1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char main_c_id
[] =
11 * \brief Toplevel module. Handles signals, multiplexes between
12 * connections, implements main loop, and drives scheduled events.
20 void evdns_shutdown(int);
23 /********* PROTOTYPES **********/
25 static void dumpmemusage(int severity
);
26 static void dumpstats(int severity
); /* log stats */
27 static void conn_read_callback(int fd
, short event
, void *_conn
);
28 static void conn_write_callback(int fd
, short event
, void *_conn
);
29 static void signal_callback(int fd
, short events
, void *arg
);
30 static void second_elapsed_callback(int fd
, short event
, void *args
);
31 static int conn_close_if_marked(int i
);
33 /********* START VARIABLES **********/
35 int global_read_bucket
; /**< Max number of bytes I can read this second. */
36 int global_write_bucket
; /**< Max number of bytes I can write this second. */
38 /** What was the read bucket before the last call to prepare_for_pool?
39 * (used to determine how many bytes we've read). */
40 static int stats_prev_global_read_bucket
;
41 /** What was the write bucket before the last call to prepare_for_pool?
42 * (used to determine how many bytes we've written). */
43 static int stats_prev_global_write_bucket
;
44 /** How many bytes have we read/written since we started the process? */
45 static uint64_t stats_n_bytes_read
= 0;
46 static uint64_t stats_n_bytes_written
= 0;
47 /** What time did this process start up? */
48 long time_of_process_start
= 0;
49 /** How many seconds have we been running? */
50 long stats_n_seconds_working
= 0;
51 /** When do we next download a directory? */
52 static time_t time_to_fetch_directory
= 0;
53 /** When do we next download a running-routers summary? */
54 static time_t time_to_fetch_running_routers
= 0;
55 /** When do we next launch DNS wildcarding checks? */
56 static time_t time_to_check_for_correct_dns
= 0;
58 /** How often will we honor SIGNEWNYM requests? */
59 #define MAX_SIGNEWNYM_RATE 10
60 /** When did we last process a SIGNEWNYM request? */
61 static time_t time_of_last_signewnym
= 0;
62 /** Is there a signewnym request we're currently waiting to handle? */
63 static int signewnym_is_pending
= 0;
65 /** Array of all open connections. The first n_conns elements are valid. */
66 static connection_t
*connection_array
[MAXCONNECTIONS
+1] =
68 /** List of connections that have been marked for close and need to be freed
69 * and removed from connection_array. */
70 static smartlist_t
*closeable_connection_lst
= NULL
;
72 static int n_conns
=0; /**< Number of connections currently active. */
74 /** We set this to 1 when we've opened a circuit, so we can print a log
75 * entry to inform the user that Tor is working. */
76 int has_completed_circuit
=0;
79 #define MS_WINDOWS_SERVICE
82 #ifdef MS_WINDOWS_SERVICE
84 #define GENSRV_SERVICENAME TEXT("tor")
85 #define GENSRV_DISPLAYNAME TEXT("Tor Win32 Service")
86 #define GENSRV_DESCRIPTION \
87 TEXT("Provides an anonymous Internet communication system")
88 #define GENSRV_USERACCT TEXT("NT AUTHORITY\\LocalService")
90 // Cheating: using the pre-defined error codes, tricks Windows into displaying
91 // a semi-related human-readable error message if startup fails as
92 // opposed to simply scaring people with Error: 0xffffffff
93 #define NT_SERVICE_ERROR_TORINIT_FAILED ERROR_EXCEPTION_IN_SERVICE
95 SERVICE_STATUS service_status
;
96 SERVICE_STATUS_HANDLE hStatus
;
97 /* XXXX This 'backup argv' and 'backup argc' business is an ugly hack. This
98 * is a job for arguments, not globals. */
99 static char **backup_argv
;
100 static int backup_argc
;
101 static int nt_service_is_stopping(void);
102 static char* nt_strerror(uint32_t errnum
);
104 #define nt_service_is_stopping() (0)
107 /** If our router descriptor ever goes this long without being regenerated
108 * because something changed, we force an immediate regenerate-and-upload. */
109 #define FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60)
110 /** How often do we check whether part of our router info has changed in a way
111 * that would require an upload? */
112 #define CHECK_DESCRIPTOR_INTERVAL (60)
113 /** How often do we (as a router) check whether our IP address has changed? */
114 #define CHECK_IPADDRESS_INTERVAL (15*60)
115 /** How often do we check buffers for empty space that can be deallocated? */
116 #define BUF_SHRINK_INTERVAL (60)
117 /** How often do we check for router descriptors that we should download? */
118 #define DESCRIPTOR_RETRY_INTERVAL (10)
119 /** How often do we 'forgive' undownloadable router descriptors and attempt
120 * to download them again? */
121 #define DESCRIPTOR_FAILURE_RESET_INTERVAL (60*60)
122 /** How often do we add more entropy to OpenSSL's RNG pool? */
123 #define ENTROPY_INTERVAL (60*60)
124 /** How long do we let a directory connection stall before expiring it? */
125 #define DIR_CONN_MAX_STALL (5*60)
127 /** How old do we let a connection to an OR get before deciding it's
129 #define TIME_BEFORE_OR_CONN_IS_OBSOLETE (60*60*24*7)
130 /** How long do we let OR connections handshake before we decide that
131 * they are obsolete? */
132 #define TLS_HANDSHAKE_TIMEOUT (60)
134 /********* END VARIABLES ************/
136 /****************************************************************************
138 * This section contains accessors and other methods on the connection_array
139 * variables (which are global within this file and unavailable outside it).
141 ****************************************************************************/
143 /** Add <b>conn</b> to the array of connections that we can poll on. The
144 * connection's socket must be set; the connection starts out
145 * non-reading and non-writing.
148 connection_add(connection_t
*conn
)
151 tor_assert(conn
->s
>= 0);
153 if (n_conns
>= get_options()->_ConnLimit
-1) {
154 log_warn(LD_NET
,"Failing because we have %d connections already. Please "
155 "raise your ulimit -n.", n_conns
);
156 control_event_general_status(LOG_WARN
, "TOO_MANY_CONNECTIONS CURRENT=%d",
161 tor_assert(conn
->conn_array_index
== -1); /* can only connection_add once */
162 conn
->conn_array_index
= n_conns
;
163 connection_array
[n_conns
] = conn
;
165 conn
->read_event
= tor_malloc_zero(sizeof(struct event
));
166 conn
->write_event
= tor_malloc_zero(sizeof(struct event
));
167 event_set(conn
->read_event
, conn
->s
, EV_READ
|EV_PERSIST
,
168 conn_read_callback
, conn
);
169 event_set(conn
->write_event
, conn
->s
, EV_WRITE
|EV_PERSIST
,
170 conn_write_callback
, conn
);
174 log_debug(LD_NET
,"new conn type %s, socket %d, n_conns %d.",
175 conn_type_to_string(conn
->type
), conn
->s
, n_conns
);
180 /** Remove the connection from the global list, and remove the
181 * corresponding poll entry. Calling this function will shift the last
182 * connection (if any) into the position occupied by conn.
185 connection_remove(connection_t
*conn
)
190 tor_assert(n_conns
>0);
192 log_debug(LD_NET
,"removing socket %d (type %s), n_conns now %d",
193 conn
->s
, conn_type_to_string(conn
->type
), n_conns
-1);
195 tor_assert(conn
->conn_array_index
>= 0);
196 current_index
= conn
->conn_array_index
;
197 if (current_index
== n_conns
-1) { /* this is the end */
202 connection_unregister(conn
);
204 /* replace this one with the one at the end */
206 connection_array
[current_index
] = connection_array
[n_conns
];
207 connection_array
[current_index
]->conn_array_index
= current_index
;
212 /** If it's an edge conn, remove it from the list
213 * of conn's on this circuit. If it's not on an edge,
214 * flush and send destroys for all circuits on this conn.
216 * If <b>remove</b> is non-zero, then remove it from the
217 * connection_array and closeable_connection_lst.
222 connection_unlink(connection_t
*conn
, int remove
)
224 connection_about_to_close_connection(conn
);
226 connection_remove(conn
);
228 smartlist_remove(closeable_connection_lst
, conn
);
229 if (conn
->type
== CONN_TYPE_EXIT
) {
230 assert_connection_edge_not_dns_pending(TO_EDGE_CONN(conn
));
232 if (conn
->type
== CONN_TYPE_OR
) {
233 if (!tor_digest_is_zero(TO_OR_CONN(conn
)->identity_digest
))
234 connection_or_remove_from_identity_map(TO_OR_CONN(conn
));
236 connection_free(conn
);
239 /** Schedule <b>conn</b> to be closed. **/
241 add_connection_to_closeable_list(connection_t
*conn
)
243 tor_assert(!smartlist_isin(closeable_connection_lst
, conn
));
244 tor_assert(conn
->marked_for_close
);
245 assert_connection_ok(conn
, time(NULL
));
246 smartlist_add(closeable_connection_lst
, conn
);
249 /** Return 1 if conn is on the closeable list, else return 0. */
251 connection_is_on_closeable_list(connection_t
*conn
)
253 return smartlist_isin(closeable_connection_lst
, conn
);
256 /** Return true iff conn is in the current poll array. */
258 connection_in_array(connection_t
*conn
)
261 for (i
=0; i
<n_conns
; ++i
) {
262 if (conn
==connection_array
[i
])
268 /** Set <b>*array</b> to an array of all connections, and <b>*n</b>
269 * to the length of the array. <b>*array</b> and <b>*n</b> must not
273 get_connection_array(connection_t
***array
, int *n
)
275 *array
= connection_array
;
279 /** Set the event mask on <b>conn</b> to <b>events</b>. (The event
280 * mask is a bitmask whose bits are EV_READ and EV_WRITE.)
