1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2010, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Toplevel module. Handles signals, multiplexes between
10 * connections, implements main loop, and drives scheduled events.
16 #include "circuitbuild.h"
17 #include "circuitlist.h"
18 #include "circuituse.h"
21 #include "connection.h"
22 #include "connection_edge.h"
23 #include "connection_or.h"
25 #include "cpuworker.h"
26 #include "directory.h"
32 #include "hibernate.h"
34 #include "microdesc.h"
35 #include "networkstatus.h"
39 #include "rendclient.h"
40 #include "rendcommon.h"
41 #include "rendservice.h"
43 #include "routerlist.h"
46 #include <openssl/crypto.h>
50 #ifdef HAVE_EVENT2_EVENT_H
51 #include <event2/event.h>
56 void evdns_shutdown(int);
58 /********* PROTOTYPES **********/
60 static void dumpmemusage(int severity
);
61 static void dumpstats(int severity
); /* log stats */
62 static void conn_read_callback(int fd
, short event
, void *_conn
);
63 static void conn_write_callback(int fd
, short event
, void *_conn
);
64 static void signal_callback(int fd
, short events
, void *arg
);
65 static void second_elapsed_callback(periodic_timer_t
*timer
, void *args
);
66 static int conn_close_if_marked(int i
);
67 static void connection_start_reading_from_linked_conn(connection_t
*conn
);
68 static int connection_should_read_from_linked_conn(connection_t
*conn
);
70 /********* START VARIABLES **********/
72 int global_read_bucket
; /**< Max number of bytes I can read this second. */
73 int global_write_bucket
; /**< Max number of bytes I can write this second. */
75 /** Max number of relayed (bandwidth class 1) bytes I can read this second. */
76 int global_relayed_read_bucket
;
77 /** Max number of relayed (bandwidth class 1) bytes I can write this second. */
78 int global_relayed_write_bucket
;
80 /** What was the read bucket before the last second_elapsed_callback() call?
81 * (used to determine how many bytes we've read). */
82 static int stats_prev_global_read_bucket
;
83 /** What was the write bucket before the last second_elapsed_callback() call?
84 * (used to determine how many bytes we've written). */
85 static int stats_prev_global_write_bucket
;
86 /* XXX we might want to keep stats about global_relayed_*_bucket too. Or not.*/
87 /** How many bytes have we read since we started the process? */
88 static uint64_t stats_n_bytes_read
= 0;
89 /** How many bytes have we written since we started the process? */
90 static uint64_t stats_n_bytes_written
= 0;
91 /** What time did this process start up? */
92 time_t time_of_process_start
= 0;
93 /** How many seconds have we been running? */
94 long stats_n_seconds_working
= 0;
95 /** When do we next launch DNS wildcarding checks? */
96 static time_t time_to_check_for_correct_dns
= 0;
98 /** How often will we honor SIGNEWNYM requests? */
99 #define MAX_SIGNEWNYM_RATE 10
100 /** When did we last process a SIGNEWNYM request? */
101 static time_t time_of_last_signewnym
= 0;
102 /** Is there a signewnym request we're currently waiting to handle? */
103 static int signewnym_is_pending
= 0;
105 /** Smartlist of all open connections. */
106 static smartlist_t
*connection_array
= NULL
;
107 /** List of connections that have been marked for close and need to be freed
108 * and removed from connection_array. */
109 static smartlist_t
*closeable_connection_lst
= NULL
;
110 /** List of linked connections that are currently reading data into their
111 * inbuf from their partner's outbuf. */
112 static smartlist_t
*active_linked_connection_lst
= NULL
;
113 /** Flag: Set to true iff we entered the current libevent main loop via
114 * <b>loop_once</b>. If so, there's no need to trigger a loopexit in order
115 * to handle linked connections. */
116 static int called_loop_once
= 0;
118 /** We set this to 1 when we've opened a circuit, so we can print a log
119 * entry to inform the user that Tor is working. */
120 int has_completed_circuit
=0;
122 /** How often do we check for router descriptors that we should download
123 * when we have too little directory info? */
124 #define GREEDY_DESCRIPTOR_RETRY_INTERVAL (10)
125 /** How often do we check for router descriptors that we should download
126 * when we have enough directory info? */
127 #define LAZY_DESCRIPTOR_RETRY_INTERVAL (60)
128 /** How often do we 'forgive' undownloadable router descriptors and attempt
129 * to download them again? */
130 #define DESCRIPTOR_FAILURE_RESET_INTERVAL (60*60)
131 /** How long do we let a directory connection stall before expiring it? */
132 #define DIR_CONN_MAX_STALL (5*60)
134 /** How long do we let OR connections handshake before we decide that
135 * they are obsolete? */
136 #define TLS_HANDSHAKE_TIMEOUT (60)
138 /********* END VARIABLES ************/
140 /****************************************************************************
142 * This section contains accessors and other methods on the connection_array
143 * variables (which are global within this file and unavailable outside it).
145 ****************************************************************************/
147 /** Add <b>conn</b> to the array of connections that we can poll on. The
148 * connection's socket must be set; the connection starts out
149 * non-reading and non-writing.
152 connection_add(connection_t
*conn
)
155 tor_assert(conn
->s
>= 0 ||
157 (conn
->type
== CONN_TYPE_AP
&&
158 TO_EDGE_CONN(conn
)->is_dns_request
));
160 tor_assert(conn
->conn_array_index
== -1); /* can only connection_add once */
161 conn
->conn_array_index
= smartlist_len(connection_array
);
162 smartlist_add(connection_array
, conn
);
164 if (conn
->s
>= 0 || conn
->linked
) {
165 conn
->read_event
= tor_event_new(tor_libevent_get_base(),
166 conn
->s
, EV_READ
|EV_PERSIST
, conn_read_callback
, conn
);
167 conn
->write_event
= tor_event_new(tor_libevent_get_base(),
168 conn
->s
, EV_WRITE
|EV_PERSIST
, conn_write_callback
, conn
);
171 log_debug(LD_NET
,"new conn type %s, socket %d, address %s, n_conns %d.",
172 conn_type_to_string(conn
->type
), conn
->s
, conn
->address
,
173 smartlist_len(connection_array
));
178 /** Tell libevent that we don't care about <b>conn</b> any more. */
180 connection_unregister_events(connection_t
*conn
)
182 if (conn
->read_event
) {
183 if (event_del(conn
->read_event
))
184 log_warn(LD_BUG
, "Error removing read event for %d", conn
->s
);
185 tor_free(conn
->read_event
);
187 if (conn
->write_event
) {
188 if (event_del(conn
->write_event
))
189 log_warn(LD_BUG
, "Error removing write event for %d", conn
->s
);
190 tor_free(conn
->write_event
);
192 if (conn
->dns_server_port
) {
193 dnsserv_close_listener(conn
);
197 /** Remove the connection from the global list, and remove the
198 * corresponding poll entry. Calling this function will shift the last
199 * connection (if any) into the position occupied by conn.
202 connection_remove(connection_t
*conn
)
209 log_debug(LD_NET
,"removing socket %d (type %s), n_conns now %d",
210 conn
->s
, conn_type_to_string(conn
->type
),
211 smartlist_len(connection_array
));
213 tor_assert(conn
->conn_array_index
>= 0);
214 current_index
= conn
->conn_array_index
;
215 connection_unregister_events(conn
); /* This is redundant, but cheap. */
216 if (current_index
== smartlist_len(connection_array
)-1) { /* at the end */
217 smartlist_del(connection_array
, current_index
);
221 /* replace this one with the one at the end */
222 smartlist_del(connection_array
, current_index
);
223 tmp
= smartlist_get(connection_array
, current_index
);
224 tmp
->conn_array_index
= current_index
;
229 /** If <b>conn</b> is an edge conn, remove it from the list
230 * of conn's on this circuit. If it's not on an edge,
231 * flush and send destroys for all circuits on this conn.
233 * Remove it from connection_array (if applicable) and
234 * from closeable_connection_list.
