1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004-2005 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char routerlist_c_id
[] = "$Id$";
11 * maintain and access the global list of routerinfos for known
17 /****************************************************************************/
19 static smartlist_t
*trusted_dir_servers
= NULL
;
21 /* static function prototypes */
23 router_pick_directory_server_impl(int requireothers
, int fascistfirewall
,
24 int for_runningrouters
);
25 static trusted_dir_server_t
*
26 router_pick_trusteddirserver_impl(int requireother
, int fascistfirewall
);
27 static void mark_all_trusteddirservers_up(void);
28 static int router_resolve(routerinfo_t
*router
);
29 static int router_resolve_routerlist(routerlist_t
*dir
);
31 /****************************************************************************/
34 * Functions to manage and access our list of known routers. (Note:
35 * dirservers maintain a separate, independent list of known router
39 /** Global list of all of the routers that we, as an OR or OP, know about. */
40 static routerlist_t
*routerlist
= NULL
;
42 extern int has_fetched_directory
; /**< from main.c */
45 * Reload the original list of trusted dirservers, and the most recent
46 * cached directory (if present).
49 router_reload_router_list(void)
55 tor_assert(get_options()->DataDirectory
);
57 tor_snprintf(filename
,sizeof(filename
),"%s/cached-directory",
58 get_options()->DataDirectory
);
59 s
= read_file_to_str(filename
,0);
61 stat(filename
, &st
); /* if s is true, stat probably worked */
62 log_fn(LOG_INFO
, "Loading cached directory from %s", filename
);
63 is_recent
= st
.st_mtime
> time(NULL
) - 60*15;
64 if (router_load_routerlist_from_directory(s
, NULL
, is_recent
, 1) < 0) {
65 log_fn(LOG_WARN
, "Cached directory at '%s' was unparseable; ignoring.", filename
);
68 ((routerlist
->published_on
> time(NULL
) - MIN_ONION_KEY_LIFETIME
/2)
70 directory_has_arrived(st
.st_mtime
, NULL
); /* do things we've been waiting to do */
77 /* Set *<b>outp</b> to a smartlist containing a list of
78 * trusted_dir_server_t * for all known trusted dirservers. Callers
79 * must not modify the list or its contents.
82 router_get_trusted_dir_servers(smartlist_t
**outp
)
84 if (!trusted_dir_servers
)
85 trusted_dir_servers
= smartlist_create();
87 *outp
= trusted_dir_servers
;
90 /** Try to find a running dirserver. If there are no running dirservers
91 * in our routerlist, set all the authoritative ones as running again,
92 * and pick one. If there are no dirservers at all in our routerlist,
93 * reload the routerlist and try one last time. If for_runningrouters is
94 * true, then only pick a dirserver that can answer runningrouters queries
95 * (that is, a trusted dirserver, or one running 0.0.9rc5-cvs or later).
98 router_pick_directory_server(int requireothers
,
100 int for_runningrouters
,
101 int retry_if_no_servers
)
103 routerinfo_t
*choice
;
108 choice
= router_pick_directory_server_impl(requireothers
, fascistfirewall
,
110 if (choice
|| !retry_if_no_servers
)
113 log_fn(LOG_INFO
,"No reachable router entries for dirservers. Trying them all again.");
114 /* mark all authdirservers as up again */
115 mark_all_trusteddirservers_up();
117 choice
= router_pick_directory_server_impl(requireothers
, fascistfirewall
,
122 log_fn(LOG_INFO
,"Still no %s router entries. Reloading and trying again.",
123 get_options()->FascistFirewall
? "reachable" : "known");
124 has_fetched_directory
=0; /* reset it */
125 if (router_reload_router_list()) {
128 /* give it one last try */
129 choice
= router_pick_directory_server_impl(requireothers
, 0,
135 trusted_dir_server_t
*
136 router_pick_trusteddirserver(int requireothers
,
138 int retry_if_no_servers
)
140 trusted_dir_server_t
*choice
;
142 choice
= router_pick_trusteddirserver_impl(requireothers
, fascistfirewall
);
143 if (choice
|| !retry_if_no_servers
)
146 log_fn(LOG_INFO
,"No trusted dirservers are reachable. Trying them all again.");
147 /* mark all authdirservers as up again */
148 mark_all_trusteddirservers_up();
150 choice
= router_pick_trusteddirserver_impl(requireothers
, fascistfirewall
);
154 log_fn(LOG_WARN
,"Still no dirservers %s. Reloading and trying again.",
155 get_options()->FascistFirewall
? "reachable" : "known");
156 has_fetched_directory
=0; /* reset it */
157 if (router_reload_router_list()) {
160 /* give it one last try */
161 choice
= router_pick_trusteddirserver_impl(requireothers
, 0);
165 /** Pick a random running router from our routerlist. If requireauth,
166 * it has to be a trusted server. If requireothers, it cannot be us.
