1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "connection.h"
11 #include "connection_or.h"
13 #include "directory.h"
16 #include "hibernate.h"
17 #include "microdesc.h"
18 #include "networkstatus.h"
23 #include "routerlist.h"
24 #include "routerparse.h"
28 * \brief Directory server core implementation. Manages directory
29 * contents and generates directories.
32 /** How far in the future do we allow a router to get? (seconds) */
33 #define ROUTER_ALLOW_SKEW (60*60*12)
34 /** How many seconds do we wait before regenerating the directory? */
35 #define DIR_REGEN_SLACK_TIME 30
36 /** If we're a cache, keep this many networkstatuses around from non-trusted
37 * directory authorities. */
38 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
40 /** If a v1 directory is older than this, discard it. */
41 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
42 /** If a v1 running-routers is older than this, discard it. */
43 #define MAX_V1_RR_AGE (7*24*60*60)
45 extern time_t time_of_process_start
; /* from main.c */
47 extern long stats_n_seconds_working
; /* from main.c */
49 /** Do we need to regenerate the v1 directory when someone asks for it? */
50 static time_t the_directory_is_dirty
= 1;
51 /** Do we need to regenerate the v1 runningrouters document when somebody
53 static time_t runningrouters_is_dirty
= 1;
54 /** Do we need to regenerate our v2 networkstatus document when somebody asks
56 static time_t the_v2_networkstatus_is_dirty
= 1;
58 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
60 static cached_dir_t
*the_directory
= NULL
;
62 /** For authoritative directories: the current (v1) network status. */
63 static cached_dir_t the_runningrouters
;
65 static void directory_remove_invalid(void);
66 static cached_dir_t
*dirserv_regenerate_directory(void);
67 static char *format_versions_list(config_line_t
*ln
);
68 struct authdir_config_t
;
69 static int add_fingerprint_to_dir(const char *nickname
, const char *fp
,
70 struct authdir_config_t
*list
);
72 dirserv_get_status_impl(const char *fp
, const char *nickname
,
74 uint32_t addr
, uint16_t or_port
,
75 const char *platform
, const char *contact
,
76 const char **msg
, int should_log
);
77 static void clear_cached_dir(cached_dir_t
*d
);
78 static const signed_descriptor_t
*get_signed_descriptor_by_fp(
81 time_t publish_cutoff
);
82 static int dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
);
84 /************** Measured Bandwidth parsing code ******/
85 #define MAX_MEASUREMENT_AGE (3*24*60*60) /* 3 days */
87 /************** Fingerprint handling code ************/
89 #define FP_NAMED 1 /**< Listed in fingerprint file. */
90 #define FP_INVALID 2 /**< Believed invalid. */
91 #define FP_REJECT 4 /**< We will not publish this router. */
92 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
93 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
94 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
96 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
98 typedef struct router_status_t
{
99 char nickname
[MAX_NICKNAME_LEN
+1];
103 /** List of nickname-\>identity fingerprint mappings for all the routers
104 * that we name. Used to prevent router impersonation. */
105 typedef struct authdir_config_t
{
106 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
107 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
110 /** Should be static; exposed for testing. */
111 static authdir_config_t
*fingerprint_list
= NULL
;
113 /** Allocate and return a new, empty, authdir_config_t. */
114 static authdir_config_t
*
115 authdir_config_new(void)
117 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
118 list
->fp_by_name
= strmap_new();
119 list
->status_by_digest
= digestmap_new();
123 /** Add the fingerprint <b>fp</b> for <b>nickname</b> to
124 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
125 * new, or 1 if we replaced the old value.
128 add_fingerprint_to_dir(const char *nickname
, const char *fp
,
129 authdir_config_t
*list
)
133 router_status_t
*status
;
134 tor_assert(nickname
);
138 fingerprint
= tor_strdup(fp
);
139 tor_strstrip(fingerprint
, " ");
140 if (base16_decode(d
, DIGEST_LEN
, fingerprint
, strlen(fingerprint
))) {
141 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
143 tor_free(fingerprint
);
147 if (!strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
148 log_warn(LD_DIRSERV
, "Tried to add a mapping for reserved nickname %s",
149 UNNAMED_ROUTER_NICKNAME
);
150 tor_free(fingerprint
);
154 status
= digestmap_get(list
->status_by_digest
, d
);
156 status
= tor_malloc_zero(sizeof(router_status_t
));
157 digestmap_set(list
->status_by_digest
, d
, status
);
160 if (nickname
[0] != '!') {
161 char *old_fp
= strmap_get_lc(list
->fp_by_name
, nickname
);
162 if (old_fp
&& !strcasecmp(fingerprint
, old_fp
)) {
163 tor_free(fingerprint
);
166 strmap_set_lc(list
->fp_by_name
, nickname
, fingerprint
);
168 status
->status
|= FP_NAMED
;
169 strlcpy(status
->nickname
, nickname
, sizeof(status
->nickname
));
171 tor_free(fingerprint
);
172 if (!strcasecmp(nickname
, "!reject")) {
173 status
->status
|= FP_REJECT
;
174 } else if (!strcasecmp(nickname
, "!invalid")) {
175 status
->status
|= FP_INVALID
;
176 } else if (!strcasecmp(nickname
, "!baddir")) {
177 status
->status
|= FP_BADDIR
;
178 } else if (!strcasecmp(nickname
, "!badexit")) {
179 status
->status
|= FP_BADEXIT
;
185 /** Add the nickname and fingerprint for this OR to the
186 * global list of recognized identity key fingerprints. */
188 dirserv_add_own_fingerprint(const char *nickname
, crypto_pk_env_t
*pk
)
190 char fp
[FINGERPRINT_LEN
+1];
191 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
192 log_err(LD_BUG
, "Error computing fingerprint");
195 if (!fingerprint_list
)
196 fingerprint_list
= authdir_config_new();
197 add_fingerprint_to_dir(nickname
, fp
, fingerprint_list
);
201 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
202 * file. The file format is line-based, with each non-blank holding one
203 * nickname, some space, and a fingerprint for that nickname. On success,
204 * replace the current fingerprint list with the new list and return 0. On
205 * failure, leave the current fingerprint list untouched, and return -1. */
207 dirserv_load_fingerprint_file(void)
211 char *nickname
, *fingerprint
;
212 authdir_config_t
*fingerprint_list_new
;
214 config_line_t
*front
=NULL
, *list
;
215 const or_options_t
*options
= get_options();
217 fname
= get_datadir_fname("approved-routers");
219 "Reloading approved fingerprints from \"%s\"...", fname
);
221 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
223 if (options
->NamingAuthoritativeDir
) {
224 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. Failing.", fname
);
228 log_info(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
235 result
= config_get_lines(cf
, &front
);
238 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
242 fingerprint_list_new
= authdir_config_new();
244 for (list
=front
; list
; list
=list
->next
) {
245 char digest_tmp
[DIGEST_LEN
];
246 nickname
= list
->key
; fingerprint
= list
->value
;
247 if (strlen(nickname
) > MAX_NICKNAME_LEN
) {
248 log_notice(LD_CONFIG
,
249 "Nickname '%s' too long in fingerprint file. Skipping.",
253 if (!is_legal_nickname(nickname
) &&
254 strcasecmp(nickname
, "!reject") &&
255 strcasecmp(nickname
, "!invalid") &&
256 strcasecmp(nickname
, "!badexit")) {
257 log_notice(LD_CONFIG
,
258 "Invalid nickname '%s' in fingerprint file. Skipping.",
262 tor_strstrip(fingerprint
, " "); /* remove spaces */
263 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
264 base16_decode(digest_tmp
, sizeof(digest_tmp
),
265 fingerprint
, HEX_DIGEST_LEN
) < 0) {
266 log_notice(LD_CONFIG
,
267 "Invalid fingerprint (nickname '%s', "
268 "fingerprint %s). Skipping.",
269 nickname
, fingerprint
);
272 if (0==strcasecmp(nickname
, DEFAULT_CLIENT_NICKNAME
)) {
273 /* If you approved an OR called "client", then clients who use
274 * the default nickname could all be rejected. That's no good. */
275 log_notice(LD_CONFIG
,
276 "Authorizing nickname '%s' would break "
277 "many clients; skipping.",
278 DEFAULT_CLIENT_NICKNAME
);
281 if (0==strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
282 /* If you approved an OR called "unnamed", then clients will be
284 log_notice(LD_CONFIG
,
285 "Authorizing nickname '%s' is not allowed; skipping.",
286 UNNAMED_ROUTER_NICKNAME
);
289 if (add_fingerprint_to_dir(nickname
, fingerprint
, fingerprint_list_new
)
291 log_notice(LD_CONFIG
, "Duplicate nickname '%s'.", nickname
);
294 config_free_lines(front
);
295 dirserv_free_fingerprint_list();
296 fingerprint_list
= fingerprint_list_new
;
297 /* Delete any routers whose fingerprints we no longer recognize */
298 directory_remove_invalid();
302 /** Check whether <b>router</b> has a nickname/identity key combination that
303 * we recognize from the fingerprint list, or an IP we automatically act on
304 * according to our configuration. Return the appropriate router status.
306 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
307 * *<b>msg</b> to an explanation of why. */
309 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
)
313 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
314 log_warn(LD_BUG
,"Error computing fingerprint");
316 *msg
= "Bug: Error computing fingerprint";
320 return dirserv_get_status_impl(d
, router
->nickname
,
322 router
->addr
, router
->or_port
,
323 router
->platform
, router
->contact_info
,
327 /** Return true if there is no point in downloading the router described by
328 * <b>rs</b> because this directory would reject it. */
330 dirserv_would_reject_router(const routerstatus_t
*rs
)
334 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
335 "", /* address is only used in logs */
336 rs
->addr
, rs
->or_port
,
340 return (res
& FP_REJECT
) != 0;
343 /** Helper: Based only on the ID/Nickname combination,
344 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
347 dirserv_get_name_status(const char *id_digest
, const char *nickname
)
349 char fp
[HEX_DIGEST_LEN
+1];
352 base16_encode(fp
, sizeof(fp
), id_digest
, DIGEST_LEN
);
355 strmap_get_lc(fingerprint_list
->fp_by_name
, nickname
))) {
356 if (!strcasecmp(fp
, fp_by_name
)) {
359 return FP_UNNAMED
; /* Wrong fingerprint. */
365 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
366 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
367 * port, platform (logging only) and contact info (logging only) as arguments.
369 * If should_log is false, do not log messages. (There's not much point in
370 * logging that we're rejecting servers we'll not download.)
373 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
375 uint32_t addr
, uint16_t or_port
,
376 const char *platform
, const char *contact
,
377 const char **msg
, int should_log
)
379 int reject_unlisted
= get_options()->AuthDirRejectUnlisted
;
381 router_status_t
*status_by_digest
;
383 if (!fingerprint_list
)
384 fingerprint_list
= authdir_config_new();
387 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
388 strmap_size(fingerprint_list
->fp_by_name
),
389 digestmap_size(fingerprint_list
->status_by_digest
));
391 /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
392 * directory information. Once more of them die off, we should raise this
394 if (platform
&& !tor_version_as_new_as(platform
,"0.2.0.26-rc")) {
396 *msg
= "Tor version is far too old to work.";
398 } else if (platform
&& tor_version_as_new_as(platform
,"0.2.1.3-alpha")
399 && !tor_version_as_new_as(platform
, "0.2.1.19")) {
400 /* These versions mishandled RELAY_EARLY cells on rend circuits. */
402 *msg
= "Tor version is too buggy to work.";
406 result
= dirserv_get_name_status(id_digest
, nickname
);
407 if (result
& FP_NAMED
) {
409 log_debug(LD_DIRSERV
,"Good fingerprint for '%s'",nickname
);
411 if (result
& FP_UNNAMED
) {
413 char *esc_contact
= esc_for_log(contact
);
415 "Mismatched fingerprint for '%s'. "
416 "ContactInfo '%s', platform '%s'.)",
419 platform
? escaped(platform
) : "");
420 tor_free(esc_contact
);
423 *msg
= "Rejected: There is already a named server with this nickname "
424 "and a different fingerprint.";
427 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
429 if (status_by_digest
)
430 result
|= (status_by_digest
->status
& ~FP_NAMED
);
432 if (result
& FP_REJECT
) {
434 *msg
= "Fingerprint is marked rejected";
436 } else if (result
& FP_INVALID
) {
438 *msg
= "Fingerprint is marked invalid";
441 if (authdir_policy_baddir_address(addr
, or_port
)) {
444 "Marking '%s' as bad directory because of address '%s'",
449 if (authdir_policy_badexit_address(addr
, or_port
)) {
451 log_info(LD_DIRSERV
, "Marking '%s' as bad exit because of address '%s'",
453 result
|= FP_BADEXIT
;
456 if (!(result
& FP_NAMED
)) {
457 if (!authdir_policy_permits_address(addr
, or_port
)) {
459 log_info(LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
462 *msg
= "Authdir is rejecting routers in this range.";
465 if (!authdir_policy_valid_address(addr
, or_port
)) {
467 log_info(LD_DIRSERV
, "Not marking '%s' valid because of address '%s'",
469 result
|= FP_INVALID
;
471 if (reject_unlisted
) {
473 *msg
= "Authdir rejects unknown routers.";
481 /** If we are an authoritative dirserver, and the list of approved
482 * servers contains one whose identity key digest is <b>digest</b>,
483 * return that router's nickname. Otherwise return NULL. */
485 dirserv_get_nickname_by_digest(const char *digest
)
487 router_status_t
*status
;
488 if (!fingerprint_list
)
492 status
= digestmap_get(fingerprint_list
->status_by_digest
, digest
);
493 return status
? status
->nickname
: NULL
;
496 /** Clear the current fingerprint list. */
498 dirserv_free_fingerprint_list(void)
500 if (!fingerprint_list
)
503 strmap_free(fingerprint_list
->fp_by_name
, _tor_free
);
504 digestmap_free(fingerprint_list
->status_by_digest
, _tor_free
);
505 tor_free(fingerprint_list
);
512 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
513 * unless we're configured to not care. Return 0 if all ok. */
515 dirserv_router_has_valid_address(routerinfo_t
*ri
)
517 struct in_addr iaddr
;
518 if (get_options()->DirAllowPrivateAddresses
)
519 return 0; /* whatever it is, we're fine with it */
520 if (!tor_inet_aton(ri
->address
, &iaddr
)) {
521 log_info(LD_DIRSERV
,"Router %s published non-IP address '%s'. Refusing.",
526 if (is_internal_IP(ntohl(iaddr
.s_addr
), 0)) {
528 "Router %s published internal IP address '%s'. Refusing.",
529 router_describe(ri
), ri
->address
);
530 return -1; /* it's a private IP, we should reject it */
535 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
536 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
538 * If the router is rejected, set *<b>msg</b> to an explanation of why.
