| blob | edcc0a8dc238c7f45f5744345815f480999bd1d5 |
1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
8 /**
9 * \file main.c
10 * \brief Tor main loop and startup functions.
11 **/
15 /* These signals are defined to help control_signal_act work. */
16 #ifndef SIGHUP
17 #define SIGHUP 1
18 #endif
19 #ifndef SIGINT
20 #define SIGINT 2
21 #endif
22 #ifndef SIGUSR1
23 #define SIGUSR1 10
24 #endif
25 #ifndef SIGUSR2
26 #define SIGUSR2 12
27 #endif
28 #ifndef SIGTERM
29 #define SIGTERM 15
30 #endif
32 /********* PROTOTYPES **********/
41 /********* START VARIABLES **********/
46 /** What was the read bucket before the last call to prepare_for_pool?
47 * (used to determine how many bytes we've read). */
49 /** What was the write bucket before the last call to prepare_for_pool?
50 * (used to determine how many bytes we've written). */
52 /** How many bytes have we read/written since we started the process? */
55 /** What time did this process start up? */
57 /** How many seconds have we been running? */
59 /** When do we next download a directory? */
61 /** When do we next upload our descriptor? */
63 /** When do we next download a running-routers summary? */
66 /** Array of all open connections; each element corresponds to the element of
67 * poll_array in the same position. The first nfds elements are valid. */
74 /** We set this to 1 when we've fetched a dir, to know whether to complain
75 * yet about unrecognized nicknames in entrynodes, exitnodes, etc.
76 * Also, we don't try building circuits unless this is 1. */
79 /** We set this to 1 when we've opened a circuit, so we can print a log
80 * entry to inform the user that Tor is working. */
83 /* #define MS_WINDOWS_SERVICE */
84 #ifdef MS_WINDOWS_SERVICE
85 #include <tchar.h>
88 SERVICE_STATUS service_status;
89 SERVICE_STATUS_HANDLE hStatus;
93 #else
94 #define nt_service_is_stopped() (0)
95 #endif
97 #define CHECK_DESCRIPTOR_INTERVAL 60
99 /********* END VARIABLES ************/
101 /****************************************************************************
102 *
103 * This section contains accessors and other methods on the connection_array
104 * and poll_array variables (which are global within this file and unavailable
105 * outside it).
106 *
107 ****************************************************************************/
109 /** Add <b>conn</b> to the array of connections that we can poll on. The
110 * connection's socket must be set; the connection starts out
111 * non-reading and non-writing.
112 */
118 log_fn(LOG_WARN,"Failing because we have %d connections already. Please set MaxConn higher.", nfds);
120 }
133 nfds++;
139 }
141 /** Remove the connection from the global list, and remove the
142 * corresponding poll entry. Calling this function will shift the last
143 * connection (if any) into the position occupied by conn.
144 */
157 nfds--;
159 }
164 }
168 }
170 /* replace this one with the one at the end */
171 nfds--;
176 }
178 /** If it's an edge conn, remove it from the list
179 * of conn's on this circuit. If it's not on an edge,
180 * flush and send destroys for all circuits on this conn.
181 *
182 * If <b>remove</b> is non-zero, then remove it from the
183 * connection_array and closeable_connection_lst.
184 *
185 * Then free it.
186 */
192 }
196 }
198 }
200 /** DOCDOC **/
201 void
203 {
207 }
209 /** Return true iff conn is in the current poll array. */
215 }
217 }
219 /** Set <b>*array</b> to an array of all connections, and <b>*n</b>
220 * to the length of the array. <b>*array</b> and <b>*n</b> must not
221 * be modified.