168 static routerinfo_t
*
169 router_pick_directory_server_impl(int requireothers
, int fascistfirewall
,
170 int for_runningrouters
)
173 routerinfo_t
*router
;
179 if (get_options()->HttpProxy
)
182 /* Find all the running dirservers we know about. */
183 sl
= smartlist_create();
184 for (i
=0;i
< smartlist_len(routerlist
->routers
); i
++) {
185 router
= smartlist_get(routerlist
->routers
, i
);
186 if (!router
->is_running
|| !router
->dir_port
|| !router
->is_verified
)
188 if (requireothers
&& router_is_me(router
))
190 if (fascistfirewall
) {
191 if (!smartlist_string_num_isin(get_options()->FirewallPorts
, router
->dir_port
))
194 /* before 0.0.9rc5-cvs, only trusted dirservers served status info. */
195 if (for_runningrouters
&&
196 !(tor_version_as_new_as(router
->platform
,"0.0.9rc5-cvs") ||
197 router_digest_is_trusted_dir(router
->identity_digest
)))
199 smartlist_add(sl
, router
);
202 router
= smartlist_choose(sl
);
208 static trusted_dir_server_t
*
209 router_pick_trusteddirserver_impl(int requireother
, int fascistfirewall
)
213 trusted_dir_server_t
*ds
;
214 sl
= smartlist_create();
215 me
= router_get_my_routerinfo();
217 if (!trusted_dir_servers
)
220 if (get_options()->HttpProxy
)
223 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, d
,
225 if (!d
->is_running
) continue;
226 if (requireother
&& me
&&
227 !memcmp(me
->identity_digest
, d
->digest
, DIGEST_LEN
))
229 if (fascistfirewall
) {
230 if (!smartlist_string_num_isin(get_options()->FirewallPorts
, d
->dir_port
))
233 smartlist_add(sl
, d
);
236 ds
= smartlist_choose(sl
);
241 /** Go through and mark the auth dirservers as up */
243 mark_all_trusteddirservers_up(void)
246 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, router
,
247 if (router_digest_is_trusted_dir(router
->identity_digest
)) {
248 tor_assert(router
->dir_port
> 0);
249 router
->is_running
= 1;
250 router
->status_set_at
= time(NULL
);
253 if (trusted_dir_servers
) {
254 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, dir
,
255 dir
->is_running
= 1);
259 /** Return 0 if \\exists an authoritative dirserver that's currently
260 * thought to be running, else return 1.
263 all_trusted_directory_servers_down(void)
265 if (!trusted_dir_servers
)
267 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, dir
,
268 if (dir
->is_running
) return 0);
272 /** Add all the family of <b>router</b> to the smartlist <b>sl</b>.
275 routerlist_add_family(smartlist_t
*sl
, routerinfo_t
*router
)
278 struct config_line_t
*cl
;
280 if (!router
->declared_family
)
283 /* Add every r such that router declares familyness with r, and r
284 * declares familyhood with router. */
285 SMARTLIST_FOREACH(router
->declared_family
, const char *, n
,
287 if (!(r
= router_get_by_nickname(n
)))
289 if (!r
->declared_family
)
291 SMARTLIST_FOREACH(r
->declared_family
, const char *, n2
,
293 if (router_nickname_matches(router
, n2
))
294 smartlist_add(sl
, r
);
298 for (cl
= get_options()->NodeFamilies
; cl
; cl
= cl
->next
) {
299 if (router_nickname_is_in_list(router
, cl
->value
)) {
300 add_nickname_list_to_smartlist(sl
, cl
->value
, 0);
305 /** List of string for nicknames we've warned about and haven't yet succeeded.
307 static smartlist_t
*warned_nicknames
= NULL
;
309 /** Given a comma-and-whitespace separated list of nicknames, see which
310 * nicknames in <b>list</b> name routers in our routerlist that are
311 * currently running. Add the routerinfos for those routers to <b>sl</b>.
314 add_nickname_list_to_smartlist(smartlist_t
*sl
, const char *list
, int warn_if_down
)
316 routerinfo_t
*router
;
317 smartlist_t
*nickname_list
;
320 return; /* nothing to do */
323 nickname_list
= smartlist_create();
324 if (!warned_nicknames
)
325 warned_nicknames
= smartlist_create();
327 smartlist_split_string(nickname_list
, list
, ",",
328 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
330 SMARTLIST_FOREACH(nickname_list
, const char *, nick
, {
332 if (!is_legal_nickname_or_hexdigest(nick
)) {
333 log_fn(LOG_WARN
,"Nickname %s is misformed; skipping", nick
);
336 router
= router_get_by_nickname(nick
);
337 warned
= smartlist_string_isin(warned_nicknames
, nick
);
339 if (router
->is_running
) {
340 smartlist_add(sl
,router
);
342 smartlist_string_remove(warned_nicknames
, nick
);
345 log_fn(warn_if_down
? LOG_WARN
: LOG_DEBUG
,
346 "Nickname list includes '%s' which is known but down.",nick
);
347 smartlist_add(warned_nicknames
, tor_strdup(nick
));
352 log_fn(has_fetched_directory
? LOG_WARN
: LOG_INFO
,
353 "Nickname list includes '%s' which isn't a known router.",nick
);
354 smartlist_add(warned_nicknames
, tor_strdup(nick
));
358 SMARTLIST_FOREACH(nickname_list
, char *, nick
, tor_free(nick
));
359 smartlist_free(nickname_list
);
362 /** Return 1 iff any member of the comma-separated list <b>list</b> is an
363 * acceptable nickname or hexdigest for <b>router</b>. Else return 0.
366 router_nickname_is_in_list(routerinfo_t
*router
, const char *list
)
368 smartlist_t
*nickname_list
;
372 return 0; /* definitely not */
375 nickname_list
= smartlist_create();
376 smartlist_split_string(nickname_list
, list
, ",",
377 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
378 SMARTLIST_FOREACH(nickname_list
, const char *, cp
,
379 if (router_nickname_matches(router
, cp
)) {v
=1;break;});
380 SMARTLIST_FOREACH(nickname_list
, char *, cp
, tor_free(cp
));
381 smartlist_free(nickname_list
);
385 /** Add every router from our routerlist that is currently running to
389 router_add_running_routers_to_smartlist(smartlist_t
*sl
, int allow_unverified
,
390 int need_uptime
, int need_capacity
)
392 routerinfo_t
*router
;
398 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
399 router
= smartlist_get(routerlist
->routers
, i
);
400 if (router
->is_running
&&
401 (router
->is_verified
||
403 !router_is_unreliable(router
, need_uptime
, need_capacity
)))) {
404 /* If it's running, and either it's verified or we're ok picking
405 * unverified routers and this one is suitable.
