search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix a compile warning on 64bit OS X
[tor.git] / src / or / dirserv.c
blobbe62459b163fa6d230edb7b41b7ec060bca05bef
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define DIRSERV_PRIVATE
7 #include "or.h"
8 #include "buffers.h"
9 #include "config.h"
10 #include "connection.h"
11 #include "connection_or.h"
12 #include "control.h"
13 #include "directory.h"
14 #include "dirserv.h"
15 #include "dirvote.h"
16 #include "hibernate.h"
17 #include "microdesc.h"
18 #include "networkstatus.h"
19 #include "nodelist.h"
20 #include "policies.h"
21 #include "rephist.h"
22 #include "router.h"
23 #include "routerlist.h"
24 #include "routerparse.h"
25
26 /**
27 * \file dirserv.c
28 * \brief Directory server core implementation. Manages directory
29 * contents and generates directories.
30 */
31
32 /** How far in the future do we allow a router to get? (seconds) */
33 #define ROUTER_ALLOW_SKEW (60*60*12)
34 /** How many seconds do we wait before regenerating the directory? */
35 #define DIR_REGEN_SLACK_TIME 30
36 /** If we're a cache, keep this many networkstatuses around from non-trusted
37 * directory authorities. */
38 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
39
40 /** If a v1 directory is older than this, discard it. */
41 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
42 /** If a v1 running-routers is older than this, discard it. */
43 #define MAX_V1_RR_AGE (7*24*60*60)
44
45 extern time_t time_of_process_start; /* from main.c */
46
47 extern long stats_n_seconds_working; /* from main.c */
48
49 /** Do we need to regenerate the v1 directory when someone asks for it? */
50 static time_t the_directory_is_dirty = 1;
51 /** Do we need to regenerate the v1 runningrouters document when somebody
52 * asks for it? */
53 static time_t runningrouters_is_dirty = 1;
54 /** Do we need to regenerate our v2 networkstatus document when somebody asks
55 * for it? */
56 static time_t the_v2_networkstatus_is_dirty = 1;
57
58 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
59 * only.) */
60 static cached_dir_t *the_directory = NULL;
61
62 /** For authoritative directories: the current (v1) network status. */
63 static cached_dir_t the_runningrouters;
64
65 static void directory_remove_invalid(void);
66 static cached_dir_t *dirserv_regenerate_directory(void);
67 static char *format_versions_list(config_line_t *ln);
68 struct authdir_config_t;
69 static int add_fingerprint_to_dir(const char *nickname, const char *fp,
70 struct authdir_config_t *list);
71 static uint32_t
72 dirserv_get_status_impl(const char *fp, const char *nickname,
73 const char *address,
74 uint32_t addr, uint16_t or_port,
75 const char *platform, const char *contact,
76 const char **msg, int should_log);
77 static void clear_cached_dir(cached_dir_t *d);
78 static const signed_descriptor_t *get_signed_descriptor_by_fp(
79 const char *fp,
80 int extrainfo,
81 time_t publish_cutoff);
82 static int dirserv_add_extrainfo(extrainfo_t *ei, const char **msg);
83
84 /************** Measured Bandwidth parsing code ******/
85 #define MAX_MEASUREMENT_AGE (3*24*60*60) /* 3 days */
86
87 /************** Fingerprint handling code ************/
88
89 #define FP_NAMED 1 /**< Listed in fingerprint file. */
90 #define FP_INVALID 2 /**< Believed invalid. */
91 #define FP_REJECT 4 /**< We will not publish this router. */
92 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
93 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
94 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
95
96 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
97 * map. */
98 typedef struct router_status_t {
99 char nickname[MAX_NICKNAME_LEN+1];
100 uint32_t status;
101 } router_status_t;
102
103 /** List of nickname-\>identity fingerprint mappings for all the routers
104 * that we name. Used to prevent router impersonation. */
105 typedef struct authdir_config_t {
106 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
107 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
108 } authdir_config_t;
109
110 /** Should be static; exposed for testing. */
111 static authdir_config_t *fingerprint_list = NULL;
112
113 /** Allocate and return a new, empty, authdir_config_t. */
114 static authdir_config_t *
115 authdir_config_new(void)
116 {
117 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
118 list->fp_by_name = strmap_new();
119 list->status_by_digest = digestmap_new();
120 return list;
121 }
122
123 /** Add the fingerprint <b>fp</b> for <b>nickname</b> to
124 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
125 * new, or 1 if we replaced the old value.
126 */
127 /* static */ int
128 add_fingerprint_to_dir(const char *nickname, const char *fp,
129 authdir_config_t *list)
130 {
131 char *fingerprint;
132 char d[DIGEST_LEN];
133 router_status_t *status;
134 tor_assert(nickname);
135 tor_assert(fp);
136 tor_assert(list);
137
138 fingerprint = tor_strdup(fp);
139 tor_strstrip(fingerprint, " ");
140 if (base16_decode(d, DIGEST_LEN, fingerprint, strlen(fingerprint))) {
141 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
142 escaped(fp));
143 tor_free(fingerprint);
144 return 0;
145 }
146
147 if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
148 log_warn(LD_DIRSERV, "Tried to add a mapping for reserved nickname %s",
149 UNNAMED_ROUTER_NICKNAME);
150 tor_free(fingerprint);
151 return 0;
152 }
153
154 status = digestmap_get(list->status_by_digest, d);
155 if (!status) {
156 status = tor_malloc_zero(sizeof(router_status_t));
157 digestmap_set(list->status_by_digest, d, status);
158 }
159
160 if (nickname[0] != '!') {
161 char *old_fp = strmap_get_lc(list->fp_by_name, nickname);
162 if (old_fp && !strcasecmp(fingerprint, old_fp)) {
163 tor_free(fingerprint);
164 } else {
165 tor_free(old_fp);
166 strmap_set_lc(list->fp_by_name, nickname, fingerprint);
167 }
168 status->status |= FP_NAMED;
169 strlcpy(status->nickname, nickname, sizeof(status->nickname));
170 } else {
171 tor_free(fingerprint);
172 if (!strcasecmp(nickname, "!reject")) {
173 status->status |= FP_REJECT;
174 } else if (!strcasecmp(nickname, "!invalid")) {
175 status->status |= FP_INVALID;
176 } else if (!strcasecmp(nickname, "!baddir")) {
177 status->status |= FP_BADDIR;
178 } else if (!strcasecmp(nickname, "!badexit")) {
179 status->status |= FP_BADEXIT;
180 }
181 }
182 return 0;
183 }
184
185 /** Add the nickname and fingerprint for this OR to the
186 * global list of recognized identity key fingerprints. */
187 int
188 dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk)
189 {
190 char fp[FINGERPRINT_LEN+1];
191 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
192 log_err(LD_BUG, "Error computing fingerprint");
193 return -1;
194 }
195 if (!fingerprint_list)
196 fingerprint_list = authdir_config_new();
197 add_fingerprint_to_dir(nickname, fp, fingerprint_list);
198 return 0;
199 }
200
201 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
202 * file. The file format is line-based, with each non-blank holding one
203 * nickname, some space, and a fingerprint for that nickname. On success,
204 * replace the current fingerprint list with the new list and return 0. On
205 * failure, leave the current fingerprint list untouched, and return -1. */
206 int
207 dirserv_load_fingerprint_file(void)
208 {
209 char *fname;
210 char *cf;
211 char *nickname, *fingerprint;
212 authdir_config_t *fingerprint_list_new;
213 int result;
214 config_line_t *front=NULL, *list;
215 const or_options_t *options = get_options();
216
217 fname = get_datadir_fname("approved-routers");
218 log_info(LD_GENERAL,
219 "Reloading approved fingerprints from \"%s\"...", fname);
220
221 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
222 if (!cf) {
223 if (options->NamingAuthoritativeDir) {
224 log_warn(LD_FS, "Cannot open fingerprint file '%s'. Failing.", fname);
225 tor_free(fname);
226 return -1;
227 } else {
228 log_info(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
229 tor_free(fname);
230 return 0;
231 }
232 }
233 tor_free(fname);
234
235 result = config_get_lines(cf, &front);
236 tor_free(cf);
237 if (result < 0) {
238 log_warn(LD_CONFIG, "Error reading from fingerprint file");
239 return -1;
240 }
241
242 fingerprint_list_new = authdir_config_new();
243
244 for (list=front; list; list=list->next) {
245 char digest_tmp[DIGEST_LEN];
246 nickname = list->key; fingerprint = list->value;
247 if (strlen(nickname) > MAX_NICKNAME_LEN) {
248 log_notice(LD_CONFIG,
249 "Nickname '%s' too long in fingerprint file. Skipping.",
250 nickname);
251 continue;
252 }
253 if (!is_legal_nickname(nickname) &&
254 strcasecmp(nickname, "!reject") &&
255 strcasecmp(nickname, "!invalid") &&
256 strcasecmp(nickname, "!badexit")) {
257 log_notice(LD_CONFIG,
258 "Invalid nickname '%s' in fingerprint file. Skipping.",
259 nickname);
260 continue;
261 }
262 tor_strstrip(fingerprint, " "); /* remove spaces */
263 if (strlen(fingerprint) != HEX_DIGEST_LEN ||
264 base16_decode(digest_tmp, sizeof(digest_tmp),
265 fingerprint, HEX_DIGEST_LEN) < 0) {
266 log_notice(LD_CONFIG,
267 "Invalid fingerprint (nickname '%s', "
268 "fingerprint %s). Skipping.",
269 nickname, fingerprint);
270 continue;
271 }
272 if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
273 /* If you approved an OR called "client", then clients who use
274 * the default nickname could all be rejected. That's no good. */
275 log_notice(LD_CONFIG,
276 "Authorizing nickname '%s' would break "
277 "many clients; skipping.",
278 DEFAULT_CLIENT_NICKNAME);
279 continue;
280 }
281 if (0==strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
282 /* If you approved an OR called "unnamed", then clients will be
283 * confused. */
284 log_notice(LD_CONFIG,
285 "Authorizing nickname '%s' is not allowed; skipping.",
286 UNNAMED_ROUTER_NICKNAME);
287 continue;
288 }
289 if (add_fingerprint_to_dir(nickname, fingerprint, fingerprint_list_new)
290 != 0)
291 log_notice(LD_CONFIG, "Duplicate nickname '%s'.", nickname);
292 }
293
294 config_free_lines(front);
295 dirserv_free_fingerprint_list();
296 fingerprint_list = fingerprint_list_new;
297 /* Delete any routers whose fingerprints we no longer recognize */
298 directory_remove_invalid();
299 return 0;
300 }
301
302 /** Check whether <b>router</b> has a nickname/identity key combination that
303 * we recognize from the fingerprint list, or an IP we automatically act on
304 * according to our configuration. Return the appropriate router status.
305 *
306 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
307 * *<b>msg</b> to an explanation of why. */
308 uint32_t
309 dirserv_router_get_status(const routerinfo_t *router, const char **msg)
310 {
311 char d[DIGEST_LEN];
312
313 if (crypto_pk_get_digest(router->identity_pkey, d)) {
314 log_warn(LD_BUG,"Error computing fingerprint");
315 if (msg)
316 *msg = "Bug: Error computing fingerprint";
317 return FP_REJECT;
318 }
319
320 return dirserv_get_status_impl(d, router->nickname,
321 router->address,
322 router->addr, router->or_port,
323 router->platform, router->contact_info,
324 msg, 1);
325 }
326
327 /** Return true if there is no point in downloading the router described by
328 * <b>rs</b> because this directory would reject it. */
329 int
330 dirserv_would_reject_router(const routerstatus_t *rs)
331 {
332 uint32_t res;
333
334 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
335 "", /* address is only used in logs */
336 rs->addr, rs->or_port,
337 NULL, NULL,
338 NULL, 0);
339
340 return (res & FP_REJECT) != 0;
341 }
342
343 /** Helper: Based only on the ID/Nickname combination,
344 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
345 */
346 static uint32_t
347 dirserv_get_name_status(const char *id_digest, const char *nickname)
348 {
349 char fp[HEX_DIGEST_LEN+1];
350 char *fp_by_name;
351
352 base16_encode(fp, sizeof(fp), id_digest, DIGEST_LEN);
353
354 if ((fp_by_name =
355 strmap_get_lc(fingerprint_list->fp_by_name, nickname))) {
356 if (!strcasecmp(fp, fp_by_name)) {
357 return FP_NAMED;
358 } else {
359 return FP_UNNAMED; /* Wrong fingerprint. */
360 }
361 }
362 return 0;
363 }
364
365 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
366 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
367 * port, platform (logging only) and contact info (logging only) as arguments.
368 *
369 * If should_log is false, do not log messages. (There's not much point in
370 * logging that we're rejecting servers we'll not download.)
371 */
372 static uint32_t
373 dirserv_get_status_impl(const char *id_digest, const char *nickname,
374 const char *address,
375 uint32_t addr, uint16_t or_port,
376 const char *platform, const char *contact,
377 const char **msg, int should_log)
378 {
379 int reject_unlisted = get_options()->AuthDirRejectUnlisted;
380 uint32_t result;
381 router_status_t *status_by_digest;
382
383 if (!fingerprint_list)
384 fingerprint_list = authdir_config_new();
385
386 if (should_log)
387 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
388 strmap_size(fingerprint_list->fp_by_name),
389 digestmap_size(fingerprint_list->status_by_digest));
390
391 /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
392 * directory information. Once more of them die off, we should raise this
393 * minimum. */
394 if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
395 if (msg)
396 *msg = "Tor version is far too old to work.";
397 return FP_REJECT;
398 } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
399 && !tor_version_as_new_as(platform, "0.2.1.19")) {
400 /* These versions mishandled RELAY_EARLY cells on rend circuits. */
401 if (msg)
402 *msg = "Tor version is too buggy to work.";
403 return FP_REJECT;
404 }
405
406 result = dirserv_get_name_status(id_digest, nickname);
407 if (result & FP_NAMED) {
408 if (should_log)
409 log_debug(LD_DIRSERV,"Good fingerprint for '%s'",nickname);
410 }
411 if (result & FP_UNNAMED) {
412 if (should_log) {
413 char *esc_contact = esc_for_log(contact);
414 log_info(LD_DIRSERV,
415 "Mismatched fingerprint for '%s'. "
416 "ContactInfo '%s', platform '%s'.)",
417 nickname,
418 esc_contact,
419 platform ? escaped(platform) : "");
420 tor_free(esc_contact);
421 }
422 if (msg)
423 *msg = "Rejected: There is already a named server with this nickname "
424 "and a different fingerprint.";
425 }
426
427 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
428 id_digest);
429 if (status_by_digest)
430 result |= (status_by_digest->status & ~FP_NAMED);
431
432 if (result & FP_REJECT) {
433 if (msg)
434 *msg = "Fingerprint is marked rejected";
435 return FP_REJECT;
436 } else if (result & FP_INVALID) {
437 if (msg)
438 *msg = "Fingerprint is marked invalid";
439 }
440
441 if (authdir_policy_baddir_address(addr, or_port)) {
442 if (should_log)
443 log_info(LD_DIRSERV,
444 "Marking '%s' as bad directory because of address '%s'",
445 nickname, address);
446 result |= FP_BADDIR;
447 }
448
449 if (authdir_policy_badexit_address(addr, or_port)) {
450 if (should_log)
451 log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
452 nickname, address);
453 result |= FP_BADEXIT;
454 }
455
456 if (!(result & FP_NAMED)) {
457 if (!authdir_policy_permits_address(addr, or_port)) {
458 if (should_log)
459 log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
460 nickname, address);
461 if (msg)
462 *msg = "Authdir is rejecting routers in this range.";
463 return FP_REJECT;
464 }
465 if (!authdir_policy_valid_address(addr, or_port)) {
466 if (should_log)
467 log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
468 nickname, address);
469 result |= FP_INVALID;
470 }
471 if (reject_unlisted) {
472 if (msg)
473 *msg = "Authdir rejects unknown routers.";
474 return FP_REJECT;
475 }
476 }
477
478 return result;
479 }
480
481 /** If we are an authoritative dirserver, and the list of approved
482 * servers contains one whose identity key digest is <b>digest</b>,
483 * return that router's nickname. Otherwise return NULL. */
484 const char *
485 dirserv_get_nickname_by_digest(const char *digest)
486 {
487 router_status_t *status;
488 if (!fingerprint_list)
489 return NULL;
490 tor_assert(digest);
491
492 status = digestmap_get(fingerprint_list->status_by_digest, digest);
493 return status ? status->nickname : NULL;
494 }
495
496 /** Clear the current fingerprint list. */
497 void
498 dirserv_free_fingerprint_list(void)
499 {
500 if (!fingerprint_list)
501 return;
502
503 strmap_free(fingerprint_list->fp_by_name, _tor_free);
504 digestmap_free(fingerprint_list->status_by_digest, _tor_free);
505 tor_free(fingerprint_list);
506 }
507
508 /*
509 * Descriptor list
510 */
511
512 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
513 * unless we're configured to not care. Return 0 if all ok. */
514 static int
515 dirserv_router_has_valid_address(routerinfo_t *ri)
516 {
517 struct in_addr iaddr;
518 if (get_options()->DirAllowPrivateAddresses)
519 return 0; /* whatever it is, we're fine with it */
520 if (!tor_inet_aton(ri->address, &iaddr)) {
521 log_info(LD_DIRSERV,"Router %s published non-IP address '%s'. Refusing.",
522 router_describe(ri),
523 ri->address);
524 return -1;
525 }
526 if (is_internal_IP(ntohl(iaddr.s_addr), 0)) {
527 log_info(LD_DIRSERV,
528 "Router %s published internal IP address '%s'. Refusing.",
529 router_describe(ri), ri->address);
530 return -1; /* it's a private IP, we should reject it */
531 }
532 return 0;
533 }
534
535 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
536 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
537 *
538 * If the router is rejected, set *<b>msg</b> to an explanation of why.
