search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
When making sure digest256 matches in ei, look at sd, not ri.
[tor.git] / src / or / routerlist.c
blob2e347b0692fc4d6c52c46201c9cefe6c690934eb
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2015, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file routerlist.c
9 * \brief Code to
10 * maintain and access the global list of routerinfos for known
11 * servers.
12 **/
13
14 #define ROUTERLIST_PRIVATE
15 #include "or.h"
16 #include "crypto_ed25519.h"
17 #include "circuitstats.h"
18 #include "config.h"
19 #include "connection.h"
20 #include "control.h"
21 #include "directory.h"
22 #include "dirserv.h"
23 #include "dirvote.h"
24 #include "entrynodes.h"
25 #include "fp_pair.h"
26 #include "geoip.h"
27 #include "hibernate.h"
28 #include "main.h"
29 #include "microdesc.h"
30 #include "networkstatus.h"
31 #include "nodelist.h"
32 #include "policies.h"
33 #include "reasons.h"
34 #include "rendcommon.h"
35 #include "rendservice.h"
36 #include "rephist.h"
37 #include "router.h"
38 #include "routerlist.h"
39 #include "routerparse.h"
40 #include "routerset.h"
41 #include "sandbox.h"
42 #include "torcert.h"
43
44 // #define DEBUG_ROUTERLIST
45
46 /****************************************************************************/
47
48 DECLARE_TYPED_DIGESTMAP_FNS(sdmap_, digest_sd_map_t, signed_descriptor_t)
49 DECLARE_TYPED_DIGESTMAP_FNS(rimap_, digest_ri_map_t, routerinfo_t)
50 DECLARE_TYPED_DIGESTMAP_FNS(eimap_, digest_ei_map_t, extrainfo_t)
51 DECLARE_TYPED_DIGESTMAP_FNS(dsmap_, digest_ds_map_t, download_status_t)
52 #define SDMAP_FOREACH(map, keyvar, valvar) \
53 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
54 valvar)
55 #define RIMAP_FOREACH(map, keyvar, valvar) \
56 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
57 #define EIMAP_FOREACH(map, keyvar, valvar) \
58 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
59 #define DSMAP_FOREACH(map, keyvar, valvar) \
60 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
61 valvar)
62
63 /* Forward declaration for cert_list_t */
64 typedef struct cert_list_t cert_list_t;
65
66 /* static function prototypes */
67 static int compute_weighted_bandwidths(const smartlist_t *sl,
68 bandwidth_weight_rule_t rule,
69 u64_dbl_t **bandwidths_out);
70 static const routerstatus_t *router_pick_directory_server_impl(
71 dirinfo_type_t auth, int flags, int *n_busy_out);
72 static const routerstatus_t *router_pick_trusteddirserver_impl(
73 const smartlist_t *sourcelist, dirinfo_type_t auth,
74 int flags, int *n_busy_out);
75 static const routerstatus_t *router_pick_dirserver_generic(
76 smartlist_t *sourcelist,
77 dirinfo_type_t type, int flags);
78 static void mark_all_dirservers_up(smartlist_t *server_list);
79 static void dir_server_free(dir_server_t *ds);
80 static int signed_desc_digest_is_recognized(signed_descriptor_t *desc);
81 static const char *signed_descriptor_get_body_impl(
82 const signed_descriptor_t *desc,
83 int with_annotations);
84 static void list_pending_downloads(digestmap_t *result,
85 digest256map_t *result256,
86 int purpose, const char *prefix);
87 static void list_pending_fpsk_downloads(fp_pair_map_t *result);
88 static void launch_dummy_descriptor_download_as_needed(time_t now,
89 const or_options_t *options);
90 static void download_status_reset_by_sk_in_cl(cert_list_t *cl,
91 const char *digest);
92 static int download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
93 const char *digest,
94 time_t now, int max_failures);
95
96 /****************************************************************************/
97
98 /** Global list of a dir_server_t object for each directory
99 * authority. */
100 static smartlist_t *trusted_dir_servers = NULL;
101 /** Global list of dir_server_t objects for all directory authorities
102 * and all fallback directory servers. */
103 static smartlist_t *fallback_dir_servers = NULL;
104
105 /** List of certificates for a single authority, and download status for
106 * latest certificate.
107 */
108 struct cert_list_t {
109 /*
110 * The keys of download status map are cert->signing_key_digest for pending
111 * downloads by (identity digest/signing key digest) pair; functions such
112 * as authority_cert_get_by_digest() already assume these are unique.
113 */
114 struct digest_ds_map_t *dl_status_map;
115 /* There is also a dlstatus for the download by identity key only */
116 download_status_t dl_status_by_id;
117 smartlist_t *certs;
118 };
119 /** Map from v3 identity key digest to cert_list_t. */
120 static digestmap_t *trusted_dir_certs = NULL;
121 /** True iff any key certificate in at least one member of
122 * <b>trusted_dir_certs</b> has changed since we last flushed the
123 * certificates to disk. */
124 static int trusted_dir_servers_certs_changed = 0;
125
126 /** Global list of all of the routers that we know about. */
127 static routerlist_t *routerlist = NULL;
128
129 /** List of strings for nicknames we've already warned about and that are
130 * still unknown / unavailable. */
131 static smartlist_t *warned_nicknames = NULL;
132
133 /** The last time we tried to download any routerdesc, or 0 for "never". We
134 * use this to rate-limit download attempts when the number of routerdescs to
135 * download is low. */
136 static time_t last_descriptor_download_attempted = 0;
137
138 /** Return the number of directory authorities whose type matches some bit set
139 * in <b>type</b> */
140 int
141 get_n_authorities(dirinfo_type_t type)
142 {
143 int n = 0;
144 if (!trusted_dir_servers)
145 return 0;
146 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
147 if (ds->type & type)
148 ++n);
149 return n;
150 }
151
152 /** Reset the download status of a specified element in a dsmap */
153 static void
154 download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
155 {
156 download_status_t *dlstatus = NULL;
157
158 tor_assert(cl);
159 tor_assert(digest);
160
161 /* Make sure we have a dsmap */
162 if (!(cl->dl_status_map)) {
163 cl->dl_status_map = dsmap_new();
164 }
165 /* Look for a download_status_t in the map with this digest */
166 dlstatus = dsmap_get(cl->dl_status_map, digest);
167 /* Got one? */
168 if (!dlstatus) {
169 /* Insert before we reset */
170 dlstatus = tor_malloc_zero(sizeof(*dlstatus));
171 dsmap_set(cl->dl_status_map, digest, dlstatus);
172 }
173 tor_assert(dlstatus);
174 /* Go ahead and reset it */
175 download_status_reset(dlstatus);
176 }
177
178 /**
179 * Return true if the download for this signing key digest in cl is ready
180 * to be re-attempted.
181 */
182 static int
183 download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
184 const char *digest,
185 time_t now, int max_failures)
186 {
187 int rv = 0;
188 download_status_t *dlstatus = NULL;
189
190 tor_assert(cl);
191 tor_assert(digest);
192
193 /* Make sure we have a dsmap */
194 if (!(cl->dl_status_map)) {
195 cl->dl_status_map = dsmap_new();
196 }
197 /* Look for a download_status_t in the map with this digest */
198 dlstatus = dsmap_get(cl->dl_status_map, digest);
199 /* Got one? */
200 if (dlstatus) {
201 /* Use download_status_is_ready() */
202 rv = download_status_is_ready(dlstatus, now, max_failures);
203 } else {
204 /*
205 * If we don't know anything about it, return 1, since we haven't
206 * tried this one before. We need to create a new entry here,
207 * too.
208 */
209 dlstatus = tor_malloc_zero(sizeof(*dlstatus));
210 download_status_reset(dlstatus);
211 dsmap_set(cl->dl_status_map, digest, dlstatus);
212 rv = 1;
213 }
214
215 return rv;
216 }
217
218 /** Helper: Return the cert_list_t for an authority whose authority ID is
219 * <b>id_digest</b>, allocating a new list if necessary. */
220 static cert_list_t *
221 get_cert_list(const char *id_digest)
222 {
223 cert_list_t *cl;
224 if (!trusted_dir_certs)
225 trusted_dir_certs = digestmap_new();
226 cl = digestmap_get(trusted_dir_certs, id_digest);
227 if (!cl) {
228 cl = tor_malloc_zero(sizeof(cert_list_t));
229 cl->dl_status_by_id.schedule = DL_SCHED_CONSENSUS;
230 cl->certs = smartlist_new();
231 cl->dl_status_map = dsmap_new();
232 digestmap_set(trusted_dir_certs, id_digest, cl);
233 }
234 return cl;
235 }
236
237 /** Release all space held by a cert_list_t */
238 static void
239 cert_list_free(cert_list_t *cl)
240 {
241 if (!cl)
242 return;
243
244 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
245 authority_cert_free(cert));
246 smartlist_free(cl->certs);
247 dsmap_free(cl->dl_status_map, tor_free_);
248 tor_free(cl);
249 }
250
251 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
252 static void
253 cert_list_free_(void *cl)
254 {
255 cert_list_free(cl);
256 }
257
258 /** Reload the cached v3 key certificates from the cached-certs file in
259 * the data directory. Return 0 on success, -1 on failure. */
260 int
261 trusted_dirs_reload_certs(void)
262 {
263 char *filename;
264 char *contents;
265 int r;
266
267 filename = get_datadir_fname("cached-certs");
268 contents = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
269 tor_free(filename);
270 if (!contents)
271 return 0;
272 r = trusted_dirs_load_certs_from_string(
273 contents,
274 TRUSTED_DIRS_CERTS_SRC_FROM_STORE, 1);
275 tor_free(contents);
276 return r;
277 }
278
279 /** Helper: return true iff we already have loaded the exact cert
280 * <b>cert</b>. */
281 static INLINE int
282 already_have_cert(authority_cert_t *cert)
283 {
284 cert_list_t *cl = get_cert_list(cert->cache_info.identity_digest);
285
286 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, c,
287 {
288 if (tor_memeq(c->cache_info.signed_descriptor_digest,
289 cert->cache_info.signed_descriptor_digest,
290 DIGEST_LEN))
291 return 1;
292 });
293 return 0;
294 }
295
296 /** Load a bunch of new key certificates from the string <b>contents</b>. If
297 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
298 * from the cache, and we don't need to flush them to disk. If we are a
299 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
300 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
301 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
302 * need to flush any changed certificates to disk now. Return 0 on success,
303 * -1 if any certs fail to parse.
304 */
305
306 int
307 trusted_dirs_load_certs_from_string(const char *contents, int source,
308 int flush)
309 {
310 dir_server_t *ds;
311 const char *s, *eos;
312 int failure_code = 0;
313 int from_store = (source == TRUSTED_DIRS_CERTS_SRC_FROM_STORE);
314
315 for (s = contents; *s; s = eos) {
316 authority_cert_t *cert = authority_cert_parse_from_string(s, &eos);
317 cert_list_t *cl;
318 if (!cert) {
319 failure_code = -1;
320 break;
321 }
322 ds = trusteddirserver_get_by_v3_auth_digest(
323 cert->cache_info.identity_digest);
324 log_debug(LD_DIR, "Parsed certificate for %s",
325 ds ? ds->nickname : "unknown authority");
326
327 if (already_have_cert(cert)) {
328 /* we already have this one. continue. */
329 log_info(LD_DIR, "Skipping %s certificate for %s that we "
330 "already have.",
331 from_store ? "cached" : "downloaded",
332 ds ? ds->nickname : "an old or new authority");
333
334 /*
335 * A duplicate on download should be treated as a failure, so we call
336 * authority_cert_dl_failed() to reset the download status to make sure
337 * we can't try again. Since we've implemented the fp-sk mechanism
338 * to download certs by signing key, this should be much rarer than it
339 * was and is perhaps cause for concern.
340 */
341 if (!from_store) {
342 if (authdir_mode(get_options())) {
343 log_warn(LD_DIR,
344 "Got a certificate for %s, but we already have it. "
345 "Maybe they haven't updated it. Waiting for a while.",
346 ds ? ds->nickname : "an old or new authority");
347 } else {
348 log_info(LD_DIR,
349 "Got a certificate for %s, but we already have it. "
350 "Maybe they haven't updated it. Waiting for a while.",
351 ds ? ds->nickname : "an old or new authority");
352 }
353
354 /*
355 * This is where we care about the source; authority_cert_dl_failed()
356 * needs to know whether the download was by fp or (fp,sk) pair to
357 * twiddle the right bit in the download map.
