search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix "JAP-client" hideous ASN1 bug, twice. (Fix1: check more thoroughly for TLS errors...
[tor.git] / src / or / routerlist.c
blob7a2546555d36134ac6f8eddca23a13b637dc096e
1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004-2005 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
6 const char routerlist_c_id[] = "$Id$";
7
8 #include "or.h"
9
10 /**
11 * \file routerlist.c
12 *
13 * \brief Code to
14 * maintain and access the global list of routerinfos for known
15 * servers.
16 **/
17
18 /****************************************************************************/
19
20 static smartlist_t *trusted_dir_servers = NULL;
21
22 /* static function prototypes */
23 static routerinfo_t *
24 router_pick_directory_server_impl(int requireothers, int fascistfirewall,
25 int for_runningrouters);
26 static trusted_dir_server_t *
27 router_pick_trusteddirserver_impl(int requireother, int fascistfirewall);
28 static void mark_all_trusteddirservers_up(void);
29 static int router_resolve_routerlist(routerlist_t *dir);
30
31 /****************************************************************************/
32
33 /****
34 * Functions to manage and access our list of known routers. (Note:
35 * dirservers maintain a separate, independent list of known router
36 * descriptors.)
37 *****/
38
39 /** Global list of all of the routers that we, as an OR or OP, know about. */
40 static routerlist_t *routerlist = NULL;
41
42 extern int has_fetched_directory; /**< from main.c */
43
44 /**
45 * Reload the original list of trusted dirservers, and the most recent
46 * cached directory (if present).
47 */
48 int router_reload_router_list(void)
49 {
50 char filename[512];
51 int is_recent;
52 struct stat st;
53 char *s;
54 tor_assert(get_options()->DataDirectory);
55
56 tor_snprintf(filename,sizeof(filename),"%s/cached-directory",
57 get_options()->DataDirectory);
58 s = read_file_to_str(filename,0);
59 if (s) {
60 stat(filename, &st); /* if s is true, stat probably worked */
61 log_fn(LOG_INFO, "Loading cached directory from %s", filename);
62 is_recent = st.st_mtime > time(NULL) - 60*15;
63 if (router_load_routerlist_from_directory(s, NULL, is_recent, 1) < 0) {
64 log_fn(LOG_WARN, "Cached directory at '%s' was unparseable; ignoring.", filename);
65 }
66 if (routerlist &&
67 ((routerlist->published_on > time(NULL) - MIN_ONION_KEY_LIFETIME/2)
68 || is_recent)) {
69 directory_has_arrived(st.st_mtime, NULL); /* do things we've been waiting to do */
70 }
71 tor_free(s);
72 }
73 return 0;
74 }
75
76 /* Set *<b>outp</b> to a smartlist containing a list of
77 * trusted_dir_server_t * for all known trusted dirservers. Callers
78 * must not modify the list or its contents.
79 */
80 void router_get_trusted_dir_servers(smartlist_t **outp)
81 {
82 if (!trusted_dir_servers)
83 trusted_dir_servers = smartlist_create();
84
85 *outp = trusted_dir_servers;
86 }
87
88 /** Try to find a running dirserver. If there are no running dirservers
89 * in our routerlist, set all the authoritative ones as running again,
90 * and pick one. If there are no dirservers at all in our routerlist,
91 * reload the routerlist and try one last time. If for_runningrouters is
92 * true, then only pick a dirserver that can answer runningrouters queries
93 * (that is, a trusted dirserver, or one running 0.0.9rc5-cvs or later).
94 */
95 routerinfo_t *router_pick_directory_server(int requireothers,
96 int fascistfirewall,
97 int for_runningrouters,
98 int retry_if_no_servers) {
99 routerinfo_t *choice;
100
101 if (!routerlist)
102 return NULL;
103
104 choice = router_pick_directory_server_impl(requireothers, fascistfirewall,
105 for_runningrouters);
106 if (choice || !retry_if_no_servers)
107 return choice;
108
109 log_fn(LOG_INFO,"No reachable router entries for dirservers. Trying them all again.");
110 /* mark all authdirservers as up again */
111 mark_all_trusteddirservers_up();
112 /* try again */
113 choice = router_pick_directory_server_impl(requireothers, fascistfirewall,
114 for_runningrouters);
115 if (choice)
116 return choice;
117
118 log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
119 get_options()->FascistFirewall ? "reachable" : "known");
120 has_fetched_directory=0; /* reset it */
121 if (router_reload_router_list()) {
122 return NULL;
123 }
124 /* give it one last try */
125 choice = router_pick_directory_server_impl(requireothers, 0,
126 for_runningrouters);
127 return choice;
128 }
129
130 trusted_dir_server_t *router_pick_trusteddirserver(int requireothers,
131 int fascistfirewall,
132 int retry_if_no_servers) {
133 trusted_dir_server_t *choice;
134
135 choice = router_pick_trusteddirserver_impl(requireothers, fascistfirewall);
136 if (choice || !retry_if_no_servers)
137 return choice;
138
139 log_fn(LOG_INFO,"No trusted dirservers are reachable. Trying them all again.");
140 /* mark all authdirservers as up again */
141 mark_all_trusteddirservers_up();
142 /* try again */
143 choice = router_pick_trusteddirserver_impl(requireothers, fascistfirewall);
144 if (choice)
145 return choice;
146
147 log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.",
148 get_options()->FascistFirewall ? "reachable" : "known");
149 has_fetched_directory=0; /* reset it */
150 if (router_reload_router_list()) {
151 return NULL;
152 }
153 /* give it one last try */
154 choice = router_pick_trusteddirserver_impl(requireothers, 0);
155 return choice;
156 }
157
158 /** Pick a random running router from our routerlist. If requireauth,
159 * it has to be a trusted server. If requireothers, it cannot be us.
