1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004-2005 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char routerlist_c_id
[] = "$Id$";
14 * maintain and access the global list of routerinfos for known
18 /****************************************************************************/
20 static smartlist_t
*trusted_dir_servers
= NULL
;
22 /* static function prototypes */
24 router_pick_directory_server_impl(int requireothers
, int fascistfirewall
,
25 int for_runningrouters
);
26 static trusted_dir_server_t
*
27 router_pick_trusteddirserver_impl(int requireother
, int fascistfirewall
);
28 static void mark_all_trusteddirservers_up(void);
29 static int router_resolve_routerlist(routerlist_t
*dir
);
31 /****************************************************************************/
34 * Functions to manage and access our list of known routers. (Note:
35 * dirservers maintain a separate, independent list of known router
39 /** Global list of all of the routers that we, as an OR or OP, know about. */
40 static routerlist_t
*routerlist
= NULL
;
42 extern int has_fetched_directory
; /**< from main.c */
45 * Reload the original list of trusted dirservers, and the most recent
46 * cached directory (if present).
48 int router_reload_router_list(void)
54 tor_assert(get_options()->DataDirectory
);
56 tor_snprintf(filename
,sizeof(filename
),"%s/cached-directory",
57 get_options()->DataDirectory
);
58 s
= read_file_to_str(filename
,0);
60 stat(filename
, &st
); /* if s is true, stat probably worked */
61 log_fn(LOG_INFO
, "Loading cached directory from %s", filename
);
62 is_recent
= st
.st_mtime
> time(NULL
) - 60*15;
63 if (router_load_routerlist_from_directory(s
, NULL
, is_recent
, 1) < 0) {
64 log_fn(LOG_WARN
, "Cached directory at '%s' was unparseable; ignoring.", filename
);
67 ((routerlist
->published_on
> time(NULL
) - MIN_ONION_KEY_LIFETIME
/2)
69 directory_has_arrived(st
.st_mtime
, NULL
); /* do things we've been waiting to do */
76 /* Set *<b>outp</b> to a smartlist containing a list of
77 * trusted_dir_server_t * for all known trusted dirservers. Callers
78 * must not modify the list or its contents.
80 void router_get_trusted_dir_servers(smartlist_t
**outp
)
82 if (!trusted_dir_servers
)
83 trusted_dir_servers
= smartlist_create();
85 *outp
= trusted_dir_servers
;
88 /** Try to find a running dirserver. If there are no running dirservers
89 * in our routerlist, set all the authoritative ones as running again,
90 * and pick one. If there are no dirservers at all in our routerlist,
91 * reload the routerlist and try one last time. If for_runningrouters is
92 * true, then only pick a dirserver that can answer runningrouters queries
93 * (that is, a trusted dirserver, or one running 0.0.9rc5-cvs or later).
95 routerinfo_t
*router_pick_directory_server(int requireothers
,
97 int for_runningrouters
,
98 int retry_if_no_servers
) {
104 choice
= router_pick_directory_server_impl(requireothers
, fascistfirewall
,
106 if (choice
|| !retry_if_no_servers
)
109 log_fn(LOG_INFO
,"No reachable router entries for dirservers. Trying them all again.");
110 /* mark all authdirservers as up again */
111 mark_all_trusteddirservers_up();
113 choice
= router_pick_directory_server_impl(requireothers
, fascistfirewall
,
118 log_fn(LOG_INFO
,"Still no %s router entries. Reloading and trying again.",
119 get_options()->FascistFirewall
? "reachable" : "known");
120 has_fetched_directory
=0; /* reset it */
121 if (router_reload_router_list()) {
124 /* give it one last try */
125 choice
= router_pick_directory_server_impl(requireothers
, 0,
130 trusted_dir_server_t
*router_pick_trusteddirserver(int requireothers
,
132 int retry_if_no_servers
) {
133 trusted_dir_server_t
*choice
;
135 choice
= router_pick_trusteddirserver_impl(requireothers
, fascistfirewall
);
136 if (choice
|| !retry_if_no_servers
)
139 log_fn(LOG_INFO
,"No trusted dirservers are reachable. Trying them all again.");
140 /* mark all authdirservers as up again */
141 mark_all_trusteddirservers_up();
143 choice
= router_pick_trusteddirserver_impl(requireothers
, fascistfirewall
);
147 log_fn(LOG_WARN
,"Still no dirservers %s. Reloading and trying again.",
148 get_options()->FascistFirewall
? "reachable" : "known");
149 has_fetched_directory
=0; /* reset it */
150 if (router_reload_router_list()) {
153 /* give it one last try */
154 choice
= router_pick_trusteddirserver_impl(requireothers
, 0);
158 /** Pick a random running router from our routerlist. If requireauth,
159 * it has to be a trusted server. If requireothers, it cannot be us.