358 */
359 if (source == TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST) {
360 authority_cert_dl_failed(cert->cache_info.identity_digest,
361 NULL, 404);
362 } else if (source == TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST) {
363 authority_cert_dl_failed(cert->cache_info.identity_digest,
364 cert->signing_key_digest, 404);
365 }
366 }
367
368 authority_cert_free(cert);
369 continue;
370 }
371
372 if (ds) {
373 log_info(LD_DIR, "Adding %s certificate for directory authority %s with "
374 "signing key %s", from_store ? "cached" : "downloaded",
375 ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
376 } else {
377 int adding = directory_caches_unknown_auth_certs(get_options());
378 log_info(LD_DIR, "%s %s certificate for unrecognized directory "
379 "authority with signing key %s",
380 adding ? "Adding" : "Not adding",
381 from_store ? "cached" : "downloaded",
382 hex_str(cert->signing_key_digest,DIGEST_LEN));
383 if (!adding) {
384 authority_cert_free(cert);
385 continue;
386 }
387 }
388
389 cl = get_cert_list(cert->cache_info.identity_digest);
390 smartlist_add(cl->certs, cert);
391 if (ds && cert->cache_info.published_on > ds->addr_current_at) {
392 /* Check to see whether we should update our view of the authority's
393 * address. */
394 if (cert->addr && cert->dir_port &&
395 (ds->addr != cert->addr ||
396 ds->dir_port != cert->dir_port)) {
397 char *a = tor_dup_ip(cert->addr);
398 log_notice(LD_DIR, "Updating address for directory authority %s "
399 "from %s:%d to %s:%d based on certificate.",
400 ds->nickname, ds->address, (int)ds->dir_port,
401 a, cert->dir_port);
402 tor_free(a);
403 ds->addr = cert->addr;
404 ds->dir_port = cert->dir_port;
405 }
406 ds->addr_current_at = cert->cache_info.published_on;
407 }
408
409 if (!from_store)
410 trusted_dir_servers_certs_changed = 1;
411 }
412
413 if (flush)
414 trusted_dirs_flush_certs_to_disk();
415
416 /* call this even if failure_code is <0, since some certs might have
417 * succeeded. */
418 networkstatus_note_certs_arrived();
419
420 return failure_code;
421 }
422
423 /** Save all v3 key certificates to the cached-certs file. */
424 void
425 trusted_dirs_flush_certs_to_disk(void)
426 {
427 char *filename;
428 smartlist_t *chunks;
429
430 if (!trusted_dir_servers_certs_changed || !trusted_dir_certs)
431 return;
432
433 chunks = smartlist_new();
434 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
435 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
436 {
437 sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
438 c->bytes = cert->cache_info.signed_descriptor_body;
439 c->len = cert->cache_info.signed_descriptor_len;
440 smartlist_add(chunks, c);
441 });
442 } DIGESTMAP_FOREACH_END;
443
444 filename = get_datadir_fname("cached-certs");
445 if (write_chunks_to_file(filename, chunks, 0, 0)) {
446 log_warn(LD_FS, "Error writing certificates to disk.");
447 }
448 tor_free(filename);
449 SMARTLIST_FOREACH(chunks, sized_chunk_t *, c, tor_free(c));
450 smartlist_free(chunks);
451
452 trusted_dir_servers_certs_changed = 0;
453 }
454
455 static int
456 compare_certs_by_pubdates(const void **_a, const void **_b)
457 {
458 const authority_cert_t *cert1 = *_a, *cert2=*_b;
459
460 if (cert1->cache_info.published_on < cert2->cache_info.published_on)
461 return -1;
462 else if (cert1->cache_info.published_on > cert2->cache_info.published_on)
463 return 1;
464 else
465 return 0;
466 }
467
468 /** Remove all expired v3 authority certificates that have been superseded for
469 * more than 48 hours or, if not expired, that were published more than 7 days
470 * before being superseded. (If the most recent cert was published more than 48
471 * hours ago, then we aren't going to get any consensuses signed with older
472 * keys.) */
473 static void
474 trusted_dirs_remove_old_certs(void)
475 {
476 time_t now = time(NULL);
477 #define DEAD_CERT_LIFETIME (2*24*60*60)
478 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
479 if (!trusted_dir_certs)
480 return;
481
482 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
483 /* Sort the list from first-published to last-published */
484 smartlist_sort(cl->certs, compare_certs_by_pubdates);
485
486 SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
487 if (cert_sl_idx == smartlist_len(cl->certs) - 1) {
488 /* This is the most recently published cert. Keep it. */
489 continue;
490 }
491 authority_cert_t *next_cert = smartlist_get(cl->certs, cert_sl_idx+1);
492 const time_t next_cert_published = next_cert->cache_info.published_on;
493 if (next_cert_published > now) {
494 /* All later certs are published in the future. Keep everything
495 * we didn't discard. */
496 break;
497 }
498 int should_remove = 0;
499 if (cert->expires + DEAD_CERT_LIFETIME < now) {
500 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
501 * Remove it. */
502 should_remove = 1;
503 } else if (next_cert_published + SUPERSEDED_CERT_LIFETIME < now) {
504 /* Certificate has been superseded for OLD_CERT_LIFETIME.
505 * Remove it.
506 */
507 should_remove = 1;
508 }
509 if (should_remove) {
510 SMARTLIST_DEL_CURRENT_KEEPORDER(cl->certs, cert);
511 authority_cert_free(cert);
512 trusted_dir_servers_certs_changed = 1;
513 }
514 } SMARTLIST_FOREACH_END(cert);
515
516 } DIGESTMAP_FOREACH_END;
517 #undef DEAD_CERT_LIFETIME
518 #undef OLD_CERT_LIFETIME
519
520 trusted_dirs_flush_certs_to_disk();
521 }
522
523 /** Return the newest v3 authority certificate whose v3 authority identity key
524 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
525 * or it has no certificate. */
526 authority_cert_t *
527 authority_cert_get_newest_by_id(const char *id_digest)
528 {
529 cert_list_t *cl;
530 authority_cert_t *best = NULL;
531 if (!trusted_dir_certs ||
532 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
533 return NULL;
534
535 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
536 {
537 if (!best || cert->cache_info.published_on > best->cache_info.published_on)
538 best = cert;
539 });
540 return best;
541 }
542
543 /** Return the newest v3 authority certificate whose directory signing key has
544 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
545 */
546 authority_cert_t *
547 authority_cert_get_by_sk_digest(const char *sk_digest)
548 {
549 authority_cert_t *c;
550 if (!trusted_dir_certs)
551 return NULL;
552
553 if ((c = get_my_v3_authority_cert()) &&
554 tor_memeq(c->signing_key_digest, sk_digest, DIGEST_LEN))
555 return c;
556 if ((c = get_my_v3_legacy_cert()) &&
557 tor_memeq(c->signing_key_digest, sk_digest, DIGEST_LEN))
558 return c;
559
560 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
561 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
562 {
563 if (tor_memeq(cert->signing_key_digest, sk_digest, DIGEST_LEN))
564 return cert;
565 });
566 } DIGESTMAP_FOREACH_END;
567 return NULL;
568 }
569
570 /** Return the v3 authority certificate with signing key matching
571 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
572 * Return NULL if no such authority is known. */
573 authority_cert_t *
574 authority_cert_get_by_digests(const char *id_digest,
575 const char *sk_digest)
576 {
577 cert_list_t *cl;
578 if (!trusted_dir_certs ||
579 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
580 return NULL;
581 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
582 if (tor_memeq(cert->signing_key_digest, sk_digest, DIGEST_LEN))
583 return cert; );
584
585 return NULL;
586 }
587
588 /** Add every known authority_cert_t to <b>certs_out</b>. */
589 void
590 authority_cert_get_all(smartlist_t *certs_out)
591 {
592 tor_assert(certs_out);
593 if (!trusted_dir_certs)
594 return;
595
596 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
597 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, c,
598 smartlist_add(certs_out, c));
599 } DIGESTMAP_FOREACH_END;
600 }
601
602 /** Called when an attempt to download a certificate with the authority with
603 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
604 * fails with HTTP response code <b>status</b>: remember the failure, so we
605 * don't try again immediately. */
606 void
607 authority_cert_dl_failed(const char *id_digest,
608 const char *signing_key_digest, int status)
609 {
610 cert_list_t *cl;
611 download_status_t *dlstatus = NULL;
612 char id_digest_str[2*DIGEST_LEN+1];
613 char sk_digest_str[2*DIGEST_LEN+1];
614
615 if (!trusted_dir_certs ||
616 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
617 return;
618
619 /*
620 * Are we noting a failed download of the latest cert for the id digest,
621 * or of a download by (id, signing key) digest pair?
622 */
623 if (!signing_key_digest) {
624 /* Just by id digest */
625 download_status_failed(&cl->dl_status_by_id, status);
626 } else {
627 /* Reset by (id, signing key) digest pair
628 *
629 * Look for a download_status_t in the map with this digest
630 */
631 dlstatus = dsmap_get(cl->dl_status_map, signing_key_digest);
632 /* Got one? */
633 if (dlstatus) {
634 download_status_failed(dlstatus, status);
635 } else {
636 /*
637 * Do this rather than hex_str(), since hex_str clobbers
638 * old results and we call twice in the param list.
639 */
640 base16_encode(id_digest_str, sizeof(id_digest_str),
641 id_digest, DIGEST_LEN);
642 base16_encode(sk_digest_str, sizeof(sk_digest_str),
643 signing_key_digest, DIGEST_LEN);
644 log_warn(LD_BUG,
645 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
646 "status %d, but knew nothing about the download.",
647 id_digest_str, sk_digest_str, status);
648 }
649 }
650 }
651
652 static const char *BAD_SIGNING_KEYS[] = {
653 "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
654 "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
655 "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
656 "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
657 "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
658 "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
659 "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
660 "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
661 "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
662 "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
663 NULL,
664 };
665
666 /** DOCDOC */
667 int
668 authority_cert_is_blacklisted(const authority_cert_t *cert)
669 {
670 char hex_digest[HEX_DIGEST_LEN+1];
671 int i;
672 base16_encode(hex_digest, sizeof(hex_digest),
673 cert->signing_key_digest, sizeof(cert->signing_key_digest));
674
675 for (i = 0; BAD_SIGNING_KEYS[i]; ++i) {
676 if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) {
677 return 1;
678 }
679 }
680 return 0;
681 }
682
683 /** Return true iff when we've been getting enough failures when trying to
684 * download the certificate with ID digest <b>id_digest</b> that we're willing
685 * to start bugging the user about it. */
686 int
687 authority_cert_dl_looks_uncertain(const char *id_digest)
688 {
689 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
690 cert_list_t *cl;
691 int n_failures;
692 if (!trusted_dir_certs ||
693 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
694 return 0;
695
696 n_failures = download_status_get_n_failures(&cl->dl_status_by_id);
697 return n_failures >= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER;
698 }
699
700 /** Try to download any v3 authority certificates that we may be missing. If
701 * <b>status</b> is provided, try to get all the ones that were used to sign
702 * <b>status</b>. Additionally, try to have a non-expired certificate for
703 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
704 * already have.
705 **/
706 void
707 authority_certs_fetch_missing(networkstatus_t *status, time_t now)
708 {
709 /*
710 * The pending_id digestmap tracks pending certificate downloads by
711 * identity digest; the pending_cert digestmap tracks pending downloads
712 * by (identity digest, signing key digest) pairs.
713 */
714 digestmap_t *pending_id;
715 fp_pair_map_t *pending_cert;
716 authority_cert_t *cert;
717 /*
718 * The missing_id_digests smartlist will hold a list of id digests
719 * we want to fetch the newest cert for; the missing_cert_digests
720 * smartlist will hold a list of fp_pair_t with an identity and
721 * signing key digest.
722 */
723 smartlist_t *missing_cert_digests, *missing_id_digests;
724 char *resource = NULL;
725 cert_list_t *cl;
726 const int cache = directory_caches_unknown_auth_certs(get_options());
727 fp_pair_t *fp_tmp = NULL;
728 char id_digest_str[2*DIGEST_LEN+1];
729 char sk_digest_str[2*DIGEST_LEN+1];
730
731 if (should_delay_dir_fetches(get_options(), NULL))
732 return;
733
734 pending_cert = fp_pair_map_new();
735 pending_id = digestmap_new();
736 missing_cert_digests = smartlist_new();
737 missing_id_digests = smartlist_new();
738
739 /*
740 * First, we get the lists of already pending downloads so we don't
741 * duplicate effort.
742 */
743 list_pending_downloads(pending_id, NULL,
744 DIR_PURPOSE_FETCH_CERTIFICATE, "fp/");
745 list_pending_fpsk_downloads(pending_cert);
746
747 /*
748 * Now, we download any trusted authority certs we don't have by
749 * identity digest only. This gets the latest cert for that authority.
750 */
751 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers, dir_server_t *, ds) {
752 int found = 0;
753 if (!(ds->type & V3_DIRINFO))
754 continue;
755 if (smartlist_contains_digest(missing_id_digests,
756 ds->v3_identity_digest))
757 continue;
758 cl = get_cert_list(ds->v3_identity_digest);
759 SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
760 if (now < cert->expires) {
761 /* It's not expired, and we weren't looking for something to
762 * verify a consensus with. Call it done. */
763 download_status_reset(&(cl->dl_status_by_id));
764 /* No sense trying to download it specifically by signing key hash */
765 download_status_reset_by_sk_in_cl(cl, cert->signing_key_digest);
766 found = 1;
767 break;
768 }
769 } SMARTLIST_FOREACH_END(cert);
770 if (!found &&
771 download_status_is_ready(&(cl->dl_status_by_id), now,
772 get_options()->TestingCertMaxDownloadTries) &&
773 !digestmap_get(pending_id, ds->v3_identity_digest)) {
774 log_info(LD_DIR,
775 "No current certificate known for authority %s "
776 "(ID digest %s); launching request.",
777 ds->nickname, hex_str(ds->v3_identity_digest, DIGEST_LEN));
778 smartlist_add(missing_id_digests, ds->v3_identity_digest);
779 }
780 } SMARTLIST_FOREACH_END(ds);
781
782 /*
783 * Next, if we have a consensus, scan through it and look for anything
784 * signed with a key from a cert we don't have. Those get downloaded
785 * by (fp,sk) pair, but if we don't know any certs at all for the fp
786 * (identity digest), and it's one of the trusted dir server certs
787 * we started off above or a pending download in pending_id, don't
788 * try to get it yet. Most likely, the one we'll get for that will
789 * have the right signing key too, and we'd just be downloading
790 * redundantly.
791 */
792 if (status) {
793 SMARTLIST_FOREACH_BEGIN(status->voters, networkstatus_voter_info_t *,
794 voter) {
795 if (!smartlist_len(voter->sigs))
796 continue; /* This authority never signed this consensus, so don't
797 * go looking for a cert with key digest 0000000000. */
798 if (!cache &&
799 !trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
800 continue; /* We are not a cache, and we don't know this authority.*/
801
802 /*
803 * If we don't know *any* cert for this authority, and a download by ID
804 * is pending or we added it to missing_id_digests above, skip this
805 * one for now to avoid duplicate downloads.
806 */
807 cl = get_cert_list(voter->identity_digest);
808 if (smartlist_len(cl->certs) == 0) {
809 /* We have no certs at all for this one */
810
811 /* Do we have a download of one pending? */
812 if (digestmap_get(pending_id, voter->identity_digest))
813 continue;
814
815 /*
816 * Are we about to launch a download of one due to the trusted
817 * dir server check above?
818 */
819 if (smartlist_contains_digest(missing_id_digests,
820 voter->identity_digest))
821 continue;
822 }
823
824 SMARTLIST_FOREACH_BEGIN(voter->sigs, document_signature_t *, sig) {
825 cert = authority_cert_get_by_digests(voter->identity_digest,
826 sig->signing_key_digest);
827 if (cert) {
828 if (now < cert->expires)
829 download_status_reset_by_sk_in_cl(cl, sig->signing_key_digest);
830 continue;
831 }
832 if (download_status_is_ready_by_sk_in_cl(
833 cl, sig->signing_key_digest,
834 now, get_options()->TestingCertMaxDownloadTries) &&
835 !fp_pair_map_get_by_digests(pending_cert,
836 voter->identity_digest,
837 sig->signing_key_digest)) {
838 /*
839 * Do this rather than hex_str(), since hex_str clobbers
840 * old results and we call twice in the param list.