239 connection_unlink(connection_t
*conn
)
241 connection_about_to_close_connection(conn
);
242 if (conn
->conn_array_index
>= 0) {
243 connection_remove(conn
);
245 if (conn
->linked_conn
) {
246 conn
->linked_conn
->linked_conn
= NULL
;
247 if (! conn
->linked_conn
->marked_for_close
&&
248 conn
->linked_conn
->reading_from_linked_conn
)
249 connection_start_reading(conn
->linked_conn
);
250 conn
->linked_conn
= NULL
;
252 smartlist_remove(closeable_connection_lst
, conn
);
253 smartlist_remove(active_linked_connection_lst
, conn
);
254 if (conn
->type
== CONN_TYPE_EXIT
) {
255 assert_connection_edge_not_dns_pending(TO_EDGE_CONN(conn
));
257 if (conn
->type
== CONN_TYPE_OR
) {
258 if (!tor_digest_is_zero(TO_OR_CONN(conn
)->identity_digest
))
259 connection_or_remove_from_identity_map(TO_OR_CONN(conn
));
261 connection_free(conn
);
264 /** Schedule <b>conn</b> to be closed. **/
266 add_connection_to_closeable_list(connection_t
*conn
)
268 tor_assert(!smartlist_isin(closeable_connection_lst
, conn
));
269 tor_assert(conn
->marked_for_close
);
270 assert_connection_ok(conn
, time(NULL
));
271 smartlist_add(closeable_connection_lst
, conn
);
274 /** Return 1 if conn is on the closeable list, else return 0. */
276 connection_is_on_closeable_list(connection_t
*conn
)
278 return smartlist_isin(closeable_connection_lst
, conn
);
281 /** Return true iff conn is in the current poll array. */
283 connection_in_array(connection_t
*conn
)
285 return smartlist_isin(connection_array
, conn
);
288 /** Set <b>*array</b> to an array of all connections, and <b>*n</b>
289 * to the length of the array. <b>*array</b> and <b>*n</b> must not
293 get_connection_array(void)
295 if (!connection_array
)
296 connection_array
= smartlist_create();
297 return connection_array
;
300 /** Set the event mask on <b>conn</b> to <b>events</b>. (The event
301 * mask is a bitmask whose bits are READ_EVENT and WRITE_EVENT)
304 connection_watch_events(connection_t
*conn
, watchable_events_t events
)
306 if (events
& READ_EVENT
)
307 connection_start_reading(conn
);
309 connection_stop_reading(conn
);
311 if (events
& WRITE_EVENT
)
312 connection_start_writing(conn
);
314 connection_stop_writing(conn
);
317 /** Return true iff <b>conn</b> is listening for read events. */
319 connection_is_reading(connection_t
*conn
)
323 return conn
->reading_from_linked_conn
||
324 (conn
->read_event
&& event_pending(conn
->read_event
, EV_READ
, NULL
));
327 /** Tell the main loop to stop notifying <b>conn</b> of any read events. */
329 connection_stop_reading(connection_t
*conn
)
332 tor_assert(conn
->read_event
);
335 conn
->reading_from_linked_conn
= 0;
336 connection_stop_reading_from_linked_conn(conn
);
338 if (event_del(conn
->read_event
))
339 log_warn(LD_NET
, "Error from libevent setting read event state for %d "
342 tor_socket_strerror(tor_socket_errno(conn
->s
)));
346 /** Tell the main loop to start notifying <b>conn</b> of any read events. */
348 connection_start_reading(connection_t
*conn
)
351 tor_assert(conn
->read_event
);
354 conn
->reading_from_linked_conn
= 1;
355 if (connection_should_read_from_linked_conn(conn
))
356 connection_start_reading_from_linked_conn(conn
);
358 if (event_add(conn
->read_event
, NULL
))
359 log_warn(LD_NET
, "Error from libevent setting read event state for %d "
362 tor_socket_strerror(tor_socket_errno(conn
->s
)));
366 /** Return true iff <b>conn</b> is listening for write events. */
368 connection_is_writing(connection_t
*conn
)
372 return conn
->writing_to_linked_conn
||
373 (conn
->write_event
&& event_pending(conn
->write_event
, EV_WRITE
, NULL
));
376 /** Tell the main loop to stop notifying <b>conn</b> of any write events. */
378 connection_stop_writing(connection_t
*conn
)
381 tor_assert(conn
->write_event
);
384 conn
->writing_to_linked_conn
= 0;
385 if (conn
->linked_conn
)
386 connection_stop_reading_from_linked_conn(conn
->linked_conn
);
388 if (event_del(conn
->write_event
))
389 log_warn(LD_NET
, "Error from libevent setting write event state for %d "
392 tor_socket_strerror(tor_socket_errno(conn
->s
)));
396 /** Tell the main loop to start notifying <b>conn</b> of any write events. */
398 connection_start_writing(connection_t
*conn
)
401 tor_assert(conn
->write_event
);
404 conn
->writing_to_linked_conn
= 1;
405 if (conn
->linked_conn
&&
406 connection_should_read_from_linked_conn(conn
->linked_conn
))
407 connection_start_reading_from_linked_conn(conn
->linked_conn
);
409 if (event_add(conn
->write_event
, NULL
))
410 log_warn(LD_NET
, "Error from libevent setting write event state for %d "
413 tor_socket_strerror(tor_socket_errno(conn
->s
)));
417 /** Return true iff <b>conn</b> is linked conn, and reading from the conn
418 * linked to it would be good and feasible. (Reading is "feasible" if the
419 * other conn exists and has data in its outbuf, and is "good" if we have our
420 * reading_from_linked_conn flag set and the other conn has its
421 * writing_to_linked_conn flag set.)*/
423 connection_should_read_from_linked_conn(connection_t
*conn
)
425 if (conn
->linked
&& conn
->reading_from_linked_conn
) {
426 if (! conn
->linked_conn
||
427 (conn
->linked_conn
->writing_to_linked_conn
&&
428 buf_datalen(conn
->linked_conn
->outbuf
)))
434 /** Helper: Tell the main loop to begin reading bytes into <b>conn</b> from
435 * its linked connection, if it is not doing so already. Called by
436 * connection_start_reading and connection_start_writing as appropriate. */
438 connection_start_reading_from_linked_conn(connection_t
*conn
)
441 tor_assert(conn
->linked
== 1);
443 if (!conn
->active_on_link
) {
444 conn
->active_on_link
= 1;
445 smartlist_add(active_linked_connection_lst
, conn
);
446 if (!called_loop_once
) {
447 /* This is the first event on the list; we won't be in LOOP_ONCE mode,
448 * so we need to make sure that the event_base_loop() actually exits at
449 * the end of its run through the current connections and lets us
450 * activate read events for linked connections. */
451 struct timeval tv
= { 0, 0 };
452 tor_event_base_loopexit(tor_libevent_get_base(), &tv
);
455 tor_assert(smartlist_isin(active_linked_connection_lst
, conn
));
459 /** Tell the main loop to stop reading bytes into <b>conn</b> from its linked
460 * connection, if is currently doing so. Called by connection_stop_reading,
461 * connection_stop_writing, and connection_read. */
463 connection_stop_reading_from_linked_conn(connection_t
*conn
)
466 tor_assert(conn
->linked
== 1);
468 if (conn
->active_on_link
) {
469 conn
->active_on_link
= 0;
470 /* FFFF We could keep an index here so we can smartlist_del
471 * cleanly. On the other hand, this doesn't show up on profiles,
472 * so let's leave it alone for now. */
473 smartlist_remove(active_linked_connection_lst
, conn
);
475 tor_assert(!smartlist_isin(active_linked_connection_lst
, conn
));
479 /** Close all connections that have been scheduled to get closed. */
481 close_closeable_connections(void)
484 for (i
= 0; i
< smartlist_len(closeable_connection_lst
); ) {
485 connection_t
*conn
= smartlist_get(closeable_connection_lst
, i
);
486 if (conn
->conn_array_index
< 0) {
487 connection_unlink(conn
); /* blow it away right now */
489 if (!conn_close_if_marked(conn
->conn_array_index
))
495 /** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
496 * some data to read. */
498 conn_read_callback(int fd
, short event
, void *_conn
)
500 connection_t
*conn
= _conn
;
504 log_debug(LD_NET
,"socket %d wants to read.",conn
->s
);
506 /* assert_connection_ok(conn, time(NULL)); */
508 if (connection_handle_read(conn
) < 0) {
509 if (!conn
->marked_for_close
) {
511 log_warn(LD_BUG
,"Unhandled error on read for %s connection "
513 conn_type_to_string(conn
->type
), conn
->s
);
514 tor_fragile_assert();
516 if (CONN_IS_EDGE(conn
))
517 connection_edge_end_errno(TO_EDGE_CONN(conn
));
518 connection_mark_for_close(conn
);
521 assert_connection_ok(conn
, time(NULL
));
523 if (smartlist_len(closeable_connection_lst
))
524 close_closeable_connections();
527 /** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
528 * some data to write. */
530 conn_write_callback(int fd
, short events
, void *_conn
)
532 connection_t
*conn
= _conn
;
536 LOG_FN_CONN(conn
, (LOG_DEBUG
, LD_NET
, "socket %d wants to write.",conn
->s
));
538 /* assert_connection_ok(conn, time(NULL)); */
540 if (connection_handle_write(conn
, 0) < 0) {
541 if (!conn
->marked_for_close
) {
542 /* this connection is broken. remove it. */
543 log_fn(LOG_WARN
,LD_BUG
,
544 "unhandled error on write for %s connection (fd %d); removing",
545 conn_type_to_string(conn
->type
), conn
->s
);
546 tor_fragile_assert();
547 if (CONN_IS_EDGE(conn
)) {
548 /* otherwise we cry wolf about duplicate close */
549 edge_connection_t
*edge_conn
= TO_EDGE_CONN(conn
);
550 if (!edge_conn
->end_reason
)
551 edge_conn
->end_reason
= END_STREAM_REASON_INTERNAL
;
552 edge_conn
->edge_has_sent_end
= 1;
554 connection_close_immediate(conn
); /* So we don't try to flush. */
555 connection_mark_for_close(conn
);
558 assert_connection_ok(conn
, time(NULL
));
560 if (smartlist_len(closeable_connection_lst
))
561 close_closeable_connections();
564 /** If the connection at connection_array[i] is marked for close, then:
565 * - If it has data that it wants to flush, try to flush it.
566 * - If it _still_ has data to flush, and conn->hold_open_until_flushed is
567 * true, then leave the connection open and return.
568 * - Otherwise, remove the connection from connection_array and from
569 * all other lists, close it, and free it.
570 * Returns 1 if the connection was closed, 0 otherwise.