161 static routerinfo_t
*
162 router_pick_directory_server_impl(int requireothers
, int fascistfirewall
,
163 int for_runningrouters
)
166 routerinfo_t
*router
;
172 if (get_options()->HttpProxy
)
175 /* Find all the running dirservers we know about. */
176 sl
= smartlist_create();
177 for (i
=0;i
< smartlist_len(routerlist
->routers
); i
++) {
178 router
= smartlist_get(routerlist
->routers
, i
);
179 if (!router
->is_running
|| !router
->dir_port
|| !router
->is_verified
)
181 if (requireothers
&& router_is_me(router
))
183 if (fascistfirewall
) {
184 if (!smartlist_string_num_isin(get_options()->FirewallPorts
, router
->dir_port
))
187 /* before 0.0.9rc5-cvs, only trusted dirservers served status info. */
188 if (for_runningrouters
&&
189 !(tor_version_as_new_as(router
->platform
,"0.0.9rc5-cvs") ||
190 router_digest_is_trusted_dir(router
->identity_digest
)))
192 smartlist_add(sl
, router
);
195 router
= smartlist_choose(sl
);
200 static trusted_dir_server_t
*
201 router_pick_trusteddirserver_impl(int requireother
, int fascistfirewall
)
205 trusted_dir_server_t
*ds
;
206 sl
= smartlist_create();
207 me
= router_get_my_routerinfo();
209 if (!trusted_dir_servers
)
212 if (get_options()->HttpProxy
)
215 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, d
,
217 if (!d
->is_running
) continue;
218 if (requireother
&& me
&&
219 !memcmp(me
->identity_digest
, d
->digest
, DIGEST_LEN
))
221 if (fascistfirewall
) {
222 if (!smartlist_string_num_isin(get_options()->FirewallPorts
, d
->dir_port
))
225 smartlist_add(sl
, d
);
228 ds
= smartlist_choose(sl
);
233 /** Go through and mark the auth dirservers as up */
234 static void mark_all_trusteddirservers_up(void) {
236 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, router
,
237 if (router_digest_is_trusted_dir(router
->identity_digest
)) {
238 tor_assert(router
->dir_port
> 0);
239 router
->is_running
= 1;
240 router
->status_set_at
= time(NULL
);
243 if (trusted_dir_servers
) {
244 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, dir
,
245 dir
->is_running
= 1);
249 /** Return 0 if \exists an authoritative dirserver that's currently
250 * thought to be running, else return 1.
252 int all_trusted_directory_servers_down(void) {
253 if (!trusted_dir_servers
)
255 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, dir
,
256 if (dir
->is_running
) return 0);
260 /** Add all the family of <b>router</b> to the smartlist <b>sl</b>.
262 void routerlist_add_family(smartlist_t
*sl
, routerinfo_t
*router
) {
264 struct config_line_t
*cl
;
266 if (!router
->declared_family
)
269 /* Add every r such that router declares familyness with r, and r
270 * declares familyhood with router. */
271 SMARTLIST_FOREACH(router
->declared_family
, const char *, n
,
273 if (!(r
= router_get_by_nickname(n
)))
275 if (!r
->declared_family
)
277 SMARTLIST_FOREACH(r
->declared_family
, const char *, n2
,
279 if (router_nickname_matches(router
, n2
))
280 smartlist_add(sl
, r
);
284 for (cl
= get_options()->NodeFamilies
; cl
; cl
= cl
->next
) {
285 if (router_nickname_is_in_list(router
, cl
->value
)) {
286 add_nickname_list_to_smartlist(sl
, cl
->value
, 0);
291 /** List of string for nicknames we've warned about and haven't yet succeeded.
293 static smartlist_t
*warned_nicknames
= NULL
;
295 /** Given a comma-and-whitespace separated list of nicknames, see which
296 * nicknames in <b>list</b> name routers in our routerlist that are
297 * currently running. Add the routerinfos for those routers to <b>sl</b>.
300 add_nickname_list_to_smartlist(smartlist_t
*sl
, const char *list
, int warn_if_down
)
302 routerinfo_t
*router
;
303 smartlist_t
*nickname_list
;
306 return; /* nothing to do */
309 nickname_list
= smartlist_create();
310 if (!warned_nicknames
)
311 warned_nicknames
= smartlist_create();
313 smartlist_split_string(nickname_list
, list
, ",",
314 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
316 SMARTLIST_FOREACH(nickname_list
, const char *, nick
, {
318 if (!is_legal_nickname_or_hexdigest(nick
)) {
319 log_fn(LOG_WARN
,"Nickname %s is misformed; skipping", nick
);
322 router
= router_get_by_nickname(nick
);
323 warned
= smartlist_string_isin(warned_nicknames
, nick
);
325 if (router
->is_running
) {
326 smartlist_add(sl
,router
);
328 smartlist_string_remove(warned_nicknames
, nick
);
331 log_fn(warn_if_down
? LOG_WARN
: LOG_DEBUG
,
332 "Nickname list includes '%s' which is known but down.",nick
);
333 smartlist_add(warned_nicknames
, tor_strdup(nick
));
338 log_fn(has_fetched_directory
? LOG_WARN
: LOG_INFO
,
339 "Nickname list includes '%s' which isn't a known router.",nick
);
340 smartlist_add(warned_nicknames
, tor_strdup(nick
));
344 SMARTLIST_FOREACH(nickname_list
, char *, nick
, tor_free(nick
));
345 smartlist_free(nickname_list
);
348 /** Return 1 iff any member of the comma-separated list <b>list</b> is an
349 * acceptable nickname or hexdigest for <b>router</b>. Else return 0.
352 router_nickname_is_in_list(routerinfo_t
*router
, const char *list
)
354 smartlist_t
*nickname_list
;
358 return 0; /* definitely not */
361 nickname_list
= smartlist_create();
362 smartlist_split_string(nickname_list
, list
, ",",
363 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
364 SMARTLIST_FOREACH(nickname_list
, const char *, cp
,
365 if (router_nickname_matches(router
, cp
)) {v
=1;break;});
366 SMARTLIST_FOREACH(nickname_list
, char *, cp
, tor_free(cp
));
367 smartlist_free(nickname_list
);
371 /** Add every router from our routerlist that is currently running to
375 router_add_running_routers_to_smartlist(smartlist_t
*sl
, int allow_unverified
,
376 int need_uptime
, int need_capacity
)
378 routerinfo_t
*router
;
384 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
385 router
= smartlist_get(routerlist
->routers
, i
);
386 if (router
->is_running
&&
387 (router
->is_verified
||
389 !router_is_unreliable(router
, need_uptime
, need_capacity
)))) {
390 /* If it's running, and either it's verified or we're ok picking
391 * unverified routers and this one is suitable.