407 smartlist_add(sl
, router
);
414 routerlist_find_my_routerinfo(void)
416 routerinfo_t
*router
;
422 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
423 router
= smartlist_get(routerlist
->routers
, i
);
424 if (router_is_me(router
))
432 router_is_unreliable(routerinfo_t
*router
, int need_uptime
, int need_capacity
)
434 if (need_uptime
&& router
->uptime
< ROUTER_REQUIRED_MIN_UPTIME
)
436 if (need_capacity
&& router
->bandwidthcapacity
< ROUTER_REQUIRED_MIN_BANDWIDTH
)
443 routerlist_sl_remove_unreliable_routers(smartlist_t
*sl
)
446 routerinfo_t
*router
;
448 for (i
= 0; i
< smartlist_len(sl
); ++i
) {
449 router
= smartlist_get(sl
, i
);
450 if (router_is_unreliable(router
, 1, 0)) {
451 log(LOG_DEBUG
, "Router '%s' has insufficient uptime; deleting.",
453 smartlist_del(sl
, i
--);
460 routerlist_sl_choose_by_bandwidth(smartlist_t
*sl
)
463 routerinfo_t
*router
;
464 smartlist_t
*bandwidths
;
465 uint32_t this_bw
, tmp
, total_bw
=0, rand_bw
;
468 bandwidths
= smartlist_create();
469 for (i
= 0; i
< smartlist_len(sl
); ++i
) {
470 router
= smartlist_get(sl
, i
);
471 this_bw
= (router
->bandwidthcapacity
< router
->bandwidthrate
) ?
472 router
->bandwidthcapacity
: router
->bandwidthrate
;
473 if (this_bw
> 2000000)
474 this_bw
= 2000000; /* if they claim something huge, don't believe it */
475 p
= tor_malloc(sizeof(uint32_t));
477 smartlist_add(bandwidths
, p
);
479 // log_fn(LOG_INFO,"Recording bw %d for node %s.", this_bw, router->nickname);
482 SMARTLIST_FOREACH(bandwidths
, uint32_t*, p
, tor_free(p
));
483 smartlist_free(bandwidths
);
484 return smartlist_choose(sl
);
486 rand_bw
= crypto_pseudo_rand_int(total_bw
);
487 // log_fn(LOG_INFO,"Total bw %d. Randomly chose %d.", total_bw, rand_bw);
490 tor_assert(i
< smartlist_len(sl
));
491 p
= smartlist_get(bandwidths
, i
);
493 router
= smartlist_get(sl
, i
);
494 // log_fn(LOG_INFO,"Considering %s. tmp = %d.", router->nickname, tmp);
498 SMARTLIST_FOREACH(bandwidths
, uint32_t*, p
, tor_free(p
));
499 smartlist_free(bandwidths
);
500 router
= smartlist_get(sl
, i
);
501 // log_fn(LOG_INFO,"Picked %s.", router->nickname);
505 /** Return a random running router from the routerlist. If any node
506 * named in <b>preferred</b> is available, pick one of those. Never
507 * pick a node named in <b>excluded</b>, or whose routerinfo is in
508 * <b>excludedsmartlist</b>, even if they are the only nodes
509 * available. If <b>strict</b> is true, never pick any node besides
510 * those in <b>preferred</b>.
513 router_choose_random_node(const char *preferred
,
514 const char *excluded
,
515 smartlist_t
*excludedsmartlist
,
516 int need_uptime
, int need_capacity
,
517 int allow_unverified
, int strict
)
519 smartlist_t
*sl
, *excludednodes
;
520 routerinfo_t
*choice
;
522 excludednodes
= smartlist_create();
523 add_nickname_list_to_smartlist(excludednodes
,excluded
,0);
525 /* Try the preferred nodes first. Ignore need_uptime and need_capacity,
526 * since the user explicitly asked for these nodes. */
527 sl
= smartlist_create();
528 add_nickname_list_to_smartlist(sl
,preferred
,1);
529 smartlist_subtract(sl
,excludednodes
);
530 if (excludedsmartlist
)
531 smartlist_subtract(sl
,excludedsmartlist
);
534 routerlist_sl_remove_unreliable_routers(sl
);
536 choice
= routerlist_sl_choose_by_bandwidth(sl
);
539 choice
= smartlist_choose(sl
);
541 if (!choice
&& !strict
) {
542 /* Then give up on our preferred choices: any node
543 * will do that has the required attributes. */
544 sl
= smartlist_create();
545 router_add_running_routers_to_smartlist(sl
, allow_unverified
,
546 need_uptime
, need_capacity
);
547 smartlist_subtract(sl
,excludednodes
);
548 if (excludedsmartlist
)
549 smartlist_subtract(sl
,excludedsmartlist
);
551 routerlist_sl_remove_unreliable_routers(sl
);
553 choice
= routerlist_sl_choose_by_bandwidth(sl
);
555 choice
= smartlist_choose(sl
);
558 smartlist_free(excludednodes
);
560 log_fn(LOG_WARN
,"No available nodes when trying to choose node. Failing.");
564 /** Return the router in our routerlist whose address is <b>addr</b> and
565 * whose OR port is <b>port</b>. Return NULL if no such router is known.
568 router_get_by_addr_port(uint32_t addr
, uint16_t port
)
571 routerinfo_t
*router
;
576 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
577 router
= smartlist_get(routerlist
->routers
, i
);
578 if ((router
->addr
== addr
) && (router
->or_port
== port
))
584 /** Return true iff the digest of <b>router</b>'s identity key,
585 * encoded in hexadecimal, matches <b>hexdigest</b> (which is
586 * optionally prefixed with a single dollar sign). Return false if
587 * <b>hexdigest</b> is malformed, or it doesn't match. */
589 router_hex_digest_matches(routerinfo_t
*router
, const char *hexdigest
)
591 char digest
[DIGEST_LEN
];
592 tor_assert(hexdigest
);
593 if (hexdigest
[0] == '$')
596 if (strlen(hexdigest
) != HEX_DIGEST_LEN
||
597 base16_decode(digest
, DIGEST_LEN
, hexdigest
, HEX_DIGEST_LEN
)<0)
600 return (!memcmp(digest
, router
->identity_digest
, DIGEST_LEN
));
603 /* Return true if <b>router</b>'s nickname matches <b>nickname</b>
604 * (case-insensitive), or if <b>router's</b> identity key digest
605 * matches a hexadecimal value stored in <b>nickname</b>. Return
608 router_nickname_matches(routerinfo_t
*router
, const char *nickname
)
610 if (nickname
[0]!='$' && !strcasecmp(router
->nickname
, nickname
))
613 return router_hex_digest_matches(router
, nickname
);
616 /** Return the router in our routerlist whose (case-insensitive)
617 * nickname or (case-sensitive) hexadecimal key digest is
618 * <b>nickname</b>. Return NULL if no such router is known.
