1044 return dir_server_mode(options
) || options
->BridgeRelay
;
1047 /** Return 1 if we want to keep descriptors, networkstatuses, etc around.
1049 * Check options->DirPort_set and directory_permits_begindir_requests()
1050 * to see if we are willing to serve these directory documents to others via
1051 * the DirPort and begindir-over-ORPort, respectively.
1054 directory_caches_dir_info(const or_options_t
*options
)
1056 if (options
->BridgeRelay
|| dir_server_mode(options
))
1058 if (!server_mode(options
) || !advertised_server_mode())
1060 /* We need an up-to-date view of network info if we're going to try to
1061 * block exit attempts from unknown relays. */
1062 return ! router_my_exit_policy_is_reject_star() &&
1063 should_refuse_unknown_exits(options
);
1066 /** Return 1 if we want to allow remote people to ask us directory
1067 * requests via the "begin_dir" interface, which doesn't require
1068 * having any separate port open. */
1070 directory_permits_begindir_requests(const or_options_t
*options
)
1072 return options
->BridgeRelay
!= 0 || dir_server_mode(options
);
1075 /** Return 1 if we have no need to fetch new descriptors. This generally
1076 * happens when we're not a dir cache and we haven't built any circuits
1080 directory_too_idle_to_fetch_descriptors(const or_options_t
*options
,
1083 return !directory_caches_dir_info(options
) &&
1084 !options
->FetchUselessDescriptors
&&
1085 rep_hist_circbuilding_dormant(now
);
1088 /********************************************************************/
1090 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1091 * currently serving. */
1092 static strmap_t
*cached_consensuses
= NULL
;
1094 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1095 * any references. */
1097 cached_dir_decref(cached_dir_t
*d
)
1099 if (!d
|| --d
->refcnt
> 0)
1101 clear_cached_dir(d
);
1105 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1106 * published at <b>published</b>. */
1108 new_cached_dir(char *s
, time_t published
)
1110 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1113 d
->dir_len
= strlen(s
);
1114 d
->published
= published
;
1115 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1117 log_warn(LD_BUG
, "Error compressing directory");
1122 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1124 clear_cached_dir(cached_dir_t
*d
)
1128 memset(d
, 0, sizeof(cached_dir_t
));
1131 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1133 free_cached_dir_(void *_d
)
1139 d
= (cached_dir_t
*)_d
;
1140 cached_dir_decref(d
);
1143 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1144 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1145 * validation is performed. */
1147 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1148 const char *flavor_name
,
1149 const common_digests_t
*digests
,
1152 cached_dir_t
*new_networkstatus
;
1153 cached_dir_t
*old_networkstatus
;
1154 if (!cached_consensuses
)
1155 cached_consensuses
= strmap_new();
1157 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1158 memcpy(&new_networkstatus
->digests
, digests
, sizeof(common_digests_t
));
1159 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1161 if (old_networkstatus
)
1162 cached_dir_decref(old_networkstatus
);
1165 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1166 * optionally compressed format, suitable for sending to clients. */
1168 dirserv_get_consensus(const char *flavor_name
)
1170 if (!cached_consensuses
)
1172 return strmap_get(cached_consensuses
, flavor_name
);
1175 /** If a router's uptime is at least this value, then it is always
1176 * considered stable, regardless of the rest of the network. This
1177 * way we resist attacks where an attacker doubles the size of the
1178 * network using allegedly high-uptime nodes, displacing all the
1179 * current guards. */
1180 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1181 /** If a router's MTBF is at least this value, then it is always stable.
1182 * See above. (Corresponds to about 7 days for current decay rates.) */
1183 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1184 /** Similarly, every node with at least this much weighted time known can be
1185 * considered familiar enough to be a guard. Corresponds to about 20 days for
1186 * current decay rates.
1188 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1189 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1191 #define WFU_TO_GUARANTEE_GUARD (0.98)
1193 /* Thresholds for server performance: set by
1194 * dirserv_compute_performance_thresholds, and used by
1195 * generate_v2_networkstatus */
1197 /** Any router with an uptime of at least this value is stable. */
1198 static uint32_t stable_uptime
= 0; /* start at a safe value */
1199 /** Any router with an mtbf of at least this value is stable. */
1200 static double stable_mtbf
= 0.0;
1201 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1202 * than stable_uptime. */
1203 static int enough_mtbf_info
= 0;
1204 /** Any router with a weighted fractional uptime of at least this much might
1205 * be good as a guard. */
1206 static double guard_wfu
= 0.0;
1207 /** Don't call a router a guard unless we've known about it for at least this
1209 static long guard_tk
= 0;
1210 /** Any router with a bandwidth at least this high is "Fast" */
1211 static uint32_t fast_bandwidth_kb
= 0;
1212 /** If exits can be guards, then all guards must have a bandwidth this
1214 static uint32_t guard_bandwidth_including_exits_kb
= 0;
1215 /** If exits can't be guards, then all guards must have a bandwidth this
1217 static uint32_t guard_bandwidth_excluding_exits_kb
= 0;
1219 /** Helper: estimate the uptime of a router given its stated uptime and the
1220 * amount of time since it last stated its stated uptime. */
1222 real_uptime(const routerinfo_t
*router
, time_t now
)
1224 if (now
< router
->cache_info
.published_on
)
1225 return router
->uptime
;
1227 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1230 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1231 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1232 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1236 dirserv_thinks_router_is_unreliable(time_t now
,
1237 routerinfo_t
*router
,
1238 int need_uptime
, int need_capacity
)
1241 if (!enough_mtbf_info
) {
1242 /* XXXX We should change the rule from
1243 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1244 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1245 * hit a point where we need to reset a lot of authorities at once,
1246 * none of them would be in a position to declare Stable.
1248 long uptime
= real_uptime(router
, now
);
1249 if ((unsigned)uptime
< stable_uptime
&&
1250 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1254 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1255 if (mtbf
< stable_mtbf
&&
1256 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1260 if (need_capacity
) {
1261 uint32_t bw_kb
= dirserv_get_credible_bandwidth_kb(router
);
1262 if (bw_kb
< fast_bandwidth_kb
)
1268 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1270 * Right now this means it advertises support for it, it has a high uptime,
1271 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1272 * considered Running.
1274 * This function needs to be called after router-\>is_running has
1278 dirserv_thinks_router_is_hs_dir(const routerinfo_t
*router
,
1279 const node_t
*node
, time_t now
)
1284 /* If we haven't been running for at least
1285 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1286 * have accurate data telling us a relay has been up for at least
1287 * that long. We also want to allow a bit of slack: Reachability
1288 * tests aren't instant. If we haven't been running long enough,
1289 * trust the relay. */
1291 if (stats_n_seconds_working
>
1292 get_options()->MinUptimeHidServDirectoryV2
* 1.1)
1293 uptime
= MIN(rep_hist_get_uptime(router
->cache_info
.identity_digest
, now
),
1294 real_uptime(router
, now
));
1296 uptime
= real_uptime(router
, now
);
1298 return (router
->wants_to_be_hs_dir
&&
1299 router
->supports_tunnelled_dir_requests
&&
1300 node
->is_stable
&& node
->is_fast
&&
1301 uptime
>= get_options()->MinUptimeHidServDirectoryV2
&&
1302 router_is_active(router
, node
, now
));
1305 /** Don't consider routers with less bandwidth than this when computing
1307 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1309 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1310 * include a router in our calculations, and return true iff we should; the
1311 * require_mbw parameter is passed in by
1312 * dirserv_compute_performance_thresholds() and controls whether we ever
1313 * count routers with only advertised bandwidths */
1315 router_counts_toward_thresholds(const node_t
*node
, time_t now
,
1316 const digestmap_t
*omit_as_sybil
,
1319 /* Have measured bw? */
1321 dirserv_has_measured_bw(node
->identity
);
1322 uint64_t min_bw_kb
= ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB
;
1323 const or_options_t
*options
= get_options();
1325 if (options
->TestingTorNetwork
) {
1326 min_bw_kb
= (int64_t)options
->TestingMinExitFlagThreshold
/ 1000;
1329 return node
->ri
&& router_is_active(node
->ri
, node
, now
) &&
1330 !digestmap_get(omit_as_sybil
, node
->identity
) &&
1331 (dirserv_get_credible_bandwidth_kb(node
->ri
) >= min_bw_kb
) &&
1332 (have_mbw
|| !require_mbw
);
1335 /** Look through the routerlist, the Mean Time Between Failure history, and
1336 * the Weighted Fractional Uptime history, and use them to set thresholds for
1337 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1338 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1339 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1341 * Also, set the is_exit flag of each router appropriately. */