573 conn_close_if_marked(int i
)
579 conn
= smartlist_get(connection_array
, i
);
580 if (!conn
->marked_for_close
)
581 return 0; /* nothing to see here, move along */
583 assert_connection_ok(conn
, now
);
584 /* assert_all_pending_dns_resolves_ok(); */
586 log_debug(LD_NET
,"Cleaning up connection (fd %d).",conn
->s
);
587 if ((conn
->s
>= 0 || conn
->linked_conn
) && connection_wants_to_flush(conn
)) {
588 /* s == -1 means it's an incomplete edge connection, or that the socket
589 * has already been closed as unflushable. */
590 ssize_t sz
= connection_bucket_write_limit(conn
, now
);
591 if (!conn
->hold_open_until_flushed
)
593 "Conn (addr %s, fd %d, type %s, state %d) marked, but wants "
594 "to flush %d bytes. (Marked at %s:%d)",
595 escaped_safe_str_client(conn
->address
),
596 conn
->s
, conn_type_to_string(conn
->type
), conn
->state
,
597 (int)conn
->outbuf_flushlen
,
598 conn
->marked_for_close_file
, conn
->marked_for_close
);
599 if (conn
->linked_conn
) {
600 retval
= move_buf_to_buf(conn
->linked_conn
->inbuf
, conn
->outbuf
,
601 &conn
->outbuf_flushlen
);
603 /* The linked conn will notice that it has data when it notices that
605 connection_start_reading_from_linked_conn(conn
->linked_conn
);
607 log_debug(LD_GENERAL
, "Flushed last %d bytes from a linked conn; "
608 "%d left; flushlen %d; wants-to-flush==%d", retval
,
609 (int)buf_datalen(conn
->outbuf
),
610 (int)conn
->outbuf_flushlen
,
611 connection_wants_to_flush(conn
));
612 } else if (connection_speaks_cells(conn
)) {
613 if (conn
->state
== OR_CONN_STATE_OPEN
) {
614 retval
= flush_buf_tls(TO_OR_CONN(conn
)->tls
, conn
->outbuf
, sz
,
615 &conn
->outbuf_flushlen
);
617 retval
= -1; /* never flush non-open broken tls connections */
619 retval
= flush_buf(conn
->s
, conn
->outbuf
, sz
, &conn
->outbuf_flushlen
);
621 if (retval
>= 0 && /* Technically, we could survive things like
622 TLS_WANT_WRITE here. But don't bother for now. */
623 conn
->hold_open_until_flushed
&& connection_wants_to_flush(conn
)) {
625 LOG_FN_CONN(conn
, (LOG_INFO
,LD_NET
,
626 "Holding conn (fd %d) open for more flushing.",
628 conn
->timestamp_lastwritten
= now
; /* reset so we can flush more */
632 if (connection_wants_to_flush(conn
)) {
634 if (conn
->type
== CONN_TYPE_EXIT
||
635 (conn
->type
== CONN_TYPE_OR
&& server_mode(get_options())) ||
636 (conn
->type
== CONN_TYPE_DIR
&& conn
->purpose
== DIR_PURPOSE_SERVER
))
639 severity
= LOG_NOTICE
;
640 /* XXXX Maybe allow this to happen a certain amount per hour; it usually
642 log_fn(severity
, LD_NET
, "We stalled too much while trying to write %d "
643 "bytes to address %s. If this happens a lot, either "
644 "something is wrong with your network connection, or "
645 "something is wrong with theirs. "
646 "(fd %d, type %s, state %d, marked at %s:%d).",
647 (int)buf_datalen(conn
->outbuf
),
648 escaped_safe_str_client(conn
->address
),
649 conn
->s
, conn_type_to_string(conn
->type
), conn
->state
,
650 conn
->marked_for_close_file
,
651 conn
->marked_for_close
);
654 connection_unlink(conn
); /* unlink, remove, free */
658 /** We've just tried every dirserver we know about, and none of
659 * them were reachable. Assume the network is down. Change state
660 * so next time an application connection arrives we'll delay it
661 * and try another directory fetch. Kill off all the circuit_wait
662 * streams that are waiting now, since they will all timeout anyway.
665 directory_all_unreachable(time_t now
)
670 stats_n_seconds_working
=0; /* reset it */
672 while ((conn
= connection_get_by_type_state(CONN_TYPE_AP
,
673 AP_CONN_STATE_CIRCUIT_WAIT
))) {
674 edge_connection_t
*edge_conn
= TO_EDGE_CONN(conn
);
676 "Is your network connection down? "
677 "Failing connection to '%s:%d'.",
678 safe_str_client(edge_conn
->socks_request
->address
),
679 edge_conn
->socks_request
->port
);
680 connection_mark_unattached_ap(edge_conn
,
681 END_STREAM_REASON_NET_UNREACHABLE
);
683 control_event_general_status(LOG_ERR
, "DIR_ALL_UNREACHABLE");
686 /** This function is called whenever we successfully pull down some new
687 * network statuses or server descriptors. */
689 directory_info_has_arrived(time_t now
, int from_cache
)
691 or_options_t
*options
= get_options();
693 if (!router_have_minimum_dir_info()) {
694 int quiet
= directory_too_idle_to_fetch_descriptors(options
, now
);
695 log(quiet
? LOG_INFO
: LOG_NOTICE
, LD_DIR
,
696 "I learned some more directory information, but not enough to "
697 "build a circuit: %s", get_dir_info_status_string());
698 update_router_descriptor_downloads(now
);
701 if (directory_fetches_from_authorities(options
))
702 update_router_descriptor_downloads(now
);
704 /* if we have enough dir info, then update our guard status with
705 * whatever we just learned. */
706 entry_guards_compute_status();
707 /* Don't even bother trying to get extrainfo until the rest of our
708 * directory info is up-to-date */
709 if (options
->DownloadExtraInfo
)
710 update_extrainfo_downloads(now
);
713 if (server_mode(options
) && !we_are_hibernating() && !from_cache
&&
714 (has_completed_circuit
|| !any_predicted_circuits(now
)))
715 consider_testing_reachability(1, 1);
718 /** How long do we wait before killing OR connections with no circuits?
719 * In Tor versions up to 0.2.1.25 and 0.2.2.12-alpha, we waited 15 minutes
720 * before cancelling these connections, which caused fast relays to accrue
721 * many many idle connections. Hopefully 3 minutes is low enough that
722 * it kills most idle connections, without being so low that we cause
723 * clients to bounce on and off.
725 #define IDLE_OR_CONN_TIMEOUT 180
727 /** Perform regular maintenance tasks for a single connection. This
728 * function gets run once per second per connection by run_scheduled_events.
731 run_connection_housekeeping(int i
, time_t now
)
734 connection_t
*conn
= smartlist_get(connection_array
, i
);
735 or_options_t
*options
= get_options();
736 or_connection_t
*or_conn
;
738 now
>= conn
->timestamp_lastwritten
+ options
->KeepalivePeriod
;
740 if (conn
->outbuf
&& !buf_datalen(conn
->outbuf
) && conn
->type
== CONN_TYPE_OR
)
741 TO_OR_CONN(conn
)->timestamp_lastempty
= now
;
743 if (conn
->marked_for_close
) {
744 /* nothing to do here */
748 /* Expire any directory connections that haven't been active (sent
749 * if a server or received if a client) for 5 min */
750 if (conn
->type
== CONN_TYPE_DIR
&&
751 ((DIR_CONN_IS_SERVER(conn
) &&
752 conn
->timestamp_lastwritten
+ DIR_CONN_MAX_STALL
< now
) ||
753 (!DIR_CONN_IS_SERVER(conn
) &&
754 conn
->timestamp_lastread
+ DIR_CONN_MAX_STALL
< now
))) {
755 log_info(LD_DIR
,"Expiring wedged directory conn (fd %d, purpose %d)",
756 conn
->s
, conn
->purpose
);
757 /* This check is temporary; it's to let us know whether we should consider
758 * parsing partial serverdesc responses. */
759 if (conn
->purpose
== DIR_PURPOSE_FETCH_SERVERDESC
&&
760 buf_datalen(conn
->inbuf
)>=1024) {
761 log_info(LD_DIR
,"Trying to extract information from wedged server desc "
763 connection_dir_reached_eof(TO_DIR_CONN(conn
));
765 connection_mark_for_close(conn
);
770 if (!connection_speaks_cells(conn
))
771 return; /* we're all done here, the rest is just for OR conns */
773 /* If we haven't written to an OR connection for a while, then either nuke
774 the connection or send a keepalive, depending. */
776 or_conn
= TO_OR_CONN(conn
);
777 tor_assert(conn
->outbuf
);
779 if (or_conn
->is_bad_for_new_circs
&& !or_conn
->n_circuits
) {
780 /* It's bad for new circuits, and has no unmarked circuits on it:
783 "Expiring non-used OR connection to fd %d (%s:%d) [Too old].",
784 conn
->s
, conn
->address
, conn
->port
);
785 if (conn
->state
== OR_CONN_STATE_CONNECTING
)
786 connection_or_connect_failed(TO_OR_CONN(conn
),
787 END_OR_CONN_REASON_TIMEOUT
,
788 "Tor gave up on the connection");
789 connection_mark_for_close(conn
);
790 conn
->hold_open_until_flushed
= 1;
791 } else if (past_keepalive
&& !connection_state_is_open(conn
)) {
792 /* We never managed to actually get this connection open and happy. */
793 log_info(LD_OR
,"Expiring non-open OR connection to fd %d (%s:%d).",
794 conn
->s
,conn
->address
, conn
->port
);
795 connection_mark_for_close(conn
);
796 conn
->hold_open_until_flushed
= 1;
797 } else if (we_are_hibernating() && !or_conn
->n_circuits
&&
798 !buf_datalen(conn
->outbuf
)) {
799 /* We're hibernating, there's no circuits, and nothing to flush.*/
800 log_info(LD_OR
,"Expiring non-used OR connection to fd %d (%s:%d) "
801 "[Hibernating or exiting].",
802 conn
->s
,conn
->address
, conn
->port
);
803 connection_mark_for_close(conn
);
804 conn
->hold_open_until_flushed
= 1;
805 } else if (!or_conn
->n_circuits
&&
806 now
>= or_conn
->timestamp_last_added_nonpadding
+
807 IDLE_OR_CONN_TIMEOUT
) {
808 log_info(LD_OR
,"Expiring non-used OR connection to fd %d (%s:%d) "
809 "[idle %d].", conn
->s
,conn
->address
, conn
->port
,
810 (int)(now
- or_conn
->timestamp_last_added_nonpadding
));
811 connection_mark_for_close(conn
);
812 conn
->hold_open_until_flushed
= 1;
814 now
>= or_conn
->timestamp_lastempty
+ options
->KeepalivePeriod
*10 &&
815 now
>= conn
->timestamp_lastwritten
+ options
->KeepalivePeriod
*10) {
816 log_fn(LOG_PROTOCOL_WARN
,LD_PROTOCOL
,
817 "Expiring stuck OR connection to fd %d (%s:%d). (%d bytes to "
818 "flush; %d seconds since last write)",
819 conn
->s
, conn
->address
, conn
->port
,
820 (int)buf_datalen(conn
->outbuf
),
821 (int)(now
-conn
->timestamp_lastwritten
));
822 connection_mark_for_close(conn
);
823 } else if (past_keepalive
&& !buf_datalen(conn
->outbuf
)) {
824 /* send a padding cell */
825 log_fn(LOG_DEBUG
,LD_OR
,"Sending keepalive to (%s:%d)",
826 conn
->address
, conn
->port
);
827 memset(&cell
,0,sizeof(cell_t
));
828 cell
.command
= CELL_PADDING
;
829 connection_or_write_cell_to_buf(&cell
, or_conn
);
833 /** Honor a NEWNYM request: make future requests unlinkable to past
836 signewnym_impl(time_t now
)
838 circuit_expire_all_dirty_circs();
839 addressmap_clear_transient();
840 time_of_last_signewnym
= now
;
841 signewnym_is_pending
= 0;
844 /** Perform regular maintenance tasks. This function gets run once per
845 * second by second_elapsed_callback().