841 */
842 base16_encode(id_digest_str, sizeof(id_digest_str),
843 voter->identity_digest, DIGEST_LEN);
844 base16_encode(sk_digest_str, sizeof(sk_digest_str),
845 sig->signing_key_digest, DIGEST_LEN);
846
847 if (voter->nickname) {
848 log_info(LD_DIR,
849 "We're missing a certificate from authority %s "
850 "(ID digest %s) with signing key %s: "
851 "launching request.",
852 voter->nickname, id_digest_str, sk_digest_str);
853 } else {
854 log_info(LD_DIR,
855 "We're missing a certificate from authority ID digest "
856 "%s with signing key %s: launching request.",
857 id_digest_str, sk_digest_str);
858 }
859
860 /* Allocate a new fp_pair_t to append */
861 fp_tmp = tor_malloc(sizeof(*fp_tmp));
862 memcpy(fp_tmp->first, voter->identity_digest, sizeof(fp_tmp->first));
863 memcpy(fp_tmp->second, sig->signing_key_digest,
864 sizeof(fp_tmp->second));
865 smartlist_add(missing_cert_digests, fp_tmp);
866 }
867 } SMARTLIST_FOREACH_END(sig);
868 } SMARTLIST_FOREACH_END(voter);
869 }
870
871 /* Do downloads by identity digest */
872 if (smartlist_len(missing_id_digests) > 0) {
873 int need_plus = 0;
874 smartlist_t *fps = smartlist_new();
875
876 smartlist_add(fps, tor_strdup("fp/"));
877
878 SMARTLIST_FOREACH_BEGIN(missing_id_digests, const char *, d) {
879 char *fp = NULL;
880
881 if (digestmap_get(pending_id, d))
882 continue;
883
884 base16_encode(id_digest_str, sizeof(id_digest_str),
885 d, DIGEST_LEN);
886
887 if (need_plus) {
888 tor_asprintf(&fp, "+%s", id_digest_str);
889 } else {
890 /* No need for tor_asprintf() in this case; first one gets no '+' */
891 fp = tor_strdup(id_digest_str);
892 need_plus = 1;
893 }
894
895 smartlist_add(fps, fp);
896 } SMARTLIST_FOREACH_END(d);
897
898 if (smartlist_len(fps) > 1) {
899 resource = smartlist_join_strings(fps, "", 0, NULL);
900 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
901 resource, PDS_RETRY_IF_NO_SERVERS);
902 tor_free(resource);
903 }
904 /* else we didn't add any: they were all pending */
905
906 SMARTLIST_FOREACH(fps, char *, cp, tor_free(cp));
907 smartlist_free(fps);
908 }
909
910 /* Do downloads by identity digest/signing key pair */
911 if (smartlist_len(missing_cert_digests) > 0) {
912 int need_plus = 0;
913 smartlist_t *fp_pairs = smartlist_new();
914
915 smartlist_add(fp_pairs, tor_strdup("fp-sk/"));
916
917 SMARTLIST_FOREACH_BEGIN(missing_cert_digests, const fp_pair_t *, d) {
918 char *fp_pair = NULL;
919
920 if (fp_pair_map_get(pending_cert, d))
921 continue;
922
923 /* Construct string encodings of the digests */
924 base16_encode(id_digest_str, sizeof(id_digest_str),
925 d->first, DIGEST_LEN);
926 base16_encode(sk_digest_str, sizeof(sk_digest_str),
927 d->second, DIGEST_LEN);
928
929 /* Now tor_asprintf() */
930 if (need_plus) {
931 tor_asprintf(&fp_pair, "+%s-%s", id_digest_str, sk_digest_str);
932 } else {
933 /* First one in the list doesn't get a '+' */
934 tor_asprintf(&fp_pair, "%s-%s", id_digest_str, sk_digest_str);
935 need_plus = 1;
936 }
937
938 /* Add it to the list of pairs to request */
939 smartlist_add(fp_pairs, fp_pair);
940 } SMARTLIST_FOREACH_END(d);
941
942 if (smartlist_len(fp_pairs) > 1) {
943 resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
944 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
945 resource, PDS_RETRY_IF_NO_SERVERS);
946 tor_free(resource);
947 }
948 /* else they were all pending */
949
950 SMARTLIST_FOREACH(fp_pairs, char *, p, tor_free(p));
951 smartlist_free(fp_pairs);
952 }
953
954 smartlist_free(missing_id_digests);
955 SMARTLIST_FOREACH(missing_cert_digests, fp_pair_t *, p, tor_free(p));
956 smartlist_free(missing_cert_digests);
957 digestmap_free(pending_id, NULL);
958 fp_pair_map_free(pending_cert, NULL);
959 }
960
961 /* Router descriptor storage.
962 *
963 * Routerdescs are stored in a big file, named "cached-descriptors". As new
964 * routerdescs arrive, we append them to a journal file named
965 * "cached-descriptors.new".
966 *
967 * From time to time, we replace "cached-descriptors" with a new file
968 * containing only the live, non-superseded descriptors, and clear
969 * cached-routers.new.
970 *
971 * On startup, we read both files.
972 */
973
974 /** Helper: return 1 iff the router log is so big we want to rebuild the
975 * store. */
976 static int
977 router_should_rebuild_store(desc_store_t *store)
978 {
979 if (store->store_len > (1<<16))
980 return (store->journal_len > store->store_len / 2 ||
981 store->bytes_dropped > store->store_len / 2);
982 else
983 return store->journal_len > (1<<15);
984 }
985
986 /** Return the desc_store_t in <b>rl</b> that should be used to store
987 * <b>sd</b>. */
988 static INLINE desc_store_t *
989 desc_get_store(routerlist_t *rl, const signed_descriptor_t *sd)
990 {
991 if (sd->is_extrainfo)
992 return &rl->extrainfo_store;
993 else
994 return &rl->desc_store;
995 }
996
997 /** Add the signed_descriptor_t in <b>desc</b> to the router
998 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
999 * offset appropriately. */
1000 static int
1001 signed_desc_append_to_journal(signed_descriptor_t *desc,
1002 desc_store_t *store)
1003 {
1004 char *fname = get_datadir_fname_suffix(store->fname_base, ".new");
1005 const char *body = signed_descriptor_get_body_impl(desc,1);
1006 size_t len = desc->signed_descriptor_len + desc->annotations_len;
1007
1008 if (append_bytes_to_file(fname, body, len, 1)) {
1009 log_warn(LD_FS, "Unable to store router descriptor");
1010 tor_free(fname);
1011 return -1;
1012 }
1013 desc->saved_location = SAVED_IN_JOURNAL;
1014 tor_free(fname);
1015
1016 desc->saved_offset = store->journal_len;
1017 store->journal_len += len;
1018
1019 return 0;
1020 }
1021
1022 /** Sorting helper: return &lt;0, 0, or &gt;0 depending on whether the
1023 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1024 * the signed_descriptor_t* in *<b>b</b>. */
1025 static int
1026 compare_signed_descriptors_by_age_(const void **_a, const void **_b)
1027 {
1028 const signed_descriptor_t *r1 = *_a, *r2 = *_b;
1029 return (int)(r1->published_on - r2->published_on);
1030 }
1031
1032 #define RRS_FORCE 1
1033 #define RRS_DONT_REMOVE_OLD 2
1034
1035 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1036 * <b>flags</b>, then atomically replace the saved router store with the
1037 * routers currently in our routerlist, and clear the journal. Unless
1038 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1039 * rebuilding the store. Return 0 on success, -1 on failure.
1040 */
1041 static int
1042 router_rebuild_store(int flags, desc_store_t *store)
1043 {
1044 smartlist_t *chunk_list = NULL;
1045 char *fname = NULL, *fname_tmp = NULL;
1046 int r = -1;
1047 off_t offset = 0;
1048 smartlist_t *signed_descriptors = NULL;
1049 int nocache=0;
1050 size_t total_expected_len = 0;
1051 int had_any;
1052 int force = flags & RRS_FORCE;
1053
1054 if (!force && !router_should_rebuild_store(store)) {
1055 r = 0;
1056 goto done;
1057 }
1058 if (!routerlist) {
1059 r = 0;
1060 goto done;
1061 }
1062
1063 if (store->type == EXTRAINFO_STORE)
1064 had_any = !eimap_isempty(routerlist->extra_info_map);
1065 else
1066 had_any = (smartlist_len(routerlist->routers)+
1067 smartlist_len(routerlist->old_routers))>0;
1068
1069 /* Don't save deadweight. */
1070 if (!(flags & RRS_DONT_REMOVE_OLD))
1071 routerlist_remove_old_routers();
1072
1073 log_info(LD_DIR, "Rebuilding %s cache", store->description);
1074
1075 fname = get_datadir_fname(store->fname_base);
1076 fname_tmp = get_datadir_fname_suffix(store->fname_base, ".tmp");
1077
1078 chunk_list = smartlist_new();
1079
1080 /* We sort the routers by age to enhance locality on disk. */
1081 signed_descriptors = smartlist_new();
1082 if (store->type == EXTRAINFO_STORE) {
1083 eimap_iter_t *iter;
1084 for (iter = eimap_iter_init(routerlist->extra_info_map);
1085 !eimap_iter_done(iter);
1086 iter = eimap_iter_next(routerlist->extra_info_map, iter)) {
1087 const char *key;
1088 extrainfo_t *ei;
1089 eimap_iter_get(iter, &key, &ei);
1090 smartlist_add(signed_descriptors, &ei->cache_info);
1091 }
1092 } else {
1093 SMARTLIST_FOREACH(routerlist->old_routers, signed_descriptor_t *, sd,
1094 smartlist_add(signed_descriptors, sd));
1095 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, ri,
1096 smartlist_add(signed_descriptors, &ri->cache_info));
1097 }
1098
1099 smartlist_sort(signed_descriptors, compare_signed_descriptors_by_age_);
1100
1101 /* Now, add the appropriate members to chunk_list */
1102 SMARTLIST_FOREACH_BEGIN(signed_descriptors, signed_descriptor_t *, sd) {
1103 sized_chunk_t *c;
1104 const char *body = signed_descriptor_get_body_impl(sd, 1);
1105 if (!body) {
1106 log_warn(LD_BUG, "No descriptor available for router.");
1107 goto done;
1108 }
1109 if (sd->do_not_cache) {
1110 ++nocache;
1111 continue;
1112 }
1113 c = tor_malloc(sizeof(sized_chunk_t));
1114 c->bytes = body;
1115 c->len = sd->signed_descriptor_len + sd->annotations_len;
1116 total_expected_len += c->len;
1117 smartlist_add(chunk_list, c);
1118 } SMARTLIST_FOREACH_END(sd);
1119
1120 if (write_chunks_to_file(fname_tmp, chunk_list, 1, 1)<0) {
1121 log_warn(LD_FS, "Error writing router store to disk.");
1122 goto done;
1123 }
1124
1125 /* Our mmap is now invalid. */
1126 if (store->mmap) {
1127 int res = tor_munmap_file(store->mmap);
1128 store->mmap = NULL;
1129 if (res != 0) {
1130 log_warn(LD_FS, "Unable to munmap route store in %s", fname);
1131 }
1132 }
1133
1134 if (replace_file(fname_tmp, fname)<0) {
1135 log_warn(LD_FS, "Error replacing old router store: %s", strerror(errno));
1136 goto done;
1137 }
1138
1139 errno = 0;
1140 store->mmap = tor_mmap_file(fname);
1141 if (! store->mmap) {
1142 if (errno == ERANGE) {
1143 /* empty store.*/
1144 if (total_expected_len) {
1145 log_warn(LD_FS, "We wrote some bytes to a new descriptor file at '%s',"
1146 " but when we went to mmap it, it was empty!", fname);
1147 } else if (had_any) {
1148 log_info(LD_FS, "We just removed every descriptor in '%s'. This is "
1149 "okay if we're just starting up after a long time. "
1150 "Otherwise, it's a bug.", fname);
1151 }
1152 } else {
1153 log_warn(LD_FS, "Unable to mmap new descriptor file at '%s'.",fname);
1154 }
1155 }
1156
1157 log_info(LD_DIR, "Reconstructing pointers into cache");
1158
1159 offset = 0;
1160 SMARTLIST_FOREACH_BEGIN(signed_descriptors, signed_descriptor_t *, sd) {
1161 if (sd->do_not_cache)
1162 continue;
1163 sd->saved_location = SAVED_IN_CACHE;
1164 if (store->mmap) {
1165 tor_free(sd->signed_descriptor_body); // sets it to null
1166 sd->saved_offset = offset;
1167 }
1168 offset += sd->signed_descriptor_len + sd->annotations_len;
1169 signed_descriptor_get_body(sd); /* reconstruct and assert */
1170 } SMARTLIST_FOREACH_END(sd);
1171
1172 tor_free(fname);
1173 fname = get_datadir_fname_suffix(store->fname_base, ".new");
1174 write_str_to_file(fname, "", 1);
1175
1176 r = 0;
1177 store->store_len = (size_t) offset;
1178 store->journal_len = 0;
1179 store->bytes_dropped = 0;
1180 done:
1181 smartlist_free(signed_descriptors);
1182 tor_free(fname);
1183 tor_free(fname_tmp);
1184 if (chunk_list) {
1185 SMARTLIST_FOREACH(chunk_list, sized_chunk_t *, c, tor_free(c));
1186 smartlist_free(chunk_list);
1187 }
1188
1189 return r;
1190 }
1191
1192 /** Helper: Reload a cache file and its associated journal, setting metadata
1193 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1194 * else reload the router descriptor store. */
1195 static int
1196 router_reload_router_list_impl(desc_store_t *store)
1197 {
1198 char *fname = NULL, *contents = NULL;
1199 struct stat st;
1200 int extrainfo = (store->type == EXTRAINFO_STORE);
1201 store->journal_len = store->store_len = 0;
1202
1203 fname = get_datadir_fname(store->fname_base);
1204
1205 if (store->mmap) {
1206 /* get rid of it first */
1207 int res = tor_munmap_file(store->mmap);
1208 store->mmap = NULL;
1209 if (res != 0) {
1210 log_warn(LD_FS, "Failed to munmap %s", fname);
1211 tor_free(fname);
1212 return -1;
1213 }
1214 }
1215
1216 store->mmap = tor_mmap_file(fname);
1217 if (store->mmap) {
1218 store->store_len = store->mmap->size;
1219 if (extrainfo)
1220 router_load_extrainfo_from_string(store->mmap->data,
1221 store->mmap->data+store->mmap->size,
1222 SAVED_IN_CACHE, NULL, 0);
1223 else
1224 router_load_routers_from_string(store->mmap->data,
1225 store->mmap->data+store->mmap->size,
1226 SAVED_IN_CACHE, NULL, 0, NULL);
1227 }
1228
1229 tor_free(fname);
1230 fname = get_datadir_fname_suffix(store->fname_base, ".new");
1231 /* don't load empty files - we wouldn't get any data, even if we tried */
1232 if (file_status(fname) == FN_FILE)
1233 contents = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
1234 if (contents) {
1235 if (extrainfo)
1236 router_load_extrainfo_from_string(contents, NULL,SAVED_IN_JOURNAL,
1237 NULL, 0);
1238 else
1239 router_load_routers_from_string(contents, NULL, SAVED_IN_JOURNAL,
1240 NULL, 0, NULL);
1241 store->journal_len = (size_t) st.st_size;
1242 tor_free(contents);
1243 }
1244
1245 tor_free(fname);
1246
1247 if (store->journal_len) {
1248 /* Always clear the journal on startup.*/
1249 router_rebuild_store(RRS_FORCE, store);
1250 } else if (!extrainfo) {
1251 /* Don't cache expired routers. (This is in an else because
1252 * router_rebuild_store() also calls remove_old_routers().) */
1253 routerlist_remove_old_routers();
1254 }
1255
1256 return 0;
1257 }
1258
1259 /** Load all cached router descriptors and extra-info documents from the
1260 * store. Return 0 on success and -1 on failure.