393 smartlist_add(sl
, router
);
399 routerlist_find_my_routerinfo(void) {
400 routerinfo_t
*router
;
406 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
407 router
= smartlist_get(routerlist
->routers
, i
);
408 if (router_is_me(router
))
415 router_is_unreliable(routerinfo_t
*router
, int need_uptime
, int need_capacity
)
417 if (need_uptime
&& router
->uptime
< ROUTER_REQUIRED_MIN_UPTIME
)
419 if (need_capacity
&& router
->bandwidthcapacity
< ROUTER_REQUIRED_MIN_BANDWIDTH
)
425 routerlist_sl_remove_unreliable_routers(smartlist_t
*sl
)
428 routerinfo_t
*router
;
430 for (i
= 0; i
< smartlist_len(sl
); ++i
) {
431 router
= smartlist_get(sl
, i
);
432 if (router_is_unreliable(router
, 1, 0)) {
433 log(LOG_DEBUG
, "Router '%s' has insufficient uptime; deleting.",
435 smartlist_del(sl
, i
--);
441 routerlist_sl_choose_by_bandwidth(smartlist_t
*sl
)
444 routerinfo_t
*router
;
445 smartlist_t
*bandwidths
;
446 uint32_t this_bw
, tmp
, total_bw
=0, rand_bw
;
449 bandwidths
= smartlist_create();
450 for (i
= 0; i
< smartlist_len(sl
); ++i
) {
451 router
= smartlist_get(sl
, i
);
452 this_bw
= (router
->bandwidthcapacity
< router
->bandwidthrate
) ?
453 router
->bandwidthcapacity
: router
->bandwidthrate
;
454 if (this_bw
> 2000000)
455 this_bw
= 2000000; /* if they claim something huge, don't believe it */
456 p
= tor_malloc(sizeof(uint32_t));
458 smartlist_add(bandwidths
, p
);
460 // log_fn(LOG_INFO,"Recording bw %d for node %s.", this_bw, router->nickname);
463 SMARTLIST_FOREACH(bandwidths
, uint32_t*, p
, tor_free(p
));
464 smartlist_free(bandwidths
);
465 return smartlist_choose(sl
);
467 rand_bw
= crypto_pseudo_rand_int(total_bw
);
468 // log_fn(LOG_INFO,"Total bw %d. Randomly chose %d.", total_bw, rand_bw);
471 tor_assert(i
< smartlist_len(sl
));
472 p
= smartlist_get(bandwidths
, i
);
474 router
= smartlist_get(sl
, i
);
475 // log_fn(LOG_INFO,"Considering %s. tmp = %d.", router->nickname, tmp);
479 SMARTLIST_FOREACH(bandwidths
, uint32_t*, p
, tor_free(p
));
480 smartlist_free(bandwidths
);
481 router
= smartlist_get(sl
, i
);
482 // log_fn(LOG_INFO,"Picked %s.", router->nickname);
486 /** Return a random running router from the routerlist. If any node
487 * named in <b>preferred</b> is available, pick one of those. Never
488 * pick a node named in <b>excluded</b>, or whose routerinfo is in
489 * <b>excludedsmartlist</b>, even if they are the only nodes
490 * available. If <b>strict</b> is true, never pick any node besides
491 * those in <b>preferred</b>.
493 routerinfo_t
*router_choose_random_node(const char *preferred
,
494 const char *excluded
,
495 smartlist_t
*excludedsmartlist
,
496 int need_uptime
, int need_capacity
,
497 int allow_unverified
, int strict
)
499 smartlist_t
*sl
, *excludednodes
;
500 routerinfo_t
*choice
;
502 excludednodes
= smartlist_create();
503 add_nickname_list_to_smartlist(excludednodes
,excluded
,0);
505 /* Try the preferred nodes first. Ignore need_uptime and need_capacity,
506 * since the user explicitly asked for these nodes. */
507 sl
= smartlist_create();
508 add_nickname_list_to_smartlist(sl
,preferred
,1);
509 smartlist_subtract(sl
,excludednodes
);
510 if (excludedsmartlist
)
511 smartlist_subtract(sl
,excludedsmartlist
);
514 routerlist_sl_remove_unreliable_routers(sl
);
516 choice
= routerlist_sl_choose_by_bandwidth(sl
);
519 choice
= smartlist_choose(sl
);
521 if (!choice
&& !strict
) {
522 /* Then give up on our preferred choices: any node
523 * will do that has the required attributes. */
524 sl
= smartlist_create();
525 router_add_running_routers_to_smartlist(sl
, allow_unverified
,
526 need_uptime
, need_capacity
);
527 smartlist_subtract(sl
,excludednodes
);
528 if (excludedsmartlist
)
529 smartlist_subtract(sl
,excludedsmartlist
);
531 routerlist_sl_remove_unreliable_routers(sl
);
533 choice
= routerlist_sl_choose_by_bandwidth(sl
);
535 choice
= smartlist_choose(sl
);
538 smartlist_free(excludednodes
);
540 log_fn(LOG_WARN
,"No available nodes when trying to choose node. Failing.");
544 /** Return the router in our routerlist whose address is <b>addr</b> and
545 * whose OR port is <b>port</b>. Return NULL if no such router is known.
547 routerinfo_t
*router_get_by_addr_port(uint32_t addr
, uint16_t port
) {
549 routerinfo_t
*router
;
554 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
555 router
= smartlist_get(routerlist
->routers
, i
);
556 if ((router
->addr
== addr
) && (router
->or_port
== port
))
562 /** Return true iff the digest of <b>router</b>'s identity key,
563 * encoded in hexadecimal, matches <b>hexdigest</b> (which is
564 * optionally prefixed with a single dollar sign). Return false if
565 * <b>hexdigest</b> is malformed, or it doesn't match. */
566 static INLINE
int router_hex_digest_matches(routerinfo_t
*router
,
567 const char *hexdigest
)
569 char digest
[DIGEST_LEN
];
570 tor_assert(hexdigest
);
571 if (hexdigest
[0] == '$')
574 if (strlen(hexdigest
) != HEX_DIGEST_LEN
||
575 base16_decode(digest
, DIGEST_LEN
, hexdigest
, HEX_DIGEST_LEN
)<0)
578 return (!memcmp(digest
, router
->identity_digest
, DIGEST_LEN
));
581 /* Return true if <b>router</b>'s nickname matches <b>nickname</b>
582 * (case-insensitive), or if <b>router's</b> identity key digest
583 * matches a hexadecimal value stored in <b>nickname</b>. Return
585 int router_nickname_matches(routerinfo_t
*router
, const char *nickname
)
587 if (nickname
[0]!='$' && !strcasecmp(router
->nickname
, nickname
))
590 return router_hex_digest_matches(router
, nickname
);
593 /** Return the router in our routerlist whose (case-insensitive)
594 * nickname or (case-sensitive) hexadecimal key digest is
595 * <b>nickname</b>. Return NULL if no such router is known.