283 connection_watch_events(connection_t
*conn
, short events
)
288 tor_assert(conn
->read_event
);
289 tor_assert(conn
->write_event
);
291 if (events
& EV_READ
) {
292 r
= event_add(conn
->read_event
, NULL
);
294 r
= event_del(conn
->read_event
);
299 "Error from libevent setting read event state for %d to "
301 conn
->s
, (events
& EV_READ
)?"":"un",
302 tor_socket_strerror(tor_socket_errno(conn
->s
)));
304 if (events
& EV_WRITE
) {
305 r
= event_add(conn
->write_event
, NULL
);
307 r
= event_del(conn
->write_event
);
312 "Error from libevent setting read event state for %d to "
314 conn
->s
, (events
& EV_WRITE
)?"":"un",
315 tor_socket_strerror(tor_socket_errno(conn
->s
)));
318 /** Return true iff <b>conn</b> is listening for read events. */
320 connection_is_reading(connection_t
*conn
)
324 return conn
->read_event
&& event_pending(conn
->read_event
, EV_READ
, NULL
);
327 /** Tell the main loop to stop notifying <b>conn</b> of any read events. */
329 connection_stop_reading(connection_t
*conn
)
332 tor_assert(conn
->read_event
);
334 log_debug(LD_NET
,"entering.");
335 if (event_del(conn
->read_event
))
336 log_warn(LD_NET
, "Error from libevent setting read event state for %d "
339 tor_socket_strerror(tor_socket_errno(conn
->s
)));
342 /** Tell the main loop to start notifying <b>conn</b> of any read events. */
344 connection_start_reading(connection_t
*conn
)
347 tor_assert(conn
->read_event
);
349 if (event_add(conn
->read_event
, NULL
))
350 log_warn(LD_NET
, "Error from libevent setting read event state for %d "
353 tor_socket_strerror(tor_socket_errno(conn
->s
)));
356 /** Return true iff <b>conn</b> is listening for write events. */
358 connection_is_writing(connection_t
*conn
)
362 return conn
->write_event
&& event_pending(conn
->write_event
, EV_WRITE
, NULL
);
365 /** Tell the main loop to stop notifying <b>conn</b> of any write events. */
367 connection_stop_writing(connection_t
*conn
)
370 tor_assert(conn
->write_event
);
372 if (event_del(conn
->write_event
))
373 log_warn(LD_NET
, "Error from libevent setting write event state for %d "
376 tor_socket_strerror(tor_socket_errno(conn
->s
)));
379 /** Tell the main loop to start notifying <b>conn</b> of any write events. */
381 connection_start_writing(connection_t
*conn
)
384 tor_assert(conn
->write_event
);
386 if (event_add(conn
->write_event
, NULL
))
387 log_warn(LD_NET
, "Error from libevent setting write event state for %d "
390 tor_socket_strerror(tor_socket_errno(conn
->s
)));
393 /** Close all connections that have been scheduled to get closed */
395 close_closeable_connections(void)
398 for (i
= 0; i
< smartlist_len(closeable_connection_lst
); ) {
399 connection_t
*conn
= smartlist_get(closeable_connection_lst
, i
);
400 if (conn
->conn_array_index
< 0) {
401 connection_unlink(conn
, 0); /* blow it away right now */
403 if (!conn_close_if_marked(conn
->conn_array_index
))
409 /** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
410 * some data to read. */
412 conn_read_callback(int fd
, short event
, void *_conn
)
414 connection_t
*conn
= _conn
;
418 log_debug(LD_NET
,"socket %d wants to read.",conn
->s
);
420 assert_connection_ok(conn
, time(NULL
));
422 if (connection_handle_read(conn
) < 0) {
423 if (!conn
->marked_for_close
) {
425 log_warn(LD_BUG
,"Bug: unhandled error on read for %s connection "
427 conn_type_to_string(conn
->type
), conn
->s
);
428 tor_fragile_assert();
430 if (CONN_IS_EDGE(conn
))
431 connection_edge_end_errno(TO_EDGE_CONN(conn
),
432 TO_EDGE_CONN(conn
)->cpath_layer
);
433 connection_mark_for_close(conn
);
436 assert_connection_ok(conn
, time(NULL
));
438 if (smartlist_len(closeable_connection_lst
))
439 close_closeable_connections();
442 /** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
443 * some data to write. */
445 conn_write_callback(int fd
, short events
, void *_conn
)
447 connection_t
*conn
= _conn
;
451 LOG_FN_CONN(conn
, (LOG_DEBUG
, LD_NET
, "socket %d wants to write.",conn
->s
));
453 assert_connection_ok(conn
, time(NULL
));
455 if (connection_handle_write(conn
, 0) < 0) {
456 if (!conn
->marked_for_close
) {
457 /* this connection is broken. remove it. */
458 log_fn(LOG_WARN
,LD_BUG
,
459 "Bug: unhandled error on write for %s connection (fd %d); removing",
460 conn_type_to_string(conn
->type
), conn
->s
);
461 tor_fragile_assert();
462 if (CONN_IS_EDGE(conn
)) {
463 /* otherwise we cry wolf about duplicate close */
464 edge_connection_t
*edge_conn
= TO_EDGE_CONN(conn
);
465 if (!edge_conn
->end_reason
)
466 edge_conn
->end_reason
= END_STREAM_REASON_INTERNAL
;
467 conn
->edge_has_sent_end
= 1;
469 /* XXX do we need a close-immediate here, so we don't try to flush? */
470 connection_mark_for_close(conn
);
473 assert_connection_ok(conn
, time(NULL
));
475 if (smartlist_len(closeable_connection_lst
))
476 close_closeable_connections();
479 /** If the connection at connection_array[i] is marked for close, then:
480 * - If it has data that it wants to flush, try to flush it.
481 * - If it _still_ has data to flush, and conn->hold_open_until_flushed is
482 * true, then leave the connection open and return.
483 * - Otherwise, remove the connection from connection_array and from
484 * all other lists, close it, and free it.
485 * Returns 1 if the connection was closed, 0 otherwise.
488 conn_close_if_marked(int i
)
493 conn
= connection_array
[i
];
494 if (!conn
->marked_for_close
)
495 return 0; /* nothing to see here, move along */
496 assert_connection_ok(conn
, time(NULL
));
497 assert_all_pending_dns_resolves_ok();
499 log_debug(LD_NET
,"Cleaning up connection (fd %d).",conn
->s
);
500 if (conn
->s
>= 0 && connection_wants_to_flush(conn
)) {
501 /* s == -1 means it's an incomplete edge connection, or that the socket
502 * has already been closed as unflushable. */
503 int sz
= connection_bucket_write_limit(conn
);
504 if (!conn
->hold_open_until_flushed
)
506 "Conn (addr %s, fd %d, type %s, state %d) marked, but wants "
507 "to flush %d bytes. (Marked at %s:%d)",
508 escaped_safe_str(conn
->address
),
509 conn
->s
, conn_type_to_string(conn
->type
), conn
->state
,
510 (int)conn
->outbuf_flushlen
,
511 conn
->marked_for_close_file
, conn
->marked_for_close
);
512 if (connection_speaks_cells(conn
)) {
513 if (conn
->state
== OR_CONN_STATE_OPEN
) {
514 retval
= flush_buf_tls(TO_OR_CONN(conn
)->tls
, conn
->outbuf
, sz
,
515 &conn
->outbuf_flushlen
);
517 retval
= -1; /* never flush non-open broken tls connections */
519 retval
= flush_buf(conn
->s
, conn
->outbuf
, sz
, &conn
->outbuf_flushlen
);
521 if (retval
>= 0 && /* Technically, we could survive things like
522 TLS_WANT_WRITE here. But don't bother for now. */
523 conn
->hold_open_until_flushed
&& connection_wants_to_flush(conn
)) {
525 LOG_FN_CONN(conn
, (LOG_INFO
,LD_NET
,
526 "Holding conn (fd %d) open for more flushing.",
528 /* XXX should we reset timestamp_lastwritten here? */
531 if (connection_wants_to_flush(conn
)) {
533 if (conn
->type
== CONN_TYPE_EXIT
||
534 (conn
->type
== CONN_TYPE_OR
&& server_mode(get_options())) ||
535 (conn
->type
== CONN_TYPE_DIR
&& conn
->purpose
== DIR_PURPOSE_SERVER
))
538 severity
= LOG_NOTICE
;
539 /* XXXX012 rewrite this error message; it generates lots of worried
540 * support requests. */
541 log_fn(severity
, LD_NET
, "Something wrong with your network connection? "
542 "We tried to write %d bytes to addr %s (fd %d, type %s, state %d)"
543 " but timed out. (Marked at %s:%d)",
544 (int)buf_datalen(conn
->outbuf
),
545 escaped_safe_str(conn
->address
), conn
->s
,
546 conn_type_to_string(conn
->type
), conn
->state
,
547 conn
->marked_for_close_file
,
548 conn
->marked_for_close
);
551 connection_unlink(conn
, 1); /* unlink, remove, free */
555 /** We've just tried every dirserver we know about, and none of
556 * them were reachable. Assume the network is down. Change state
557 * so next time an application connection arrives we'll delay it
558 * and try another directory fetch. Kill off all the circuit_wait
559 * streams that are waiting now, since they will all timeout anyway.
562 directory_all_unreachable(time_t now
)
567 stats_n_seconds_working
=0; /* reset it */
569 while ((conn
= connection_get_by_type_state(CONN_TYPE_AP
,
570 AP_CONN_STATE_CIRCUIT_WAIT
))) {
571 edge_connection_t
*edge_conn
= TO_EDGE_CONN(conn
);
573 "Is your network connection down? "
574 "Failing connection to '%s:%d'.",
575 safe_str(edge_conn
->socks_request
->address
),
576 edge_conn
->socks_request
->port
);
577 connection_mark_unattached_ap(edge_conn
,
578 END_STREAM_REASON_NET_UNREACHABLE
);
580 control_event_general_status(LOG_ERR
, "DIR_ALL_UNREACHABLE");
583 /** This function is called whenever we successfully pull down some new
584 * network statuses or server descriptors. */
586 directory_info_has_arrived(time_t now
, int from_cache
)
588 or_options_t
*options
= get_options();
590 if (!router_have_minimum_dir_info()) {
591 log(LOG_NOTICE
, LD_DIR
,
592 "I learned some more directory information, but not enough to "
594 update_router_descriptor_downloads(now
);
598 if (server_mode(options
) && !we_are_hibernating() && !from_cache
&&
599 (has_completed_circuit
|| !any_predicted_circuits(now
)))
600 consider_testing_reachability(1, 1);
603 /** Perform regular maintenance tasks for a single connection. This
604 * function gets run once per second per connection by run_scheduled_events.
607 run_connection_housekeeping(int i
, time_t now
)
610 connection_t
*conn
= connection_array
[i
];
611 or_options_t
*options
= get_options();
612 or_connection_t
*or_conn
;
614 if (conn
->outbuf
&& !buf_datalen(conn
->outbuf
) && conn
->type
== CONN_TYPE_OR
)
615 TO_OR_CONN(conn
)->timestamp_lastempty
= now
;
617 if (conn
->marked_for_close
) {
618 /* nothing to do here */
622 /* Expire any directory connections that haven't been active (sent
623 * if a server or received if a client) for 5 min */
624 if (conn
->type
== CONN_TYPE_DIR
&&
625 ((DIR_CONN_IS_SERVER(conn
) &&
626 conn
->timestamp_lastwritten
+ DIR_CONN_MAX_STALL
< now
) ||
627 (!DIR_CONN_IS_SERVER(conn
) &&
628 conn
->timestamp_lastread
+ DIR_CONN_MAX_STALL
< now
))) {
629 log_info(LD_DIR
,"Expiring wedged directory conn (fd %d, purpose %d)",
630 conn
->s
, conn
->purpose
);
631 /* This check is temporary; it's to let us know whether we should consider
632 * parsing partial serverdesc responses. */
633 if (conn
->purpose
== DIR_PURPOSE_FETCH_SERVERDESC
&&
634 buf_datalen(conn
->inbuf
)>=1024) {
635 log_info(LD_DIR
,"Trying to extract information from wedged server desc "
637 connection_dir_reached_eof(TO_DIR_CONN(conn
));
639 connection_mark_for_close(conn
);
644 if (!connection_speaks_cells(conn
))
645 return; /* we're all done here, the rest is just for OR conns */
647 or_conn
= TO_OR_CONN(conn
);
649 if (!conn
->or_is_obsolete
) {
650 if (conn
->timestamp_created
+ TIME_BEFORE_OR_CONN_IS_OBSOLETE
< now
) {
652 "Marking OR conn to %s:%d obsolete (fd %d, %d secs old).",
653 conn
->address
, conn
->port
, conn
->s
,
654 (int)(now
- conn
->timestamp_created
));
655 conn
->or_is_obsolete
= 1;
657 or_connection_t
*best
=
658 connection_or_get_by_identity_digest(or_conn
->identity_digest
);
659 if (best
&& best
!= or_conn
&&
660 (conn
->state
== OR_CONN_STATE_OPEN
||
661 now
> conn
->timestamp_created
+ TLS_HANDSHAKE_TIMEOUT
)) {
662 /* We only mark as obsolete connections that already are in
663 * OR_CONN_STATE_OPEN, i.e. that have finished their TLS handshaking.