848 run_scheduled_events(time_t now
)
850 static time_t last_rotated_x509_certificate
= 0;
851 static time_t time_to_check_v3_certificate
= 0;
852 static time_t time_to_check_listeners
= 0;
853 static time_t time_to_check_descriptor
= 0;
854 static time_t time_to_check_ipaddress
= 0;
855 static time_t time_to_shrink_memory
= 0;
856 static time_t time_to_try_getting_descriptors
= 0;
857 static time_t time_to_reset_descriptor_failures
= 0;
858 static time_t time_to_add_entropy
= 0;
859 static time_t time_to_write_bridge_status_file
= 0;
860 static time_t time_to_downrate_stability
= 0;
861 static time_t time_to_save_stability
= 0;
862 static time_t time_to_clean_caches
= 0;
863 static time_t time_to_recheck_bandwidth
= 0;
864 static time_t time_to_check_for_expired_networkstatus
= 0;
865 static time_t time_to_write_stats_files
= 0;
866 static time_t time_to_write_bridge_stats
= 0;
867 static int should_init_bridge_stats
= 1;
868 static time_t time_to_retry_dns_init
= 0;
869 or_options_t
*options
= get_options();
873 /** 0. See if we've been asked to shut down and our timeout has
874 * expired; or if our bandwidth limits are exhausted and we
875 * should hibernate; or if it's time to wake up from hibernation.
877 consider_hibernation(now
);
879 /* 0b. If we've deferred a signewnym, make sure it gets handled
881 if (signewnym_is_pending
&&
882 time_of_last_signewnym
+ MAX_SIGNEWNYM_RATE
<= now
) {
883 log(LOG_INFO
, LD_CONTROL
, "Honoring delayed NEWNYM request");
887 /** 1a. Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion keys,
888 * shut down and restart all cpuworkers, and update the directory if
891 if (server_mode(options
) &&
892 get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME
< now
) {
893 log_info(LD_GENERAL
,"Rotating onion key.");
896 if (router_rebuild_descriptor(1)<0) {
897 log_info(LD_CONFIG
, "Couldn't rebuild router descriptor");
899 if (advertised_server_mode())
900 router_upload_dir_desc_to_dirservers(0);
903 if (time_to_try_getting_descriptors
< now
) {
904 update_router_descriptor_downloads(now
);
905 update_extrainfo_downloads(now
);
906 if (options
->UseBridges
)
907 fetch_bridge_descriptors(now
);
908 if (router_have_minimum_dir_info())
909 time_to_try_getting_descriptors
= now
+ LAZY_DESCRIPTOR_RETRY_INTERVAL
;
911 time_to_try_getting_descriptors
= now
+ GREEDY_DESCRIPTOR_RETRY_INTERVAL
;
914 if (time_to_reset_descriptor_failures
< now
) {
915 router_reset_descriptor_download_failures();
916 time_to_reset_descriptor_failures
=
917 now
+ DESCRIPTOR_FAILURE_RESET_INTERVAL
;
920 /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
921 if (!last_rotated_x509_certificate
)
922 last_rotated_x509_certificate
= now
;
923 if (last_rotated_x509_certificate
+MAX_SSL_KEY_LIFETIME
< now
) {
924 log_info(LD_GENERAL
,"Rotating tls context.");
925 if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME
) < 0) {
926 log_warn(LD_BUG
, "Error reinitializing TLS context");
927 /* XXX is it a bug here, that we just keep going? -RD */
929 last_rotated_x509_certificate
= now
;
930 /* We also make sure to rotate the TLS connections themselves if they've
931 * been up for too long -- but that's done via is_bad_for_new_circs in
932 * connection_run_housekeeping() above. */
935 if (time_to_add_entropy
< now
) {
936 if (time_to_add_entropy
) {
937 /* We already seeded once, so don't die on failure. */
940 /** How often do we add more entropy to OpenSSL's RNG pool? */
941 #define ENTROPY_INTERVAL (60*60)
942 time_to_add_entropy
= now
+ ENTROPY_INTERVAL
;
945 /** 1c. If we have to change the accounting interval or record
946 * bandwidth used in this accounting interval, do so. */
947 if (accounting_is_enabled(options
))
948 accounting_run_housekeeping(now
);
950 if (now
% 10 == 0 && (authdir_mode_tests_reachability(options
)) &&
951 !we_are_hibernating()) {
952 /* try to determine reachability of the other Tor relays */
953 dirserv_test_reachability(now
);
956 /** 1d. Periodically, we discount older stability information so that new
957 * stability info counts more, and save the stability information to disk as
959 if (time_to_downrate_stability
< now
)
960 time_to_downrate_stability
= rep_hist_downrate_old_runs(now
);
961 if (authdir_mode_tests_reachability(options
)) {
962 if (time_to_save_stability
< now
) {
963 if (time_to_save_stability
&& rep_hist_record_mtbf_data(now
, 1)<0) {
964 log_warn(LD_GENERAL
, "Couldn't store mtbf data.");
966 #define SAVE_STABILITY_INTERVAL (30*60)
967 time_to_save_stability
= now
+ SAVE_STABILITY_INTERVAL
;
971 /* 1e. Periodically, if we're a v3 authority, we check whether our cert is
972 * close to expiring and warn the admin if it is. */
973 if (time_to_check_v3_certificate
< now
) {
974 v3_authority_check_key_expiry();
975 #define CHECK_V3_CERTIFICATE_INTERVAL (5*60)
976 time_to_check_v3_certificate
= now
+ CHECK_V3_CERTIFICATE_INTERVAL
;
979 /* 1f. Check whether our networkstatus has expired.
981 if (time_to_check_for_expired_networkstatus
< now
) {
982 networkstatus_t
*ns
= networkstatus_get_latest_consensus();
983 /*XXXX RD: This value needs to be the same as REASONABLY_LIVE_TIME in
984 * networkstatus_get_reasonably_live_consensus(), but that value is way
985 * way too high. Arma: is the bridge issue there resolved yet? -NM */
986 #define NS_EXPIRY_SLOP (24*60*60)
987 if (ns
&& ns
->valid_until
< now
+NS_EXPIRY_SLOP
&&
988 router_have_minimum_dir_info()) {
989 router_dir_info_changed();
991 #define CHECK_EXPIRED_NS_INTERVAL (2*60)
992 time_to_check_for_expired_networkstatus
= now
+ CHECK_EXPIRED_NS_INTERVAL
;
995 /* 1g. Check whether we should write statistics to disk.
997 if (time_to_write_stats_files
>= 0 && time_to_write_stats_files
< now
) {
998 #define WRITE_STATS_INTERVAL (24*60*60)
999 if (options
->CellStatistics
|| options
->DirReqStatistics
||
1000 options
->EntryStatistics
|| options
->ExitPortStatistics
) {
1001 if (!time_to_write_stats_files
) {
1002 /* Initialize stats. We're doing this here and not in options_act,
1003 * so that we know exactly when the 24 hours interval ends. */
1004 if (options
->CellStatistics
)
1005 rep_hist_buffer_stats_init(now
);
1006 if (options
->DirReqStatistics
)
1007 geoip_dirreq_stats_init(now
);
1008 if (options
->EntryStatistics
)
1009 geoip_entry_stats_init(now
);
1010 if (options
->ExitPortStatistics
)
1011 rep_hist_exit_stats_init(now
);
1012 log_notice(LD_CONFIG
, "Configured to measure statistics. Look for "
1013 "the *-stats files that will first be written to the "
1014 "data directory in %d hours from now.",
1015 WRITE_STATS_INTERVAL
/ (60 * 60));
1016 time_to_write_stats_files
= now
+ WRITE_STATS_INTERVAL
;
1018 /* Write stats to disk. */
1019 if (options
->CellStatistics
)
1020 rep_hist_buffer_stats_write(time_to_write_stats_files
);
1021 if (options
->DirReqStatistics
)
1022 geoip_dirreq_stats_write(time_to_write_stats_files
);
1023 if (options
->EntryStatistics
)
1024 geoip_entry_stats_write(time_to_write_stats_files
);
1025 if (options
->ExitPortStatistics
)
1026 rep_hist_exit_stats_write(time_to_write_stats_files
);
1027 time_to_write_stats_files
+= WRITE_STATS_INTERVAL
;
1030 /* Never write stats to disk */
1031 time_to_write_stats_files
= -1;
1035 /* 1h. Check whether we should write bridge statistics to disk.