539 *
540 * If <b>complain</b> then explain at log-level 'notice' why we refused
541 * a descriptor; else explain at log-level 'info'.
542 */
543 int
544 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
545 int complain, int *valid_out)
546 {
547 /* Okay. Now check whether the fingerprint is recognized. */
548 uint32_t status = dirserv_router_get_status(ri, msg);
549 time_t now;
550 int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
551 tor_assert(msg);
552 if (status & FP_REJECT)
553 return -1; /* msg is already set. */
554
555 /* Is there too much clock skew? */
556 now = time(NULL);
557 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
558 log_fn(severity, LD_DIRSERV, "Publication time for %s is too "
559 "far (%d minutes) in the future; possible clock skew. Not adding "
560 "(%s)",
561 router_describe(ri),
562 (int)((ri->cache_info.published_on-now)/60),
563 esc_router_info(ri));
564 *msg = "Rejected: Your clock is set too far in the future, or your "
565 "timezone is not correct.";
566 return -1;
567 }
568 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
569 log_fn(severity, LD_DIRSERV,
570 "Publication time for %s is too far "
571 "(%d minutes) in the past. Not adding (%s)",
572 router_describe(ri),
573 (int)((now-ri->cache_info.published_on)/60),
574 esc_router_info(ri));
575 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
576 " or your timezone is not correct.";
577 return -1;
578 }
579 if (dirserv_router_has_valid_address(ri) < 0) {
580 log_fn(severity, LD_DIRSERV,
581 "Router %s has invalid address '%s'. "
582 "Not adding (%s).",
583 router_describe(ri),
584 ri->address,
585 esc_router_info(ri));
586 *msg = "Rejected: Address is not an IP, or IP is a private address.";
587 return -1;
588 }
589
590 *valid_out = ! (status & FP_INVALID);
591
592 return 0;
593 }
594
595 /** Update the relevant flags of <b>node</b> based on our opinion as a
596 * directory authority in <b>authstatus</b>, as returned by
597 * dirserv_router_get_status or equivalent. */
598 void
599 dirserv_set_node_flags_from_authoritative_status(node_t *node,
600 uint32_t authstatus)
601 {
602 node->is_valid = (authstatus & FP_INVALID) ? 0 : 1;
603 node->is_bad_directory = (authstatus & FP_BADDIR) ? 1 : 0;
604 node->is_bad_exit = (authstatus & FP_BADEXIT) ? 1 : 0;
605 }
606
607 /** True iff <b>a</b> is more severe than <b>b</b>. */
608 static int
609 WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
610 {
611 return a < b;
612 }
613
614 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
615 * returns the most severe error that occurred for any one of them. */
616 was_router_added_t
617 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
618 const char *source,
619 const char **msg)
620 {
621 was_router_added_t r, r_tmp;
622 const char *msg_out;
623 smartlist_t *list;
624 const char *s;
625 int n_parsed = 0;
626 time_t now = time(NULL);
627 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
628 char time_buf[ISO_TIME_LEN+1];
629 int general = purpose == ROUTER_PURPOSE_GENERAL;
630 tor_assert(msg);
631
632 r=ROUTER_ADDED_SUCCESSFULLY; /*Least severe return value. */
633
634 format_iso_time(time_buf, now);
635 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
636 "@uploaded-at %s\n"
637 "@source %s\n"
638 "%s%s%s", time_buf, escaped(source),
639 !general ? "@purpose " : "",
640 !general ? router_purpose_to_string(purpose) : "",
641 !general ? "\n" : "")<0) {
642 *msg = "Couldn't format annotations";
643 return -1;
644 }
645
646 s = desc;
647 list = smartlist_create();
648 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
649 annotation_buf)) {
650 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
651 msg_out = NULL;
652 tor_assert(ri->purpose == purpose);
653 r_tmp = dirserv_add_descriptor(ri, &msg_out, source);
654 if (WRA_MORE_SEVERE(r_tmp, r)) {
655 r = r_tmp;
656 *msg = msg_out;
657 }
658 });
659 }
660 n_parsed += smartlist_len(list);
661 smartlist_clear(list);
662
663 s = desc;
664 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
665 NULL)) {
666 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
667 msg_out = NULL;
668
669 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
670 if (WRA_MORE_SEVERE(r_tmp, r)) {
671 r = r_tmp;
672 *msg = msg_out;
673 }
674 });
675 }
676 n_parsed += smartlist_len(list);
677 smartlist_free(list);
678
679 if (! *msg) {
680 if (!n_parsed) {
681 *msg = "No descriptors found in your POST.";
682 if (WRA_WAS_ADDED(r))
683 r = ROUTER_WAS_NOT_NEW;
684 } else {
685 *msg = "(no message)";
686 }
687 }
688
689 return r;
690 }
691
692 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
693 * the list of server descriptors. Set *<b>msg</b> to a message that should be
694 * passed back to the origin of this descriptor, or NULL if there is no such
695 * message. Use <b>source</b> to produce better log messages.
696 *
697 * Return the status of the operation
698 *
699 * This function is only called when fresh descriptors are posted, not when
700 * we re-load the cache.
701 */
702 was_router_added_t
703 dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
704 {
705 was_router_added_t r;
706 routerinfo_t *ri_old;
707 char *desc, *nickname;
708 size_t desclen = 0;
709 *msg = NULL;
710
711 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
712 * network and it'll clog everything up. */
713 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
714 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor '%s'"
715 " (source: %s) with size %d. Either this is an attack, or the "
716 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
717 ri->nickname, source, (int)ri->cache_info.signed_descriptor_len,
718 MAX_DESCRIPTOR_UPLOAD_SIZE);
719 *msg = "Router descriptor was too large";
720 control_event_or_authdir_new_descriptor("REJECTED",
721 ri->cache_info.signed_descriptor_body,
722 ri->cache_info.signed_descriptor_len, *msg);
723 routerinfo_free(ri);
724 return ROUTER_AUTHDIR_REJECTS;
725 }
726
727 /* Check whether this descriptor is semantically identical to the last one
728 * from this server. (We do this here and not in router_add_to_routerlist
729 * because we want to be able to accept the newest router descriptor that
730 * another authority has, so we all converge on the same one.) */
731 ri_old = router_get_mutable_by_digest(ri->cache_info.identity_digest);
732 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
733 && router_differences_are_cosmetic(ri_old, ri)
734 && !router_is_me(ri)) {
735 log_info(LD_DIRSERV,
736 "Not replacing descriptor from %s (source: %s); "
737 "differences are cosmetic.",
738 router_describe(ri), source);
739 *msg = "Not replacing router descriptor; no information has changed since "
740 "the last one with this identity.";
741 control_event_or_authdir_new_descriptor("DROPPED",
742 ri->cache_info.signed_descriptor_body,
743 ri->cache_info.signed_descriptor_len, *msg);
744 routerinfo_free(ri);
745 return ROUTER_WAS_NOT_NEW;
746 }
747
748 /* Make a copy of desc, since router_add_to_routerlist might free
749 * ri and its associated signed_descriptor_t. */
750 desclen = ri->cache_info.signed_descriptor_len;
751 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
752 nickname = tor_strdup(ri->nickname);
753
754 /* Tell if we're about to need to launch a test if we add this. */
755 ri->needs_retest_if_added =
756 dirserv_should_launch_reachability_test(ri, ri_old);
757
758 r = router_add_to_routerlist(ri, msg, 0, 0);
759 if (!WRA_WAS_ADDED(r)) {
760 /* unless the routerinfo was fine, just out-of-date */
761 if (WRA_WAS_REJECTED(r))
762 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
763 log_info(LD_DIRSERV,
764 "Did not add descriptor from '%s' (source: %s): %s.",
765 nickname, source, *msg ? *msg : "(no message)");
766 } else {
767 smartlist_t *changed;
768 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
769
770 changed = smartlist_create();
771 smartlist_add(changed, ri);
772 routerlist_descriptors_added(changed, 0);
773 smartlist_free(changed);
774 if (!*msg) {
775 *msg = "Descriptor accepted";
776 }
777 log_info(LD_DIRSERV,
778 "Added descriptor from '%s' (source: %s): %s.",
779 nickname, source, *msg);
780 }
781 tor_free(desc);
782 tor_free(nickname);
783 return r;
784 }
785
786 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
787 static was_router_added_t
788 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
789 {
790 const routerinfo_t *ri;
791 int r;
792 tor_assert(msg);
793 *msg = NULL;
794
795 ri = router_get_by_id_digest(ei->cache_info.identity_digest);
796 if (!ri) {
797 *msg = "No corresponding router descriptor for extra-info descriptor";
798 extrainfo_free(ei);
799 return ROUTER_BAD_EI;
800 }
801
802 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
803 * network and it'll clog everything up. */
804 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
805 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
806 "with size %d. Either this is an attack, or the "
807 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
808 (int)ei->cache_info.signed_descriptor_len,
809 MAX_EXTRAINFO_UPLOAD_SIZE);
810 *msg = "Extrainfo document was too large";
811 extrainfo_free(ei);
812 return ROUTER_BAD_EI;
813 }
814
815 if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) {
816 extrainfo_free(ei);
817 return r < 0 ? ROUTER_WAS_NOT_NEW : ROUTER_BAD_EI;
818 }
819 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
820 return ROUTER_ADDED_SUCCESSFULLY;
821 }
822
823 /** Remove all descriptors whose nicknames or fingerprints no longer
824 * are allowed by our fingerprint list. (Descriptors that used to be
825 * good can become bad when we reload the fingerprint list.)
826 */
827 static void
828 directory_remove_invalid(void)
829 {
830 int changed = 0;
831 routerlist_t *rl = router_get_routerlist();
832 smartlist_t *nodes = smartlist_create();
833 smartlist_add_all(nodes, nodelist_get_list());
834
835 SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
836 const char *msg;
837 routerinfo_t *ent = node->ri;
838 char description[NODE_DESC_BUF_LEN];
839 uint32_t r;
840 if (!ent)
841 continue;
842 r = dirserv_router_get_status(ent, &msg);
843 router_get_description(description, ent);
844 if (r & FP_REJECT) {
845 log_info(LD_DIRSERV, "Router %s is now rejected: %s",
846 description, msg?msg:"");
847 routerlist_remove(rl, ent, 0, time(NULL));
848 changed = 1;
849 continue;
850 }
851 #if 0
852 if (bool_neq((r & FP_NAMED), ent->auth_says_is_named)) {
853 log_info(LD_DIRSERV,
854 "Router %s is now %snamed.", description,
855 (r&FP_NAMED)?"":"un");
856 ent->is_named = (r&FP_NAMED)?1:0;
857 changed = 1;
858 }
859 if (bool_neq((r & FP_UNNAMED), ent->auth_says_is_unnamed)) {
860 log_info(LD_DIRSERV,
861 "Router '%s' is now %snamed. (FP_UNNAMED)", description,
862 (r&FP_NAMED)?"":"un");
863 ent->is_named = (r&FP_NUNAMED)?0:1;
864 changed = 1;
865 }
866 #endif
867 if (bool_neq((r & FP_INVALID), !node->is_valid)) {
868 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", description,
869 (r&FP_INVALID) ? "in" : "");
870 node->is_valid = (r&FP_INVALID)?0:1;
871 changed = 1;
872 }
873 if (bool_neq((r & FP_BADDIR), node->is_bad_directory)) {
874 log_info(LD_DIRSERV, "Router '%s' is now a %s directory", description,
875 (r & FP_BADDIR) ? "bad" : "good");
876 node->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
877 changed = 1;
878 }
879 if (bool_neq((r & FP_BADEXIT), node->is_bad_exit)) {
880 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
881 (r & FP_BADEXIT) ? "bad" : "good");
882 node->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
883 changed = 1;
884 }
885 } SMARTLIST_FOREACH_END(node);
886 if (changed)
887 directory_set_dirty();
888
889 routerlist_assert_ok(rl);
890 smartlist_free(nodes);
891 }
892
893 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
894 * directory, we will rebuild it instead of reusing the most recently
895 * generated one.
896 */
897 void
898 directory_set_dirty(void)
899 {
900 time_t now = time(NULL);
901 int set_v1_dirty=0;
902
903 /* Regenerate stubs only every 8 hours.
904 * XXXX It would be nice to generate less often, but these are just
905 * stubs: it doesn't matter. */
906 #define STUB_REGENERATE_INTERVAL (8*60*60)
907 if (!the_directory || !the_runningrouters.dir)
908 set_v1_dirty = 1;
909 else if (the_directory->published < now - STUB_REGENERATE_INTERVAL ||
910 the_runningrouters.published < now - STUB_REGENERATE_INTERVAL)
911 set_v1_dirty = 1;
912
913 if (set_v1_dirty) {
914 if (!the_directory_is_dirty)
915 the_directory_is_dirty = now;
916 if (!runningrouters_is_dirty)
917 runningrouters_is_dirty = now;
918 }
919 if (!the_v2_networkstatus_is_dirty)
920 the_v2_networkstatus_is_dirty = now;
921 }
922
923 /**
924 * Allocate and return a description of the status of the server <b>desc</b>,
925 * for use in a v1-style router-status line. The server is listed
926 * as running iff <b>is_live</b> is true.
927 */
928 static char *
929 list_single_server_status(const routerinfo_t *desc, int is_live)
930 {
931 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
932 char *cp;
933 const node_t *node;
934
935 tor_assert(desc);
936
937 cp = buf;
938 if (!is_live) {
939 *cp++ = '!';
940 }
941 node = node_get_by_id(desc->cache_info.identity_digest);
942 if (node && node->is_valid) {
943 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
944 cp += strlen(cp);
945 *cp++ = '=';
946 }
947 *cp++ = '$';
948 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
949 DIGEST_LEN);
950 return tor_strdup(buf);
951 }
952
953 static INLINE int
954 running_long_enough_to_decide_unreachable(void)
955 {
956 return time_of_process_start
957 + get_options()->TestingAuthDirTimeToLearnReachability < approx_time();
958 }
959
960 /** Each server needs to have passed a reachability test no more
961 * than this number of seconds ago, or he is listed as down in
962 * the directory. */
963 #define REACHABLE_TIMEOUT (45*60)
964
965 /** If we tested a router and found it reachable _at least this long_ after it
966 * declared itself hibernating, it is probably done hibernating and we just
967 * missed a descriptor from it. */
968 #define HIBERNATION_PUBLICATION_SKEW (60*60)
969
970 /** Treat a router as alive if
971 * - It's me, and I'm not hibernating.
972 * or - We've found it reachable recently. */
973 void
974 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
975 {
976 /*XXXX023 This function is a mess. Separate out the part that calculates
977 whether it's reachable and the part that tells rephist that the router was
978 unreachable.
979 */
980 int answer;
981 node_t *node = node_get_mutable_by_id(router->cache_info.identity_digest);
982 tor_assert(node);
983
984 if (router_is_me(router)) {
985 /* We always know if we are down ourselves. */
986 answer = ! we_are_hibernating();
987 } else if (router->is_hibernating &&
988 (router->cache_info.published_on +
989 HIBERNATION_PUBLICATION_SKEW) > router->last_reachable) {
990 /* A hibernating router is down unless we (somehow) had contact with it
991 * since it declared itself to be hibernating. */
992 answer = 0;
993 } else if (get_options()->AssumeReachable) {
994 /* If AssumeReachable, everybody is up unless they say they are down! */
995 answer = 1;
996 } else {
997 /* Otherwise, a router counts as up if we found it reachable in the last
998 REACHABLE_TIMEOUT seconds. */
999 answer = (now < router->last_reachable + REACHABLE_TIMEOUT);
1000 }
1001
1002 if (!answer && running_long_enough_to_decide_unreachable()) {
1003 /* Not considered reachable. tell rephist about that.
1004
1005 Because we launch a reachability test for each router every
1006 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
1007 been down since at least that time after we last successfully reached
1008 it.
1009 */
1010 time_t when = now;
1011 if (router->last_reachable &&
1012 router->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD < now)
1013 when = router->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD;
1014 rep_hist_note_router_unreachable(router->cache_info.identity_digest, when);
1015 }
1016
1017 node->is_running = answer;
1018 }
1019
1020 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
1021 * contents of a v1-style router-status line, and store it in
1022 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
1023 *
1024 * If for_controller is true, include the routers with very old descriptors.