664 * This is necessary because authorities judge whether a router is
665 * reachable based on whether they were able to TLS handshake with it
666 * recently. Without this check we would expire connections too
667 * early for router->last_reachable to be updated.
670 "Marking duplicate conn to %s:%d obsolete "
671 "(fd %d, %d secs old).",
672 conn
->address
, conn
->port
, conn
->s
,
673 (int)(now
- conn
->timestamp_created
));
674 conn
->or_is_obsolete
= 1;
679 if (conn
->or_is_obsolete
&& !or_conn
->n_circuits
) {
680 /* no unmarked circs -- mark it now */
682 "Expiring non-used OR connection to fd %d (%s:%d) [Obsolete].",
683 conn
->s
, conn
->address
, conn
->port
);
684 connection_mark_for_close(conn
);
685 conn
->hold_open_until_flushed
= 1;
689 /* If we haven't written to an OR connection for a while, then either nuke
690 the connection or send a keepalive, depending. */
691 if (now
>= conn
->timestamp_lastwritten
+ options
->KeepalivePeriod
) {
692 routerinfo_t
*router
= router_get_by_digest(or_conn
->identity_digest
);
693 if (!connection_state_is_open(conn
)) {
694 log_info(LD_OR
,"Expiring non-open OR connection to fd %d (%s:%d).",
695 conn
->s
,conn
->address
, conn
->port
);
696 connection_mark_for_close(conn
);
697 conn
->hold_open_until_flushed
= 1;
698 } else if (we_are_hibernating() && !or_conn
->n_circuits
&&
699 !buf_datalen(conn
->outbuf
)) {
700 log_info(LD_OR
,"Expiring non-used OR connection to fd %d (%s:%d) "
701 "[Hibernating or exiting].",
702 conn
->s
,conn
->address
, conn
->port
);
703 connection_mark_for_close(conn
);
704 conn
->hold_open_until_flushed
= 1;
705 } else if (!clique_mode(options
) && !or_conn
->n_circuits
&&
706 (!router
|| !server_mode(options
) ||
707 !router_is_clique_mode(router
))) {
708 log_info(LD_OR
,"Expiring non-used OR connection to fd %d (%s:%d) "
709 "[Not in clique mode].",
710 conn
->s
,conn
->address
, conn
->port
);
711 connection_mark_for_close(conn
);
712 conn
->hold_open_until_flushed
= 1;
714 now
>= or_conn
->timestamp_lastempty
+ options
->KeepalivePeriod
*10 &&
715 now
>= conn
->timestamp_lastwritten
+ options
->KeepalivePeriod
*10) {
716 log_fn(LOG_PROTOCOL_WARN
,LD_PROTOCOL
,
717 "Expiring stuck OR connection to fd %d (%s:%d). (%d bytes to "
718 "flush; %d seconds since last write)",
719 conn
->s
, conn
->address
, conn
->port
,
720 (int)buf_datalen(conn
->outbuf
),
721 (int)(now
-conn
->timestamp_lastwritten
));
722 connection_mark_for_close(conn
);
723 } else if (!buf_datalen(conn
->outbuf
)) {
724 /* either in clique mode, or we've got a circuit. send a padding cell. */
725 log_fn(LOG_DEBUG
,LD_OR
,"Sending keepalive to (%s:%d)",
726 conn
->address
, conn
->port
);
727 memset(&cell
,0,sizeof(cell_t
));
728 cell
.command
= CELL_PADDING
;
729 connection_or_write_cell_to_buf(&cell
, or_conn
);
734 /** Perform regular maintenance tasks. This function gets run once per
735 * second by prepare_for_poll.
738 run_scheduled_events(time_t now
)
740 static time_t last_rotated_certificate
= 0;
741 static time_t time_to_check_listeners
= 0;
742 static time_t time_to_check_descriptor
= 0;
743 static time_t time_to_check_ipaddress
= 0;
744 static time_t time_to_shrink_buffers
= 0;
745 static time_t time_to_try_getting_descriptors
= 0;
746 static time_t time_to_reset_descriptor_failures
= 0;
747 static time_t time_to_add_entropy
= 0;
748 or_options_t
*options
= get_options();
752 /** 0. See if we've been asked to shut down and our timeout has
753 * expired; or if our bandwidth limits are exhausted and we
754 * should hibernate; or if it's time to wake up from hibernation.
756 consider_hibernation(now
);
758 /* 0b. If we've deferred a signewnym, make sure it gets handled
760 if (signewnym_is_pending
&&
761 time_of_last_signewnym
+ MAX_SIGNEWNYM_RATE
<= now
) {
762 log(LOG_INFO
, LD_CONTROL
, "Honoring delayed NEWNYM request");
763 circuit_expire_all_dirty_circs();
764 addressmap_clear_transient();
765 time_of_last_signewnym
= now
;
766 signewnym_is_pending
= 0;
769 /** 1a. Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion keys,
770 * shut down and restart all cpuworkers, and update the directory if
773 if (server_mode(options
) &&
774 get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME
< now
) {
775 log_info(LD_GENERAL
,"Rotating onion key.");
778 if (router_rebuild_descriptor(1)<0) {
779 log_info(LD_CONFIG
, "Couldn't rebuild router descriptor");
781 if (advertised_server_mode())
782 router_upload_dir_desc_to_dirservers(0);
785 if (time_to_try_getting_descriptors
< now
) {
786 /* XXXX Maybe we should do this every 10sec when not enough info,
787 * and every 60sec when we have enough info -NM */
788 update_router_descriptor_downloads(now
);
789 time_to_try_getting_descriptors
= now
+ DESCRIPTOR_RETRY_INTERVAL
;
792 if (time_to_reset_descriptor_failures
< now
) {
793 router_reset_descriptor_download_failures();
794 time_to_reset_descriptor_failures
=
795 now
+ DESCRIPTOR_FAILURE_RESET_INTERVAL
;
798 /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
799 if (!last_rotated_certificate
)
800 last_rotated_certificate
= now
;
801 if (last_rotated_certificate
+MAX_SSL_KEY_LIFETIME
< now
) {
802 log_info(LD_GENERAL
,"Rotating tls context.");
803 if (tor_tls_context_new(get_identity_key(), options
->Nickname
,
804 MAX_SSL_KEY_LIFETIME
) < 0) {
805 log_warn(LD_BUG
, "Error reinitializing TLS context");
806 /* XXX is it a bug here, that we just keep going? */
808 last_rotated_certificate
= now
;
809 /* XXXX We should rotate TLS connections as well; this code doesn't change
813 if (time_to_add_entropy
== 0)
814 time_to_add_entropy
= now
+ ENTROPY_INTERVAL
;
815 if (time_to_add_entropy
< now
) {
816 /* We already seeded once, so don't die on failure. */
818 time_to_add_entropy
= now
+ ENTROPY_INTERVAL
;
821 /** 1c. If we have to change the accounting interval or record
822 * bandwidth used in this accounting interval, do so. */
823 if (accounting_is_enabled(options
))
824 accounting_run_housekeeping(now
);
826 if (now
% 10 == 0 && authdir_mode(options
) && !we_are_hibernating()) {
827 /* try to determine reachability of the other Tor servers */
828 dirserv_test_reachability(0);
831 /** 2. Periodically, we consider getting a new directory, getting a
832 * new running-routers list, and/or force-uploading our descriptor
833 * (if we've passed our internal checks). */
834 if (time_to_fetch_directory
< now
) {
835 /* Only caches actually need to fetch directories now. */
836 if (options
->DirPort
&& !options
->V1AuthoritativeDir
) {
837 /* XXX actually, we should only do this if we want to advertise
838 * our dirport. not simply if we configured one. -RD */
839 if (any_trusted_dir_is_v1_authority())
840 directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR
, NULL
, 1);
842 /** How often do we (as a cache) fetch a new V1 directory? */
843 #define V1_DIR_FETCH_PERIOD (6*60*60)
844 time_to_fetch_directory
= now
+ V1_DIR_FETCH_PERIOD
;
847 /* Caches need to fetch running_routers; directory clients don't. */
848 if (options
->DirPort
&& time_to_fetch_running_routers
< now
) {
849 if (!authdir_mode(options
) || !options
->V1AuthoritativeDir
) {
850 directory_get_from_dirserver(DIR_PURPOSE_FETCH_RUNNING_LIST
, NULL
, 1);
852 /** How often do we (as a cache) fetch a new V1 runningrouters document? */
853 #define V1_RUNNINGROUTERS_FETCH_PERIOD (30*60)
854 time_to_fetch_running_routers
= now
+ V1_RUNNINGROUTERS_FETCH_PERIOD
;
856 /* Also, take this chance to remove old information from rephist
857 * and the rend cache. */
858 rep_history_clean(now
- options
->RephistTrackTime
);
862 /* 2b. Once per minute, regenerate and upload the descriptor if the old
863 * one is inaccurate. */
864 if (time_to_check_descriptor
< now
) {
865 static int dirport_reachability_count
= 0;
866 time_to_check_descriptor
= now
+ CHECK_DESCRIPTOR_INTERVAL
;
867 check_descriptor_bandwidth_changed(now
);
868 if (time_to_check_ipaddress
< now
) {
869 time_to_check_ipaddress
= now
+ CHECK_IPADDRESS_INTERVAL
;
870 check_descriptor_ipaddress_changed(now
);
872 mark_my_descriptor_dirty_if_older_than(
873 now
- FORCE_REGENERATE_DESCRIPTOR_INTERVAL
);
874 consider_publishable_server(0);
875 /* also, check religiously for reachability, if it's within the first
876 * 20 minutes of our uptime. */
877 if (server_mode(options
) &&
878 (has_completed_circuit
|| !any_predicted_circuits(now
)) &&
879 stats_n_seconds_working
< TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT
&&
880 !we_are_hibernating()) {
881 consider_testing_reachability(1, dirport_reachability_count
==0);
882 if (++dirport_reachability_count
> 5)
883 dirport_reachability_count
= 0;
886 /* If any networkstatus documents are no longer recent, we need to
887 * update all the descriptors' running status. */
888 /* purge obsolete entries */
889 routerlist_remove_old_routers();
890 networkstatus_list_clean(now
);
891 networkstatus_list_update_recent(now
);
892 routers_update_all_from_networkstatus();
894 /* Also, once per minute, check whether we want to download any
895 * networkstatus documents.