1037 if (should_record_bridge_info(options
)) {
1038 if (time_to_write_bridge_stats
< now
) {
1039 if (should_init_bridge_stats
) {
1040 /* (Re-)initialize bridge statistics. */
1041 geoip_bridge_stats_init(now
);
1042 time_to_write_bridge_stats
= now
+ WRITE_STATS_INTERVAL
;
1043 should_init_bridge_stats
= 0;
1045 /* Possibly write bridge statistics to disk and ask when to write
1046 * them next time. */
1047 time_to_write_bridge_stats
= geoip_bridge_stats_write(
1048 time_to_write_bridge_stats
);
1051 } else if (!should_init_bridge_stats
) {
1052 /* Bridge mode was turned off. Ensure that stats are re-initialized
1053 * next time bridge mode is turned on. */
1054 should_init_bridge_stats
= 1;
1057 /* Remove old information from rephist and the rend cache. */
1058 if (time_to_clean_caches
< now
) {
1059 rep_history_clean(now
- options
->RephistTrackTime
);
1061 rend_cache_clean_v2_descs_as_dir();
1062 #define CLEAN_CACHES_INTERVAL (30*60)
1063 time_to_clean_caches
= now
+ CLEAN_CACHES_INTERVAL
;
1066 #define RETRY_DNS_INTERVAL (10*60)
1067 /* If we're a server and initializing dns failed, retry periodically. */
1068 if (time_to_retry_dns_init
< now
) {
1069 time_to_retry_dns_init
= now
+ RETRY_DNS_INTERVAL
;
1070 if (server_mode(options
) && has_dns_init_failed())
1074 /** 2. Periodically, we consider force-uploading our descriptor
1075 * (if we've passed our internal checks). */
1077 /** How often do we check whether part of our router info has changed in a way
1078 * that would require an upload? */
1079 #define CHECK_DESCRIPTOR_INTERVAL (60)
1080 /** How often do we (as a router) check whether our IP address has changed? */
1081 #define CHECK_IPADDRESS_INTERVAL (15*60)
1083 /* 2b. Once per minute, regenerate and upload the descriptor if the old
1084 * one is inaccurate. */
1085 if (time_to_check_descriptor
< now
) {
1086 static int dirport_reachability_count
= 0;
1087 time_to_check_descriptor
= now
+ CHECK_DESCRIPTOR_INTERVAL
;
1088 check_descriptor_bandwidth_changed(now
);
1089 if (time_to_check_ipaddress
< now
) {
1090 time_to_check_ipaddress
= now
+ CHECK_IPADDRESS_INTERVAL
;
1091 check_descriptor_ipaddress_changed(now
);
1093 /** If our router descriptor ever goes this long without being regenerated
1094 * because something changed, we force an immediate regenerate-and-upload. */
1095 #define FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60)
1096 mark_my_descriptor_dirty_if_older_than(
1097 now
- FORCE_REGENERATE_DESCRIPTOR_INTERVAL
);
1098 consider_publishable_server(0);
1099 /* also, check religiously for reachability, if it's within the first
1100 * 20 minutes of our uptime. */
1101 if (server_mode(options
) &&
1102 (has_completed_circuit
|| !any_predicted_circuits(now
)) &&
1103 !we_are_hibernating()) {
1104 if (stats_n_seconds_working
< TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT
) {
1105 consider_testing_reachability(1, dirport_reachability_count
==0);
1106 if (++dirport_reachability_count
> 5)
1107 dirport_reachability_count
= 0;
1108 } else if (time_to_recheck_bandwidth
< now
) {
1109 /* If we haven't checked for 12 hours and our bandwidth estimate is
1110 * low, do another bandwidth test. This is especially important for
1111 * bridges, since they might go long periods without much use. */
1112 routerinfo_t
*me
= router_get_my_routerinfo();
1113 if (time_to_recheck_bandwidth
&& me
&&
1114 me
->bandwidthcapacity
< me
->bandwidthrate
&&
1115 me
->bandwidthcapacity
< 51200) {
1116 reset_bandwidth_test();
1118 #define BANDWIDTH_RECHECK_INTERVAL (12*60*60)
1119 time_to_recheck_bandwidth
= now
+ BANDWIDTH_RECHECK_INTERVAL
;
1123 /* If any networkstatus documents are no longer recent, we need to
1124 * update all the descriptors' running status. */
1125 /* purge obsolete entries */
1126 networkstatus_v2_list_clean(now
);
1127 /* Remove dead routers. */
1128 routerlist_remove_old_routers();
1130 /* Also, once per minute, check whether we want to download any
1131 * networkstatus documents.
1133 update_networkstatus_downloads(now
);
1136 /** 2c. Let directory voting happen. */
1137 if (authdir_mode_v3(options
))
1138 dirvote_act(options
, now
);
1140 /** 3a. Every second, we examine pending circuits and prune the
1141 * ones which have been pending for more than a few seconds.
1142 * We do this before step 4, so it can try building more if
1143 * it's not comfortable with the number of available circuits.
1145 circuit_expire_building(now
);
1147 /** 3b. Also look at pending streams and prune the ones that 'began'
1148 * a long time ago but haven't gotten a 'connected' yet.
1149 * Do this before step 4, so we can put them back into pending
1150 * state to be picked up by the new circuit.
1152 connection_ap_expire_beginning();
1154 /** 3c. And expire connections that we've held open for too long.
1156 connection_expire_held_open();
1158 /** 3d. And every 60 seconds, we relaunch listeners if any died. */
1159 if (!we_are_hibernating() && time_to_check_listeners
< now
) {
1160 retry_all_listeners(NULL
, NULL
);
1161 time_to_check_listeners
= now
+60;
1164 /** 4. Every second, we try a new circuit if there are no valid
1165 * circuits. Every NewCircuitPeriod seconds, we expire circuits
1166 * that became dirty more than MaxCircuitDirtiness seconds ago,
1167 * and we make a new circ if there are no clean circuits.
1169 have_dir_info
= router_have_minimum_dir_info();
1170 if (have_dir_info
&& !we_are_hibernating())
1171 circuit_build_needed_circs(now
);
1173 /* every 10 seconds, but not at the same second as other such events */
1175 circuit_expire_old_circuits_serverside(now
);
1177 /** 5. We do housekeeping for each connection... */
1178 connection_or_set_bad_connections();
1179 for (i
=0;i
<smartlist_len(connection_array
);i
++) {
1180 run_connection_housekeeping(i
, now
);
1182 if (time_to_shrink_memory
< now
) {
1183 SMARTLIST_FOREACH(connection_array
, connection_t
*, conn
, {
1185 buf_shrink(conn
->outbuf
);
1187 buf_shrink(conn
->inbuf
);
1190 buf_shrink_freelists(0);
1191 /** How often do we check buffers and pools for empty space that can be
1193 #define MEM_SHRINK_INTERVAL (60)
1194 time_to_shrink_memory
= now
+ MEM_SHRINK_INTERVAL
;
1197 /** 6. And remove any marked circuits... */
1198 circuit_close_all_marked();
1200 /** 7. And upload service descriptors if necessary. */
1201 if (has_completed_circuit
&& !we_are_hibernating()) {
1202 rend_consider_services_upload(now
);
1203 rend_consider_descriptor_republication();
1206 /** 8. and blow away any connections that need to die. have to do this now,
1207 * because if we marked a conn for close and left its socket -1, then
1208 * we'll pass it to poll/select and bad things will happen.
1210 close_closeable_connections();
1212 /** 8b. And if anything in our state is ready to get flushed to disk, we
1216 /** 9. and if we're a server, check whether our DNS is telling stories to
1218 if (server_mode(options
) && time_to_check_for_correct_dns
< now
) {
1219 if (!time_to_check_for_correct_dns
) {
1220 time_to_check_for_correct_dns
= now
+ 60 + crypto_rand_int(120);
1222 dns_launch_correctness_checks();
1223 time_to_check_for_correct_dns
= now
+ 12*3600 +
1224 crypto_rand_int(12*3600);
1228 /** 10b. write bridge networkstatus file to disk */
1229 if (options
->BridgeAuthoritativeDir
&&
1230 time_to_write_bridge_status_file
< now
) {
1231 networkstatus_dump_bridge_status_to_file(now
);
1232 #define BRIDGE_STATUSFILE_INTERVAL (30*60)
1233 time_to_write_bridge_status_file
= now
+BRIDGE_STATUSFILE_INTERVAL
;
1237 /** Timer: used to invoke second_elapsed_callback() once per second. */
1238 static periodic_timer_t
*second_timer
= NULL
;
1239 /** Number of libevent errors in the last second: we die if we get too many. */
1240 static int n_libevent_errors
= 0;
1242 /** Libevent callback: invoked once every second. */
1244 second_elapsed_callback(periodic_timer_t
*timer
, void *arg
)
1246 /* XXXX This could be sensibly refactored into multiple callbacks, and we
1247 * could use Libevent's timers for this rather than checking the current
1248 * time against a bunch of timeouts every second. */
1249 static time_t current_second
= 0;
1251 size_t bytes_written
;
1253 int seconds_elapsed
;
1254 or_options_t
*options
= get_options();
1258 n_libevent_errors
= 0;
1260 /* log_notice(LD_GENERAL, "Tick."); */
1262 update_approx_time(now
);
1264 /* the second has rolled over. check more stuff. */
1265 bytes_written
= stats_prev_global_write_bucket
- global_write_bucket
;
1266 bytes_read
= stats_prev_global_read_bucket
- global_read_bucket
;
1267 seconds_elapsed
= current_second
? (int)(now
- current_second
) : 0;
1268 stats_n_bytes_read
+= bytes_read
;
1269 stats_n_bytes_written
+= bytes_written
;
1270 if (accounting_is_enabled(options
) && seconds_elapsed
>= 0)
1271 accounting_add_bytes(bytes_read
, bytes_written
, seconds_elapsed
);
1272 control_event_bandwidth_used((uint32_t)bytes_read
,(uint32_t)bytes_written
);
1273 control_event_stream_bandwidth_used();
1275 if (seconds_elapsed
> 0)
1276 connection_bucket_refill(seconds_elapsed
, now
);
1277 stats_prev_global_read_bucket
= global_read_bucket
;
1278 stats_prev_global_write_bucket
= global_write_bucket
;
1280 if (server_mode(options
) &&
1281 !we_are_hibernating() &&
1282 seconds_elapsed
> 0 &&
1283 has_completed_circuit
&&