1343 dirserv_compute_performance_thresholds(digestmap_t
*omit_as_sybil
)
1345 int n_active
, n_active_nonexit
, n_familiar
;
1346 uint32_t *uptimes
, *bandwidths_kb
, *bandwidths_excluding_exits_kb
;
1348 double *mtbfs
, *wfus
;
1349 smartlist_t
*nodelist
;
1350 time_t now
= time(NULL
);
1351 const or_options_t
*options
= get_options();
1355 (routers_with_measured_bw
>
1356 options
->MinMeasuredBWsForAuthToIgnoreAdvertised
) ? 1 : 0;
1358 /* initialize these all here, in case there are no routers */
1361 fast_bandwidth_kb
= 0;
1362 guard_bandwidth_including_exits_kb
= 0;
1363 guard_bandwidth_excluding_exits_kb
= 0;
1367 nodelist_assert_ok();
1368 nodelist
= nodelist_get_list();
1370 /* Initialize arrays that will hold values for each router. We'll
1371 * sort them and use that to compute thresholds. */
1372 n_active
= n_active_nonexit
= 0;
1373 /* Uptime for every active router. */
1374 uptimes
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1375 /* Bandwidth for every active router. */
1376 bandwidths_kb
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1377 /* Bandwidth for every active non-exit router. */
1378 bandwidths_excluding_exits_kb
=
1379 tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1380 /* Weighted mean time between failure for each active router. */
1381 mtbfs
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1382 /* Time-known for each active router. */
1383 tks
= tor_calloc(smartlist_len(nodelist
), sizeof(long));
1384 /* Weighted fractional uptime for each active router. */
1385 wfus
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1387 /* Now, fill in the arrays. */
1388 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1389 if (options
->BridgeAuthoritativeDir
&&
1391 node
->ri
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
1393 if (router_counts_toward_thresholds(node
, now
, omit_as_sybil
,
1395 routerinfo_t
*ri
= node
->ri
;
1396 const char *id
= node
->identity
;
1398 /* resolve spurious clang shallow analysis null pointer errors */
1400 node
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1401 exit_policy_is_general_exit(ri
->exit_policy
));
1402 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1403 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1404 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1405 bandwidths_kb
[n_active
] = bw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
1406 if (!node
->is_exit
|| node
->is_bad_exit
) {
1407 bandwidths_excluding_exits_kb
[n_active_nonexit
] = bw_kb
;
1412 } SMARTLIST_FOREACH_END(node
);
1414 /* Now, compute thresholds. */
1416 /* The median uptime is stable. */
1417 stable_uptime
= median_uint32(uptimes
, n_active
);
1418 /* The median mtbf is stable, if we have enough mtbf info */
1419 stable_mtbf
= median_double(mtbfs
, n_active
);
1420 /* The 12.5th percentile bandwidth is fast. */
1421 fast_bandwidth_kb
= find_nth_uint32(bandwidths_kb
, n_active
, n_active
/8);
1422 /* (Now bandwidths is sorted.) */
1423 if (fast_bandwidth_kb
< RELAY_REQUIRED_MIN_BANDWIDTH
/(2 * 1000))
1424 fast_bandwidth_kb
= bandwidths_kb
[n_active
/4];
1425 guard_bandwidth_including_exits_kb
=
1426 third_quartile_uint32(bandwidths_kb
, n_active
);
1427 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1430 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1431 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1434 /* We can vote on a parameter for the minimum and maximum. */
1435 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1436 int32_t min_fast_kb
, max_fast_kb
, min_fast
, max_fast
;
1437 min_fast
= networkstatus_get_param(NULL
, "FastFlagMinThreshold",
1438 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1439 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1441 if (options
->TestingTorNetwork
) {
1442 min_fast
= (int32_t)options
->TestingMinFastFlagThreshold
;
1444 max_fast
= networkstatus_get_param(NULL
, "FastFlagMaxThreshold",
1445 INT32_MAX
, min_fast
, INT32_MAX
);
1446 min_fast_kb
= min_fast
/ 1000;
1447 max_fast_kb
= max_fast
/ 1000;
1449 if (fast_bandwidth_kb
< (uint32_t)min_fast_kb
)
1450 fast_bandwidth_kb
= min_fast_kb
;
1451 if (fast_bandwidth_kb
> (uint32_t)max_fast_kb
)
1452 fast_bandwidth_kb
= max_fast_kb
;
1454 /* Protect sufficiently fast nodes from being pushed out of the set
1456 if (options
->AuthDirFastGuarantee
&&
1457 fast_bandwidth_kb
> options
->AuthDirFastGuarantee
/1000)
1458 fast_bandwidth_kb
= (uint32_t)options
->AuthDirFastGuarantee
/1000;
1460 /* Now that we have a time-known that 7/8 routers are known longer than,
1461 * fill wfus with the wfu of every such "familiar" router. */
1464 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1465 if (router_counts_toward_thresholds(node
, now
,
1466 omit_as_sybil
, require_mbw
)) {
1467 routerinfo_t
*ri
= node
->ri
;
1468 const char *id
= ri
->cache_info
.identity_digest
;
1469 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1472 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1474 } SMARTLIST_FOREACH_END(node
);
1476 guard_wfu
= median_double(wfus
, n_familiar
);
1477 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1478 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1480 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1482 if (n_active_nonexit
) {
1483 guard_bandwidth_excluding_exits_kb
=
1484 find_nth_uint32(bandwidths_excluding_exits_kb
,
1485 n_active_nonexit
, n_active_nonexit
*3/4);
1488 log_info(LD_DIRSERV
,
1489 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1490 "For Fast: %lu kilobytes/sec. "
1491 "For Guard: WFU %.03f%%, time-known %lu sec, "
1492 "and bandwidth %lu or %lu kilobytes/sec. "
1493 "We%s have enough stability data.",
1494 (unsigned long)stable_uptime
,
1495 (unsigned long)stable_mtbf
,
1496 (unsigned long)fast_bandwidth_kb
,
1498 (unsigned long)guard_tk
,
1499 (unsigned long)guard_bandwidth_including_exits_kb
,
1500 (unsigned long)guard_bandwidth_excluding_exits_kb
,
1501 enough_mtbf_info
? "" : " don't");
1505 tor_free(bandwidths_kb
);
1506 tor_free(bandwidths_excluding_exits_kb
);
1511 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1512 * for the status flags, specifically for bridges.
1514 * This is only called by a Bridge Authority from
1515 * networkstatus_getinfo_by_purpose().
1518 dirserv_compute_bridge_flag_thresholds(void)
1520 digestmap_t
*omit_as_sybil
= digestmap_new();
1521 dirserv_compute_performance_thresholds(omit_as_sybil
);
1522 digestmap_free(omit_as_sybil
, NULL
);
1525 /** Measured bandwidth cache entry */
1526 typedef struct mbw_cache_entry_s
{
1529 } mbw_cache_entry_t
;
1531 /** Measured bandwidth cache - keys are identity_digests, values are
1532 * mbw_cache_entry_t *. */
1533 static digestmap_t
*mbw_cache
= NULL
;
1535 /** Store a measured bandwidth cache entry when reading the measured
1536 * bandwidths file. */
1538 dirserv_cache_measured_bw(const measured_bw_line_t
*parsed_line
,
1541 mbw_cache_entry_t
*e
= NULL
;
1543 tor_assert(parsed_line
);
1545 /* Allocate a cache if we need */
1546 if (!mbw_cache
) mbw_cache
= digestmap_new();
1548 /* Check if we have an existing entry */
1549 e
= digestmap_get(mbw_cache
, parsed_line
->node_id
);
1550 /* If we do, we can re-use it */
1552 /* Check that we really are newer, and update */
1553 if (as_of
> e
->as_of
) {
1554 e
->mbw_kb
= parsed_line
->bw_kb
;
1558 /* We'll have to insert a new entry */
1559 e
= tor_malloc(sizeof(*e
));
1560 e
->mbw_kb
= parsed_line
->bw_kb
;
1562 digestmap_set(mbw_cache
, parsed_line
->node_id
, e
);
1566 /** Clear and free the measured bandwidth cache */
1568 dirserv_clear_measured_bw_cache(void)
1571 /* Free the map and all entries */
1572 digestmap_free(mbw_cache
, tor_free_
);
1577 /** Scan the measured bandwidth cache and remove expired entries */
1579 dirserv_expire_measured_bw_cache(time_t now
)
1583 /* Iterate through the cache and check each entry */
1584 DIGESTMAP_FOREACH_MODIFY(mbw_cache
, k
, mbw_cache_entry_t
*, e
) {
1585 if (now
> e
->as_of
+ MAX_MEASUREMENT_AGE
) {
1589 } DIGESTMAP_FOREACH_END
;
1591 /* Check if we cleared the whole thing and free if so */
1592 if (digestmap_size(mbw_cache
) == 0) {
1593 digestmap_free(mbw_cache
, tor_free_
);
1599 /** Get the current size of the measured bandwidth cache */
1601 dirserv_get_measured_bw_cache_size(void)
1603 if (mbw_cache
) return digestmap_size(mbw_cache
);
1607 /** Query the cache by identity digest, return value indicates whether
1608 * we found it. The bw_out and as_of_out pointers receive the cached
1609 * bandwidth value and the time it was cached if not NULL. */
1611 dirserv_query_measured_bw_cache_kb(const char *node_id
, long *bw_kb_out
,
1614 mbw_cache_entry_t
*v
= NULL
;
1617 if (mbw_cache
&& node_id
) {
1618 v
= digestmap_get(mbw_cache
, node_id
);
1620 /* Found something */
1622 if (bw_kb_out
) *bw_kb_out
= v
->mbw_kb
;
1623 if (as_of_out
) *as_of_out
= v
->as_of
;
1630 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1632 dirserv_has_measured_bw(const char *node_id
)
1634 return dirserv_query_measured_bw_cache_kb(node_id
, NULL
, NULL
);
1637 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1638 * preferring measured to advertised values if available. */
1641 dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
)
1645 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1646 * signed) longs and the ones router_get_advertised_bandwidth() returns
1653 * * First try to see if we have a measured bandwidth; don't bother with
1654 * as_of_out here, on the theory that a stale measured bandwidth is still
1655 * better to trust than an advertised one.