160 */
161 static routerinfo_t *
162 router_pick_directory_server_impl(int requireothers, int fascistfirewall,
163 int for_runningrouters)
164 {
165 int i;
166 routerinfo_t *router;
167 smartlist_t *sl;
168
169 if (!routerlist)
170 return NULL;
171
172 if (get_options()->HttpProxy)
173 fascistfirewall = 0;
174
175 /* Find all the running dirservers we know about. */
176 sl = smartlist_create();
177 for (i=0;i < smartlist_len(routerlist->routers); i++) {
178 router = smartlist_get(routerlist->routers, i);
179 if (!router->is_running || !router->dir_port || !router->is_verified)
180 continue;
181 if (requireothers && router_is_me(router))
182 continue;
183 if (fascistfirewall) {
184 if (!smartlist_string_num_isin(get_options()->FirewallPorts, router->dir_port))
185 continue;
186 }
187 /* before 0.0.9rc5-cvs, only trusted dirservers served status info. */
188 if (for_runningrouters &&
189 !(tor_version_as_new_as(router->platform,"0.0.9rc5-cvs") ||
190 router_digest_is_trusted_dir(router->identity_digest)))
191 continue;
192 smartlist_add(sl, router);
193 }
194
195 router = smartlist_choose(sl);
196 smartlist_free(sl);
197 return router;
198 }
199
200 static trusted_dir_server_t *
201 router_pick_trusteddirserver_impl(int requireother, int fascistfirewall)
202 {
203 smartlist_t *sl;
204 routerinfo_t *me;
205 trusted_dir_server_t *ds;
206 sl = smartlist_create();
207 me = router_get_my_routerinfo();
208
209 if (!trusted_dir_servers)
210 return NULL;
211
212 if (get_options()->HttpProxy)
213 fascistfirewall = 0;
214
215 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, d,
216 {
217 if (!d->is_running) continue;
218 if (requireother && me &&
219 !memcmp(me->identity_digest, d->digest, DIGEST_LEN))
220 continue;
221 if (fascistfirewall) {
222 if (!smartlist_string_num_isin(get_options()->FirewallPorts, d->dir_port))
223 continue;
224 }
225 smartlist_add(sl, d);
226 });
227
228 ds = smartlist_choose(sl);
229 smartlist_free(sl);
230 return ds;
231 }
232
233 /** Go through and mark the auth dirservers as up */
234 static void mark_all_trusteddirservers_up(void) {
235 if (routerlist) {
236 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, router,
237 if (router_digest_is_trusted_dir(router->identity_digest)) {
238 tor_assert(router->dir_port > 0);
239 router->is_running = 1;
240 router->status_set_at = time(NULL);
241 });
242 }
243 if (trusted_dir_servers) {
244 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
245 dir->is_running = 1);
246 }
247 }
248
249 /** Return 0 if \exists an authoritative dirserver that's currently
250 * thought to be running, else return 1.
251 */
252 int all_trusted_directory_servers_down(void) {
253 if (!trusted_dir_servers)
254 return 1;
255 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
256 if (dir->is_running) return 0);
257 return 1;
258 }
259
260 /** Add all the family of <b>router</b> to the smartlist <b>sl</b>.
261 */
262 void routerlist_add_family(smartlist_t *sl, routerinfo_t *router) {
263 routerinfo_t *r;
264 struct config_line_t *cl;
265
266 if (!router->declared_family)
267 return;
268
269 /* Add every r such that router declares familyness with r, and r
270 * declares familyhood with router. */
271 SMARTLIST_FOREACH(router->declared_family, const char *, n,
272 {
273 if (!(r = router_get_by_nickname(n)))
274 continue;
275 if (!r->declared_family)
276 continue;
277 SMARTLIST_FOREACH(r->declared_family, const char *, n2,
278 {
279 if (router_nickname_matches(router, n2))
280 smartlist_add(sl, r);
281 });
282 });
283
284 for (cl = get_options()->NodeFamilies; cl; cl = cl->next) {
285 if (router_nickname_is_in_list(router, cl->value)) {
286 add_nickname_list_to_smartlist(sl, cl->value, 0);
287 }
288 }
289 }
290
291 /** List of string for nicknames we've warned about and haven't yet succeeded.
292 */
293 static smartlist_t *warned_nicknames = NULL;
294
295 /** Given a comma-and-whitespace separated list of nicknames, see which
296 * nicknames in <b>list</b> name routers in our routerlist that are
297 * currently running. Add the routerinfos for those routers to <b>sl</b>.
298 */
299 void
300 add_nickname_list_to_smartlist(smartlist_t *sl, const char *list, int warn_if_down)
301 {
302 routerinfo_t *router;
303 smartlist_t *nickname_list;
304
305 if (!list)
306 return; /* nothing to do */
307 tor_assert(sl);
308
309 nickname_list = smartlist_create();
310 if (!warned_nicknames)
311 warned_nicknames = smartlist_create();
312
313 smartlist_split_string(nickname_list, list, ",",
314 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
315
316 SMARTLIST_FOREACH(nickname_list, const char *, nick, {
317 int warned;
318 if (!is_legal_nickname_or_hexdigest(nick)) {
319 log_fn(LOG_WARN,"Nickname %s is misformed; skipping", nick);
320 continue;
321 }
322 router = router_get_by_nickname(nick);
323 warned = smartlist_string_isin(warned_nicknames, nick);
324 if (router) {
325 if (router->is_running) {
326 smartlist_add(sl,router);
327 if (warned)
328 smartlist_string_remove(warned_nicknames, nick);
329 } else {
330 if (!warned) {
331 log_fn(warn_if_down ? LOG_WARN : LOG_DEBUG,
332 "Nickname list includes '%s' which is known but down.",nick);
333 smartlist_add(warned_nicknames, tor_strdup(nick));
334 }
335 }
336 } else {
337 if (!warned) {
338 log_fn(has_fetched_directory ? LOG_WARN : LOG_INFO,
339 "Nickname list includes '%s' which isn't a known router.",nick);
340 smartlist_add(warned_nicknames, tor_strdup(nick));
341 }
342 }
343 });
344 SMARTLIST_FOREACH(nickname_list, char *, nick, tor_free(nick));
345 smartlist_free(nickname_list);
346 }
347
348 /** Return 1 iff any member of the comma-separated list <b>list</b> is an
349 * acceptable nickname or hexdigest for <b>router</b>. Else return 0.
350 */
351 int
352 router_nickname_is_in_list(routerinfo_t *router, const char *list)
353 {
354 smartlist_t *nickname_list;
355 int v = 0;
356
357 if (!list)
358 return 0; /* definitely not */
359 tor_assert(router);
360
361 nickname_list = smartlist_create();
362 smartlist_split_string(nickname_list, list, ",",
363 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
364 SMARTLIST_FOREACH(nickname_list, const char *, cp,
365 if (router_nickname_matches(router, cp)) {v=1;break;});
366 SMARTLIST_FOREACH(nickname_list, char *, cp, tor_free(cp));
367 smartlist_free(nickname_list);
368 return v;
369 }
370
371 /** Add every router from our routerlist that is currently running to
372 * <b>sl</b>.
373 */
374 static void
375 router_add_running_routers_to_smartlist(smartlist_t *sl, int allow_unverified,
376 int need_uptime, int need_capacity)
377 {
378 routerinfo_t *router;
379 int i;
380
381 if (!routerlist)
382 return;
383
384 for (i=0;i<smartlist_len(routerlist->routers);i++) {
385 router = smartlist_get(routerlist->routers, i);
386 if (router->is_running &&
387 (router->is_verified ||
388 (allow_unverified &&
389 !router_is_unreliable(router, need_uptime, need_capacity)))) {
390 /* If it's running, and either it's verified or we're ok picking
391 * unverified routers and this one is suitable.