1284 stats_n_seconds_working
/ TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT
!=
1285 (stats_n_seconds_working
+seconds_elapsed
) /
1286 TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT
) {
1287 /* every 20 minutes, check and complain if necessary */
1288 routerinfo_t
*me
= router_get_my_routerinfo();
1289 if (me
&& !check_whether_orport_reachable()) {
1290 log_warn(LD_CONFIG
,"Your server (%s:%d) has not managed to confirm that "
1291 "its ORPort is reachable. Please check your firewalls, ports, "
1292 "address, /etc/hosts file, etc.",
1293 me
->address
, me
->or_port
);
1294 control_event_server_status(LOG_WARN
,
1295 "REACHABILITY_FAILED ORADDRESS=%s:%d",
1296 me
->address
, me
->or_port
);
1299 if (me
&& !check_whether_dirport_reachable()) {
1301 "Your server (%s:%d) has not managed to confirm that its "
1302 "DirPort is reachable. Please check your firewalls, ports, "
1303 "address, /etc/hosts file, etc.",
1304 me
->address
, me
->dir_port
);
1305 control_event_server_status(LOG_WARN
,
1306 "REACHABILITY_FAILED DIRADDRESS=%s:%d",
1307 me
->address
, me
->dir_port
);
1311 /** If more than this many seconds have elapsed, probably the clock
1312 * jumped: doesn't count. */
1313 #define NUM_JUMPED_SECONDS_BEFORE_WARN 100
1314 if (seconds_elapsed
< -NUM_JUMPED_SECONDS_BEFORE_WARN
||
1315 seconds_elapsed
>= NUM_JUMPED_SECONDS_BEFORE_WARN
) {
1316 circuit_note_clock_jumped(seconds_elapsed
);
1317 /* XXX if the time jumps *back* many months, do our events in
1318 * run_scheduled_events() recover? I don't think they do. -RD */
1319 } else if (seconds_elapsed
> 0)
1320 stats_n_seconds_working
+= seconds_elapsed
;
1322 run_scheduled_events(now
);
1324 current_second
= now
; /* remember which second it is, for next time */
1328 /** Called when a possibly ignorable libevent error occurs; ensures that we
1329 * don't get into an infinite loop by ignoring too many errors from
1332 got_libevent_error(void)
1334 if (++n_libevent_errors
> 8) {
1335 log_err(LD_NET
, "Too many libevent errors in one second; dying");
1342 #define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
1344 /** Called when our IP address seems to have changed. <b>at_interface</b>
1345 * should be true if we detected a change in our interface, and false if we
1346 * detected a change in our published address. */
1348 ip_address_changed(int at_interface
)
1350 int server
= server_mode(get_options());
1354 /* Okay, change our keys. */
1359 if (stats_n_seconds_working
> UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST
)
1360 reset_bandwidth_test();
1361 stats_n_seconds_working
= 0;
1362 router_reset_reachability();
1363 mark_my_descriptor_dirty();
1367 dns_servers_relaunch_checks();
1370 /** Forget what we've learned about the correctness of our DNS servers, and
1371 * start learning again. */
1373 dns_servers_relaunch_checks(void)
1375 if (server_mode(get_options())) {
1376 dns_reset_correctness_checks();
1377 time_to_check_for_correct_dns
= 0;
1381 /** Called when we get a SIGHUP: reload configuration files and keys,
1382 * retry all connections, and so on. */
1386 or_options_t
*options
= get_options();
1389 dmalloc_log_stats();
1390 dmalloc_log_changed(0, 1, 0, 0);
1393 log_notice(LD_GENERAL
,"Received reload signal (hup). Reloading config and "
1394 "resetting internal state.");
1395 if (accounting_is_enabled(options
))
1396 accounting_record_bandwidth_usage(time(NULL
), get_or_state());
1398 router_reset_warnings();
1399 routerlist_reset_warnings();
1400 addressmap_clear_transient();
1401 /* first, reload config variables, in case they've changed */
1402 if (options
->ReloadTorrcOnSIGHUP
) {
1403 /* no need to provide argc/v, they've been cached in init_from_config */
1404 if (options_init_from_torrc(0, NULL
) < 0) {
1405 log_err(LD_CONFIG
,"Reading config failed--see warnings above. "
1406 "For usage, try -h.");
1409 options
= get_options(); /* they have changed now */
1411 log_notice(LD_GENERAL
, "Not reloading config file: the controller told "
1414 if (authdir_mode_handles_descs(options
, -1)) {
1415 /* reload the approved-routers file */
1416 if (dirserv_load_fingerprint_file() < 0) {
1417 /* warnings are logged from dirserv_load_fingerprint_file() directly */
1418 log_info(LD_GENERAL
, "Error reloading fingerprints. "
1419 "Continuing with old list.");
1423 /* Rotate away from the old dirty circuits. This has to be done
1424 * after we've read the new options, but before we start using
1425 * circuits for directory fetches. */
1426 circuit_expire_all_dirty_circs();
1428 /* retry appropriate downloads */
1429 router_reset_status_download_failures();
1430 router_reset_descriptor_download_failures();
1431 update_networkstatus_downloads(time(NULL
));
1433 /* We'll retry routerstatus downloads in about 10 seconds; no need to
1434 * force a retry there. */
1436 if (server_mode(options
)) {
1437 /* Restart cpuworker and dnsworker processes, so they get up-to-date
1438 * configuration options. */
1439 cpuworkers_rotate();
1445 /** Tor main loop. */
1452 /* initialize dns resolve map, spawn workers if needed */
1453 if (dns_init() < 0) {
1454 if (get_options()->ServerDNSAllowBrokenConfig
)
1455 log_warn(LD_GENERAL
, "Couldn't set up any working nameservers. "
1456 "Network not up yet? Will try again soon.");
1458 log_err(LD_GENERAL
,"Error initializing dns subsystem; exiting. To "
1459 "retry instead, set the ServerDNSAllowBrokenResolvConf option.");
1465 /* load the private keys, if we're supposed to have them, and set up the
1467 if (! identity_key_is_set()) {
1468 if (init_keys() < 0) {
1469 log_err(LD_BUG
,"Error initializing keys; exiting");
1474 /* Set up the packed_cell_t memory pool. */
1477 /* Set up our buckets */
1478 connection_bucket_init();
1479 stats_prev_global_read_bucket
= global_read_bucket
;
1480 stats_prev_global_write_bucket
= global_write_bucket
;
1482 /* initialize the bootstrap status events to know we're starting up */
1483 control_event_bootstrap(BOOTSTRAP_STATUS_STARTING
, 0);
1485 if (trusted_dirs_reload_certs()) {
1487 "Couldn't load all cached v3 certificates. Starting anyway.");
1489 if (router_reload_v2_networkstatus()) {
1492 if (router_reload_consensus_networkstatus()) {
1495 /* load the routers file, or assign the defaults. */
1496 if (router_reload_router_list()) {
1499 /* load the networkstatuses. (This launches a download for new routers as
1503 directory_info_has_arrived(now
, 1);
1505 if (server_mode(get_options())) {
1506 /* launch cpuworkers. Need to do this *after* we've read the onion key. */
1510 /* set up once-a-second callback. */
1511 if (! second_timer
) {
1512 struct timeval one_second
;
1513 one_second
.tv_sec
= 1;
1514 one_second
.tv_usec
= 0;
1516 second_timer
= periodic_timer_new(tor_libevent_get_base(),
1518 second_elapsed_callback
,
1520 tor_assert(second_timer
);
1524 if (nt_service_is_stopping())
1528 /* Make it easier to tell whether libevent failure is our fault or not. */
1531 /* All active linked conns should get their read events activated. */
1532 SMARTLIST_FOREACH(active_linked_connection_lst
, connection_t
*, conn
,
1533 event_active(conn
->read_event
, EV_READ
, 1));
1534 called_loop_once
= smartlist_len(active_linked_connection_lst
) ? 1 : 0;
1536 update_approx_time(time(NULL
));
1538 /* poll until we have an event, or the second ends, or until we have
1539 * some active linked connections to trigger events for. */
1540 loop_result
= event_base_loop(tor_libevent_get_base(),
1541 called_loop_once
? EVLOOP_ONCE
: 0);
1543 /* let catch() handle things like ^c, and otherwise don't worry about it */
1544 if (loop_result
< 0) {
1545 int e
= tor_socket_errno(-1);
1546 /* let the program survive things like ^z */
1547 if (e
!= EINTR
&& !ERRNO_IS_EINPROGRESS(e
)) {
1548 log_err(LD_NET
,"libevent call with %s failed: %s [%d]",
1549 tor_libevent_get_method(), tor_socket_strerror(e
), e
);
1552 } else if (e
== EINVAL
) {
1553 log_warn(LD_NET
, "EINVAL from libevent: should you upgrade libevent?");
1554 if (got_libevent_error())
1558 if (ERRNO_IS_EINPROGRESS(e
))
1560 "libevent call returned EINPROGRESS? Please report.");
1561 log_debug(LD_NET
,"libevent call interrupted.");
1562 /* You can't trust the results of this poll(). Go back to the
1563 * top of the big for loop. */
1570 /** Used to implement the SIGNAL control command: if we accept
1571 * <b>the_signal</b> as a remote pseudo-signal, act on it. */
1572 /* We don't re-use catch() here because:
1573 * 1. We handle a different set of signals than those allowed in catch.
1574 * 2. Platforms without signal() are unlikely to define SIGfoo.
1575 * 3. The control spec is defined to use fixed numeric signal values
1576 * which just happen to match the Unix values.
1579 control_signal_act(int the_signal
)
1584 signal_callback(0,0,(void*)(uintptr_t)SIGHUP
);
1587 signal_callback(0,0,(void*)(uintptr_t)SIGINT
);
1590 signal_callback(0,0,(void*)(uintptr_t)SIGUSR1
);
1593 signal_callback(0,0,(void*)(uintptr_t)SIGUSR2
);
1596 signal_callback(0,0,(void*)(uintptr_t)SIGTERM
);
1599 signal_callback(0,0,(void*)(uintptr_t)SIGNEWNYM
);
1601 case SIGCLEARDNSCACHE
:
1602 signal_callback(0,0,(void*)(uintptr_t)SIGCLEARDNSCACHE
);
1605 log_warn(LD_BUG
, "Unrecognized signal number %d.", the_signal
);
1610 /** Libevent callback: invoked when we get a signal.