1025 */
1026 int
1027 list_server_status_v1(smartlist_t *routers, char **router_status_out,
1028 int for_controller)
1029 {
1030 /* List of entries in a router-status style: An optional !, then an optional
1031 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
1032 smartlist_t *rs_entries;
1033 time_t now = time(NULL);
1034 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1035 const or_options_t *options = get_options();
1036 /* We include v2 dir auths here too, because they need to answer
1037 * controllers. Eventually we'll deprecate this whole function;
1038 * see also networkstatus_getinfo_by_purpose(). */
1039 int authdir = authdir_mode_publishes_statuses(options);
1040 tor_assert(router_status_out);
1041
1042 rs_entries = smartlist_create();
1043
1044 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
1045 const node_t *node = node_get_by_id(ri->cache_info.identity_digest);
1046 tor_assert(node);
1047 if (authdir) {
1048 /* Update router status in routerinfo_t. */
1049 dirserv_set_router_is_running(ri, now);
1050 }
1051 if (for_controller) {
1052 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
1053 char *cp = name_buf;
1054 if (!node->is_running)
1055 *cp++ = '!';
1056 router_get_verbose_nickname(cp, ri);
1057 smartlist_add(rs_entries, tor_strdup(name_buf));
1058 } else if (ri->cache_info.published_on >= cutoff) {
1059 smartlist_add(rs_entries, list_single_server_status(ri,
1060 node->is_running));
1061 }
1062 } SMARTLIST_FOREACH_END(ri);
1063
1064 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
1065
1066 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
1067 smartlist_free(rs_entries);
1068
1069 return 0;
1070 }
1071
1072 /** Given a (possibly empty) list of config_line_t, each line of which contains
1073 * a list of comma-separated version numbers surrounded by optional space,
1074 * allocate and return a new string containing the version numbers, in order,
1075 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1076 */
1077 static char *
1078 format_versions_list(config_line_t *ln)
1079 {
1080 smartlist_t *versions;
1081 char *result;
1082 versions = smartlist_create();
1083 for ( ; ln; ln = ln->next) {
1084 smartlist_split_string(versions, ln->value, ",",
1085 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1086 }
1087 sort_version_list(versions, 1);
1088 result = smartlist_join_strings(versions,",",0,NULL);
1089 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1090 smartlist_free(versions);
1091 return result;
1092 }
1093
1094 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1095 * not hibernating, and not too old. Else return 0.
1096 */
1097 static int
1098 router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
1099 {
1100 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1101 if (ri->cache_info.published_on < cutoff)
1102 return 0;
1103 if (!node->is_running || !node->is_valid || ri->is_hibernating)
1104 return 0;
1105 return 1;
1106 }
1107
1108 /** Generate a new v1 directory and write it into a newly allocated string.
1109 * Point *<b>dir_out</b> to the allocated string. Sign the
1110 * directory with <b>private_key</b>. Return 0 on success, -1 on
1111 * failure. If <b>complete</b> is set, give us all the descriptors;
1112 * otherwise leave out non-running and non-valid ones.
1113 */
1114 int
1115 dirserv_dump_directory_to_string(char **dir_out,
1116 crypto_pk_env_t *private_key)
1117 {
1118 char *cp;
1119 char *identity_pkey; /* Identity key, DER64-encoded. */
1120 char *recommended_versions;
1121 char digest[DIGEST_LEN];
1122 char published[ISO_TIME_LEN+1];
1123 char *buf = NULL;
1124 size_t buf_len;
1125 size_t identity_pkey_len;
1126 time_t now = time(NULL);
1127
1128 tor_assert(dir_out);
1129 *dir_out = NULL;
1130
1131 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1132 &identity_pkey_len)<0) {
1133 log_warn(LD_BUG,"write identity_pkey to string failed!");
1134 return -1;
1135 }
1136
1137 recommended_versions =
1138 format_versions_list(get_options()->RecommendedVersions);
1139
1140 format_iso_time(published, now);
1141
1142 buf_len = 2048+strlen(recommended_versions);
1143
1144 buf = tor_malloc(buf_len);
1145 /* We'll be comparing against buf_len throughout the rest of the
1146 function, though strictly speaking we shouldn't be able to exceed
1147 it. This is C, after all, so we may as well check for buffer
1148 overruns.*/
1149
1150 tor_snprintf(buf, buf_len,
1151 "signed-directory\n"
1152 "published %s\n"
1153 "recommended-software %s\n"
1154 "router-status %s\n"
1155 "dir-signing-key\n%s\n",
1156 published, recommended_versions, "",
1157 identity_pkey);
1158
1159 tor_free(recommended_versions);
1160 tor_free(identity_pkey);
1161
1162 cp = buf + strlen(buf);
1163 *cp = '\0';
1164
1165 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1166 signature. */
1167 if (strlcat(buf, "directory-signature ", buf_len) >= buf_len)
1168 goto truncated;
1169 if (strlcat(buf, get_options()->Nickname, buf_len) >= buf_len)
1170 goto truncated;
1171 if (strlcat(buf, "\n", buf_len) >= buf_len)
1172 goto truncated;
1173
1174 if (router_get_dir_hash(buf,digest)) {
1175 log_warn(LD_BUG,"couldn't compute digest");
1176 tor_free(buf);
1177 return -1;
1178 }
1179 note_crypto_pk_op(SIGN_DIR);
1180 if (router_append_dirobj_signature(buf,buf_len,digest,DIGEST_LEN,
1181 private_key)<0) {
1182 tor_free(buf);
1183 return -1;
1184 }
1185
1186 *dir_out = buf;
1187 return 0;
1188 truncated:
1189 log_warn(LD_BUG,"tried to exceed string length.");
1190 tor_free(buf);
1191 return -1;
1192 }
1193
1194 /********************************************************************/
1195
1196 /* A set of functions to answer questions about how we'd like to behave
1197 * as a directory mirror/client. */
1198
1199 /** Return 1 if we fetch our directory material directly from the
1200 * authorities, rather than from a mirror. */
1201 int
1202 directory_fetches_from_authorities(const or_options_t *options)
1203 {
1204 const routerinfo_t *me;
1205 uint32_t addr;
1206 int refuseunknown;
1207 if (options->FetchDirInfoEarly)
1208 return 1;
1209 if (options->BridgeRelay == 1)
1210 return 0;
1211 if (server_mode(options) && router_pick_published_address(options, &addr)<0)
1212 return 1; /* we don't know our IP address; ask an authority. */
1213 refuseunknown = ! router_my_exit_policy_is_reject_star() &&
1214 should_refuse_unknown_exits(options);
1215 if (options->DirPort == 0 && !refuseunknown)
1216 return 0;
1217 if (!server_mode(options) || !advertised_server_mode())
1218 return 0;
1219 me = router_get_my_routerinfo();
1220 if (!me || (!me->dir_port && !refuseunknown))
1221 return 0; /* if dirport not advertised, return 0 too */
1222 return 1;
1223 }
1224
1225 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1226 * on the "mirror" schedule rather than the "client" schedule.
1227 */
1228 int
1229 directory_fetches_dir_info_early(const or_options_t *options)
1230 {
1231 return directory_fetches_from_authorities(options);
1232 }
1233
1234 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1235 * on a very passive schedule -- waiting long enough for ordinary clients
1236 * to probably have the info we want. These would include bridge users,
1237 * and maybe others in the future e.g. if a Tor client uses another Tor
1238 * client as a directory guard.
1239 */
1240 int
1241 directory_fetches_dir_info_later(const or_options_t *options)
1242 {
1243 return options->UseBridges != 0;
1244 }
1245
1246 /** Return 1 if we want to cache v2 dir info (each status file).
1247 */
1248 int
1249 directory_caches_v2_dir_info(const or_options_t *options)
1250 {
1251 return options->DirPort != 0;
1252 }
1253
1254 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1255 * and we're willing to serve them to others. Else return 0.
1256 */
1257 int
1258 directory_caches_dir_info(const or_options_t *options)
1259 {
1260 if (options->BridgeRelay || options->DirPort)
1261 return 1;
1262 if (!server_mode(options) || !advertised_server_mode())
1263 return 0;
1264 /* We need an up-to-date view of network info if we're going to try to
1265 * block exit attempts from unknown relays. */
1266 return ! router_my_exit_policy_is_reject_star() &&
1267 should_refuse_unknown_exits(options);
1268 }
1269
1270 /** Return 1 if we want to allow remote people to ask us directory
1271 * requests via the "begin_dir" interface, which doesn't require
1272 * having any separate port open. */
1273 int
1274 directory_permits_begindir_requests(const or_options_t *options)
1275 {
1276 return options->BridgeRelay != 0 || options->DirPort != 0;
1277 }
1278
1279 /** Return 1 if we want to allow controllers to ask us directory
1280 * requests via the controller interface, which doesn't require
1281 * having any separate port open. */
1282 int
1283 directory_permits_controller_requests(const or_options_t *options)
1284 {
1285 return options->DirPort != 0;
1286 }
1287
1288 /** Return 1 if we have no need to fetch new descriptors. This generally
1289 * happens when we're not a dir cache and we haven't built any circuits
1290 * lately.
1291 */
1292 int
1293 directory_too_idle_to_fetch_descriptors(const or_options_t *options,
1294 time_t now)
1295 {
1296 return !directory_caches_dir_info(options) &&
1297 !options->FetchUselessDescriptors &&
1298 rep_hist_circbuilding_dormant(now);
1299 }
1300
1301 /********************************************************************/
1302
1303 /* Used only by non-v1-auth dirservers: The v1 directory and
1304 * runningrouters we'll serve when requested. */
1305
1306 /** The v1 directory we'll serve (as a cache or as an authority) if
1307 * requested. */
1308 static cached_dir_t *cached_directory = NULL;
1309 /** The v1 runningrouters document we'll serve (as a cache or as an authority)
1310 * if requested. */
1311 static cached_dir_t cached_runningrouters;
1312
1313 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1314 * cached_dir_t. */
1315 static digestmap_t *cached_v2_networkstatus = NULL;
1316
1317 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1318 * currently serving. */
1319 static strmap_t *cached_consensuses = NULL;
1320
1321 /** Possibly replace the contents of <b>d</b> with the value of
1322 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1323 * the last value, or too far in the future.
1324 *
1325 * Does not copy <b>directory</b>; frees it if it isn't used.
1326 */
1327 static void
1328 set_cached_dir(cached_dir_t *d, char *directory, time_t when)
1329 {
1330 time_t now = time(NULL);
1331 if (when<=d->published) {
1332 log_info(LD_DIRSERV, "Ignoring old directory; not caching.");
1333 tor_free(directory);
1334 } else if (when>=now+ROUTER_MAX_AGE_TO_PUBLISH) {
1335 log_info(LD_DIRSERV, "Ignoring future directory; not caching.");
1336 tor_free(directory);
1337 } else {
1338 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1339 log_debug(LD_DIRSERV, "Caching directory.");
1340 tor_free(d->dir);
1341 d->dir = directory;
1342 d->dir_len = strlen(directory);
1343 tor_free(d->dir_z);
1344 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1345 ZLIB_METHOD)) {
1346 log_warn(LD_BUG,"Error compressing cached directory");
1347 }
1348 d->published = when;
1349 }
1350 }
1351
1352 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1353 * any references. */
1354 void
1355 cached_dir_decref(cached_dir_t *d)
1356 {
1357 if (!d || --d->refcnt > 0)
1358 return;
1359 clear_cached_dir(d);
1360 tor_free(d);
1361 }
1362
1363 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1364 * published at <b>published</b>. */
1365 cached_dir_t *
1366 new_cached_dir(char *s, time_t published)
1367 {
1368 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1369 d->refcnt = 1;
1370 d->dir = s;
1371 d->dir_len = strlen(s);
1372 d->published = published;
1373 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1374 ZLIB_METHOD)) {
1375 log_warn(LD_BUG, "Error compressing directory");
1376 }
1377 return d;
1378 }
1379
1380 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1381 static void
1382 clear_cached_dir(cached_dir_t *d)
1383 {
1384 tor_free(d->dir);
1385 tor_free(d->dir_z);
1386 memset(d, 0, sizeof(cached_dir_t));
1387 }
1388
1389 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1390 static void
1391 _free_cached_dir(void *_d)
1392 {
1393 cached_dir_t *d;
1394 if (!_d)
1395 return;
1396
1397 d = (cached_dir_t *)_d;
1398 cached_dir_decref(d);
1399 }
1400
1401 /** If we have no cached v1 directory, or it is older than <b>published</b>,
1402 * then replace it with <b>directory</b>, published at <b>published</b>.
1403 *
1404 * If <b>published</b> is too old, do nothing.
1405 *
1406 * If <b>is_running_routers</b>, this is really a v1 running_routers
1407 * document rather than a v1 directory.
1408 */
1409 void
1410 dirserv_set_cached_directory(const char *directory, time_t published,
1411 int is_running_routers)
1412 {
1413 time_t now = time(NULL);
1414
1415 if (is_running_routers) {
1416 if (published >= now - MAX_V1_RR_AGE)
1417 set_cached_dir(&cached_runningrouters, tor_strdup(directory), published);
1418 } else {
1419 if (published >= now - MAX_V1_DIRECTORY_AGE) {
1420 cached_dir_decref(cached_directory);
1421 cached_directory = new_cached_dir(tor_strdup(directory), published);
1422 }
1423 }
1424 }
1425
1426 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1427 * network-status for an authoritative directory with identity digest
1428 * <b>identity</b> published at <b>published</b> -- store it so we can
1429 * serve it to others.
1430 *
1431 * If <b>networkstatus</b> is NULL, remove the entry with the given
1432 * identity fingerprint from the v2 cache.
1433 */
1434 void
1435 dirserv_set_cached_networkstatus_v2(const char *networkstatus,
1436 const char *identity,
1437 time_t published)
1438 {
1439 cached_dir_t *d, *old_d;
1440 smartlist_t *trusted_dirs;
1441 if (!cached_v2_networkstatus)
1442 cached_v2_networkstatus = digestmap_new();
1443
1444 old_d = digestmap_get(cached_v2_networkstatus, identity);
1445 if (!old_d && !networkstatus)
1446 return;
1447
1448 if (networkstatus) {
1449 if (!old_d || published > old_d->published) {
1450 d = new_cached_dir(tor_strdup(networkstatus), published);
1451 digestmap_set(cached_v2_networkstatus, identity, d);
1452 if (old_d)
1453 cached_dir_decref(old_d);
1454 }
1455 } else {
1456 if (old_d) {
1457 digestmap_remove(cached_v2_networkstatus, identity);
1458 cached_dir_decref(old_d);
1459 }
1460 }
1461
1462 /* Now purge old entries. */
1463 trusted_dirs = router_get_trusted_dir_servers();
1464 if (digestmap_size(cached_v2_networkstatus) >
1465 smartlist_len(trusted_dirs) + MAX_UNTRUSTED_NETWORKSTATUSES) {
1466 /* We need to remove the oldest untrusted networkstatus. */
1467 const char *oldest = NULL;
1468 time_t oldest_published = TIME_MAX;
1469 digestmap_iter_t *iter;
1470
1471 for (iter = digestmap_iter_init(cached_v2_networkstatus);
1472 !digestmap_iter_done(iter);
1473 iter = digestmap_iter_next(cached_v2_networkstatus, iter)) {
1474 const char *ident;
1475 void *val;
1476 digestmap_iter_get(iter, &ident, &val);
1477 d = val;
1478 if (d->published < oldest_published &&
1479 !router_digest_is_trusted_dir(ident)) {
1480 oldest = ident;
1481 oldest_published = d->published;
1482 }
1483 }
1484 tor_assert(oldest);
1485 d = digestmap_remove(cached_v2_networkstatus, oldest);
1486 if (d)
1487 cached_dir_decref(d);
1488 }
1489 }
1490
1491 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1492 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1493 * validation is performed. */
1494 void
1495 dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
1496 const char *flavor_name,
1497 const digests_t *digests,
1498 time_t published)
1499 {
1500 cached_dir_t *new_networkstatus;
1501 cached_dir_t *old_networkstatus;
1502 if (!cached_consensuses)
1503 cached_consensuses = strmap_new();
1504
1505 new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
1506 memcpy(&new_networkstatus->digests, digests, sizeof(digests_t));
1507 old_networkstatus = strmap_set(cached_consensuses, flavor_name,
1508 new_networkstatus);
1509 if (old_networkstatus)
1510 cached_dir_decref(old_networkstatus);
1511 }
1512
1513 /** Remove any v2 networkstatus from the directory cache that was published
1514 * before <b>cutoff</b>. */
1515 void
1516 dirserv_clear_old_networkstatuses(time_t cutoff)
1517 {
1518 if (!cached_v2_networkstatus)
1519 return;
1520
1521 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus, id, cached_dir_t *, dir) {
1522 if (dir->published < cutoff) {
1523 char *fname;
1524 fname = networkstatus_get_cache_filename(id);
1525 if (file_status(fname) == FN_FILE) {
1526 log_info(LD_DIR, "Removing too-old untrusted networkstatus in %s",
1527 fname);
1528 unlink(fname);
1529 }
1530 tor_free(fname);
1531 cached_dir_decref(dir);
1532 MAP_DEL_CURRENT(id);
1533 }
1534 } DIGESTMAP_FOREACH_END
1535 }
1536
1537 /** Remove any v1 info from the directory cache that was published
1538 * too long ago. */
1539 void
1540 dirserv_clear_old_v1_info(time_t now)
1541 {
1542 if (cached_directory &&
1543 cached_directory->published < (now - MAX_V1_DIRECTORY_AGE)) {
1544 cached_dir_decref(cached_directory);
1545 cached_directory = NULL;
1546 }
1547 if (cached_runningrouters.published < (now - MAX_V1_RR_AGE)) {
1548 clear_cached_dir(&cached_runningrouters);
1549 }
1550 }
1551
1552 /** Helper: If we're an authority for the right directory version (v1 or v2)
1553 * (based on <b>auth_type</b>), try to regenerate
1554 * auth_src as appropriate and return it, falling back to cache_src on
1555 * failure. If we're a cache, simply return cache_src.