897 update_networkstatus_downloads(now
);
900 /** 3a. Every second, we examine pending circuits and prune the
901 * ones which have been pending for more than a few seconds.
902 * We do this before step 4, so it can try building more if
903 * it's not comfortable with the number of available circuits.
905 circuit_expire_building(now
);
907 /** 3b. Also look at pending streams and prune the ones that 'began'
908 * a long time ago but haven't gotten a 'connected' yet.
909 * Do this before step 4, so we can put them back into pending
910 * state to be picked up by the new circuit.
912 connection_ap_expire_beginning();
914 /** 3c. And expire connections that we've held open for too long.
916 connection_expire_held_open();
918 /** 3d. And every 60 seconds, we relaunch listeners if any died. */
919 if (!we_are_hibernating() && time_to_check_listeners
< now
) {
920 /* 0 means "only launch the ones that died." */
921 retry_all_listeners(0, NULL
, NULL
);
922 time_to_check_listeners
= now
+60;
925 /** 4. Every second, we try a new circuit if there are no valid
926 * circuits. Every NewCircuitPeriod seconds, we expire circuits
927 * that became dirty more than MaxCircuitDirtiness seconds ago,
928 * and we make a new circ if there are no clean circuits.
930 have_dir_info
= router_have_minimum_dir_info();
931 if (have_dir_info
&& !we_are_hibernating())
932 circuit_build_needed_circs(now
);
934 /** 5. We do housekeeping for each connection... */
935 for (i
=0;i
<n_conns
;i
++) {
936 run_connection_housekeeping(i
, now
);
938 if (time_to_shrink_buffers
< now
) {
939 for (i
=0;i
<n_conns
;i
++) {
940 connection_t
*conn
= connection_array
[i
];
942 buf_shrink(conn
->outbuf
);
944 buf_shrink(conn
->inbuf
);
946 time_to_shrink_buffers
= now
+ BUF_SHRINK_INTERVAL
;
949 /** 6. And remove any marked circuits... */
950 circuit_close_all_marked();
952 /** 7. And upload service descriptors if necessary. */
953 if (has_completed_circuit
&& !we_are_hibernating())
954 rend_consider_services_upload(now
);
956 /** 8. and blow away any connections that need to die. have to do this now,
957 * because if we marked a conn for close and left its socket -1, then
958 * we'll pass it to poll/select and bad things will happen.
960 close_closeable_connections();
962 /** 8b. And if anything in our state is ready to get flushed to disk, we
966 /** 9. and if we're a server, check whether our DNS is telling stories to
968 if (server_mode(options
) && time_to_check_for_correct_dns
< now
) {
969 if (!time_to_check_for_correct_dns
) {
970 time_to_check_for_correct_dns
= now
+ 60 + crypto_rand_int(120);
972 dns_launch_correctness_checks();
973 time_to_check_for_correct_dns
= now
+ 12*3600 +
974 crypto_rand_int(12*3600);
979 /** Libevent timer: used to invoke second_elapsed_callback() once per
981 static struct event
*timeout_event
= NULL
;
982 /** Number of libevent errors in the last second: we die if we get too many. */
983 static int n_libevent_errors
= 0;
985 /** Libevent callback: invoked once every second. */
987 second_elapsed_callback(int fd
, short event
, void *args
)
989 /* XXXX This could be sensibly refactored into multiple callbacks, and we
990 * could use libevent's timers for this rather than checking the current
991 * time against a bunch of timeouts every second. */
992 static struct timeval one_second
;
993 static long current_second
= 0;
995 size_t bytes_written
;
998 or_options_t
*options
= get_options();
1002 if (!timeout_event
) {
1003 timeout_event
= tor_malloc_zero(sizeof(struct event
));
1004 evtimer_set(timeout_event
, second_elapsed_callback
, NULL
);
1005 one_second
.tv_sec
= 1;
1006 one_second
.tv_usec
= 0;
1009 n_libevent_errors
= 0;
1011 /* log_fn(LOG_NOTICE, "Tick."); */
1012 tor_gettimeofday(&now
);
1014 /* the second has rolled over. check more stuff. */
1015 bytes_written
= stats_prev_global_write_bucket
- global_write_bucket
;
1016 bytes_read
= stats_prev_global_read_bucket
- global_read_bucket
;
1017 seconds_elapsed
= current_second
? (now
.tv_sec
- current_second
) : 0;
1018 stats_n_bytes_read
+= bytes_read
;
1019 stats_n_bytes_written
+= bytes_written
;
1020 if (accounting_is_enabled(options
) && seconds_elapsed
>= 0)
1021 accounting_add_bytes(bytes_read
, bytes_written
, seconds_elapsed
);
1022 control_event_bandwidth_used((uint32_t)bytes_read
,(uint32_t)bytes_written
);
1023 control_event_stream_bandwidth_used();
1025 if (seconds_elapsed
> 0)
1026 connection_bucket_refill(seconds_elapsed
);
1027 stats_prev_global_read_bucket
= global_read_bucket
;
1028 stats_prev_global_write_bucket
= global_write_bucket
;
1030 if (server_mode(options
) &&
1031 !we_are_hibernating() &&
1032 seconds_elapsed
> 0 &&
1033 stats_n_seconds_working
/ TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT
!=
1034 (stats_n_seconds_working
+seconds_elapsed
) /
1035 TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT
) {
1036 /* every 20 minutes, check and complain if necessary */
1037 routerinfo_t
*me
= router_get_my_routerinfo();
1038 if (me
&& !check_whether_orport_reachable())
1039 log_warn(LD_CONFIG
,"Your server (%s:%d) has not managed to confirm that "
1040 "its ORPort is reachable. Please check your firewalls, ports, "
1041 "address, /etc/hosts file, etc.",
1042 me
->address
, me
->or_port
);
1043 if (me
&& !check_whether_dirport_reachable())
1045 "Your server (%s:%d) has not managed to confirm that its "
1046 "DirPort is reachable. Please check your firewalls, ports, "
1047 "address, /etc/hosts file, etc.",
1048 me
->address
, me
->dir_port
);
1051 /** If more than this many seconds have elapsed, probably the clock
1052 * jumped: doesn't count. */
1053 #define NUM_JUMPED_SECONDS_BEFORE_WARN 100
1054 if (seconds_elapsed
< -NUM_JUMPED_SECONDS_BEFORE_WARN
||
1055 seconds_elapsed
>= NUM_JUMPED_SECONDS_BEFORE_WARN
) {
1056 circuit_note_clock_jumped(seconds_elapsed
);
1057 /* XXX if the time jumps *back* many months, do our events in
1058 * run_scheduled_events() recover? I don't think they do. -RD */
1059 } else if (seconds_elapsed
> 0)
1060 stats_n_seconds_working
+= seconds_elapsed
;
1062 run_scheduled_events(now
.tv_sec
);
1064 current_second
= now
.tv_sec
; /* remember which second it is, for next time */
1067 if (current_second
% 300 == 0) {
1068 rep_history_clean(current_second
- options
->RephistTrackTime
);
1069 dumpmemusage(get_min_log_level()<LOG_INFO
?
1070 get_min_log_level() : LOG_INFO
);
1074 if (evtimer_add(timeout_event
, &one_second
))
1076 "Error from libevent when setting one-second timeout event");
1080 /** Called when a possibly ignorable libevent error occurs; ensures that we
1081 * don't get into an infinite loop by ignoring too many errors from
1084 got_libevent_error(void)
1086 if (++n_libevent_errors
> 8) {
1087 log_err(LD_NET
, "Too many libevent errors in one second; dying");
1094 #define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
1096 /** Called when our IP address seems to have changed. <b>at_interface</b>
1097 * should be true if we detected a change in our interface, and false if we
1098 * detected a change in our published address. */
1100 ip_address_changed(int at_interface
)
1102 int server
= server_mode(get_options());
1106 /* Okay, change our keys. */
1111 if (stats_n_seconds_working
> UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST
)
1112 reset_bandwidth_test();
1113 stats_n_seconds_working
= 0;
1114 router_reset_reachability();
1115 mark_my_descriptor_dirty();
1119 dns_servers_relaunch_checks();
1122 /** Forget what we've learned about the correctness of our DNS servers, and
1123 * start learning again. */
1125 dns_servers_relaunch_checks(void)
1127 if (server_mode(get_options())) {
1128 dns_reset_correctness_checks();
1129 time_to_check_for_correct_dns
= 0;
1133 /** Called when we get a SIGHUP: reload configuration files and keys,
1134 * retry all connections, re-upload all descriptors, and so on. */
1138 or_options_t
*options
= get_options();
1140 log_notice(LD_GENERAL
,"Received reload signal (hup). Reloading config.");
1141 if (accounting_is_enabled(options
))
1142 accounting_record_bandwidth_usage(time(NULL
), get_or_state());
1144 router_reset_warnings();
1145 routerlist_reset_warnings();
1146 addressmap_clear_transient();
1147 /* first, reload config variables, in case they've changed */
1148 /* no need to provide argc/v, they've been cached inside init_from_config */
1149 if (options_init_from_torrc(0, NULL
) < 0) {
1150 log_err(LD_CONFIG
,"Reading config failed--see warnings above. "
1151 "For usage, try -h.");
1154 options
= get_options(); /* they have changed now */
1155 if (authdir_mode(options
)) {
1156 /* reload the approved-routers file */
1157 if (dirserv_load_fingerprint_file() < 0) {
1158 /* warnings are logged from dirserv_load_fingerprint_file() directly */
1159 log_info(LD_GENERAL
, "Error reloading fingerprints. "
1160 "Continuing with old list.");
1164 /* Rotate away from the old dirty circuits. This has to be done
1165 * after we've read the new options, but before we start using
1166 * circuits for directory fetches. */
1167 circuit_expire_all_dirty_circs();
1169 /* retry appropriate downloads */
1170 router_reset_status_download_failures();
1171 router_reset_descriptor_download_failures();
1172 update_networkstatus_downloads(time(NULL
));
1174 /* We'll retry routerstatus downloads in about 10 seconds; no need to
1175 * force a retry there. */
1177 if (server_mode(options
)) {
1178 // const char *descriptor;
1179 mark_my_descriptor_dirty();
1180 /* Restart cpuworker and dnsworker processes, so they get up-to-date
1181 * configuration options. */
1182 cpuworkers_rotate();
1185 const char *descriptor
;
1187 /* Write out a fresh descriptor, but leave old one on failure. */
1188 router_rebuild_descriptor(1);
1189 descriptor
= router_get_my_descriptor();
1191 tor_snprintf(keydir
,sizeof(keydir
),"%s/router.desc",
1192 options
->DataDirectory
);
1193 log_info(LD_OR
,"Saving descriptor to \"%s\"...",keydir
);
1194 if (write_str_to_file(keydir
, descriptor
, 0)) {
1203 /** Tor main loop. */
1209 /* initialize dns resolve map, spawn workers if needed */
1210 if (dns_init() < 0) {
1211 log_err(LD_GENERAL
,"Error initializing dns subsystem; exiting");
1217 /* load the private keys, if we're supposed to have them, and set up the
1219 if (! identity_key_is_set()) {
1220 if (init_keys() < 0) {
1221 log_err(LD_BUG
,"Error initializing keys; exiting");
1226 /* Set up our buckets */
1227 connection_bucket_init();
1228 stats_prev_global_read_bucket
= global_read_bucket
;
1229 stats_prev_global_write_bucket
= global_write_bucket
;
1231 /* load the routers file, or assign the defaults. */
1232 if (router_reload_router_list()) {
1235 /* load the networkstatuses. (This launches a download for new routers as
1238 if (router_reload_networkstatus()) {
1241 directory_info_has_arrived(time(NULL
),1);
1243 if (authdir_mode(get_options())) {
1244 /* the directory is already here, run startup things */
1245 dirserv_test_reachability(1);
1248 if (server_mode(get_options())) {
1249 /* launch cpuworkers. Need to do this *after* we've read the onion key. */
1253 /* set up once-a-second callback. */
1254 second_elapsed_callback(0,0,NULL
);
1257 if (nt_service_is_stopping())
1261 /* Make it easier to tell whether libevent failure is our fault or not. */
1264 /* poll until we have an event, or the second ends */
1265 loop_result
= event_dispatch();
1267 /* let catch() handle things like ^c, and otherwise don't worry about it */
1268 if (loop_result
< 0) {
1269 int e
= tor_socket_errno(-1);
1270 /* let the program survive things like ^z */
1271 if (e
!= EINTR
&& !ERRNO_IS_EINPROGRESS(e
)) {
1272 #ifdef HAVE_EVENT_GET_METHOD
1273 log_err(LD_NET
,"libevent call with %s failed: %s [%d]",
1274 event_get_method(), tor_socket_strerror(e
), e
);
1276 log_err(LD_NET
,"libevent call failed: %s [%d]",
1277 tor_socket_strerror(e
), e
);
1281 } else if (e
== EINVAL
) {
1282 log_warn(LD_NET
, "EINVAL from libevent: should you upgrade libevent?");
1283 if (got_libevent_error())
1287 if (ERRNO_IS_EINPROGRESS(e
))
1289 "libevent call returned EINPROGRESS? Please report.");
1290 log_debug(LD_NET
,"libevent call interrupted.");
1291 /* You can't trust the results of this poll(). Go back to the
1292 * top of the big for loop. */
1297 /* refilling buckets and sending cells happens at the beginning of the
1298 * next iteration of the loop, inside prepare_for_poll()
1299 * XXXX No longer so.