222 */
226 }
228 /** Set the event mask on <b>conn</b> to <b>events</b>. (The form of
229 * the event mask is DOCDOC)
230 */
240 }
246 }
247 }
249 /** Return true iff <b>conn</b> is listening for read events. */
253 /* This isn't 100% documented, but it should work. */
256 }
258 /** Tell the main loop to stop notifying <b>conn</b> of any read events. */
265 }
267 /** Tell the main loop to start notifying <b>conn</b> of any read events. */
273 }
275 /** Return true iff <b>conn</b> is listening for write events. */
279 /* This isn't 100% documented, but it should work. */
282 }
284 /** Tell the main loop to stop notifying <b>conn</b> of any write events. */
290 }
292 /** Tell the main loop to start notifying <b>conn</b> of any write events. */
298 }
300 /** DOCDOC */
301 static void
303 {
315 }
316 }
317 }
319 /** DOCDOC */
320 static void
322 {
334 #ifndef MS_WINDOWS
337 #endif
339 }
340 }
346 }
349 {
361 /* this connection is broken. remove it. */
365 /* XXX do we need a close-immediate here, so we don't try to flush? */
367 }
368 }
374 }
376 #if 0
383 /* post 0.0.9, sometimes we get into loops like:
384 Jan 06 13:54:14.999 [debug] connection_consider_empty_buckets(): global bucket exhausted. Pausing.
385 Jan 06 13:54:14.999 [debug] connection_stop_reading() called.
386 Jan 06 13:54:14.999 [debug] conn_read(): socket 14 wants to read.
387 Jan 06 13:54:14.999 [debug] connection_consider_empty_buckets(): global bucket exhausted. Pausing.
388 ...
389 We finish the loop after a couple of seconds go by, but nothing seems
390 to happen during the loop except tight looping over poll. Perhaps the
391 tls buffer has pending bytes but we don't allow ourselves to read them?
392 */
394 /* see http://www.greenend.org.uk/rjk/2001/06/poll.html for
395 * discussion of POLLIN vs POLLHUP */
397 /* Sometimes read events get triggered for things that didn't ask
398 * for them (XXX due to unknown poll wonkiness) and sometime we
399 * want to read even though there was no read event (due to
400 * pending TLS data).
401 */
403 /* XXX Post 0.0.9, we should rewrite this whole if statement;
404 * something sane may result. Nick suspects that the || below
405 * should be a &&.
406 *
407 * No, it should remain a ||. Here's why: when we reach the end
408 * of a read bucket, we stop reading on a conn. We don't want to
409 * read any more bytes on it, until we're allowed to resume reading.
410 * So if !connection_is_reading, then return right then. Also, if
411 * poll() said nothing (true because the if above), and there's
412 * nothing pending, then also return because nothing to do.
413 *
414 * If poll *does* have something to say, even though
415 * !connection_is_reading, then we want to handle it in connection.c
416 * to make it stop reading for next time, else we loop.
417 */
428 /* XXX does POLLHUP also mean it's definitely broken? */
429 #ifdef MS_WINDOWS
431 #endif
434 /* this connection is broken. remove it */
435 #ifndef MS_WINDOWS
438 #endif
440 }
441 }
444 }
446 /** Called when the connection at connection_array[i] has a write event:
447 * checks for validity, catches numerous errors, and dispatches to
448 * connection_handle_write.
449 */
466 /* this connection is broken. remove it. */
470 /* XXX do we need a close-immediate here, so we don't try to flush? */
472 }
473 }
476 }
477 #endif
479 /** If the connection at connection_array[i] is marked for close, then:
480 * - If it has data that it wants to flush, try to flush it.
481 * - If it _still_ has data to flush, and conn->hold_open_until_flushed is
482 * true, then leave the connection open and return.
483 * - Otherwise, remove the connection from connection_array and from
484 * all other lists, close it, and free it.
485 * Returns 1 if the connection was closed, 0 otherwise.
486 * DOCDOC closeable_list
487 */
500 /* -1 means it's an incomplete edge connection, or that the socket
501 * has already been closed as unflushable. */
504 "Conn (addr %s, fd %d, type %s, state %d) marked, but wants to flush %d bytes. "
515 }
519 /* XXX should we reset timestamp_lastwritten here? */
521 }
523 log_fn(LOG_NOTICE,"Conn (addr %s, fd %d, type %s, state %d) is being closed, but there are still %d bytes we can't write. (Marked at %s:%d)",
527 }
528 }
531 }
533 /** We've just tried every dirserver we know about, and none of
534 * them were reachable. Assume the network is down. Change state
535 * so next time an application connection arrives we'll delay it
536 * and try another directory fetch. Kill off all the circuit_wait
537 * streams that are waiting now, since they will all timeout anyway.