1556 */
1557 static cached_dir_t *
1558 dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
1559 cached_dir_t *auth_src,
1560 time_t dirty, cached_dir_t *(*regenerate)(void),
1561 const char *name,
1562 dirinfo_type_t auth_type)
1563 {
1564 const or_options_t *options = get_options();
1565 int authority = (auth_type == V1_DIRINFO && authdir_mode_v1(options)) ||
1566 (auth_type == V2_DIRINFO && authdir_mode_v2(options));
1567
1568 if (!authority || authdir_mode_bridge(options)) {
1569 return cache_src;
1570 } else {
1571 /* We're authoritative. */
1572 if (regenerate != NULL) {
1573 if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) {
1574 if (!(auth_src = regenerate())) {
1575 log_err(LD_BUG, "Couldn't generate %s?", name);
1576 exit(1);
1577 }
1578 } else {
1579 log_info(LD_DIRSERV, "The %s is still clean; reusing.", name);
1580 }
1581 }
1582 return auth_src ? auth_src : cache_src;
1583 }
1584 }
1585
1586 /** Return the most recently generated encoded signed v1 directory,
1587 * generating a new one as necessary. If not a v1 authoritative directory
1588 * may return NULL if no directory is yet cached. */
1589 cached_dir_t *
1590 dirserv_get_directory(void)
1591 {
1592 return dirserv_pick_cached_dir_obj(cached_directory, the_directory,
1593 the_directory_is_dirty,
1594 dirserv_regenerate_directory,
1595 "v1 server directory", V1_DIRINFO);
1596 }
1597
1598 /** Only called by v1 auth dirservers.
1599 * Generate a fresh v1 directory; set the_directory and return a pointer
1600 * to the new value.
1601 */
1602 static cached_dir_t *
1603 dirserv_regenerate_directory(void)
1604 {
1605 char *new_directory=NULL;
1606
1607 if (dirserv_dump_directory_to_string(&new_directory,
1608 get_server_identity_key())) {
1609 log_warn(LD_BUG, "Error creating directory.");
1610 tor_free(new_directory);
1611 return NULL;
1612 }
1613 cached_dir_decref(the_directory);
1614 the_directory = new_cached_dir(new_directory, time(NULL));
1615 log_info(LD_DIRSERV,"New directory (size %d) has been built.",
1616 (int)the_directory->dir_len);
1617 log_debug(LD_DIRSERV,"New directory (size %d):\n%s",
1618 (int)the_directory->dir_len, the_directory->dir);
1619
1620 the_directory_is_dirty = 0;
1621
1622 /* Save the directory to disk so we re-load it quickly on startup.
1623 */
1624 dirserv_set_cached_directory(the_directory->dir, time(NULL), 0);
1625
1626 return the_directory;
1627 }
1628
1629 /** Only called by v1 auth dirservers.
1630 * Replace the current running-routers list with a newly generated one. */
1631 static cached_dir_t *
1632 generate_runningrouters(void)
1633 {
1634 char *s=NULL;
1635 char digest[DIGEST_LEN];
1636 char published[ISO_TIME_LEN+1];
1637 size_t len;
1638 crypto_pk_env_t *private_key = get_server_identity_key();
1639 char *identity_pkey; /* Identity key, DER64-encoded. */
1640 size_t identity_pkey_len;
1641
1642 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1643 &identity_pkey_len)<0) {
1644 log_warn(LD_BUG,"write identity_pkey to string failed!");
1645 goto err;
1646 }
1647 format_iso_time(published, time(NULL));
1648
1649 len = 2048;
1650 s = tor_malloc_zero(len);
1651 tor_snprintf(s, len,
1652 "network-status\n"
1653 "published %s\n"
1654 "router-status %s\n"
1655 "dir-signing-key\n%s"
1656 "directory-signature %s\n",
1657 published, "", identity_pkey,
1658 get_options()->Nickname);
1659 tor_free(identity_pkey);
1660 if (router_get_runningrouters_hash(s,digest)) {
1661 log_warn(LD_BUG,"couldn't compute digest");
1662 goto err;
1663 }
1664 note_crypto_pk_op(SIGN_DIR);
1665 if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN,
1666 private_key)<0)
1667 goto err;
1668
1669 set_cached_dir(&the_runningrouters, s, time(NULL));
1670 runningrouters_is_dirty = 0;
1671
1672 return &the_runningrouters;
1673 err:
1674 tor_free(s);
1675 return NULL;
1676 }
1677
1678 /** Set *<b>rr</b> to the most recently generated encoded signed
1679 * running-routers list, generating a new one as necessary. Return the
1680 * size of the directory on success, and 0 on failure. */
1681 cached_dir_t *
1682 dirserv_get_runningrouters(void)
1683 {
1684 return dirserv_pick_cached_dir_obj(
1685 &cached_runningrouters, &the_runningrouters,
1686 runningrouters_is_dirty,
1687 generate_runningrouters,
1688 "v1 network status list", V1_DIRINFO);
1689 }
1690
1691 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1692 * optionally compressed format, suitable for sending to clients. */
1693 cached_dir_t *
1694 dirserv_get_consensus(const char *flavor_name)
1695 {
1696 if (!cached_consensuses)
1697 return NULL;
1698 return strmap_get(cached_consensuses, flavor_name);
1699 }
1700
1701 /** For authoritative directories: the current (v2) network status. */
1702 static cached_dir_t *the_v2_networkstatus = NULL;
1703
1704 /** Return true iff our opinion of the routers has been stale for long
1705 * enough that we should generate a new v2 network status doc. */
1706 static int
1707 should_generate_v2_networkstatus(void)
1708 {
1709 return authdir_mode_v2(get_options()) &&
1710 the_v2_networkstatus_is_dirty &&
1711 the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
1712 }
1713
1714 /** If a router's uptime is at least this value, then it is always
1715 * considered stable, regardless of the rest of the network. This
1716 * way we resist attacks where an attacker doubles the size of the
1717 * network using allegedly high-uptime nodes, displacing all the
1718 * current guards. */
1719 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1720 /** If a router's MTBF is at least this value, then it is always stable.
1721 * See above. (Corresponds to about 7 days for current decay rates.) */
1722 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1723 /** Similarly, every node with at least this much weighted time known can be
1724 * considered familiar enough to be a guard. Corresponds to about 20 days for
1725 * current decay rates.
1726 */
1727 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1728 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1729 */
1730 #define WFU_TO_GUARANTEE_GUARD (0.98)
1731
1732 /* Thresholds for server performance: set by
1733 * dirserv_compute_performance_thresholds, and used by
1734 * generate_v2_networkstatus */
1735
1736 /** Any router with an uptime of at least this value is stable. */
1737 static uint32_t stable_uptime = 0; /* start at a safe value */
1738 /** Any router with an mtbf of at least this value is stable. */
1739 static double stable_mtbf = 0.0;
1740 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1741 * than stable_uptime. */
1742 static int enough_mtbf_info = 0;
1743 /** Any router with a weighted fractional uptime of at least this much might
1744 * be good as a guard. */
1745 static double guard_wfu = 0.0;
1746 /** Don't call a router a guard unless we've known about it for at least this
1747 * many seconds. */
1748 static long guard_tk = 0;
1749 /** Any router with a bandwidth at least this high is "Fast" */
1750 static uint32_t fast_bandwidth = 0;
1751 /** If exits can be guards, then all guards must have a bandwidth this
1752 * high. */
1753 static uint32_t guard_bandwidth_including_exits = 0;
1754 /** If exits can't be guards, then all guards must have a bandwidth this
1755 * high. */
1756 static uint32_t guard_bandwidth_excluding_exits = 0;
1757 /** Total bandwidth of all the routers we're considering. */
1758 static uint64_t total_bandwidth = 0;
1759 /** Total bandwidth of all the exit routers we're considering. */
1760 static uint64_t total_exit_bandwidth = 0;
1761
1762 /** Helper: estimate the uptime of a router given its stated uptime and the
1763 * amount of time since it last stated its stated uptime. */
1764 static INLINE long
1765 real_uptime(const routerinfo_t *router, time_t now)
1766 {
1767 if (now < router->cache_info.published_on)
1768 return router->uptime;
1769 else
1770 return router->uptime + (now - router->cache_info.published_on);
1771 }
1772
1773 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1774 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1775 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1776 * bandwidth.
1777 */
1778 static int
1779 dirserv_thinks_router_is_unreliable(time_t now,
1780 routerinfo_t *router,
1781 int need_uptime, int need_capacity)
1782 {
1783 if (need_uptime) {
1784 if (!enough_mtbf_info) {
1785 /* XXX023 Once most authorities are on v3, we should change the rule from
1786 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1787 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1788 * hit a point where we need to reset a lot of authorities at once,
1789 * none of them would be in a position to declare Stable.
1790 */
1791 long uptime = real_uptime(router, now);
1792 if ((unsigned)uptime < stable_uptime &&
1793 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1794 return 1;
1795 } else {
1796 double mtbf =
1797 rep_hist_get_stability(router->cache_info.identity_digest, now);
1798 if (mtbf < stable_mtbf &&
1799 mtbf < MTBF_TO_GUARANTEE_STABLE)
1800 return 1;
1801 }
1802 }
1803 if (need_capacity) {
1804 uint32_t bw = router_get_advertised_bandwidth(router);
1805 if (bw < fast_bandwidth)
1806 return 1;
1807 }
1808 return 0;
1809 }
1810
1811 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1812 * Right now this means it advertises support for it, it has a high
1813 * uptime, it has a DirPort open, and it's currently considered Running.
1814 *
1815 * This function needs to be called after router-\>is_running has
1816 * been set.
1817 */
1818 static int
1819 dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
1820 const node_t *node, time_t now)
1821 {
1822
1823 long uptime;
1824
1825 /* If we haven't been running for at least
1826 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1827 * have accurate data telling us a relay has been up for at least
1828 * that long. We also want to allow a bit of slack: Reachability
1829 * tests aren't instant. If we haven't been running long enough,
1830 * trust the relay. */
1831
1832 if (stats_n_seconds_working >
1833 get_options()->MinUptimeHidServDirectoryV2 * 1.1)
1834 uptime = MIN(rep_hist_get_uptime(router->cache_info.identity_digest, now),
1835 real_uptime(router, now));
1836 else
1837 uptime = real_uptime(router, now);
1838
1839 /* XXX We shouldn't need to check dir_port, but we do because of
1840 * bug 1693. In the future, once relays set wants_to_be_hs_dir
1841 * correctly, we can revert to only checking dir_port if router's
1842 * version is too old. */
1843 /* XXX Unfortunately, we need to keep checking dir_port until all
1844 * *clients* suffering from bug 2722 are obsolete. The first version
1845 * to fix the bug was 0.2.2.25-alpha. */
1846 return (router->wants_to_be_hs_dir && router->dir_port &&
1847 uptime > get_options()->MinUptimeHidServDirectoryV2 &&
1848 node->is_running);
1849 }
1850
1851 /** Look through the routerlist, the Mean Time Between Failure history, and
1852 * the Weighted Fractional Uptime history, and use them to set thresholds for
1853 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1854 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1855 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1856 * total_bandwidth, and total_exit_bandwidth.
1857 *
1858 * Also, set the is_exit flag of each router appropriately. */
1859 static void
1860 dirserv_compute_performance_thresholds(routerlist_t *rl)
1861 {
1862 int n_active, n_active_nonexit, n_familiar;
1863 uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
1864 long *tks;
1865 double *mtbfs, *wfus;
1866 time_t now = time(NULL);
1867 const or_options_t *options = get_options();
1868
1869 /* initialize these all here, in case there are no routers */
1870 stable_uptime = 0;
1871 stable_mtbf = 0;
1872 fast_bandwidth = 0;
1873 guard_bandwidth_including_exits = 0;
1874 guard_bandwidth_excluding_exits = 0;
1875 guard_tk = 0;
1876 guard_wfu = 0;
1877 total_bandwidth = 0;
1878 total_exit_bandwidth = 0;
1879
1880 /* Initialize arrays that will hold values for each router. We'll
1881 * sort them and use that to compute thresholds. */
1882 n_active = n_active_nonexit = 0;
1883 /* Uptime for every active router. */
1884 uptimes = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1885 /* Bandwidth for every active router. */
1886 bandwidths = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1887 /* Bandwidth for every active non-exit router. */
1888 bandwidths_excluding_exits =
1889 tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1890 /* Weighted mean time between failure for each active router. */
1891 mtbfs = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1892 /* Time-known for each active router. */
1893 tks = tor_malloc(sizeof(long)*smartlist_len(rl->routers));
1894 /* Weighted fractional uptime for each active router. */
1895 wfus = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1896
1897 nodelist_assert_ok();
1898
1899 /* Now, fill in the arrays. */
1900 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
1901 routerinfo_t *ri = node->ri;
1902 if (ri && router_is_active(ri, node, now)) {
1903 const char *id = ri->cache_info.identity_digest;
1904 uint32_t bw;
1905 node->is_exit = (!router_exit_policy_rejects_all(ri) &&
1906 exit_policy_is_general_exit(ri->exit_policy));
1907 uptimes[n_active] = (uint32_t)real_uptime(ri, now);
1908 mtbfs[n_active] = rep_hist_get_stability(id, now);
1909 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1910 bandwidths[n_active] = bw = router_get_advertised_bandwidth(ri);
1911 total_bandwidth += bw;
1912 if (node->is_exit && !node->is_bad_exit) {
1913 total_exit_bandwidth += bw;
1914 } else {
1915 bandwidths_excluding_exits[n_active_nonexit] = bw;
1916 ++n_active_nonexit;
1917 }
1918 ++n_active;
1919 }
1920 } SMARTLIST_FOREACH_END(node);
1921
1922 /* Now, compute thresholds. */
1923 if (n_active) {
1924 /* The median uptime is stable. */
1925 stable_uptime = median_uint32(uptimes, n_active);
1926 /* The median mtbf is stable, if we have enough mtbf info */
1927 stable_mtbf = median_double(mtbfs, n_active);
1928 /* The 12.5th percentile bandwidth is fast. */
1929 fast_bandwidth = find_nth_uint32(bandwidths, n_active, n_active/8);
1930 /* (Now bandwidths is sorted.) */
1931 if (fast_bandwidth < ROUTER_REQUIRED_MIN_BANDWIDTH/2)
1932 fast_bandwidth = bandwidths[n_active/4];
1933 guard_bandwidth_including_exits = bandwidths[(n_active-1)/2];
1934 guard_tk = find_nth_long(tks, n_active, n_active/8);
1935 }
1936
1937 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1938 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1939
1940 /* Protect sufficiently fast nodes from being pushed out of the set
1941 * of Fast nodes. */
1942 if (options->AuthDirFastGuarantee &&
1943 fast_bandwidth > options->AuthDirFastGuarantee)
1944 fast_bandwidth = (uint32_t)options->AuthDirFastGuarantee;
1945
1946 /* Now that we have a time-known that 7/8 routers are known longer than,
1947 * fill wfus with the wfu of every such "familiar" router. */
1948 n_familiar = 0;
1949
1950 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
1951 routerinfo_t *ri = node->ri;
1952 if (ri && router_is_active(ri, node, now)) {
1953 const char *id = ri->cache_info.identity_digest;
1954 long tk = rep_hist_get_weighted_time_known(id, now);
1955 if (tk < guard_tk)
1956 continue;
1957 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1958 }
1959 } SMARTLIST_FOREACH_END(node);
1960 if (n_familiar)
1961 guard_wfu = median_double(wfus, n_familiar);
1962 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1963 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1964
1965 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1966
1967 if (n_active_nonexit) {
1968 guard_bandwidth_excluding_exits =
1969 median_uint32(bandwidths_excluding_exits, n_active_nonexit);
1970 }
1971
1972 log(LOG_INFO, LD_DIRSERV,
1973 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1974 "For Fast: %lu bytes/sec. "
1975 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1976 "and bandwidth %lu or %lu bytes/sec. We%s have enough stability data.",
1977 (unsigned long)stable_uptime,
1978 (unsigned long)stable_mtbf,
1979 (unsigned long)fast_bandwidth,
1980 guard_wfu*100,
1981 (unsigned long)guard_tk,
1982 (unsigned long)guard_bandwidth_including_exits,
1983 (unsigned long)guard_bandwidth_excluding_exits,
1984 enough_mtbf_info ? "" : " don't ");
1985
1986 tor_free(uptimes);
1987 tor_free(mtbfs);
1988 tor_free(bandwidths);
1989 tor_free(bandwidths_excluding_exits);
1990 tor_free(tks);
1991 tor_free(wfus);
1992 }
1993
1994 /** Given a platform string as in a routerinfo_t (possibly null), return a
1995 * newly allocated version string for a networkstatus document, or NULL if the
1996 * platform doesn't give a Tor version. */
1997 static char *
1998 version_from_platform(const char *platform)
1999 {
2000 if (platform && !strcmpstart(platform, "Tor ")) {
2001 const char *eos = find_whitespace(platform+4);
2002 if (eos && !strcmpstart(eos, " (r")) {
2003 /* XXXX Unify this logic with the other version extraction
2004 * logic in routerparse.c. */
2005 eos = find_whitespace(eos+1);
2006 }
2007 if (eos) {
2008 return tor_strndup(platform, eos-platform);
2009 }
2010 }
2011 return NULL;
2012 }
2013
2014 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
2015 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
2016 * Use the same format as in network-status documents. If <b>version</b> is
2017 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
2018 * failure.