1261 */
1262 int
1263 router_reload_router_list(void)
1264 {
1265 routerlist_t *rl = router_get_routerlist();
1266 if (router_reload_router_list_impl(&rl->desc_store))
1267 return -1;
1268 if (router_reload_router_list_impl(&rl->extrainfo_store))
1269 return -1;
1270 return 0;
1271 }
1272
1273 /** Return a smartlist containing a list of dir_server_t * for all
1274 * known trusted dirservers. Callers must not modify the list or its
1275 * contents.
1276 */
1277 const smartlist_t *
1278 router_get_trusted_dir_servers(void)
1279 {
1280 if (!trusted_dir_servers)
1281 trusted_dir_servers = smartlist_new();
1282
1283 return trusted_dir_servers;
1284 }
1285
1286 const smartlist_t *
1287 router_get_fallback_dir_servers(void)
1288 {
1289 if (!fallback_dir_servers)
1290 fallback_dir_servers = smartlist_new();
1291
1292 return fallback_dir_servers;
1293 }
1294
1295 /** Try to find a running dirserver that supports operations of <b>type</b>.
1296 *
1297 * If there are no running dirservers in our routerlist and the
1298 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the authoritative ones
1299 * as running again, and pick one.
1300 *
1301 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1302 * dirservers that we can't reach.
1303 *
1304 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1305 * (if we're a dirserver).
1306 *
1307 * Don't pick an authority if any non-authority is viable; try to avoid using
1308 * servers that have returned 503 recently.
1309 */
1310 const routerstatus_t *
1311 router_pick_directory_server(dirinfo_type_t type, int flags)
1312 {
1313 int busy = 0;
1314 const routerstatus_t *choice;
1315
1316 if (!routerlist)
1317 return NULL;
1318
1319 choice = router_pick_directory_server_impl(type, flags, &busy);
1320 if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS))
1321 return choice;
1322
1323 if (busy) {
1324 /* If the reason that we got no server is that servers are "busy",
1325 * we must be excluding good servers because we already have serverdesc
1326 * fetches with them. Do not mark down servers up because of this. */
1327 tor_assert((flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
1328 PDS_NO_EXISTING_MICRODESC_FETCH)));
1329 return NULL;
1330 }
1331
1332 log_info(LD_DIR,
1333 "No reachable router entries for dirservers. "
1334 "Trying them all again.");
1335 /* mark all authdirservers as up again */
1336 mark_all_dirservers_up(fallback_dir_servers);
1337 /* try again */
1338 choice = router_pick_directory_server_impl(type, flags, NULL);
1339 return choice;
1340 }
1341
1342 /** Return the dir_server_t for the directory authority whose identity
1343 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1344 */
1345 dir_server_t *
1346 router_get_trusteddirserver_by_digest(const char *digest)
1347 {
1348 if (!trusted_dir_servers)
1349 return NULL;
1350
1351 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
1352 {
1353 if (tor_memeq(ds->digest, digest, DIGEST_LEN))
1354 return ds;
1355 });
1356
1357 return NULL;
1358 }
1359
1360 /** Return the dir_server_t for the fallback dirserver whose identity
1361 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1362 */
1363 dir_server_t *
1364 router_get_fallback_dirserver_by_digest(const char *digest)
1365 {
1366 if (!trusted_dir_servers)
1367 return NULL;
1368
1369 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
1370 {
1371 if (tor_memeq(ds->digest, digest, DIGEST_LEN))
1372 return ds;
1373 });
1374
1375 return NULL;
1376 }
1377
1378 /** Return the dir_server_t for the directory authority whose
1379 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1380 * is known.
1381 */
1382 dir_server_t *
1383 trusteddirserver_get_by_v3_auth_digest(const char *digest)
1384 {
1385 if (!trusted_dir_servers)
1386 return NULL;
1387
1388 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
1389 {
1390 if (tor_memeq(ds->v3_identity_digest, digest, DIGEST_LEN) &&
1391 (ds->type & V3_DIRINFO))
1392 return ds;
1393 });
1394
1395 return NULL;
1396 }
1397
1398 /** Try to find a running directory authority. Flags are as for
1399 * router_pick_directory_server.
1400 */
1401 const routerstatus_t *
1402 router_pick_trusteddirserver(dirinfo_type_t type, int flags)
1403 {
1404 return router_pick_dirserver_generic(trusted_dir_servers, type, flags);
1405 }
1406
1407 /** Try to find a running fallback directory. Flags are as for
1408 * router_pick_directory_server.
1409 */
1410 const routerstatus_t *
1411 router_pick_fallback_dirserver(dirinfo_type_t type, int flags)
1412 {
1413 return router_pick_dirserver_generic(fallback_dir_servers, type, flags);
1414 }
1415
1416 /** Try to find a running fallback directory. Flags are as for
1417 * router_pick_directory_server.
1418 */
1419 static const routerstatus_t *
1420 router_pick_dirserver_generic(smartlist_t *sourcelist,
1421 dirinfo_type_t type, int flags)
1422 {
1423 const routerstatus_t *choice;
1424 int busy = 0;
1425
1426 choice = router_pick_trusteddirserver_impl(sourcelist, type, flags, &busy);
1427 if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS))
1428 return choice;
1429 if (busy) {
1430 /* If the reason that we got no server is that servers are "busy",
1431 * we must be excluding good servers because we already have serverdesc
1432 * fetches with them. Do not mark down servers up because of this. */
1433 tor_assert((flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
1434 PDS_NO_EXISTING_MICRODESC_FETCH)));
1435 return NULL;
1436 }
1437
1438 log_info(LD_DIR,
1439 "No dirservers are reachable. Trying them all again.");
1440 mark_all_dirservers_up(sourcelist);
1441 return router_pick_trusteddirserver_impl(sourcelist, type, flags, NULL);
1442 }
1443
1444 /** How long do we avoid using a directory server after it's given us a 503? */
1445 #define DIR_503_TIMEOUT (60*60)
1446
1447 /** Pick a random running valid directory server/mirror from our
1448 * routerlist. Arguments are as for router_pick_directory_server(), except:
1449 *
1450 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1451 * directories that we excluded for no other reason than
1452 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1453 */
1454 static const routerstatus_t *
1455 router_pick_directory_server_impl(dirinfo_type_t type, int flags,
1456 int *n_busy_out)
1457 {
1458 const or_options_t *options = get_options();
1459 const node_t *result;
1460 smartlist_t *direct, *tunnel;
1461 smartlist_t *trusted_direct, *trusted_tunnel;
1462 smartlist_t *overloaded_direct, *overloaded_tunnel;
1463 time_t now = time(NULL);
1464 const networkstatus_t *consensus = networkstatus_get_latest_consensus();
1465 const int requireother = ! (flags & PDS_ALLOW_SELF);
1466 const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
1467 const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH);
1468 const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH);
1469 const int for_guard = (flags & PDS_FOR_GUARD);
1470 int try_excluding = 1, n_excluded = 0, n_busy = 0;
1471
1472 if (!consensus)
1473 return NULL;
1474
1475 retry_without_exclude:
1476
1477 direct = smartlist_new();
1478 tunnel = smartlist_new();
1479 trusted_direct = smartlist_new();
1480 trusted_tunnel = smartlist_new();
1481 overloaded_direct = smartlist_new();
1482 overloaded_tunnel = smartlist_new();
1483
1484 /* Find all the running dirservers we know about. */
1485 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
1486 int is_trusted, is_trusted_extrainfo;
1487 int is_overloaded;
1488 tor_addr_t addr;
1489 const routerstatus_t *status = node->rs;
1490 const country_t country = node->country;
1491 if (!status)
1492 continue;
1493
1494 if (!node->is_running || !status->dir_port || !node->is_valid)
1495 continue;
1496 if (requireother && router_digest_is_me(node->identity))
1497 continue;
1498 is_trusted = router_digest_is_trusted_dir(node->identity);
1499 is_trusted_extrainfo = router_digest_is_trusted_dir_type(
1500 node->identity, EXTRAINFO_DIRINFO);
1501 if ((type & EXTRAINFO_DIRINFO) &&
1502 !router_supports_extrainfo(node->identity, is_trusted_extrainfo))
1503 continue;
1504 /* Don't make the same node a guard twice */
1505 if (for_guard && node->using_as_guard) {
1506 continue;
1507 }
1508 /* Ensure that a directory guard is actually a guard node. */
1509 if (for_guard && !node->is_possible_guard) {
1510 continue;
1511 }
1512 if (try_excluding &&
1513 routerset_contains_routerstatus(options->ExcludeNodes, status,
1514 country)) {
1515 ++n_excluded;
1516 continue;
1517 }
1518
1519 /* XXXX IP6 proposal 118 */
1520 tor_addr_from_ipv4h(&addr, status->addr);
1521
1522 if (no_serverdesc_fetching && (
1523 connection_get_by_type_addr_port_purpose(
1524 CONN_TYPE_DIR, &addr, status->dir_port, DIR_PURPOSE_FETCH_SERVERDESC)
1525 || connection_get_by_type_addr_port_purpose(
1526 CONN_TYPE_DIR, &addr, status->dir_port, DIR_PURPOSE_FETCH_EXTRAINFO)
1527 )) {
1528 ++n_busy;
1529 continue;
1530 }
1531
1532 if (no_microdesc_fetching && connection_get_by_type_addr_port_purpose(
1533 CONN_TYPE_DIR, &addr, status->dir_port, DIR_PURPOSE_FETCH_MICRODESC)
1534 ) {
1535 ++n_busy;
1536 continue;
1537 }
1538
1539 is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now;
1540
1541 if ((!fascistfirewall ||
1542 fascist_firewall_allows_address_or(&addr, status->or_port)))
1543 smartlist_add(is_trusted ? trusted_tunnel :
1544 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
1545 else if (!fascistfirewall ||
1546 fascist_firewall_allows_address_dir(&addr, status->dir_port))
1547 smartlist_add(is_trusted ? trusted_direct :
1548 is_overloaded ? overloaded_direct : direct, (void*)node);
1549 } SMARTLIST_FOREACH_END(node);
1550
1551 if (smartlist_len(tunnel)) {
1552 result = node_sl_choose_by_bandwidth(tunnel, WEIGHT_FOR_DIR);
1553 } else if (smartlist_len(overloaded_tunnel)) {
1554 result = node_sl_choose_by_bandwidth(overloaded_tunnel,
1555 WEIGHT_FOR_DIR);
1556 } else if (smartlist_len(trusted_tunnel)) {
1557 /* FFFF We don't distinguish between trusteds and overloaded trusteds
1558 * yet. Maybe one day we should. */
1559 /* FFFF We also don't load balance over authorities yet. I think this
1560 * is a feature, but it could easily be a bug. -RD */
1561 result = smartlist_choose(trusted_tunnel);
1562 } else if (smartlist_len(direct)) {
1563 result = node_sl_choose_by_bandwidth(direct, WEIGHT_FOR_DIR);
1564 } else if (smartlist_len(overloaded_direct)) {
1565 result = node_sl_choose_by_bandwidth(overloaded_direct,
1566 WEIGHT_FOR_DIR);
1567 } else {
1568 result = smartlist_choose(trusted_direct);
1569 }
1570 smartlist_free(direct);
1571 smartlist_free(tunnel);
1572 smartlist_free(trusted_direct);
1573 smartlist_free(trusted_tunnel);
1574 smartlist_free(overloaded_direct);
1575 smartlist_free(overloaded_tunnel);
1576
1577 if (result == NULL && try_excluding && !options->StrictNodes && n_excluded
1578 && !n_busy) {
1579 /* If we got no result, and we are excluding nodes, and StrictNodes is
1580 * not set, try again without excluding nodes. */
1581 try_excluding = 0;
1582 n_excluded = 0;
1583 n_busy = 0;
1584 goto retry_without_exclude;
1585 }
1586
1587 if (n_busy_out)
1588 *n_busy_out = n_busy;
1589
1590 return result ? result->rs : NULL;
1591 }
1592
1593 /** Pick a random element from a list of dir_server_t, weighting by their
1594 * <b>weight</b> field. */
1595 static const dir_server_t *
1596 dirserver_choose_by_weight(const smartlist_t *servers, double authority_weight)
1597 {
1598 int n = smartlist_len(servers);
1599 int i;
1600 u64_dbl_t *weights;
1601 const dir_server_t *ds;
1602
1603 weights = tor_calloc(n, sizeof(u64_dbl_t));
1604 for (i = 0; i < n; ++i) {
1605 ds = smartlist_get(servers, i);
1606 weights[i].dbl = ds->weight;
1607 if (ds->is_authority)
1608 weights[i].dbl *= authority_weight;
1609 }
1610
1611 scale_array_elements_to_u64(weights, n, NULL);
1612 i = choose_array_element_by_weight(weights, n);
1613 tor_free(weights);
1614 return (i < 0) ? NULL : smartlist_get(servers, i);
1615 }
1616
1617 /** Choose randomly from among the dir_server_ts in sourcelist that
1618 * are up. Flags are as for router_pick_directory_server_impl().
1619 */
1620 static const routerstatus_t *
1621 router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
1622 dirinfo_type_t type, int flags,
1623 int *n_busy_out)
1624 {
1625 const or_options_t *options = get_options();
1626 smartlist_t *direct, *tunnel;
1627 smartlist_t *overloaded_direct, *overloaded_tunnel;
1628 const routerinfo_t *me = router_get_my_routerinfo();
1629 const routerstatus_t *result = NULL;
1630 time_t now = time(NULL);
1631 const int requireother = ! (flags & PDS_ALLOW_SELF);
1632 const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
1633 const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH);
1634 const int no_microdesc_fetching =(flags & PDS_NO_EXISTING_MICRODESC_FETCH);
1635 const double auth_weight = (sourcelist == fallback_dir_servers) ?