597 routerinfo_t
*router_get_by_nickname(const char *nickname
)
600 routerinfo_t
*router
;
601 char digest
[DIGEST_LEN
];
603 tor_assert(nickname
);
606 if (nickname
[0] == '$')
607 return router_get_by_hexdigest(nickname
);
608 if (server_mode(get_options()) &&
609 !strcasecmp(nickname
, get_options()->Nickname
))
610 return router_get_my_routerinfo();
612 maybedigest
= (strlen(nickname
) == HEX_DIGEST_LEN
) &&
613 (base16_decode(digest
,DIGEST_LEN
,nickname
,HEX_DIGEST_LEN
) == 0);
615 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
616 router
= smartlist_get(routerlist
->routers
, i
);
617 if (0 == strcasecmp(router
->nickname
, nickname
) ||
618 (maybedigest
&& 0 == memcmp(digest
, router
->identity_digest
,
626 /** Return true iff <b>digest</b> is the digest of the identity key of
627 * a trusted directory. */
628 int router_digest_is_trusted_dir(const char *digest
) {
629 if (!trusted_dir_servers
)
631 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, ent
,
632 if (!memcmp(digest
, ent
->digest
, DIGEST_LEN
)) return 1);
636 /** Return the router in our routerlist whose hexadecimal key digest
637 * is <b>hexdigest</b>. Return NULL if no such router is known. */
638 routerinfo_t
*router_get_by_hexdigest(const char *hexdigest
) {
639 char digest
[DIGEST_LEN
];
641 tor_assert(hexdigest
);
644 if (hexdigest
[0]=='$')
646 if (strlen(hexdigest
) != HEX_DIGEST_LEN
||
647 base16_decode(digest
,DIGEST_LEN
,hexdigest
,HEX_DIGEST_LEN
) < 0)
650 return router_get_by_digest(digest
);
653 /** Return the router in our routerlist whose 20-byte key digest
654 * is <b>digest</b>. Return NULL if no such router is known. */
655 routerinfo_t
*router_get_by_digest(const char *digest
) {
657 routerinfo_t
*router
;
660 if (server_mode(get_options()) &&
661 (router
= router_get_my_routerinfo()) &&
662 !memcmp(digest
, router
->identity_digest
, DIGEST_LEN
))
664 if (!routerlist
) return NULL
;
666 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
667 router
= smartlist_get(routerlist
->routers
, i
);
668 if (0 == memcmp(router
->identity_digest
, digest
, DIGEST_LEN
))
675 /** Set *<b>prouterlist</b> to the current list of all known routers. */
676 void router_get_routerlist(routerlist_t
**prouterlist
) {
677 *prouterlist
= routerlist
;
680 /** Return the publication time on the current routerlist, or 0 if we have no
682 time_t routerlist_get_published_time(void) {
683 return routerlist
? routerlist
->published_on
: 0;
686 /** Free all storage held by <b>router</b>. */
687 void routerinfo_free(routerinfo_t
*router
)
692 tor_free(router
->signed_descriptor
);
693 tor_free(router
->address
);
694 tor_free(router
->nickname
);
695 tor_free(router
->platform
);
696 if (router
->onion_pkey
)
697 crypto_free_pk_env(router
->onion_pkey
);
698 if (router
->identity_pkey
)
699 crypto_free_pk_env(router
->identity_pkey
);
700 if (router
->declared_family
) {
701 SMARTLIST_FOREACH(router
->declared_family
, char *, s
, tor_free(s
));
702 smartlist_free(router
->declared_family
);
704 addr_policy_free(router
->exit_policy
);
708 /** Allocate a fresh copy of <b>router</b> */
709 routerinfo_t
*routerinfo_copy(const routerinfo_t
*router
)
712 addr_policy_t
**e
, *tmp
;
714 r
= tor_malloc(sizeof(routerinfo_t
));
715 memcpy(r
, router
, sizeof(routerinfo_t
));
717 r
->address
= tor_strdup(r
->address
);
718 r
->nickname
= tor_strdup(r
->nickname
);
719 r
->platform
= tor_strdup(r
->platform
);
720 if (r
->signed_descriptor
)
721 r
->signed_descriptor
= tor_strdup(r
->signed_descriptor
);
723 r
->onion_pkey
= crypto_pk_dup_key(r
->onion_pkey
);
724 if (r
->identity_pkey
)
725 r
->identity_pkey
= crypto_pk_dup_key(r
->identity_pkey
);
728 tmp
= tor_malloc(sizeof(addr_policy_t
));
729 memcpy(tmp
,*e
,sizeof(addr_policy_t
));
731 (*e
)->string
= tor_strdup((*e
)->string
);
734 if (r
->declared_family
) {
735 r
->declared_family
= smartlist_create();
736 SMARTLIST_FOREACH(router
->declared_family
, const char *, s
,
737 smartlist_add(r
->declared_family
, tor_strdup(s
)));
742 /** Free all storage held by a routerlist <b>rl</b> */
743 void routerlist_free(routerlist_t
*rl
)
746 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
748 smartlist_free(rl
->routers
);
749 running_routers_free(rl
->running_routers
);
750 tor_free(rl
->software_versions
);
754 void routerlist_free_current(void)
757 routerlist_free(routerlist
);
759 if (warned_nicknames
) {
760 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
761 smartlist_free(warned_nicknames
);
762 warned_nicknames
= NULL
;
766 void free_trusted_dir_servers(void)
768 if (trusted_dir_servers
) {
769 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, ds
,
770 { tor_free(ds
->address
); tor_free(ds
); });
771 smartlist_free(trusted_dir_servers
);
772 trusted_dir_servers
= NULL
;
776 /** Mark the router with ID <b>digest</b> as non-running in our routerlist. */
777 void router_mark_as_down(const char *digest
) {
778 routerinfo_t
*router
;
781 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, d
,
782 if (!memcmp(d
->digest
, digest
, DIGEST_LEN
))
785 router
= router_get_by_digest(digest
);
786 if (!router
) /* we don't seem to know about him in the first place */
788 log_fn(LOG_DEBUG
,"Marking router '%s' as down.",router
->nickname
);
789 if (router_is_me(router
))
790 log_fn(LOG_WARN
, "We just marked ourself as down. Are your external addresses reachable?");
791 router
->is_running
= 0;
792 router
->status_set_at
= time(NULL
);
795 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
796 * older entries (if any) with the same name. Note: Callers should not hold
797 * their pointers to <b>router</b> after invoking this function; <b>router</b>
798 * will either be inserted into the routerlist or freed. Returns 0 if the
799 * router was added; -1 if it was not.