2019 *
2020 * The format argument has three possible values:
2021 * NS_V2 - Output an entry suitable for a V2 NS opinion document
2022 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
2023 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
2024 * consensus entry.
2025 * NS_V3_VOTE - Output a complete V3 NS vote
2026 * NS_CONTROL_PORT - Output a NS document for the control port
2027 */
2028 int
2029 routerstatus_format_entry(char *buf, size_t buf_len,
2030 const routerstatus_t *rs, const char *version,
2031 routerstatus_format_type_t format)
2032 {
2033 int r;
2034 char *cp;
2035 char *summary;
2036
2037 char published[ISO_TIME_LEN+1];
2038 char identity64[BASE64_DIGEST_LEN+1];
2039 char digest64[BASE64_DIGEST_LEN+1];
2040
2041 format_iso_time(published, rs->published_on);
2042 digest_to_base64(identity64, rs->identity_digest);
2043 digest_to_base64(digest64, rs->descriptor_digest);
2044
2045 r = tor_snprintf(buf, buf_len,
2046 "r %s %s %s%s%s %s %d %d\n",
2047 rs->nickname,
2048 identity64,
2049 (format==NS_V3_CONSENSUS_MICRODESC)?"":digest64,
2050 (format==NS_V3_CONSENSUS_MICRODESC)?"":" ",
2051 published,
2052 fmt_addr32(rs->addr),
2053 (int)rs->or_port,
2054 (int)rs->dir_port);
2055 if (r<0) {
2056 log_warn(LD_BUG, "Not enough space in buffer.");
2057 return -1;
2058 }
2059
2060 /* TODO: Maybe we want to pass in what we need to build the rest of
2061 * this here, instead of in the caller. Then we could use the
2062 * networkstatus_type_t values, with an additional control port value
2063 * added -MP */
2064 if (format == NS_V3_CONSENSUS || format == NS_V3_CONSENSUS_MICRODESC)
2065 return 0;
2066
2067 cp = buf + strlen(buf);
2068 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
2069 r = tor_snprintf(cp, buf_len - (cp-buf),
2070 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
2071 /* These must stay in alphabetical order. */
2072 rs->is_authority?" Authority":"",
2073 rs->is_bad_directory?" BadDirectory":"",
2074 rs->is_bad_exit?" BadExit":"",
2075 rs->is_exit?" Exit":"",
2076 rs->is_fast?" Fast":"",
2077 rs->is_possible_guard?" Guard":"",
2078 rs->is_hs_dir?" HSDir":"",
2079 rs->is_named?" Named":"",
2080 rs->is_flagged_running?" Running":"",
2081 rs->is_stable?" Stable":"",
2082 rs->is_unnamed?" Unnamed":"",
2083 rs->is_v2_dir?" V2Dir":"",
2084 rs->is_valid?" Valid":"");
2085 if (r<0) {
2086 log_warn(LD_BUG, "Not enough space in buffer.");
2087 return -1;
2088 }
2089 cp += strlen(cp);
2090
2091 /* length of "opt v \n" */
2092 #define V_LINE_OVERHEAD 7
2093 if (version && strlen(version) < MAX_V_LINE_LEN - V_LINE_OVERHEAD) {
2094 if (tor_snprintf(cp, buf_len - (cp-buf), "opt v %s\n", version)<0) {
2095 log_warn(LD_BUG, "Unable to print router version.");
2096 return -1;
2097 }
2098 cp += strlen(cp);
2099 }
2100
2101 if (format != NS_V2) {
2102 const routerinfo_t* desc = router_get_by_id_digest(rs->identity_digest);
2103 uint32_t bw;
2104
2105 if (format != NS_CONTROL_PORT) {
2106 /* Blow up more or less nicely if we didn't get anything or not the
2107 * thing we expected.
2108 */
2109 if (!desc) {
2110 char id[HEX_DIGEST_LEN+1];
2111 char dd[HEX_DIGEST_LEN+1];
2112
2113 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2114 base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
2115 log_warn(LD_BUG, "Cannot get any descriptor for %s "
2116 "(wanted descriptor %s).",
2117 id, dd);
2118 return -1;
2119 };
2120
2121 /* This assert can fire for the control port, because
2122 * it can request NS documents before all descriptors
2123 * have been fetched. */
2124 if (tor_memneq(desc->cache_info.signed_descriptor_digest,
2125 rs->descriptor_digest,
2126 DIGEST_LEN)) {
2127 char rl_d[HEX_DIGEST_LEN+1];
2128 char rs_d[HEX_DIGEST_LEN+1];
2129 char id[HEX_DIGEST_LEN+1];
2130
2131 base16_encode(rl_d, sizeof(rl_d),
2132 desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
2133 base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
2134 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2135 log_err(LD_BUG, "descriptor digest in routerlist does not match "
2136 "the one in routerstatus: %s vs %s "
2137 "(router %s)\n",
2138 rl_d, rs_d, id);
2139
2140 tor_assert(tor_memeq(desc->cache_info.signed_descriptor_digest,
2141 rs->descriptor_digest,
2142 DIGEST_LEN));
2143 };
2144 }
2145
2146 if (format == NS_CONTROL_PORT && rs->has_bandwidth) {
2147 bw = rs->bandwidth;
2148 } else {
2149 tor_assert(desc);
2150 bw = router_get_advertised_bandwidth_capped(desc) / 1000;
2151 }
2152 r = tor_snprintf(cp, buf_len - (cp-buf),
2153 "w Bandwidth=%d\n", bw);
2154
2155 if (r<0) {
2156 log_warn(LD_BUG, "Not enough space in buffer.");
2157 return -1;
2158 }
2159 cp += strlen(cp);
2160 if (format == NS_V3_VOTE && rs->has_measured_bw) {
2161 *--cp = '\0'; /* Kill "\n" */
2162 r = tor_snprintf(cp, buf_len - (cp-buf),
2163 " Measured=%d\n", rs->measured_bw);
2164 if (r<0) {
2165 log_warn(LD_BUG, "Not enough space in buffer for weight line.");
2166 return -1;
2167 }
2168 cp += strlen(cp);
2169 }
2170
2171 if (desc) {
2172 summary = policy_summarize(desc->exit_policy);
2173 r = tor_snprintf(cp, buf_len - (cp-buf), "p %s\n", summary);
2174 if (r<0) {
2175 log_warn(LD_BUG, "Not enough space in buffer.");
2176 tor_free(summary);
2177 return -1;
2178 }
2179 cp += strlen(cp);
2180 tor_free(summary);
2181 }
2182 }
2183
2184 return 0;
2185 }
2186
2187 /** Helper for sorting: compares two routerinfos first by address, and then by
2188 * descending order of "usefulness". (An authority is more useful than a
2189 * non-authority; a running router is more useful than a non-running router;
2190 * and a router with more bandwidth is more useful than one with less.)
2191 **/
2192 static int
2193 _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
2194 {
2195 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
2196 int first_is_auth, second_is_auth;
2197 uint32_t bw_first, bw_second;
2198 const node_t *node_first, *node_second;
2199 int first_is_running, second_is_running;
2200
2201 /* we return -1 if first should appear before second... that is,
2202 * if first is a better router. */
2203 if (first->addr < second->addr)
2204 return -1;
2205 else if (first->addr > second->addr)
2206 return 1;
2207
2208 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
2209 * reality, we will almost never get here, since addresses will usually be
2210 * different. */
2211
2212 first_is_auth =
2213 router_digest_is_trusted_dir(first->cache_info.identity_digest);
2214 second_is_auth =
2215 router_digest_is_trusted_dir(second->cache_info.identity_digest);
2216
2217 if (first_is_auth && !second_is_auth)
2218 return -1;
2219 else if (!first_is_auth && second_is_auth)
2220 return 1;
2221
2222 node_first = node_get_by_id(first->cache_info.identity_digest);
2223 node_second = node_get_by_id(second->cache_info.identity_digest);
2224 first_is_running = node_first && node_first->is_running;
2225 second_is_running = node_second && node_second->is_running;
2226
2227 if (first_is_running && !second_is_running)
2228 return -1;
2229 else if (!first_is_running && second_is_running)
2230 return 1;
2231
2232 bw_first = router_get_advertised_bandwidth(first);
2233 bw_second = router_get_advertised_bandwidth(second);
2234
2235 if (bw_first > bw_second)
2236 return -1;
2237 else if (bw_first < bw_second)
2238 return 1;
2239
2240 /* They're equal! Compare by identity digest, so there's a
2241 * deterministic order and we avoid flapping. */
2242 return fast_memcmp(first->cache_info.identity_digest,
2243 second->cache_info.identity_digest,
2244 DIGEST_LEN);
2245 }
2246
2247 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2248 * whose keys are the identity digests of those routers that we're going to
2249 * exclude for Sybil-like appearance. */
2250 static digestmap_t *
2251 get_possible_sybil_list(const smartlist_t *routers)
2252 {
2253 const or_options_t *options = get_options();
2254 digestmap_t *omit_as_sybil;
2255 smartlist_t *routers_by_ip = smartlist_create();
2256 uint32_t last_addr;
2257 int addr_count;
2258 /* Allow at most this number of Tor servers on a single IP address, ... */
2259 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
2260 /* ... unless it's a directory authority, in which case allow more. */
2261 int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
2262 if (max_with_same_addr <= 0)
2263 max_with_same_addr = INT_MAX;
2264 if (max_with_same_addr_on_authority <= 0)
2265 max_with_same_addr_on_authority = INT_MAX;
2266
2267 smartlist_add_all(routers_by_ip, routers);
2268 smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
2269 omit_as_sybil = digestmap_new();
2270
2271 last_addr = 0;
2272 addr_count = 0;
2273 SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
2274 {
2275 if (last_addr != ri->addr) {
2276 last_addr = ri->addr;
2277 addr_count = 1;
2278 } else if (++addr_count > max_with_same_addr) {
2279 if (!router_addr_is_trusted_dir(ri->addr) ||
2280 addr_count > max_with_same_addr_on_authority)
2281 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2282 }
2283 });
2284
2285 smartlist_free(routers_by_ip);
2286 return omit_as_sybil;
2287 }
2288
2289 /** Return non-zero iff a relay running the Tor version specified in
2290 * <b>platform</b> is suitable for use as a potential entry guard. */
2291 static int
2292 is_router_version_good_for_possible_guard(const char *platform)
2293 {
2294 static int parsed_versions_initialized = 0;
2295 static tor_version_t first_good_0_2_1_guard_version;
2296 static tor_version_t first_good_0_2_2_guard_version;
2297 static tor_version_t first_good_later_guard_version;
2298
2299 tor_version_t router_version;
2300
2301 /* XXX023 This block should be extracted into its own function. */
2302 /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
2303 {
2304 char *s, *s2, *start;
2305 char tmp[128];
2306
2307 tor_assert(platform);
2308
2309 /* nonstandard Tor; be safe and say yes */
2310 if (strcmpstart(platform,"Tor "))
2311 return 1;
2312
2313 start = (char *)eat_whitespace(platform+3);
2314 if (!*start) return 0;
2315 s = (char *)find_whitespace(start); /* also finds '\0', which is fine */
2316 s2 = (char*)eat_whitespace(s);
2317 if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-"))
2318 s = (char*)find_whitespace(s2);
2319
2320 if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */
2321 return 0;
2322 strlcpy(tmp, start, s-start+1);
2323
2324 if (tor_version_parse(tmp, &router_version)<0) {
2325 log_info(LD_DIR,"Router version '%s' unparseable.",tmp);
2326 return 1; /* be safe and say yes */
2327 }
2328 }
2329 /* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */
2330
2331 if (!parsed_versions_initialized) {
2332 /* CVE-2011-2769 was fixed on the relay side in Tor versions
2333 * 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */
2334 tor_assert(tor_version_parse("0.2.1.31",
2335 &first_good_0_2_1_guard_version)>=0);
2336 tor_assert(tor_version_parse("0.2.2.34",
2337 &first_good_0_2_2_guard_version)>=0);
2338 tor_assert(tor_version_parse("0.2.3.6-alpha",
2339 &first_good_later_guard_version)>=0);
2340
2341 /* Don't parse these constant version strings once for every relay
2342 * for every vote. */
2343 parsed_versions_initialized = 1;
2344 }
2345
2346 return ((tor_version_same_series(&first_good_0_2_1_guard_version,
2347 &router_version) &&
2348 tor_version_compare(&first_good_0_2_1_guard_version,
2349 &router_version) <= 0) ||
2350 (tor_version_same_series(&first_good_0_2_2_guard_version,
2351 &router_version) &&
2352 tor_version_compare(&first_good_0_2_2_guard_version,
2353 &router_version) <= 0) ||
2354 (tor_version_compare(&first_good_later_guard_version,
2355 &router_version) <= 0));
2356 }
2357
2358 /** Extract status information from <b>ri</b> and from other authority
2359 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2360 * the named flag in <b>rs</b>.
2361 *
2362 * We assume that ri-\>is_running has already been set, e.g. by
2363 * dirserv_set_router_is_running(ri, now);
2364 */
2365 void
2366 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2367 node_t *node,
2368 routerinfo_t *ri,
2369 time_t now,
2370 int naming, int listbadexits,
2371 int listbaddirs, int vote_on_hsdirs)
2372 {
2373 const or_options_t *options = get_options();
2374 int unstable_version =
2375 !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
2376 uint32_t routerbw = router_get_advertised_bandwidth(ri);
2377
2378 memset(rs, 0, sizeof(routerstatus_t));
2379
2380 rs->is_authority =
2381 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2382
2383 /* Already set by compute_performance_thresholds. */
2384 rs->is_exit = node->is_exit;
2385 rs->is_stable = node->is_stable =
2386 router_is_active(ri, node, now) &&
2387 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0) &&
2388 !unstable_version;
2389 rs->is_fast = node->is_fast =
2390 router_is_active(ri, node, now) &&
2391 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2392 rs->is_flagged_running = node->is_running; /* computed above */
2393
2394 if (naming) {
2395 uint32_t name_status = dirserv_get_name_status(
2396 node->identity, ri->nickname);
2397 rs->is_named = (naming && (name_status & FP_NAMED)) ? 1 : 0;
2398 rs->is_unnamed = (naming && (name_status & FP_UNNAMED)) ? 1 : 0;
2399 }
2400 rs->is_valid = node->is_valid;
2401
2402 if (node->is_fast &&
2403 ((options->AuthDirGuardBWGuarantee &&
2404 routerbw >= options->AuthDirGuardBWGuarantee) ||
2405 routerbw >= MIN(guard_bandwidth_including_exits,
2406 guard_bandwidth_excluding_exits)) &&
2407 (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
2408 is_router_version_good_for_possible_guard(ri->platform))) {
2409 long tk = rep_hist_get_weighted_time_known(
2410 node->identity, now);
2411 double wfu = rep_hist_get_weighted_fractional_uptime(
2412 node->identity, now);
2413 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2414 } else {
2415 rs->is_possible_guard = 0;
2416 }
2417
2418 rs->is_bad_directory = listbaddirs && node->is_bad_directory;
2419 rs->is_bad_exit = listbadexits && node->is_bad_exit;
2420 node->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, node, now);
2421 rs->is_hs_dir = vote_on_hsdirs && node->is_hs_dir;
2422 rs->is_v2_dir = ri->dir_port != 0;
2423
2424 if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME))
2425 rs->is_named = rs->is_unnamed = 0;
2426
2427 rs->published_on = ri->cache_info.published_on;
2428 memcpy(rs->identity_digest, node->identity, DIGEST_LEN);
2429 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2430 DIGEST_LEN);
2431 rs->addr = ri->addr;
2432 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2433 rs->or_port = ri->or_port;
2434 rs->dir_port = ri->dir_port;
2435 }
2436
2437 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2438 * too narrow an IP-space. Clear out its flags: we don't want people
2439 * using it.