1304 /** Used to implement the SIGNAL control command: if we accept
1305 * <b>the_signal</b> as a remote pseudo-signal, act on it. */
1306 /* We don't re-use catch() here because:
1307 * 1. We handle a different set of signals than those allowed in catch.
1308 * 2. Platforms without signal() are unlikely to define SIGfoo.
1309 * 3. The control spec is defined to use fixed numeric signal values
1310 * which just happen to match the unix values.
1313 control_signal_act(int the_signal
)
1318 signal_callback(0,0,(void*)(uintptr_t)SIGHUP
);
1321 signal_callback(0,0,(void*)(uintptr_t)SIGINT
);
1324 signal_callback(0,0,(void*)(uintptr_t)SIGUSR1
);
1327 signal_callback(0,0,(void*)(uintptr_t)SIGUSR2
);
1330 signal_callback(0,0,(void*)(uintptr_t)SIGTERM
);
1333 signal_callback(0,0,(void*)(uintptr_t)SIGNEWNYM
);
1335 case SIGCLEARDNSCACHE
:
1336 signal_callback(0,0,(void*)(uintptr_t)SIGCLEARDNSCACHE
);
1339 log_warn(LD_BUG
, "Unrecognized signal number %d.", the_signal
);
1344 /** Libevent callback: invoked when we get a signal.
1347 signal_callback(int fd
, short events
, void *arg
)
1349 uintptr_t sig
= (uintptr_t)arg
;
1355 log_err(LD_GENERAL
,"Catching signal TERM, exiting cleanly.");
1360 if (!server_mode(get_options())) { /* do it now */
1361 log_notice(LD_GENERAL
,"Interrupt: exiting cleanly.");
1365 hibernate_begin_shutdown();
1369 log_debug(LD_GENERAL
,"Caught sigpipe. Ignoring.");
1373 /* prefer to log it at INFO, but make sure we always see it */
1374 dumpstats(get_min_log_level()<LOG_INFO
? get_min_log_level() : LOG_INFO
);
1377 switch_logs_debug();
1378 log_debug(LD_GENERAL
,"Caught USR2, going to loglevel debug. "
1379 "Send HUP to change back.");
1383 log_warn(LD_CONFIG
,"Restart failed (config error?). Exiting.");
1390 while (waitpid(-1,NULL
,WNOHANG
) > 0) ; /* keep reaping until no more
1395 time_t now
= time(NULL
);
1396 if (time_of_last_signewnym
+ MAX_SIGNEWNYM_RATE
> now
) {
1397 signewnym_is_pending
= 1;
1398 log(LOG_NOTICE
, LD_CONTROL
,
1399 "Rate limiting NEWNYM request: delaying by %d second(s)",
1400 (int)(MAX_SIGNEWNYM_RATE
+time_of_last_signewnym
-now
));
1402 /* XXX refactor someday: these two calls are in
1403 * run_scheduled_events() above too, and they should be in just
1405 circuit_expire_all_dirty_circs();
1406 addressmap_clear_transient();
1407 time_of_last_signewnym
= now
;
1411 case SIGCLEARDNSCACHE
:
1412 addressmap_clear_transient();
1417 extern uint64_t buf_total_used
;
1418 extern uint64_t buf_total_alloc
;
1419 extern uint64_t rephist_total_alloc
;
1420 extern uint32_t rephist_total_num
;
1423 * Write current memory usage information to the log.
1426 dumpmemusage(int severity
)
1428 log(severity
, LD_GENERAL
,
1429 "In buffers: "U64_FORMAT
" used/"U64_FORMAT
" allocated (%d conns).",
1430 U64_PRINTF_ARG(buf_total_used
), U64_PRINTF_ARG(buf_total_alloc
),
1432 log(severity
, LD_GENERAL
, "In rephist: "U64_FORMAT
" used by %d Tors.",
1433 U64_PRINTF_ARG(rephist_total_alloc
), rephist_total_num
);
1434 dump_routerlist_mem_usage(severity
);
1437 /** Write all statistics to the log, with log level 'severity'. Called
1438 * in response to a SIGUSR1. */
1440 dumpstats(int severity
)
1444 time_t now
= time(NULL
);
1447 log(severity
, LD_GENERAL
, "Dumping stats:");
1449 for (i
=0;i
<n_conns
;i
++) {
1450 conn
= connection_array
[i
];
1451 log(severity
, LD_GENERAL
,
1452 "Conn %d (socket %d) type %d (%s), state %d (%s), created %d secs ago",
1453 i
, conn
->s
, conn
->type
, conn_type_to_string(conn
->type
),
1454 conn
->state
, conn_state_to_string(conn
->type
, conn
->state
),
1455 (int)(now
- conn
->timestamp_created
));
1456 if (!connection_is_listener(conn
)) {
1457 log(severity
,LD_GENERAL
,
1458 "Conn %d is to %s:%d.", i
,
1459 safe_str(conn
->address
), conn
->port
);
1460 log(severity
,LD_GENERAL
,
1461 "Conn %d: %d bytes waiting on inbuf (len %d, last read %d secs ago)",
1463 (int)buf_datalen(conn
->inbuf
),
1464 (int)buf_capacity(conn
->inbuf
),
1465 (int)(now
- conn
->timestamp_lastread
));
1466 log(severity
,LD_GENERAL
,
1467 "Conn %d: %d bytes waiting on outbuf "
1468 "(len %d, last written %d secs ago)",i
,
1469 (int)buf_datalen(conn
->outbuf
),
1470 (int)buf_capacity(conn
->outbuf
),
1471 (int)(now
- conn
->timestamp_lastwritten
));
1473 circuit_dump_by_conn(conn
, severity
); /* dump info about all the circuits
1474 * using this conn */
1476 log(severity
, LD_NET
,
1477 "Cells processed: "U64_FORMAT
" padding\n"
1478 " "U64_FORMAT
" create\n"
1479 " "U64_FORMAT
" created\n"
1480 " "U64_FORMAT
" relay\n"
1481 " ("U64_FORMAT
" relayed)\n"
1482 " ("U64_FORMAT
" delivered)\n"
1483 " "U64_FORMAT
" destroy",
1484 U64_PRINTF_ARG(stats_n_padding_cells_processed
),
1485 U64_PRINTF_ARG(stats_n_create_cells_processed
),
1486 U64_PRINTF_ARG(stats_n_created_cells_processed
),
1487 U64_PRINTF_ARG(stats_n_relay_cells_processed
),
1488 U64_PRINTF_ARG(stats_n_relay_cells_relayed
),
1489 U64_PRINTF_ARG(stats_n_relay_cells_delivered
),
1490 U64_PRINTF_ARG(stats_n_destroy_cells_processed
));
1491 if (stats_n_data_cells_packaged
)
1492 log(severity
,LD_NET
,"Average packaged cell fullness: %2.3f%%",
1493 100*(U64_TO_DBL(stats_n_data_bytes_packaged
) /
1494 U64_TO_DBL(stats_n_data_cells_packaged
*RELAY_PAYLOAD_SIZE
)) );
1495 if (stats_n_data_cells_received
)
1496 log(severity
,LD_NET
,"Average delivered cell fullness: %2.3f%%",
1497 100*(U64_TO_DBL(stats_n_data_bytes_received
) /
1498 U64_TO_DBL(stats_n_data_cells_received
*RELAY_PAYLOAD_SIZE
)) );
1500 if (now
- time_of_process_start
>= 0)
1501 elapsed
= now
- time_of_process_start
;
1506 log(severity
, LD_NET
,
1507 "Average bandwidth: "U64_FORMAT
"/%d = %d bytes/sec reading",
1508 U64_PRINTF_ARG(stats_n_bytes_read
),
1510 (int) (stats_n_bytes_read
/elapsed
));
1511 log(severity
, LD_NET
,
1512 "Average bandwidth: "U64_FORMAT
"/%d = %d bytes/sec writing",
1513 U64_PRINTF_ARG(stats_n_bytes_written
),
1515 (int) (stats_n_bytes_written
/elapsed
));
1518 log(severity
, LD_NET
, "--------------- Dumping memory information:");
1519 dumpmemusage(severity
);
1521 rep_hist_dump_stats(now
,severity
);
1522 rend_service_dump_stats(severity
);
1523 dump_pk_ops(severity
);
1524 dump_distinct_digest_count(severity
);
1527 /** Called by exit() as we shut down the process.