540 * If <b>complain</b> then explain at log-level 'notice' why we refused
541 * a descriptor; else explain at log-level 'info'.
544 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
545 int complain
, int *valid_out
)
547 /* Okay. Now check whether the fingerprint is recognized. */
548 uint32_t status
= dirserv_router_get_status(ri
, msg
);
550 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
552 if (status
& FP_REJECT
)
553 return -1; /* msg is already set. */
555 /* Is there too much clock skew? */
557 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
558 log_fn(severity
, LD_DIRSERV
, "Publication time for %s is too "
559 "far (%d minutes) in the future; possible clock skew. Not adding "
562 (int)((ri
->cache_info
.published_on
-now
)/60),
563 esc_router_info(ri
));
564 *msg
= "Rejected: Your clock is set too far in the future, or your "
565 "timezone is not correct.";
568 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
569 log_fn(severity
, LD_DIRSERV
,
570 "Publication time for %s is too far "
571 "(%d minutes) in the past. Not adding (%s)",
573 (int)((now
-ri
->cache_info
.published_on
)/60),
574 esc_router_info(ri
));
575 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
576 " or your timezone is not correct.";
579 if (dirserv_router_has_valid_address(ri
) < 0) {
580 log_fn(severity
, LD_DIRSERV
,
581 "Router %s has invalid address '%s'. "
585 esc_router_info(ri
));
586 *msg
= "Rejected: Address is not an IP, or IP is a private address.";
590 *valid_out
= ! (status
& FP_INVALID
);
595 /** Update the relevant flags of <b>node</b> based on our opinion as a
596 * directory authority in <b>authstatus</b>, as returned by
597 * dirserv_router_get_status or equivalent. */
599 dirserv_set_node_flags_from_authoritative_status(node_t
*node
,
602 node
->is_valid
= (authstatus
& FP_INVALID
) ? 0 : 1;
603 node
->is_bad_directory
= (authstatus
& FP_BADDIR
) ? 1 : 0;
604 node
->is_bad_exit
= (authstatus
& FP_BADEXIT
) ? 1 : 0;
607 /** True iff <b>a</b> is more severe than <b>b</b>. */
609 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
614 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
615 * returns the most severe error that occurred for any one of them. */
617 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
621 was_router_added_t r
, r_tmp
;
626 time_t now
= time(NULL
);
627 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
628 char time_buf
[ISO_TIME_LEN
+1];
629 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
632 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
634 format_iso_time(time_buf
, now
);
635 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
638 "%s%s%s", time_buf
, escaped(source
),
639 !general
? "@purpose " : "",
640 !general
? router_purpose_to_string(purpose
) : "",
641 !general
? "\n" : "")<0) {
642 *msg
= "Couldn't format annotations";
647 list
= smartlist_create();
648 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
650 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
652 tor_assert(ri
->purpose
== purpose
);
653 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
654 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
660 n_parsed
+= smartlist_len(list
);
661 smartlist_clear(list
);
664 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
666 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
669 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
670 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
676 n_parsed
+= smartlist_len(list
);
677 smartlist_free(list
);
681 *msg
= "No descriptors found in your POST.";
682 if (WRA_WAS_ADDED(r
))
683 r
= ROUTER_WAS_NOT_NEW
;
685 *msg
= "(no message)";
692 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
693 * the list of server descriptors. Set *<b>msg</b> to a message that should be
694 * passed back to the origin of this descriptor, or NULL if there is no such
695 * message. Use <b>source</b> to produce better log messages.
697 * Return the status of the operation
699 * This function is only called when fresh descriptors are posted, not when
700 * we re-load the cache.
703 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
705 was_router_added_t r
;
706 routerinfo_t
*ri_old
;
707 char *desc
, *nickname
;
711 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
712 * network and it'll clog everything up. */
713 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
714 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
715 " (source: %s) with size %d. Either this is an attack, or the "
716 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
717 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
718 MAX_DESCRIPTOR_UPLOAD_SIZE
);
719 *msg
= "Router descriptor was too large";
720 control_event_or_authdir_new_descriptor("REJECTED",
721 ri
->cache_info
.signed_descriptor_body
,
722 ri
->cache_info
.signed_descriptor_len
, *msg
);
724 return ROUTER_AUTHDIR_REJECTS
;
727 /* Check whether this descriptor is semantically identical to the last one
728 * from this server. (We do this here and not in router_add_to_routerlist
729 * because we want to be able to accept the newest router descriptor that
730 * another authority has, so we all converge on the same one.) */
731 ri_old
= router_get_mutable_by_digest(ri
->cache_info
.identity_digest
);
732 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
733 && router_differences_are_cosmetic(ri_old
, ri
)
734 && !router_is_me(ri
)) {
736 "Not replacing descriptor from %s (source: %s); "
737 "differences are cosmetic.",
738 router_describe(ri
), source
);
739 *msg
= "Not replacing router descriptor; no information has changed since "
740 "the last one with this identity.";
741 control_event_or_authdir_new_descriptor("DROPPED",
742 ri
->cache_info
.signed_descriptor_body
,
743 ri
->cache_info
.signed_descriptor_len
, *msg
);
745 return ROUTER_WAS_NOT_NEW
;
748 /* Make a copy of desc, since router_add_to_routerlist might free
749 * ri and its associated signed_descriptor_t. */
750 desclen
= ri
->cache_info
.signed_descriptor_len
;
751 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
752 nickname
= tor_strdup(ri
->nickname
);
754 /* Tell if we're about to need to launch a test if we add this. */
755 ri
->needs_retest_if_added
=
756 dirserv_should_launch_reachability_test(ri
, ri_old
);
758 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
759 if (!WRA_WAS_ADDED(r
)) {
760 /* unless the routerinfo was fine, just out-of-date */
761 if (WRA_WAS_REJECTED(r
))
762 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
764 "Did not add descriptor from '%s' (source: %s): %s.",
765 nickname
, source
, *msg
? *msg
: "(no message)");
767 smartlist_t
*changed
;
768 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
770 changed
= smartlist_create();
771 smartlist_add(changed
, ri
);
772 routerlist_descriptors_added(changed
, 0);
773 smartlist_free(changed
);
775 *msg
= "Descriptor accepted";
778 "Added descriptor from '%s' (source: %s): %s.",
779 nickname
, source
, *msg
);
786 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
787 static was_router_added_t
788 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
790 const routerinfo_t
*ri
;
795 ri
= router_get_by_id_digest(ei
->cache_info
.identity_digest
);
797 *msg
= "No corresponding router descriptor for extra-info descriptor";
799 return ROUTER_BAD_EI
;
802 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
803 * network and it'll clog everything up. */
804 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
805 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
806 "with size %d. Either this is an attack, or the "
807 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
808 (int)ei
->cache_info
.signed_descriptor_len
,
809 MAX_EXTRAINFO_UPLOAD_SIZE
);
810 *msg
= "Extrainfo document was too large";
812 return ROUTER_BAD_EI
;
815 if ((r
= routerinfo_incompatible_with_extrainfo(ri
, ei
, NULL
, msg
))) {
817 return r
< 0 ? ROUTER_WAS_NOT_NEW
: ROUTER_BAD_EI
;
819 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
820 return ROUTER_ADDED_SUCCESSFULLY
;
823 /** Remove all descriptors whose nicknames or fingerprints no longer
824 * are allowed by our fingerprint list. (Descriptors that used to be
825 * good can become bad when we reload the fingerprint list.)
828 directory_remove_invalid(void)
831 routerlist_t
*rl
= router_get_routerlist();
832 smartlist_t
*nodes
= smartlist_create();
833 smartlist_add_all(nodes
, nodelist_get_list());
835 SMARTLIST_FOREACH_BEGIN(nodes
, node_t
*, node
) {
837 routerinfo_t
*ent
= node
->ri
;
838 char description
[NODE_DESC_BUF_LEN
];
842 r
= dirserv_router_get_status(ent
, &msg
);
843 router_get_description(description
, ent
);
845 log_info(LD_DIRSERV
, "Router %s is now rejected: %s",
846 description
, msg
?msg
:"");
847 routerlist_remove(rl
, ent
, 0, time(NULL
));
852 if (bool_neq((r
& FP_NAMED
), ent
->auth_says_is_named
)) {
854 "Router %s is now %snamed.", description
,
855 (r
&FP_NAMED
)?"":"un");
856 ent
->is_named
= (r
&FP_NAMED
)?1:0;
859 if (bool_neq((r
& FP_UNNAMED
), ent
->auth_says_is_unnamed
)) {
861 "Router '%s' is now %snamed. (FP_UNNAMED)", description
,
862 (r
&FP_NAMED
)?"":"un");
863 ent
->is_named
= (r
&FP_NUNAMED
)?0:1;
867 if (bool_neq((r
& FP_INVALID
), !node
->is_valid
)) {
868 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", description
,
869 (r
&FP_INVALID
) ? "in" : "");
870 node
->is_valid
= (r
&FP_INVALID
)?0:1;
873 if (bool_neq((r
& FP_BADDIR
), node
->is_bad_directory
)) {
874 log_info(LD_DIRSERV
, "Router '%s' is now a %s directory", description
,
875 (r
& FP_BADDIR
) ? "bad" : "good");
876 node
->is_bad_directory
= (r
&FP_BADDIR
) ? 1: 0;
879 if (bool_neq((r
& FP_BADEXIT
), node
->is_bad_exit
)) {
880 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", description
,
881 (r
& FP_BADEXIT
) ? "bad" : "good");
882 node
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
885 } SMARTLIST_FOREACH_END(node
);
887 directory_set_dirty();
889 routerlist_assert_ok(rl
);
890 smartlist_free(nodes
);
893 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
894 * directory, we will rebuild it instead of reusing the most recently
898 directory_set_dirty(void)
900 time_t now
= time(NULL
);
903 /* Regenerate stubs only every 8 hours.
904 * XXXX It would be nice to generate less often, but these are just
905 * stubs: it doesn't matter. */
906 #define STUB_REGENERATE_INTERVAL (8*60*60)
907 if (!the_directory
|| !the_runningrouters
.dir
)
909 else if (the_directory
->published
< now
- STUB_REGENERATE_INTERVAL
||
910 the_runningrouters
.published
< now
- STUB_REGENERATE_INTERVAL
)
914 if (!the_directory_is_dirty
)
915 the_directory_is_dirty
= now
;
916 if (!runningrouters_is_dirty
)
917 runningrouters_is_dirty
= now
;
919 if (!the_v2_networkstatus_is_dirty
)
920 the_v2_networkstatus_is_dirty
= now
;
924 * Allocate and return a description of the status of the server <b>desc</b>,
925 * for use in a v1-style router-status line. The server is listed
926 * as running iff <b>is_live</b> is true.
929 list_single_server_status(const routerinfo_t
*desc
, int is_live
)
931 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
941 node
= node_get_by_id(desc
->cache_info
.identity_digest
);
942 if (node
&& node
->is_valid
) {
943 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
948 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
950 return tor_strdup(buf
);
954 running_long_enough_to_decide_unreachable(void)
956 return time_of_process_start
957 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
960 /** Each server needs to have passed a reachability test no more
961 * than this number of seconds ago, or he is listed as down in
963 #define REACHABLE_TIMEOUT (45*60)
965 /** If we tested a router and found it reachable _at least this long_ after it
966 * declared itself hibernating, it is probably done hibernating and we just
967 * missed a descriptor from it. */
968 #define HIBERNATION_PUBLICATION_SKEW (60*60)
970 /** Treat a router as alive if
971 * - It's me, and I'm not hibernating.
972 * or - We've found it reachable recently. */
974 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
976 /*XXXX023 This function is a mess. Separate out the part that calculates
977 whether it's reachable and the part that tells rephist that the router was
981 node_t
*node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
984 if (router_is_me(router
)) {
985 /* We always know if we are down ourselves. */
986 answer
= ! we_are_hibernating();
987 } else if (router
->is_hibernating
&&
988 (router
->cache_info
.published_on
+
989 HIBERNATION_PUBLICATION_SKEW
) > router
->last_reachable
) {
990 /* A hibernating router is down unless we (somehow) had contact with it
991 * since it declared itself to be hibernating. */
993 } else if (get_options()->AssumeReachable
) {
994 /* If AssumeReachable, everybody is up unless they say they are down! */
997 /* Otherwise, a router counts as up if we found it reachable in the last
998 REACHABLE_TIMEOUT seconds. */
999 answer
= (now
< router
->last_reachable
+ REACHABLE_TIMEOUT
);
1002 if (!answer
&& running_long_enough_to_decide_unreachable()) {
1003 /* Not considered reachable. tell rephist about that.
1005 Because we launch a reachability test for each router every
1006 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
1007 been down since at least that time after we last successfully reached
1011 if (router
->last_reachable
&&
1012 router
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
< now
)
1013 when
= router
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
;
1014 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, when
);
1017 node
->is_running
= answer
;
1020 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
1021 * contents of a v1-style router-status line, and store it in
1022 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
1024 * If for_controller is true, include the routers with very old descriptors.