1636 options->DirAuthorityFallbackRate : 1.0;
1637 smartlist_t *pick_from;
1638 int n_busy = 0;
1639 int try_excluding = 1, n_excluded = 0;
1640
1641 if (!sourcelist)
1642 return NULL;
1643
1644 retry_without_exclude:
1645
1646 direct = smartlist_new();
1647 tunnel = smartlist_new();
1648 overloaded_direct = smartlist_new();
1649 overloaded_tunnel = smartlist_new();
1650
1651 SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
1652 {
1653 int is_overloaded =
1654 d->fake_status.last_dir_503_at + DIR_503_TIMEOUT > now;
1655 tor_addr_t addr;
1656 if (!d->is_running) continue;
1657 if ((type & d->type) == 0)
1658 continue;
1659 if ((type & EXTRAINFO_DIRINFO) &&
1660 !router_supports_extrainfo(d->digest, 1))
1661 continue;
1662 if (requireother && me && router_digest_is_me(d->digest))
1663 continue;
1664 if (try_excluding &&
1665 routerset_contains_routerstatus(options->ExcludeNodes,
1666 &d->fake_status, -1)) {
1667 ++n_excluded;
1668 continue;
1669 }
1670
1671 /* XXXX IP6 proposal 118 */
1672 tor_addr_from_ipv4h(&addr, d->addr);
1673
1674 if (no_serverdesc_fetching) {
1675 if (connection_get_by_type_addr_port_purpose(
1676 CONN_TYPE_DIR, &addr, d->dir_port, DIR_PURPOSE_FETCH_SERVERDESC)
1677 || connection_get_by_type_addr_port_purpose(
1678 CONN_TYPE_DIR, &addr, d->dir_port, DIR_PURPOSE_FETCH_EXTRAINFO)) {
1679 //log_debug(LD_DIR, "We have an existing connection to fetch "
1680 // "descriptor from %s; delaying",d->description);
1681 ++n_busy;
1682 continue;
1683 }
1684 }
1685 if (no_microdesc_fetching) {
1686 if (connection_get_by_type_addr_port_purpose(
1687 CONN_TYPE_DIR, &addr, d->dir_port, DIR_PURPOSE_FETCH_MICRODESC)) {
1688 ++n_busy;
1689 continue;
1690 }
1691 }
1692
1693 if (d->or_port &&
1694 (!fascistfirewall ||
1695 fascist_firewall_allows_address_or(&addr, d->or_port)))
1696 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
1697 else if (!fascistfirewall ||
1698 fascist_firewall_allows_address_dir(&addr, d->dir_port))
1699 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
1700 }
1701 SMARTLIST_FOREACH_END(d);
1702
1703 if (smartlist_len(tunnel)) {
1704 pick_from = tunnel;
1705 } else if (smartlist_len(overloaded_tunnel)) {
1706 pick_from = overloaded_tunnel;
1707 } else if (smartlist_len(direct)) {
1708 pick_from = direct;
1709 } else {
1710 pick_from = overloaded_direct;
1711 }
1712
1713 {
1714 const dir_server_t *selection =
1715 dirserver_choose_by_weight(pick_from, auth_weight);
1716
1717 if (selection)
1718 result = &selection->fake_status;
1719 }
1720
1721 if (n_busy_out)
1722 *n_busy_out = n_busy;
1723
1724 smartlist_free(direct);
1725 smartlist_free(tunnel);
1726 smartlist_free(overloaded_direct);
1727 smartlist_free(overloaded_tunnel);
1728
1729 if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) {
1730 /* If we got no result, and we are excluding nodes, and StrictNodes is
1731 * not set, try again without excluding nodes. */
1732 try_excluding = 0;
1733 n_excluded = 0;
1734 goto retry_without_exclude;
1735 }
1736
1737 return result;
1738 }
1739
1740 /** Mark as running every dir_server_t in <b>server_list</b>. */
1741 static void
1742 mark_all_dirservers_up(smartlist_t *server_list)
1743 {
1744 if (server_list) {
1745 SMARTLIST_FOREACH_BEGIN(server_list, dir_server_t *, dir) {
1746 routerstatus_t *rs;
1747 node_t *node;
1748 dir->is_running = 1;
1749 node = node_get_mutable_by_id(dir->digest);
1750 if (node)
1751 node->is_running = 1;
1752 rs = router_get_mutable_consensus_status_by_id(dir->digest);
1753 if (rs) {
1754 rs->last_dir_503_at = 0;
1755 control_event_networkstatus_changed_single(rs);
1756 }
1757 } SMARTLIST_FOREACH_END(dir);
1758 }
1759 router_dir_info_changed();
1760 }
1761
1762 /** Return true iff r1 and r2 have the same address and OR port. */
1763 int
1764 routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2)
1765 {
1766 return r1->addr == r2->addr && r1->or_port == r2->or_port &&
1767 tor_addr_eq(&r1->ipv6_addr, &r2->ipv6_addr) &&
1768 r1->ipv6_orport == r2->ipv6_orport;
1769 }
1770
1771 /** Reset all internal variables used to count failed downloads of network
1772 * status objects. */
1773 void
1774 router_reset_status_download_failures(void)
1775 {
1776 mark_all_dirservers_up(fallback_dir_servers);
1777 }
1778
1779 /** Given a <b>router</b>, add every node_t in its family (including the
1780 * node itself!) to <b>sl</b>.
1781 *
1782 * Note the type mismatch: This function takes a routerinfo, but adds nodes
1783 * to the smartlist!
1784 */
1785 static void
1786 routerlist_add_node_and_family(smartlist_t *sl, const routerinfo_t *router)
1787 {
1788 /* XXXX MOVE ? */
1789 node_t fake_node;
1790 const node_t *node = node_get_by_id(router->cache_info.identity_digest);;
1791 if (node == NULL) {
1792 memset(&fake_node, 0, sizeof(fake_node));
1793 fake_node.ri = (routerinfo_t *)router;
1794 memcpy(fake_node.identity, router->cache_info.identity_digest, DIGEST_LEN);
1795 node = &fake_node;
1796 }
1797 nodelist_add_node_and_family(sl, node);
1798 }
1799
1800 /** Add every suitable node from our nodelist to <b>sl</b>, so that
1801 * we can pick a node for a circuit.
1802 */
1803 void
1804 router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
1805 int need_uptime, int need_capacity,
1806 int need_guard, int need_desc)
1807 { /* XXXX MOVE */
1808 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
1809 if (!node->is_running ||
1810 (!node->is_valid && !allow_invalid))
1811 continue;
1812 if (need_desc && !(node->ri || (node->rs && node->md)))
1813 continue;
1814 if (node->ri && node->ri->purpose != ROUTER_PURPOSE_GENERAL)
1815 continue;
1816 if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
1817 continue;
1818
1819 smartlist_add(sl, (void *)node);
1820 } SMARTLIST_FOREACH_END(node);
1821 }
1822
1823 /** Look through the routerlist until we find a router that has my key.
1824 Return it. */
1825 const routerinfo_t *
1826 routerlist_find_my_routerinfo(void)
1827 {
1828 if (!routerlist)
1829 return NULL;
1830
1831 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, router,
1832 {
1833 if (router_is_me(router))
1834 return router;
1835 });
1836 return NULL;
1837 }
1838
1839 /** Return the smaller of the router's configured BandwidthRate
1840 * and its advertised capacity. */
1841 uint32_t
1842 router_get_advertised_bandwidth(const routerinfo_t *router)
1843 {
1844 if (router->bandwidthcapacity < router->bandwidthrate)
1845 return router->bandwidthcapacity;
1846 return router->bandwidthrate;
1847 }
1848
1849 /** Do not weight any declared bandwidth more than this much when picking
1850 * routers by bandwidth. */
1851 #define DEFAULT_MAX_BELIEVABLE_BANDWIDTH 10000000 /* 10 MB/sec */
1852
1853 /** Return the smaller of the router's configured BandwidthRate
1854 * and its advertised capacity, capped by max-believe-bw. */
1855 uint32_t
1856 router_get_advertised_bandwidth_capped(const routerinfo_t *router)
1857 {
1858 uint32_t result = router->bandwidthcapacity;
1859 if (result > router->bandwidthrate)
1860 result = router->bandwidthrate;
1861 if (result > DEFAULT_MAX_BELIEVABLE_BANDWIDTH)
1862 result = DEFAULT_MAX_BELIEVABLE_BANDWIDTH;
1863 return result;
1864 }
1865
1866 /** Given an array of double/uint64_t unions that are currently being used as
1867 * doubles, convert them to uint64_t, and try to scale them linearly so as to
1868 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
1869 * the sum of all elements in the array _before_ scaling. */
1870 STATIC void
1871 scale_array_elements_to_u64(u64_dbl_t *entries, int n_entries,
1872 uint64_t *total_out)
1873 {
1874 double total = 0.0;
1875 double scale_factor = 0.0;
1876 int i;
1877 /* big, but far away from overflowing an int64_t */
1878 #define SCALE_TO_U64_MAX ((int64_t) (INT64_MAX / 4))
1879
1880 for (i = 0; i < n_entries; ++i)
1881 total += entries[i].dbl;
1882
1883 if (total > 0.0)
1884 scale_factor = SCALE_TO_U64_MAX / total;
1885
1886 for (i = 0; i < n_entries; ++i)
1887 entries[i].u64 = tor_llround(entries[i].dbl * scale_factor);
1888
1889 if (total_out)
1890 *total_out = (uint64_t) total;
1891
1892 #undef SCALE_TO_U64_MAX
1893 }
1894
1895 /** Time-invariant 64-bit greater-than; works on two integers in the range
1896 * (0,INT64_MAX). */
1897 #if SIZEOF_VOID_P == 8
1898 #define gt_i64_timei(a,b) ((a) > (b))
1899 #else
1900 static INLINE int
1901 gt_i64_timei(uint64_t a, uint64_t b)
1902 {
1903 int64_t diff = (int64_t) (b - a);
1904 int res = diff >> 63;
1905 return res & 1;
1906 }
1907 #endif
1908
1909 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
1910 * choosing each element with a probability proportional to its (uint64_t)
1911 * value, and return the index of that element. If all elements are 0, choose
1912 * an index at random. Return -1 on error.
1913 */
1914 STATIC int
1915 choose_array_element_by_weight(const u64_dbl_t *entries, int n_entries)
1916 {
1917 int i, i_chosen=-1, n_chosen=0;
1918 uint64_t total_so_far = 0;
1919 uint64_t rand_val;
1920 uint64_t total = 0;
1921
1922 for (i = 0; i < n_entries; ++i)
1923 total += entries[i].u64;
1924
1925 if (n_entries < 1)
1926 return -1;
1927
1928 if (total == 0)
1929 return crypto_rand_int(n_entries);
1930
1931 tor_assert(total < INT64_MAX);
1932
1933 rand_val = crypto_rand_uint64(total);
1934
1935 for (i = 0; i < n_entries; ++i) {
1936 total_so_far += entries[i].u64;
1937 if (gt_i64_timei(total_so_far, rand_val)) {
1938 i_chosen = i;
1939 n_chosen++;
1940 /* Set rand_val to INT64_MAX rather than stopping the loop. This way,
1941 * the time we spend in the loop does not leak which element we chose. */
1942 rand_val = INT64_MAX;
1943 }
1944 }
1945 tor_assert(total_so_far == total);
1946 tor_assert(n_chosen == 1);
1947 tor_assert(i_chosen >= 0);
1948 tor_assert(i_chosen < n_entries);
1949
1950 return i_chosen;
1951 }
1952
1953 /** When weighting bridges, enforce these values as lower and upper
1954 * bound for believable bandwidth, because there is no way for us
1955 * to verify a bridge's bandwidth currently. */
1956 #define BRIDGE_MIN_BELIEVABLE_BANDWIDTH 20000 /* 20 kB/sec */
1957 #define BRIDGE_MAX_BELIEVABLE_BANDWIDTH 100000 /* 100 kB/sec */
1958
1959 /** Return the smaller of the router's configured BandwidthRate
1960 * and its advertised capacity, making sure to stay within the
1961 * interval between bridge-min-believe-bw and
1962 * bridge-max-believe-bw. */
1963 static uint32_t
1964 bridge_get_advertised_bandwidth_bounded(routerinfo_t *router)
1965 {
1966 uint32_t result = router->bandwidthcapacity;
1967 if (result > router->bandwidthrate)
1968 result = router->bandwidthrate;
1969 if (result > BRIDGE_MAX_BELIEVABLE_BANDWIDTH)
1970 result = BRIDGE_MAX_BELIEVABLE_BANDWIDTH;
1971 else if (result < BRIDGE_MIN_BELIEVABLE_BANDWIDTH)
1972 result = BRIDGE_MIN_BELIEVABLE_BANDWIDTH;
1973 return result;
1974 }
1975
1976 /** Return bw*1000, unless bw*1000 would overflow, in which case return
1977 * INT32_MAX. */
1978 static INLINE int32_t
1979 kb_to_bytes(uint32_t bw)
1980 {
1981 return (bw > (INT32_MAX/1000)) ? INT32_MAX : bw*1000;
1982 }
1983
1984 /** Helper function:
1985 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
1986 * the advertised bandwidth of each element using the consensus
1987 * bandwidth weights.
1988 *
1989 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
1990 * nodes' bandwidth equally regardless of their Exit status, since there may
1991 * be some in the list because they exit to obscure ports. If
1992 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
1993 * exit-node's bandwidth less depending on the smallness of the fraction of
1994 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
1995 * guard node: consider all guard's bandwidth equally. Otherwise, weight
1996 * guards proportionally less.
1997 */
1998 static const node_t *
1999 smartlist_choose_node_by_bandwidth_weights(const smartlist_t *sl,
2000 bandwidth_weight_rule_t rule)
2001 {
2002 u64_dbl_t *bandwidths=NULL;
2003
2004 if (compute_weighted_bandwidths(sl, rule, &bandwidths) < 0)
2005 return NULL;
2006
2007 scale_array_elements_to_u64(bandwidths, smartlist_len(sl), NULL);
2008
2009 {
2010 int idx = choose_array_element_by_weight(bandwidths,
2011 smartlist_len(sl));
2012 tor_free(bandwidths);
2013 return idx < 0 ? NULL : smartlist_get(sl, idx);
2014 }
2015 }
2016
2017 /** Given a list of routers and a weighting rule as in
2018 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2019 * values for each node and store them in a freshly allocated
2020 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2021 * as doubles. Return 0 on success, -1 on failure. */
2022 static int
2023 compute_weighted_bandwidths(const smartlist_t *sl,
2024 bandwidth_weight_rule_t rule,
2025 u64_dbl_t **bandwidths_out)
2026 {
2027 int64_t weight_scale;
2028 double Wg = -1, Wm = -1, We = -1, Wd = -1;
2029 double Wgb = -1, Wmb = -1, Web = -1, Wdb = -1;
2030 uint64_t weighted_bw = 0;
2031 guardfraction_bandwidth_t guardfraction_bw;
2032 u64_dbl_t *bandwidths;
2033
2034 /* Can't choose exit and guard at same time */
2035 tor_assert(rule == NO_WEIGHTING ||
2036 rule == WEIGHT_FOR_EXIT ||
2037 rule == WEIGHT_FOR_GUARD ||
2038 rule == WEIGHT_FOR_MID ||
2039 rule == WEIGHT_FOR_DIR);
2040
2041 if (smartlist_len(sl) == 0) {
2042 log_info(LD_CIRC,
2043 "Empty routerlist passed in to consensus weight node "
2044 "selection for rule %s",
2045 bandwidth_weight_rule_to_string(rule));
2046 return -1;
2047 }
2048
2049 weight_scale = networkstatus_get_weight_scale_param(NULL);
2050
2051 if (rule == WEIGHT_FOR_GUARD) {
2052 Wg = networkstatus_get_bw_weight(NULL, "Wgg", -1);
2053 Wm = networkstatus_get_bw_weight(NULL, "Wgm", -1); /* Bridges */
2054 We = 0;
2055 Wd = networkstatus_get_bw_weight(NULL, "Wgd", -1);
2056
2057 Wgb = networkstatus_get_bw_weight(NULL, "Wgb", -1);
2058 Wmb = networkstatus_get_bw_weight(NULL, "Wmb", -1);
2059 Web = networkstatus_get_bw_weight(NULL, "Web", -1);
2060 Wdb = networkstatus_get_bw_weight(NULL, "Wdb", -1);
2061 } else if (rule == WEIGHT_FOR_MID) {
2062 Wg = networkstatus_get_bw_weight(NULL, "Wmg", -1);
2063 Wm = networkstatus_get_bw_weight(NULL, "Wmm", -1);
2064 We = networkstatus_get_bw_weight(NULL, "Wme", -1);
2065 Wd = networkstatus_get_bw_weight(NULL, "Wmd", -1);
2066
2067 Wgb = networkstatus_get_bw_weight(NULL, "Wgb", -1);
2068 Wmb = networkstatus_get_bw_weight(NULL, "Wmb", -1);
2069 Web = networkstatus_get_bw_weight(NULL, "Web", -1);
2070 Wdb = networkstatus_get_bw_weight(NULL, "Wdb", -1);
2071 } else if (rule == WEIGHT_FOR_EXIT) {
2072 // Guards CAN be exits if they have weird exit policies
2073 // They are d then I guess...