1532 /* NOTE: If we ever daemonize, this gets called immediately. That's
1533 * okay for now, because we only use this on Windows. */
1539 /** Set up the signal handlers for either parent or child. */
1541 handle_signals(int is_parent
)
1543 #ifndef MS_WINDOWS /* do signal stuff only on unix */
1545 static int signals
[] = {
1546 SIGINT
, /* do a controlled slow shutdown */
1547 SIGTERM
, /* to terminate now */
1548 SIGPIPE
, /* otherwise sigpipe kills us */
1549 SIGUSR1
, /* dump stats */
1550 SIGUSR2
, /* go to loglevel debug */
1551 SIGHUP
, /* to reload config, retry conns, etc */
1553 SIGXFSZ
, /* handle file-too-big resource exhaustion */
1555 SIGCHLD
, /* handle dns/cpu workers that exit */
1557 static struct event signal_events
[16]; /* bigger than it has to be. */
1559 for (i
= 0; signals
[i
] >= 0; ++i
) {
1560 signal_set(&signal_events
[i
], signals
[i
], signal_callback
,
1561 (void*)(uintptr_t)signals
[i
]);
1562 if (signal_add(&signal_events
[i
], NULL
))
1563 log_warn(LD_BUG
, "Error from libevent when adding event for signal %d",
1567 struct sigaction action
;
1568 action
.sa_flags
= 0;
1569 sigemptyset(&action
.sa_mask
);
1570 action
.sa_handler
= SIG_IGN
;
1571 sigaction(SIGINT
, &action
, NULL
);
1572 sigaction(SIGTERM
, &action
, NULL
);
1573 sigaction(SIGPIPE
, &action
, NULL
);
1574 sigaction(SIGUSR1
, &action
, NULL
);
1575 sigaction(SIGUSR2
, &action
, NULL
);
1576 sigaction(SIGHUP
, &action
, NULL
);
1578 sigaction(SIGXFSZ
, &action
, NULL
);
1581 #else /* MS windows */
1583 #endif /* signal stuff */
1586 /** Main entry point for the Tor command-line client.
1589 tor_init(int argc
, char *argv
[])
1591 time_of_process_start
= time(NULL
);
1592 if (!closeable_connection_lst
)
1593 closeable_connection_lst
= smartlist_create();
1594 /* Initialize the history structures. */
1596 /* Initialize the service cache. */
1598 addressmap_init(); /* Init the client dns cache. Do it always, since it's
1601 /* give it somewhere to log to initially */
1604 log(LOG_NOTICE
, LD_GENERAL
, "Tor v%s. This is experimental software. "
1605 "Do not rely on it for strong anonymity.",VERSION
);
1607 if (network_init()<0) {
1608 log_err(LD_BUG
,"Error initializing network; exiting.");
1611 atexit(exit_function
);
1613 if (options_init_from_torrc(argc
,argv
) < 0) {
1614 log_err(LD_CONFIG
,"Reading config failed--see warnings above.");
1620 log_warn(LD_GENERAL
,"You are running Tor as root. You don't need to, "
1621 "and you probably shouldn't.");
1624 crypto_global_init(get_options()->HardwareAccel
);
1625 if (crypto_seed_rng()) {
1626 log_err(LD_BUG
, "Unable to seed random number generator. Exiting.");
1633 /** Free all memory that we might have allocated somewhere.
1634 * Helps us find the real leaks with dmalloc and the like.
1636 * Also valgrind should then report 0 reachable in its
1639 tor_free_all(int postfork
)
1646 routerlist_free_all();
1647 addressmap_free_all();
1648 set_exit_redirects(NULL
); /* free the registered exit redirects */
1650 rend_service_free_all();
1651 rend_cache_free_all();
1652 rep_hist_free_all();
1654 clear_pending_onions();
1656 entry_guards_free_all();
1657 connection_free_all();
1658 policies_free_all();
1664 /* stuff in main.c */
1665 smartlist_free(closeable_connection_lst
);
1666 tor_free(timeout_event
);
1667 /* Stuff in util.c */
1670 close_logs(); /* free log strings. do this last so logs keep working. */
1674 /** Do whatever cleanup is necessary before shutting Tor down. */
1678 or_options_t
*options
= get_options();
1679 /* Remove our pid file. We don't care if there was an error when we
1680 * unlink, nothing we could do about it anyways. */
1681 if (options
->command
== CMD_RUN_TOR
) {
1682 if (options
->PidFile
)
1683 unlink(options
->PidFile
);
1684 if (accounting_is_enabled(options
))
1685 accounting_record_bandwidth_usage(time(NULL
), get_or_state());
1686 or_state_mark_dirty(get_or_state(), 0); /* force an immediate save. */
1687 or_state_save(time(NULL
));
1689 tor_free_all(0); /* move tor_free_all back into the ifdef below later. XXX*/
1690 crypto_global_cleanup();
1692 dmalloc_log_unfreed();
1697 /** Read/create keys as needed, and echo our fingerprint to stdout. */
1699 do_list_fingerprint(void)
1701 char buf
[FINGERPRINT_LEN
+1];
1703 const char *nickname
= get_options()->Nickname
;
1704 if (!server_mode(get_options())) {
1706 "Clients don't have long-term identity keys. Exiting.\n");
1709 tor_assert(nickname
);
1710 if (init_keys() < 0) {
1711 log_err(LD_BUG
,"Error initializing keys; can't display fingerprint");
1714 if (!(k
= get_identity_key())) {
1715 log_err(LD_GENERAL
,"Error: missing identity key.");
1718 if (crypto_pk_get_fingerprint(k
, buf
, 1)<0) {
1719 log_err(LD_BUG
, "Error computing fingerprint");
1722 printf("%s %s\n", nickname
, buf
);
1726 /** Entry point for password hashing: take the desired password from
1727 * the command line, and print its salted hash to stdout. **/
1729 do_hash_password(void)
1733 char key
[S2K_SPECIFIER_LEN
+DIGEST_LEN
];
1735 crypto_rand(key
, S2K_SPECIFIER_LEN
-1);
1736 key
[S2K_SPECIFIER_LEN
-1] = (uint8_t)96; /* Hash 64 K of data. */
1737 secret_to_key(key
+S2K_SPECIFIER_LEN
, DIGEST_LEN
,
1738 get_options()->command_arg
, strlen(get_options()->command_arg
),
1740 base16_encode(output
, sizeof(output
), key
, sizeof(key
));
1741 printf("16:%s\n",output
);
1744 #ifdef MS_WINDOWS_SERVICE
1746 /* XXXX can some/all these functions become static? without breaking NT
1748 /* XXXX I'd also like to move much of the NT service stuff into its own
1750 void nt_service_control(DWORD request
);
1751 void nt_service_body(int argc
, char **argv
);
1752 void nt_service_main(void);
1753 SC_HANDLE
nt_service_open_scm(void);
1754 SC_HANDLE
nt_service_open(SC_HANDLE hSCManager
);
1755 int nt_service_start(SC_HANDLE hService
);
1756 int nt_service_stop(SC_HANDLE hService
);
1757 int nt_service_install(int argc
, char **argv
);
1758 int nt_service_remove(void);
1759 int nt_service_cmd_start(void);
1760 int nt_service_cmd_stop(void);
1762 struct service_fns
{
1765 BOOL (WINAPI
*ChangeServiceConfig2A_fn
)(
1770 BOOL (WINAPI
*CloseServiceHandle_fn
)(
1771 SC_HANDLE hSCObject
);
1773 BOOL (WINAPI
*ControlService_fn
)(
1776 LPSERVICE_STATUS lpServiceStatus
);
1778 SC_HANDLE (WINAPI
*CreateServiceA_fn
)(
1779 SC_HANDLE hSCManager
,
1780 LPCTSTR lpServiceName
,
1781 LPCTSTR lpDisplayName
,
1782 DWORD dwDesiredAccess
,
1783 DWORD dwServiceType
,
1785 DWORD dwErrorControl
,
1786 LPCTSTR lpBinaryPathName
,
1787 LPCTSTR lpLoadOrderGroup
,
1789 LPCTSTR lpDependencies
,
1790 LPCTSTR lpServiceStartName
,
1791 LPCTSTR lpPassword
);
1793 BOOL (WINAPI
*DeleteService_fn
)(
1794 SC_HANDLE hService
);
1796 SC_HANDLE (WINAPI
*OpenSCManagerA_fn
)(
1797 LPCTSTR lpMachineName
,
1798 LPCTSTR lpDatabaseName
,
1799 DWORD dwDesiredAccess
);
1801 SC_HANDLE (WINAPI
*OpenServiceA_fn
)(
1802 SC_HANDLE hSCManager
,
1803 LPCTSTR lpServiceName
,
1804 DWORD dwDesiredAccess
);
1806 BOOL (WINAPI
*QueryServiceStatus_fn
)(
1808 LPSERVICE_STATUS lpServiceStatus
);
1810 SERVICE_STATUS_HANDLE (WINAPI
*RegisterServiceCtrlHandlerA_fn
)(
1811 LPCTSTR lpServiceName
,
1812 LPHANDLER_FUNCTION lpHandlerProc
);
1814 BOOL (WINAPI
*SetServiceStatus_fn
)(SERVICE_STATUS_HANDLE
,
1817 BOOL (WINAPI
*StartServiceCtrlDispatcherA_fn
)(
1818 const SERVICE_TABLE_ENTRY
* lpServiceTable
);
1820 BOOL (WINAPI
*StartServiceA_fn
)(
1822 DWORD dwNumServiceArgs
,
1823 LPCTSTR
* lpServiceArgVectors
);
1825 BOOL (WINAPI
*LookupAccountNameA_fn
)(
1826 LPCTSTR lpSystemName
,
1827 LPCTSTR lpAccountName
,
1830 LPTSTR ReferencedDomainName
,
1831 LPDWORD cchReferencedDomainName
,
1832 PSID_NAME_USE peUse
);
1833 } service_fns
= { 0,
1834 NULL
, NULL
, NULL
, NULL
, NULL
, NULL
,
1835 NULL
, NULL
, NULL
, NULL
, NULL
, NULL
,
1838 /** Loads functions used by NT services. Returns on success, or prints a
1839 * complaint to stdout and exits on error. */
1841 nt_service_loadlibrary(void)
1843 HMODULE library
= 0;
1846 if (service_fns
.loaded
)
1849 /* XXXX Possibly, we should hardcode the location of this DLL. */
1850 if (!(library
= LoadLibrary("advapi32.dll"))) {
1851 log_err(LD_GENERAL
, "Couldn't open advapi32.dll. Are you trying to use "
1852 "NT services on Windows 98? That doesn't work.");
1856 #define LOAD(f) do { \
1857 if (!(fn = GetProcAddress(library, #f))) { \
1859 "Couldn't find %s in advapi32.dll! We probably got the " \
1860 "name wrong.", #f); \
1863 service_fns.f ## _fn = fn; \
1867 LOAD(ChangeServiceConfig2A
);
1868 LOAD(CloseServiceHandle
);
1869 LOAD(ControlService
);
1870 LOAD(CreateServiceA
);
1871 LOAD(DeleteService
);
1872 LOAD(OpenSCManagerA
);
1874 LOAD(QueryServiceStatus
);
1875 LOAD(RegisterServiceCtrlHandlerA
);
1876 LOAD(SetServiceStatus
);
1877 LOAD(StartServiceCtrlDispatcherA
);
1878 LOAD(StartServiceA
);
1879 LOAD(LookupAccountNameA
);
1881 service_fns
.loaded
= 1;