538 */
546 AP_CONN_STATE_CIRCUIT_WAIT))) {
551 }
552 }
554 /** This function is called whenever we successfully pull down a directory */
561 /* Don't try to upload or download anything for a while
562 * after the directory we had when we started.
563 */
576 }
577 }
579 /** Perform regular maintenance tasks for a single connection. This
580 * function gets run once per second per connection by run_housekeeping.
581 */
583 cell_t cell;
587 /* Expire any directory connections that haven't sent anything for 5 min */
594 }
596 /* If we haven't written to an OR connection for a while, then either nuke
597 the connection or send a keepalive, depending. */
605 /* our handshake has expired; we're hibernating;
606 * or we have no circuits and we're both either OPs or normal ORs,
607 * then kill it. */
610 /* flush anything waiting, e.g. a destroy for a just-expired circ */
614 /* either in clique mode, or we've got a circuit. send a padding cell. */
620 }
621 }
622 }
627 /** Decide if we're a publishable server or just a client. We are a server if:
628 * - We have the AuthoritativeDirectory option set.
629 * or
630 * - We don't have the ClientOnly option set; and
631 * - We have ORPort set; and
632 * - We have been up for at least MIN_UPTIME_TO_PUBLISH_DESC seconds; and
633 * - We have processed some suitable minimum bandwidth recently; and
634 * - We believe we are reachable from the outside.
635 */
648 /* XXX for now, you're only a server if you're a server */
651 /* here, determine if we're reachable */
654 }
664 }
666 /** Return true iff we believe ourselves to be an authoritative
667 * directory server.
668 */
671 }
673 /** Return true iff we try to stay connected to all ORs at once.
674 */
677 }
679 /** Return true iff we are trying to be a server.
680 */
683 }
685 /** Remember if we've advertised ourselves to the dirservers. */
688 /** Return true iff we have published our descriptor lately.
689 */
692 }
694 /** Return true iff we are trying to be a socks proxy. */
697 }
699 /** Perform regular maintenance tasks. This function gets run once per
700 * second by prepare_for_poll.
701 */
709 /** 0. See if we've been asked to shut down and our timeout has
710 * expired; or if our bandwidth limits are exhausted and we
711 * should hibernate; or if it's time to wake up from hibernation.
712 */
715 /** 1a. Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion keys,
716 * shut down and restart all cpuworkers, and update the directory if
717 * necessary.
718 */
726 }
729 }
731 /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
739 /* XXX is it a bug here, that we just keep going? */
740 }
742 /* XXXX We should rotate TLS connections as well; this code doesn't change
743 * them at all. */
744 }
746 /** 1c. If we have to change the accounting interval or record
747 * bandwidth used in this accounting interval, do so. */
751 /** 2. Periodically, we consider getting a new directory, getting a
752 * new running-routers list, and/or force-uploading our descriptor
753 * (if we've passed our internal checks). */
755 /* purge obsolete entries */
759 /* We're a directory; dump any old descriptors. */
761 }
763 /* dirservers try to reconnect, in case connections have failed;
764 * and normal servers try to reconnect to dirservers */
766 }
772 }
774 /* Also, take this chance to remove old information from rephist. */
776 }
781 }
783 }
792 }
797 }
799 /* 2b. Once per minute, regenerate and upload the descriptor if the old
800 * one is inaccurate. */
809 }
810 }
812 /** 3a. Every second, we examine pending circuits and prune the
813 * ones which have been pending for more than a few seconds.
814 * We do this before step 4, so it can try building more if
815 * it's not comfortable with the number of available circuits.
816 */
819 /** 3b. Also look at pending streams and prune the ones that 'began'
820 * a long time ago but haven't gotten a 'connected' yet.
821 * Do this before step 4, so we can put them back into pending
822 * state to be picked up by the new circuit.
823 */
826 /** 3c. And expire connections that we've held open for too long.