804 router_add_to_routerlist(routerinfo_t
*router
, const char **msg
) {
807 char id_digest
[DIGEST_LEN
];
809 tor_assert(routerlist
);
810 crypto_pk_get_digest(router
->identity_pkey
, id_digest
);
812 /* If we have a router with this name, and the identity key is the same,
813 * choose the newer one. If the identity key has changed, drop the router.
815 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
816 r
= smartlist_get(routerlist
->routers
, i
);
818 if (!crypto_pk_cmp_keys(router
->identity_pkey
, r
->identity_pkey
)) {
819 if (router
->published_on
> r
->published_on
) {
820 log_fn(LOG_DEBUG
, "Replacing entry for router '%s/%s' [%s]",
821 router
->nickname
, r
->nickname
, hex_str(id_digest
,DIGEST_LEN
));
822 /* Remember whether we trust this router as a dirserver. */
823 /* If the address hasn't changed; no need to re-resolve. */
824 if (!strcasecmp(r
->address
, router
->address
))
825 router
->addr
= r
->addr
;
827 smartlist_set(routerlist
->routers
, i
, router
);
830 log_fn(LOG_DEBUG
, "Skipping not-new descriptor for router '%s'",
832 /* Update the is_running status to whatever we were told. */
833 r
->is_running
= router
->is_running
;
834 routerinfo_free(router
);
835 if (msg
) *msg
= "Router descriptor was not new.";
838 } else if (!strcasecmp(router
->nickname
, r
->nickname
)) {
839 /* nicknames match, keys don't. */
840 if (router
->is_verified
) {
841 /* The new verified router replaces the old one; remove the
842 * old one. And carry on to the end of the list, in case
843 * there are more old unverified routers with this nickname
845 /* mark-for-close connections using the old key, so we can
846 * make new ones with the new key.
849 while ((conn
= connection_get_by_identity_digest(r
->identity_digest
,
851 log_fn(LOG_INFO
,"Closing conn to obsolete router '%s'", r
->nickname
);
852 connection_mark_for_close(conn
);
855 smartlist_del_keeporder(routerlist
->routers
, i
--);
856 } else if (r
->is_verified
) {
857 /* Can't replace a verified router with an unverified one. */
858 log_fn(LOG_DEBUG
, "Skipping unverified entry for verified router '%s'",
860 routerinfo_free(router
);
861 if (msg
) *msg
= "Already have verified router with different key and same nickname";
866 /* We haven't seen a router with this name before. Add it to the end of
868 smartlist_add(routerlist
->routers
, router
);
872 /** Remove any routers from the routerlist that are more than <b>age</b>
875 * (This function is just like dirserv_remove_old_servers. One day we should
879 routerlist_remove_old_routers(int age
)
883 routerinfo_t
*router
;
887 cutoff
= time(NULL
) - age
;
888 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
889 router
= smartlist_get(routerlist
->routers
, i
);
890 if (router
->published_on
<= cutoff
) {
891 /* Too old. Remove it. */
892 log_fn(LOG_INFO
,"Forgetting obsolete routerinfo for router '%s'", router
->nickname
);
893 routerinfo_free(router
);
894 smartlist_del(routerlist
->routers
, i
--);
900 * Code to parse a single router descriptors and insert it into the
901 * directory. Return -1 if the descriptor was ill-formed; 0 if the
902 * descriptor was well-formed but could not be added; and 1 if the
903 * descriptor was added.
906 router_load_single_router(const char *s
, const char **msg
)
910 if (!(ri
= router_parse_entry_from_string(s
, NULL
))) {
911 log_fn(LOG_WARN
, "Error parsing router descriptor; dropping.");
912 if (msg
) *msg
= "Couldn't parse router descriptor";
915 if (routerlist
&& routerlist
->running_routers
) {
916 running_routers_t
*rr
= routerlist
->running_routers
;
917 router_update_status_from_smartlist(ri
,
920 rr
->is_running_routers_format
);
922 if (router_add_to_routerlist(ri
, msg
)<0) {
923 log_fn(LOG_WARN
, "Couldn't add router to list; dropping.");
924 if (msg
&& !*msg
) *msg
= "Couldn't add router to list.";
927 smartlist_t
*changed
= smartlist_create();
928 smartlist_add(changed
, ri
);
929 control_event_descriptors_changed(changed
);
930 smartlist_free(changed
);
932 log_fn(LOG_DEBUG
, "Added router to list");
936 /** Add to the current routerlist each router stored in the
937 * signed directory <b>s</b>. If pkey is provided, check the signature against
938 * pkey; else check against the pkey of the signing directory server.