392 */
393 smartlist_add(sl, router);
394 }
395 }
396 }
397
398 routerinfo_t *
399 routerlist_find_my_routerinfo(void) {
400 routerinfo_t *router;
401 int i;
402
403 if (!routerlist)
404 return NULL;
405
406 for (i=0;i<smartlist_len(routerlist->routers);i++) {
407 router = smartlist_get(routerlist->routers, i);
408 if (router_is_me(router))
409 return router;
410 }
411 return NULL;
412 }
413
414 int
415 router_is_unreliable(routerinfo_t *router, int need_uptime, int need_capacity)
416 {
417 if (need_uptime && router->uptime < ROUTER_REQUIRED_MIN_UPTIME)
418 return 1;
419 if (need_capacity && router->bandwidthcapacity < ROUTER_REQUIRED_MIN_BANDWIDTH)
420 return 1;
421 return 0;
422 }
423
424 static void
425 routerlist_sl_remove_unreliable_routers(smartlist_t *sl)
426 {
427 int i;
428 routerinfo_t *router;
429
430 for (i = 0; i < smartlist_len(sl); ++i) {
431 router = smartlist_get(sl, i);
432 if (router_is_unreliable(router, 1, 0)) {
433 log(LOG_DEBUG, "Router '%s' has insufficient uptime; deleting.",
434 router->nickname);
435 smartlist_del(sl, i--);
436 }
437 }
438 }
439
440 routerinfo_t *
441 routerlist_sl_choose_by_bandwidth(smartlist_t *sl)
442 {
443 int i;
444 routerinfo_t *router;
445 smartlist_t *bandwidths;
446 uint32_t this_bw, tmp, total_bw=0, rand_bw;
447 uint32_t *p;
448
449 bandwidths = smartlist_create();
450 for (i = 0; i < smartlist_len(sl); ++i) {
451 router = smartlist_get(sl, i);
452 this_bw = (router->bandwidthcapacity < router->bandwidthrate) ?
453 router->bandwidthcapacity : router->bandwidthrate;
454 if (this_bw > 2000000)
455 this_bw = 2000000; /* if they claim something huge, don't believe it */
456 p = tor_malloc(sizeof(uint32_t));
457 *p = this_bw;
458 smartlist_add(bandwidths, p);
459 total_bw += this_bw;
460 // log_fn(LOG_INFO,"Recording bw %d for node %s.", this_bw, router->nickname);
461 }
462 if (!total_bw) {
463 SMARTLIST_FOREACH(bandwidths, uint32_t*, p, tor_free(p));
464 smartlist_free(bandwidths);
465 return smartlist_choose(sl);
466 }
467 rand_bw = crypto_pseudo_rand_int(total_bw);
468 // log_fn(LOG_INFO,"Total bw %d. Randomly chose %d.", total_bw, rand_bw);
469 tmp = 0;
470 for (i=0; ; i++) {
471 tor_assert(i < smartlist_len(sl));
472 p = smartlist_get(bandwidths, i);
473 tmp += *p;
474 router = smartlist_get(sl, i);
475 // log_fn(LOG_INFO,"Considering %s. tmp = %d.", router->nickname, tmp);
476 if (tmp >= rand_bw)
477 break;
478 }
479 SMARTLIST_FOREACH(bandwidths, uint32_t*, p, tor_free(p));
480 smartlist_free(bandwidths);
481 router = smartlist_get(sl, i);
482 // log_fn(LOG_INFO,"Picked %s.", router->nickname);
483 return router;
484 }
485
486 /** Return a random running router from the routerlist. If any node
487 * named in <b>preferred</b> is available, pick one of those. Never
488 * pick a node named in <b>excluded</b>, or whose routerinfo is in
489 * <b>excludedsmartlist</b>, even if they are the only nodes
490 * available. If <b>strict</b> is true, never pick any node besides
491 * those in <b>preferred</b>.
492 */
493 routerinfo_t *router_choose_random_node(const char *preferred,
494 const char *excluded,
495 smartlist_t *excludedsmartlist,
496 int need_uptime, int need_capacity,
497 int allow_unverified, int strict)
498 {
499 smartlist_t *sl, *excludednodes;
500 routerinfo_t *choice;
501
502 excludednodes = smartlist_create();
503 add_nickname_list_to_smartlist(excludednodes,excluded,0);
504
505 /* Try the preferred nodes first. Ignore need_uptime and need_capacity,
506 * since the user explicitly asked for these nodes. */
507 sl = smartlist_create();
508 add_nickname_list_to_smartlist(sl,preferred,1);
509 smartlist_subtract(sl,excludednodes);
510 if (excludedsmartlist)
511 smartlist_subtract(sl,excludedsmartlist);
512 #if 0
513 if (need_uptime)
514 routerlist_sl_remove_unreliable_routers(sl);
515 if (need_capacity)
516 choice = routerlist_sl_choose_by_bandwidth(sl);
517 else
518 #endif
519 choice = smartlist_choose(sl);
520 smartlist_free(sl);
521 if (!choice && !strict) {
522 /* Then give up on our preferred choices: any node
523 * will do that has the required attributes. */
524 sl = smartlist_create();
525 router_add_running_routers_to_smartlist(sl, allow_unverified,
526 need_uptime, need_capacity);
527 smartlist_subtract(sl,excludednodes);
528 if (excludedsmartlist)
529 smartlist_subtract(sl,excludedsmartlist);
530 if (need_uptime)
531 routerlist_sl_remove_unreliable_routers(sl);
532 if (need_capacity)
533 choice = routerlist_sl_choose_by_bandwidth(sl);
534 else
535 choice = smartlist_choose(sl);
536 smartlist_free(sl);
537 }
538 smartlist_free(excludednodes);
539 if (!choice)
540 log_fn(LOG_WARN,"No available nodes when trying to choose node. Failing.");
541 return choice;
542 }
543
544 /** Return the router in our routerlist whose address is <b>addr</b> and
545 * whose OR port is <b>port</b>. Return NULL if no such router is known.