621 router_get_by_nickname(const char *nickname
)
624 routerinfo_t
*router
;
625 char digest
[DIGEST_LEN
];
627 tor_assert(nickname
);
630 if (nickname
[0] == '$')
631 return router_get_by_hexdigest(nickname
);
632 if (server_mode(get_options()) &&
633 !strcasecmp(nickname
, get_options()->Nickname
))
634 return router_get_my_routerinfo();
636 maybedigest
= (strlen(nickname
) == HEX_DIGEST_LEN
) &&
637 (base16_decode(digest
,DIGEST_LEN
,nickname
,HEX_DIGEST_LEN
) == 0);
639 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
640 router
= smartlist_get(routerlist
->routers
, i
);
641 if (0 == strcasecmp(router
->nickname
, nickname
) ||
642 (maybedigest
&& 0 == memcmp(digest
, router
->identity_digest
,
650 /** Return true iff <b>digest</b> is the digest of the identity key of
651 * a trusted directory. */
653 router_digest_is_trusted_dir(const char *digest
)
655 if (!trusted_dir_servers
)
657 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, ent
,
658 if (!memcmp(digest
, ent
->digest
, DIGEST_LEN
)) return 1);
662 /** Return the router in our routerlist whose hexadecimal key digest
663 * is <b>hexdigest</b>. Return NULL if no such router is known. */
665 router_get_by_hexdigest(const char *hexdigest
)
667 char digest
[DIGEST_LEN
];
669 tor_assert(hexdigest
);
672 if (hexdigest
[0]=='$')
674 if (strlen(hexdigest
) != HEX_DIGEST_LEN
||
675 base16_decode(digest
,DIGEST_LEN
,hexdigest
,HEX_DIGEST_LEN
) < 0)
678 return router_get_by_digest(digest
);
681 /** Return the router in our routerlist whose 20-byte key digest
682 * is <b>digest</b>. Return NULL if no such router is known. */
684 router_get_by_digest(const char *digest
)
687 routerinfo_t
*router
;
690 if (server_mode(get_options()) &&
691 (router
= router_get_my_routerinfo()) &&
692 !memcmp(digest
, router
->identity_digest
, DIGEST_LEN
))
694 if (!routerlist
) return NULL
;
696 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
697 router
= smartlist_get(routerlist
->routers
, i
);
698 if (0 == memcmp(router
->identity_digest
, digest
, DIGEST_LEN
))
705 /** Set *<b>prouterlist</b> to the current list of all known routers. */
707 router_get_routerlist(routerlist_t
**prouterlist
)
709 *prouterlist
= routerlist
;
712 /** Return the publication time on the current routerlist, or 0 if we have no
715 routerlist_get_published_time(void)
717 return routerlist
? routerlist
->published_on
: 0;
720 /** Free all storage held by <b>router</b>. */
722 routerinfo_free(routerinfo_t
*router
)
727 tor_free(router
->signed_descriptor
);
728 tor_free(router
->address
);
729 tor_free(router
->nickname
);
730 tor_free(router
->platform
);
731 tor_free(router
->contact_info
);
732 if (router
->onion_pkey
)
733 crypto_free_pk_env(router
->onion_pkey
);
734 if (router
->identity_pkey
)
735 crypto_free_pk_env(router
->identity_pkey
);
736 if (router
->declared_family
) {
737 SMARTLIST_FOREACH(router
->declared_family
, char *, s
, tor_free(s
));
738 smartlist_free(router
->declared_family
);
740 addr_policy_free(router
->exit_policy
);
744 /** Allocate a fresh copy of <b>router</b> */
746 routerinfo_copy(const routerinfo_t
*router
)
749 addr_policy_t
**e
, *tmp
;
751 r
= tor_malloc(sizeof(routerinfo_t
));
752 memcpy(r
, router
, sizeof(routerinfo_t
));
754 r
->address
= tor_strdup(r
->address
);
755 r
->nickname
= tor_strdup(r
->nickname
);
756 r
->platform
= tor_strdup(r
->platform
);
757 if (r
->signed_descriptor
)
758 r
->signed_descriptor
= tor_strdup(r
->signed_descriptor
);
760 r
->onion_pkey
= crypto_pk_dup_key(r
->onion_pkey
);
761 if (r
->identity_pkey
)
762 r
->identity_pkey
= crypto_pk_dup_key(r
->identity_pkey
);
765 tmp
= tor_malloc(sizeof(addr_policy_t
));
766 memcpy(tmp
,*e
,sizeof(addr_policy_t
));
768 (*e
)->string
= tor_strdup((*e
)->string
);
771 if (r
->declared_family
) {
772 r
->declared_family
= smartlist_create();
773 SMARTLIST_FOREACH(router
->declared_family
, const char *, s
,
774 smartlist_add(r
->declared_family
, tor_strdup(s
)));
779 /** Free all storage held by a routerlist <b>rl</b> */
781 routerlist_free(routerlist_t
*rl
)
784 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
786 smartlist_free(rl
->routers
);
787 running_routers_free(rl
->running_routers
);
788 tor_free(rl
->software_versions
);
792 /** Free all entries in the current router list. */
794 routerlist_free_current(void)
797 routerlist_free(routerlist
);
799 if (warned_nicknames
) {
800 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
801 smartlist_free(warned_nicknames
);
802 warned_nicknames
= NULL
;
806 /** Free all entries in the list of trusted directory servers. */
808 free_trusted_dir_servers(void)
810 if (trusted_dir_servers
) {
811 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, ds
,
812 { tor_free(ds
->address
); tor_free(ds
); });
813 smartlist_free(trusted_dir_servers
);
814 trusted_dir_servers
= NULL
;
818 /** Mark the router with ID <b>digest</b> as non-running in our routerlist. */
820 router_mark_as_down(const char *digest
)
822 routerinfo_t
*router
;
825 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, d
,
826 if (!memcmp(d
->digest
, digest
, DIGEST_LEN
))
829 router
= router_get_by_digest(digest
);
830 if (!router
) /* we don't seem to know about him in the first place */
832 log_fn(LOG_DEBUG
,"Marking router '%s' as down.",router
->nickname
);
833 if (router_is_me(router
))
834 log_fn(LOG_WARN
, "We just marked ourself as down. Are your external addresses reachable?");
835 router
->is_running
= 0;
836 router
->status_set_at
= time(NULL
);
839 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
840 * older entries (if any) with the same name. Note: Callers should not hold
841 * their pointers to <b>router</b> if this function fails; <b>router</b>
842 * will either be inserted into the routerlist or freed. Returns 0 if the
843 * router was added; -1 if it was not.