1657 if (dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1660 bw_kb
= (uint32_t)mbw_kb
;
1662 /* If not, fall back to advertised */
1663 bw_kb
= router_get_advertised_bandwidth(ri
) / 1000;
1670 /** Look through the routerlist, and using the measured bandwidth cache count
1671 * how many measured bandwidths we know. This is used to decide whether we
1672 * ever trust advertised bandwidths for purposes of assigning flags. */
1674 dirserv_count_measured_bws(const smartlist_t
*routers
)
1676 /* Initialize this first */
1677 routers_with_measured_bw
= 0;
1679 /* Iterate over the routerlist and count measured bandwidths */
1680 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
1681 /* Check if we know a measured bandwidth for this one */
1682 if (dirserv_has_measured_bw(ri
->cache_info
.identity_digest
)) {
1683 ++routers_with_measured_bw
;
1685 } SMARTLIST_FOREACH_END(ri
);
1688 /** Return the bandwidth we believe for assigning flags; prefer measured
1689 * over advertised, and if we have above a threshold quantity of measured
1690 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1693 dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
)
1700 /* Check if we have a measured bandwidth, and check the threshold if not */
1701 if (!(dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1703 threshold
= get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1704 if (routers_with_measured_bw
> threshold
) {
1705 /* Return zero for unmeasured bandwidth if we are above threshold */
1708 /* Return an advertised bandwidth otherwise */
1709 bw_kb
= router_get_advertised_bandwidth_capped(ri
) / 1000;
1712 /* We have the measured bandwidth in mbw */
1713 bw_kb
= (uint32_t)mbw_kb
;
1719 /** Give a statement of our current performance thresholds for inclusion
1720 * in a vote document. */
1722 dirserv_get_flag_thresholds_line(void)
1725 const int measured_threshold
=
1726 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1727 const int enough_measured_bw
= routers_with_measured_bw
> measured_threshold
;
1729 tor_asprintf(&result
,
1730 "stable-uptime=%lu stable-mtbf=%lu "
1732 "guard-wfu=%.03f%% guard-tk=%lu "
1733 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1734 "enough-mtbf=%d ignoring-advertised-bws=%d",
1735 (unsigned long)stable_uptime
,
1736 (unsigned long)stable_mtbf
,
1737 (unsigned long)fast_bandwidth_kb
*1000,
1739 (unsigned long)guard_tk
,
1740 (unsigned long)guard_bandwidth_including_exits_kb
*1000,
1741 (unsigned long)guard_bandwidth_excluding_exits_kb
*1000,
1742 enough_mtbf_info
? 1 : 0,
1743 enough_measured_bw
? 1 : 0);
1748 /** Given a platform string as in a routerinfo_t (possibly null), return a
1749 * newly allocated version string for a networkstatus document, or NULL if the
1750 * platform doesn't give a Tor version. */
1752 version_from_platform(const char *platform
)
1754 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1755 const char *eos
= find_whitespace(platform
+4);
1756 if (eos
&& !strcmpstart(eos
, " (r")) {
1757 /* XXXX Unify this logic with the other version extraction
1758 * logic in routerparse.c. */
1759 eos
= find_whitespace(eos
+1);
1762 return tor_strndup(platform
, eos
-platform
);
1768 /** Helper: write the router-status information in <b>rs</b> into a newly
1769 * allocated character buffer. Use the same format as in network-status
1770 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1771 * Return 0 on success, -1 on failure.
1773 * The format argument has one of the following values:
1774 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1775 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1776 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1778 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1779 * it contains additional information for the vote.
1780 * NS_CONTROL_PORT - Output a NS document for the control port
1783 routerstatus_format_entry(const routerstatus_t
*rs
, const char *version
,
1784 routerstatus_format_type_t format
,
1785 const vote_routerstatus_t
*vrs
)
1788 char *result
= NULL
;
1790 char published
[ISO_TIME_LEN
+1];
1791 char identity64
[BASE64_DIGEST_LEN
+1];
1792 char digest64
[BASE64_DIGEST_LEN
+1];
1793 smartlist_t
*chunks
= smartlist_new();
1795 format_iso_time(published
, rs
->published_on
);
1796 digest_to_base64(identity64
, rs
->identity_digest
);
1797 digest_to_base64(digest64
, rs
->descriptor_digest
);
1799 smartlist_add_asprintf(chunks
,
1800 "r %s %s %s%s%s %s %d %d\n",
1803 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
1804 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
1806 fmt_addr32(rs
->addr
),
1810 /* TODO: Maybe we want to pass in what we need to build the rest of
1811 * this here, instead of in the caller. Then we could use the
1812 * networkstatus_type_t values, with an additional control port value
1815 /* V3 microdesc consensuses don't have "a" lines. */
1816 if (format
== NS_V3_CONSENSUS_MICRODESC
)
1819 /* Possible "a" line. At most one for now. */
1820 if (!tor_addr_is_null(&rs
->ipv6_addr
)) {
1821 smartlist_add_asprintf(chunks
, "a %s\n",
1822 fmt_addrport(&rs
->ipv6_addr
, rs
->ipv6_orport
));
1825 if (format
== NS_V3_CONSENSUS
)
1828 smartlist_add_asprintf(chunks
,
1829 "s%s%s%s%s%s%s%s%s%s%s\n",
1830 /* These must stay in alphabetical order. */
1831 rs
->is_authority
?" Authority":"",
1832 rs
->is_bad_exit
?" BadExit":"",
1833 rs
->is_exit
?" Exit":"",
1834 rs
->is_fast
?" Fast":"",
1835 rs
->is_possible_guard
?" Guard":"",
1836 rs
->is_hs_dir
?" HSDir":"",
1837 rs
->is_flagged_running
?" Running":"",
1838 rs
->is_stable
?" Stable":"",
1839 rs
->is_v2_dir
?" V2Dir":"",
1840 rs
->is_valid
?" Valid":"");
1842 /* length of "opt v \n" */
1843 #define V_LINE_OVERHEAD 7
1844 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
1845 smartlist_add_asprintf(chunks
, "v %s\n", version
);
1848 if (format
!= NS_V2
) {
1849 const routerinfo_t
* desc
= router_get_by_id_digest(rs
->identity_digest
);
1852 if (format
!= NS_CONTROL_PORT
) {
1853 /* Blow up more or less nicely if we didn't get anything or not the
1854 * thing we expected.
1857 char id
[HEX_DIGEST_LEN
+1];
1858 char dd
[HEX_DIGEST_LEN
+1];
1860 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1861 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
1862 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
1863 "(wanted descriptor %s).",
1868 /* This assert could fire for the control port, because
1869 * it can request NS documents before all descriptors
1870 * have been fetched. Therefore, we only do this test when
1871 * format != NS_CONTROL_PORT. */
1872 if (tor_memneq(desc
->cache_info
.signed_descriptor_digest
,
1873 rs
->descriptor_digest
,
1875 char rl_d
[HEX_DIGEST_LEN
+1];
1876 char rs_d
[HEX_DIGEST_LEN
+1];
1877 char id
[HEX_DIGEST_LEN
+1];
1879 base16_encode(rl_d
, sizeof(rl_d
),
1880 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
1881 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
1882 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1883 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
1884 "the one in routerstatus: %s vs %s "
1888 tor_assert(tor_memeq(desc
->cache_info
.signed_descriptor_digest
,
1889 rs
->descriptor_digest
,
1894 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
1895 bw_kb
= rs
->bandwidth_kb
;
1898 bw_kb
= router_get_advertised_bandwidth_capped(desc
) / 1000;
1900 smartlist_add_asprintf(chunks
,
1901 "w Bandwidth=%d", bw_kb
);
1903 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->has_measured_bw
) {
1904 smartlist_add_asprintf(chunks
,
1905 " Measured=%d", vrs
->measured_bw_kb
);
1907 /* Write down guardfraction information if we have it. */
1908 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->status
.has_guardfraction
) {
1909 smartlist_add_asprintf(chunks
,
1910 " GuardFraction=%d",
1911 vrs
->status
.guardfraction_percentage
);
1914 smartlist_add(chunks
, tor_strdup("\n"));
1917 summary
= policy_summarize(desc
->exit_policy
, AF_INET
);
1918 smartlist_add_asprintf(chunks
, "p %s\n", summary
);
1922 if (format
== NS_V3_VOTE
&& vrs
) {
1923 if (tor_mem_is_zero((char*)vrs
->ed25519_id
, ED25519_PUBKEY_LEN
)) {
1924 smartlist_add(chunks
, tor_strdup("id ed25519 none\n"));
1926 char ed_b64
[BASE64_DIGEST256_LEN
+1];
1927 digest256_to_base64(ed_b64
, (const char*)vrs
->ed25519_id
);
1928 smartlist_add_asprintf(chunks
, "id ed25519 %s\n", ed_b64
);
1934 result
= smartlist_join_strings(chunks
, "", 0, NULL
);
1937 SMARTLIST_FOREACH(chunks
, char *, cp
, tor_free(cp
));
1938 smartlist_free(chunks
);
1943 /** Helper for sorting: compares two routerinfos first by address, and then by
1944 * descending order of "usefulness". (An authority is more useful than a
1945 * non-authority; a running router is more useful than a non-running router;
1946 * and a router with more bandwidth is more useful than one with less.)