546 */
547 routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port) {
548 int i;
549 routerinfo_t *router;
550
551 if (!routerlist)
552 return NULL;
553
554 for (i=0;i<smartlist_len(routerlist->routers);i++) {
555 router = smartlist_get(routerlist->routers, i);
556 if ((router->addr == addr) && (router->or_port == port))
557 return router;
558 }
559 return NULL;
560 }
561
562 /** Return true iff the digest of <b>router</b>'s identity key,
563 * encoded in hexadecimal, matches <b>hexdigest</b> (which is
564 * optionally prefixed with a single dollar sign). Return false if
565 * <b>hexdigest</b> is malformed, or it doesn't match. */
566 static INLINE int router_hex_digest_matches(routerinfo_t *router,
567 const char *hexdigest)
568 {
569 char digest[DIGEST_LEN];
570 tor_assert(hexdigest);
571 if (hexdigest[0] == '$')
572 ++hexdigest;
573
574 if (strlen(hexdigest) != HEX_DIGEST_LEN ||
575 base16_decode(digest, DIGEST_LEN, hexdigest, HEX_DIGEST_LEN)<0)
576 return 0;
577 else
578 return (!memcmp(digest, router->identity_digest, DIGEST_LEN));
579 }
580
581 /* Return true if <b>router</b>'s nickname matches <b>nickname</b>
582 * (case-insensitive), or if <b>router's</b> identity key digest
583 * matches a hexadecimal value stored in <b>nickname</b>. Return
584 * false otherwise.*/
585 int router_nickname_matches(routerinfo_t *router, const char *nickname)
586 {
587 if (nickname[0]!='$' && !strcasecmp(router->nickname, nickname))
588 return 1;
589 else
590 return router_hex_digest_matches(router, nickname);
591 }
592
593 /** Return the router in our routerlist whose (case-insensitive)
594 * nickname or (case-sensitive) hexadecimal key digest is
595 * <b>nickname</b>. Return NULL if no such router is known.
596 */
597 routerinfo_t *router_get_by_nickname(const char *nickname)
598 {
599 int i, maybedigest;
600 routerinfo_t *router;
601 char digest[DIGEST_LEN];
602
603 tor_assert(nickname);
604 if (!routerlist)
605 return NULL;
606 if (nickname[0] == '$')
607 return router_get_by_hexdigest(nickname);
608 if (server_mode(get_options()) &&
609 !strcasecmp(nickname, get_options()->Nickname))
610 return router_get_my_routerinfo();
611
612 maybedigest = (strlen(nickname) == HEX_DIGEST_LEN) &&
613 (base16_decode(digest,DIGEST_LEN,nickname,HEX_DIGEST_LEN) == 0);
614
615 for (i=0;i<smartlist_len(routerlist->routers);i++) {
616 router = smartlist_get(routerlist->routers, i);
617 if (0 == strcasecmp(router->nickname, nickname) ||
618 (maybedigest && 0 == memcmp(digest, router->identity_digest,
619 DIGEST_LEN)))
620 return router;
621 }
622
623 return NULL;
624 }
625
626 /** Return true iff <b>digest</b> is the digest of the identity key of
627 * a trusted directory. */
628 int router_digest_is_trusted_dir(const char *digest) {
629 if (!trusted_dir_servers)
630 return 0;
631 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent,
632 if (!memcmp(digest, ent->digest, DIGEST_LEN)) return 1);
633 return 0;
634 }
635
636 /** Return the router in our routerlist whose hexadecimal key digest
637 * is <b>hexdigest</b>. Return NULL if no such router is known. */
638 routerinfo_t *router_get_by_hexdigest(const char *hexdigest) {
639 char digest[DIGEST_LEN];
640
641 tor_assert(hexdigest);
642 if (!routerlist)
643 return NULL;
644 if (hexdigest[0]=='$')
645 ++hexdigest;
646 if (strlen(hexdigest) != HEX_DIGEST_LEN ||
647 base16_decode(digest,DIGEST_LEN,hexdigest,HEX_DIGEST_LEN) < 0)
648 return NULL;
649
650 return router_get_by_digest(digest);
651 }
652
653 /** Return the router in our routerlist whose 20-byte key digest
654 * is <b>digest</b>. Return NULL if no such router is known. */
655 routerinfo_t *router_get_by_digest(const char *digest) {
656 int i;
657 routerinfo_t *router;
658
659 tor_assert(digest);
660 if (server_mode(get_options()) &&
661 (router = router_get_my_routerinfo()) &&
662 !memcmp(digest, router->identity_digest, DIGEST_LEN))
663 return router;
664 if (!routerlist) return NULL;
665
666 for (i=0;i<smartlist_len(routerlist->routers);i++) {
667 router = smartlist_get(routerlist->routers, i);
668 if (0 == memcmp(router->identity_digest, digest, DIGEST_LEN))
669 return router;
670 }
671
672 return NULL;
673 }
674
675 /** Set *<b>prouterlist</b> to the current list of all known routers. */
676 void router_get_routerlist(routerlist_t **prouterlist) {
677 *prouterlist = routerlist;
678 }
679
680 /** Return the publication time on the current routerlist, or 0 if we have no
681 * routerlist. */
682 time_t routerlist_get_published_time(void) {
683 return routerlist ? routerlist->published_on : 0;
684 }
685
686 /** Free all storage held by <b>router</b>. */
687 void routerinfo_free(routerinfo_t *router)
688 {
689 if (!router)
690 return;
691
692 tor_free(router->signed_descriptor);
693 tor_free(router->address);
694 tor_free(router->nickname);
695 tor_free(router->platform);
696 if (router->onion_pkey)
697 crypto_free_pk_env(router->onion_pkey);
698 if (router->identity_pkey)
699 crypto_free_pk_env(router->identity_pkey);
700 if (router->declared_family) {
701 SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
702 smartlist_free(router->declared_family);
703 }
704 addr_policy_free(router->exit_policy);
705 tor_free(router);
706 }
707
708 /** Allocate a fresh copy of <b>router</b> */
709 routerinfo_t *routerinfo_copy(const routerinfo_t *router)
710 {
711 routerinfo_t *r;
712 addr_policy_t **e, *tmp;
713
714 r = tor_malloc(sizeof(routerinfo_t));
715 memcpy(r, router, sizeof(routerinfo_t));
716
717 r->address = tor_strdup(r->address);
718 r->nickname = tor_strdup(r->nickname);
719 r->platform = tor_strdup(r->platform);
720 if (r->signed_descriptor)
721 r->signed_descriptor = tor_strdup(r->signed_descriptor);
722 if (r->onion_pkey)
723 r->onion_pkey = crypto_pk_dup_key(r->onion_pkey);
724 if (r->identity_pkey)
725 r->identity_pkey = crypto_pk_dup_key(r->identity_pkey);
726 e = &r->exit_policy;
727 while (*e) {
728 tmp = tor_malloc(sizeof(addr_policy_t));
729 memcpy(tmp,*e,sizeof(addr_policy_t));
730 *e = tmp;
731 (*e)->string = tor_strdup((*e)->string);
732 e = & ((*e)->next);
733 }
734 if (r->declared_family) {
735 r->declared_family = smartlist_create();
736 SMARTLIST_FOREACH(router->declared_family, const char *, s,
737 smartlist_add(r->declared_family, tor_strdup(s)));
738 }
739 return r;
740 }
741
742 /** Free all storage held by a routerlist <b>rl</b> */
743 void routerlist_free(routerlist_t *rl)
744 {
745 tor_assert(rl);
746 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
747 routerinfo_free(r));
748 smartlist_free(rl->routers);
749 running_routers_free(rl->running_routers);
750 tor_free(rl->software_versions);
751 tor_free(rl);
752 }
753
754 void routerlist_free_current(void)
755 {
756 if (routerlist)
757 routerlist_free(routerlist);
758 routerlist = NULL;
759 if (warned_nicknames) {
760 SMARTLIST_FOREACH(warned_nicknames, char *, cp, tor_free(cp));
761 smartlist_free(warned_nicknames);
762 warned_nicknames = NULL;
763 }
764 }
765
766 void free_trusted_dir_servers(void)
767 {
768 if (trusted_dir_servers) {
769 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ds,
770 { tor_free(ds->address); tor_free(ds); });
771 smartlist_free(trusted_dir_servers);
772 trusted_dir_servers = NULL;
773 }
774 }
775
776 /** Mark the router with ID <b>digest</b> as non-running in our routerlist. */
777 void router_mark_as_down(const char *digest) {
778 routerinfo_t *router;
779 tor_assert(digest);
780
781 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, d,
782 if (!memcmp(d->digest, digest, DIGEST_LEN))
783 d->is_running = 0);
784
785 router = router_get_by_digest(digest);
786 if (!router) /* we don't seem to know about him in the first place */
787 return;
788 log_fn(LOG_DEBUG,"Marking router '%s' as down.",router->nickname);
789 if (router_is_me(router))
790 log_fn(LOG_WARN, "We just marked ourself as down. Are your external addresses reachable?");
791 router->is_running = 0;
792 router->status_set_at = time(NULL);
793 }
794
795 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
796 * older entries (if any) with the same name. Note: Callers should not hold
797 * their pointers to <b>router</b> after invoking this function; <b>router</b>
798 * will either be inserted into the routerlist or freed. Returns 0 if the
799 * router was added; -1 if it was not.