1027 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
1030 /* List of entries in a router-status style: An optional !, then an optional
1031 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
1032 smartlist_t
*rs_entries
;
1033 time_t now
= time(NULL
);
1034 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1035 const or_options_t
*options
= get_options();
1036 /* We include v2 dir auths here too, because they need to answer
1037 * controllers. Eventually we'll deprecate this whole function;
1038 * see also networkstatus_getinfo_by_purpose(). */
1039 int authdir
= authdir_mode_publishes_statuses(options
);
1040 tor_assert(router_status_out
);
1042 rs_entries
= smartlist_create();
1044 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
1045 const node_t
*node
= node_get_by_id(ri
->cache_info
.identity_digest
);
1048 /* Update router status in routerinfo_t. */
1049 dirserv_set_router_is_running(ri
, now
);
1051 if (for_controller
) {
1052 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
1053 char *cp
= name_buf
;
1054 if (!node
->is_running
)
1056 router_get_verbose_nickname(cp
, ri
);
1057 smartlist_add(rs_entries
, tor_strdup(name_buf
));
1058 } else if (ri
->cache_info
.published_on
>= cutoff
) {
1059 smartlist_add(rs_entries
, list_single_server_status(ri
,
1062 } SMARTLIST_FOREACH_END(ri
);
1064 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
1066 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
1067 smartlist_free(rs_entries
);
1072 /** Given a (possibly empty) list of config_line_t, each line of which contains
1073 * a list of comma-separated version numbers surrounded by optional space,
1074 * allocate and return a new string containing the version numbers, in order,
1075 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1078 format_versions_list(config_line_t
*ln
)
1080 smartlist_t
*versions
;
1082 versions
= smartlist_create();
1083 for ( ; ln
; ln
= ln
->next
) {
1084 smartlist_split_string(versions
, ln
->value
, ",",
1085 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
1087 sort_version_list(versions
, 1);
1088 result
= smartlist_join_strings(versions
,",",0,NULL
);
1089 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
1090 smartlist_free(versions
);
1094 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1095 * not hibernating, and not too old. Else return 0.
1098 router_is_active(const routerinfo_t
*ri
, const node_t
*node
, time_t now
)
1100 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1101 if (ri
->cache_info
.published_on
< cutoff
)
1103 if (!node
->is_running
|| !node
->is_valid
|| ri
->is_hibernating
)
1108 /** Generate a new v1 directory and write it into a newly allocated string.
1109 * Point *<b>dir_out</b> to the allocated string. Sign the
1110 * directory with <b>private_key</b>. Return 0 on success, -1 on
1111 * failure. If <b>complete</b> is set, give us all the descriptors;
1112 * otherwise leave out non-running and non-valid ones.
1115 dirserv_dump_directory_to_string(char **dir_out
,
1116 crypto_pk_env_t
*private_key
)
1119 char *identity_pkey
; /* Identity key, DER64-encoded. */
1120 char *recommended_versions
;
1121 char digest
[DIGEST_LEN
];
1122 char published
[ISO_TIME_LEN
+1];
1125 size_t identity_pkey_len
;
1126 time_t now
= time(NULL
);
1128 tor_assert(dir_out
);
1131 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1132 &identity_pkey_len
)<0) {
1133 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1137 recommended_versions
=
1138 format_versions_list(get_options()->RecommendedVersions
);
1140 format_iso_time(published
, now
);
1142 buf_len
= 2048+strlen(recommended_versions
);
1144 buf
= tor_malloc(buf_len
);
1145 /* We'll be comparing against buf_len throughout the rest of the
1146 function, though strictly speaking we shouldn't be able to exceed
1147 it. This is C, after all, so we may as well check for buffer
1150 tor_snprintf(buf
, buf_len
,
1151 "signed-directory\n"
1153 "recommended-software %s\n"
1154 "router-status %s\n"
1155 "dir-signing-key\n%s\n",
1156 published
, recommended_versions
, "",
1159 tor_free(recommended_versions
);
1160 tor_free(identity_pkey
);
1162 cp
= buf
+ strlen(buf
);
1165 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1167 if (strlcat(buf
, "directory-signature ", buf_len
) >= buf_len
)
1169 if (strlcat(buf
, get_options()->Nickname
, buf_len
) >= buf_len
)
1171 if (strlcat(buf
, "\n", buf_len
) >= buf_len
)
1174 if (router_get_dir_hash(buf
,digest
)) {
1175 log_warn(LD_BUG
,"couldn't compute digest");
1179 note_crypto_pk_op(SIGN_DIR
);
1180 if (router_append_dirobj_signature(buf
,buf_len
,digest
,DIGEST_LEN
,
1189 log_warn(LD_BUG
,"tried to exceed string length.");
1194 /********************************************************************/
1196 /* A set of functions to answer questions about how we'd like to behave
1197 * as a directory mirror/client. */
1199 /** Return 1 if we fetch our directory material directly from the
1200 * authorities, rather than from a mirror. */
1202 directory_fetches_from_authorities(const or_options_t
*options
)
1204 const routerinfo_t
*me
;
1207 if (options
->FetchDirInfoEarly
)
1209 if (options
->BridgeRelay
== 1)
1211 if (server_mode(options
) && router_pick_published_address(options
, &addr
)<0)
1212 return 1; /* we don't know our IP address; ask an authority. */
1213 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1214 should_refuse_unknown_exits(options
);
1215 if (options
->DirPort
== 0 && !refuseunknown
)
1217 if (!server_mode(options
) || !advertised_server_mode())
1219 me
= router_get_my_routerinfo();
1220 if (!me
|| (!me
->dir_port
&& !refuseunknown
))
1221 return 0; /* if dirport not advertised, return 0 too */
1225 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1226 * on the "mirror" schedule rather than the "client" schedule.
1229 directory_fetches_dir_info_early(const or_options_t
*options
)
1231 return directory_fetches_from_authorities(options
);
1234 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1235 * on a very passive schedule -- waiting long enough for ordinary clients
1236 * to probably have the info we want. These would include bridge users,
1237 * and maybe others in the future e.g. if a Tor client uses another Tor
1238 * client as a directory guard.
1241 directory_fetches_dir_info_later(const or_options_t
*options
)
1243 return options
->UseBridges
!= 0;
1246 /** Return 1 if we want to cache v2 dir info (each status file).
1249 directory_caches_v2_dir_info(const or_options_t
*options
)
1251 return options
->DirPort
!= 0;
1254 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1255 * and we're willing to serve them to others. Else return 0.
1258 directory_caches_dir_info(const or_options_t
*options
)
1260 if (options
->BridgeRelay
|| options
->DirPort
)
1262 if (!server_mode(options
) || !advertised_server_mode())
1264 /* We need an up-to-date view of network info if we're going to try to
1265 * block exit attempts from unknown relays. */
1266 return ! router_my_exit_policy_is_reject_star() &&
1267 should_refuse_unknown_exits(options
);
1270 /** Return 1 if we want to allow remote people to ask us directory
1271 * requests via the "begin_dir" interface, which doesn't require
1272 * having any separate port open. */
1274 directory_permits_begindir_requests(const or_options_t
*options
)
1276 return options
->BridgeRelay
!= 0 || options
->DirPort
!= 0;
1279 /** Return 1 if we want to allow controllers to ask us directory
1280 * requests via the controller interface, which doesn't require
1281 * having any separate port open. */
1283 directory_permits_controller_requests(const or_options_t
*options
)
1285 return options
->DirPort
!= 0;
1288 /** Return 1 if we have no need to fetch new descriptors. This generally
1289 * happens when we're not a dir cache and we haven't built any circuits
1293 directory_too_idle_to_fetch_descriptors(const or_options_t
*options
,
1296 return !directory_caches_dir_info(options
) &&
1297 !options
->FetchUselessDescriptors
&&
1298 rep_hist_circbuilding_dormant(now
);
1301 /********************************************************************/
1303 /* Used only by non-v1-auth dirservers: The v1 directory and
1304 * runningrouters we'll serve when requested. */
1306 /** The v1 directory we'll serve (as a cache or as an authority) if
1308 static cached_dir_t
*cached_directory
= NULL
;
1309 /** The v1 runningrouters document we'll serve (as a cache or as an authority)
1311 static cached_dir_t cached_runningrouters
;
1313 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1315 static digestmap_t
*cached_v2_networkstatus
= NULL
;
1317 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1318 * currently serving. */
1319 static strmap_t
*cached_consensuses
= NULL
;
1321 /** Possibly replace the contents of <b>d</b> with the value of
1322 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1323 * the last value, or too far in the future.
1325 * Does not copy <b>directory</b>; frees it if it isn't used.
1328 set_cached_dir(cached_dir_t
*d
, char *directory
, time_t when
)
1330 time_t now
= time(NULL
);
1331 if (when
<=d
->published
) {
1332 log_info(LD_DIRSERV
, "Ignoring old directory; not caching.");
1333 tor_free(directory
);
1334 } else if (when
>=now
+ROUTER_MAX_AGE_TO_PUBLISH
) {
1335 log_info(LD_DIRSERV
, "Ignoring future directory; not caching.");
1336 tor_free(directory
);
1338 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1339 log_debug(LD_DIRSERV
, "Caching directory.");
1342 d
->dir_len
= strlen(directory
);
1344 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1346 log_warn(LD_BUG
,"Error compressing cached directory");
1348 d
->published
= when
;
1352 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1353 * any references. */
1355 cached_dir_decref(cached_dir_t
*d
)
1357 if (!d
|| --d
->refcnt
> 0)
1359 clear_cached_dir(d
);
1363 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1364 * published at <b>published</b>. */
1366 new_cached_dir(char *s
, time_t published
)
1368 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1371 d
->dir_len
= strlen(s
);
1372 d
->published
= published
;
1373 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1375 log_warn(LD_BUG
, "Error compressing directory");
1380 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1382 clear_cached_dir(cached_dir_t
*d
)
1386 memset(d
, 0, sizeof(cached_dir_t
));
1389 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1391 _free_cached_dir(void *_d
)
1397 d
= (cached_dir_t
*)_d
;
1398 cached_dir_decref(d
);
1401 /** If we have no cached v1 directory, or it is older than <b>published</b>,
1402 * then replace it with <b>directory</b>, published at <b>published</b>.
1404 * If <b>published</b> is too old, do nothing.
1406 * If <b>is_running_routers</b>, this is really a v1 running_routers
1407 * document rather than a v1 directory.
1410 dirserv_set_cached_directory(const char *directory
, time_t published
,
1411 int is_running_routers
)
1413 time_t now
= time(NULL
);
1415 if (is_running_routers
) {
1416 if (published
>= now
- MAX_V1_RR_AGE
)
1417 set_cached_dir(&cached_runningrouters
, tor_strdup(directory
), published
);
1419 if (published
>= now
- MAX_V1_DIRECTORY_AGE
) {
1420 cached_dir_decref(cached_directory
);
1421 cached_directory
= new_cached_dir(tor_strdup(directory
), published
);
1426 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1427 * network-status for an authoritative directory with identity digest
1428 * <b>identity</b> published at <b>published</b> -- store it so we can
1429 * serve it to others.
1431 * If <b>networkstatus</b> is NULL, remove the entry with the given
1432 * identity fingerprint from the v2 cache.
1435 dirserv_set_cached_networkstatus_v2(const char *networkstatus
,
1436 const char *identity
,
1439 cached_dir_t
*d
, *old_d
;
1440 smartlist_t
*trusted_dirs
;
1441 if (!cached_v2_networkstatus
)
1442 cached_v2_networkstatus
= digestmap_new();
1444 old_d
= digestmap_get(cached_v2_networkstatus
, identity
);
1445 if (!old_d
&& !networkstatus
)
1448 if (networkstatus
) {
1449 if (!old_d
|| published
> old_d
->published
) {
1450 d
= new_cached_dir(tor_strdup(networkstatus
), published
);
1451 digestmap_set(cached_v2_networkstatus
, identity
, d
);
1453 cached_dir_decref(old_d
);
1457 digestmap_remove(cached_v2_networkstatus
, identity
);
1458 cached_dir_decref(old_d
);
1462 /* Now purge old entries. */
1463 trusted_dirs
= router_get_trusted_dir_servers();
1464 if (digestmap_size(cached_v2_networkstatus
) >
1465 smartlist_len(trusted_dirs
) + MAX_UNTRUSTED_NETWORKSTATUSES
) {
1466 /* We need to remove the oldest untrusted networkstatus. */
1467 const char *oldest
= NULL
;
1468 time_t oldest_published
= TIME_MAX
;
1469 digestmap_iter_t
*iter
;
1471 for (iter
= digestmap_iter_init(cached_v2_networkstatus
);
1472 !digestmap_iter_done(iter
);
1473 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
)) {
1476 digestmap_iter_get(iter
, &ident
, &val
);
1478 if (d
->published
< oldest_published
&&
1479 !router_digest_is_trusted_dir(ident
)) {
1481 oldest_published
= d
->published
;
1485 d
= digestmap_remove(cached_v2_networkstatus
, oldest
);
1487 cached_dir_decref(d
);
1491 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1492 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1493 * validation is performed. */
1495 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1496 const char *flavor_name
,
1497 const digests_t
*digests
,
1500 cached_dir_t
*new_networkstatus
;
1501 cached_dir_t
*old_networkstatus
;
1502 if (!cached_consensuses
)
1503 cached_consensuses
= strmap_new();
1505 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1506 memcpy(&new_networkstatus
->digests
, digests
, sizeof(digests_t
));
1507 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1509 if (old_networkstatus
)
1510 cached_dir_decref(old_networkstatus
);
1513 /** Remove any v2 networkstatus from the directory cache that was published
1514 * before <b>cutoff</b>. */
1516 dirserv_clear_old_networkstatuses(time_t cutoff
)
1518 if (!cached_v2_networkstatus
)
1521 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus
, id
, cached_dir_t
*, dir
) {
1522 if (dir
->published
< cutoff
) {
1524 fname
= networkstatus_get_cache_filename(id
);
1525 if (file_status(fname
) == FN_FILE
) {
1526 log_info(LD_DIR
, "Removing too-old untrusted networkstatus in %s",
1531 cached_dir_decref(dir
);
1532 MAP_DEL_CURRENT(id
);
1534 } DIGESTMAP_FOREACH_END
1537 /** Remove any v1 info from the directory cache that was published
1540 dirserv_clear_old_v1_info(time_t now
)
1542 if (cached_directory
&&
1543 cached_directory
->published
< (now
- MAX_V1_DIRECTORY_AGE
)) {
1544 cached_dir_decref(cached_directory
);
1545 cached_directory
= NULL
;
1547 if (cached_runningrouters
.published
< (now
- MAX_V1_RR_AGE
)) {
1548 clear_cached_dir(&cached_runningrouters
);
1552 /** Helper: If we're an authority for the right directory version (v1 or v2)
1553 * (based on <b>auth_type</b>), try to regenerate
1554 * auth_src as appropriate and return it, falling back to cache_src on
1555 * failure. If we're a cache, simply return cache_src.