2074 We = networkstatus_get_bw_weight(NULL, "Wee", -1);
2075 Wm = networkstatus_get_bw_weight(NULL, "Wem", -1); /* Odd exit policies */
2076 Wd = networkstatus_get_bw_weight(NULL, "Wed", -1);
2077 Wg = networkstatus_get_bw_weight(NULL, "Weg", -1); /* Odd exit policies */
2078
2079 Wgb = networkstatus_get_bw_weight(NULL, "Wgb", -1);
2080 Wmb = networkstatus_get_bw_weight(NULL, "Wmb", -1);
2081 Web = networkstatus_get_bw_weight(NULL, "Web", -1);
2082 Wdb = networkstatus_get_bw_weight(NULL, "Wdb", -1);
2083 } else if (rule == WEIGHT_FOR_DIR) {
2084 We = networkstatus_get_bw_weight(NULL, "Wbe", -1);
2085 Wm = networkstatus_get_bw_weight(NULL, "Wbm", -1);
2086 Wd = networkstatus_get_bw_weight(NULL, "Wbd", -1);
2087 Wg = networkstatus_get_bw_weight(NULL, "Wbg", -1);
2088
2089 Wgb = Wmb = Web = Wdb = weight_scale;
2090 } else if (rule == NO_WEIGHTING) {
2091 Wg = Wm = We = Wd = weight_scale;
2092 Wgb = Wmb = Web = Wdb = weight_scale;
2093 }
2094
2095 if (Wg < 0 || Wm < 0 || We < 0 || Wd < 0 || Wgb < 0 || Wmb < 0 || Wdb < 0
2096 || Web < 0) {
2097 log_debug(LD_CIRC,
2098 "Got negative bandwidth weights. Defaulting to naive selection"
2099 " algorithm.");
2100 Wg = Wm = We = Wd = weight_scale;
2101 Wgb = Wmb = Web = Wdb = weight_scale;
2102 }
2103
2104 Wg /= weight_scale;
2105 Wm /= weight_scale;
2106 We /= weight_scale;
2107 Wd /= weight_scale;
2108
2109 Wgb /= weight_scale;
2110 Wmb /= weight_scale;
2111 Web /= weight_scale;
2112 Wdb /= weight_scale;
2113
2114 bandwidths = tor_calloc(smartlist_len(sl), sizeof(u64_dbl_t));
2115
2116 // Cycle through smartlist and total the bandwidth.
2117 static int warned_missing_bw = 0;
2118 SMARTLIST_FOREACH_BEGIN(sl, const node_t *, node) {
2119 int is_exit = 0, is_guard = 0, is_dir = 0, this_bw = 0;
2120 double weight = 1;
2121 double weight_without_guard_flag = 0; /* Used for guardfraction */
2122 double final_weight = 0;
2123 is_exit = node->is_exit && ! node->is_bad_exit;
2124 is_guard = node->is_possible_guard;
2125 is_dir = node_is_dir(node);
2126 if (node->rs) {
2127 if (!node->rs->has_bandwidth) {
2128 /* This should never happen, unless all the authorites downgrade
2129 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2130 if (! warned_missing_bw) {
2131 log_warn(LD_BUG,
2132 "Consensus is missing some bandwidths. Using a naive "
2133 "router selection algorithm");
2134 warned_missing_bw = 1;
2135 }
2136 this_bw = 30000; /* Chosen arbitrarily */
2137 } else {
2138 this_bw = kb_to_bytes(node->rs->bandwidth_kb);
2139 }
2140 } else if (node->ri) {
2141 /* bridge or other descriptor not in our consensus */
2142 this_bw = bridge_get_advertised_bandwidth_bounded(node->ri);
2143 } else {
2144 /* We can't use this one. */
2145 continue;
2146 }
2147
2148 if (is_guard && is_exit) {
2149 weight = (is_dir ? Wdb*Wd : Wd);
2150 weight_without_guard_flag = (is_dir ? Web*We : We);
2151 } else if (is_guard) {
2152 weight = (is_dir ? Wgb*Wg : Wg);
2153 weight_without_guard_flag = (is_dir ? Wmb*Wm : Wm);
2154 } else if (is_exit) {
2155 weight = (is_dir ? Web*We : We);
2156 } else { // middle
2157 weight = (is_dir ? Wmb*Wm : Wm);
2158 }
2159 /* These should be impossible; but overflows here would be bad, so let's
2160 * make sure. */
2161 if (this_bw < 0)
2162 this_bw = 0;
2163 if (weight < 0.0)
2164 weight = 0.0;
2165 if (weight_without_guard_flag < 0.0)
2166 weight_without_guard_flag = 0.0;
2167
2168 /* If guardfraction information is available in the consensus, we
2169 * want to calculate this router's bandwidth according to its
2170 * guardfraction. Quoting from proposal236:
2171 *
2172 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2173 * client would apply to N for position p if it had the guard
2174 * flag, Wpn the weight if it did not have the guard flag, and B the
2175 * measured bandwidth of N in the consensus. Then instead of choosing
2176 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2177 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2178 */
2179 if (node->rs && node->rs->has_guardfraction && rule != WEIGHT_FOR_GUARD) {
2180 /* XXX The assert should actually check for is_guard. However,
2181 * that crashes dirauths because of #13297. This should be
2182 * equivalent: */
2183 tor_assert(node->rs->is_possible_guard);
2184
2185 guard_get_guardfraction_bandwidth(&guardfraction_bw,
2186 this_bw,
2187 node->rs->guardfraction_percentage);
2188
2189 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2190 final_weight =
2191 guardfraction_bw.guard_bw * weight +
2192 guardfraction_bw.non_guard_bw * weight_without_guard_flag;
2193
2194 log_debug(LD_GENERAL, "%s: Guardfraction weight %f instead of %f (%s)",
2195 node->rs->nickname, final_weight, weight*this_bw,
2196 bandwidth_weight_rule_to_string(rule));
2197 } else { /* no guardfraction information. calculate the weight normally. */
2198 final_weight = weight*this_bw;
2199 }
2200
2201 bandwidths[node_sl_idx].dbl = final_weight + 0.5;
2202 } SMARTLIST_FOREACH_END(node);
2203
2204 log_debug(LD_CIRC, "Generated weighted bandwidths for rule %s based "
2205 "on weights "
2206 "Wg=%f Wm=%f We=%f Wd=%f with total bw "U64_FORMAT,
2207 bandwidth_weight_rule_to_string(rule),
2208 Wg, Wm, We, Wd, U64_PRINTF_ARG(weighted_bw));
2209
2210 *bandwidths_out = bandwidths;
2211
2212 return 0;
2213 }
2214
2215 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2216 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2217 * descriptors. */
2218 double
2219 frac_nodes_with_descriptors(const smartlist_t *sl,
2220 bandwidth_weight_rule_t rule)
2221 {
2222 u64_dbl_t *bandwidths = NULL;
2223 double total, present;
2224
2225 if (smartlist_len(sl) == 0)
2226 return 0.0;
2227
2228 if (compute_weighted_bandwidths(sl, rule, &bandwidths) < 0) {
2229 int n_with_descs = 0;
2230 SMARTLIST_FOREACH(sl, const node_t *, node, {
2231 if (node_has_descriptor(node))
2232 n_with_descs++;
2233 });
2234 return ((double)n_with_descs) / (double)smartlist_len(sl);
2235 }
2236
2237 total = present = 0.0;
2238 SMARTLIST_FOREACH_BEGIN(sl, const node_t *, node) {
2239 const double bw = bandwidths[node_sl_idx].dbl;
2240 total += bw;
2241 if (node_has_descriptor(node))
2242 present += bw;
2243 } SMARTLIST_FOREACH_END(node);
2244
2245 tor_free(bandwidths);
2246
2247 if (total < 1.0)
2248 return 0;
2249
2250 return present / total;
2251 }
2252
2253 /** Choose a random element of status list <b>sl</b>, weighted by
2254 * the advertised bandwidth of each node */
2255 const node_t *
2256 node_sl_choose_by_bandwidth(const smartlist_t *sl,
2257 bandwidth_weight_rule_t rule)
2258 { /*XXXX MOVE */
2259 return smartlist_choose_node_by_bandwidth_weights(sl, rule);
2260 }
2261
2262 /** Return a random running node from the nodelist. Never
2263 * pick a node that is in
2264 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2265 * even if they are the only nodes available.
2266 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2267 * a minimum uptime, return one of those.
2268 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2269 * advertised capacity of each router.
2270 * If <b>CRN_ALLOW_INVALID</b> is not set in flags, consider only Valid
2271 * routers.
2272 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2273 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2274 * picking an exit node, otherwise we weight bandwidths for picking a relay
2275 * node (that is, possibly discounting exit nodes).
2276 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2277 * have a routerinfo or microdescriptor -- that is, enough info to be
2278 * used to build a circuit.
2279 */
2280 const node_t *
2281 router_choose_random_node(smartlist_t *excludedsmartlist,
2282 routerset_t *excludedset,
2283 router_crn_flags_t flags)
2284 { /* XXXX MOVE */
2285 const int need_uptime = (flags & CRN_NEED_UPTIME) != 0;
2286 const int need_capacity = (flags & CRN_NEED_CAPACITY) != 0;
2287 const int need_guard = (flags & CRN_NEED_GUARD) != 0;
2288 const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0;
2289 const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0;
2290 const int need_desc = (flags & CRN_NEED_DESC) != 0;
2291
2292 smartlist_t *sl=smartlist_new(),
2293 *excludednodes=smartlist_new();
2294 const node_t *choice = NULL;
2295 const routerinfo_t *r;
2296 bandwidth_weight_rule_t rule;
2297
2298 tor_assert(!(weight_for_exit && need_guard));
2299 rule = weight_for_exit ? WEIGHT_FOR_EXIT :
2300 (need_guard ? WEIGHT_FOR_GUARD : WEIGHT_FOR_MID);
2301
2302 /* Exclude relays that allow single hop exit circuits, if the user
2303 * wants to (such relays might be risky) */
2304 if (get_options()->ExcludeSingleHopRelays) {
2305 SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
2306 if (node_allows_single_hop_exits(node)) {
2307 smartlist_add(excludednodes, node);
2308 });
2309 }
2310
2311 if ((r = routerlist_find_my_routerinfo()))
2312 routerlist_add_node_and_family(excludednodes, r);
2313
2314 router_add_running_nodes_to_smartlist(sl, allow_invalid,
2315 need_uptime, need_capacity,
2316 need_guard, need_desc);
2317 log_debug(LD_CIRC,
2318 "We found %d running nodes.",
2319 smartlist_len(sl));
2320
2321 smartlist_subtract(sl,excludednodes);
2322 log_debug(LD_CIRC,
2323 "We removed %d excludednodes, leaving %d nodes.",
2324 smartlist_len(excludednodes),
2325 smartlist_len(sl));
2326
2327 if (excludedsmartlist) {
2328 smartlist_subtract(sl,excludedsmartlist);
2329 log_debug(LD_CIRC,
2330 "We removed %d excludedsmartlist, leaving %d nodes.",
2331 smartlist_len(excludedsmartlist),
2332 smartlist_len(sl));
2333 }
2334 if (excludedset) {
2335 routerset_subtract_nodes(sl,excludedset);
2336 log_debug(LD_CIRC,
2337 "We removed excludedset, leaving %d nodes.",
2338 smartlist_len(sl));
2339 }
2340
2341 // Always weight by bandwidth
2342 choice = node_sl_choose_by_bandwidth(sl, rule);
2343
2344 smartlist_free(sl);
2345 if (!choice && (need_uptime || need_capacity || need_guard)) {
2346 /* try once more -- recurse but with fewer restrictions. */
2347 log_info(LD_CIRC,
2348 "We couldn't find any live%s%s%s routers; falling back "
2349 "to list of all routers.",
2350 need_capacity?", fast":"",
2351 need_uptime?", stable":"",
2352 need_guard?", guard":"");
2353 flags &= ~ (CRN_NEED_UPTIME|CRN_NEED_CAPACITY|CRN_NEED_GUARD);
2354 choice = router_choose_random_node(
2355 excludedsmartlist, excludedset, flags);
2356 }
2357 smartlist_free(excludednodes);
2358 if (!choice) {
2359 log_warn(LD_CIRC,
2360 "No available nodes when trying to choose node. Failing.");
2361 }
2362 return choice;
2363 }
2364
2365 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2366 * Return 0 on success, -1 on failure. Store the result into the
2367 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2368 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2369 * at <b>nickname_out</b>.
2370 *
2371 * The recognized format is:
2372 * HexName = Dollar? HexDigest NamePart?
2373 * Dollar = '?'