800 *
801 * DOCDOC msg
802 */
803 static int
804 router_add_to_routerlist(routerinfo_t *router, const char **msg) {
805 int i;
806 routerinfo_t *r;
807 char id_digest[DIGEST_LEN];
808
809 tor_assert(routerlist);
810 crypto_pk_get_digest(router->identity_pkey, id_digest);
811
812 /* If we have a router with this name, and the identity key is the same,
813 * choose the newer one. If the identity key has changed, drop the router.
814 */
815 for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
816 r = smartlist_get(routerlist->routers, i);
817
818 if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
819 if (router->published_on > r->published_on) {
820 log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
821 router->nickname, r->nickname, hex_str(id_digest,DIGEST_LEN));
822 /* Remember whether we trust this router as a dirserver. */
823 /* If the address hasn't changed; no need to re-resolve. */
824 if (!strcasecmp(r->address, router->address))
825 router->addr = r->addr;
826 routerinfo_free(r);
827 smartlist_set(routerlist->routers, i, router);
828 return 0;
829 } else {
830 log_fn(LOG_DEBUG, "Skipping not-new descriptor for router '%s'",
831 router->nickname);
832 /* Update the is_running status to whatever we were told. */
833 r->is_running = router->is_running;
834 routerinfo_free(router);
835 if (msg) *msg = "Router descriptor was not new.";
836 return -1;
837 }
838 } else if (!strcasecmp(router->nickname, r->nickname)) {
839 /* nicknames match, keys don't. */
840 if (router->is_verified) {
841 /* The new verified router replaces the old one; remove the
842 * old one. And carry on to the end of the list, in case
843 * there are more old unverified routers with this nickname
844 */
845 /* mark-for-close connections using the old key, so we can
846 * make new ones with the new key.
847 */
848 connection_t *conn;
849 while ((conn = connection_get_by_identity_digest(r->identity_digest,
850 CONN_TYPE_OR))) {
851 log_fn(LOG_INFO,"Closing conn to obsolete router '%s'", r->nickname);
852 connection_mark_for_close(conn);
853 }
854 routerinfo_free(r);
855 smartlist_del_keeporder(routerlist->routers, i--);
856 } else if (r->is_verified) {
857 /* Can't replace a verified router with an unverified one. */
858 log_fn(LOG_DEBUG, "Skipping unverified entry for verified router '%s'",
859 router->nickname);
860 routerinfo_free(router);
861 if (msg) *msg = "Already have verified router with different key and same nickname";
862 return -1;
863 }
864 }
865 }
866 /* We haven't seen a router with this name before. Add it to the end of
867 * the list. */
868 smartlist_add(routerlist->routers, router);
869 return 0;
870 }
871
872 /** Remove any routers from the routerlist that are more than <b>age</b>
873 * seconds old.
874 *
875 * (This function is just like dirserv_remove_old_servers. One day we should
876 * merge them.)
877 */
878 void
879 routerlist_remove_old_routers(int age)
880 {
881 int i;
882 time_t cutoff;
883 routerinfo_t *router;
884 if (!routerlist)
885 return;
886
887 cutoff = time(NULL) - age;
888 for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
889 router = smartlist_get(routerlist->routers, i);
890 if (router->published_on <= cutoff) {
891 /* Too old. Remove it. */
892 log_fn(LOG_INFO,"Forgetting obsolete routerinfo for router '%s'", router->nickname);
893 routerinfo_free(router);
894 smartlist_del(routerlist->routers, i--);
895 }
896 }
897 }
898
899 /*
900 * Code to parse a single router descriptors and insert it into the
901 * directory. Return -1 if the descriptor was ill-formed; 0 if the
902 * descriptor was well-formed but could not be added; and 1 if the
903 * descriptor was added.
904 */
905 int
906 router_load_single_router(const char *s, const char **msg)
907 {
908 routerinfo_t *ri;
909
910 if (!(ri = router_parse_entry_from_string(s, NULL))) {
911 log_fn(LOG_WARN, "Error parsing router descriptor; dropping.");
912 if (msg) *msg = "Couldn't parse router descriptor";
913 return -1;
914 }
915 if (routerlist && routerlist->running_routers) {
916 running_routers_t *rr = routerlist->running_routers;
917 router_update_status_from_smartlist(ri,
918 rr->published_on,
919 rr->running_routers,
920 rr->is_running_routers_format);
921 }
922 if (router_add_to_routerlist(ri, msg)<0) {
923 log_fn(LOG_WARN, "Couldn't add router to list; dropping.");
924 if (msg && !*msg) *msg = "Couldn't add router to list.";
925 return 0;
926 } else {
927 smartlist_t *changed = smartlist_create();
928 smartlist_add(changed, ri);
929 control_event_descriptors_changed(changed);
930 smartlist_free(changed);
931 }
932 log_fn(LOG_DEBUG, "Added router to list");
933 return 1;
934 }
935
936 /** Add to the current routerlist each router stored in the
937 * signed directory <b>s</b>. If pkey is provided, check the signature against
938 * pkey; else check against the pkey of the signing directory server.