2440 */
2441 static void
2442 clear_status_flags_on_sybil(routerstatus_t *rs)
2443 {
2444 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2445 rs->is_flagged_running = rs->is_named = rs->is_valid = rs->is_v2_dir =
2446 rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit =
2447 rs->is_bad_directory = 0;
2448 /* FFFF we might want some mechanism to check later on if we
2449 * missed zeroing any flags: it's easy to add a new flag but
2450 * forget to add it to this clause. */
2451 }
2452
2453 /**
2454 * Helper function to parse out a line in the measured bandwidth file
2455 * into a measured_bw_line_t output structure. Returns -1 on failure
2456 * or 0 on success.
2457 */
2458 int
2459 measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line)
2460 {
2461 char *line = tor_strdup(orig_line);
2462 char *cp = line;
2463 int got_bw = 0;
2464 int got_node_id = 0;
2465 char *strtok_state; /* lame sauce d'jour */
2466 cp = tor_strtok_r(cp, " \t", &strtok_state);
2467
2468 if (!cp) {
2469 log_warn(LD_DIRSERV, "Invalid line in bandwidth file: %s",
2470 escaped(orig_line));
2471 tor_free(line);
2472 return -1;
2473 }
2474
2475 if (orig_line[strlen(orig_line)-1] != '\n') {
2476 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2477 escaped(orig_line));
2478 tor_free(line);
2479 return -1;
2480 }
2481
2482 do {
2483 if (strcmpstart(cp, "bw=") == 0) {
2484 int parse_ok = 0;
2485 char *endptr;
2486 if (got_bw) {
2487 log_warn(LD_DIRSERV, "Double bw= in bandwidth file line: %s",
2488 escaped(orig_line));
2489 tor_free(line);
2490 return -1;
2491 }
2492 cp+=strlen("bw=");
2493
2494 out->bw = tor_parse_long(cp, 0, 0, LONG_MAX, &parse_ok, &endptr);
2495 if (!parse_ok || (*endptr && !TOR_ISSPACE(*endptr))) {
2496 log_warn(LD_DIRSERV, "Invalid bandwidth in bandwidth file line: %s",
2497 escaped(orig_line));
2498 tor_free(line);
2499 return -1;
2500 }
2501 got_bw=1;
2502 } else if (strcmpstart(cp, "node_id=$") == 0) {
2503 if (got_node_id) {
2504 log_warn(LD_DIRSERV, "Double node_id= in bandwidth file line: %s",
2505 escaped(orig_line));
2506 tor_free(line);
2507 return -1;
2508 }
2509 cp+=strlen("node_id=$");
2510
2511 if (strlen(cp) != HEX_DIGEST_LEN ||
2512 base16_decode(out->node_id, DIGEST_LEN, cp, HEX_DIGEST_LEN)) {
2513 log_warn(LD_DIRSERV, "Invalid node_id in bandwidth file line: %s",
2514 escaped(orig_line));
2515 tor_free(line);
2516 return -1;
2517 }
2518 strlcpy(out->node_hex, cp, sizeof(out->node_hex));
2519 got_node_id=1;
2520 }
2521 } while ((cp = tor_strtok_r(NULL, " \t", &strtok_state)));
2522
2523 if (got_bw && got_node_id) {
2524 tor_free(line);
2525 return 0;
2526 } else {
2527 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2528 escaped(orig_line));
2529 tor_free(line);
2530 return -1;
2531 }
2532 }
2533
2534 /**
2535 * Helper function to apply a parsed measurement line to a list
2536 * of bandwidth statuses. Returns true if a line is found,
2537 * false otherwise.
2538 */
2539 int
2540 measured_bw_line_apply(measured_bw_line_t *parsed_line,
2541 smartlist_t *routerstatuses)
2542 {
2543 routerstatus_t *rs = NULL;
2544 if (!routerstatuses)
2545 return 0;
2546
2547 rs = smartlist_bsearch(routerstatuses, parsed_line->node_id,
2548 compare_digest_to_routerstatus_entry);
2549
2550 if (rs) {
2551 rs->has_measured_bw = 1;
2552 rs->measured_bw = (uint32_t)parsed_line->bw;
2553 } else {
2554 log_info(LD_DIRSERV, "Node ID %s not found in routerstatus list",
2555 parsed_line->node_hex);
2556 }
2557
2558 return rs != NULL;
2559 }
2560
2561 /**
2562 * Read the measured bandwidth file and apply it to the list of
2563 * routerstatuses. Returns -1 on error, 0 otherwise.
2564 */
2565 int
2566 dirserv_read_measured_bandwidths(const char *from_file,
2567 smartlist_t *routerstatuses)
2568 {
2569 char line[256];
2570 FILE *fp = tor_fopen_cloexec(from_file, "r");
2571 int applied_lines = 0;
2572 time_t file_time;
2573 int ok;
2574 if (fp == NULL) {
2575 log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
2576 from_file);
2577 return -1;
2578 }
2579
2580 if (!fgets(line, sizeof(line), fp)
2581 || !strlen(line) || line[strlen(line)-1] != '\n') {
2582 log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
2583 escaped(line));
2584 fclose(fp);
2585 return -1;
2586 }
2587
2588 line[strlen(line)-1] = '\0';
2589 file_time = tor_parse_ulong(line, 10, 0, ULONG_MAX, &ok, NULL);
2590 if (!ok) {
2591 log_warn(LD_DIRSERV, "Non-integer time in bandwidth file: %s",
2592 escaped(line));
2593 fclose(fp);
2594 return -1;
2595 }
2596
2597 if ((time(NULL) - file_time) > MAX_MEASUREMENT_AGE) {
2598 log_warn(LD_DIRSERV, "Bandwidth measurement file stale. Age: %u",
2599 (unsigned)(time(NULL) - file_time));
2600 fclose(fp);
2601 return -1;
2602 }
2603
2604 if (routerstatuses)
2605 smartlist_sort(routerstatuses, compare_routerstatus_entries);
2606
2607 while (!feof(fp)) {
2608 measured_bw_line_t parsed_line;
2609 if (fgets(line, sizeof(line), fp) && strlen(line)) {
2610 if (measured_bw_line_parse(&parsed_line, line) != -1) {
2611 if (measured_bw_line_apply(&parsed_line, routerstatuses) > 0)
2612 applied_lines++;
2613 }
2614 }
2615 }
2616
2617 fclose(fp);
2618 log_info(LD_DIRSERV,
2619 "Bandwidth measurement file successfully read. "
2620 "Applied %d measurements.", applied_lines);
2621 return 0;
2622 }
2623
2624 /** Return a new networkstatus_t* containing our current opinion. (For v3
2625 * authorities) */
2626 networkstatus_t *
2627 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
2628 authority_cert_t *cert)
2629 {
2630 const or_options_t *options = get_options();
2631 networkstatus_t *v3_out = NULL;
2632 uint32_t addr;
2633 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2634 const char *contact;
2635 smartlist_t *routers, *routerstatuses;
2636 char identity_digest[DIGEST_LEN];
2637 char signing_key_digest[DIGEST_LEN];
2638 int naming = options->NamingAuthoritativeDir;
2639 int listbadexits = options->AuthDirListBadExits;
2640 int listbaddirs = options->AuthDirListBadDirs;
2641 int vote_on_hsdirs = options->VoteOnHidServDirectoriesV2;
2642 routerlist_t *rl = router_get_routerlist();
2643 time_t now = time(NULL);
2644 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2645 networkstatus_voter_info_t *voter = NULL;
2646 vote_timing_t timing;
2647 digestmap_t *omit_as_sybil = NULL;
2648 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
2649 smartlist_t *microdescriptors = NULL;
2650
2651 tor_assert(private_key);
2652 tor_assert(cert);
2653
2654 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2655 log_warn(LD_NET, "Couldn't resolve my hostname");
2656 return NULL;
2657 }
2658 if (!strchr(hostname, '.')) {
2659 tor_free(hostname);
2660 hostname = tor_dup_ip(addr);
2661 }
2662 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2663 log_err(LD_BUG, "Error computing signing key digest");
2664 return NULL;
2665 }
2666 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2667 log_err(LD_BUG, "Error computing identity key digest");
2668 return NULL;
2669 }
2670
2671 if (options->VersioningAuthoritativeDir) {
2672 client_versions = format_versions_list(options->RecommendedClientVersions);
2673 server_versions = format_versions_list(options->RecommendedServerVersions);
2674 }
2675
2676 contact = get_options()->ContactInfo;
2677 if (!contact)
2678 contact = "(none)";
2679
2680 /* precompute this part, since we need it to decide what "stable"
2681 * means. */
2682 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2683 dirserv_set_router_is_running(ri, now);
2684 });
2685
2686 dirserv_compute_performance_thresholds(rl);
2687
2688 routers = smartlist_create();
2689 smartlist_add_all(routers, rl->routers);
2690 routers_sort_by_identity(routers);
2691 omit_as_sybil = get_possible_sybil_list(routers);
2692
2693 routerstatuses = smartlist_create();
2694 microdescriptors = smartlist_create();
2695
2696 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
2697 if (ri->cache_info.published_on >= cutoff) {
2698 routerstatus_t *rs;
2699 vote_routerstatus_t *vrs;
2700 microdesc_t *md;
2701 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
2702 if (!node)
2703 continue;
2704
2705 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2706 rs = &vrs->status;
2707 set_routerstatus_from_routerinfo(rs, node, ri, now,
2708 naming, listbadexits, listbaddirs,
2709 vote_on_hsdirs);
2710
2711 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2712 clear_status_flags_on_sybil(rs);
2713
2714 if (!vote_on_reachability)
2715 rs->is_flagged_running = 0;
2716
2717 vrs->version = version_from_platform(ri->platform);
2718 md = dirvote_create_microdescriptor(ri);
2719 if (md) {
2720 char buf[128];
2721 vote_microdesc_hash_t *h;
2722 dirvote_format_microdesc_vote_line(buf, sizeof(buf), md);
2723 h = tor_malloc(sizeof(vote_microdesc_hash_t));
2724 h->microdesc_hash_line = tor_strdup(buf);
2725 h->next = NULL;
2726 vrs->microdesc = h;
2727 md->last_listed = now;
2728 smartlist_add(microdescriptors, md);
2729 }
2730
2731 smartlist_add(routerstatuses, vrs);
2732 }
2733 } SMARTLIST_FOREACH_END(ri);
2734
2735 {
2736 smartlist_t *added =
2737 microdescs_add_list_to_cache(get_microdesc_cache(),
2738 microdescriptors, SAVED_NOWHERE, 0);
2739 smartlist_free(added);
2740 smartlist_free(microdescriptors);
2741 }
2742
2743 smartlist_free(routers);
2744 digestmap_free(omit_as_sybil, NULL);
2745
2746 if (options->V3BandwidthsFile) {
2747 dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
2748 routerstatuses);
2749 }
2750
2751 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
2752
2753 v3_out->type = NS_TYPE_VOTE;
2754 dirvote_get_preferred_voting_intervals(&timing);
2755 v3_out->published = now;
2756 {
2757 char tbuf[ISO_TIME_LEN+1];
2758 networkstatus_t *current_consensus =
2759 networkstatus_get_live_consensus(now);
2760 long last_consensus_interval; /* only used to pick a valid_after */
2761 if (current_consensus)
2762 last_consensus_interval = current_consensus->fresh_until -
2763 current_consensus->valid_after;
2764 else
2765 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
2766 v3_out->valid_after =
2767 dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
2768 format_iso_time(tbuf, v3_out->valid_after);
2769 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
2770 "consensus_set=%d, last_interval=%d",
2771 tbuf, current_consensus?1:0, (int)last_consensus_interval);
2772 }
2773 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
2774 v3_out->valid_until = v3_out->valid_after +
2775 (timing.vote_interval * timing.n_intervals_valid);
2776 v3_out->vote_seconds = timing.vote_delay;
2777 v3_out->dist_seconds = timing.dist_delay;
2778 tor_assert(v3_out->vote_seconds > 0);
2779 tor_assert(v3_out->dist_seconds > 0);
2780 tor_assert(timing.n_intervals_valid > 0);
2781
2782 v3_out->client_versions = client_versions;
2783 v3_out->server_versions = server_versions;
2784 v3_out->known_flags = smartlist_create();
2785 smartlist_split_string(v3_out->known_flags,
2786 "Authority Exit Fast Guard Stable V2Dir Valid",
2787 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
2788 if (vote_on_reachability)
2789 smartlist_add(v3_out->known_flags, tor_strdup("Running"));
2790 if (listbaddirs)
2791 smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
2792 if (listbadexits)
2793 smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
2794 if (naming) {
2795 smartlist_add(v3_out->known_flags, tor_strdup("Named"));
2796 smartlist_add(v3_out->known_flags, tor_strdup("Unnamed"));
2797 }
2798 if (vote_on_hsdirs)
2799 smartlist_add(v3_out->known_flags, tor_strdup("HSDir"));
2800 smartlist_sort_strings(v3_out->known_flags);
2801
2802 if (options->ConsensusParams) {
2803 v3_out->net_params = smartlist_create();
2804 smartlist_split_string(v3_out->net_params,
2805 options->ConsensusParams, NULL, 0, 0);
2806 smartlist_sort_strings(v3_out->net_params);
2807 }
2808
2809 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2810 voter->nickname = tor_strdup(options->Nickname);
2811 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
2812 voter->sigs = smartlist_create();
2813 voter->address = hostname;
2814 voter->addr = addr;
2815 voter->dir_port = router_get_advertised_dir_port(options, 0);
2816 voter->or_port = router_get_advertised_or_port(options);
2817 voter->contact = tor_strdup(contact);
2818 if (options->V3AuthUseLegacyKey) {
2819 authority_cert_t *c = get_my_v3_legacy_cert();
2820 if (c) {
2821 if (crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest)) {
2822 log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
2823 memset(voter->legacy_id_digest, 0, DIGEST_LEN);
2824 }
2825 }
2826 }
2827
2828 v3_out->voters = smartlist_create();
2829 smartlist_add(v3_out->voters, voter);
2830 v3_out->cert = authority_cert_dup(cert);
2831 v3_out->routerstatus_list = routerstatuses;
2832 /* Note: networkstatus_digest is unset; it won't get set until we actually
2833 * format the vote. */
2834
2835 return v3_out;
2836 }
2837
2838 /** For v2 authoritative directories only: Replace the contents of
2839 * <b>the_v2_networkstatus</b> with a newly generated network status
2840 * object. */
2841 static cached_dir_t *
2842 generate_v2_networkstatus_opinion(void)
2843 {
2844 cached_dir_t *r = NULL;
2845 size_t len, identity_pkey_len;
2846 char *status = NULL, *client_versions = NULL, *server_versions = NULL,
2847 *identity_pkey = NULL, *hostname = NULL;
2848 char *outp, *endp;
2849 const or_options_t *options = get_options();
2850 char fingerprint[FINGERPRINT_LEN+1];
2851 char published[ISO_TIME_LEN+1];
2852 char digest[DIGEST_LEN];
2853 uint32_t addr;
2854 crypto_pk_env_t *private_key;
2855 routerlist_t *rl = router_get_routerlist();
2856 time_t now = time(NULL);
2857 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2858 int naming = options->NamingAuthoritativeDir;
2859 int versioning = options->VersioningAuthoritativeDir;
2860 int listbaddirs = options->AuthDirListBadDirs;
2861 int listbadexits = options->AuthDirListBadExits;
2862 int vote_on_hsdirs = options->VoteOnHidServDirectoriesV2;
2863 const char *contact;
2864 char *version_lines = NULL;
2865 smartlist_t *routers = NULL;
2866 digestmap_t *omit_as_sybil = NULL;
2867
2868 private_key = get_server_identity_key();
2869
2870 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2871 log_warn(LD_NET, "Couldn't resolve my hostname");
2872 goto done;
2873 }
2874
2875 format_iso_time(published, now);
2876
2877 client_versions = format_versions_list(options->RecommendedClientVersions);
2878 server_versions = format_versions_list(options->RecommendedServerVersions);
2879
2880 if (crypto_pk_write_public_key_to_string(private_key, &identity_pkey,
2881 &identity_pkey_len)<0) {
2882 log_warn(LD_BUG,"Writing public key to string failed.");
2883 goto done;
2884 }
2885
2886 if (crypto_pk_get_fingerprint(private_key, fingerprint, 0)<0) {
2887 log_err(LD_BUG, "Error computing fingerprint");
2888 goto done;
2889 }
2890
2891 contact = options->ContactInfo;
2892 if (!contact)
2893 contact = "(none)";
2894
2895 if (versioning) {
2896 size_t v_len = 64+strlen(client_versions)+strlen(server_versions);
2897 version_lines = tor_malloc(v_len);
2898 tor_snprintf(version_lines, v_len,
2899 "client-versions %s\nserver-versions %s\n",
2900 client_versions, server_versions);
2901 } else {