1557 static cached_dir_t
*
1558 dirserv_pick_cached_dir_obj(cached_dir_t
*cache_src
,
1559 cached_dir_t
*auth_src
,
1560 time_t dirty
, cached_dir_t
*(*regenerate
)(void),
1562 dirinfo_type_t auth_type
)
1564 const or_options_t
*options
= get_options();
1565 int authority
= (auth_type
== V1_DIRINFO
&& authdir_mode_v1(options
)) ||
1566 (auth_type
== V2_DIRINFO
&& authdir_mode_v2(options
));
1568 if (!authority
|| authdir_mode_bridge(options
)) {
1571 /* We're authoritative. */
1572 if (regenerate
!= NULL
) {
1573 if (dirty
&& dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
)) {
1574 if (!(auth_src
= regenerate())) {
1575 log_err(LD_BUG
, "Couldn't generate %s?", name
);
1579 log_info(LD_DIRSERV
, "The %s is still clean; reusing.", name
);
1582 return auth_src
? auth_src
: cache_src
;
1586 /** Return the most recently generated encoded signed v1 directory,
1587 * generating a new one as necessary. If not a v1 authoritative directory
1588 * may return NULL if no directory is yet cached. */
1590 dirserv_get_directory(void)
1592 return dirserv_pick_cached_dir_obj(cached_directory
, the_directory
,
1593 the_directory_is_dirty
,
1594 dirserv_regenerate_directory
,
1595 "v1 server directory", V1_DIRINFO
);
1598 /** Only called by v1 auth dirservers.
1599 * Generate a fresh v1 directory; set the_directory and return a pointer
1602 static cached_dir_t
*
1603 dirserv_regenerate_directory(void)
1605 char *new_directory
=NULL
;
1607 if (dirserv_dump_directory_to_string(&new_directory
,
1608 get_server_identity_key())) {
1609 log_warn(LD_BUG
, "Error creating directory.");
1610 tor_free(new_directory
);
1613 cached_dir_decref(the_directory
);
1614 the_directory
= new_cached_dir(new_directory
, time(NULL
));
1615 log_info(LD_DIRSERV
,"New directory (size %d) has been built.",
1616 (int)the_directory
->dir_len
);
1617 log_debug(LD_DIRSERV
,"New directory (size %d):\n%s",
1618 (int)the_directory
->dir_len
, the_directory
->dir
);
1620 the_directory_is_dirty
= 0;
1622 /* Save the directory to disk so we re-load it quickly on startup.
1624 dirserv_set_cached_directory(the_directory
->dir
, time(NULL
), 0);
1626 return the_directory
;
1629 /** Only called by v1 auth dirservers.
1630 * Replace the current running-routers list with a newly generated one. */
1631 static cached_dir_t
*
1632 generate_runningrouters(void)
1635 char digest
[DIGEST_LEN
];
1636 char published
[ISO_TIME_LEN
+1];
1638 crypto_pk_env_t
*private_key
= get_server_identity_key();
1639 char *identity_pkey
; /* Identity key, DER64-encoded. */
1640 size_t identity_pkey_len
;
1642 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1643 &identity_pkey_len
)<0) {
1644 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1647 format_iso_time(published
, time(NULL
));
1650 s
= tor_malloc_zero(len
);
1651 tor_snprintf(s
, len
,
1654 "router-status %s\n"
1655 "dir-signing-key\n%s"
1656 "directory-signature %s\n",
1657 published
, "", identity_pkey
,
1658 get_options()->Nickname
);
1659 tor_free(identity_pkey
);
1660 if (router_get_runningrouters_hash(s
,digest
)) {
1661 log_warn(LD_BUG
,"couldn't compute digest");
1664 note_crypto_pk_op(SIGN_DIR
);
1665 if (router_append_dirobj_signature(s
, len
, digest
, DIGEST_LEN
,
1669 set_cached_dir(&the_runningrouters
, s
, time(NULL
));
1670 runningrouters_is_dirty
= 0;
1672 return &the_runningrouters
;
1678 /** Set *<b>rr</b> to the most recently generated encoded signed
1679 * running-routers list, generating a new one as necessary. Return the
1680 * size of the directory on success, and 0 on failure. */
1682 dirserv_get_runningrouters(void)
1684 return dirserv_pick_cached_dir_obj(
1685 &cached_runningrouters
, &the_runningrouters
,
1686 runningrouters_is_dirty
,
1687 generate_runningrouters
,
1688 "v1 network status list", V1_DIRINFO
);
1691 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1692 * optionally compressed format, suitable for sending to clients. */
1694 dirserv_get_consensus(const char *flavor_name
)
1696 if (!cached_consensuses
)
1698 return strmap_get(cached_consensuses
, flavor_name
);
1701 /** For authoritative directories: the current (v2) network status. */
1702 static cached_dir_t
*the_v2_networkstatus
= NULL
;
1704 /** Return true iff our opinion of the routers has been stale for long
1705 * enough that we should generate a new v2 network status doc. */
1707 should_generate_v2_networkstatus(void)
1709 return authdir_mode_v2(get_options()) &&
1710 the_v2_networkstatus_is_dirty
&&
1711 the_v2_networkstatus_is_dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
);
1714 /** If a router's uptime is at least this value, then it is always
1715 * considered stable, regardless of the rest of the network. This
1716 * way we resist attacks where an attacker doubles the size of the
1717 * network using allegedly high-uptime nodes, displacing all the
1718 * current guards. */
1719 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1720 /** If a router's MTBF is at least this value, then it is always stable.
1721 * See above. (Corresponds to about 7 days for current decay rates.) */
1722 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1723 /** Similarly, every node with at least this much weighted time known can be
1724 * considered familiar enough to be a guard. Corresponds to about 20 days for
1725 * current decay rates.
1727 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1728 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1730 #define WFU_TO_GUARANTEE_GUARD (0.98)
1732 /* Thresholds for server performance: set by
1733 * dirserv_compute_performance_thresholds, and used by
1734 * generate_v2_networkstatus */
1736 /** Any router with an uptime of at least this value is stable. */
1737 static uint32_t stable_uptime
= 0; /* start at a safe value */
1738 /** Any router with an mtbf of at least this value is stable. */
1739 static double stable_mtbf
= 0.0;
1740 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1741 * than stable_uptime. */
1742 static int enough_mtbf_info
= 0;
1743 /** Any router with a weighted fractional uptime of at least this much might
1744 * be good as a guard. */
1745 static double guard_wfu
= 0.0;
1746 /** Don't call a router a guard unless we've known about it for at least this
1748 static long guard_tk
= 0;
1749 /** Any router with a bandwidth at least this high is "Fast" */
1750 static uint32_t fast_bandwidth
= 0;
1751 /** If exits can be guards, then all guards must have a bandwidth this
1753 static uint32_t guard_bandwidth_including_exits
= 0;
1754 /** If exits can't be guards, then all guards must have a bandwidth this
1756 static uint32_t guard_bandwidth_excluding_exits
= 0;
1757 /** Total bandwidth of all the routers we're considering. */
1758 static uint64_t total_bandwidth
= 0;
1759 /** Total bandwidth of all the exit routers we're considering. */
1760 static uint64_t total_exit_bandwidth
= 0;
1762 /** Helper: estimate the uptime of a router given its stated uptime and the
1763 * amount of time since it last stated its stated uptime. */
1765 real_uptime(const routerinfo_t
*router
, time_t now
)
1767 if (now
< router
->cache_info
.published_on
)
1768 return router
->uptime
;
1770 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1773 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1774 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1775 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1779 dirserv_thinks_router_is_unreliable(time_t now
,
1780 routerinfo_t
*router
,
1781 int need_uptime
, int need_capacity
)
1784 if (!enough_mtbf_info
) {
1785 /* XXX023 Once most authorities are on v3, we should change the rule from
1786 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1787 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1788 * hit a point where we need to reset a lot of authorities at once,
1789 * none of them would be in a position to declare Stable.
1791 long uptime
= real_uptime(router
, now
);
1792 if ((unsigned)uptime
< stable_uptime
&&
1793 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1797 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1798 if (mtbf
< stable_mtbf
&&
1799 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1803 if (need_capacity
) {
1804 uint32_t bw
= router_get_advertised_bandwidth(router
);
1805 if (bw
< fast_bandwidth
)
1811 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1812 * Right now this means it advertises support for it, it has a high
1813 * uptime, it has a DirPort open, and it's currently considered Running.
1815 * This function needs to be called after router-\>is_running has
1819 dirserv_thinks_router_is_hs_dir(const routerinfo_t
*router
,
1820 const node_t
*node
, time_t now
)
1825 /* If we haven't been running for at least
1826 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1827 * have accurate data telling us a relay has been up for at least
1828 * that long. We also want to allow a bit of slack: Reachability
1829 * tests aren't instant. If we haven't been running long enough,
1830 * trust the relay. */
1832 if (stats_n_seconds_working
>
1833 get_options()->MinUptimeHidServDirectoryV2
* 1.1)
1834 uptime
= MIN(rep_hist_get_uptime(router
->cache_info
.identity_digest
, now
),
1835 real_uptime(router
, now
));
1837 uptime
= real_uptime(router
, now
);
1839 /* XXX We shouldn't need to check dir_port, but we do because of
1840 * bug 1693. In the future, once relays set wants_to_be_hs_dir
1841 * correctly, we can revert to only checking dir_port if router's
1842 * version is too old. */
1843 /* XXX Unfortunately, we need to keep checking dir_port until all
1844 * *clients* suffering from bug 2722 are obsolete. The first version
1845 * to fix the bug was 0.2.2.25-alpha. */
1846 return (router
->wants_to_be_hs_dir
&& router
->dir_port
&&
1847 uptime
> get_options()->MinUptimeHidServDirectoryV2
&&
1851 /** Look through the routerlist, the Mean Time Between Failure history, and
1852 * the Weighted Fractional Uptime history, and use them to set thresholds for
1853 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1854 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1855 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1856 * total_bandwidth, and total_exit_bandwidth.