1949 compare_routerinfo_by_ip_and_bw_(const void **a
, const void **b
)
1951 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
1952 int first_is_auth
, second_is_auth
;
1953 uint32_t bw_kb_first
, bw_kb_second
;
1954 const node_t
*node_first
, *node_second
;
1955 int first_is_running
, second_is_running
;
1957 /* we return -1 if first should appear before second... that is,
1958 * if first is a better router. */
1959 if (first
->addr
< second
->addr
)
1961 else if (first
->addr
> second
->addr
)
1964 /* Potentially, this next bit could cause k n lg n memeq calls. But in
1965 * reality, we will almost never get here, since addresses will usually be
1969 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
1971 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
1973 if (first_is_auth
&& !second_is_auth
)
1975 else if (!first_is_auth
&& second_is_auth
)
1978 node_first
= node_get_by_id(first
->cache_info
.identity_digest
);
1979 node_second
= node_get_by_id(second
->cache_info
.identity_digest
);
1980 first_is_running
= node_first
&& node_first
->is_running
;
1981 second_is_running
= node_second
&& node_second
->is_running
;
1983 if (first_is_running
&& !second_is_running
)
1985 else if (!first_is_running
&& second_is_running
)
1988 bw_kb_first
= dirserv_get_bandwidth_for_router_kb(first
);
1989 bw_kb_second
= dirserv_get_bandwidth_for_router_kb(second
);
1991 if (bw_kb_first
> bw_kb_second
)
1993 else if (bw_kb_first
< bw_kb_second
)
1996 /* They're equal! Compare by identity digest, so there's a
1997 * deterministic order and we avoid flapping. */
1998 return fast_memcmp(first
->cache_info
.identity_digest
,
1999 second
->cache_info
.identity_digest
,
2003 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2004 * whose keys are the identity digests of those routers that we're going to
2005 * exclude for Sybil-like appearance. */
2006 static digestmap_t
*
2007 get_possible_sybil_list(const smartlist_t
*routers
)
2009 const or_options_t
*options
= get_options();
2010 digestmap_t
*omit_as_sybil
;
2011 smartlist_t
*routers_by_ip
= smartlist_new();
2014 /* Allow at most this number of Tor servers on a single IP address, ... */
2015 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2016 /* ... unless it's a directory authority, in which case allow more. */
2017 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2018 if (max_with_same_addr
<= 0)
2019 max_with_same_addr
= INT_MAX
;
2020 if (max_with_same_addr_on_authority
<= 0)
2021 max_with_same_addr_on_authority
= INT_MAX
;
2023 smartlist_add_all(routers_by_ip
, routers
);
2024 smartlist_sort(routers_by_ip
, compare_routerinfo_by_ip_and_bw_
);
2025 omit_as_sybil
= digestmap_new();
2029 SMARTLIST_FOREACH_BEGIN(routers_by_ip
, routerinfo_t
*, ri
) {
2030 if (last_addr
!= ri
->addr
) {
2031 last_addr
= ri
->addr
;
2033 } else if (++addr_count
> max_with_same_addr
) {
2034 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2035 addr_count
> max_with_same_addr_on_authority
)
2036 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2038 } SMARTLIST_FOREACH_END(ri
);
2040 smartlist_free(routers_by_ip
);
2041 return omit_as_sybil
;
2044 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2045 * remove the older one. If they are exactly the same age, remove the one
2046 * with the greater descriptor digest. May alter the order of the list. */
2048 routers_make_ed_keys_unique(smartlist_t
*routers
)
2051 digest256map_t
*by_ed_key
= digest256map_new();
2053 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2054 ri
->omit_from_vote
= 0;
2055 if (ri
->cache_info
.signing_key_cert
== NULL
)
2056 continue; /* No ed key */
2057 const uint8_t *pk
= ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
;
2058 if ((ri2
= digest256map_get(by_ed_key
, pk
))) {
2059 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2060 * one has the earlier published_on. */
2061 const time_t ri_pub
= ri
->cache_info
.published_on
;
2062 const time_t ri2_pub
= ri2
->cache_info
.published_on
;
2063 if (ri2_pub
< ri_pub
||
2064 (ri2_pub
== ri_pub
&&
2065 memcmp(ri
->cache_info
.signed_descriptor_digest
,
2066 ri2
->cache_info
.signed_descriptor_digest
,DIGEST_LEN
)<0)) {
2067 digest256map_set(by_ed_key
, pk
, ri
);
2068 ri2
->omit_from_vote
= 1;
2070 ri
->omit_from_vote
= 1;
2074 digest256map_set(by_ed_key
, pk
, ri
);
2076 } SMARTLIST_FOREACH_END(ri
);
2078 digest256map_free(by_ed_key
, NULL
);
2080 /* Now remove every router where the omit_from_vote flag got set. */
2081 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
2082 if (ri
->omit_from_vote
) {
2083 SMARTLIST_DEL_CURRENT(routers
, ri
);
2085 } SMARTLIST_FOREACH_END(ri
);
2088 /** Extract status information from <b>ri</b> and from other authority
2089 * functions and store it in <b>rs</b>>.
2091 * We assume that ri-\>is_running has already been set, e.g. by
2092 * dirserv_set_router_is_running(ri, now);
2095 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2101 const or_options_t
*options
= get_options();
2102 uint32_t routerbw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
2104 memset(rs
, 0, sizeof(routerstatus_t
));
2107 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2109 /* Already set by compute_performance_thresholds. */
2110 rs
->is_exit
= node
->is_exit
;
2111 rs
->is_stable
= node
->is_stable
=
2112 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0);
2113 rs
->is_fast
= node
->is_fast
=
2114 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2115 rs
->is_flagged_running
= node
->is_running
; /* computed above */
2117 rs
->is_valid
= node
->is_valid
;
2119 if (node
->is_fast
&& node
->is_stable
&&
2120 ((options
->AuthDirGuardBWGuarantee
&&
2121 routerbw_kb
>= options
->AuthDirGuardBWGuarantee
/1000) ||
2122 routerbw_kb
>= MIN(guard_bandwidth_including_exits_kb
,
2123 guard_bandwidth_excluding_exits_kb
))) {
2124 long tk
= rep_hist_get_weighted_time_known(
2125 node
->identity
, now
);
2126 double wfu
= rep_hist_get_weighted_fractional_uptime(
2127 node
->identity
, now
);
2128 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2130 rs
->is_possible_guard
= 0;
2133 rs
->is_bad_exit
= listbadexits
&& node
->is_bad_exit
;
2134 rs
->is_hs_dir
= node
->is_hs_dir
=
2135 dirserv_thinks_router_is_hs_dir(ri
, node
, now
);
2137 rs
->is_named
= rs
->is_unnamed
= 0;
2139 rs
->published_on
= ri
->cache_info
.published_on
;
2140 memcpy(rs
->identity_digest
, node
->identity
, DIGEST_LEN
);
2141 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2143 rs
->addr
= ri
->addr
;
2144 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2145 rs
->or_port
= ri
->or_port
;
2146 rs
->dir_port
= ri
->dir_port
;
2147 rs
->is_v2_dir
= ri
->supports_tunnelled_dir_requests
;
2148 if (options
->AuthDirHasIPv6Connectivity
== 1 &&
2149 !tor_addr_is_null(&ri
->ipv6_addr
) &&
2150 node
->last_reachable6
>= now
- REACHABLE_TIMEOUT
) {
2151 /* We're configured as having IPv6 connectivity. There's an IPv6
2152 OR port and it's reachable so copy it to the routerstatus. */
2153 tor_addr_copy(&rs
->ipv6_addr
, &ri
->ipv6_addr
);
2154 rs
->ipv6_orport
= ri
->ipv6_orport
;
2157 if (options
->TestingTorNetwork
) {
2158 dirserv_set_routerstatus_testing(rs
);
2162 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2163 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2164 * respectively. But don't set the corresponding node flags.
2165 * Should only be called if TestingTorNetwork is set. */
2167 dirserv_set_routerstatus_testing(routerstatus_t
*rs
)
2169 const or_options_t
*options
= get_options();
2171 tor_assert(options
->TestingTorNetwork
);
2173 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteExit
,
2176 } else if (options
->TestingDirAuthVoteExitIsStrict
) {
2180 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteGuard
,
2182 rs
->is_possible_guard
= 1;
2183 } else if (options
->TestingDirAuthVoteGuardIsStrict
) {
2184 rs
->is_possible_guard
= 0;
2187 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteHSDir
,
2190 } else if (options
->TestingDirAuthVoteHSDirIsStrict
) {
2195 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2196 * too narrow an IP-space. Clear out its flags: we don't want people
2200 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2202 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2203 rs
->is_flagged_running
= rs
->is_named
= rs
->is_valid
=
2204 rs
->is_hs_dir
= rs
->is_possible_guard
= rs
->is_bad_exit
= 0;
2205 /* FFFF we might want some mechanism to check later on if we
2206 * missed zeroing any flags: it's easy to add a new flag but
2207 * forget to add it to this clause. */
2210 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2211 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2212 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2213 * information to it.
2215 * Return 1 if we applied the information and 0 if we couldn't find a
2218 * Requires that <b>vote_routerstatuses</b> be sorted.
2221 guardfraction_line_apply(const char *guard_id
,
2222 uint32_t guardfraction_percentage
,
2223 smartlist_t
*vote_routerstatuses
)
2225 vote_routerstatus_t
*vrs
= NULL
;
2227 tor_assert(vote_routerstatuses
);
2229 vrs
= smartlist_bsearch(vote_routerstatuses
, guard_id
,
2230 compare_digest_to_vote_routerstatus_entry
);
2236 vrs
->status
.has_guardfraction
= 1;
2237 vrs
->status
.guardfraction_percentage
= guardfraction_percentage
;
2242 /* Given a guard line from a guardfraction file, parse it and register
2243 * its information to <b>vote_routerstatuses</b>.
2246 * * 1 if the line was proper and its information got registered.
2247 * * 0 if the line was proper but no currently active guard was found
2248 * to register the guardfraction information to.
2249 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2250 newly allocated string containing the error message.
2253 guardfraction_file_parse_guard_line(const char *guard_line
,
2254 smartlist_t
*vote_routerstatuses
,
2257 char guard_id
[DIGEST_LEN
];
2258 uint32_t guardfraction
;
2259 char *inputs_tmp
= NULL
;
2262 smartlist_t
*sl
= smartlist_new();
2265 tor_assert(err_msg
);
2267 /* guard_line should contain something like this:
2268 <hex digest> <guardfraction> <appearances> */
2269 smartlist_split_string(sl
, guard_line
, " ",
2270 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2271 if (smartlist_len(sl
) < 3) {
2272 tor_asprintf(err_msg
, "bad line '%s'", guard_line
);
2276 inputs_tmp
= smartlist_get(sl
, 0);
2277 if (strlen(inputs_tmp
) != HEX_DIGEST_LEN
||
2278 base16_decode(guard_id
, DIGEST_LEN
,
2279 inputs_tmp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2280 tor_asprintf(err_msg
, "bad digest '%s'", inputs_tmp
);
2284 inputs_tmp
= smartlist_get(sl
, 1);
2285 /* Guardfraction is an integer in [0, 100]. */
2287 (uint32_t) tor_parse_long(inputs_tmp
, 10, 0, 100, &num_ok
, NULL
);
2289 tor_asprintf(err_msg
, "wrong percentage '%s'", inputs_tmp
);
2293 /* If routerstatuses were provided, apply this info to actual routers. */
2294 if (vote_routerstatuses
) {
2295 retval
= guardfraction_line_apply(guard_id
, guardfraction
,
2296 vote_routerstatuses
);
2298 retval
= 0; /* If we got this far, line was correctly formatted. */
2303 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2309 /** Given an inputs line from a guardfraction file, parse it and
2310 * register its information to <b>total_consensuses</b> and
2311 * <b>total_days</b>.