939 *
940 * If <b>dir_is_recent</b> is non-zero, then examine the
941 * Recommended-versions line and take appropriate action.
942 *
943 * If <b>dir_is_cached</b> is non-zero, then we're reading it
944 * from the cache so don't bother to re-write it to the cache.
945 */
946 int router_load_routerlist_from_directory(const char *s,
947 crypto_pk_env_t *pkey,
948 int dir_is_recent,
949 int dir_is_cached)
950 {
951 routerlist_t *new_list = NULL;
952 if (router_parse_routerlist_from_directory(s, &new_list, pkey,
953 dir_is_recent,
954 !dir_is_cached)) {
955 log_fn(LOG_WARN, "Couldn't parse directory.");
956 return -1;
957 }
958 if (routerlist) {
959 smartlist_t *changed = smartlist_create();
960 SMARTLIST_FOREACH(new_list->routers, routerinfo_t *, r,
961 {
962 if (router_add_to_routerlist(r,NULL)==0)
963 smartlist_add(changed, r);
964 });
965 smartlist_clear(new_list->routers);
966 routerlist->published_on = new_list->published_on;
967 tor_free(routerlist->software_versions);
968 routerlist->software_versions = new_list->software_versions;
969 new_list->software_versions = NULL;
970 routerlist_free(new_list);
971 control_event_descriptors_changed(changed);
972 smartlist_free(changed);
973 } else {
974 routerlist = new_list;
975 control_event_descriptors_changed(routerlist->routers);
976 }
977 if (router_resolve_routerlist(routerlist)) {
978 log_fn(LOG_WARN, "Error resolving routerlist");
979 return -1;
980 }
981 if (get_options()->AuthoritativeDir) {
982 /* Learn about the descriptors in the directory. */
983 dirserv_load_from_directory_string(s);
984 }
985 return 0;
986 }
987
988 /** Helper function: resolve the hostname for <b>router</b>. */
989 static int
990 router_resolve(routerinfo_t *router)
991 {
992 if (tor_lookup_hostname(router->address, &router->addr) != 0
993 || !router->addr) {
994 log_fn(LOG_WARN,"Could not resolve address for router '%s' at %s",
995 router->nickname, router->address);
996 return -1;
997 }
998 router->addr = ntohl(router->addr); /* get it back into host order */
999
1000 return 0;
1001 }
1002
1003 /** Helper function: resolve every router in rl, and ensure that our own
1004 * routerinfo is at the front.
1005 */
1006 static int
1007 router_resolve_routerlist(routerlist_t *rl)
1008 {
1009 int i, remove;
1010 routerinfo_t *r;
1011 if (!rl)
1012 rl = routerlist;
1013
1014 i = 0;
1015 if ((r = router_get_my_routerinfo())) {
1016 smartlist_insert(rl->routers, 0, routerinfo_copy(r));
1017 ++i;
1018 }
1019
1020 for ( ; i < smartlist_len(rl->routers); ++i) {
1021 remove = 0;
1022 r = smartlist_get(rl->routers,i);
1023 if (router_is_me(r)) {
1024 remove = 1;
1025 } else if (r->addr) {
1026 /* already resolved. */
1027 } else if (router_resolve(r)) {
1028 log_fn(LOG_WARN, "Couldn't resolve router '%s' at '%s'; not using",
1029 r->nickname, r->address);
1030 remove = 1;
1031 }
1032 if (remove) {
1033 routerinfo_free(r);
1034 smartlist_del_keeporder(rl->routers, i--);
1035 }
1036 }
1037
1038 return 0;
1039 }
1040
1041 /** Decide whether a given addr:port is definitely accepted,
1042 * definitely rejected, probably accepted, or probably rejected by a
1043 * given policy. If <b>addr</b> is 0, we don't know the IP of the
1044 * target address. If <b>port</b> is 0, we don't know the port of the
1045 * target address.
1046 *
1047 * For now, the algorithm is pretty simple: we look for definite and
1048 * uncertain matches. The first definite match is what we guess; if
1049 * it was proceded by no uncertain matches of the opposite policy,
1050 * then the guess is definite; otherwise it is probable. (If we
1051 * have a known addr and port, all matches are definite; if we have an
1052 * unknown addr/port, any address/port ranges other than "all" are
1053 * uncertain.)
1054 *
1055 * We could do better by assuming that some ranges never match typical
1056 * addresses (127.0.0.1, and so on). But we'll try this for now.
1057 */
1058 addr_policy_result_t
1059 router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
1060 addr_policy_t *policy)
1061 {
1062 int maybe_reject = 0;
1063 int maybe_accept = 0;
1064 int match = 0;
1065 int maybe = 0;
1066 addr_policy_t *tmpe;
1067
1068 for (tmpe=policy; tmpe; tmpe=tmpe->next) {
1069 // log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
1070 maybe = 0;
1071 if (!addr) {
1072 /* Address is unknown. */
1073 if ((port >= tmpe->prt_min && port <= tmpe->prt_max) ||
1074 (!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) {
1075 /* The port definitely matches. */
1076 if (tmpe->msk == 0) {
1077 match = 1;
1078 } else {
1079 maybe = 1;
1080 }
1081 } else if (!port) {
1082 /* The port maybe matches. */
1083 maybe = 1;
1084 }
1085 } else {
1086 /* Address is known */
1087 if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) {
1088 if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
1089 /* Exact match for the policy */
1090 match = 1;
1091 } else if (!port) {
1092 maybe = 1;
1093 }
1094 }
1095 }
1096 if (maybe) {
1097 if (tmpe->policy_type == ADDR_POLICY_REJECT)
1098 maybe_reject = 1;
1099 else
1100 maybe_accept = 1;
1101 }
1102 if (match) {
1103 // struct in_addr in;
1104 // in.s_addr = htonl(addr);
1105 // log_fn(LOG_DEBUG,"Address %s:%d matches policy '%s'",
1106 // inet_ntoa(in), port, tmpe->string);
1107 if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
1108 /* If we already hit a clause that might trigger a 'reject', than we
1109 * can't be sure of this certain 'accept'.*/
1110 return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
1111 } else {
1112 return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED : ADDR_POLICY_REJECTED;
1113 }
1114 }
1115 }
1116 /* accept all by default. */
1117 return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
1118 }
1119
1120 /** Return 1 if all running sufficiently-stable routers will reject
1121 * addr:port, return 0 if any might accept it. */
1122 int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
1123 int need_uptime) {
1124 int i;
1125 routerinfo_t *router;
1126 addr_policy_result_t r;
1127 if (!routerlist) return 1;
1128
1129 for (i=0;i<smartlist_len(routerlist->routers);i++) {
1130 router = smartlist_get(routerlist->routers, i);
1131 if (router->is_running &&
1132 !router_is_unreliable(router, need_uptime, 0)) {
1133 r = router_compare_addr_to_addr_policy(addr, port, router->exit_policy);
1134 if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
1135 return 0; /* this one could be ok. good enough. */
1136 }
1137 }
1138 return 1; /* all will reject. */
1139 }
1140
1141 /**
1142 * If <b>policy</b> implicitly allows connections to any port in the
1143 * IP set <b>addr</b>/<b>mask</b>, then set *<b>policy_out</b> to the
1144 * part of the policy that allows it, and return 1. Else return 0.