940 * If <b>dir_is_recent</b> is non-zero, then examine the
941 * Recommended-versions line and take appropriate action.
943 * If <b>dir_is_cached</b> is non-zero, then we're reading it
944 * from the cache so don't bother to re-write it to the cache.
946 int router_load_routerlist_from_directory(const char *s
,
947 crypto_pk_env_t
*pkey
,
951 routerlist_t
*new_list
= NULL
;
952 if (router_parse_routerlist_from_directory(s
, &new_list
, pkey
,
955 log_fn(LOG_WARN
, "Couldn't parse directory.");
959 smartlist_t
*changed
= smartlist_create();
960 SMARTLIST_FOREACH(new_list
->routers
, routerinfo_t
*, r
,
962 if (router_add_to_routerlist(r
,NULL
)==0)
963 smartlist_add(changed
, r
);
965 smartlist_clear(new_list
->routers
);
966 routerlist
->published_on
= new_list
->published_on
;
967 tor_free(routerlist
->software_versions
);
968 routerlist
->software_versions
= new_list
->software_versions
;
969 new_list
->software_versions
= NULL
;
970 routerlist_free(new_list
);
971 control_event_descriptors_changed(changed
);
972 smartlist_free(changed
);
974 routerlist
= new_list
;
975 control_event_descriptors_changed(routerlist
->routers
);
977 if (router_resolve_routerlist(routerlist
)) {
978 log_fn(LOG_WARN
, "Error resolving routerlist");
981 if (get_options()->AuthoritativeDir
) {
982 /* Learn about the descriptors in the directory. */
983 dirserv_load_from_directory_string(s
);
988 /** Helper function: resolve the hostname for <b>router</b>. */
990 router_resolve(routerinfo_t
*router
)
992 if (tor_lookup_hostname(router
->address
, &router
->addr
) != 0
994 log_fn(LOG_WARN
,"Could not resolve address for router '%s' at %s",
995 router
->nickname
, router
->address
);
998 router
->addr
= ntohl(router
->addr
); /* get it back into host order */
1003 /** Helper function: resolve every router in rl, and ensure that our own
1004 * routerinfo is at the front.
1007 router_resolve_routerlist(routerlist_t
*rl
)
1015 if ((r
= router_get_my_routerinfo())) {
1016 smartlist_insert(rl
->routers
, 0, routerinfo_copy(r
));
1020 for ( ; i
< smartlist_len(rl
->routers
); ++i
) {
1022 r
= smartlist_get(rl
->routers
,i
);
1023 if (router_is_me(r
)) {
1025 } else if (r
->addr
) {
1026 /* already resolved. */
1027 } else if (router_resolve(r
)) {
1028 log_fn(LOG_WARN
, "Couldn't resolve router '%s' at '%s'; not using",
1029 r
->nickname
, r
->address
);
1034 smartlist_del_keeporder(rl
->routers
, i
--);
1041 /** Decide whether a given addr:port is definitely accepted,
1042 * definitely rejected, probably accepted, or probably rejected by a
1043 * given policy. If <b>addr</b> is 0, we don't know the IP of the
1044 * target address. If <b>port</b> is 0, we don't know the port of the
1047 * For now, the algorithm is pretty simple: we look for definite and
1048 * uncertain matches. The first definite match is what we guess; if
1049 * it was proceded by no uncertain matches of the opposite policy,
1050 * then the guess is definite; otherwise it is probable. (If we
1051 * have a known addr and port, all matches are definite; if we have an
1052 * unknown addr/port, any address/port ranges other than "all" are
1055 * We could do better by assuming that some ranges never match typical
1056 * addresses (127.0.0.1, and so on). But we'll try this for now.
1058 addr_policy_result_t
1059 router_compare_addr_to_addr_policy(uint32_t addr
, uint16_t port
,
1060 addr_policy_t
*policy
)
1062 int maybe_reject
= 0;
1063 int maybe_accept
= 0;
1066 addr_policy_t
*tmpe
;
1068 for (tmpe
=policy
; tmpe
; tmpe
=tmpe
->next
) {
1069 // log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
1072 /* Address is unknown. */
1073 if ((port
>= tmpe
->prt_min
&& port
<= tmpe
->prt_max
) ||
1074 (!port
&& tmpe
->prt_min
<=1 && tmpe
->prt_max
>=65535)) {
1075 /* The port definitely matches. */
1076 if (tmpe
->msk
== 0) {
1082 /* The port maybe matches. */
1086 /* Address is known */
1087 if ((addr
& tmpe
->msk
) == (tmpe
->addr
& tmpe
->msk
)) {
1088 if (port
>= tmpe
->prt_min
&& port
<= tmpe
->prt_max
) {
1089 /* Exact match for the policy */
1097 if (tmpe
->policy_type
== ADDR_POLICY_REJECT
)
1103 // struct in_addr in;
1104 // in.s_addr = htonl(addr);
1105 // log_fn(LOG_DEBUG,"Address %s:%d matches policy '%s'",
1106 // inet_ntoa(in), port, tmpe->string);
1107 if (tmpe
->policy_type
== ADDR_POLICY_ACCEPT
) {
1108 /* If we already hit a clause that might trigger a 'reject', than we
1109 * can't be sure of this certain 'accept'.*/
1110 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
: ADDR_POLICY_ACCEPTED
;
1112 return maybe_accept
? ADDR_POLICY_PROBABLY_REJECTED
: ADDR_POLICY_REJECTED
;
1116 /* accept all by default. */
1117 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
: ADDR_POLICY_ACCEPTED
;
1120 /** Return 1 if all running sufficiently-stable routers will reject
1121 * addr:port, return 0 if any might accept it. */
1122 int router_exit_policy_all_routers_reject(uint32_t addr
, uint16_t port
,
1125 routerinfo_t
*router
;
1126 addr_policy_result_t r
;
1127 if (!routerlist
) return 1;
1129 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
1130 router
= smartlist_get(routerlist
->routers
, i
);
1131 if (router
->is_running
&&
1132 !router_is_unreliable(router
, need_uptime
, 0)) {
1133 r
= router_compare_addr_to_addr_policy(addr
, port
, router
->exit_policy
);
1134 if (r
!= ADDR_POLICY_REJECTED
&& r
!= ADDR_POLICY_PROBABLY_REJECTED
)
1135 return 0; /* this one could be ok. good enough. */
1138 return 1; /* all will reject. */
1142 * If <b>policy</b> implicitly allows connections to any port in the
1143 * IP set <b>addr</b>/<b>mask</b>, then set *<b>policy_out</b> to the
1144 * part of the policy that allows it, and return 1. Else return 0.