1885 printf("Unable to load library support for NT services: exiting.\n");
1889 /** If we're compiled to run as an NT service, and the service wants to
1890 * shut down, then change our current status and return 1. Else
1894 nt_service_is_stopping(void)
1895 /* XXXX this function would probably _love_ to be inline, in 0.2.0. */
1897 /* If we haven't loaded the function pointers, we can't possibly be an NT
1898 * service trying to shut down. */
1899 if (!service_fns
.loaded
)
1902 if (service_status
.dwCurrentState
== SERVICE_STOP_PENDING
) {
1903 service_status
.dwWin32ExitCode
= 0;
1904 service_status
.dwCurrentState
= SERVICE_STOPPED
;
1905 service_fns
.SetServiceStatus_fn(hStatus
, &service_status
);
1907 } else if (service_status
.dwCurrentState
== SERVICE_STOPPED
) {
1913 /** Handles service control requests, such as stopping or starting the
1916 nt_service_control(DWORD request
)
1918 static struct timeval exit_now
;
1919 exit_now
.tv_sec
= 0;
1920 exit_now
.tv_usec
= 0;
1922 nt_service_loadlibrary();
1925 case SERVICE_CONTROL_STOP
:
1926 case SERVICE_CONTROL_SHUTDOWN
:
1928 "Got stop/shutdown request; shutting down cleanly.");
1929 service_status
.dwCurrentState
= SERVICE_STOP_PENDING
;
1930 event_loopexit(&exit_now
);
1933 service_fns
.SetServiceStatus_fn(hStatus
, &service_status
);
1936 /** Called when the service is started via the system's service control
1937 * manager. This calls tor_init() and starts the main event loop. If
1938 * tor_init() fails, the service will be stopped and exit code set to
1939 * NT_SERVICE_ERROR_TORINIT_FAILED. */
1941 nt_service_body(int argc
, char **argv
)
1944 (void) argc
; /* unused */
1945 (void) argv
; /* unused */
1946 nt_service_loadlibrary();
1947 service_status
.dwServiceType
= SERVICE_WIN32_OWN_PROCESS
;
1948 service_status
.dwCurrentState
= SERVICE_START_PENDING
;
1949 service_status
.dwControlsAccepted
=
1950 SERVICE_ACCEPT_STOP
| SERVICE_ACCEPT_SHUTDOWN
;
1951 service_status
.dwWin32ExitCode
= 0;
1952 service_status
.dwServiceSpecificExitCode
= 0;
1953 service_status
.dwCheckPoint
= 0;
1954 service_status
.dwWaitHint
= 1000;
1955 hStatus
= service_fns
.RegisterServiceCtrlHandlerA_fn(GENSRV_SERVICENAME
,
1956 (LPHANDLER_FUNCTION
) nt_service_control
);
1959 /* Failed to register the service control handler function */
1963 r
= tor_init(backup_argc
, backup_argv
);
1965 /* Failed to start the Tor service */
1966 r
= NT_SERVICE_ERROR_TORINIT_FAILED
;
1967 service_status
.dwCurrentState
= SERVICE_STOPPED
;
1968 service_status
.dwWin32ExitCode
= r
;
1969 service_status
.dwServiceSpecificExitCode
= r
;
1970 service_fns
.SetServiceStatus_fn(hStatus
, &service_status
);
1974 /* Set the service's status to SERVICE_RUNNING and start the main
1976 service_status
.dwCurrentState
= SERVICE_RUNNING
;
1977 service_fns
.SetServiceStatus_fn(hStatus
, &service_status
);
1982 /** Main service entry point. Starts the service control dispatcher and waits
1983 * until the service status is set to SERVICE_STOPPED. */
1985 nt_service_main(void)
1987 SERVICE_TABLE_ENTRY table
[2];
1990 nt_service_loadlibrary();
1991 table
[0].lpServiceName
= (char*)GENSRV_SERVICENAME
;
1992 table
[0].lpServiceProc
= (LPSERVICE_MAIN_FUNCTION
)nt_service_body
;
1993 table
[1].lpServiceName
= NULL
;
1994 table
[1].lpServiceProc
= NULL
;
1996 if (!service_fns
.StartServiceCtrlDispatcherA_fn(table
)) {
1997 result
= GetLastError();
1998 errmsg
= nt_strerror(result
);
1999 printf("Service error %d : %s\n", (int) result
, errmsg
);
2001 if (result
== ERROR_FAILED_SERVICE_CONTROLLER_CONNECT
) {
2002 if (tor_init(backup_argc
, backup_argv
) < 0)
2004 switch (get_options()->command
) {
2008 case CMD_LIST_FINGERPRINT
:
2009 do_list_fingerprint();
2011 case CMD_HASH_PASSWORD
:
2014 case CMD_VERIFY_CONFIG
:
2015 printf("Configuration was valid\n");
2017 case CMD_RUN_UNITTESTS
:
2019 log_err(LD_CONFIG
, "Illegal command number %d: internal error.",
2020 get_options()->command
);
2027 /** Return a handle to the service control manager on success, or NULL on
2030 nt_service_open_scm(void)
2032 SC_HANDLE hSCManager
;
2033 char *errmsg
= NULL
;
2035 nt_service_loadlibrary();
2036 if ((hSCManager
= service_fns
.OpenSCManagerA_fn(
2037 NULL
, NULL
, SC_MANAGER_CREATE_SERVICE
)) == NULL
) {
2038 errmsg
= nt_strerror(GetLastError());
2039 printf("OpenSCManager() failed : %s\n", errmsg
);
2045 /** Open a handle to the Tor service using <b>hSCManager</b>. Return NULL
2048 nt_service_open(SC_HANDLE hSCManager
)
2051 char *errmsg
= NULL
;
2052 nt_service_loadlibrary();
2053 if ((hService
= service_fns
.OpenServiceA_fn(hSCManager
, GENSRV_SERVICENAME
,
2054 SERVICE_ALL_ACCESS
)) == NULL
) {
2055 errmsg
= nt_strerror(GetLastError());
2056 printf("OpenService() failed : %s\n", errmsg
);
2062 /** Start the Tor service. Return 0 if the service is started or was
2063 * previously running. Return -1 on error. */
2065 nt_service_start(SC_HANDLE hService
)
2067 char *errmsg
= NULL
;
2069 nt_service_loadlibrary();
2071 service_fns
.QueryServiceStatus_fn(hService
, &service_status
);
2072 if (service_status
.dwCurrentState
== SERVICE_RUNNING
) {
2073 printf("Service is already running\n");
2077 if (service_fns
.StartServiceA_fn(hService
, 0, NULL
)) {
2078 /* Loop until the service has finished attempting to start */
2079 while (service_fns
.QueryServiceStatus_fn(hService
, &service_status
) &&
2080 (service_status
.dwCurrentState
== SERVICE_START_PENDING
)) {
2084 /* Check if it started successfully or not */
2085 if (service_status
.dwCurrentState
== SERVICE_RUNNING
) {
2086 printf("Service started successfully\n");
2089 errmsg
= nt_strerror(service_status
.dwWin32ExitCode
);
2090 printf("Service failed to start : %s\n", errmsg
);
2094 errmsg
= nt_strerror(GetLastError());
2095 printf("StartService() failed : %s\n", errmsg
);
2101 /** Stop the Tor service. Return 0 if the service is stopped or was not
2102 * previously running. Return -1 on error. */
2104 nt_service_stop(SC_HANDLE hService
)
2106 /** Wait at most 10 seconds for the service to stop. */
2107 #define MAX_SERVICE_WAIT_TIME 10
2109 char *errmsg
= NULL
;
2110 nt_service_loadlibrary();
2112 service_fns
.QueryServiceStatus_fn(hService
, &service_status
);
2113 if (service_status
.dwCurrentState
== SERVICE_STOPPED
) {
2114 printf("Service is already stopped\n");
2118 if (service_fns
.ControlService_fn(hService
, SERVICE_CONTROL_STOP
,
2121 while (service_fns
.QueryServiceStatus_fn(hService
, &service_status
) &&
2122 (service_status
.dwCurrentState
!= SERVICE_STOPPED
) &&
2123 (wait_time
< MAX_SERVICE_WAIT_TIME
)) {
2127 if (service_status
.dwCurrentState
== SERVICE_STOPPED
) {
2128 printf("Service stopped successfully\n");
2130 } else if (wait_time
== MAX_SERVICE_WAIT_TIME
) {
2131 printf("Service did not stop within %d seconds.\n", wait_time
);
2133 errmsg
= nt_strerror(GetLastError());
2134 printf("QueryServiceStatus() failed : %s\n",errmsg
);
2138 errmsg
= nt_strerror(GetLastError());
2139 printf("ControlService() failed : %s\n", errmsg
);
2145 /** Build a formatted command line used for the NT service. Return a
2146 * pointer to the formatted string on success, or NULL on failure. Set
2147 * *<b>using_default_torrc</b> to true if we're going to use the default
2148 * location to torrc, or 1 if an option was specified on the command line.
2151 nt_service_command_line(int *using_default_torrc
)
2153 TCHAR tor_exe
[MAX_PATH
+1];
2154 char *command
, *options
=NULL
;
2157 *using_default_torrc
= 1;
2159 /* Get the location of tor.exe */
2160 if (0 == GetModuleFileName(NULL
, tor_exe
, MAX_PATH
))
2163 /* Get the service arguments */
2164 sl
= smartlist_create();
2165 for (i
= 1; i
< backup_argc
; ++i
) {
2166 if (!strcmp(backup_argv
[i
], "--options") ||
2167 !strcmp(backup_argv
[i
], "-options")) {
2168 while (++i
< backup_argc
) {
2169 if (!strcmp(backup_argv
[i
], "-f"))
2170 *using_default_torrc
= 0;
2171 smartlist_add(sl
, backup_argv
[i
]);
2175 if (smartlist_len(sl
))
2176 options
= smartlist_join_strings(sl
,"\" \"",0,NULL
);
2179 /* Allocate a string for the NT service command line */
2180 cmdlen
= strlen(tor_exe
) + (options
?strlen(options
):0) + 32;
2181 command
= tor_malloc(cmdlen
);
2183 /* Format the service command */
2185 if (tor_snprintf(command
, cmdlen
, "\"%s\" --nt-service \"%s\"",
2186 tor_exe
, options
)<0) {
2187 tor_free(command
); /* sets command to NULL. */
2189 } else { /* ! options */
2190 if (tor_snprintf(command
, cmdlen
, "\"%s\" --nt-service", tor_exe
)<0) {
2191 tor_free(command
); /* sets command to NULL. */
2199 /** Creates a Tor NT service, set to start on boot. The service will be
2200 * started if installation succeeds. Returns 0 on success, or -1 on
2203 nt_service_install(int argc
, char **argv
)
2205 /* Notes about developing NT services:
2207 * 1. Don't count on your CWD. If an absolute path is not given, the
2208 * fopen() function goes wrong.