2902 version_lines = tor_strdup("");
2903 }
2904
2905 len = 4096+strlen(client_versions)+strlen(server_versions);
2906 len += identity_pkey_len*2;
2907 len += (RS_ENTRY_LEN)*smartlist_len(rl->routers);
2908
2909 status = tor_malloc(len);
2910 tor_snprintf(status, len,
2911 "network-status-version 2\n"
2912 "dir-source %s %s %d\n"
2913 "fingerprint %s\n"
2914 "contact %s\n"
2915 "published %s\n"
2916 "dir-options%s%s%s%s\n"
2917 "%s" /* client version line, server version line. */
2918 "dir-signing-key\n%s",
2919 hostname, fmt_addr32(addr),
2920 (int)router_get_advertised_dir_port(options, 0),
2921 fingerprint,
2922 contact,
2923 published,
2924 naming ? " Names" : "",
2925 listbaddirs ? " BadDirectories" : "",
2926 listbadexits ? " BadExits" : "",
2927 versioning ? " Versions" : "",
2928 version_lines,
2929 identity_pkey);
2930 outp = status + strlen(status);
2931 endp = status + len;
2932
2933 /* precompute this part, since we need it to decide what "stable"
2934 * means. */
2935 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2936 dirserv_set_router_is_running(ri, now);
2937 });
2938
2939 dirserv_compute_performance_thresholds(rl);
2940
2941 routers = smartlist_create();
2942 smartlist_add_all(routers, rl->routers);
2943 routers_sort_by_identity(routers);
2944
2945 omit_as_sybil = get_possible_sybil_list(routers);
2946
2947 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2948 if (ri->cache_info.published_on >= cutoff) {
2949 routerstatus_t rs;
2950 char *version = version_from_platform(ri->platform);
2951 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
2952 if (!node) {
2953 tor_free(version);
2954 continue;
2955 }
2956 set_routerstatus_from_routerinfo(&rs, node, ri, now,
2957 naming, listbadexits, listbaddirs,
2958 vote_on_hsdirs);
2959
2960 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2961 clear_status_flags_on_sybil(&rs);
2962
2963 if (routerstatus_format_entry(outp, endp-outp, &rs, version, NS_V2)) {
2964 log_warn(LD_BUG, "Unable to print router status.");
2965 tor_free(version);
2966 goto done;
2967 }
2968 tor_free(version);
2969 outp += strlen(outp);
2970 }
2971 });
2972
2973 if (tor_snprintf(outp, endp-outp, "directory-signature %s\n",
2974 options->Nickname)<0) {
2975 log_warn(LD_BUG, "Unable to write signature line.");
2976 goto done;
2977 }
2978 if (router_get_networkstatus_v2_hash(status, digest)<0) {
2979 log_warn(LD_BUG, "Unable to hash network status");
2980 goto done;
2981 }
2982 outp += strlen(outp);
2983
2984 note_crypto_pk_op(SIGN_DIR);
2985 if (router_append_dirobj_signature(outp,endp-outp,digest,DIGEST_LEN,
2986 private_key)<0) {
2987 log_warn(LD_BUG, "Unable to sign router status.");
2988 goto done;
2989 }
2990
2991 {
2992 networkstatus_v2_t *ns;
2993 if (!(ns = networkstatus_v2_parse_from_string(status))) {
2994 log_err(LD_BUG,"Generated a networkstatus we couldn't parse.");
2995 goto done;
2996 }
2997 networkstatus_v2_free(ns);
2998 }
2999
3000 {
3001 cached_dir_t **ns_ptr = &the_v2_networkstatus;
3002 if (*ns_ptr)
3003 cached_dir_decref(*ns_ptr);
3004 *ns_ptr = new_cached_dir(status, now);
3005 status = NULL; /* So it doesn't get double-freed. */
3006 the_v2_networkstatus_is_dirty = 0;
3007 router_set_networkstatus_v2((*ns_ptr)->dir, now, NS_GENERATED, NULL);
3008 r = *ns_ptr;
3009 }
3010
3011 done:
3012 tor_free(client_versions);
3013 tor_free(server_versions);
3014 tor_free(version_lines);
3015 tor_free(status);
3016 tor_free(hostname);
3017 tor_free(identity_pkey);
3018 smartlist_free(routers);
3019 digestmap_free(omit_as_sybil, NULL);
3020 return r;
3021 }
3022
3023 /** Given the portion of a networkstatus request URL after "tor/status/" in
3024 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
3025 * networkstatus objects that the client has requested. */
3026 void
3027 dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
3028 const char *key)
3029 {
3030 tor_assert(result);
3031
3032 if (!cached_v2_networkstatus)
3033 cached_v2_networkstatus = digestmap_new();
3034
3035 if (should_generate_v2_networkstatus())
3036 generate_v2_networkstatus_opinion();
3037
3038 if (!strcmp(key,"authority")) {
3039 if (authdir_mode_v2(get_options())) {
3040 const routerinfo_t *me = router_get_my_routerinfo();
3041 if (me)
3042 smartlist_add(result,
3043 tor_memdup(me->cache_info.identity_digest, DIGEST_LEN));
3044 }
3045 } else if (!strcmp(key, "all")) {
3046 if (digestmap_size(cached_v2_networkstatus)) {
3047 digestmap_iter_t *iter;
3048 iter = digestmap_iter_init(cached_v2_networkstatus);
3049 while (!digestmap_iter_done(iter)) {
3050 const char *ident;
3051 void *val;
3052 digestmap_iter_get(iter, &ident, &val);
3053 smartlist_add(result, tor_memdup(ident, DIGEST_LEN));
3054 iter = digestmap_iter_next(cached_v2_networkstatus, iter);
3055 }
3056 } else {
3057 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
3058 trusted_dir_server_t *, ds,
3059 if (ds->type & V2_DIRINFO)
3060 smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
3061 }
3062 smartlist_sort_digests(result);
3063 if (smartlist_len(result) == 0)
3064 log_info(LD_DIRSERV,
3065 "Client requested 'all' network status objects; we have none.");
3066 } else if (!strcmpstart(key, "fp/")) {
3067 dir_split_resource_into_fingerprints(key+3, result, NULL,
3068 DSR_HEX|DSR_SORT_UNIQ);
3069 }
3070 }
3071
3072 /** Look for a network status object as specified by <b>key</b>, which should
3073 * be either "authority" (to find a network status generated by us), a hex
3074 * identity digest (to find a network status generated by given directory), or
3075 * "all" (to return all the v2 network status objects we have).
3076 */
3077 void
3078 dirserv_get_networkstatus_v2(smartlist_t *result,
3079 const char *key)
3080 {
3081 cached_dir_t *cached;
3082 smartlist_t *fingerprints = smartlist_create();
3083 tor_assert(result);
3084
3085 if (!cached_v2_networkstatus)
3086 cached_v2_networkstatus = digestmap_new();
3087
3088 dirserv_get_networkstatus_v2_fingerprints(fingerprints, key);
3089 SMARTLIST_FOREACH(fingerprints, const char *, fp,
3090 {
3091 if (router_digest_is_me(fp) && should_generate_v2_networkstatus())
3092 generate_v2_networkstatus_opinion();
3093 cached = digestmap_get(cached_v2_networkstatus, fp);
3094 if (cached) {
3095 smartlist_add(result, cached);
3096 } else {
3097 char hexbuf[HEX_DIGEST_LEN+1];
3098 base16_encode(hexbuf, sizeof(hexbuf), fp, DIGEST_LEN);
3099 log_info(LD_DIRSERV, "Don't know about any network status with "
3100 "fingerprint '%s'", hexbuf);
3101 }
3102 });
3103 SMARTLIST_FOREACH(fingerprints, char *, cp, tor_free(cp));
3104 smartlist_free(fingerprints);
3105 }
3106
3107 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3108 * pointers, adds copies of digests to fps_out, and doesn't use the
3109 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3110 * requests, adds identity digests.
3111 */
3112 int
3113 dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
3114 const char **msg, int for_unencrypted_conn,
3115 int is_extrainfo)
3116 {
3117 int by_id = 1;
3118 *msg = NULL;
3119
3120 if (!strcmp(key, "all")) {
3121 routerlist_t *rl = router_get_routerlist();
3122 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3123 smartlist_add(fps_out,
3124 tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
3125 /* Treat "all" requests as if they were unencrypted */
3126 for_unencrypted_conn = 1;
3127 } else if (!strcmp(key, "authority")) {
3128 const routerinfo_t *ri = router_get_my_routerinfo();
3129 if (ri)
3130 smartlist_add(fps_out,
3131 tor_memdup(ri->cache_info.identity_digest, DIGEST_LEN));
3132 } else if (!strcmpstart(key, "d/")) {
3133 by_id = 0;
3134 key += strlen("d/");
3135 dir_split_resource_into_fingerprints(key, fps_out, NULL,
3136 DSR_HEX|DSR_SORT_UNIQ);
3137 } else if (!strcmpstart(key, "fp/")) {
3138 key += strlen("fp/");
3139 dir_split_resource_into_fingerprints(key, fps_out, NULL,
3140 DSR_HEX|DSR_SORT_UNIQ);
3141 } else {
3142 *msg = "Key not recognized";
3143 return -1;
3144 }
3145
3146 if (for_unencrypted_conn) {
3147 /* Remove anything that insists it not be sent unencrypted. */
3148 SMARTLIST_FOREACH_BEGIN(fps_out, char *, cp) {
3149 const signed_descriptor_t *sd;
3150 if (by_id)
3151 sd = get_signed_descriptor_by_fp(cp,is_extrainfo,0);
3152 else if (is_extrainfo)
3153 sd = extrainfo_get_by_descriptor_digest(cp);
3154 else
3155 sd = router_get_by_descriptor_digest(cp);
3156 if (sd && !sd->send_unencrypted) {
3157 tor_free(cp);
3158 SMARTLIST_DEL_CURRENT(fps_out, cp);
3159 }
3160 } SMARTLIST_FOREACH_END(cp);
3161 }
3162
3163 if (!smartlist_len(fps_out)) {
3164 *msg = "Servers unavailable";
3165 return -1;
3166 }
3167 return 0;
3168 }
3169
3170 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3171 * <b>key</b>. The key should be either
3172 * - "/tor/server/authority" for our own routerinfo;
3173 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3174 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3175 * hex identity digests; or
3176 * - "/tor/server/d/D" where D is a plus-separated sequence
3177 * of server descriptor digests, in hex.
3178 *
3179 * Return 0 if we found some matching descriptors, or -1 if we do not
3180 * have any descriptors, no matching descriptors, or if we did not
3181 * recognize the key (URL).
3182 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3183 * message.
3184 *
3185 * XXXX rename this function. It's only called from the controller.
3186 * XXXX in fact, refactor this function, merging as much as possible.
3187 */
3188 int
3189 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
3190 const char **msg)
3191 {
3192 *msg = NULL;
3193
3194 if (!strcmp(key, "/tor/server/all")) {
3195 routerlist_t *rl = router_get_routerlist();
3196 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3197 smartlist_add(descs_out, &(r->cache_info)));
3198 } else if (!strcmp(key, "/tor/server/authority")) {
3199 const routerinfo_t *ri = router_get_my_routerinfo();
3200 if (ri)
3201 smartlist_add(descs_out, (void*) &(ri->cache_info));
3202 } else if (!strcmpstart(key, "/tor/server/d/")) {
3203 smartlist_t *digests = smartlist_create();
3204 key += strlen("/tor/server/d/");
3205 dir_split_resource_into_fingerprints(key, digests, NULL,
3206 DSR_HEX|DSR_SORT_UNIQ);
3207 SMARTLIST_FOREACH(digests, const char *, d,
3208 {
3209 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
3210 if (sd)
3211 smartlist_add(descs_out,sd);
3212 });
3213 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3214 smartlist_free(digests);
3215 } else if (!strcmpstart(key, "/tor/server/fp/")) {
3216 smartlist_t *digests = smartlist_create();
3217 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
3218 key += strlen("/tor/server/fp/");
3219 dir_split_resource_into_fingerprints(key, digests, NULL,
3220 DSR_HEX|DSR_SORT_UNIQ);
3221 SMARTLIST_FOREACH(digests, const char *, d,
3222 {
3223 if (router_digest_is_me(d)) {
3224 /* make sure desc_routerinfo exists */
3225 const routerinfo_t *ri = router_get_my_routerinfo();
3226 if (ri)
3227 smartlist_add(descs_out, (void*) &(ri->cache_info));
3228 } else {
3229 const routerinfo_t *ri = router_get_by_id_digest(d);
3230 /* Don't actually serve a descriptor that everyone will think is
3231 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3232 * Tors from downloading descriptors that they will throw away.
3233 */
3234 if (ri && ri->cache_info.published_on > cutoff)
3235 smartlist_add(descs_out, (void*) &(ri->cache_info));
3236 }
3237 });
3238 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3239 smartlist_free(digests);
3240 } else {
3241 *msg = "Key not recognized";
3242 return -1;
3243 }
3244
3245 if (!smartlist_len(descs_out)) {
3246 *msg = "Servers unavailable";
3247 return -1;
3248 }
3249 return 0;
3250 }
3251
3252 /** Called when a TLS handshake has completed successfully with a
3253 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3254 * a certificate with digest <b>digest_rcvd</b>.
3255 *
3256 * Also, if as_advertised is 1, then inform the reachability checker
3257 * that we could get to this guy.
3258 */
3259 void
3260 dirserv_orconn_tls_done(const char *address,
3261 uint16_t or_port,
3262 const char *digest_rcvd,
3263 int as_advertised)
3264 {
3265 routerlist_t *rl = router_get_routerlist();
3266 time_t now = time(NULL);
3267 int bridge_auth = authdir_mode_bridge(get_options());
3268 tor_assert(address);
3269 tor_assert(digest_rcvd);
3270
3271 /* XXX023 Doing a loop like this is stupid. We should just look up the
3272 * router by digest_rcvd, and see if address, orport, and as_advertised
3273 * match up. -NM */
3274 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, ri) {
3275 if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
3276 as_advertised &&
3277 fast_memeq(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
3278 /* correct digest. mark this router reachable! */
3279 if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) {
3280 tor_addr_t addr, *addrp=NULL;
3281 log_info(LD_DIRSERV, "Found router %s to be reachable at %s:%d. Yay.",
3282 router_describe(ri),
3283 address, ri->or_port);
3284 if (tor_addr_parse(&addr, ri->address) != -1)
3285 addrp = &addr;
3286 else
3287 log_warn(LD_BUG, "Couldn't parse IP address \"%s\"", ri->address);
3288 rep_hist_note_router_reachable(digest_rcvd, addrp, or_port, now);
3289 ri->last_reachable = now;
3290 }
3291 }
3292 } SMARTLIST_FOREACH_END(ri);
3293 /* FFFF Maybe we should reinstate the code that dumps routers with the same
3294 * addr/port but with nonmatching keys, but instead of dumping, we should
3295 * skip testing. */
3296 }
3297
3298 /** Called when we, as an authority, receive a new router descriptor either as
3299 * an upload or a download. Used to decide whether to relaunch reachability
3300 * testing for the server. */
3301 int
3302 dirserv_should_launch_reachability_test(const routerinfo_t *ri,
3303 const routerinfo_t *ri_old)
3304 {
3305 if (!authdir_mode_handles_descs(get_options(), ri->purpose))
3306 return 0;
3307 if (!ri_old) {
3308 /* New router: Launch an immediate reachability test, so we will have an
3309 * opinion soon in case we're generating a consensus soon */
3310 return 1;
3311 }
3312 if (ri_old->is_hibernating && !ri->is_hibernating) {
3313 /* It just came out of hibernation; launch a reachability test */
3314 return 1;
3315 }
3316 if (! routers_have_same_or_addr(ri, ri_old)) {
3317 /* Address or port changed; launch a reachability test */
3318 return 1;
3319 }
3320 return 0;
3321 }
3322
3323 /** Helper function for dirserv_test_reachability(). Start a TLS
3324 * connection to <b>router</b>, and annotate it with when we started
3325 * the test. */
3326 void
3327 dirserv_single_reachability_test(time_t now, routerinfo_t *router)
3328 {
3329 tor_addr_t router_addr;
3330 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
3331 router->nickname, router->address, router->or_port);
3332 /* Remember when we started trying to determine reachability */
3333 if (!router->testing_since)
3334 router->testing_since = now;
3335 tor_addr_from_ipv4h(&router_addr, router->addr);
3336 connection_or_connect(&router_addr, router->or_port,
3337 router->cache_info.identity_digest);
3338 }
3339
3340 /** Auth dir server only: load balance such that we only
3341 * try a few connections per call.