2374 * HexDigest = HexChar*20
2375 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2376 * NamePart = QualChar Name
2377 * QualChar = '=' | '~'
2378 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2379 * NameChar = Any ASCII alphanumeric character
2380 */
2381 int
2382 hex_digest_nickname_decode(const char *hexdigest,
2383 char *digest_out,
2384 char *nickname_qualifier_char_out,
2385 char *nickname_out)
2386 {
2387 size_t len;
2388
2389 tor_assert(hexdigest);
2390 if (hexdigest[0] == '$')
2391 ++hexdigest;
2392
2393 len = strlen(hexdigest);
2394 if (len < HEX_DIGEST_LEN) {
2395 return -1;
2396 } else if (len > HEX_DIGEST_LEN && (hexdigest[HEX_DIGEST_LEN] == '=' ||
2397 hexdigest[HEX_DIGEST_LEN] == '~') &&
2398 len <= HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN) {
2399 *nickname_qualifier_char_out = hexdigest[HEX_DIGEST_LEN];
2400 strlcpy(nickname_out, hexdigest+HEX_DIGEST_LEN+1 , MAX_NICKNAME_LEN+1);
2401 } else if (len == HEX_DIGEST_LEN) {
2402 ;
2403 } else {
2404 return -1;
2405 }
2406
2407 if (base16_decode(digest_out, DIGEST_LEN, hexdigest, HEX_DIGEST_LEN)<0)
2408 return -1;
2409 return 0;
2410 }
2411
2412 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2413 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2414 * (which is optionally prefixed with a single dollar sign). Return false if
2415 * <b>hexdigest</b> is malformed, or it doesn't match. */
2416 int
2417 hex_digest_nickname_matches(const char *hexdigest, const char *identity_digest,
2418 const char *nickname, int is_named)
2419 {
2420 char digest[DIGEST_LEN];
2421 char nn_char='\0';
2422 char nn_buf[MAX_NICKNAME_LEN+1];
2423
2424 if (hex_digest_nickname_decode(hexdigest, digest, &nn_char, nn_buf) == -1)
2425 return 0;
2426
2427 if (nn_char == '=' || nn_char == '~') {
2428 if (!nickname)
2429 return 0;
2430 if (strcasecmp(nn_buf, nickname))
2431 return 0;
2432 if (nn_char == '=' && !is_named)
2433 return 0;
2434 }
2435
2436 return tor_memeq(digest, identity_digest, DIGEST_LEN);
2437 }
2438
2439 /** Return true iff <b>router</b> is listed as named in the current
2440 * consensus. */
2441 int
2442 router_is_named(const routerinfo_t *router)
2443 {
2444 const char *digest =
2445 networkstatus_get_router_digest_by_nickname(router->nickname);
2446
2447 return (digest &&
2448 tor_memeq(digest, router->cache_info.identity_digest, DIGEST_LEN));
2449 }
2450
2451 /** Return true iff <b>digest</b> is the digest of the identity key of a
2452 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2453 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2454 int
2455 router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type)
2456 {
2457 if (!trusted_dir_servers)
2458 return 0;
2459 if (authdir_mode(get_options()) && router_digest_is_me(digest))
2460 return 1;
2461 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
2462 if (tor_memeq(digest, ent->digest, DIGEST_LEN)) {
2463 return (!type) || ((type & ent->type) != 0);
2464 });
2465 return 0;
2466 }
2467
2468 /** Return true iff <b>addr</b> is the address of one of our trusted
2469 * directory authorities. */
2470 int
2471 router_addr_is_trusted_dir(uint32_t addr)
2472 {
2473 if (!trusted_dir_servers)
2474 return 0;
2475 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
2476 if (ent->addr == addr)
2477 return 1;
2478 );
2479 return 0;
2480 }
2481
2482 /** If hexdigest is correctly formed, base16_decode it into
2483 * digest, which must have DIGEST_LEN space in it.
2484 * Return 0 on success, -1 on failure.
2485 */
2486 int
2487 hexdigest_to_digest(const char *hexdigest, char *digest)
2488 {
2489 if (hexdigest[0]=='$')
2490 ++hexdigest;
2491 if (strlen(hexdigest) < HEX_DIGEST_LEN ||
2492 base16_decode(digest,DIGEST_LEN,hexdigest,HEX_DIGEST_LEN) < 0)
2493 return -1;
2494 return 0;
2495 }
2496
2497 /** As router_get_by_id_digest,but return a pointer that you're allowed to
2498 * modify */
2499 routerinfo_t *
2500 router_get_mutable_by_digest(const char *digest)
2501 {
2502 tor_assert(digest);
2503
2504 if (!routerlist) return NULL;
2505
2506 // routerlist_assert_ok(routerlist);
2507
2508 return rimap_get(routerlist->identity_map, digest);
2509 }
2510
2511 /** Return the router in our routerlist whose 20-byte key digest
2512 * is <b>digest</b>. Return NULL if no such router is known. */
2513 const routerinfo_t *
2514 router_get_by_id_digest(const char *digest)
2515 {
2516 return router_get_mutable_by_digest(digest);
2517 }
2518
2519 /** Return the router in our routerlist whose 20-byte descriptor
2520 * is <b>digest</b>. Return NULL if no such router is known. */
2521 signed_descriptor_t *
2522 router_get_by_descriptor_digest(const char *digest)
2523 {
2524 tor_assert(digest);
2525
2526 if (!routerlist) return NULL;
2527
2528 return sdmap_get(routerlist->desc_digest_map, digest);
2529 }
2530
2531 /** Return the signed descriptor for the router in our routerlist whose
2532 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
2533 * is known. */
2534 MOCK_IMPL(signed_descriptor_t *,
2535 router_get_by_extrainfo_digest,(const char *digest))
2536 {
2537 tor_assert(digest);
2538
2539 if (!routerlist) return NULL;
2540
2541 return sdmap_get(routerlist->desc_by_eid_map, digest);
2542 }
2543
2544 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
2545 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
2546 * document is known. */
2547 signed_descriptor_t *
2548 extrainfo_get_by_descriptor_digest(const char *digest)
2549 {
2550 extrainfo_t *ei;
2551 tor_assert(digest);
2552 if (!routerlist) return NULL;
2553 ei = eimap_get(routerlist->extra_info_map, digest);
2554 return ei ? &ei->cache_info : NULL;
2555 }
2556
2557 /** Return a pointer to the signed textual representation of a descriptor.
2558 * The returned string is not guaranteed to be NUL-terminated: the string's
2559 * length will be in desc-\>signed_descriptor_len.
2560 *
2561 * If <b>with_annotations</b> is set, the returned string will include
2562 * the annotations
2563 * (if any) preceding the descriptor. This will increase the length of the
2564 * string by desc-\>annotations_len.
2565 *
2566 * The caller must not free the string returned.
2567 */
2568 static const char *
2569 signed_descriptor_get_body_impl(const signed_descriptor_t *desc,
2570 int with_annotations)
2571 {
2572 const char *r = NULL;
2573 size_t len = desc->signed_descriptor_len;
2574 off_t offset = desc->saved_offset;
2575 if (with_annotations)
2576 len += desc->annotations_len;
2577 else
2578 offset += desc->annotations_len;
2579
2580 tor_assert(len > 32);
2581 if (desc->saved_location == SAVED_IN_CACHE && routerlist) {
2582 desc_store_t *store = desc_get_store(router_get_routerlist(), desc);
2583 if (store && store->mmap) {
2584 tor_assert(desc->saved_offset + len <= store->mmap->size);
2585 r = store->mmap->data + offset;
2586 } else if (store) {
2587 log_err(LD_DIR, "We couldn't read a descriptor that is supposedly "
2588 "mmaped in our cache. Is another process running in our data "
2589 "directory? Exiting.");
2590 exit(1);
2591 }
2592 }
2593 if (!r) /* no mmap, or not in cache. */
2594 r = desc->signed_descriptor_body +
2595 (with_annotations ? 0 : desc->annotations_len);
2596
2597 tor_assert(r);
2598 if (!with_annotations) {
2599 if (fast_memcmp("router ", r, 7) && fast_memcmp("extra-info ", r, 11)) {
2600 char *cp = tor_strndup(r, 64);
2601 log_err(LD_DIR, "descriptor at %p begins with unexpected string %s. "
2602 "Is another process running in our data directory? Exiting.",
2603 desc, escaped(cp));
2604 exit(1);
2605 }
2606 }
2607
2608 return r;
2609 }
2610
2611 /** Return a pointer to the signed textual representation of a descriptor.
2612 * The returned string is not guaranteed to be NUL-terminated: the string's
2613 * length will be in desc-\>signed_descriptor_len.
2614 *
2615 * The caller must not free the string returned.
2616 */
2617 const char *
2618 signed_descriptor_get_body(const signed_descriptor_t *desc)
2619 {
2620 return signed_descriptor_get_body_impl(desc, 0);
2621 }
2622
2623 /** As signed_descriptor_get_body(), but points to the beginning of the
2624 * annotations section rather than the beginning of the descriptor. */
2625 const char *
2626 signed_descriptor_get_annotations(const signed_descriptor_t *desc)
2627 {
2628 return signed_descriptor_get_body_impl(desc, 1);
2629 }
2630
2631 /** Return the current list of all known routers. */
2632 routerlist_t *
2633 router_get_routerlist(void)
2634 {
2635 if (PREDICT_UNLIKELY(!routerlist)) {
2636 routerlist = tor_malloc_zero(sizeof(routerlist_t));
2637 routerlist->routers = smartlist_new();
2638 routerlist->old_routers = smartlist_new();
2639 routerlist->identity_map = rimap_new();
2640 routerlist->desc_digest_map = sdmap_new();
2641 routerlist->desc_by_eid_map = sdmap_new();
2642 routerlist->extra_info_map = eimap_new();
2643
2644 routerlist->desc_store.fname_base = "cached-descriptors";
2645 routerlist->extrainfo_store.fname_base = "cached-extrainfo";
2646
2647 routerlist->desc_store.type = ROUTER_STORE;
2648 routerlist->extrainfo_store.type = EXTRAINFO_STORE;
2649
2650 routerlist->desc_store.description = "router descriptors";
2651 routerlist->extrainfo_store.description = "extra-info documents";
2652 }
2653 return routerlist;
2654 }
2655
2656 /** Free all storage held by <b>router</b>. */
2657 void
2658 routerinfo_free(routerinfo_t *router)
2659 {
2660 if (!router)
2661 return;
2662
2663 tor_free(router->cache_info.signed_descriptor_body);
2664 tor_free(router->nickname);
2665 tor_free(router->platform);
2666 tor_free(router->contact_info);
2667 if (router->onion_pkey)
2668 crypto_pk_free(router->onion_pkey);
2669 tor_free(router->onion_curve25519_pkey);
2670 if (router->identity_pkey)
2671 crypto_pk_free(router->identity_pkey);
2672 tor_cert_free(router->signing_key_cert);
2673 if (router->declared_family) {
2674 SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
2675 smartlist_free(router->declared_family);
2676 }
2677 addr_policy_list_free(router->exit_policy);
2678 short_policy_free(router->ipv6_exit_policy);
2679
2680 memset(router, 77, sizeof(routerinfo_t));
2681
2682 tor_free(router);
2683 }
2684
2685 /** Release all storage held by <b>extrainfo</b> */
2686 void
2687 extrainfo_free(extrainfo_t *extrainfo)
2688 {
2689 if (!extrainfo)
2690 return;
2691 tor_cert_free(extrainfo->signing_key_cert);
2692 tor_free(extrainfo->cache_info.signed_descriptor_body);
2693 tor_free(extrainfo->pending_sig);
2694
2695 memset(extrainfo, 88, sizeof(extrainfo_t)); /* debug bad memory usage */
2696 tor_free(extrainfo);
2697 }
2698
2699 /** Release storage held by <b>sd</b>. */
2700 static void
2701 signed_descriptor_free(signed_descriptor_t *sd)
2702 {
2703 if (!sd)
2704 return;
2705
2706 tor_free(sd->signed_descriptor_body);
2707
2708 memset(sd, 99, sizeof(signed_descriptor_t)); /* Debug bad mem usage */
2709 tor_free(sd);
2710 }
2711
2712 /** Extract a signed_descriptor_t from a general routerinfo, and free the
2713 * routerinfo.
2714 */
2715 static signed_descriptor_t *
2716 signed_descriptor_from_routerinfo(routerinfo_t *ri)
2717 {
2718 signed_descriptor_t *sd;
2719 tor_assert(ri->purpose == ROUTER_PURPOSE_GENERAL);
2720 sd = tor_malloc_zero(sizeof(signed_descriptor_t));
2721 memcpy(sd, &(ri->cache_info), sizeof(signed_descriptor_t));
2722 sd->routerlist_index = -1;
2723 ri->cache_info.signed_descriptor_body = NULL;
2724 routerinfo_free(ri);
2725 return sd;
2726 }
2727
2728 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
2729 static void
2730 extrainfo_free_(void *e)
2731 {
2732 extrainfo_free(e);
2733 }
2734
2735 /** Free all storage held by a routerlist <b>rl</b>. */
2736 void
2737 routerlist_free(routerlist_t *rl)
2738 {
2739 if (!rl)
2740 return;
2741 rimap_free(rl->identity_map, NULL);
2742 sdmap_free(rl->desc_digest_map, NULL);
2743 sdmap_free(rl->desc_by_eid_map, NULL);
2744 eimap_free(rl->extra_info_map, extrainfo_free_);
2745 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2746 routerinfo_free(r));
2747 SMARTLIST_FOREACH(rl->old_routers, signed_descriptor_t *, sd,
2748 signed_descriptor_free(sd));
2749 smartlist_free(rl->routers);
2750 smartlist_free(rl->old_routers);
2751 if (rl->desc_store.mmap) {
2752 int res = tor_munmap_file(routerlist->desc_store.mmap);
2753 if (res != 0) {
2754 log_warn(LD_FS, "Failed to munmap routerlist->desc_store.mmap");
2755 }
2756 }
2757 if (rl->extrainfo_store.mmap) {
2758 int res = tor_munmap_file(routerlist->extrainfo_store.mmap);
2759 if (res != 0) {
2760 log_warn(LD_FS, "Failed to munmap routerlist->extrainfo_store.mmap");
2761 }
2762 }
2763 tor_free(rl);
2764
2765 router_dir_info_changed();
2766 }
2767
2768 /** Log information about how much memory is being used for routerlist,
2769 * at log level <b>severity</b>. */
2770 void
2771 dump_routerlist_mem_usage(int severity)
2772 {
2773 uint64_t livedescs = 0;
2774 uint64_t olddescs = 0;
2775 if (!routerlist)
2776 return;
2777 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
2778 livedescs += r->cache_info.signed_descriptor_len);
2779 SMARTLIST_FOREACH(routerlist->old_routers, signed_descriptor_t *, sd,
2780 olddescs += sd->signed_descriptor_len);
2781
2782 tor_log(severity, LD_DIR,
2783 "In %d live descriptors: "U64_FORMAT" bytes. "
2784 "In %d old descriptors: "U64_FORMAT" bytes.",
2785 smartlist_len(routerlist->routers), U64_PRINTF_ARG(livedescs),
2786 smartlist_len(routerlist->old_routers), U64_PRINTF_ARG(olddescs));
2787 }
2788
2789 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
2790 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
2791 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
2792 * is not in <b>sl</b>. */
2793 static INLINE int
2794 routerlist_find_elt_(smartlist_t *sl, void *ri, int idx)
2795 {
2796 if (idx < 0) {
2797 idx = -1;
2798 SMARTLIST_FOREACH(sl, routerinfo_t *, r,
2799 if (r == ri) {
2800 idx = r_sl_idx;
2801 break;
2802 });
2803 } else {
2804 tor_assert(idx < smartlist_len(sl));
2805 tor_assert(smartlist_get(sl, idx) == ri);
2806 };
2807 return idx;
2808 }
2809
2810 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
2811 * as needed. There must be no previous member of <b>rl</b> with the same
2812 * identity digest as <b>ri</b>: If there is, call routerlist_replace
2813 * instead.