1146 * A policy allows an IP:Port combination <em>implicitly</em> if
1147 * it is included in a *: pattern, or in a fallback pattern.
1150 policy_includes_addr_mask_implicitly(addr_policy_t
*policy
,
1151 uint32_t addr
, uint32_t mask
,
1152 addr_policy_t
**policy_out
)
1155 tor_assert(policy_out
);
1157 addr2
= addr
| ~mask
;
1158 for (; policy
; policy
=policy
->next
) {
1159 /* Does this policy cover all of the address range we're looking at? */
1160 /* Boolean logic time: range X is contained in range Y if, for
1161 * each bit B, all possible values of B in X are values of B in Y.
1162 * In "addr", we have every fixed bit set to its value, and every
1163 * free bit set to 0. In "addr2", we have every fixed bit set to
1164 * its value, and every free bit set to 1. So if addr and addr2 are
1165 * both in the policy, the range is covered by the policy.
1167 if ((policy
->addr
& policy
->msk
) == (addr
& policy
->msk
) &&
1168 (policy
->addr
& policy
->msk
) == (addr2
& policy
->msk
) &&
1169 (policy
->prt_min
<= 1 && policy
->prt_max
== 65535)) {
1172 /* Does this policy cover some of the address range we're looking at? */
1173 /* Boolean logic time: range X and range Y intersect if there is
1174 * some z such that z & Xmask == Xaddr and z & Ymask == Yaddr.
1175 * This is FALSE iff there is some bit b where Xmask == yMask == 1
1176 * and Xaddr != Yaddr. So if X intersects with Y iff at every
1177 * place where Xmask&Ymask==1, Xaddr == Yaddr, or equivalently,
1178 * Xaddr&Xmask&Ymask == Yaddr&Xmask&Ymask.
1180 if ((policy
->addr
& policy
->msk
& mask
) == (addr
& policy
->msk
) &&
1181 policy
->policy_type
== ADDR_POLICY_ACCEPT
) {
1182 *policy_out
= policy
;
1190 /** If <b>policy</b> implicitly allows connections to any port on
1191 * 127.*, 192.168.*, etc, then warn (if <b>warn</b> is set) and return
1192 * true. Else return false.
1195 exit_policy_implicitly_allows_local_networks(addr_policy_t
*policy
,
1201 uint32_t addr
; uint32_t mask
; const char *network
;
1202 } private_networks
[] = {
1203 { 0x7f000000, 0xff000000, "localhost (127.x)" },
1204 { 0x0a000000, 0xff000000, "addresses in private network 10.x" },
1205 { 0xa9fe0000, 0xffff0000, "addresses in private network 169.254.x" },
1206 { 0xac100000, 0xfff00000, "addresses in private network 172.16.x" },
1207 { 0xc0a80000, 0xffff0000, "addresses in private network 192.168.x" },
1210 for (i
=0; private_networks
[i
].addr
; ++i
) {
1212 if (policy_includes_addr_mask_implicitly(
1213 policy
, private_networks
[i
].addr
, private_networks
[i
].mask
, &p
)) {
1215 log_fn(LOG_WARN
, "Exit policy %s implicitly accepts %s",
1216 p
?p
->string
:"(default)",
1217 private_networks
[i
].network
);
1225 /** Return true iff <b>router</b> does not permit exit streams.
1227 int router_exit_policy_rejects_all(routerinfo_t
*router
) {
1228 return router_compare_addr_to_addr_policy(0, 0, router
->exit_policy
)
1229 == ADDR_POLICY_REJECTED
;
1232 /** Release all space held in <b>rr</b>. */
1233 void running_routers_free(running_routers_t
*rr
)
1237 if (rr
->running_routers
) {
1238 SMARTLIST_FOREACH(rr
->running_routers
, char *, s
, tor_free(s
));
1239 smartlist_free(rr
->running_routers
);
1244 /** We've just got a running routers list in <b>rr</b>; update the
1245 * status of the routers in <b>list</b>, and cache <b>rr</b> */
1247 routerlist_set_runningrouters(routerlist_t
*list
, running_routers_t
*rr
)
1249 routerlist_update_from_runningrouters(list
,rr
);
1250 if (list
->running_routers
!= rr
) {
1251 running_routers_free(list
->running_routers
);
1252 list
->running_routers
= rr
;
1256 /** Update the running/not-running status of every router in <b>list</b>, based
1257 * on the contents of <b>rr</b>. */
1258 /* Note: this function is not yet used, since nobody publishes just
1259 * running-router lists yet. */
1260 void routerlist_update_from_runningrouters(routerlist_t
*list
,
1261 running_routers_t
*rr
)
1263 routerinfo_t
*me
= router_get_my_routerinfo();
1264 smartlist_t
*all_routers
;
1267 if (list
->published_on
>= rr
->published_on
)
1269 if (list
->running_routers_updated_on
>= rr
->published_on
)
1272 all_routers
= smartlist_create();
1273 if (me
) /* learn if the dirservers think I'm verified */
1274 smartlist_add(all_routers
, me
);
1276 smartlist_add_all(all_routers
,list
->routers
);
1277 SMARTLIST_FOREACH(rr
->running_routers
, const char *, cp
,
1278 routers_update_status_from_entry(all_routers
, rr
->published_on
,
1279 cp
, rr
->is_running_routers_format
));
1280 smartlist_free(all_routers
);
1281 list
->running_routers_updated_on
= rr
->published_on
;
1284 /** Update the is_running and is_verified fields of the router <b>router</b>,
1285 * based in its status in the list of strings stored in <b>running_list</b>.