2209 * 2. The parameters given to the nt_service_body() function differ
2210 * from those given to main() function.
2213 SC_HANDLE hSCManager
= NULL
;
2214 SC_HANDLE hService
= NULL
;
2215 SERVICE_DESCRIPTION sdBuff
;
2218 const char *user_acct
= GENSRV_USERACCT
;
2219 const char *password
= "";
2221 OSVERSIONINFOEX info
;
2222 SID_NAME_USE sidUse
;
2223 DWORD sidLen
= 0, domainLen
= 0;
2224 int is_win2k_or_worse
= 0;
2225 int using_default_torrc
= 0;
2227 nt_service_loadlibrary();
2229 /* Open the service control manager so we can create a new service */
2230 if ((hSCManager
= nt_service_open_scm()) == NULL
)
2232 /* Build the command line used for the service */
2233 if ((command
= nt_service_command_line(&using_default_torrc
)) == NULL
) {
2234 printf("Unable to build service command line.\n");
2235 service_fns
.CloseServiceHandle_fn(hSCManager
);
2239 for (i
=1; i
< argc
; ++i
) {
2240 if (!strcmp(argv
[i
], "--user") && i
+1<argc
) {
2241 user_acct
= argv
[i
+1];
2244 if (!strcmp(argv
[i
], "--password") && i
+1<argc
) {
2245 password
= argv
[i
+1];
2250 /* Compute our version and see whether we're running win2k or earlier. */
2251 memset(&info
, 0, sizeof(info
));
2252 info
.dwOSVersionInfoSize
= sizeof(info
);
2253 if (! GetVersionEx((LPOSVERSIONINFO
)&info
)) {
2254 printf("Call to GetVersionEx failed.\n");
2255 is_win2k_or_worse
= 1;
2257 if (info
.dwMajorVersion
< 5 ||
2258 (info
.dwMajorVersion
== 5 && info
.dwMinorVersion
== 0))
2259 is_win2k_or_worse
= 1;
2262 if (user_acct
== GENSRV_USERACCT
) {
2263 if (is_win2k_or_worse
) {
2264 /* On Win2k, there is no LocalService account, so we actually need to
2265 * fall back on NULL (the system account). */
2266 printf("Running on Win2K or earlier, so the LocalService account "
2267 "doesn't exist. Falling back to SYSTEM account.\n");
2270 /* Genericity is apparently _so_ last year in Redmond, where some
2271 * accounts are accounts that you can look up, and some accounts
2272 * are magic and undetectable via the security subsystem. See
2273 * http://msdn2.microsoft.com/en-us/library/ms684188.aspx
2275 printf("Running on a Post-Win2K OS, so we'll assume that the "
2276 "LocalService account exists.\n");
2278 } else if (0 && service_fns
.LookupAccountNameA_fn(NULL
, // On this system
2280 NULL
, &sidLen
, // Don't care about the SID
2281 NULL
, &domainLen
, // Don't care about the domain
2283 /* XXXX For some reason, the above test segfaults. Fix that. */
2284 printf("User \"%s\" doesn't seem to exist.\n", user_acct
);
2287 printf("Will try to install service as user \"%s\".\n", user_acct
);
2289 /* XXXX This warning could be better about explaining how to resolve the
2291 if (using_default_torrc
)
2292 printf("IMPORTANT NOTE:\n"
2293 " The Tor service will run under the account \"%s\". This means\n"
2294 " that Tor will look for its configuration file under that\n"
2295 " account's Application Data directory, which is probably not\n"
2296 " the same as yours.\n", user_acct
?user_acct
:"<local system>");
2298 /* Create the Tor service, set to auto-start on boot */
2299 if ((hService
= service_fns
.CreateServiceA_fn(hSCManager
, GENSRV_SERVICENAME
,
2301 SERVICE_ALL_ACCESS
, SERVICE_WIN32_OWN_PROCESS
,
2302 SERVICE_AUTO_START
, SERVICE_ERROR_IGNORE
,
2303 command
, NULL
, NULL
, NULL
,
2304 user_acct
, password
)) == NULL
) {
2305 errmsg
= nt_strerror(GetLastError());
2306 printf("CreateService() failed : %s\n", errmsg
);
2307 service_fns
.CloseServiceHandle_fn(hSCManager
);
2312 printf("Done with CreateService.\n");
2314 /* Set the service's description */
2315 sdBuff
.lpDescription
= (char*)GENSRV_DESCRIPTION
;
2316 service_fns
.ChangeServiceConfig2A_fn(hService
, SERVICE_CONFIG_DESCRIPTION
,
2318 printf("Service installed successfully\n");
2320 /* Start the service initially */
2321 nt_service_start(hService
);
2323 service_fns
.CloseServiceHandle_fn(hService
);
2324 service_fns
.CloseServiceHandle_fn(hSCManager
);
2330 /** Removes the Tor NT service. Returns 0 if the service was successfully
2331 * removed, or -1 on error. */
2333 nt_service_remove(void)
2335 SC_HANDLE hSCManager
= NULL
;
2336 SC_HANDLE hService
= NULL
;
2339 nt_service_loadlibrary();
2340 if ((hSCManager
= nt_service_open_scm()) == NULL
)
2342 if ((hService
= nt_service_open(hSCManager
)) == NULL
) {
2343 service_fns
.CloseServiceHandle_fn(hSCManager
);
2347 nt_service_stop(hService
);
2348 if (service_fns
.DeleteService_fn(hService
) == FALSE
) {
2349 errmsg
= nt_strerror(GetLastError());
2350 printf("DeleteService() failed : %s\n", errmsg
);
2352 service_fns
.CloseServiceHandle_fn(hService
);
2353 service_fns
.CloseServiceHandle_fn(hSCManager
);
2357 service_fns
.CloseServiceHandle_fn(hService
);
2358 service_fns
.CloseServiceHandle_fn(hSCManager
);
2359 printf("Service removed successfully\n");
2364 /** Starts the Tor service. Returns 0 on success, or -1 on error. */
2366 nt_service_cmd_start(void)
2368 SC_HANDLE hSCManager
;
2372 if ((hSCManager
= nt_service_open_scm()) == NULL
)
2374 if ((hService
= nt_service_open(hSCManager
)) == NULL
) {
2375 service_fns
.CloseServiceHandle_fn(hSCManager
);
2379 start
= nt_service_start(hService
);
2380 service_fns
.CloseServiceHandle_fn(hService
);
2381 service_fns
.CloseServiceHandle_fn(hSCManager
);
2386 /** Stops the Tor service. Returns 0 on success, or -1 on error. */
2388 nt_service_cmd_stop(void)
2390 SC_HANDLE hSCManager
;
2394 if ((hSCManager
= nt_service_open_scm()) == NULL
)
2396 if ((hService
= nt_service_open(hSCManager
)) == NULL
) {
2397 service_fns
.CloseServiceHandle_fn(hSCManager
);
2401 stop
= nt_service_stop(hService
);
2402 service_fns
.CloseServiceHandle_fn(hService
);
2403 service_fns
.CloseServiceHandle_fn(hSCManager
);
2408 /** Given a Win32 error code, this attempts to make Windows
2409 * return a human-readable error message. The char* returned
2410 * is allocated by Windows, but should be freed with LocalFree()
2411 * when finished with it. */
2413 nt_strerror(uint32_t errnum
)
2416 FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER
| FORMAT_MESSAGE_FROM_SYSTEM
,
2417 NULL
, errnum
, MAKELANGID(LANG_NEUTRAL
, SUBLANG_DEFAULT
),
2418 (LPSTR
)&msgbuf
, 0, NULL
);
2424 #include <openssl/crypto.h>
2426 _tor_dmalloc_free(void *p
)
2432 /** Main entry point for the Tor process. Called from main(). */
2433 /* This function is distinct from main() only so we can link main.c into
2434 * the unittest binary without conflicting with the unittests' main. */
2436 tor_main(int argc
, char *argv
[])
2440 int r
= CRYPTO_set_mem_ex_functions(_tor_malloc
, _tor_realloc
,
2442 log_notice(LD_CONFIG
, "Set up dmalloc; returned %d", r
);
2444 #ifdef MS_WINDOWS_SERVICE
2448 (!strcmp(argv
[1], "-service") || !strcmp(argv
[1], "--service"))) {
2449 nt_service_loadlibrary();
2450 if (!strcmp(argv
[2], "install"))
2451 return nt_service_install(argc
, argv
);
2452 if (!strcmp(argv
[2], "remove"))
2453 return nt_service_remove();
2454 if (!strcmp(argv
[2], "start"))
2455 return nt_service_cmd_start();
2456 if (!strcmp(argv
[2], "stop"))
2457 return nt_service_cmd_stop();
2458 printf("Unrecognized service command '%s'\n", argv
[2]);
2462 if (!strcmp(argv
[1], "-nt-service") || !strcmp(argv
[1], "--nt-service")) {
2463 nt_service_loadlibrary();
2467 // These values have been deprecated since 0.1.1.2-alpha; we've warned
2468 // about them since 0.1.2.7-alpha.
2469 if (!strcmp(argv
[1], "-install") || !strcmp(argv
[1], "--install")) {
2470 nt_service_loadlibrary();
2472 "The %s option is deprecated; use \"--service install\" instead.",
2474 return nt_service_install(argc
, argv
);
2476 if (!strcmp(argv
[1], "-remove") || !strcmp(argv
[1], "--remove")) {
2477 nt_service_loadlibrary();
2479 "The %s option is deprecated; use \"--service remove\" instead.",
2481 return nt_service_remove();
2485 if (tor_init(argc
, argv
)<0)
2487 switch (get_options()->command
) {
2489 #ifdef MS_WINDOWS_SERVICE
2490 service_status
.dwCurrentState
= SERVICE_RUNNING
;
2492 result
= do_main_loop();
2494 case CMD_LIST_FINGERPRINT
:
2495 result
= do_list_fingerprint();
2497 case CMD_HASH_PASSWORD
:
2501 case CMD_VERIFY_CONFIG
:
2502 printf("Configuration was valid\n");
2505 case CMD_RUN_UNITTESTS
: /* only set by test.c */
2507 log_warn(LD_BUG
,"Illegal command number %d: internal error.",
2508 get_options()->command
);