848 router_add_to_routerlist(routerinfo_t
*router
, const char **msg
)
852 char id_digest
[DIGEST_LEN
];
854 tor_assert(routerlist
);
855 crypto_pk_get_digest(router
->identity_pkey
, id_digest
);
857 /* If we have a router with this name, and the identity key is the same,
858 * choose the newer one. If the identity key has changed, drop the router.
860 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
861 r
= smartlist_get(routerlist
->routers
, i
);
863 if (!crypto_pk_cmp_keys(router
->identity_pkey
, r
->identity_pkey
)) {
864 if (router
->published_on
> r
->published_on
) {
865 log_fn(LOG_DEBUG
, "Replacing entry for router '%s/%s' [%s]",
866 router
->nickname
, r
->nickname
, hex_str(id_digest
,DIGEST_LEN
));
867 /* Remember whether we trust this router as a dirserver. */
868 /* If the address hasn't changed; no need to re-resolve. */
869 if (!strcasecmp(r
->address
, router
->address
))
870 router
->addr
= r
->addr
;
872 smartlist_set(routerlist
->routers
, i
, router
);
875 log_fn(LOG_DEBUG
, "Skipping not-new descriptor for router '%s'",
877 /* Update the is_running status to whatever we were told. */
878 r
->is_running
= router
->is_running
;
879 routerinfo_free(router
);
880 if (msg
) *msg
= "Router descriptor was not new.";
883 } else if (!strcasecmp(router
->nickname
, r
->nickname
)) {
884 /* nicknames match, keys don't. */
885 if (router
->is_verified
) {
886 /* The new verified router replaces the old one; remove the
887 * old one. And carry on to the end of the list, in case
888 * there are more old unverified routers with this nickname
890 /* mark-for-close connections using the old key, so we can
891 * make new ones with the new key.
894 while ((conn
= connection_get_by_identity_digest(r
->identity_digest
,
896 log_fn(LOG_INFO
,"Closing conn to obsolete router '%s'", r
->nickname
);
897 connection_mark_for_close(conn
);
900 smartlist_del_keeporder(routerlist
->routers
, i
--);
901 } else if (r
->is_verified
) {
902 /* Can't replace a verified router with an unverified one. */
903 log_fn(LOG_DEBUG
, "Skipping unverified entry for verified router '%s'",
905 routerinfo_free(router
);
906 if (msg
) *msg
= "Already have verified router with different key and same nickname";
911 /* We haven't seen a router with this name before. Add it to the end of
913 smartlist_add(routerlist
->routers
, router
);
917 /** Remove any routers from the routerlist that are more than <b>age</b>
920 * (This function is just like dirserv_remove_old_servers. One day we should
924 routerlist_remove_old_routers(int age
)
928 routerinfo_t
*router
;
932 cutoff
= time(NULL
) - age
;
933 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
934 router
= smartlist_get(routerlist
->routers
, i
);
935 if (router
->published_on
<= cutoff
) {
936 /* Too old. Remove it. */
937 log_fn(LOG_INFO
,"Forgetting obsolete routerinfo for router '%s'", router
->nickname
);
938 routerinfo_free(router
);
939 smartlist_del(routerlist
->routers
, i
--);
945 * Code to parse a single router descriptors and insert it into the
946 * directory. Return -1 if the descriptor was ill-formed; 0 if the
947 * descriptor was well-formed but could not be added; and 1 if the
948 * descriptor was added.
951 router_load_single_router(const char *s
, const char **msg
)
956 if (!(ri
= router_parse_entry_from_string(s
, NULL
))) {
957 log_fn(LOG_WARN
, "Error parsing router descriptor; dropping.");
958 *msg
= "Couldn't parse router descriptor";
961 if (router_is_me(ri
)) {
962 log_fn(LOG_WARN
, "Router's identity key matches mine; dropping.");
963 *msg
= "Router's identity key matches mine.";
967 if (router_resolve(ri
)<0) {
968 log_fn(LOG_WARN
, "Couldn't resolve router address; dropping.");
969 *msg
= "Couldn't resolve router address.";
973 if (routerlist
&& routerlist
->running_routers
) {
974 running_routers_t
*rr
= routerlist
->running_routers
;
975 router_update_status_from_smartlist(ri
,
977 rr
->running_routers
);
979 if (router_add_to_routerlist(ri
, msg
)<0) {
980 log_fn(LOG_WARN
, "Couldn't add router to list; dropping.");
981 *msg
= "Couldn't add router to list.";
982 /* ri is already freed */
985 smartlist_t
*changed
= smartlist_create();
986 smartlist_add(changed
, ri
);
987 control_event_descriptors_changed(changed
);
988 smartlist_free(changed
);
991 log_fn(LOG_DEBUG
, "Added router to list");
995 /** Add to the current routerlist each router stored in the
996 * signed directory <b>s</b>. If pkey is provided, check the signature against
997 * pkey; else check against the pkey of the signing directory server.