1858 * Also, set the is_exit flag of each router appropriately. */
1860 dirserv_compute_performance_thresholds(routerlist_t
*rl
)
1862 int n_active
, n_active_nonexit
, n_familiar
;
1863 uint32_t *uptimes
, *bandwidths
, *bandwidths_excluding_exits
;
1865 double *mtbfs
, *wfus
;
1866 time_t now
= time(NULL
);
1867 const or_options_t
*options
= get_options();
1869 /* initialize these all here, in case there are no routers */
1873 guard_bandwidth_including_exits
= 0;
1874 guard_bandwidth_excluding_exits
= 0;
1877 total_bandwidth
= 0;
1878 total_exit_bandwidth
= 0;
1880 /* Initialize arrays that will hold values for each router. We'll
1881 * sort them and use that to compute thresholds. */
1882 n_active
= n_active_nonexit
= 0;
1883 /* Uptime for every active router. */
1884 uptimes
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1885 /* Bandwidth for every active router. */
1886 bandwidths
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1887 /* Bandwidth for every active non-exit router. */
1888 bandwidths_excluding_exits
=
1889 tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1890 /* Weighted mean time between failure for each active router. */
1891 mtbfs
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1892 /* Time-known for each active router. */
1893 tks
= tor_malloc(sizeof(long)*smartlist_len(rl
->routers
));
1894 /* Weighted fractional uptime for each active router. */
1895 wfus
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1897 nodelist_assert_ok();
1899 /* Now, fill in the arrays. */
1900 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t
*, node
) {
1901 routerinfo_t
*ri
= node
->ri
;
1902 if (ri
&& router_is_active(ri
, node
, now
)) {
1903 const char *id
= ri
->cache_info
.identity_digest
;
1905 node
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1906 exit_policy_is_general_exit(ri
->exit_policy
));
1907 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1908 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1909 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1910 bandwidths
[n_active
] = bw
= router_get_advertised_bandwidth(ri
);
1911 total_bandwidth
+= bw
;
1912 if (node
->is_exit
&& !node
->is_bad_exit
) {
1913 total_exit_bandwidth
+= bw
;
1915 bandwidths_excluding_exits
[n_active_nonexit
] = bw
;
1920 } SMARTLIST_FOREACH_END(node
);
1922 /* Now, compute thresholds. */
1924 /* The median uptime is stable. */
1925 stable_uptime
= median_uint32(uptimes
, n_active
);
1926 /* The median mtbf is stable, if we have enough mtbf info */
1927 stable_mtbf
= median_double(mtbfs
, n_active
);
1928 /* The 12.5th percentile bandwidth is fast. */
1929 fast_bandwidth
= find_nth_uint32(bandwidths
, n_active
, n_active
/8);
1930 /* (Now bandwidths is sorted.) */
1931 if (fast_bandwidth
< ROUTER_REQUIRED_MIN_BANDWIDTH
/2)
1932 fast_bandwidth
= bandwidths
[n_active
/4];
1933 guard_bandwidth_including_exits
= bandwidths
[(n_active
-1)/2];
1934 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1937 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1938 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1940 /* Protect sufficiently fast nodes from being pushed out of the set
1942 if (options
->AuthDirFastGuarantee
&&
1943 fast_bandwidth
> options
->AuthDirFastGuarantee
)
1944 fast_bandwidth
= (uint32_t)options
->AuthDirFastGuarantee
;
1946 /* Now that we have a time-known that 7/8 routers are known longer than,
1947 * fill wfus with the wfu of every such "familiar" router. */
1950 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t
*, node
) {
1951 routerinfo_t
*ri
= node
->ri
;
1952 if (ri
&& router_is_active(ri
, node
, now
)) {
1953 const char *id
= ri
->cache_info
.identity_digest
;
1954 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1957 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1959 } SMARTLIST_FOREACH_END(node
);
1961 guard_wfu
= median_double(wfus
, n_familiar
);
1962 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1963 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1965 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1967 if (n_active_nonexit
) {
1968 guard_bandwidth_excluding_exits
=
1969 median_uint32(bandwidths_excluding_exits
, n_active_nonexit
);
1972 log(LOG_INFO
, LD_DIRSERV
,
1973 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1974 "For Fast: %lu bytes/sec. "
1975 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1976 "and bandwidth %lu or %lu bytes/sec. We%s have enough stability data.",
1977 (unsigned long)stable_uptime
,
1978 (unsigned long)stable_mtbf
,
1979 (unsigned long)fast_bandwidth
,
1981 (unsigned long)guard_tk
,
1982 (unsigned long)guard_bandwidth_including_exits
,
1983 (unsigned long)guard_bandwidth_excluding_exits
,
1984 enough_mtbf_info
? "" : " don't ");
1988 tor_free(bandwidths
);
1989 tor_free(bandwidths_excluding_exits
);
1994 /** Given a platform string as in a routerinfo_t (possibly null), return a
1995 * newly allocated version string for a networkstatus document, or NULL if the
1996 * platform doesn't give a Tor version. */
1998 version_from_platform(const char *platform
)
2000 if (platform
&& !strcmpstart(platform
, "Tor ")) {
2001 const char *eos
= find_whitespace(platform
+4);
2002 if (eos
&& !strcmpstart(eos
, " (r")) {
2003 /* XXXX Unify this logic with the other version extraction
2004 * logic in routerparse.c. */
2005 eos
= find_whitespace(eos
+1);
2008 return tor_strndup(platform
, eos
-platform
);
2014 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
2015 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
2016 * Use the same format as in network-status documents. If <b>version</b> is
2017 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
2020 * The format argument has three possible values:
2021 * NS_V2 - Output an entry suitable for a V2 NS opinion document
2022 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
2023 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
2025 * NS_V3_VOTE - Output a complete V3 NS vote
2026 * NS_CONTROL_PORT - Output a NS document for the control port
2029 routerstatus_format_entry(char *buf
, size_t buf_len
,
2030 const routerstatus_t
*rs
, const char *version
,
2031 routerstatus_format_type_t format
)
2037 char published
[ISO_TIME_LEN
+1];
2038 char identity64
[BASE64_DIGEST_LEN
+1];
2039 char digest64
[BASE64_DIGEST_LEN
+1];
2041 format_iso_time(published
, rs
->published_on
);
2042 digest_to_base64(identity64
, rs
->identity_digest
);
2043 digest_to_base64(digest64
, rs
->descriptor_digest
);
2045 r
= tor_snprintf(buf
, buf_len
,
2046 "r %s %s %s%s%s %s %d %d\n",
2049 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
2050 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
2052 fmt_addr32(rs
->addr
),
2056 log_warn(LD_BUG
, "Not enough space in buffer.");
2060 /* TODO: Maybe we want to pass in what we need to build the rest of
2061 * this here, instead of in the caller. Then we could use the
2062 * networkstatus_type_t values, with an additional control port value
2064 if (format
== NS_V3_CONSENSUS
|| format
== NS_V3_CONSENSUS_MICRODESC
)
2067 cp
= buf
+ strlen(buf
);
2068 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
2069 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2070 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
2071 /* These must stay in alphabetical order. */
2072 rs
->is_authority
?" Authority":"",
2073 rs
->is_bad_directory
?" BadDirectory":"",
2074 rs
->is_bad_exit
?" BadExit":"",
2075 rs
->is_exit
?" Exit":"",
2076 rs
->is_fast
?" Fast":"",
2077 rs
->is_possible_guard
?" Guard":"",
2078 rs
->is_hs_dir
?" HSDir":"",
2079 rs
->is_named
?" Named":"",
2080 rs
->is_flagged_running
?" Running":"",
2081 rs
->is_stable
?" Stable":"",
2082 rs
->is_unnamed
?" Unnamed":"",
2083 rs
->is_v2_dir
?" V2Dir":"",
2084 rs
->is_valid
?" Valid":"");
2086 log_warn(LD_BUG
, "Not enough space in buffer.");
2091 /* length of "opt v \n" */
2092 #define V_LINE_OVERHEAD 7
2093 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
2094 if (tor_snprintf(cp
, buf_len
- (cp
-buf
), "opt v %s\n", version
)<0) {
2095 log_warn(LD_BUG
, "Unable to print router version.");
2101 if (format
!= NS_V2
) {
2102 const routerinfo_t
* desc
= router_get_by_id_digest(rs
->identity_digest
);
2105 if (format
!= NS_CONTROL_PORT
) {
2106 /* Blow up more or less nicely if we didn't get anything or not the
2107 * thing we expected.
2110 char id
[HEX_DIGEST_LEN
+1];
2111 char dd
[HEX_DIGEST_LEN
+1];
2113 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2114 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
2115 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
2116 "(wanted descriptor %s).",
2121 /* This assert can fire for the control port, because
2122 * it can request NS documents before all descriptors
2123 * have been fetched. */
2124 if (tor_memneq(desc
->cache_info
.signed_descriptor_digest
,
2125 rs
->descriptor_digest
,
2127 char rl_d
[HEX_DIGEST_LEN
+1];
2128 char rs_d
[HEX_DIGEST_LEN
+1];
2129 char id
[HEX_DIGEST_LEN
+1];
2131 base16_encode(rl_d
, sizeof(rl_d
),
2132 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
2133 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
2134 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2135 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
2136 "the one in routerstatus: %s vs %s "
2140 tor_assert(tor_memeq(desc
->cache_info
.signed_descriptor_digest
,
2141 rs
->descriptor_digest
,
2146 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
2150 bw
= router_get_advertised_bandwidth_capped(desc
) / 1000;
2152 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2153 "w Bandwidth=%d\n", bw
);
2156 log_warn(LD_BUG
, "Not enough space in buffer.");
2160 if (format
== NS_V3_VOTE
&& rs
->has_measured_bw
) {
2161 *--cp
= '\0'; /* Kill "\n" */
2162 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2163 " Measured=%d\n", rs
->measured_bw
);
2165 log_warn(LD_BUG
, "Not enough space in buffer for weight line.");
2172 summary
= policy_summarize(desc
->exit_policy
);
2173 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
), "p %s\n", summary
);
2175 log_warn(LD_BUG
, "Not enough space in buffer.");
2187 /** Helper for sorting: compares two routerinfos first by address, and then by
2188 * descending order of "usefulness". (An authority is more useful than a
2189 * non-authority; a running router is more useful than a non-running router;
2190 * and a router with more bandwidth is more useful than one with less.)
2193 _compare_routerinfo_by_ip_and_bw(const void **a
, const void **b
)
2195 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2196 int first_is_auth
, second_is_auth
;
2197 uint32_t bw_first
, bw_second
;
2198 const node_t
*node_first
, *node_second
;
2199 int first_is_running
, second_is_running
;
2201 /* we return -1 if first should appear before second... that is,
2202 * if first is a better router. */
2203 if (first
->addr
< second
->addr
)
2205 else if (first
->addr
> second
->addr
)
2208 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
2209 * reality, we will almost never get here, since addresses will usually be
2213 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2215 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2217 if (first_is_auth
&& !second_is_auth
)
2219 else if (!first_is_auth
&& second_is_auth
)
2222 node_first
= node_get_by_id(first
->cache_info
.identity_digest
);
2223 node_second
= node_get_by_id(second
->cache_info
.identity_digest
);
2224 first_is_running
= node_first
&& node_first
->is_running
;
2225 second_is_running
= node_second
&& node_second
->is_running
;
2227 if (first_is_running
&& !second_is_running
)
2229 else if (!first_is_running
&& second_is_running
)
2232 bw_first
= router_get_advertised_bandwidth(first
);
2233 bw_second
= router_get_advertised_bandwidth(second
);
2235 if (bw_first
> bw_second
)
2237 else if (bw_first
< bw_second
)
2240 /* They're equal! Compare by identity digest, so there's a
2241 * deterministic order and we avoid flapping. */
2242 return fast_memcmp(first
->cache_info
.identity_digest
,
2243 second
->cache_info
.identity_digest
,
2247 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2248 * whose keys are the identity digests of those routers that we're going to
2249 * exclude for Sybil-like appearance. */
2250 static digestmap_t
*
2251 get_possible_sybil_list(const smartlist_t
*routers
)
2253 const or_options_t
*options
= get_options();
2254 digestmap_t
*omit_as_sybil
;
2255 smartlist_t
*routers_by_ip
= smartlist_create();
2258 /* Allow at most this number of Tor servers on a single IP address, ... */
2259 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2260 /* ... unless it's a directory authority, in which case allow more. */
2261 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2262 if (max_with_same_addr
<= 0)
2263 max_with_same_addr
= INT_MAX
;
2264 if (max_with_same_addr_on_authority
<= 0)
2265 max_with_same_addr_on_authority
= INT_MAX
;
2267 smartlist_add_all(routers_by_ip
, routers
);
2268 smartlist_sort(routers_by_ip
, _compare_routerinfo_by_ip_and_bw
);
2269 omit_as_sybil
= digestmap_new();
2273 SMARTLIST_FOREACH(routers_by_ip
, routerinfo_t
*, ri
,
2275 if (last_addr
!= ri
->addr
) {
2276 last_addr
= ri
->addr
;
2278 } else if (++addr_count
> max_with_same_addr
) {
2279 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2280 addr_count
> max_with_same_addr_on_authority
)
2281 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2285 smartlist_free(routers_by_ip
);
2286 return omit_as_sybil
;
2289 /** Return non-zero iff a relay running the Tor version specified in
2290 * <b>platform</b> is suitable for use as a potential entry guard. */
2292 is_router_version_good_for_possible_guard(const char *platform
)
2294 static int parsed_versions_initialized
= 0;
2295 static tor_version_t first_good_0_2_1_guard_version
;
2296 static tor_version_t first_good_0_2_2_guard_version
;
2297 static tor_version_t first_good_later_guard_version
;
2299 tor_version_t router_version
;
2301 /* XXX023 This block should be extracted into its own function. */
2302 /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
2304 char *s
, *s2
, *start
;
2307 tor_assert(platform
);
2309 /* nonstandard Tor; be safe and say yes */
2310 if (strcmpstart(platform
,"Tor "))
2313 start
= (char *)eat_whitespace(platform
+3);
2314 if (!*start
) return 0;
2315 s
= (char *)find_whitespace(start
); /* also finds '\0', which is fine */
2316 s2
= (char*)eat_whitespace(s
);
2317 if (!strcmpstart(s2
, "(r") || !strcmpstart(s2
, "(git-"))
2318 s
= (char*)find_whitespace(s2
);
2320 if ((size_t)(s
-start
+1) >= sizeof(tmp
)) /* too big, no */
2322 strlcpy(tmp
, start
, s
-start
+1);
2324 if (tor_version_parse(tmp
, &router_version
)<0) {
2325 log_info(LD_DIR
,"Router version '%s' unparseable.",tmp
);
2326 return 1; /* be safe and say yes */
2329 /* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */
2331 if (!parsed_versions_initialized
) {
2332 /* CVE-2011-2769 was fixed on the relay side in Tor versions
2333 * 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */
2334 tor_assert(tor_version_parse("0.2.1.31",
2335 &first_good_0_2_1_guard_version
)>=0);
2336 tor_assert(tor_version_parse("0.2.2.34",
2337 &first_good_0_2_2_guard_version
)>=0);
2338 tor_assert(tor_version_parse("0.2.3.6-alpha",
2339 &first_good_later_guard_version
)>=0);
2341 /* Don't parse these constant version strings once for every relay
2342 * for every vote. */
2343 parsed_versions_initialized
= 1;
2346 return ((tor_version_same_series(&first_good_0_2_1_guard_version
,
2348 tor_version_compare(&first_good_0_2_1_guard_version
,
2349 &router_version
) <= 0) ||
2350 (tor_version_same_series(&first_good_0_2_2_guard_version
,
2352 tor_version_compare(&first_good_0_2_2_guard_version
,
2353 &router_version
) <= 0) ||
2354 (tor_version_compare(&first_good_later_guard_version
,
2355 &router_version
) <= 0));
2358 /** Extract status information from <b>ri</b> and from other authority
2359 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2360 * the named flag in <b>rs</b>.