1145 *
1146 * A policy allows an IP:Port combination <em>implicitly</em> if
1147 * it is included in a *: pattern, or in a fallback pattern.
1148 */
1149 static int
1150 policy_includes_addr_mask_implicitly(addr_policy_t *policy,
1151 uint32_t addr, uint32_t mask,
1152 addr_policy_t **policy_out)
1153 {
1154 uint32_t addr2;
1155 tor_assert(policy_out);
1156 addr &= mask;
1157 addr2 = addr | ~mask;
1158 for (; policy; policy=policy->next) {
1159 /* Does this policy cover all of the address range we're looking at? */
1160 /* Boolean logic time: range X is contained in range Y if, for
1161 * each bit B, all possible values of B in X are values of B in Y.
1162 * In "addr", we have every fixed bit set to its value, and every
1163 * free bit set to 0. In "addr2", we have every fixed bit set to
1164 * its value, and every free bit set to 1. So if addr and addr2 are
1165 * both in the policy, the range is covered by the policy.
1166 */
1167 if ((policy->addr & policy->msk) == (addr & policy->msk) &&
1168 (policy->addr & policy->msk) == (addr2 & policy->msk) &&
1169 (policy->prt_min <= 1 && policy->prt_max == 65535)) {
1170 return 0;
1171 }
1172 /* Does this policy cover some of the address range we're looking at? */
1173 /* Boolean logic time: range X and range Y intersect if there is
1174 * some z such that z & Xmask == Xaddr and z & Ymask == Yaddr.
1175 * This is FALSE iff there is some bit b where Xmask == yMask == 1
1176 * and Xaddr != Yaddr. So if X intersects with Y iff at every
1177 * place where Xmask&Ymask==1, Xaddr == Yaddr, or equivalently,
1178 * Xaddr&Xmask&Ymask == Yaddr&Xmask&Ymask.
1179 */
1180 if ((policy->addr & policy->msk & mask) == (addr & policy->msk) &&
1181 policy->policy_type == ADDR_POLICY_ACCEPT) {
1182 *policy_out = policy;
1183 return 1;
1184 }
1185 }
1186 *policy_out = NULL;
1187 return 1;
1188 }
1189
1190 /** If <b>policy</b> implicitly allows connections to any port on
1191 * 127.*, 192.168.*, etc, then warn (if <b>warn</b> is set) and return
1192 * true. Else return false.
1193 **/
1194 int
1195 exit_policy_implicitly_allows_local_networks(addr_policy_t *policy,
1196 int warn)
1197 {
1198 addr_policy_t *p;
1199 int r=0,i;
1200 static struct {
1201 uint32_t addr; uint32_t mask; const char *network;
1202 } private_networks[] = {
1203 { 0x7f000000, 0xff000000, "localhost (127.x)" },
1204 { 0x0a000000, 0xff000000, "addresses in private network 10.x" },
1205 { 0xa9fe0000, 0xffff0000, "addresses in private network 169.254.x" },
1206 { 0xac100000, 0xfff00000, "addresses in private network 172.16.x" },
1207 { 0xc0a80000, 0xffff0000, "addresses in private network 192.168.x" },
1208 { 0,0,NULL},
1209 };
1210 for (i=0; private_networks[i].addr; ++i) {
1211 p = NULL;
1212 if (policy_includes_addr_mask_implicitly(
1213 policy, private_networks[i].addr, private_networks[i].mask, &p)) {
1214 if (warn)
1215 log_fn(LOG_WARN, "Exit policy %s implicitly accepts %s",
1216 p?p->string:"(default)",
1217 private_networks[i].network);
1218 r = 1;
1219 }
1220 }
1221
1222 return r;
1223 }
1224
1225 /** Return true iff <b>router</b> does not permit exit streams.
1226 */
1227 int router_exit_policy_rejects_all(routerinfo_t *router) {
1228 return router_compare_addr_to_addr_policy(0, 0, router->exit_policy)
1229 == ADDR_POLICY_REJECTED;
1230 }
1231
1232 /** Release all space held in <b>rr</b>. */
1233 void running_routers_free(running_routers_t *rr)
1234 {
1235 if (!rr)
1236 return;
1237 if (rr->running_routers) {
1238 SMARTLIST_FOREACH(rr->running_routers, char *, s, tor_free(s));
1239 smartlist_free(rr->running_routers);
1240 }
1241 tor_free(rr);
1242 }
1243
1244 /** We've just got a running routers list in <b>rr</b>; update the
1245 * status of the routers in <b>list</b>, and cache <b>rr</b> */
1246 void
1247 routerlist_set_runningrouters(routerlist_t *list, running_routers_t *rr)
1248 {
1249 routerlist_update_from_runningrouters(list,rr);
1250 if (list->running_routers != rr) {
1251 running_routers_free(list->running_routers);
1252 list->running_routers = rr;
1253 }
1254 }
1255
1256 /** Update the running/not-running status of every router in <b>list</b>, based
1257 * on the contents of <b>rr</b>. */
1258 /* Note: this function is not yet used, since nobody publishes just
1259 * running-router lists yet. */
1260 void routerlist_update_from_runningrouters(routerlist_t *list,
1261 running_routers_t *rr)
1262 {
1263 routerinfo_t *me = router_get_my_routerinfo();
1264 smartlist_t *all_routers;
1265 if (!list)
1266 return;
1267 if (list->published_on >= rr->published_on)
1268 return;
1269 if (list->running_routers_updated_on >= rr->published_on)
1270 return;
1271
1272 all_routers = smartlist_create();
1273 if (me) /* learn if the dirservers think I'm verified */
1274 smartlist_add(all_routers, me);
1275
1276 smartlist_add_all(all_routers,list->routers);
1277 SMARTLIST_FOREACH(rr->running_routers, const char *, cp,
1278 routers_update_status_from_entry(all_routers, rr->published_on,
1279 cp, rr->is_running_routers_format));
1280 smartlist_free(all_routers);
1281 list->running_routers_updated_on = rr->published_on;
1282 }
1283
1284 /** Update the is_running and is_verified fields of the router <b>router</b>,
1285 * based in its status in the list of strings stored in <b>running_list</b>.