2313 * Return 0 if it parsed well. Return -1 if there was an error, and
2314 * set <b>err_msg</b> to a newly allocated string containing the
2318 guardfraction_file_parse_inputs_line(const char *inputs_line
,
2319 int *total_consensuses
,
2324 char *inputs_tmp
= NULL
;
2326 smartlist_t
*sl
= smartlist_new();
2328 tor_assert(err_msg
);
2330 /* Second line is inputs information:
2331 * n-inputs <total_consensuses> <total_days>. */
2332 smartlist_split_string(sl
, inputs_line
, " ",
2333 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2334 if (smartlist_len(sl
) < 2) {
2335 tor_asprintf(err_msg
, "incomplete line '%s'", inputs_line
);
2339 inputs_tmp
= smartlist_get(sl
, 0);
2340 *total_consensuses
=
2341 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2343 tor_asprintf(err_msg
, "unparseable consensus '%s'", inputs_tmp
);
2347 inputs_tmp
= smartlist_get(sl
, 1);
2349 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2351 tor_asprintf(err_msg
, "unparseable days '%s'", inputs_tmp
);
2358 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2364 /* Maximum age of a guardfraction file that we are willing to accept. */
2365 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2367 /** Static strings of guardfraction files. */
2368 #define GUARDFRACTION_DATE_STR "written-at"
2369 #define GUARDFRACTION_INPUTS "n-inputs"
2370 #define GUARDFRACTION_GUARD "guard-seen"
2371 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2373 /** Given a guardfraction file in a string, parse it and register the
2374 * guardfraction information to the provided vote routerstatuses.
2376 * This is the rough format of the guardfraction file:
2378 * guardfraction-file-version 1
2379 * written-at <date and time>
2380 * n-inputs <number of consesuses parsed> <number of days considered>
2382 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2383 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2384 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2385 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2386 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2389 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2390 * should tolerate errors in all lines but the written-at header.
2393 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str
,
2394 smartlist_t
*vote_routerstatuses
)
2396 config_line_t
*front
=NULL
, *line
;
2399 int current_line_n
= 0; /* line counter for better log messages */
2401 /* Guardfraction info to be parsed */
2402 int total_consensuses
= 0;
2406 int guards_read_n
= 0;
2407 int guards_applied_n
= 0;
2409 /* Parse file and split it in lines */
2410 ret_tmp
= config_get_lines(guardfraction_file_str
, &front
, 0);
2412 log_warn(LD_CONFIG
, "Error reading from guardfraction file");
2416 /* Sort routerstatuses (needed later when applying guardfraction info) */
2417 if (vote_routerstatuses
)
2418 smartlist_sort(vote_routerstatuses
, compare_vote_routerstatus_entries
);
2420 for (line
= front
; line
; line
=line
->next
) {
2423 if (!strcmp(line
->key
, GUARDFRACTION_VERSION
)) {
2425 unsigned int version
;
2428 (unsigned int) tor_parse_long(line
->value
,
2429 10, 0, INT_MAX
, &num_ok
, NULL
);
2431 if (!num_ok
|| version
!= 1) {
2432 log_warn(LD_GENERAL
, "Got unknown guardfraction version %d.", version
);
2435 } else if (!strcmp(line
->key
, GUARDFRACTION_DATE_STR
)) {
2436 time_t file_written_at
;
2437 time_t now
= time(NULL
);
2439 /* First line is 'written-at <date>' */
2440 if (parse_iso_time(line
->value
, &file_written_at
) < 0) {
2441 log_warn(LD_CONFIG
, "Guardfraction:%d: Bad date '%s'. Ignoring",
2442 current_line_n
, line
->value
);
2443 goto done
; /* don't tolerate failure here. */
2445 if (file_written_at
< now
- MAX_GUARDFRACTION_FILE_AGE
) {
2446 log_warn(LD_CONFIG
, "Guardfraction:%d: was written very long ago '%s'",
2447 current_line_n
, line
->value
);
2448 goto done
; /* don't tolerate failure here. */
2450 } else if (!strcmp(line
->key
, GUARDFRACTION_INPUTS
)) {
2451 char *err_msg
= NULL
;
2453 if (guardfraction_file_parse_inputs_line(line
->value
,
2457 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2458 current_line_n
, err_msg
);
2463 } else if (!strcmp(line
->key
, GUARDFRACTION_GUARD
)) {
2464 char *err_msg
= NULL
;
2466 ret_tmp
= guardfraction_file_parse_guard_line(line
->value
,
2467 vote_routerstatuses
,
2469 if (ret_tmp
< 0) { /* failed while parsing the guard line */
2470 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2471 current_line_n
, err_msg
);
2476 /* Successfully parsed guard line. Check if it was applied properly. */
2482 log_warn(LD_CONFIG
, "Unknown guardfraction line %d (%s %s)",
2483 current_line_n
, line
->key
, line
->value
);
2490 "Successfully parsed guardfraction file with %d consensuses over "
2491 "%d days. Parsed %d nodes and applied %d of them%s.",
2492 total_consensuses
, total_days
, guards_read_n
, guards_applied_n
,
2493 vote_routerstatuses
? "" : " (no routerstatus provided)" );
2496 config_free_lines(front
);
2501 return guards_read_n
;
2505 /** Read a guardfraction file at <b>fname</b> and load all its
2506 * information to <b>vote_routerstatuses</b>. */
2508 dirserv_read_guardfraction_file(const char *fname
,
2509 smartlist_t
*vote_routerstatuses
)
2511 char *guardfraction_file_str
;
2513 /* Read file to a string */
2514 guardfraction_file_str
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
2515 if (!guardfraction_file_str
) {
2516 log_warn(LD_FS
, "Cannot open guardfraction file '%s'. Failing.", fname
);
2520 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str
,
2521 vote_routerstatuses
);
2525 * Helper function to parse out a line in the measured bandwidth file
2526 * into a measured_bw_line_t output structure. Returns -1 on failure
2530 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2532 char *line
= tor_strdup(orig_line
);
2535 int got_node_id
= 0;
2536 char *strtok_state
; /* lame sauce d'jour */
2537 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2540 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2541 escaped(orig_line
));
2546 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2547 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2548 escaped(orig_line
));
2554 if (strcmpstart(cp
, "bw=") == 0) {
2558 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2559 escaped(orig_line
));
2565 out
->bw_kb
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2566 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2567 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2568 escaped(orig_line
));
2573 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2575 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2576 escaped(orig_line
));
2580 cp
+=strlen("node_id=$");
2582 if (strlen(cp
) != HEX_DIGEST_LEN
||
2583 base16_decode(out
->node_id
, DIGEST_LEN
,
2584 cp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2585 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2586 escaped(orig_line
));
2590 strlcpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2593 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2595 if (got_bw
&& got_node_id
) {
2599 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2600 escaped(orig_line
));
2607 * Helper function to apply a parsed measurement line to a list
2608 * of bandwidth statuses. Returns true if a line is found,
2612 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2613 smartlist_t
*routerstatuses
)
2615 vote_routerstatus_t
*rs
= NULL
;
2616 if (!routerstatuses
)
2619 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2620 compare_digest_to_vote_routerstatus_entry
);
2623 rs
->has_measured_bw
= 1;
2624 rs
->measured_bw_kb
= (uint32_t)parsed_line
->bw_kb
;
2626 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2627 parsed_line
->node_hex
);
2634 * Read the measured bandwidth file and apply it to the list of
2635 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2638 dirserv_read_measured_bandwidths(const char *from_file
,
2639 smartlist_t
*routerstatuses
)
2642 FILE *fp
= tor_fopen_cloexec(from_file
, "r");
2643 int applied_lines
= 0;
2644 time_t file_time
, now
;
2648 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2653 if (!fgets(line
, sizeof(line
), fp
)
2654 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2655 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2661 line
[strlen(line
)-1] = '\0';
2662 file_time
= (time_t)tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2664 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2671 if ((now
- file_time
) > MAX_MEASUREMENT_AGE
) {
2672 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2673 (unsigned)(time(NULL
) - file_time
));
2679 smartlist_sort(routerstatuses
, compare_vote_routerstatus_entries
);
2682 measured_bw_line_t parsed_line
;
2683 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2684 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2685 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2686 dirserv_cache_measured_bw(&parsed_line
, file_time
);
2687 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2693 /* Now would be a nice time to clean the cache, too */
2694 dirserv_expire_measured_bw_cache(now
);
2697 log_info(LD_DIRSERV
,
2698 "Bandwidth measurement file successfully read. "
2699 "Applied %d measurements.", applied_lines
);
2703 /** Return a new networkstatus_t* containing our current opinion. (For v3
2706 dirserv_generate_networkstatus_vote_obj(crypto_pk_t
*private_key
,
2707 authority_cert_t
*cert
)
2709 const or_options_t
*options
= get_options();
2710 networkstatus_t
*v3_out
= NULL
;
2712 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2713 const char *contact
;
2714 smartlist_t
*routers
, *routerstatuses
;
2715 char identity_digest
[DIGEST_LEN
];
2716 char signing_key_digest
[DIGEST_LEN
];
2717 int listbadexits
= options
->AuthDirListBadExits
;
2718 routerlist_t
*rl
= router_get_routerlist();
2719 time_t now
= time(NULL
);
2720 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2721 networkstatus_voter_info_t
*voter
= NULL
;
2722 vote_timing_t timing
;
2723 digestmap_t
*omit_as_sybil
= NULL
;
2724 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2725 smartlist_t
*microdescriptors
= NULL
;
2727 tor_assert(private_key
);
2730 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2731 log_err(LD_BUG
, "Error computing signing key digest");
2734 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2735 log_err(LD_BUG
, "Error computing identity key digest");
2738 if (resolve_my_address(LOG_WARN
, options
, &addr
, NULL
, &hostname
)<0) {
2739 log_warn(LD_NET
, "Couldn't resolve my hostname");
2742 if (!hostname
|| !strchr(hostname
, '.')) {
2744 hostname
= tor_dup_ip(addr
);
2747 if (options
->VersioningAuthoritativeDir
) {
2748 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2749 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2752 contact
= get_options()->ContactInfo
;
2757 * Do this so dirserv_compute_performance_thresholds() and
2758 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2760 if (options
->V3BandwidthsFile
) {
2761 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
, NULL
);
2764 * No bandwidths file; clear the measured bandwidth cache in case we had
2765 * one last time around.