999 * If <b>dir_is_recent</b> is non-zero, then examine the
1000 * Recommended-versions line and take appropriate action.
1002 * If <b>dir_is_cached</b> is non-zero, then we're reading it
1003 * from the cache so don't bother to re-write it to the cache.
1006 router_load_routerlist_from_directory(const char *s
,
1007 crypto_pk_env_t
*pkey
,
1011 routerlist_t
*new_list
= NULL
;
1012 if (router_parse_routerlist_from_directory(s
, &new_list
, pkey
,
1015 log_fn(LOG_WARN
, "Couldn't parse directory.");
1019 smartlist_t
*changed
= smartlist_create();
1020 SMARTLIST_FOREACH(new_list
->routers
, routerinfo_t
*, r
,
1022 if (router_add_to_routerlist(r
,NULL
)==0)
1023 smartlist_add(changed
, r
);
1025 smartlist_clear(new_list
->routers
);
1026 routerlist
->published_on
= new_list
->published_on
;
1027 tor_free(routerlist
->software_versions
);
1028 routerlist
->software_versions
= new_list
->software_versions
;
1029 new_list
->software_versions
= NULL
;
1030 routerlist_free(new_list
);
1031 control_event_descriptors_changed(changed
);
1032 smartlist_free(changed
);
1034 routerlist
= new_list
;
1035 control_event_descriptors_changed(routerlist
->routers
);
1037 if (router_resolve_routerlist(routerlist
)) {
1038 log_fn(LOG_WARN
, "Error resolving routerlist");
1041 if (get_options()->AuthoritativeDir
) {
1042 /* Learn about the descriptors in the directory. */
1043 dirserv_load_from_directory_string(s
);
1048 /** Helper function: resolve the hostname for <b>router</b>. */
1050 router_resolve(routerinfo_t
*router
)
1052 if (tor_lookup_hostname(router
->address
, &router
->addr
) != 0
1054 log_fn(LOG_WARN
,"Could not resolve address for router '%s' at %s",
1055 router
->nickname
, router
->address
);
1058 router
->addr
= ntohl(router
->addr
); /* get it back into host order */
1063 /** Helper function: resolve every router in rl, and ensure that our own
1064 * routerinfo is at the front.
1067 router_resolve_routerlist(routerlist_t
*rl
)
1075 if ((r
= router_get_my_routerinfo())) {
1076 smartlist_insert(rl
->routers
, 0, routerinfo_copy(r
));
1080 for ( ; i
< smartlist_len(rl
->routers
); ++i
) {
1082 r
= smartlist_get(rl
->routers
,i
);
1083 if (router_is_me(r
)) {
1085 } else if (r
->addr
) {
1086 /* already resolved. */
1087 } else if (router_resolve(r
)) {
1088 log_fn(LOG_WARN
, "Couldn't resolve router '%s' at '%s'; not using",
1089 r
->nickname
, r
->address
);
1094 smartlist_del_keeporder(rl
->routers
, i
--);
1101 /** Decide whether a given addr:port is definitely accepted,
1102 * definitely rejected, probably accepted, or probably rejected by a
1103 * given policy. If <b>addr</b> is 0, we don't know the IP of the
1104 * target address. If <b>port</b> is 0, we don't know the port of the
1107 * For now, the algorithm is pretty simple: we look for definite and
1108 * uncertain matches. The first definite match is what we guess; if
1109 * it was proceded by no uncertain matches of the opposite policy,
1110 * then the guess is definite; otherwise it is probable. (If we
1111 * have a known addr and port, all matches are definite; if we have an
1112 * unknown addr/port, any address/port ranges other than "all" are
1115 * We could do better by assuming that some ranges never match typical
1116 * addresses (127.0.0.1, and so on). But we'll try this for now.
1118 addr_policy_result_t
1119 router_compare_addr_to_addr_policy(uint32_t addr
, uint16_t port
,
1120 addr_policy_t
*policy
)
1122 int maybe_reject
= 0;
1123 int maybe_accept
= 0;
1126 addr_policy_t
*tmpe
;
1128 for (tmpe
=policy
; tmpe
; tmpe
=tmpe
->next
) {
1129 // log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
1132 /* Address is unknown. */
1133 if ((port
>= tmpe
->prt_min
&& port
<= tmpe
->prt_max
) ||
1134 (!port
&& tmpe
->prt_min
<=1 && tmpe
->prt_max
>=65535)) {
1135 /* The port definitely matches. */
1136 if (tmpe
->msk
== 0) {
1142 /* The port maybe matches. */
1146 /* Address is known */
1147 if ((addr
& tmpe
->msk
) == (tmpe
->addr
& tmpe
->msk
)) {
1148 if (port
>= tmpe
->prt_min
&& port
<= tmpe
->prt_max
) {
1149 /* Exact match for the policy */
1157 if (tmpe
->policy_type
== ADDR_POLICY_REJECT
)
1163 // struct in_addr in;
1164 // in.s_addr = htonl(addr);
1165 // log_fn(LOG_DEBUG,"Address %s:%d matches policy '%s'",
1166 // inet_ntoa(in), port, tmpe->string);
1167 if (tmpe
->policy_type
== ADDR_POLICY_ACCEPT
) {
1168 /* If we already hit a clause that might trigger a 'reject', than we
1169 * can't be sure of this certain 'accept'.*/
1170 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
: ADDR_POLICY_ACCEPTED
;
1172 return maybe_accept
? ADDR_POLICY_PROBABLY_REJECTED
: ADDR_POLICY_REJECTED
;
1176 /* accept all by default. */
1177 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
: ADDR_POLICY_ACCEPTED
;
1180 /** Return 1 if all running sufficiently-stable routers will reject
1181 * addr:port, return 0 if any might accept it. */
1183 router_exit_policy_all_routers_reject(uint32_t addr
, uint16_t port
,
1187 routerinfo_t
*router
;
1188 addr_policy_result_t r
;
1189 if (!routerlist
) return 1;
1191 for (i
=0;i
<smartlist_len(routerlist
->routers
);i
++) {
1192 router
= smartlist_get(routerlist
->routers
, i
);
1193 if (router
->is_running
&&
1194 !router_is_unreliable(router
, need_uptime
, 0)) {
1195 r
= router_compare_addr_to_addr_policy(addr
, port
, router
->exit_policy
);
1196 if (r
!= ADDR_POLICY_REJECTED
&& r
!= ADDR_POLICY_PROBABLY_REJECTED
)
1197 return 0; /* this one could be ok. good enough. */
1200 return 1; /* all will reject. */
1204 * If <b>policy</b> implicitly allows connections to any port in the
1205 * IP set <b>addr</b>/<b>mask</b>, then set *<b>policy_out</b> to the
1206 * part of the policy that allows it, and return 1. Else return 0.