3342 *
3343 * The load balancing is such that if we get called once every ten
3344 * seconds, we will cycle through all the tests in
3345 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3346 */
3347 void
3348 dirserv_test_reachability(time_t now)
3349 {
3350 /* XXX decide what to do here; see or-talk thread "purging old router
3351 * information, revocation." -NM
3352 * We can't afford to mess with this in 0.1.2.x. The reason is that
3353 * if we stop doing reachability tests on some of routerlist, then
3354 * we'll for-sure think they're down, which may have unexpected
3355 * effects in other parts of the code. It doesn't hurt much to do
3356 * the testing, and directory authorities are easy to upgrade. Let's
3357 * wait til 0.2.0. -RD */
3358 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3359 routerlist_t *rl = router_get_routerlist();
3360 static char ctr = 0;
3361 int bridge_auth = authdir_mode_bridge(get_options());
3362
3363 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, router) {
3364 const char *id_digest = router->cache_info.identity_digest;
3365 if (router_is_me(router))
3366 continue;
3367 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
3368 continue; /* bridge authorities only test reachability on bridges */
3369 // if (router->cache_info.published_on > cutoff)
3370 // continue;
3371 if ((((uint8_t)id_digest[0]) % REACHABILITY_MODULO_PER_TEST) == ctr) {
3372 dirserv_single_reachability_test(now, router);
3373 }
3374 } SMARTLIST_FOREACH_END(router);
3375 ctr = (ctr + 1) % REACHABILITY_MODULO_PER_TEST; /* increment ctr */
3376 }
3377
3378 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3379 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3380 * flavor name if we want a flavored v3 status, return a pointer to the
3381 * appropriate cached dir object, or NULL if there isn't one available. */
3382 static cached_dir_t *
3383 lookup_cached_dir_by_fp(const char *fp)
3384 {
3385 cached_dir_t *d = NULL;
3386 if (tor_digest_is_zero(fp) && cached_consensuses)
3387 d = strmap_get(cached_consensuses, "ns");
3388 else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses &&
3389 (d = strmap_get(cached_consensuses, fp))) {
3390 /* this here interface is a nasty hack XXXX023 */;
3391 } else if (router_digest_is_me(fp) && the_v2_networkstatus)
3392 d = the_v2_networkstatus;
3393 else if (cached_v2_networkstatus)
3394 d = digestmap_get(cached_v2_networkstatus, fp);
3395 return d;
3396 }
3397
3398 /** Remove from <b>fps</b> every networkstatus key where both
3399 * a) we have a networkstatus document and
3400 * b) it is not newer than <b>cutoff</b>.
3401 *
3402 * Return 1 if any items were present at all; else return 0.
3403 */
3404 int
3405 dirserv_remove_old_statuses(smartlist_t *fps, time_t cutoff)
3406 {
3407 int found_any = 0;
3408 SMARTLIST_FOREACH(fps, char *, digest,
3409 {
3410 cached_dir_t *d = lookup_cached_dir_by_fp(digest);
3411 if (!d)
3412 continue;
3413 found_any = 1;
3414 if (d->published <= cutoff) {
3415 tor_free(digest);
3416 SMARTLIST_DEL_CURRENT(fps, digest);
3417 }
3418 });
3419
3420 return found_any;
3421 }
3422
3423 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3424 * its extra-info document if <b>extrainfo</b> is true. Return
3425 * NULL if not found or if the descriptor is older than
3426 * <b>publish_cutoff</b>. */
3427 static const signed_descriptor_t *
3428 get_signed_descriptor_by_fp(const char *fp, int extrainfo,
3429 time_t publish_cutoff)
3430 {
3431 if (router_digest_is_me(fp)) {
3432 if (extrainfo)
3433 return &(router_get_my_extrainfo()->cache_info);
3434 else
3435 return &(router_get_my_routerinfo()->cache_info);
3436 } else {
3437 const routerinfo_t *ri = router_get_by_id_digest(fp);
3438 if (ri &&
3439 ri->cache_info.published_on > publish_cutoff) {
3440 if (extrainfo)
3441 return extrainfo_get_by_descriptor_digest(
3442 ri->cache_info.extra_info_digest);
3443 else
3444 return &ri->cache_info;
3445 }
3446 }
3447 return NULL;
3448 }
3449
3450 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3451 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3452 * decide whether to send a 404. */
3453 int
3454 dirserv_have_any_serverdesc(smartlist_t *fps, int spool_src)
3455 {
3456 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3457 SMARTLIST_FOREACH(fps, const char *, fp, {
3458 switch (spool_src)
3459 {
3460 case DIR_SPOOL_EXTRA_BY_DIGEST:
3461 if (extrainfo_get_by_descriptor_digest(fp)) return 1;
3462 break;
3463 case DIR_SPOOL_SERVER_BY_DIGEST:
3464 if (router_get_by_descriptor_digest(fp)) return 1;
3465 break;
3466 case DIR_SPOOL_EXTRA_BY_FP:
3467 case DIR_SPOOL_SERVER_BY_FP:
3468 if (get_signed_descriptor_by_fp(fp,
3469 spool_src == DIR_SPOOL_EXTRA_BY_FP, publish_cutoff))
3470 return 1;
3471 break;
3472 }
3473 });
3474 return 0;
3475 }
3476
3477 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3478 * a microdescriptor we have. */
3479 int
3480 dirserv_have_any_microdesc(const smartlist_t *fps)
3481 {
3482 microdesc_cache_t *cache = get_microdesc_cache();
3483 SMARTLIST_FOREACH(fps, const char *, fp,
3484 if (microdesc_cache_lookup_by_digest256(cache, fp))
3485 return 1);
3486 return 0;
3487 }
3488
3489 /** Return an approximate estimate of the number of bytes that will
3490 * be needed to transmit the server descriptors (if is_serverdescs --
3491 * they can be either d/ or fp/ queries) or networkstatus objects (if
3492 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3493 * we guess how large the data will be after compression.
3494 *
3495 * The return value is an estimate; it might be larger or smaller.
3496 **/
3497 size_t
3498 dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
3499 int compressed)
3500 {
3501 size_t result;
3502 tor_assert(fps);
3503 if (is_serverdescs) {
3504 int n = smartlist_len(fps);
3505 const routerinfo_t *me = router_get_my_routerinfo();
3506 result = (me?me->cache_info.signed_descriptor_len:2048) * n;
3507 if (compressed)
3508 result /= 2; /* observed compressibility is between 35 and 55%. */
3509 } else {
3510 result = 0;
3511 SMARTLIST_FOREACH(fps, const char *, digest, {
3512 cached_dir_t *dir = lookup_cached_dir_by_fp(digest);
3513 if (dir)
3514 result += compressed ? dir->dir_z_len : dir->dir_len;
3515 });
3516 }
3517 return result;
3518 }
3519
3520 /** Given a list of microdescriptor hashes, guess how many bytes will be
3521 * needed to transmit them, and return the guess. */
3522 size_t
3523 dirserv_estimate_microdesc_size(const smartlist_t *fps, int compressed)
3524 {
3525 size_t result = smartlist_len(fps) * microdesc_average_size(NULL);
3526 if (compressed)
3527 result /= 2;
3528 return result;
3529 }
3530
3531 /** When we're spooling data onto our outbuf, add more whenever we dip
3532 * below this threshold. */
3533 #define DIRSERV_BUFFER_MIN 16384
3534
3535 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3536 * Flushes any remaining data to be (un)compressed, and changes the spool
3537 * source to NONE. Returns 0 on success, negative on failure. */
3538 static int
3539 connection_dirserv_finish_spooling(dir_connection_t *conn)
3540 {
3541 if (conn->zlib_state) {
3542 connection_write_to_buf_zlib("", 0, conn, 1);
3543 tor_zlib_free(conn->zlib_state);
3544 conn->zlib_state = NULL;
3545 }
3546 conn->dir_spool_src = DIR_SPOOL_NONE;
3547 return 0;
3548 }
3549
3550 /** Spooling helper: called when we're sending a bunch of server descriptors,
3551 * and the outbuf has become too empty. Pulls some entries from
3552 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3553 * run out of entries, flushes the zlib state and sets the spool source to
3554 * NONE. Returns 0 on success, negative on failure.
3555 */
3556 static int
3557 connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
3558 {
3559 int by_fp = (conn->dir_spool_src == DIR_SPOOL_SERVER_BY_FP ||
3560 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP);
3561 int extra = (conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP ||
3562 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_DIGEST);
3563 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3564
3565 const or_options_t *options = get_options();
3566
3567 while (smartlist_len(conn->fingerprint_stack) &&
3568 connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN) {
3569 const char *body;
3570 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3571 const signed_descriptor_t *sd = NULL;
3572 if (by_fp) {
3573 sd = get_signed_descriptor_by_fp(fp, extra, publish_cutoff);
3574 } else {
3575 sd = extra ? extrainfo_get_by_descriptor_digest(fp)
3576 : router_get_by_descriptor_digest(fp);
3577 }
3578 tor_free(fp);
3579 if (!sd)
3580 continue;
3581 if (!connection_dir_is_encrypted(conn) && !sd->send_unencrypted) {
3582 /* we did this check once before (so we could have an accurate size
3583 * estimate and maybe send a 404 if somebody asked for only bridges on a
3584 * connection), but we need to do it again in case a previously
3585 * unknown bridge descriptor has shown up between then and now. */
3586 continue;
3587 }
3588
3589 /** If we are the bridge authority and the descriptor is a bridge
3590 * descriptor, remember that we served this descriptor for desc stats. */
3591 if (options->BridgeAuthoritativeDir && by_fp) {
3592 const routerinfo_t *router =
3593 router_get_by_id_digest(sd->identity_digest);
3594 /* router can be NULL here when the bridge auth is asked for its own
3595 * descriptor. */
3596 if (router && router->purpose == ROUTER_PURPOSE_BRIDGE)
3597 rep_hist_note_desc_served(sd->identity_digest);
3598 }
3599 body = signed_descriptor_get_body(sd);
3600 if (conn->zlib_state) {
3601 /* XXXX022 This 'last' business should actually happen on the last
3602 * routerinfo, not on the last fingerprint. */
3603 int last = ! smartlist_len(conn->fingerprint_stack);
3604 connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
3605 last);
3606 if (last) {
3607 tor_zlib_free(conn->zlib_state);
3608 conn->zlib_state = NULL;
3609 }
3610 } else {
3611 connection_write_to_buf(body,
3612 sd->signed_descriptor_len,
3613 TO_CONN(conn));
3614 }
3615 }
3616
3617 if (!smartlist_len(conn->fingerprint_stack)) {
3618 /* We just wrote the last one; finish up. */
3619 conn->dir_spool_src = DIR_SPOOL_NONE;
3620 smartlist_free(conn->fingerprint_stack);
3621 conn->fingerprint_stack = NULL;
3622 }
3623 return 0;
3624 }
3625
3626 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3627 * and the outbuf has become too empty. Pulls some entries from
3628 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3629 * we run out of entries, flushes the zlib state and sets the spool source to
3630 * NONE. Returns 0 on success, negative on failure.
3631 */
3632 static int
3633 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t *conn)
3634 {
3635 microdesc_cache_t *cache = get_microdesc_cache();
3636 while (smartlist_len(conn->fingerprint_stack) &&
3637 connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN) {
3638 char *fp256 = smartlist_pop_last(conn->fingerprint_stack);
3639 microdesc_t *md = microdesc_cache_lookup_by_digest256(cache, fp256);
3640 tor_free(fp256);
3641 if (!md)
3642 continue;
3643 if (conn->zlib_state) {
3644 /* XXXX022 This 'last' business should actually happen on the last
3645 * routerinfo, not on the last fingerprint. */
3646 int last = !smartlist_len(conn->fingerprint_stack);
3647 connection_write_to_buf_zlib(md->body, md->bodylen, conn, last);
3648 if (last) {
3649 tor_zlib_free(conn->zlib_state);
3650 conn->zlib_state = NULL;
3651 }
3652 } else {
3653 connection_write_to_buf(md->body, md->bodylen, TO_CONN(conn));
3654 }
3655 }
3656 if (!smartlist_len(conn->fingerprint_stack)) {
3657 conn->dir_spool_src = DIR_SPOOL_NONE;
3658 smartlist_free(conn->fingerprint_stack);
3659 conn->fingerprint_stack = NULL;
3660 }
3661 return 0;
3662 }
3663
3664 /** Spooling helper: Called when we're sending a directory or networkstatus,
3665 * and the outbuf has become too empty. Pulls some bytes from
3666 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3667 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3668 * and sets the spool source to NONE. Returns 0 on success, negative on
3669 * failure. */
3670 static int
3671 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t *conn)
3672 {
3673 ssize_t bytes;
3674 int64_t remaining;
3675
3676 bytes = DIRSERV_BUFFER_MIN - connection_get_outbuf_len(TO_CONN(conn));
3677 tor_assert(bytes > 0);
3678 tor_assert(conn->cached_dir);
3679 if (bytes < 8192)
3680 bytes = 8192;
3681 remaining = conn->cached_dir->dir_z_len - conn->cached_dir_offset;
3682 if (bytes > remaining)
3683 bytes = (ssize_t) remaining;
3684
3685 if (conn->zlib_state) {
3686 connection_write_to_buf_zlib(
3687 conn->cached_dir->dir_z + conn->cached_dir_offset,
3688 bytes, conn, bytes == remaining);
3689 } else {
3690 connection_write_to_buf(conn->cached_dir->dir_z + conn->cached_dir_offset,
3691 bytes, TO_CONN(conn));
3692 }
3693 conn->cached_dir_offset += bytes;
3694 if (conn->cached_dir_offset == (int)conn->cached_dir->dir_z_len) {
3695 /* We just wrote the last one; finish up. */
3696 connection_dirserv_finish_spooling(conn);
3697 cached_dir_decref(conn->cached_dir);
3698 conn->cached_dir = NULL;
3699 }
3700 return 0;
3701 }
3702
3703 /** Spooling helper: Called when we're spooling networkstatus objects on
3704 * <b>conn</b>, and the outbuf has become too empty. If the current
3705 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3706 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3707 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3708 * treated as a request for the current consensus.) If we run out of entries,
3709 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3710 * success, negative on failure. */
3711 static int
3712 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
3713 {
3714
3715 while (connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN) {
3716 if (conn->cached_dir) {
3717 int uncompressing = (conn->zlib_state != NULL);
3718 int r = connection_dirserv_add_dir_bytes_to_outbuf(conn);
3719 if (conn->dir_spool_src == DIR_SPOOL_NONE) {
3720 /* add_dir_bytes thinks we're done with the cached_dir. But we
3721 * may have more cached_dirs! */
3722 conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
3723 /* This bit is tricky. If we were uncompressing the last
3724 * networkstatus, we may need to make a new zlib object to
3725 * uncompress the next one. */
3726 if (uncompressing && ! conn->zlib_state &&
3727 conn->fingerprint_stack &&
3728 smartlist_len(conn->fingerprint_stack)) {
3729 conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
3730 }
3731 }
3732 if (r) return r;
3733 } else if (conn->fingerprint_stack &&
3734 smartlist_len(conn->fingerprint_stack)) {
3735 /* Add another networkstatus; start serving it. */
3736 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3737 cached_dir_t *d = lookup_cached_dir_by_fp(fp);
3738 tor_free(fp);
3739 if (d) {
3740 ++d->refcnt;
3741 conn->cached_dir = d;
3742 conn->cached_dir_offset = 0;
3743 }
3744 } else {
3745 connection_dirserv_finish_spooling(conn);
3746 smartlist_free(conn->fingerprint_stack);
3747 conn->fingerprint_stack = NULL;
3748 return 0;
3749 }
3750 }
3751 return 0;
3752 }
3753
3754 /** Called whenever we have flushed some directory data in state
3755 * SERVER_WRITING. */
3756 int
3757 connection_dirserv_flushed_some(dir_connection_t *conn)
3758 {
3759 tor_assert(conn->_base.state == DIR_CONN_STATE_SERVER_WRITING);
3760
3761 if (connection_get_outbuf_len(TO_CONN(conn)) >= DIRSERV_BUFFER_MIN)
3762 return 0;
3763
3764 switch (conn->dir_spool_src) {
3765 case DIR_SPOOL_EXTRA_BY_DIGEST:
3766 case DIR_SPOOL_EXTRA_BY_FP:
3767 case DIR_SPOOL_SERVER_BY_DIGEST:
3768 case DIR_SPOOL_SERVER_BY_FP:
3769 return connection_dirserv_add_servers_to_outbuf(conn);
3770 case DIR_SPOOL_MICRODESC:
3771 return connection_dirserv_add_microdescs_to_outbuf(conn);
3772 case DIR_SPOOL_CACHED_DIR:
3773 return connection_dirserv_add_dir_bytes_to_outbuf(conn);
3774 case DIR_SPOOL_NETWORKSTATUS:
3775 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn);
3776 case DIR_SPOOL_NONE:
3777 default:
3778 return 0;
3779 }
3780 }
3781
3782 /** Release all storage used by the directory server. */
3783 void
3784 dirserv_free_all(void)
3785 {
3786 dirserv_free_fingerprint_list();
3787
3788 cached_dir_decref(the_directory);
3789 clear_cached_dir(&the_runningrouters);
3790 cached_dir_decref(the_v2_networkstatus);
3791 cached_dir_decref(cached_directory);
3792 clear_cached_dir(&cached_runningrouters);
3793
3794 digestmap_free(cached_v2_networkstatus, _free_cached_dir);
3795 cached_v2_networkstatus = NULL;
3796 strmap_free(cached_consensuses, _free_cached_dir);
3797 cached_consensuses = NULL;
3798 }
3799
The Onion Router