1613 signal_callback(int fd
, short events
, void *arg
)
1615 uintptr_t sig
= (uintptr_t)arg
;
1621 log_notice(LD_GENERAL
,"Catching signal TERM, exiting cleanly.");
1626 if (!server_mode(get_options())) { /* do it now */
1627 log_notice(LD_GENERAL
,"Interrupt: exiting cleanly.");
1631 hibernate_begin_shutdown();
1635 log_debug(LD_GENERAL
,"Caught SIGPIPE. Ignoring.");
1639 /* prefer to log it at INFO, but make sure we always see it */
1640 dumpstats(get_min_log_level()<LOG_INFO
? get_min_log_level() : LOG_INFO
);
1643 switch_logs_debug();
1644 log_debug(LD_GENERAL
,"Caught USR2, going to loglevel debug. "
1645 "Send HUP to change back.");
1649 log_warn(LD_CONFIG
,"Restart failed (config error?). Exiting.");
1656 while (waitpid(-1,NULL
,WNOHANG
) > 0) ; /* keep reaping until no more
1661 time_t now
= time(NULL
);
1662 if (time_of_last_signewnym
+ MAX_SIGNEWNYM_RATE
> now
) {
1663 signewnym_is_pending
= 1;
1664 log(LOG_NOTICE
, LD_CONTROL
,
1665 "Rate limiting NEWNYM request: delaying by %d second(s)",
1666 (int)(MAX_SIGNEWNYM_RATE
+time_of_last_signewnym
-now
));
1668 signewnym_impl(now
);
1672 case SIGCLEARDNSCACHE
:
1673 addressmap_clear_transient();
1678 extern uint64_t rephist_total_alloc
;
1679 extern uint32_t rephist_total_num
;
1682 * Write current memory usage information to the log.
1685 dumpmemusage(int severity
)
1687 connection_dump_buffer_mem_stats(severity
);
1688 log(severity
, LD_GENERAL
, "In rephist: "U64_FORMAT
" used by %d Tors.",
1689 U64_PRINTF_ARG(rephist_total_alloc
), rephist_total_num
);
1690 dump_routerlist_mem_usage(severity
);
1691 dump_cell_pool_usage(severity
);
1692 dump_dns_mem_usage(severity
);
1693 buf_dump_freelist_sizes(severity
);
1694 tor_log_mallinfo(severity
);
1697 /** Write all statistics to the log, with log level <b>severity</b>. Called
1698 * in response to a SIGUSR1. */
1700 dumpstats(int severity
)
1702 time_t now
= time(NULL
);
1704 size_t rbuf_cap
, wbuf_cap
, rbuf_len
, wbuf_len
;
1706 log(severity
, LD_GENERAL
, "Dumping stats:");
1708 SMARTLIST_FOREACH(connection_array
, connection_t
*, conn
,
1710 int i
= conn_sl_idx
;
1711 log(severity
, LD_GENERAL
,
1712 "Conn %d (socket %d) type %d (%s), state %d (%s), created %d secs ago",
1713 i
, conn
->s
, conn
->type
, conn_type_to_string(conn
->type
),
1714 conn
->state
, conn_state_to_string(conn
->type
, conn
->state
),
1715 (int)(now
- conn
->timestamp_created
));
1716 if (!connection_is_listener(conn
)) {
1717 log(severity
,LD_GENERAL
,
1718 "Conn %d is to %s:%d.", i
,
1719 safe_str_client(conn
->address
),
1721 log(severity
,LD_GENERAL
,
1722 "Conn %d: %d bytes waiting on inbuf (len %d, last read %d secs ago)",
1724 (int)buf_datalen(conn
->inbuf
),
1725 (int)buf_allocation(conn
->inbuf
),
1726 (int)(now
- conn
->timestamp_lastread
));
1727 log(severity
,LD_GENERAL
,
1728 "Conn %d: %d bytes waiting on outbuf "
1729 "(len %d, last written %d secs ago)",i
,
1730 (int)buf_datalen(conn
->outbuf
),
1731 (int)buf_allocation(conn
->outbuf
),
1732 (int)(now
- conn
->timestamp_lastwritten
));
1733 if (conn
->type
== CONN_TYPE_OR
) {
1734 or_connection_t
*or_conn
= TO_OR_CONN(conn
);
1736 tor_tls_get_buffer_sizes(or_conn
->tls
, &rbuf_cap
, &rbuf_len
,
1737 &wbuf_cap
, &wbuf_len
);
1738 log(severity
, LD_GENERAL
,
1739 "Conn %d: %d/%d bytes used on OpenSSL read buffer; "
1740 "%d/%d bytes used on write buffer.",
1741 i
, (int)rbuf_len
, (int)rbuf_cap
, (int)wbuf_len
, (int)wbuf_cap
);
1745 circuit_dump_by_conn(conn
, severity
); /* dump info about all the circuits
1746 * using this conn */
1748 log(severity
, LD_NET
,
1749 "Cells processed: "U64_FORMAT
" padding\n"
1750 " "U64_FORMAT
" create\n"
1751 " "U64_FORMAT
" created\n"
1752 " "U64_FORMAT
" relay\n"
1753 " ("U64_FORMAT
" relayed)\n"
1754 " ("U64_FORMAT
" delivered)\n"
1755 " "U64_FORMAT
" destroy",
1756 U64_PRINTF_ARG(stats_n_padding_cells_processed
),
1757 U64_PRINTF_ARG(stats_n_create_cells_processed
),
1758 U64_PRINTF_ARG(stats_n_created_cells_processed
),
1759 U64_PRINTF_ARG(stats_n_relay_cells_processed
),
1760 U64_PRINTF_ARG(stats_n_relay_cells_relayed
),
1761 U64_PRINTF_ARG(stats_n_relay_cells_delivered
),
1762 U64_PRINTF_ARG(stats_n_destroy_cells_processed
));
1763 if (stats_n_data_cells_packaged
)
1764 log(severity
,LD_NET
,"Average packaged cell fullness: %2.3f%%",
1765 100*(U64_TO_DBL(stats_n_data_bytes_packaged
) /
1766 U64_TO_DBL(stats_n_data_cells_packaged
*RELAY_PAYLOAD_SIZE
)) );
1767 if (stats_n_data_cells_received
)
1768 log(severity
,LD_NET
,"Average delivered cell fullness: %2.3f%%",
1769 100*(U64_TO_DBL(stats_n_data_bytes_received
) /
1770 U64_TO_DBL(stats_n_data_cells_received
*RELAY_PAYLOAD_SIZE
)) );
1772 if (now
- time_of_process_start
>= 0)
1773 elapsed
= now
- time_of_process_start
;
1778 log(severity
, LD_NET
,
1779 "Average bandwidth: "U64_FORMAT
"/%d = %d bytes/sec reading",
1780 U64_PRINTF_ARG(stats_n_bytes_read
),
1782 (int) (stats_n_bytes_read
/elapsed
));
1783 log(severity
, LD_NET
,
1784 "Average bandwidth: "U64_FORMAT
"/%d = %d bytes/sec writing",
1785 U64_PRINTF_ARG(stats_n_bytes_written
),
1787 (int) (stats_n_bytes_written
/elapsed
));
1790 log(severity
, LD_NET
, "--------------- Dumping memory information:");
1791 dumpmemusage(severity
);
1793 rep_hist_dump_stats(now
,severity
);
1794 rend_service_dump_stats(severity
);
1795 dump_pk_ops(severity
);
1796 dump_distinct_digest_count(severity
);
1799 /** Called by exit() as we shut down the process.
1804 /* NOTE: If we ever daemonize, this gets called immediately. That's
1805 * okay for now, because we only use this on Windows. */
1811 /** Set up the signal handlers for either parent or child. */
1813 handle_signals(int is_parent
)
1815 #ifndef MS_WINDOWS /* do signal stuff only on Unix */
1817 static const int signals
[] = {
1818 SIGINT
, /* do a controlled slow shutdown */
1819 SIGTERM
, /* to terminate now */
1820 SIGPIPE
, /* otherwise SIGPIPE kills us */
1821 SIGUSR1
, /* dump stats */
1822 SIGUSR2
, /* go to loglevel debug */
1823 SIGHUP
, /* to reload config, retry conns, etc */
1825 SIGXFSZ
, /* handle file-too-big resource exhaustion */
1827 SIGCHLD
, /* handle dns/cpu workers that exit */
1829 static struct event
*signal_events
[16]; /* bigger than it has to be. */
1831 for (i
= 0; signals
[i
] >= 0; ++i
) {
1832 signal_events
[i
] = tor_evsignal_new(
1833 tor_libevent_get_base(), signals
[i
], signal_callback
,
1834 (void*)(uintptr_t)signals
[i
]);
1835 if (event_add(signal_events
[i
], NULL
))
1836 log_warn(LD_BUG
, "Error from libevent when adding event for signal %d",
1840 struct sigaction action
;
1841 action
.sa_flags
= 0;
1842 sigemptyset(&action
.sa_mask
);
1843 action
.sa_handler
= SIG_IGN
;
1844 sigaction(SIGINT
, &action
, NULL
);
1845 sigaction(SIGTERM
, &action
, NULL
);
1846 sigaction(SIGPIPE
, &action
, NULL
);
1847 sigaction(SIGUSR1
, &action
, NULL
);
1848 sigaction(SIGUSR2
, &action
, NULL
);
1849 sigaction(SIGHUP
, &action
, NULL
);
1851 sigaction(SIGXFSZ
, &action
, NULL
);
1854 #else /* MS windows */
1856 #endif /* signal stuff */
1859 /** Main entry point for the Tor command-line client.