1208 * A policy allows an IP:Port combination <em>implicitly</em> if
1209 * it is included in a *: pattern, or in a fallback pattern.
1212 policy_includes_addr_mask_implicitly(addr_policy_t
*policy
,
1213 uint32_t addr
, uint32_t mask
,
1214 addr_policy_t
**policy_out
)
1217 tor_assert(policy_out
);
1219 addr2
= addr
| ~mask
;
1220 for (; policy
; policy
=policy
->next
) {
1221 /* Does this policy cover all of the address range we're looking at? */
1222 /* Boolean logic time: range X is contained in range Y if, for
1223 * each bit B, all possible values of B in X are values of B in Y.
1224 * In "addr", we have every fixed bit set to its value, and every
1225 * free bit set to 0. In "addr2", we have every fixed bit set to
1226 * its value, and every free bit set to 1. So if addr and addr2 are
1227 * both in the policy, the range is covered by the policy.
1229 uint32_t p_addr
= policy
->addr
& policy
->msk
;
1230 if (p_addr
== (addr
& policy
->msk
) &&
1231 p_addr
== (addr2
& policy
->msk
) &&
1232 (policy
->prt_min
<= 1 && policy
->prt_max
== 65535)) {
1235 /* Does this policy cover some of the address range we're looking at? */
1236 /* Boolean logic time: range X and range Y intersect if there is
1237 * some z such that z & Xmask == Xaddr and z & Ymask == Yaddr.
1238 * This is FALSE iff there is some bit b where Xmask == yMask == 1
1239 * and Xaddr != Yaddr. So if X intersects with Y iff at every
1240 * place where Xmask&Ymask==1, Xaddr == Yaddr, or equivalently,
1241 * Xaddr&Xmask&Ymask == Yaddr&Xmask&Ymask.
1243 if ((policy
->addr
& policy
->msk
& mask
) == (addr
& policy
->msk
) &&
1244 policy
->policy_type
== ADDR_POLICY_ACCEPT
) {
1245 *policy_out
= policy
;
1253 /** If <b>policy</b> implicitly allows connections to any port on
1254 * 127.*, 192.168.*, etc, then warn (if <b>warn</b> is set) and return
1255 * true. Else return false.
1258 exit_policy_implicitly_allows_local_networks(addr_policy_t
*policy
,
1264 uint32_t addr
; uint32_t mask
; const char *network
;
1265 } private_networks
[] = {
1266 { 0x7f000000, 0xff000000, "localhost (127.x)" },
1267 { 0x0a000000, 0xff000000, "addresses in private network 10.x" },
1268 { 0xa9fe0000, 0xffff0000, "addresses in private network 169.254.x" },
1269 { 0xac100000, 0xfff00000, "addresses in private network 172.16.x" },
1270 { 0xc0a80000, 0xffff0000, "addresses in private network 192.168.x" },
1273 for (i
=0; private_networks
[i
].addr
; ++i
) {
1275 /* log_fn(LOG_INFO,"Checking network %s", private_networks[i].network); */
1276 if (policy_includes_addr_mask_implicitly(
1277 policy
, private_networks
[i
].addr
, private_networks
[i
].mask
, &p
)) {
1279 log_fn(LOG_WARN
, "Exit policy %s implicitly accepts %s",
1280 p
?p
->string
:"(default)",
1281 private_networks
[i
].network
);
1289 /** Return true iff <b>router</b> does not permit exit streams.
1292 router_exit_policy_rejects_all(routerinfo_t
*router
)
1294 return router_compare_addr_to_addr_policy(0, 0, router
->exit_policy
)
1295 == ADDR_POLICY_REJECTED
;
1298 /** Release all space held in <b>rr</b>. */
1300 running_routers_free(running_routers_t
*rr
)
1304 if (rr
->running_routers
) {
1305 SMARTLIST_FOREACH(rr
->running_routers
, char *, s
, tor_free(s
));
1306 smartlist_free(rr
->running_routers
);
1311 /** We've just got a running routers list in <b>rr</b>; update the
1312 * status of the routers in <b>list</b>, and cache <b>rr</b> */
1314 routerlist_set_runningrouters(routerlist_t
*list
, running_routers_t
*rr
)
1316 routerlist_update_from_runningrouters(list
,rr
);
1317 if (list
->running_routers
!= rr
) {
1318 running_routers_free(list
->running_routers
);
1319 list
->running_routers
= rr
;
1323 /** Update the running/not-running status of every router in <b>list</b>, based
1324 * on the contents of <b>rr</b>. */
1325 /* Note: this function is not yet used, since nobody publishes just
1326 * running-router lists yet. */
1328 routerlist_update_from_runningrouters(routerlist_t
*list
,
1329 running_routers_t
*rr
)
1331 routerinfo_t
*me
= router_get_my_routerinfo();
1332 smartlist_t
*all_routers
;
1335 if (list
->published_on
>= rr
->published_on
)
1337 if (list
->running_routers_updated_on
>= rr
->published_on
)
1340 all_routers
= smartlist_create();
1341 if (me
) /* learn if the dirservers think I'm verified */
1342 smartlist_add(all_routers
, me
);
1344 smartlist_add_all(all_routers
,list
->routers
);
1345 SMARTLIST_FOREACH(rr
->running_routers
, const char *, cp
,
1346 routers_update_status_from_entry(all_routers
, rr
->published_on
,
1348 smartlist_free(all_routers
);
1349 list
->running_routers_updated_on
= rr
->published_on
;
1352 /** Update the is_running and is_verified fields of the router <b>router</b>,
1353 * based in its status in the list of strings stored in <b>running_list</b>.