2362 * We assume that ri-\>is_running has already been set, e.g. by
2363 * dirserv_set_router_is_running(ri, now);
2366 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2370 int naming
, int listbadexits
,
2371 int listbaddirs
, int vote_on_hsdirs
)
2373 const or_options_t
*options
= get_options();
2374 int unstable_version
=
2375 !tor_version_as_new_as(ri
->platform
,"0.1.1.16-rc-cvs");
2376 uint32_t routerbw
= router_get_advertised_bandwidth(ri
);
2378 memset(rs
, 0, sizeof(routerstatus_t
));
2381 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2383 /* Already set by compute_performance_thresholds. */
2384 rs
->is_exit
= node
->is_exit
;
2385 rs
->is_stable
= node
->is_stable
=
2386 router_is_active(ri
, node
, now
) &&
2387 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0) &&
2389 rs
->is_fast
= node
->is_fast
=
2390 router_is_active(ri
, node
, now
) &&
2391 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2392 rs
->is_flagged_running
= node
->is_running
; /* computed above */
2395 uint32_t name_status
= dirserv_get_name_status(
2396 node
->identity
, ri
->nickname
);
2397 rs
->is_named
= (naming
&& (name_status
& FP_NAMED
)) ? 1 : 0;
2398 rs
->is_unnamed
= (naming
&& (name_status
& FP_UNNAMED
)) ? 1 : 0;
2400 rs
->is_valid
= node
->is_valid
;
2402 if (node
->is_fast
&&
2403 ((options
->AuthDirGuardBWGuarantee
&&
2404 routerbw
>= options
->AuthDirGuardBWGuarantee
) ||
2405 routerbw
>= MIN(guard_bandwidth_including_exits
,
2406 guard_bandwidth_excluding_exits
)) &&
2407 (options
->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
||
2408 is_router_version_good_for_possible_guard(ri
->platform
))) {
2409 long tk
= rep_hist_get_weighted_time_known(
2410 node
->identity
, now
);
2411 double wfu
= rep_hist_get_weighted_fractional_uptime(
2412 node
->identity
, now
);
2413 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2415 rs
->is_possible_guard
= 0;
2418 rs
->is_bad_directory
= listbaddirs
&& node
->is_bad_directory
;
2419 rs
->is_bad_exit
= listbadexits
&& node
->is_bad_exit
;
2420 node
->is_hs_dir
= dirserv_thinks_router_is_hs_dir(ri
, node
, now
);
2421 rs
->is_hs_dir
= vote_on_hsdirs
&& node
->is_hs_dir
;
2422 rs
->is_v2_dir
= ri
->dir_port
!= 0;
2424 if (!strcasecmp(ri
->nickname
, UNNAMED_ROUTER_NICKNAME
))
2425 rs
->is_named
= rs
->is_unnamed
= 0;
2427 rs
->published_on
= ri
->cache_info
.published_on
;
2428 memcpy(rs
->identity_digest
, node
->identity
, DIGEST_LEN
);
2429 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2431 rs
->addr
= ri
->addr
;
2432 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2433 rs
->or_port
= ri
->or_port
;
2434 rs
->dir_port
= ri
->dir_port
;
2437 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2438 * too narrow an IP-space. Clear out its flags: we don't want people
2442 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2444 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2445 rs
->is_flagged_running
= rs
->is_named
= rs
->is_valid
= rs
->is_v2_dir
=
2446 rs
->is_hs_dir
= rs
->is_possible_guard
= rs
->is_bad_exit
=
2447 rs
->is_bad_directory
= 0;
2448 /* FFFF we might want some mechanism to check later on if we
2449 * missed zeroing any flags: it's easy to add a new flag but
2450 * forget to add it to this clause. */
2454 * Helper function to parse out a line in the measured bandwidth file
2455 * into a measured_bw_line_t output structure. Returns -1 on failure
2459 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2461 char *line
= tor_strdup(orig_line
);
2464 int got_node_id
= 0;
2465 char *strtok_state
; /* lame sauce d'jour */
2466 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2469 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2470 escaped(orig_line
));
2475 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2476 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2477 escaped(orig_line
));
2483 if (strcmpstart(cp
, "bw=") == 0) {
2487 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2488 escaped(orig_line
));
2494 out
->bw
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2495 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2496 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2497 escaped(orig_line
));
2502 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2504 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2505 escaped(orig_line
));
2509 cp
+=strlen("node_id=$");
2511 if (strlen(cp
) != HEX_DIGEST_LEN
||
2512 base16_decode(out
->node_id
, DIGEST_LEN
, cp
, HEX_DIGEST_LEN
)) {
2513 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2514 escaped(orig_line
));
2518 strlcpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2521 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2523 if (got_bw
&& got_node_id
) {
2527 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2528 escaped(orig_line
));
2535 * Helper function to apply a parsed measurement line to a list
2536 * of bandwidth statuses. Returns true if a line is found,
2540 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2541 smartlist_t
*routerstatuses
)
2543 routerstatus_t
*rs
= NULL
;
2544 if (!routerstatuses
)
2547 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2548 compare_digest_to_routerstatus_entry
);
2551 rs
->has_measured_bw
= 1;
2552 rs
->measured_bw
= (uint32_t)parsed_line
->bw
;
2554 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2555 parsed_line
->node_hex
);
2562 * Read the measured bandwidth file and apply it to the list of
2563 * routerstatuses. Returns -1 on error, 0 otherwise.
2566 dirserv_read_measured_bandwidths(const char *from_file
,
2567 smartlist_t
*routerstatuses
)
2570 FILE *fp
= tor_fopen_cloexec(from_file
, "r");
2571 int applied_lines
= 0;
2575 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2580 if (!fgets(line
, sizeof(line
), fp
)
2581 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2582 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2588 line
[strlen(line
)-1] = '\0';
2589 file_time
= tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2591 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2597 if ((time(NULL
) - file_time
) > MAX_MEASUREMENT_AGE
) {
2598 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2599 (unsigned)(time(NULL
) - file_time
));
2605 smartlist_sort(routerstatuses
, compare_routerstatus_entries
);
2608 measured_bw_line_t parsed_line
;
2609 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2610 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2611 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2618 log_info(LD_DIRSERV
,
2619 "Bandwidth measurement file successfully read. "
2620 "Applied %d measurements.", applied_lines
);
2624 /** Return a new networkstatus_t* containing our current opinion. (For v3
2627 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t
*private_key
,
2628 authority_cert_t
*cert
)
2630 const or_options_t
*options
= get_options();
2631 networkstatus_t
*v3_out
= NULL
;
2633 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2634 const char *contact
;
2635 smartlist_t
*routers
, *routerstatuses
;
2636 char identity_digest
[DIGEST_LEN
];
2637 char signing_key_digest
[DIGEST_LEN
];
2638 int naming
= options
->NamingAuthoritativeDir
;
2639 int listbadexits
= options
->AuthDirListBadExits
;
2640 int listbaddirs
= options
->AuthDirListBadDirs
;
2641 int vote_on_hsdirs
= options
->VoteOnHidServDirectoriesV2
;
2642 routerlist_t
*rl
= router_get_routerlist();
2643 time_t now
= time(NULL
);
2644 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2645 networkstatus_voter_info_t
*voter
= NULL
;
2646 vote_timing_t timing
;
2647 digestmap_t
*omit_as_sybil
= NULL
;
2648 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2649 smartlist_t
*microdescriptors
= NULL
;
2651 tor_assert(private_key
);
2654 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2655 log_warn(LD_NET
, "Couldn't resolve my hostname");
2658 if (!strchr(hostname
, '.')) {
2660 hostname
= tor_dup_ip(addr
);
2662 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2663 log_err(LD_BUG
, "Error computing signing key digest");
2666 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2667 log_err(LD_BUG
, "Error computing identity key digest");
2671 if (options
->VersioningAuthoritativeDir
) {
2672 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2673 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2676 contact
= get_options()->ContactInfo
;
2680 /* precompute this part, since we need it to decide what "stable"
2682 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2683 dirserv_set_router_is_running(ri
, now
);
2686 dirserv_compute_performance_thresholds(rl
);
2688 routers
= smartlist_create();
2689 smartlist_add_all(routers
, rl
->routers
);
2690 routers_sort_by_identity(routers
);
2691 omit_as_sybil
= get_possible_sybil_list(routers
);
2693 routerstatuses
= smartlist_create();
2694 microdescriptors
= smartlist_create();
2696 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2697 if (ri
->cache_info
.published_on
>= cutoff
) {
2699 vote_routerstatus_t
*vrs
;
2701 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2705 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2707 set_routerstatus_from_routerinfo(rs
, node
, ri
, now
,
2708 naming
, listbadexits
, listbaddirs
,
2711 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2712 clear_status_flags_on_sybil(rs
);
2714 if (!vote_on_reachability
)
2715 rs
->is_flagged_running
= 0;
2717 vrs
->version
= version_from_platform(ri
->platform
);
2718 md
= dirvote_create_microdescriptor(ri
);
2721 vote_microdesc_hash_t
*h
;
2722 dirvote_format_microdesc_vote_line(buf
, sizeof(buf
), md
);
2723 h
= tor_malloc(sizeof(vote_microdesc_hash_t
));
2724 h
->microdesc_hash_line
= tor_strdup(buf
);
2727 md
->last_listed
= now
;
2728 smartlist_add(microdescriptors
, md
);
2731 smartlist_add(routerstatuses
, vrs
);
2733 } SMARTLIST_FOREACH_END(ri
);
2736 smartlist_t
*added
=
2737 microdescs_add_list_to_cache(get_microdesc_cache(),
2738 microdescriptors
, SAVED_NOWHERE
, 0);
2739 smartlist_free(added
);
2740 smartlist_free(microdescriptors
);
2743 smartlist_free(routers
);
2744 digestmap_free(omit_as_sybil
, NULL
);
2746 if (options
->V3BandwidthsFile
) {
2747 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2751 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2753 v3_out
->type
= NS_TYPE_VOTE
;
2754 dirvote_get_preferred_voting_intervals(&timing
);
2755 v3_out
->published
= now
;
2757 char tbuf
[ISO_TIME_LEN
+1];
2758 networkstatus_t
*current_consensus
=
2759 networkstatus_get_live_consensus(now
);
2760 long last_consensus_interval
; /* only used to pick a valid_after */
2761 if (current_consensus
)
2762 last_consensus_interval
= current_consensus
->fresh_until
-
2763 current_consensus
->valid_after
;
2765 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2766 v3_out
->valid_after
=
2767 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
);
2768 format_iso_time(tbuf
, v3_out
->valid_after
);
2769 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2770 "consensus_set=%d, last_interval=%d",
2771 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2773 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2774 v3_out
->valid_until
= v3_out
->valid_after
+
2775 (timing
.vote_interval
* timing
.n_intervals_valid
);
2776 v3_out
->vote_seconds
= timing
.vote_delay
;
2777 v3_out
->dist_seconds
= timing
.dist_delay
;
2778 tor_assert(v3_out
->vote_seconds
> 0);
2779 tor_assert(v3_out
->dist_seconds
> 0);
2780 tor_assert(timing
.n_intervals_valid
> 0);
2782 v3_out
->client_versions
= client_versions
;
2783 v3_out
->server_versions
= server_versions
;
2784 v3_out
->known_flags
= smartlist_create();
2785 smartlist_split_string(v3_out
->known_flags
,
2786 "Authority Exit Fast Guard Stable V2Dir Valid",
2787 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2788 if (vote_on_reachability
)
2789 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2791 smartlist_add(v3_out
->known_flags
, tor_strdup("BadDirectory"));
2793 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2795 smartlist_add(v3_out
->known_flags
, tor_strdup("Named"));
2796 smartlist_add(v3_out
->known_flags
, tor_strdup("Unnamed"));
2799 smartlist_add(v3_out
->known_flags
, tor_strdup("HSDir"));
2800 smartlist_sort_strings(v3_out
->known_flags
);
2802 if (options
->ConsensusParams
) {
2803 v3_out
->net_params
= smartlist_create();
2804 smartlist_split_string(v3_out
->net_params
,
2805 options
->ConsensusParams
, NULL
, 0, 0);
2806 smartlist_sort_strings(v3_out
->net_params
);
2809 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2810 voter
->nickname
= tor_strdup(options
->Nickname
);
2811 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
2812 voter
->sigs
= smartlist_create();
2813 voter
->address
= hostname
;
2815 voter
->dir_port
= router_get_advertised_dir_port(options
, 0);
2816 voter
->or_port
= router_get_advertised_or_port(options
);
2817 voter
->contact
= tor_strdup(contact
);
2818 if (options
->V3AuthUseLegacyKey
) {
2819 authority_cert_t
*c
= get_my_v3_legacy_cert();
2821 if (crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
)) {
2822 log_warn(LD_BUG
, "Unable to compute digest of legacy v3 identity key");
2823 memset(voter
->legacy_id_digest
, 0, DIGEST_LEN
);
2828 v3_out
->voters
= smartlist_create();
2829 smartlist_add(v3_out
->voters
, voter
);
2830 v3_out
->cert
= authority_cert_dup(cert
);
2831 v3_out
->routerstatus_list
= routerstatuses
;
2832 /* Note: networkstatus_digest is unset; it won't get set until we actually
2833 * format the vote. */
2838 /** For v2 authoritative directories only: Replace the contents of
2839 * <b>the_v2_networkstatus</b> with a newly generated network status
2841 static cached_dir_t
*
2842 generate_v2_networkstatus_opinion(void)
2844 cached_dir_t
*r
= NULL
;
2845 size_t len
, identity_pkey_len
;
2846 char *status
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
,
2847 *identity_pkey
= NULL
, *hostname
= NULL
;
2849 const or_options_t
*options
= get_options();
2850 char fingerprint
[FINGERPRINT_LEN
+1];
2851 char published
[ISO_TIME_LEN
+1];
2852 char digest
[DIGEST_LEN
];
2854 crypto_pk_env_t
*private_key
;
2855 routerlist_t
*rl
= router_get_routerlist();
2856 time_t now
= time(NULL
);
2857 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2858 int naming
= options
->NamingAuthoritativeDir
;
2859 int versioning
= options
->VersioningAuthoritativeDir
;
2860 int listbaddirs
= options
->AuthDirListBadDirs
;
2861 int listbadexits
= options
->AuthDirListBadExits
;
2862 int vote_on_hsdirs
= options
->VoteOnHidServDirectoriesV2