2767 if (dirserv_get_measured_bw_cache_size() > 0) {
2768 dirserv_clear_measured_bw_cache();
2772 /* precompute this part, since we need it to decide what "stable"
2774 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2775 dirserv_set_router_is_running(ri
, now
);
2778 routers
= smartlist_new();
2779 smartlist_add_all(routers
, rl
->routers
);
2780 routers_make_ed_keys_unique(routers
);
2781 /* After this point, don't use rl->routers; use 'routers' instead. */
2782 routers_sort_by_identity(routers
);
2783 omit_as_sybil
= get_possible_sybil_list(routers
);
2785 DIGESTMAP_FOREACH(omit_as_sybil
, sybil_id
, void *, ignore
) {
2787 rep_hist_make_router_pessimal(sybil_id
, now
);
2788 } DIGESTMAP_FOREACH_END
;
2790 /* Count how many have measured bandwidths so we know how to assign flags;
2791 * this must come before dirserv_compute_performance_thresholds() */
2792 dirserv_count_measured_bws(routers
);
2794 dirserv_compute_performance_thresholds(omit_as_sybil
);
2796 routerstatuses
= smartlist_new();
2797 microdescriptors
= smartlist_new();
2799 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2800 if (ri
->cache_info
.published_on
>= cutoff
) {
2802 vote_routerstatus_t
*vrs
;
2803 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2807 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2809 set_routerstatus_from_routerinfo(rs
, node
, ri
, now
,
2812 if (ri
->cache_info
.signing_key_cert
) {
2813 memcpy(vrs
->ed25519_id
,
2814 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
2815 ED25519_PUBKEY_LEN
);
2818 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2819 clear_status_flags_on_sybil(rs
);
2821 if (!vote_on_reachability
)
2822 rs
->is_flagged_running
= 0;
2824 vrs
->version
= version_from_platform(ri
->platform
);
2825 vrs
->microdesc
= dirvote_format_all_microdesc_vote_lines(ri
, now
,
2828 smartlist_add(routerstatuses
, vrs
);
2830 } SMARTLIST_FOREACH_END(ri
);
2833 smartlist_t
*added
=
2834 microdescs_add_list_to_cache(get_microdesc_cache(),
2835 microdescriptors
, SAVED_NOWHERE
, 0);
2836 smartlist_free(added
);
2837 smartlist_free(microdescriptors
);
2840 smartlist_free(routers
);
2841 digestmap_free(omit_as_sybil
, NULL
);
2843 /* Apply guardfraction information to routerstatuses. */
2844 if (options
->GuardfractionFile
) {
2845 dirserv_read_guardfraction_file(options
->GuardfractionFile
,
2849 /* This pass through applies the measured bw lines to the routerstatuses */
2850 if (options
->V3BandwidthsFile
) {
2851 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2855 * No bandwidths file; clear the measured bandwidth cache in case we had
2856 * one last time around.
2858 if (dirserv_get_measured_bw_cache_size() > 0) {
2859 dirserv_clear_measured_bw_cache();
2863 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2865 v3_out
->type
= NS_TYPE_VOTE
;
2866 dirvote_get_preferred_voting_intervals(&timing
);
2867 v3_out
->published
= now
;
2869 char tbuf
[ISO_TIME_LEN
+1];
2870 networkstatus_t
*current_consensus
=
2871 networkstatus_get_live_consensus(now
);
2872 long last_consensus_interval
; /* only used to pick a valid_after */
2873 if (current_consensus
)
2874 last_consensus_interval
= current_consensus
->fresh_until
-
2875 current_consensus
->valid_after
;
2877 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2878 v3_out
->valid_after
=
2879 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
,
2880 options
->TestingV3AuthVotingStartOffset
);
2881 format_iso_time(tbuf
, v3_out
->valid_after
);
2882 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2883 "consensus_set=%d, last_interval=%d",
2884 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2886 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2887 v3_out
->valid_until
= v3_out
->valid_after
+
2888 (timing
.vote_interval
* timing
.n_intervals_valid
);
2889 v3_out
->vote_seconds
= timing
.vote_delay
;
2890 v3_out
->dist_seconds
= timing
.dist_delay
;
2891 tor_assert(v3_out
->vote_seconds
> 0);
2892 tor_assert(v3_out
->dist_seconds
> 0);
2893 tor_assert(timing
.n_intervals_valid
> 0);
2895 v3_out
->client_versions
= client_versions
;
2896 v3_out
->server_versions
= server_versions
;
2897 v3_out
->package_lines
= smartlist_new();
2900 for (cl
= get_options()->RecommendedPackages
; cl
; cl
= cl
->next
) {
2901 if (validate_recommended_package_line(cl
->value
))
2902 smartlist_add(v3_out
->package_lines
, tor_strdup(cl
->value
));
2906 v3_out
->known_flags
= smartlist_new();
2907 smartlist_split_string(v3_out
->known_flags
,
2908 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
2909 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2910 if (vote_on_reachability
)
2911 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2913 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2914 smartlist_sort_strings(v3_out
->known_flags
);
2916 if (options
->ConsensusParams
) {
2917 v3_out
->net_params
= smartlist_new();
2918 smartlist_split_string(v3_out
->net_params
,
2919 options
->ConsensusParams
, NULL
, 0, 0);
2920 smartlist_sort_strings(v3_out
->net_params
);
2923 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2924 voter
->nickname
= tor_strdup(options
->Nickname
);
2925 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
2926 voter
->sigs
= smartlist_new();
2927 voter
->address
= hostname
;
2929 voter
->dir_port
= router_get_advertised_dir_port(options
, 0);
2930 voter
->or_port
= router_get_advertised_or_port(options
);
2931 voter
->contact
= tor_strdup(contact
);
2932 if (options
->V3AuthUseLegacyKey
) {
2933 authority_cert_t
*c
= get_my_v3_legacy_cert();
2935 if (crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
)) {
2936 log_warn(LD_BUG
, "Unable to compute digest of legacy v3 identity key");
2937 memset(voter
->legacy_id_digest
, 0, DIGEST_LEN
);
2942 v3_out
->voters
= smartlist_new();
2943 smartlist_add(v3_out
->voters
, voter
);
2944 v3_out
->cert
= authority_cert_dup(cert
);
2945 v3_out
->routerstatus_list
= routerstatuses
;
2946 /* Note: networkstatus_digest is unset; it won't get set until we actually
2947 * format the vote. */
2952 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2953 * pointers, adds copies of digests to fps_out, and doesn't use the
2954 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2955 * requests, adds identity digests.
2958 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
2959 const char **msg
, int for_unencrypted_conn
,
2965 if (!strcmp(key
, "all")) {
2966 routerlist_t
*rl
= router_get_routerlist();
2967 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
2968 smartlist_add(fps_out
,
2969 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
2970 /* Treat "all" requests as if they were unencrypted */
2971 for_unencrypted_conn
= 1;
2972 } else if (!strcmp(key
, "authority")) {
2973 const routerinfo_t
*ri
= router_get_my_routerinfo();
2975 smartlist_add(fps_out
,
2976 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
2977 } else if (!strcmpstart(key
, "d/")) {
2979 key
+= strlen("d/");
2980 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
2981 DSR_HEX
|DSR_SORT_UNIQ
);
2982 } else if (!strcmpstart(key
, "fp/")) {
2983 key
+= strlen("fp/");
2984 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
2985 DSR_HEX
|DSR_SORT_UNIQ
);
2987 *msg
= "Key not recognized";
2991 if (for_unencrypted_conn
) {
2992 /* Remove anything that insists it not be sent unencrypted. */
2993 SMARTLIST_FOREACH_BEGIN(fps_out
, char *, cp
) {
2994 const signed_descriptor_t
*sd
;
2996 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
2997 else if (is_extrainfo
)
2998 sd
= extrainfo_get_by_descriptor_digest(cp
);
3000 sd
= router_get_by_descriptor_digest(cp
);
3001 if (sd
&& !sd
->send_unencrypted
) {
3003 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
3005 } SMARTLIST_FOREACH_END(cp
);
3008 if (!smartlist_len(fps_out
)) {
3009 *msg
= "Servers unavailable";
3015 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3016 * <b>key</b>. The key should be either
3017 * - "/tor/server/authority" for our own routerinfo;
3018 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3019 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3020 * hex identity digests; or
3021 * - "/tor/server/d/D" where D is a plus-separated sequence
3022 * of server descriptor digests, in hex.
3024 * Return 0 if we found some matching descriptors, or -1 if we do not
3025 * have any descriptors, no matching descriptors, or if we did not
3026 * recognize the key (URL).
3027 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3030 * XXXX rename this function. It's only called from the controller.
3031 * XXXX in fact, refactor this function, merging as much as possible.