827 */
830 /** 3d. And every 60 seconds, we relaunch listeners if any died. */
834 }
836 /** 4. Every second, we try a new circuit if there are no valid
837 * circuits. Every NewCircuitPeriod seconds, we expire circuits
838 * that became dirty more than MaxCircuitDirtiness seconds ago,
839 * and we make a new circ if there are no clean circuits.
840 */
844 /** 5. We do housekeeping for each connection... */
847 }
849 /** 6. And remove any marked circuits... */
852 /** 7. And upload service descriptors if necessary. */
856 /** 8. and blow away any connections that need to die. have to do this now,
857 * because if we marked a conn for close and left its socket -1, then
858 * we'll pass it to poll/select and bad things will happen.
859 */
861 }
863 /** DOCDOC */
865 {
878 }
880 /* log_fn(LOG_NOTICE, "Tick."); */
883 /* the second has rolled over. check more stuff. */
886 /* XXX below we get suspicious if time jumps forward more than 10
887 * seconds, but we never notice if it jumps *back* more than 10 seconds.
888 * This could be useful for detecting that we just NTP'ed to three
889 * weeks ago and it will be 3 weeks and 15 minutes until any of our
890 * events trigger.
891 */
903 /* if more than 10s have elapsed, probably the clock jumped: doesn't count. */
913 #if 0
920 }
921 }
922 #endif
925 }
927 /** Called when we get a SIGHUP: reload configuration files and keys,
928 * retry all connections, re-upload all descriptors, and so on. */
938 /* first, reload config variables, in case they've changed */
939 /* no need to provide argc/v, they've been cached inside init_from_config */
943 }
946 /* reload the approved-routers file */
951 }
952 }
953 /* Fetch a new directory. Even authdirservers do this. */
956 /* Restart cpuworker and dnsworker processes, so they get up-to-date
957 * configuration options. */
960 /* Rebuild fresh descriptor. */
966 }
967 }
969 }
971 /** Tor main loop. */
975 /* load the private keys, if we're supposed to have them, and set up the
976 * TLS context. */
981 }
982 }
984 /* Set up our buckets */
989 /* load the routers file, or assign the defaults. */
992 }
995 /* the directory is already here, run startup things */
997 }
1000 /* launch cpuworkers. Need to do this *after* we've read the onion key. */
1002 }
1004 /* set up once-a-second callback. */
1010 /* poll until we have an event, or the second ends */
1013 /* let catch() handle things like ^c, and otherwise don't worry about it */
1016 /* let the program survive things like ^z */
1023 /* You can't trust the results of this poll(). Go back to the
1024 * top of the big for loop. */
1026 }
1027 }
1029 /* refilling buckets and sending cells happens at the beginning of the
1030 * next iteration of the loop, inside prepare_for_poll()
1031 * XXXX No longer so.
1032 */
1033 }
1034 }
1036 /** Used to implement the SIGNAL control command: if we accept
1037 * <b>the_signal</b> as a remote pseudo-signal, then act on it and
1038 * return 0. Else return -1. */
1039 /* We don't re-use catch() here because:
1040 * 1. We handle a different set of signals than those allowed in catch.
1041 * 2. Platforms without signal() are unlikely to define SIGfoo.
1042 * 3. The control spec is defined to use fixed numeric signal values
1043 * which just happen to match the unix values.
1044 */
1045 int
1047 {
1049 {
1067 }
1069 }
1072 {
1075 {
1086 }
1089 #ifdef SIGPIPE
1093 #endif
1095 /* prefer to log it at INFO, but make sure we always see it */
1107 }
1109 #ifdef SIGCHLD
1113 }
1114 #endif
1115 }
1117 /** Write all statistics to the log, with log level 'severity'. Called
1118 * in response to a SIGUSR1. */
1131 conn->state, conn_state_to_string[conn->type][conn->state], (int)(now - conn->timestamp_created));
1139 }
1141 }
1150 stats_n_padding_cells_processed,
1151 stats_n_create_cells_processed,
1152 stats_n_created_cells_processed,
1153 stats_n_relay_cells_processed,
1154 stats_n_relay_cells_relayed,
1155 stats_n_relay_cells_delivered,
1156 stats_n_destroy_cells_processed);
1168 else
1182 }
1186 }
1188 /** Called by exit() as we shut down the process.