;
2863 const char *contact
;
2864 char *version_lines
= NULL
;
2865 smartlist_t
*routers
= NULL
;
2866 digestmap_t
*omit_as_sybil
= NULL
;
2868 private_key
= get_server_identity_key();
2870 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2871 log_warn(LD_NET
, "Couldn't resolve my hostname");
2875 format_iso_time(published
, now
);
2877 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2878 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2880 if (crypto_pk_write_public_key_to_string(private_key
, &identity_pkey
,
2881 &identity_pkey_len
)<0) {
2882 log_warn(LD_BUG
,"Writing public key to string failed.");
2886 if (crypto_pk_get_fingerprint(private_key
, fingerprint
, 0)<0) {
2887 log_err(LD_BUG
, "Error computing fingerprint");
2891 contact
= options
->ContactInfo
;
2896 size_t v_len
= 64+strlen(client_versions
)+strlen(server_versions
);
2897 version_lines
= tor_malloc(v_len
);
2898 tor_snprintf(version_lines
, v_len
,
2899 "client-versions %s\nserver-versions %s\n",
2900 client_versions
, server_versions
);
2902 version_lines
= tor_strdup("");
2905 len
= 4096+strlen(client_versions
)+strlen(server_versions
);
2906 len
+= identity_pkey_len
*2;
2907 len
+= (RS_ENTRY_LEN
)*smartlist_len(rl
->routers
);
2909 status
= tor_malloc(len
);
2910 tor_snprintf(status
, len
,
2911 "network-status-version 2\n"
2912 "dir-source %s %s %d\n"
2916 "dir-options%s%s%s%s\n"
2917 "%s" /* client version line, server version line. */
2918 "dir-signing-key\n%s",
2919 hostname
, fmt_addr32(addr
),
2920 (int)router_get_advertised_dir_port(options
, 0),
2924 naming
? " Names" : "",
2925 listbaddirs
? " BadDirectories" : "",
2926 listbadexits
? " BadExits" : "",
2927 versioning
? " Versions" : "",
2930 outp
= status
+ strlen(status
);
2931 endp
= status
+ len
;
2933 /* precompute this part, since we need it to decide what "stable"
2935 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2936 dirserv_set_router_is_running(ri
, now
);
2939 dirserv_compute_performance_thresholds(rl
);
2941 routers
= smartlist_create();
2942 smartlist_add_all(routers
, rl
->routers
);
2943 routers_sort_by_identity(routers
);
2945 omit_as_sybil
= get_possible_sybil_list(routers
);
2947 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
, {
2948 if (ri
->cache_info
.published_on
>= cutoff
) {
2950 char *version
= version_from_platform(ri
->platform
);
2951 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2956 set_routerstatus_from_routerinfo(&rs
, node
, ri
, now
,
2957 naming
, listbadexits
, listbaddirs
,
2960 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2961 clear_status_flags_on_sybil(&rs
);
2963 if (routerstatus_format_entry(outp
, endp
-outp
, &rs
, version
, NS_V2
)) {
2964 log_warn(LD_BUG
, "Unable to print router status.");
2969 outp
+= strlen(outp
);
2973 if (tor_snprintf(outp
, endp
-outp
, "directory-signature %s\n",
2974 options
->Nickname
)<0) {
2975 log_warn(LD_BUG
, "Unable to write signature line.");
2978 if (router_get_networkstatus_v2_hash(status
, digest
)<0) {
2979 log_warn(LD_BUG
, "Unable to hash network status");
2982 outp
+= strlen(outp
);
2984 note_crypto_pk_op(SIGN_DIR
);
2985 if (router_append_dirobj_signature(outp
,endp
-outp
,digest
,DIGEST_LEN
,
2987 log_warn(LD_BUG
, "Unable to sign router status.");
2992 networkstatus_v2_t
*ns
;
2993 if (!(ns
= networkstatus_v2_parse_from_string(status
))) {
2994 log_err(LD_BUG
,"Generated a networkstatus we couldn't parse.");
2997 networkstatus_v2_free(ns
);
3001 cached_dir_t
**ns_ptr
= &the_v2_networkstatus
;
3003 cached_dir_decref(*ns_ptr
);
3004 *ns_ptr
= new_cached_dir(status
, now
);
3005 status
= NULL
; /* So it doesn't get double-freed. */
3006 the_v2_networkstatus_is_dirty
= 0;
3007 router_set_networkstatus_v2((*ns_ptr
)->dir
, now
, NS_GENERATED
, NULL
);
3012 tor_free(client_versions
);
3013 tor_free(server_versions
);
3014 tor_free(version_lines
);
3017 tor_free(identity_pkey
);
3018 smartlist_free(routers
);
3019 digestmap_free(omit_as_sybil
, NULL
);
3023 /** Given the portion of a networkstatus request URL after "tor/status/" in
3024 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
3025 * networkstatus objects that the client has requested. */
3027 dirserv_get_networkstatus_v2_fingerprints(smartlist_t
*result
,
3032 if (!cached_v2_networkstatus
)
3033 cached_v2_networkstatus
= digestmap_new();
3035 if (should_generate_v2_networkstatus())
3036 generate_v2_networkstatus_opinion();
3038 if (!strcmp(key
,"authority")) {
3039 if (authdir_mode_v2(get_options())) {
3040 const routerinfo_t
*me
= router_get_my_routerinfo();
3042 smartlist_add(result
,
3043 tor_memdup(me
->cache_info
.identity_digest
, DIGEST_LEN
));
3045 } else if (!strcmp(key
, "all")) {
3046 if (digestmap_size(cached_v2_networkstatus
)) {
3047 digestmap_iter_t
*iter
;
3048 iter
= digestmap_iter_init(cached_v2_networkstatus
);
3049 while (!digestmap_iter_done(iter
)) {
3052 digestmap_iter_get(iter
, &ident
, &val
);
3053 smartlist_add(result
, tor_memdup(ident
, DIGEST_LEN
));
3054 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
);
3057 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
3058 trusted_dir_server_t
*, ds
,
3059 if (ds
->type
& V2_DIRINFO
)
3060 smartlist_add(result
, tor_memdup(ds
->digest
, DIGEST_LEN
)));
3062 smartlist_sort_digests(result
);
3063 if (smartlist_len(result
) == 0)
3064 log_info(LD_DIRSERV
,
3065 "Client requested 'all' network status objects; we have none.");
3066 } else if (!strcmpstart(key
, "fp/")) {
3067 dir_split_resource_into_fingerprints(key
+3, result
, NULL
,
3068 DSR_HEX
|DSR_SORT_UNIQ
);
3072 /** Look for a network status object as specified by <b>key</b>, which should
3073 * be either "authority" (to find a network status generated by us), a hex
3074 * identity digest (to find a network status generated by given directory), or
3075 * "all" (to return all the v2 network status objects we have).
3078 dirserv_get_networkstatus_v2(smartlist_t
*result
,
3081 cached_dir_t
*cached
;
3082 smartlist_t
*fingerprints
= smartlist_create();
3085 if (!cached_v2_networkstatus
)
3086 cached_v2_networkstatus
= digestmap_new();
3088 dirserv_get_networkstatus_v2_fingerprints(fingerprints
, key
);
3089 SMARTLIST_FOREACH(fingerprints
, const char *, fp
,
3091 if (router_digest_is_me(fp
) && should_generate_v2_networkstatus())
3092 generate_v2_networkstatus_opinion();
3093 cached
= digestmap_get(cached_v2_networkstatus
, fp
);
3095 smartlist_add(result
, cached
);
3097 char hexbuf
[HEX_DIGEST_LEN
+1];
3098 base16_encode(hexbuf
, sizeof(hexbuf
), fp
, DIGEST_LEN
);
3099 log_info(LD_DIRSERV
, "Don't know about any network status with "
3100 "fingerprint '%s'", hexbuf
);
3103 SMARTLIST_FOREACH(fingerprints
, char *, cp
, tor_free(cp
));
3104 smartlist_free(fingerprints
);
3107 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3108 * pointers, adds copies of digests to fps_out, and doesn't use the
3109 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3110 * requests, adds identity digests.
3113 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
3114 const char **msg
, int for_unencrypted_conn
,
3120 if (!strcmp(key
, "all")) {
3121 routerlist_t
*rl
= router_get_routerlist();
3122 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3123 smartlist_add(fps_out
,
3124 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
3125 /* Treat "all" requests as if they were unencrypted */
3126 for_unencrypted_conn
= 1;
3127 } else if (!strcmp(key
, "authority")) {
3128 const routerinfo_t
*ri
= router_get_my_routerinfo();
3130 smartlist_add(fps_out
,
3131 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
3132 } else if (!strcmpstart(key
, "d/")) {
3134 key
+= strlen("d/");
3135 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3136 DSR_HEX
|DSR_SORT_UNIQ
);
3137 } else if (!strcmpstart(key
, "fp/")) {
3138 key
+= strlen("fp/");
3139 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3140 DSR_HEX
|DSR_SORT_UNIQ
);
3142 *msg
= "Key not recognized";
3146 if (for_unencrypted_conn
) {
3147 /* Remove anything that insists it not be sent unencrypted. */
3148 SMARTLIST_FOREACH_BEGIN(fps_out
, char *, cp
) {
3149 const signed_descriptor_t
*sd
;
3151 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
3152 else if (is_extrainfo
)
3153 sd
= extrainfo_get_by_descriptor_digest(cp
);
3155 sd
= router_get_by_descriptor_digest(cp
);
3156 if (sd
&& !sd
->send_unencrypted
) {
3158 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
3160 } SMARTLIST_FOREACH_END(cp
);
3163 if (!smartlist_len(fps_out
)) {
3164 *msg
= "Servers unavailable";
3170 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3171 * <b>key</b>. The key should be either
3172 * - "/tor/server/authority" for our own routerinfo;
3173 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3174 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3175 * hex identity digests; or
3176 * - "/tor/server/d/D" where D is a plus-separated sequence
3177 * of server descriptor digests, in hex.
3179 * Return 0 if we found some matching descriptors, or -1 if we do not
3180 * have any descriptors, no matching descriptors, or if we did not
3181 * recognize the key (URL).
3182 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3185 * XXXX rename this function. It's only called from the controller.
3186 * XXXX in fact, refactor this function, merging as much as possible.
3189 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3194 if (!strcmp(key
, "/tor/server/all")) {
3195 routerlist_t
*rl
= router_get_routerlist();
3196 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3197 smartlist_add(descs_out
, &(r
->cache_info
)));
3198 } else if (!strcmp(key
, "/tor/server/authority")) {
3199 const routerinfo_t
*ri
= router_get_my_routerinfo();
3201 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3202 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3203 smartlist_t
*digests
= smartlist_create();
3204 key
+= strlen("/tor/server/d/");
3205 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3206 DSR_HEX
|DSR_SORT_UNIQ
);
3207 SMARTLIST_FOREACH(digests
, const char *, d
,
3209 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3211 smartlist_add(descs_out
,sd
);
3213 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3214 smartlist_free(digests
);
3215 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3216 smartlist_t
*digests
= smartlist_create();
3217 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3218 key
+= strlen("/tor/server/fp/");
3219 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3220 DSR_HEX
|DSR_SORT_UNIQ
);
3221 SMARTLIST_FOREACH(digests
, const char *, d
,
3223 if (router_digest_is_me(d
)) {
3224 /* make sure desc_routerinfo exists */
3225 const routerinfo_t
*ri
= router_get_my_routerinfo();
3227 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3229 const routerinfo_t
*ri
= router_get_by_id_digest(d
);
3230 /* Don't actually serve a descriptor that everyone will think is
3231 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3232 * Tors from downloading descriptors that they will throw away.
3234 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3235 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3238 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3239 smartlist_free(digests
);
3241 *msg
= "Key not recognized";
3245 if (!smartlist_len(descs_out
)) {
3246 *msg
= "Servers unavailable";
3252 /** Called when a TLS handshake has completed successfully with a
3253 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3254 * a certificate with digest <b>digest_rcvd</b>.
3256 * Also, if as_advertised is 1, then inform the reachability checker
3257 * that we could get to this guy.
3260 dirserv_orconn_tls_done(const char *address
,
3262 const char *digest_rcvd
,
3265 routerlist_t
*rl
= router_get_routerlist();
3266 time_t now
= time(NULL
);
3267 int bridge_auth
= authdir_mode_bridge(get_options());
3268 tor_assert(address
);
3269 tor_assert(digest_rcvd
);
3271 /* XXX023 Doing a loop like this is stupid. We should just look up the
3272 * router by digest_rcvd, and see if address, orport, and as_advertised
3274 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, ri
) {
3275 if (!strcasecmp(address
, ri
->address
) && or_port
== ri
->or_port
&&
3277 fast_memeq(ri
->cache_info
.identity_digest
, digest_rcvd
, DIGEST_LEN
)) {
3278 /* correct digest. mark this router reachable! */
3279 if (!bridge_auth
|| ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3280 tor_addr_t addr
, *addrp
=NULL
;
3281 log_info(LD_DIRSERV
, "Found router %s to be reachable at %s:%d. Yay.",
3282 router_describe(ri
),
3283 address
, ri
->or_port
);
3284 if (tor_addr_parse(&addr
, ri
->address
) != -1)
3287 log_warn(LD_BUG
, "Couldn't parse IP address \"%s\"", ri
->address
);
3288 rep_hist_note_router_reachable(digest_rcvd
, addrp
, or_port
, now
);
3289 ri
->last_reachable
= now
;
3292 } SMARTLIST_FOREACH_END(ri
);
3293 /* FFFF Maybe we should reinstate the code that dumps routers with the same
3294 * addr/port but with nonmatching keys, but instead of dumping, we should
3298 /** Called when we, as an authority, receive a new router descriptor either as
3299 * an upload or a download. Used to decide whether to relaunch reachability
3300 * testing for the server. */
3302 dirserv_should_launch_reachability_test(const routerinfo_t
*ri
,
3303 const routerinfo_t
*ri_old
)
3305 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3308 /* New router: Launch an immediate reachability test, so we will have an
3309 * opinion soon in case we're generating a consensus soon */
3312 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3313 /* It just came out of hibernation; launch a reachability test */
3316 if (! routers_have_same_or_addr(ri
, ri_old
)) {
3317 /* Address or port changed; launch a reachability test */
3323 /** Helper function for dirserv_test_reachability(). Start a TLS
3324 * connection to <b>router</b>, and annotate it with when we started
3327 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3329 tor_addr_t router_addr
;
3330 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3331 router
->nickname
, router
->address
, router
->or_port
);
3332 /* Remember when we started trying to determine reachability */
3333 if (!router
->testing_since
)
3334 router
->testing_since
= now
;
3335 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3336 connection_or_connect(&router_addr
, router
->or_port
,
3337 router
->cache_info
.identity_digest
);
3340 /** Auth dir server only: load balance such that we only
3341 * try a few connections per call.