3034 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3039 if (!strcmp(key
, "/tor/server/all")) {
3040 routerlist_t
*rl
= router_get_routerlist();
3041 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3042 smartlist_add(descs_out
, &(r
->cache_info
)));
3043 } else if (!strcmp(key
, "/tor/server/authority")) {
3044 const routerinfo_t
*ri
= router_get_my_routerinfo();
3046 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3047 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3048 smartlist_t
*digests
= smartlist_new();
3049 key
+= strlen("/tor/server/d/");
3050 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3051 DSR_HEX
|DSR_SORT_UNIQ
);
3052 SMARTLIST_FOREACH(digests
, const char *, d
,
3054 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3056 smartlist_add(descs_out
,sd
);
3058 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3059 smartlist_free(digests
);
3060 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3061 smartlist_t
*digests
= smartlist_new();
3062 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3063 key
+= strlen("/tor/server/fp/");
3064 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3065 DSR_HEX
|DSR_SORT_UNIQ
);
3066 SMARTLIST_FOREACH_BEGIN(digests
, const char *, d
) {
3067 if (router_digest_is_me(d
)) {
3068 /* calling router_get_my_routerinfo() to make sure it exists */
3069 const routerinfo_t
*ri
= router_get_my_routerinfo();
3071 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3073 const routerinfo_t
*ri
= router_get_by_id_digest(d
);
3074 /* Don't actually serve a descriptor that everyone will think is
3075 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3076 * Tors from downloading descriptors that they will throw away.
3078 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3079 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3081 } SMARTLIST_FOREACH_END(d
);
3082 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3083 smartlist_free(digests
);
3085 *msg
= "Key not recognized";
3089 if (!smartlist_len(descs_out
)) {
3090 *msg
= "Servers unavailable";
3096 /** Called when a TLS handshake has completed successfully with a
3097 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3098 * a certificate with digest <b>digest_rcvd</b>.
3100 * Inform the reachability checker that we could get to this relay.
3103 dirserv_orconn_tls_done(const tor_addr_t
*addr
,
3105 const char *digest_rcvd
)
3107 node_t
*node
= NULL
;
3108 tor_addr_port_t orport
;
3109 routerinfo_t
*ri
= NULL
;
3110 time_t now
= time(NULL
);
3112 tor_assert(digest_rcvd
);
3114 node
= node_get_mutable_by_id(digest_rcvd
);
3115 if (node
== NULL
|| node
->ri
== NULL
)
3119 tor_addr_copy(&orport
.addr
, addr
);
3120 orport
.port
= or_port
;
3121 if (router_has_orport(ri
, &orport
)) {
3122 /* Found the right router. */
3123 if (!authdir_mode_bridge(get_options()) ||
3124 ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3125 char addrstr
[TOR_ADDR_BUF_LEN
];
3126 /* This is a bridge or we're not a bridge authorititative --
3127 mark it as reachable. */
3128 log_info(LD_DIRSERV
, "Found router %s to be reachable at %s:%d. Yay.",
3129 router_describe(ri
),
3130 tor_addr_to_str(addrstr
, addr
, sizeof(addrstr
), 1),
3132 if (tor_addr_family(addr
) == AF_INET
) {
3133 rep_hist_note_router_reachable(digest_rcvd
, addr
, or_port
, now
);
3134 node
->last_reachable
= now
;
3135 } else if (tor_addr_family(addr
) == AF_INET6
) {
3136 /* No rephist for IPv6. */
3137 node
->last_reachable6
= now
;
3143 /** Called when we, as an authority, receive a new router descriptor either as
3144 * an upload or a download. Used to decide whether to relaunch reachability
3145 * testing for the server. */
3147 dirserv_should_launch_reachability_test(const routerinfo_t
*ri
,
3148 const routerinfo_t
*ri_old
)
3150 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3153 /* New router: Launch an immediate reachability test, so we will have an
3154 * opinion soon in case we're generating a consensus soon */
3157 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3158 /* It just came out of hibernation; launch a reachability test */
3161 if (! routers_have_same_or_addrs(ri
, ri_old
)) {
3162 /* Address or port changed; launch a reachability test */
3168 /** Helper function for dirserv_test_reachability(). Start a TLS
3169 * connection to <b>router</b>, and annotate it with when we started
3172 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3174 channel_t
*chan
= NULL
;
3175 node_t
*node
= NULL
;
3176 tor_addr_t router_addr
;
3180 node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
3184 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3185 router
->nickname
, fmt_addr32(router
->addr
), router
->or_port
);
3186 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3187 chan
= channel_tls_connect(&router_addr
, router
->or_port
,
3188 router
->cache_info
.identity_digest
);
3189 if (chan
) command_setup_channel(chan
);
3191 /* Possible IPv6. */
3192 if (get_options()->AuthDirHasIPv6Connectivity
== 1 &&
3193 !tor_addr_is_null(&router
->ipv6_addr
)) {
3194 char addrstr
[TOR_ADDR_BUF_LEN
];
3195 log_debug(LD_OR
, "Testing reachability of %s at %s:%u.",
3197 tor_addr_to_str(addrstr
, &router
->ipv6_addr
, sizeof(addrstr
), 1),
3198 router
->ipv6_orport
);
3199 chan
= channel_tls_connect(&router
->ipv6_addr
, router
->ipv6_orport
,
3200 router
->cache_info
.identity_digest
);
3201 if (chan
) command_setup_channel(chan
);
3205 /** Auth dir server only: load balance such that we only
3206 * try a few connections per call.
3208 * The load balancing is such that if we get called once every ten
3209 * seconds, we will cycle through all the tests in
3210 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3213 dirserv_test_reachability(time_t now
)
3215 /* XXX decide what to do here; see or-talk thread "purging old router
3216 * information, revocation." -NM
3217 * We can't afford to mess with this in 0.1.2.x. The reason is that
3218 * if we stop doing reachability tests on some of routerlist, then
3219 * we'll for-sure think they're down, which may have unexpected
3220 * effects in other parts of the code. It doesn't hurt much to do
3221 * the testing, and directory authorities are easy to upgrade. Let's
3222 * wait til 0.2.0. -RD */
3223 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3224 routerlist_t
*rl
= router_get_routerlist();
3225 static char ctr
= 0;
3226 int bridge_auth
= authdir_mode_bridge(get_options());
3228 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3229 const char *id_digest
= router
->cache_info
.identity_digest
;
3230 if (router_is_me(router
))
3232 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3233 continue; /* bridge authorities only test reachability on bridges */
3234 // if (router->cache_info.published_on > cutoff)
3236 if ((((uint8_t)id_digest
[0]) % REACHABILITY_MODULO_PER_TEST
) == ctr
) {
3237 dirserv_single_reachability_test(now
, router
);
3239 } SMARTLIST_FOREACH_END(router
);
3240 ctr
= (ctr
+ 1) % REACHABILITY_MODULO_PER_TEST
; /* increment ctr */
3243 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3244 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3245 * flavor name if we want a flavored v3 status, return a pointer to the
3246 * appropriate cached dir object, or NULL if there isn't one available. */
3247 static cached_dir_t
*
3248 lookup_cached_dir_by_fp(const char *fp
)
3250 cached_dir_t
*d
= NULL
;
3251 if (tor_digest_is_zero(fp
) && cached_consensuses
) {
3252 d
= strmap_get(cached_consensuses
, "ns");
3253 } else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
&&
3254 (d
= strmap_get(cached_consensuses
, fp
))) {
3255 /* this here interface is a nasty hack XXXX */;
3260 /** Remove from <b>fps</b> every networkstatus key where both
3261 * a) we have a networkstatus document and
3262 * b) it is not newer than <b>cutoff</b>.
3264 * Return 1 if any items were present at all; else return 0.
3267 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
3270 SMARTLIST_FOREACH_BEGIN(fps
, char *, digest
) {
3271 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
3275 if (d
->published
<= cutoff
) {
3277 SMARTLIST_DEL_CURRENT(fps
, digest
);
3279 } SMARTLIST_FOREACH_END(digest
);
3284 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3285 * its extra-info document if <b>extrainfo</b> is true. Return
3286 * NULL if not found or if the descriptor is older than
3287 * <b>publish_cutoff</b>. */
3288 static const signed_descriptor_t
*
3289 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
3290 time_t publish_cutoff
)
3292 if (router_digest_is_me(fp
)) {
3294 return &(router_get_my_extrainfo()->cache_info
);
3296 return &(router_get_my_routerinfo()->cache_info
);
3298 const routerinfo_t
*ri
= router_get_by_id_digest(fp
);
3300 ri
->cache_info
.published_on
> publish_cutoff
) {
3302 return extrainfo_get_by_descriptor_digest(
3303 ri
->cache_info
.extra_info_digest
);
3305 return &ri
->cache_info
;
3311 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3312 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3313 * decide whether to send a 404. */
3315 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
3317 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3318 SMARTLIST_FOREACH_BEGIN(fps
, const char *, fp
) {
3321 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3322 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
3324 case DIR_SPOOL_SERVER_BY_DIGEST
:
3325 if (router_get_by_descriptor_digest(fp
)) return 1;
3327 case DIR_SPOOL_EXTRA_BY_FP
:
3328 case DIR_SPOOL_SERVER_BY_FP
:
3329 if (get_signed_descriptor_by_fp(fp
,
3330 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3334 } SMARTLIST_FOREACH_END(fp
);
3338 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3339 * a microdescriptor we have. */
3341 dirserv_have_any_microdesc(const smartlist_t
*fps
)
3343 microdesc_cache_t
*cache
= get_microdesc_cache();
3344 SMARTLIST_FOREACH(fps
, const char *, fp
,
3345 if (microdesc_cache_lookup_by_digest256(cache
, fp
))
3350 /** Return an approximate estimate of the number of bytes that will
3351 * be needed to transmit the server descriptors (if is_serverdescs --
3352 * they can be either d/ or fp/ queries) or networkstatus objects (if
3353 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3354 * we guess how large the data will be after compression.