1862 tor_init(int argc
, char *argv
[])
1866 time_of_process_start
= time(NULL
);
1867 if (!connection_array
)
1868 connection_array
= smartlist_create();
1869 if (!closeable_connection_lst
)
1870 closeable_connection_lst
= smartlist_create();
1871 if (!active_linked_connection_lst
)
1872 active_linked_connection_lst
= smartlist_create();
1873 /* Have the log set up with our application name. */
1874 tor_snprintf(buf
, sizeof(buf
), "Tor %s", get_version());
1875 log_set_application_name(buf
);
1876 /* Initialize the history structures. */
1878 /* Initialize the service cache. */
1880 addressmap_init(); /* Init the client dns cache. Do it always, since it's
1883 /* We search for the "quiet" option first, since it decides whether we
1884 * will log anything at all to the command line. */
1885 for (i
=1;i
<argc
;++i
) {
1886 if (!strcmp(argv
[i
], "--hush"))
1888 if (!strcmp(argv
[i
], "--quiet"))
1891 /* give it somewhere to log to initially */
1894 /* no initial logging */
1897 add_temp_log(LOG_WARN
);
1900 add_temp_log(LOG_NOTICE
);
1903 log(LOG_NOTICE
, LD_GENERAL
, "Tor v%s. This is experimental software. "
1904 "Do not rely on it for strong anonymity. (Running on %s)",get_version(),
1907 if (network_init()<0) {
1908 log_err(LD_BUG
,"Error initializing network; exiting.");
1911 atexit(exit_function
);
1913 if (options_init_from_torrc(argc
,argv
) < 0) {
1914 log_err(LD_CONFIG
,"Reading config failed--see warnings above.");
1920 log_warn(LD_GENERAL
,"You are running Tor as root. You don't need to, "
1921 "and you probably shouldn't.");
1924 if (crypto_global_init(get_options()->HardwareAccel
,
1925 get_options()->AccelName
,
1926 get_options()->AccelDir
)) {
1927 log_err(LD_BUG
, "Unable to initialize OpenSSL. Exiting.");
1934 /** A lockfile structure, used to prevent two Tors from messing with the
1935 * data directory at once. If this variable is non-NULL, we're holding
1937 static tor_lockfile_t
*lockfile
= NULL
;
1939 /** Try to grab the lock file described in <b>options</b>, if we do not
1940 * already have it. If <b>err_if_locked</b> is true, warn if somebody else is
1941 * holding the lock, and exit if we can't get it after waiting. Otherwise,
1942 * return -1 if we can't get the lockfile. Return 0 on success.
1945 try_locking(or_options_t
*options
, int err_if_locked
)
1950 char *fname
= options_get_datadir_fname2_suffix(options
, "lock",NULL
,NULL
);
1951 int already_locked
= 0;
1952 tor_lockfile_t
*lf
= tor_lockfile_lock(fname
, 0, &already_locked
);
1955 if (err_if_locked
&& already_locked
) {
1957 log_warn(LD_GENERAL
, "It looks like another Tor process is running "
1958 "with the same data directory. Waiting 5 seconds to see "
1959 "if it goes away.");
1965 r
= try_locking(options
, 0);
1967 log_err(LD_GENERAL
, "No, it's still there. Exiting.");
1979 /** Return true iff we've successfully acquired the lock file. */
1983 return lockfile
!= NULL
;
1986 /** If we have successfully acquired the lock file, release it. */
1988 release_lockfile(void)
1991 tor_lockfile_unlock(lockfile
);
1996 /** Free all memory that we might have allocated somewhere.
1997 * If <b>postfork</b>, we are a worker process and we want to free
1998 * only the parts of memory that we won't touch. If !<b>postfork</b>,
1999 * Tor is shutting down and we should free everything.
2001 * Helps us find the real leaks with dmalloc and the like. Also valgrind
2002 * should then report 0 reachable in its leak report (in an ideal world --
2003 * in practice libevent, SSL, libc etc never quite free everything). */
2005 tor_free_all(int postfork
)
2012 routerlist_free_all();
2013 networkstatus_free_all();
2014 addressmap_free_all();
2016 rend_service_free_all();
2017 rend_cache_free_all();
2018 rend_service_authorization_free_all();
2019 rep_hist_free_all();
2021 clear_pending_onions();
2023 entry_guards_free_all();
2024 connection_free_all();
2025 buf_shrink_freelists(1);
2026 memarea_clear_freelist();
2027 microdesc_free_all();
2031 policies_free_all();
2037 /* stuff in main.c */
2039 smartlist_free(connection_array
);
2040 smartlist_free(closeable_connection_lst
);
2041 smartlist_free(active_linked_connection_lst
);
2042 periodic_timer_free(second_timer
);
2046 /* Stuff in util.c and address.c*/
2049 esc_router_info(NULL
);
2050 logs_free_all(); /* free log strings. do this last so logs keep working. */
2054 /** Do whatever cleanup is necessary before shutting Tor down. */
2058 or_options_t
*options
= get_options();
2059 /* Remove our pid file. We don't care if there was an error when we
2060 * unlink, nothing we could do about it anyways. */
2061 if (options
->command
== CMD_RUN_TOR
) {
2062 time_t now
= time(NULL
);
2063 if (options
->PidFile
)
2064 unlink(options
->PidFile
);
2065 if (accounting_is_enabled(options
))
2066 accounting_record_bandwidth_usage(now
, get_or_state());
2067 or_state_mark_dirty(get_or_state(), 0); /* force an immediate save. */
2069 if (authdir_mode_tests_reachability(options
))
2070 rep_hist_record_mtbf_data(now
, 0);
2073 dmalloc_log_stats();
2075 tor_free_all(0); /* We could move tor_free_all back into the ifdef below
2076 later, if it makes shutdown unacceptably slow. But for
2077 now, leave it here: it's helped us catch bugs in the
2079 crypto_global_cleanup();
2081 dmalloc_log_unfreed();
2086 /** Read/create keys as needed, and echo our fingerprint to stdout. */
2088 do_list_fingerprint(void)
2090 char buf
[FINGERPRINT_LEN
+1];
2092 const char *nickname
= get_options()->Nickname
;
2093 if (!server_mode(get_options())) {
2095 "Clients don't have long-term identity keys. Exiting.\n");
2098 tor_assert(nickname
);
2099 if (init_keys() < 0) {
2100 log_err(LD_BUG
,"Error initializing keys; can't display fingerprint");
2103 if (!(k
= get_identity_key())) {
2104 log_err(LD_GENERAL
,"Error: missing identity key.");
2107 if (crypto_pk_get_fingerprint(k
, buf
, 1)<0) {
2108 log_err(LD_BUG
, "Error computing fingerprint");
2111 printf("%s %s\n", nickname
, buf
);
2115 /** Entry point for password hashing: take the desired password from
2116 * the command line, and print its salted hash to stdout. **/
2118 do_hash_password(void)
2122 char key
[S2K_SPECIFIER_LEN
+DIGEST_LEN
];
2124 crypto_rand(key
, S2K_SPECIFIER_LEN
-1);
2125 key
[S2K_SPECIFIER_LEN
-1] = (uint8_t)96; /* Hash 64 K of data. */
2126 secret_to_key(key
+S2K_SPECIFIER_LEN
, DIGEST_LEN
,
2127 get_options()->command_arg
, strlen(get_options()->command_arg
),
2129 base16_encode(output
, sizeof(output
), key
, sizeof(key
));
2130 printf("16:%s\n",output
);
2135 find_flashcard_path(PWCHAR path
, size_t size
)
2137 WIN32_FIND_DATA d
= {0};
2143 h
= FindFirstFlashCard(&d
);
2144 if (h
== INVALID_HANDLE_VALUE
)
2147 if (wcslen(d
.cFileName
) == 0) {
2152 wcsncpy(path
,d
.cFileName
,size
);
2158 /** Main entry point for the Tor process. Called from main(). */
2159 /* This function is distinct from main() only so we can link main.c into
2160 * the unittest binary without conflicting with the unittests' main. */
2162 tor_main(int argc
, char *argv
[])
2166 WCHAR path
[MAX_PATH
] = {0};
2167 WCHAR fullpath
[MAX_PATH
] = {0};
2170 FILE* redirdbg
= NULL
;
2172 // this is to facilitate debugging by opening
2173 // a file on a folder shared by the wm emulator.
2174 // if no flashcard (real or emulated) is present,
2175 // log files will be written in the root folder
2176 if (find_flashcard_path(path
,MAX_PATH
) == -1)
2178 redir
= _wfreopen( L
"\\stdout.log", L
"w", stdout
);
2179 redirdbg
= _wfreopen( L
"\\stderr.log", L
"w", stderr
);
2181 swprintf(fullpath
,L
"\\%s\\tor",path
);
2182 CreateDirectory(fullpath
,NULL
);
2184 swprintf(fullpath
,L
"\\%s\\tor\\stdout.log",path
);
2185 redir
= _wfreopen( fullpath
, L
"w", stdout
);
2187 swprintf(fullpath
,L
"\\%s\\tor\\stderr.log",path
);
2188 redirdbg
= _wfreopen( fullpath
, L
"w", stderr
);
2192 update_approx_time(time(NULL
));
2197 /* Instruct OpenSSL to use our internal wrappers for malloc,
2198 realloc and free. */
2199 int r
= CRYPTO_set_mem_ex_functions(_tor_malloc
, _tor_realloc
, _tor_free
);
2206 result
= nt_service_parse_options(argc
, argv
, &done
);
2207 if (done
) return result
;
2210 if (tor_init(argc
, argv
)<0)
2212 switch (get_options()->command
) {
2215 nt_service_set_state(SERVICE_RUNNING
);
2217 result
= do_main_loop();
2219 case CMD_LIST_FINGERPRINT
:
2220 result
= do_list_fingerprint();
2222 case CMD_HASH_PASSWORD
:
2226 case CMD_VERIFY_CONFIG
:
2227 printf("Configuration was valid\n");
2230 case CMD_RUN_UNITTESTS
: /* only set by test.c */
2232 log_warn(LD_BUG
,"Illegal command number %d: internal error.",
2233 get_options()->command
);