3343 * The load balancing is such that if we get called once every ten
3344 * seconds, we will cycle through all the tests in
3345 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3348 dirserv_test_reachability(time_t now
)
3350 /* XXX decide what to do here; see or-talk thread "purging old router
3351 * information, revocation." -NM
3352 * We can't afford to mess with this in 0.1.2.x. The reason is that
3353 * if we stop doing reachability tests on some of routerlist, then
3354 * we'll for-sure think they're down, which may have unexpected
3355 * effects in other parts of the code. It doesn't hurt much to do
3356 * the testing, and directory authorities are easy to upgrade. Let's
3357 * wait til 0.2.0. -RD */
3358 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3359 routerlist_t
*rl
= router_get_routerlist();
3360 static char ctr
= 0;
3361 int bridge_auth
= authdir_mode_bridge(get_options());
3363 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3364 const char *id_digest
= router
->cache_info
.identity_digest
;
3365 if (router_is_me(router
))
3367 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3368 continue; /* bridge authorities only test reachability on bridges */
3369 // if (router->cache_info.published_on > cutoff)
3371 if ((((uint8_t)id_digest
[0]) % REACHABILITY_MODULO_PER_TEST
) == ctr
) {
3372 dirserv_single_reachability_test(now
, router
);
3374 } SMARTLIST_FOREACH_END(router
);
3375 ctr
= (ctr
+ 1) % REACHABILITY_MODULO_PER_TEST
; /* increment ctr */
3378 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3379 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3380 * flavor name if we want a flavored v3 status, return a pointer to the
3381 * appropriate cached dir object, or NULL if there isn't one available. */
3382 static cached_dir_t
*
3383 lookup_cached_dir_by_fp(const char *fp
)
3385 cached_dir_t
*d
= NULL
;
3386 if (tor_digest_is_zero(fp
) && cached_consensuses
)
3387 d
= strmap_get(cached_consensuses
, "ns");
3388 else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
&&
3389 (d
= strmap_get(cached_consensuses
, fp
))) {
3390 /* this here interface is a nasty hack XXXX023 */;
3391 } else if (router_digest_is_me(fp
) && the_v2_networkstatus
)
3392 d
= the_v2_networkstatus
;
3393 else if (cached_v2_networkstatus
)
3394 d
= digestmap_get(cached_v2_networkstatus
, fp
);
3398 /** Remove from <b>fps</b> every networkstatus key where both
3399 * a) we have a networkstatus document and
3400 * b) it is not newer than <b>cutoff</b>.
3402 * Return 1 if any items were present at all; else return 0.
3405 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
3408 SMARTLIST_FOREACH(fps
, char *, digest
,
3410 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
3414 if (d
->published
<= cutoff
) {
3416 SMARTLIST_DEL_CURRENT(fps
, digest
);
3423 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3424 * its extra-info document if <b>extrainfo</b> is true. Return
3425 * NULL if not found or if the descriptor is older than
3426 * <b>publish_cutoff</b>. */
3427 static const signed_descriptor_t
*
3428 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
3429 time_t publish_cutoff
)
3431 if (router_digest_is_me(fp
)) {
3433 return &(router_get_my_extrainfo()->cache_info
);
3435 return &(router_get_my_routerinfo()->cache_info
);
3437 const routerinfo_t
*ri
= router_get_by_id_digest(fp
);
3439 ri
->cache_info
.published_on
> publish_cutoff
) {
3441 return extrainfo_get_by_descriptor_digest(
3442 ri
->cache_info
.extra_info_digest
);
3444 return &ri
->cache_info
;
3450 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3451 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3452 * decide whether to send a 404. */
3454 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
3456 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3457 SMARTLIST_FOREACH(fps
, const char *, fp
, {
3460 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3461 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
3463 case DIR_SPOOL_SERVER_BY_DIGEST
:
3464 if (router_get_by_descriptor_digest(fp
)) return 1;
3466 case DIR_SPOOL_EXTRA_BY_FP
:
3467 case DIR_SPOOL_SERVER_BY_FP
:
3468 if (get_signed_descriptor_by_fp(fp
,
3469 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3477 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3478 * a microdescriptor we have. */
3480 dirserv_have_any_microdesc(const smartlist_t
*fps
)
3482 microdesc_cache_t
*cache
= get_microdesc_cache();
3483 SMARTLIST_FOREACH(fps
, const char *, fp
,
3484 if (microdesc_cache_lookup_by_digest256(cache
, fp
))
3489 /** Return an approximate estimate of the number of bytes that will
3490 * be needed to transmit the server descriptors (if is_serverdescs --
3491 * they can be either d/ or fp/ queries) or networkstatus objects (if
3492 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3493 * we guess how large the data will be after compression.
3495 * The return value is an estimate; it might be larger or smaller.
3498 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3503 if (is_serverdescs
) {
3504 int n
= smartlist_len(fps
);
3505 const routerinfo_t
*me
= router_get_my_routerinfo();
3506 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3508 result
/= 2; /* observed compressibility is between 35 and 55%. */
3511 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3512 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3514 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3520 /** Given a list of microdescriptor hashes, guess how many bytes will be
3521 * needed to transmit them, and return the guess. */
3523 dirserv_estimate_microdesc_size(const smartlist_t
*fps
, int compressed
)
3525 size_t result
= smartlist_len(fps
) * microdesc_average_size(NULL
);
3531 /** When we're spooling data onto our outbuf, add more whenever we dip
3532 * below this threshold. */
3533 #define DIRSERV_BUFFER_MIN 16384
3535 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3536 * Flushes any remaining data to be (un)compressed, and changes the spool
3537 * source to NONE. Returns 0 on success, negative on failure. */
3539 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3541 if (conn
->zlib_state
) {
3542 connection_write_to_buf_zlib("", 0, conn
, 1);
3543 tor_zlib_free(conn
->zlib_state
);
3544 conn
->zlib_state
= NULL
;
3546 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3550 /** Spooling helper: called when we're sending a bunch of server descriptors,
3551 * and the outbuf has become too empty. Pulls some entries from
3552 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3553 * run out of entries, flushes the zlib state and sets the spool source to
3554 * NONE. Returns 0 on success, negative on failure.
3557 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3559 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3560 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3561 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3562 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3563 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3565 const or_options_t
*options
= get_options();
3567 while (smartlist_len(conn
->fingerprint_stack
) &&
3568 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3570 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3571 const signed_descriptor_t
*sd
= NULL
;
3573 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3575 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3576 : router_get_by_descriptor_digest(fp
);
3581 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3582 /* we did this check once before (so we could have an accurate size
3583 * estimate and maybe send a 404 if somebody asked for only bridges on a
3584 * connection), but we need to do it again in case a previously
3585 * unknown bridge descriptor has shown up between then and now. */
3589 /** If we are the bridge authority and the descriptor is a bridge
3590 * descriptor, remember that we served this descriptor for desc stats. */
3591 if (options
->BridgeAuthoritativeDir
&& by_fp
) {
3592 const routerinfo_t
*router
=
3593 router_get_by_id_digest(sd
->identity_digest
);
3594 /* router can be NULL here when the bridge auth is asked for its own
3596 if (router
&& router
->purpose
== ROUTER_PURPOSE_BRIDGE
)
3597 rep_hist_note_desc_served(sd
->identity_digest
);
3599 body
= signed_descriptor_get_body(sd
);
3600 if (conn
->zlib_state
) {
3601 /* XXXX022 This 'last' business should actually happen on the last
3602 * routerinfo, not on the last fingerprint. */
3603 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3604 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3607 tor_zlib_free(conn
->zlib_state
);
3608 conn
->zlib_state
= NULL
;
3611 connection_write_to_buf(body
,
3612 sd
->signed_descriptor_len
,
3617 if (!smartlist_len(conn
->fingerprint_stack
)) {
3618 /* We just wrote the last one; finish up. */
3619 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3620 smartlist_free(conn
->fingerprint_stack
);
3621 conn
->fingerprint_stack
= NULL
;
3626 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3627 * and the outbuf has become too empty. Pulls some entries from
3628 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3629 * we run out of entries, flushes the zlib state and sets the spool source to
3630 * NONE. Returns 0 on success, negative on failure.
3633 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t
*conn
)
3635 microdesc_cache_t
*cache
= get_microdesc_cache();
3636 while (smartlist_len(conn
->fingerprint_stack
) &&
3637 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3638 char *fp256
= smartlist_pop_last(conn
->fingerprint_stack
);
3639 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(cache
, fp256
);
3643 if (conn
->zlib_state
) {
3644 /* XXXX022 This 'last' business should actually happen on the last
3645 * routerinfo, not on the last fingerprint. */
3646 int last
= !smartlist_len(conn
->fingerprint_stack
);
3647 connection_write_to_buf_zlib(md
->body
, md
->bodylen
, conn
, last
);
3649 tor_zlib_free(conn
->zlib_state
);
3650 conn
->zlib_state
= NULL
;
3653 connection_write_to_buf(md
->body
, md
->bodylen
, TO_CONN(conn
));
3656 if (!smartlist_len(conn
->fingerprint_stack
)) {
3657 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3658 smartlist_free(conn
->fingerprint_stack
);
3659 conn
->fingerprint_stack
= NULL
;
3664 /** Spooling helper: Called when we're sending a directory or networkstatus,
3665 * and the outbuf has become too empty. Pulls some bytes from
3666 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3667 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3668 * and sets the spool source to NONE. Returns 0 on success, negative on
3671 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3676 bytes
= DIRSERV_BUFFER_MIN
- connection_get_outbuf_len(TO_CONN(conn
));
3677 tor_assert(bytes
> 0);
3678 tor_assert(conn
->cached_dir
);
3681 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3682 if (bytes
> remaining
)
3683 bytes
= (ssize_t
) remaining
;
3685 if (conn
->zlib_state
) {
3686 connection_write_to_buf_zlib(
3687 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3688 bytes
, conn
, bytes
== remaining
);
3690 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3691 bytes
, TO_CONN(conn
));
3693 conn
->cached_dir_offset
+= bytes
;
3694 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3695 /* We just wrote the last one; finish up. */
3696 connection_dirserv_finish_spooling(conn
);
3697 cached_dir_decref(conn
->cached_dir
);
3698 conn
->cached_dir
= NULL
;
3703 /** Spooling helper: Called when we're spooling networkstatus objects on
3704 * <b>conn</b>, and the outbuf has become too empty. If the current
3705 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3706 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3707 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3708 * treated as a request for the current consensus.) If we run out of entries,
3709 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3710 * success, negative on failure. */
3712 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3715 while (connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3716 if (conn
->cached_dir
) {
3717 int uncompressing
= (conn
->zlib_state
!= NULL
);
3718 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3719 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3720 /* add_dir_bytes thinks we're done with the cached_dir. But we
3721 * may have more cached_dirs! */
3722 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3723 /* This bit is tricky. If we were uncompressing the last
3724 * networkstatus, we may need to make a new zlib object to
3725 * uncompress the next one. */
3726 if (uncompressing
&& ! conn
->zlib_state
&&
3727 conn
->fingerprint_stack
&&
3728 smartlist_len(conn
->fingerprint_stack
)) {
3729 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
);
3733 } else if (conn
->fingerprint_stack
&&
3734 smartlist_len(conn
->fingerprint_stack
)) {
3735 /* Add another networkstatus; start serving it. */
3736 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3737 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3741 conn
->cached_dir
= d
;
3742 conn
->cached_dir_offset
= 0;
3745 connection_dirserv_finish_spooling(conn
);
3746 smartlist_free(conn
->fingerprint_stack
);
3747 conn
->fingerprint_stack
= NULL
;
3754 /** Called whenever we have flushed some directory data in state
3755 * SERVER_WRITING. */
3757 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3759 tor_assert(conn
->_base
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3761 if (connection_get_outbuf_len(TO_CONN(conn
)) >= DIRSERV_BUFFER_MIN
)
3764 switch (conn
->dir_spool_src
) {
3765 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3766 case DIR_SPOOL_EXTRA_BY_FP
:
3767 case DIR_SPOOL_SERVER_BY_DIGEST
:
3768 case DIR_SPOOL_SERVER_BY_FP
:
3769 return connection_dirserv_add_servers_to_outbuf(conn
);
3770 case DIR_SPOOL_MICRODESC
:
3771 return connection_dirserv_add_microdescs_to_outbuf(conn
);
3772 case DIR_SPOOL_CACHED_DIR
:
3773 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3774 case DIR_SPOOL_NETWORKSTATUS
:
3775 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3776 case DIR_SPOOL_NONE
:
3782 /** Release all storage used by the directory server. */
3784 dirserv_free_all(void)
3786 dirserv_free_fingerprint_list();
3788 cached_dir_decref(the_directory
);
3789 clear_cached_dir(&the_runningrouters
);
3790 cached_dir_decref(the_v2_networkstatus
);
3791 cached_dir_decref(cached_directory
);
3792 clear_cached_dir(&cached_runningrouters
);
3794 digestmap_free(cached_v2_networkstatus
, _free_cached_dir
);
3795 cached_v2_networkstatus
= NULL
;
3796 strmap_free(cached_consensuses
, _free_cached_dir
);
3797 cached_consensuses
= NULL
;