3356 * The return value is an estimate; it might be larger or smaller.
3359 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3364 if (is_serverdescs
) {
3365 int n
= smartlist_len(fps
);
3366 const routerinfo_t
*me
= router_get_my_routerinfo();
3367 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3369 result
/= 2; /* observed compressibility is between 35 and 55%. */
3372 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3373 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3375 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3381 /** Given a list of microdescriptor hashes, guess how many bytes will be
3382 * needed to transmit them, and return the guess. */
3384 dirserv_estimate_microdesc_size(const smartlist_t
*fps
, int compressed
)
3386 size_t result
= smartlist_len(fps
) * microdesc_average_size(NULL
);
3392 /** When we're spooling data onto our outbuf, add more whenever we dip
3393 * below this threshold. */
3394 #define DIRSERV_BUFFER_MIN 16384
3396 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3397 * Flushes any remaining data to be (un)compressed, and changes the spool
3398 * source to NONE. Returns 0 on success, negative on failure. */
3400 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3402 if (conn
->zlib_state
) {
3403 connection_write_to_buf_zlib("", 0, conn
, 1);
3404 tor_zlib_free(conn
->zlib_state
);
3405 conn
->zlib_state
= NULL
;
3407 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3411 /** Spooling helper: called when we're sending a bunch of server descriptors,
3412 * and the outbuf has become too empty. Pulls some entries from
3413 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3414 * run out of entries, flushes the zlib state and sets the spool source to
3415 * NONE. Returns 0 on success, negative on failure.
3418 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3420 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3421 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3422 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3423 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3424 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3426 const or_options_t
*options
= get_options();
3428 while (smartlist_len(conn
->fingerprint_stack
) &&
3429 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3431 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3432 const signed_descriptor_t
*sd
= NULL
;
3434 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3436 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3437 : router_get_by_descriptor_digest(fp
);
3442 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3443 /* we did this check once before (so we could have an accurate size
3444 * estimate and maybe send a 404 if somebody asked for only bridges on a
3445 * connection), but we need to do it again in case a previously
3446 * unknown bridge descriptor has shown up between then and now. */
3450 /** If we are the bridge authority and the descriptor is a bridge
3451 * descriptor, remember that we served this descriptor for desc stats. */
3452 if (options
->BridgeAuthoritativeDir
&& by_fp
) {
3453 const routerinfo_t
*router
=
3454 router_get_by_id_digest(sd
->identity_digest
);
3455 /* router can be NULL here when the bridge auth is asked for its own
3457 if (router
&& router
->purpose
== ROUTER_PURPOSE_BRIDGE
)
3458 rep_hist_note_desc_served(sd
->identity_digest
);
3460 body
= signed_descriptor_get_body(sd
);
3461 if (conn
->zlib_state
) {
3462 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3463 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3466 tor_zlib_free(conn
->zlib_state
);
3467 conn
->zlib_state
= NULL
;
3470 connection_write_to_buf(body
,
3471 sd
->signed_descriptor_len
,
3476 if (!smartlist_len(conn
->fingerprint_stack
)) {
3477 /* We just wrote the last one; finish up. */
3478 if (conn
->zlib_state
) {
3479 connection_write_to_buf_zlib("", 0, conn
, 1);
3480 tor_zlib_free(conn
->zlib_state
);
3481 conn
->zlib_state
= NULL
;
3483 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3484 smartlist_free(conn
->fingerprint_stack
);
3485 conn
->fingerprint_stack
= NULL
;
3490 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3491 * and the outbuf has become too empty. Pulls some entries from
3492 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3493 * we run out of entries, flushes the zlib state and sets the spool source to
3494 * NONE. Returns 0 on success, negative on failure.
3497 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t
*conn
)
3499 microdesc_cache_t
*cache
= get_microdesc_cache();
3500 while (smartlist_len(conn
->fingerprint_stack
) &&
3501 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3502 char *fp256
= smartlist_pop_last(conn
->fingerprint_stack
);
3503 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(cache
, fp256
);
3505 if (!md
|| !md
->body
)
3507 if (conn
->zlib_state
) {
3508 int last
= !smartlist_len(conn
->fingerprint_stack
);
3509 connection_write_to_buf_zlib(md
->body
, md
->bodylen
, conn
, last
);
3511 tor_zlib_free(conn
->zlib_state
);
3512 conn
->zlib_state
= NULL
;
3515 connection_write_to_buf(md
->body
, md
->bodylen
, TO_CONN(conn
));
3518 if (!smartlist_len(conn
->fingerprint_stack
)) {
3519 if (conn
->zlib_state
) {
3520 connection_write_to_buf_zlib("", 0, conn
, 1);
3521 tor_zlib_free(conn
->zlib_state
);
3522 conn
->zlib_state
= NULL
;
3524 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3525 smartlist_free(conn
->fingerprint_stack
);
3526 conn
->fingerprint_stack
= NULL
;
3531 /** Spooling helper: Called when we're sending a directory or networkstatus,
3532 * and the outbuf has become too empty. Pulls some bytes from
3533 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3534 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3535 * and sets the spool source to NONE. Returns 0 on success, negative on
3538 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3543 bytes
= DIRSERV_BUFFER_MIN
- connection_get_outbuf_len(TO_CONN(conn
));
3544 tor_assert(bytes
> 0);
3545 tor_assert(conn
->cached_dir
);
3548 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3549 if (bytes
> remaining
)
3550 bytes
= (ssize_t
) remaining
;
3552 if (conn
->zlib_state
) {
3553 connection_write_to_buf_zlib(
3554 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3555 bytes
, conn
, bytes
== remaining
);
3557 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3558 bytes
, TO_CONN(conn
));
3560 conn
->cached_dir_offset
+= bytes
;
3561 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3562 /* We just wrote the last one; finish up. */
3563 connection_dirserv_finish_spooling(conn
);
3564 cached_dir_decref(conn
->cached_dir
);
3565 conn
->cached_dir
= NULL
;
3570 /** Spooling helper: Called when we're spooling networkstatus objects on
3571 * <b>conn</b>, and the outbuf has become too empty. If the current
3572 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3573 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3574 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3575 * treated as a request for the current consensus.) If we run out of entries,
3576 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3577 * success, negative on failure. */
3579 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3582 while (connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3583 if (conn
->cached_dir
) {
3584 int uncompressing
= (conn
->zlib_state
!= NULL
);
3585 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3586 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3587 /* add_dir_bytes thinks we're done with the cached_dir. But we
3588 * may have more cached_dirs! */
3589 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3590 /* This bit is tricky. If we were uncompressing the last
3591 * networkstatus, we may need to make a new zlib object to
3592 * uncompress the next one. */
3593 if (uncompressing
&& ! conn
->zlib_state
&&
3594 conn
->fingerprint_stack
&&
3595 smartlist_len(conn
->fingerprint_stack
)) {
3596 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
, HIGH_COMPRESSION
);
3600 } else if (conn
->fingerprint_stack
&&
3601 smartlist_len(conn
->fingerprint_stack
)) {
3602 /* Add another networkstatus; start serving it. */
3603 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3604 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3608 conn
->cached_dir
= d
;
3609 conn
->cached_dir_offset
= 0;
3612 connection_dirserv_finish_spooling(conn
);
3613 smartlist_free(conn
->fingerprint_stack
);
3614 conn
->fingerprint_stack
= NULL
;
3621 /** Called whenever we have flushed some directory data in state
3622 * SERVER_WRITING. */
3624 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3626 tor_assert(conn
->base_
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3628 if (connection_get_outbuf_len(TO_CONN(conn
)) >= DIRSERV_BUFFER_MIN
)
3631 switch (conn
->dir_spool_src
) {
3632 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3633 case DIR_SPOOL_EXTRA_BY_FP
:
3634 case DIR_SPOOL_SERVER_BY_DIGEST
:
3635 case DIR_SPOOL_SERVER_BY_FP
:
3636 return connection_dirserv_add_servers_to_outbuf(conn
);
3637 case DIR_SPOOL_MICRODESC
:
3638 return connection_dirserv_add_microdescs_to_outbuf(conn
);
3639 case DIR_SPOOL_CACHED_DIR
:
3640 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3641 case DIR_SPOOL_NETWORKSTATUS
:
3642 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3643 case DIR_SPOOL_NONE
:
3649 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3654 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3656 PACKAGENAME = NONSPACE
3659 DIGESTS = DIGEST | DIGESTS SP DIGEST
3660 DIGEST = DIGESTTYPE "=" DIGESTVAL
3662 NONSPACE = one or more non-space printing characters
3664 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3671 validate_recommended_package_line(const char *line
)
3673 const char *cp
= line
;
3679 cp = strchr(cp, ' '); \
3684 WORD(); /* skip packagename */
3686 WORD(); /* skip version */
3688 WORD(); /* Skip URL */
3691 /* Skip digesttype=digestval + */
3694 const char *start_of_word
= cp
;
3695 const char *end_of_word
= strchr(cp
, ' ');
3697 end_of_word
= cp
+ strlen(cp
);
3699 if (start_of_word
== end_of_word
)
3702 const char *eq
= memchr(start_of_word
, '=', end_of_word
- start_of_word
);
3706 if (eq
== start_of_word
)
3708 if (eq
== end_of_word
- 1)
3710 if (memchr(eq
+1, '=', end_of_word
- (eq
+1)))
3714 if (0 == *end_of_word
)
3717 cp
= end_of_word
+ 1;
3720 /* If we reach this point, we have at least 1 entry. */
3721 tor_assert(n_entries
> 0);
3725 /** Release all storage used by the directory server. */
3727 dirserv_free_all(void)
3729 dirserv_free_fingerprint_list();
3731 strmap_free(cached_consensuses
, free_cached_dir_
);
3732 cached_consensuses
= NULL
;
3734 dirserv_clear_measured_bw_cache();