1354 * All entries in <b>running_list</b> follow one of these formats:
1355 * <ol><li> <b>nickname</b> -- router is running and verified.
1356 * (running-routers format)
1357 * <li> !<b>nickname</b> -- router is not-running and verified.
1358 * (running-routers format)
1359 * <li> <b>nickname</b>=$<b>hexdigest</b> -- router is running and
1360 * verified. (router-status format)
1361 * (router-status format)
1362 * <li> !<b>nickname</b>=$<b>hexdigest</b> -- router is running and
1363 * verified. (router-status format)
1364 * <li> !<b>nickname</b> -- router is not-running and verified.
1365 * <li> $<b>hexdigest</b> -- router is running and unverified.
1366 * <li> !$<b>hexdigest</b> -- router is not-running and unverified.
1369 * Return 1 if we found router in running_list, else return 0.
1372 routers_update_status_from_entry(smartlist_t
*routers
,
1377 int is_verified
= 0;
1378 int hex_digest_set
= 0;
1379 char nickname
[MAX_NICKNAME_LEN
+1];
1380 char hexdigest
[HEX_DIGEST_LEN
+1];
1381 char digest
[DIGEST_LEN
];
1382 const char *cp
, *end
;
1384 /* First, parse the entry. */
1392 /* It starts with a non-dollar character; that's a nickname. The nickname
1393 * entry will either extend to a NUL (old running-routers format) or to an
1394 * equals sign (new router-status format). */
1396 end
= strchr(cp
, '=');
1398 end
= strchr(cp
,'\0');
1400 /* 'end' now points on character beyond the end of the nickname */
1401 if (end
== cp
|| end
-cp
> MAX_NICKNAME_LEN
) {
1402 log_fn(LOG_WARN
, "Bad nickname length (%d) in router status entry (%s)",
1406 memcpy(nickname
, cp
, end
-cp
);
1407 nickname
[end
-cp
]='\0';
1408 if (!is_legal_nickname(nickname
)) {
1409 log_fn(LOG_WARN
, "Bad nickname (%s) in router status entry (%s)",
1417 /* 'end' now points to the start of a hex digest, or EOS. */
1419 /* Parse the hexdigest portion of the status. */
1423 if (strlen(cp
) != HEX_DIGEST_LEN
) {
1424 log_fn(LOG_WARN
, "Bad length (%d) on digest in router status entry (%s)",
1425 (int)strlen(cp
), s
);
1428 strlcpy(hexdigest
, cp
, sizeof(hexdigest
));
1429 if (base16_decode(digest
, DIGEST_LEN
, hexdigest
, HEX_DIGEST_LEN
)<0) {
1430 log_fn(LOG_WARN
, "Invalid digest in router status entry (%s)", s
);
1435 /* Make sure that the entry was in the right format. */
1436 if (!hex_digest_set
) {
1437 log_fn(LOG_WARN
, "Invalid syntax for router-status member (%s)", s
);
1441 /* Okay, we're done parsing. For all routers that match, update their status.
1443 SMARTLIST_FOREACH(routers
, routerinfo_t
*, r
,
1445 int nickname_matches
= is_verified
&& !strcasecmp(r
->nickname
, nickname
);
1446 int digest_matches
= !memcmp(digest
, r
->identity_digest
, DIGEST_LEN
);
1447 if (nickname_matches
&& digest_matches
)
1449 else if (digest_matches
)
1452 if (r
->status_set_at
< list_time
) {
1453 r
->is_running
= is_running
;
1454 r
->status_set_at
= time(NULL
);
1461 /** As router_update_status_from_entry, but consider all entries in
1464 router_update_status_from_smartlist(routerinfo_t
*router
,
1466 smartlist_t
*running_list
)
1469 rl
= smartlist_create();
1470 smartlist_add(rl
,router
);
1471 SMARTLIST_FOREACH(running_list
, const char *, cp
,
1472 routers_update_status_from_entry(rl
,list_time
,cp
));
1477 /** Add to the list of authorized directory servers one at
1478 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. */
1480 add_trusted_dir_server(const char *address
, uint16_t port
, const char *digest
)
1482 trusted_dir_server_t
*ent
;
1484 if (!trusted_dir_servers
)
1485 trusted_dir_servers
= smartlist_create();
1487 if (tor_lookup_hostname(address
, &a
)) {
1488 log_fn(LOG_WARN
, "Unable to lookup address for directory server at %s",
1493 ent
= tor_malloc(sizeof(trusted_dir_server_t
));
1494 ent
->address
= tor_strdup(address
);
1495 ent
->addr
= ntohl(a
);
1496 ent
->dir_port
= port
;
1497 ent
->is_running
= 1;
1498 memcpy(ent
->digest
, digest
, DIGEST_LEN
);
1499 smartlist_add(trusted_dir_servers
, ent
);
1502 /** Remove all members from the list of trusted dir servers. */
1504 clear_trusted_dir_servers(void)
1506 if (trusted_dir_servers
) {
1507 SMARTLIST_FOREACH(trusted_dir_servers
, trusted_dir_server_t
*, ent
,
1508 { tor_free(ent
->address
); tor_free(ent
); });
1509 smartlist_clear(trusted_dir_servers
);
1511 trusted_dir_servers
= smartlist_create();