1189 */
1191 {
1192 /* NOTE: If we ever daemonize, this gets called immediately. That's
1193 * okay for now, because we only use this on Windows. */
1194 #ifdef MS_WINDOWS
1196 #endif
1197 }
1199 /** Set up the signal handlers for either parent or child. */
1201 {
1211 #ifdef SIGXFSZ
1213 #endif
1222 }
1234 #ifdef SIGXFSZ
1236 #endif
1238 }
1239 }
1241 /** Main entry point for the Tor command-line client.
1242 */
1246 /* Initialize the history structures. */
1248 /* Initialize the service cache. */
1252 /* give it somewhere to log to initially */
1255 log_fn(LOG_NOTICE,"Tor v%s. This is experimental software. Do not rely on it for strong anonymity.",VERSION);
1260 }
1266 }
1268 #ifndef MS_WINDOWS
1270 log_fn(LOG_WARN,"You are running Tor as root. You don't need to, and you probably shouldn't.");
1271 #endif
1273 /* only spawn dns handlers if we're a router */
1276 /* XXX really, this should get moved to do_main_loop */
1277 }
1284 }
1286 /** Do whatever cleanup is necessary before shutting Tor down. */
1289 /* Remove our pid file. We don't care if there was an error when we
1290 * unlink, nothing we could do about it anyways. */
1296 }
1298 /** Read/create keys as needed, and echo our fingerprint to stdout. */
1300 {
1307 }
1312 }
1316 }
1320 }
1322 }
1324 /** Entry point for password hashing: take the desired password from
1325 * the command line, and print its salted hash to stdout. **/
1327 {
1336 key);
1341 }
1342 }
1344 #ifdef MS_WINDOWS_SERVICE
1345 /** If we're compile to run as an NT service, and the service has been
1346 * shut down, then change our current status and return 1. Else
1347 * return 0.
1348 */
1349 static int
1351 {
1357 }
1359 }
1362 {
1369 }
1371 }
1374 {
1384 hStatus = RegisterServiceCtrlHandler(GENSRV_SERVICENAME, (LPHANDLER_FUNCTION) nt_service_control);
1387 // failed;
1389 }
1391 err = tor_init(backup_argc, backup_argv); // refactor this part out of tor_main and do_main_loop
1393 // failed.
1398 }
1404 }
1407 {
1433 }
1435 }
1436 }
1437 }
1440 {
1441 /* XXXX Problems with NT services:
1442 * 1. The configuration file needs to be in the same directory as the .exe
1443 *
1444 * 2. The exe and the configuration file can't be on any directory path
1445 * that contains a space.
1446 * mje - you can quote the string (i.e., "c:\program files")
1447 *
1448 * 3. Ideally, there should be one EXE that can either run as a
1449 * separate process (as now) or that can install and run itself
1450 * as an NT service. I have no idea how hard this is.
1451 * mje - should be done. It can install and run itself as a service
1452 *
1453 * Notes about developing NT services:
1454 *
1455 * 1. Don't count on your CWD. If an absolute path is not given, the
1456 * fopen() function goes wrong.
1457 * 2. The parameters given to the nt_service_body() function differ
1458 * from those given to main() function.
1459 */
1476 /* Account for the extra quotes */
1477 //len = _MAX_PATH + strlen(cmd1) + _MAX_DRIVE + _MAX_DIR + strlen(cmd2);
1481 /* Create a quoted command line, like "c:\with spaces\tor.exe" -f
1482 * "c:\with spaces\tor.exe"
1483 */
1489 }
1495 }
1497 /* 1/26/2005 mje
1498 * - changed the service start type to auto
1499 * - and changed the lpPassword param to "" instead of NULL as per an
1500 * MSDN article.
1501 */
1510 }
1512 /* Start the service initially, so you don't have to muck with it in the SCM
1513 */
1516 else
1524 }
1527 {
1530 SERVICE_STATUS service_status;
1536 }
1541 }
1546 {
1549 else
1551 }
1554 else
1560 else
1562 }
1568 }
1569 #endif
1572 #ifdef MS_WINDOWS_SERVICE
1581 #else
1597 }
1600 #endif
1601 }