1286 * All entries in <b>running_list</b> follow one of these formats:
1287 * <ol><li> <b>nickname</b> -- router is running and verified.
1288 * (running-routers format)
1289 * <li> !<b>nickname</b> -- router is not-running and verified.
1290 * (running-routers format)
1291 * <li> <b>nickname</b>=$<b>hexdigest</b> -- router is running and
1292 * verified. (router-status format)
1293 * (router-status format)
1294 * <li> !<b>nickname</b>=$<b>hexdigest</b> -- router is running and
1295 * verified. (router-status format)
1296 * <li> !<b>nickname</b> -- router is not-running and verified.
1297 * <li> $<b>hexdigest</b> -- router is running and unverified.
1298 * <li> !$<b>hexdigest</b> -- router is not-running and unverified.
1301 * Return 1 if we found router in running_list, else return 0.
1303 int routers_update_status_from_entry(smartlist_t
*routers
,
1309 int is_verified
= 0;
1310 int hex_digest_set
= 0;
1311 char nickname
[MAX_NICKNAME_LEN
+1];
1312 char hexdigest
[HEX_DIGEST_LEN
+1];
1313 char digest
[DIGEST_LEN
];
1314 const char *cp
, *end
;
1316 /* First, parse the entry. */
1324 /* It starts with a non-dollar character; that's a nickname. The nickname
1325 * entry will either extend to a NUL (old running-routers format) or to an
1326 * equals sign (new router-status format). */
1328 end
= strchr(cp
, '=');
1330 end
= strchr(cp
,'\0');
1332 /* 'end' now points on character beyond the end of the nickname */
1333 if (end
== cp
|| end
-cp
> MAX_NICKNAME_LEN
) {
1334 log_fn(LOG_WARN
, "Bad nickname length (%d) in router status entry (%s)",
1338 memcpy(nickname
, cp
, end
-cp
);
1339 nickname
[end
-cp
]='\0';
1340 if (!is_legal_nickname(nickname
)) {
1341 log_fn(LOG_WARN
, "Bad nickname (%s) in router status entry (%s)",
1349 /* 'end' now points to the start of a hex digest, or EOS. */
1351 /* Parse the hexdigest portion of the status. */
1355 if (strlen(cp
) != HEX_DIGEST_LEN
) {
1356 log_fn(LOG_WARN
, "Bad length (%d) on digest in router status entry (%s)",
1357 (int)strlen(cp
), s
);
1360 strlcpy(hexdigest
, cp
, sizeof(hexdigest
));
1361 if (base16_decode(digest
, DIGEST_LEN
, hexdigest
, HEX_DIGEST_LEN
)<0) {
1362 log_fn(LOG_WARN
, "Invalid digest in router status entry (%s)", s
);
1367 /* Make sure that the entry was in the right format. */
1369 if (is_verified
== hex_digest_set
) {
1370 log_fn(LOG_WARN
, "Invalid syntax for running-routers member (%s)", s
);
1374 if (!hex_digest_set
) {
1375 log_fn(LOG_WARN
, "Invalid syntax for router-status member (%s)", s
);
1380 /* Okay, we're done parsing. For all routers that match, update their status.
1382 SMARTLIST_FOREACH(routers
, routerinfo_t
*, r
,
1384 int nickname_matches
= is_verified
&& !strcasecmp(r
->nickname
, nickname
);
1385 int digest_matches
= !memcmp(digest
, r
->identity_digest
, DIGEST_LEN
);
1386 if (nickname_matches
&& (digest_matches
||rr_format
))
1388 else if (digest_matches
)
1390 if (digest_matches
|| (nickname_matches
&&rr_format
))
1391 if (r
->status_set_at
< list_time
) {
1392 r
->is_running
= is_running
;
1393 r
->status_set_at
= time(NULL
);
1400 /** As router_update_status_from_entry, but consider all entries in
1403 router_update_status_from_smartlist(routerinfo_t
*router
,
1405 smartlist_t
*running_list
,
1409 rl
= smartlist_create();
1410 smartlist_add(rl
,router
);
1411 SMARTLIST_FOREACH(running_list
, const char *, cp
,
1412 routers_update_status_from_entry(rl
,list_time
,cp
,rr_format
));
1417 /** Add to the list of authorized directory servers one at
1418 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. */
1420 add_trusted_dir_server(const char *address
, uint16_t port
, const char *digest
)
1422 trusted_dir_server_t
*ent
;
1424 if (!trusted_dir_servers
)
1425 trusted_dir_servers
= smartlist_create();
1427 if (tor_lookup_hostname(address
, &a
)) {
1428 log_fn(LOG_WARN
, "Unable to lookup address for directory server at %s",
1433 ent
= tor_malloc(sizeof(trusted_dir_server_t
));
1434 ent
->address
= tor_strdup(address
);
1435 ent
->addr
= ntohl(a
);
1436 ent
->dir_port
= port
;
1437 ent
->is_running
= 1;
1438 memcpy(ent
->digest
, digest
, DIGEST_LEN
);
1439 smartlist_add(trusted_dir_servers
, ent
);
1442 /** Remove all members from the list of trusted dir servers. */
1443 void clear_trusted_dir_servers(void)
1445 if (trusted_dir_servers
) {
1446 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, ent
,
1447 { tor_free(ent
->address
); tor_free(ent
); });
1448 smartlist_clear(trusted_dir_servers
);
1450 trusted_dir_servers
= smartlist_create();