1286 * All entries in <b>running_list</b> follow one of these formats:
1287 * <ol><li> <b>nickname</b> -- router is running and verified.
1288 * (running-routers format)
1289 * <li> !<b>nickname</b> -- router is not-running and verified.
1290 * (running-routers format)
1291 * <li> <b>nickname</b>=$<b>hexdigest</b> -- router is running and
1292 * verified. (router-status format)
1293 * (router-status format)
1294 * <li> !<b>nickname</b>=$<b>hexdigest</b> -- router is running and
1295 * verified. (router-status format)
1296 * <li> !<b>nickname</b> -- router is not-running and verified.
1297 * <li> $<b>hexdigest</b> -- router is running and unverified.
1298 * <li> !$<b>hexdigest</b> -- router is not-running and unverified.
1299 * </ol>
1300 *
1301 * Return 1 if we found router in running_list, else return 0.
1302 */
1303 int routers_update_status_from_entry(smartlist_t *routers,
1304 time_t list_time,
1305 const char *s,
1306 int rr_format)
1307 {
1308 int is_running = 1;
1309 int is_verified = 0;
1310 int hex_digest_set = 0;
1311 char nickname[MAX_NICKNAME_LEN+1];
1312 char hexdigest[HEX_DIGEST_LEN+1];
1313 char digest[DIGEST_LEN];
1314 const char *cp, *end;
1315
1316 /* First, parse the entry. */
1317 cp = s;
1318 if (*cp == '!') {
1319 is_running = 0;
1320 ++cp;
1321 }
1322
1323 if (*cp != '$') {
1324 /* It starts with a non-dollar character; that's a nickname. The nickname
1325 * entry will either extend to a NUL (old running-routers format) or to an
1326 * equals sign (new router-status format). */
1327 is_verified = 1;
1328 end = strchr(cp, '=');
1329 if (!end)
1330 end = strchr(cp,'\0');
1331 tor_assert(end);
1332 /* 'end' now points on character beyond the end of the nickname */
1333 if (end == cp || end-cp > MAX_NICKNAME_LEN) {
1334 log_fn(LOG_WARN, "Bad nickname length (%d) in router status entry (%s)",
1335 (int)(end-cp), s);
1336 return -1;
1337 }
1338 memcpy(nickname, cp, end-cp);
1339 nickname[end-cp]='\0';
1340 if (!is_legal_nickname(nickname)) {
1341 log_fn(LOG_WARN, "Bad nickname (%s) in router status entry (%s)",
1342 nickname, s);
1343 return -1;
1344 }
1345 cp = end;
1346 if (*cp == '=')
1347 ++cp;
1348 }
1349 /* 'end' now points to the start of a hex digest, or EOS. */
1350
1351 /* Parse the hexdigest portion of the status. */
1352 if (*cp == '$') {
1353 hex_digest_set = 1;
1354 ++cp;
1355 if (strlen(cp) != HEX_DIGEST_LEN) {
1356 log_fn(LOG_WARN, "Bad length (%d) on digest in router status entry (%s)",
1357 (int)strlen(cp), s);
1358 return -1;
1359 }
1360 strlcpy(hexdigest, cp, sizeof(hexdigest));
1361 if (base16_decode(digest, DIGEST_LEN, hexdigest, HEX_DIGEST_LEN)<0) {
1362 log_fn(LOG_WARN, "Invalid digest in router status entry (%s)", s);
1363 return -1;
1364 }
1365 }
1366
1367 /* Make sure that the entry was in the right format. */
1368 if (rr_format) {
1369 if (is_verified == hex_digest_set) {
1370 log_fn(LOG_WARN, "Invalid syntax for running-routers member (%s)", s);
1371 return -1;
1372 }
1373 } else {
1374 if (!hex_digest_set) {
1375 log_fn(LOG_WARN, "Invalid syntax for router-status member (%s)", s);
1376 return -1;
1377 }
1378 }
1379
1380 /* Okay, we're done parsing. For all routers that match, update their status.
1381 */
1382 SMARTLIST_FOREACH(routers, routerinfo_t *, r,
1383 {
1384 int nickname_matches = is_verified && !strcasecmp(r->nickname, nickname);
1385 int digest_matches = !memcmp(digest, r->identity_digest, DIGEST_LEN);
1386 if (nickname_matches && (digest_matches||rr_format))
1387 r->is_verified = 1;
1388 else if (digest_matches)
1389 r->is_verified = 0;
1390 if (digest_matches || (nickname_matches&&rr_format))
1391 if (r->status_set_at < list_time) {
1392 r->is_running = is_running;
1393 r->status_set_at = time(NULL);
1394 }
1395 });
1396
1397 return 0;
1398 }
1399
1400 /** As router_update_status_from_entry, but consider all entries in
1401 * running_list. */
1402 int
1403 router_update_status_from_smartlist(routerinfo_t *router,
1404 time_t list_time,
1405 smartlist_t *running_list,
1406 int rr_format)
1407 {
1408 smartlist_t *rl;
1409 rl = smartlist_create();
1410 smartlist_add(rl,router);
1411 SMARTLIST_FOREACH(running_list, const char *, cp,
1412 routers_update_status_from_entry(rl,list_time,cp,rr_format));
1413 smartlist_free(rl);
1414 return 0;
1415 }
1416
1417 /** Add to the list of authorized directory servers one at
1418 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. */
1419 void
1420 add_trusted_dir_server(const char *address, uint16_t port, const char *digest)
1421 {
1422 trusted_dir_server_t *ent;
1423 uint32_t a;
1424 if (!trusted_dir_servers)
1425 trusted_dir_servers = smartlist_create();
1426
1427 if (tor_lookup_hostname(address, &a)) {
1428 log_fn(LOG_WARN, "Unable to lookup address for directory server at %s",
1429 address);
1430 return;
1431 }
1432
1433 ent = tor_malloc(sizeof(trusted_dir_server_t));
1434 ent->address = tor_strdup(address);
1435 ent->addr = ntohl(a);
1436 ent->dir_port = port;
1437 ent->is_running = 1;
1438 memcpy(ent->digest, digest, DIGEST_LEN);
1439 smartlist_add(trusted_dir_servers, ent);
1440 }
1441
1442 /** Remove all members from the list of trusted dir servers. */
1443 void clear_trusted_dir_servers(void)
1444 {
1445 if (trusted_dir_servers) {
1446 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent,
1447 { tor_free(ent->address); tor_free(ent); });
1448 smartlist_clear(trusted_dir_servers);
1449 } else {
1450 trusted_dir_servers = smartlist_create();
1451 }
1452 }
1453
The Onion Router