2814 */
2815 static void
2816 routerlist_insert(routerlist_t *rl, routerinfo_t *ri)
2817 {
2818 routerinfo_t *ri_old;
2819 signed_descriptor_t *sd_old;
2820 {
2821 const routerinfo_t *ri_generated = router_get_my_routerinfo();
2822 tor_assert(ri_generated != ri);
2823 }
2824 tor_assert(ri->cache_info.routerlist_index == -1);
2825
2826 ri_old = rimap_set(rl->identity_map, ri->cache_info.identity_digest, ri);
2827 tor_assert(!ri_old);
2828
2829 sd_old = sdmap_set(rl->desc_digest_map,
2830 ri->cache_info.signed_descriptor_digest,
2831 &(ri->cache_info));
2832 if (sd_old) {
2833 int idx = sd_old->routerlist_index;
2834 sd_old->routerlist_index = -1;
2835 smartlist_del(rl->old_routers, idx);
2836 if (idx < smartlist_len(rl->old_routers)) {
2837 signed_descriptor_t *d = smartlist_get(rl->old_routers, idx);
2838 d->routerlist_index = idx;
2839 }
2840 rl->desc_store.bytes_dropped += sd_old->signed_descriptor_len;
2841 sdmap_remove(rl->desc_by_eid_map, sd_old->extra_info_digest);
2842 signed_descriptor_free(sd_old);
2843 }
2844
2845 if (!tor_digest_is_zero(ri->cache_info.extra_info_digest))
2846 sdmap_set(rl->desc_by_eid_map, ri->cache_info.extra_info_digest,
2847 &ri->cache_info);
2848 smartlist_add(rl->routers, ri);
2849 ri->cache_info.routerlist_index = smartlist_len(rl->routers) - 1;
2850 nodelist_set_routerinfo(ri, NULL);
2851 router_dir_info_changed();
2852 #ifdef DEBUG_ROUTERLIST
2853 routerlist_assert_ok(rl);
2854 #endif
2855 }
2856
2857 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
2858 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
2859 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
2860 MOCK_IMPL(STATIC was_router_added_t,
2861 extrainfo_insert,(routerlist_t *rl, extrainfo_t *ei, int warn_if_incompatible))
2862 {
2863 was_router_added_t r;
2864 const char *compatibility_error_msg;
2865 routerinfo_t *ri = rimap_get(rl->identity_map,
2866 ei->cache_info.identity_digest);
2867 signed_descriptor_t *sd =
2868 sdmap_get(rl->desc_by_eid_map, ei->cache_info.signed_descriptor_digest);
2869 extrainfo_t *ei_tmp;
2870 const int severity = warn_if_incompatible ? LOG_WARN : LOG_INFO;
2871
2872 {
2873 extrainfo_t *ei_generated = router_get_my_extrainfo();
2874 tor_assert(ei_generated != ei);
2875 }
2876
2877 if (!ri) {
2878 /* This router is unknown; we can't even verify the signature. Give up.*/
2879 r = ROUTER_NOT_IN_CONSENSUS;
2880 goto done;
2881 }
2882 if (! sd) {
2883 /* The extrainfo router doesn't have a known routerdesc to attach it to.
2884 * This just won't work. */;
2885 static ratelim_t no_sd_ratelim = RATELIM_INIT(1800);
2886 r = ROUTER_BAD_EI;
2887 log_fn_ratelim(&no_sd_ratelim, severity, LD_BUG,
2888 "No entry found in extrainfo map.");
2889 goto done;
2890 }
2891 if (tor_memneq(ei->cache_info.signed_descriptor_digest,
2892 sd->extra_info_digest, DIGEST_LEN)) {
2893 static ratelim_t digest_mismatch_ratelim = RATELIM_INIT(1800);
2894 /* The sd we got from the map doesn't match the digest we used to look
2895 * it up. This makes no sense. */
2896 r = ROUTER_BAD_EI;
2897 log_fn_ratelim(&digest_mismatch_ratelim, severity, LD_BUG,
2898 "Mismatch in digest in extrainfo map.");
2899 goto done;
2900 }
2901 if (routerinfo_incompatible_with_extrainfo(ri, ei, sd,
2902 &compatibility_error_msg)) {
2903 char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
2904 r = (ri->cache_info.extrainfo_is_bogus) ?
2905 ROUTER_BAD_EI : ROUTER_NOT_IN_CONSENSUS;
2906
2907 base16_encode(d1, sizeof(d1), ri->cache_info.identity_digest, DIGEST_LEN);
2908 base16_encode(d2, sizeof(d2), ei->cache_info.identity_digest, DIGEST_LEN);
2909
2910 log_fn(severity,LD_DIR,
2911 "router info incompatible with extra info (ri id: %s, ei id %s, "
2912 "reason: %s)", d1, d2, compatibility_error_msg);
2913
2914 goto done;
2915 }
2916
2917 /* Okay, if we make it here, we definitely have a router corresponding to
2918 * this extrainfo. */
2919
2920 ei_tmp = eimap_set(rl->extra_info_map,
2921 ei->cache_info.signed_descriptor_digest,
2922 ei);
2923 r = ROUTER_ADDED_SUCCESSFULLY;
2924 if (ei_tmp) {
2925 rl->extrainfo_store.bytes_dropped +=
2926 ei_tmp->cache_info.signed_descriptor_len;
2927 extrainfo_free(ei_tmp);
2928 }
2929
2930 done:
2931 if (r != ROUTER_ADDED_SUCCESSFULLY)
2932 extrainfo_free(ei);
2933
2934 #ifdef DEBUG_ROUTERLIST
2935 routerlist_assert_ok(rl);
2936 #endif
2937 return r;
2938 }
2939
2940 #define should_cache_old_descriptors() \
2941 directory_caches_dir_info(get_options())
2942
2943 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
2944 * a copy of router <b>ri</b> yet, add it to the list of old (not
2945 * recommended but still served) descriptors. Else free it. */
2946 static void
2947 routerlist_insert_old(routerlist_t *rl, routerinfo_t *ri)
2948 {
2949 {
2950 const routerinfo_t *ri_generated = router_get_my_routerinfo();
2951 tor_assert(ri_generated != ri);
2952 }
2953 tor_assert(ri->cache_info.routerlist_index == -1);
2954
2955 if (should_cache_old_descriptors() &&
2956 ri->purpose == ROUTER_PURPOSE_GENERAL &&
2957 !sdmap_get(rl->desc_digest_map,
2958 ri->cache_info.signed_descriptor_digest)) {
2959 signed_descriptor_t *sd = signed_descriptor_from_routerinfo(ri);
2960 sdmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
2961 smartlist_add(rl->old_routers, sd);
2962 sd->routerlist_index = smartlist_len(rl->old_routers)-1;
2963 if (!tor_digest_is_zero(sd->extra_info_digest))
2964 sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
2965 } else {
2966 routerinfo_free(ri);
2967 }
2968 #ifdef DEBUG_ROUTERLIST
2969 routerlist_assert_ok(rl);
2970 #endif
2971 }
2972
2973 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
2974 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl-&gt;routers,
2975 * idx) == ri, we don't need to do a linear search over the list to decide
2976 * which to remove. We fill the gap in rl-&gt;routers with a later element in
2977 * the list, if any exists. <b>ri</b> is freed.
2978 *
2979 * If <b>make_old</b> is true, instead of deleting the router, we try adding
2980 * it to rl-&gt;old_routers. */
2981 void
2982 routerlist_remove(routerlist_t *rl, routerinfo_t *ri, int make_old, time_t now)
2983 {
2984 routerinfo_t *ri_tmp;
2985 extrainfo_t *ei_tmp;
2986 int idx = ri->cache_info.routerlist_index;
2987 tor_assert(0 <= idx && idx < smartlist_len(rl->routers));
2988 tor_assert(smartlist_get(rl->routers, idx) == ri);
2989
2990 nodelist_remove_routerinfo(ri);
2991
2992 /* make sure the rephist module knows that it's not running */
2993 rep_hist_note_router_unreachable(ri->cache_info.identity_digest, now);
2994
2995 ri->cache_info.routerlist_index = -1;
2996 smartlist_del(rl->routers, idx);
2997 if (idx < smartlist_len(rl->routers)) {
2998 routerinfo_t *r = smartlist_get(rl->routers, idx);
2999 r->cache_info.routerlist_index = idx;
3000 }
3001
3002 ri_tmp = rimap_remove(rl->identity_map, ri->cache_info.identity_digest);
3003 router_dir_info_changed();
3004 tor_assert(ri_tmp == ri);
3005
3006 if (make_old && should_cache_old_descriptors() &&
3007 ri->purpose == ROUTER_PURPOSE_GENERAL) {
3008 signed_descriptor_t *sd;
3009 sd = signed_descriptor_from_routerinfo(ri);
3010 smartlist_add(rl->old_routers, sd);
3011 sd->routerlist_index = smartlist_len(rl->old_routers)-1;
3012 sdmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
3013 if (!tor_digest_is_zero(sd->extra_info_digest))
3014 sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
3015 } else {
3016 signed_descriptor_t *sd_tmp;
3017 sd_tmp = sdmap_remove(rl->desc_digest_map,
3018 ri->cache_info.signed_descriptor_digest);
3019 tor_assert(sd_tmp == &(ri->cache_info));
3020 rl->desc_store.bytes_dropped += ri->cache_info.signed_descriptor_len;
3021 ei_tmp = eimap_remove(rl->extra_info_map,
3022 ri->cache_info.extra_info_digest);
3023 if (ei_tmp) {
3024 rl->extrainfo_store.bytes_dropped +=
3025 ei_tmp->cache_info.signed_descriptor_len;
3026 extrainfo_free(ei_tmp);
3027 }
3028 if (!tor_digest_is_zero(ri->cache_info.extra_info_digest))
3029 sdmap_remove(rl->desc_by_eid_map, ri->cache_info.extra_info_digest);
3030 routerinfo_free(ri);
3031 }
3032 #ifdef DEBUG_ROUTERLIST
3033 routerlist_assert_ok(rl);
3034 #endif
3035 }
3036
3037 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3038 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3039 * <b>sd</b>. */
3040 static void
3041 routerlist_remove_old(routerlist_t *rl, signed_descriptor_t *sd, int idx)
3042 {
3043 signed_descriptor_t *sd_tmp;
3044 extrainfo_t *ei_tmp;
3045 desc_store_t *store;
3046 if (idx == -1) {
3047 idx = sd->routerlist_index;
3048 }
3049 tor_assert(0 <= idx && idx < smartlist_len(rl->old_routers));
3050 /* XXXX edmanm's bridge relay triggered the following assert while
3051 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3052 * can get a backtrace. */
3053 tor_assert(smartlist_get(rl->old_routers, idx) == sd);
3054 tor_assert(idx == sd->routerlist_index);
3055
3056 sd->routerlist_index = -1;
3057 smartlist_del(rl->old_routers, idx);
3058 if (idx < smartlist_len(rl->old_routers)) {
3059 signed_descriptor_t *d = smartlist_get(rl->old_routers, idx);
3060 d->routerlist_index = idx;
3061 }
3062 sd_tmp = sdmap_remove(rl->desc_digest_map,
3063 sd->signed_descriptor_digest);
3064 tor_assert(sd_tmp == sd);
3065 store = desc_get_store(rl, sd);
3066 if (store)
3067 store->bytes_dropped += sd->signed_descriptor_len;
3068
3069 ei_tmp = eimap_remove(rl->extra_info_map,
3070 sd->extra_info_digest);
3071 if (ei_tmp) {
3072 rl->extrainfo_store.bytes_dropped +=
3073 ei_tmp->cache_info.signed_descriptor_len;
3074 extrainfo_free(ei_tmp);
3075 }
3076 if (!tor_digest_is_zero(sd->extra_info_digest))
3077 sdmap_remove(rl->desc_by_eid_map, sd->extra_info_digest);
3078
3079 signed_descriptor_free(sd);
3080 #ifdef DEBUG_ROUTERLIST
3081 routerlist_assert_ok(rl);
3082 #endif
3083 }
3084
3085 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3086 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3087 * smartlist_get(rl-&gt;routers, idx) == ri, we don't need to do a linear
3088 * search over the list to decide which to remove. We put ri_new in the same
3089 * index as ri_old, if possible. ri is freed as appropriate.
3090 *
3091 * If should_cache_descriptors() is true, instead of deleting the router,
3092 * we add it to rl-&gt;old_routers. */
3093 static void
3094 routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
3095 routerinfo_t *ri_new)
3096 {
3097 int idx;
3098 int same_descriptors;
3099
3100 routerinfo_t *ri_tmp;
3101 extrainfo_t *ei_tmp;
3102 {
3103 const routerinfo_t *ri_generated = router_get_my_routerinfo();
3104 tor_assert(ri_generated != ri_new);
3105 }
3106 tor_assert(ri_old != ri_new);
3107 tor_assert(ri_new->cache_info.routerlist_index == -1);
3108
3109 idx = ri_old->cache_info.routerlist_index;
3110 tor_assert(0 <= idx && idx < smartlist_len(rl->routers));
3111 tor_assert(smartlist_get(rl->routers, idx) == ri_old);
3112
3113 {
3114 routerinfo_t *ri_old_tmp=NULL;
3115 nodelist_set_routerinfo(ri_new, &ri_old_tmp);
3116 tor_assert(ri_old == ri_old_tmp);
3117 }
3118
3119 router_dir_info_changed();
3120 if (idx >= 0) {
3121 smartlist_set(rl->routers, idx, ri_new);
3122 ri_old->cache_info.routerlist_index = -1;
3123 ri_new->cache_info.routerlist_index = idx;
3124 /* Check that ri_old is not in rl->routers anymore: */
3125 tor_assert( routerlist_find_elt_(rl->routers, ri_old, -1) == -1 );
3126 } else {
3127 log_warn(LD_BUG, "Appending entry from routerlist_replace.");
3128 routerlist_insert(rl, ri_new);
3129 return;
3130 }
3131 if (tor_memneq(ri_old->cache_info.identity_digest,
3132 ri_new->cache_info.identity_digest, DIGEST_LEN)) {
3133 /* digests don't match; digestmap_set won't replace */
3134 rimap_remove(rl->identity_map, ri_old->cache_info.identity_digest);
3135 }
3136 ri_tmp = rimap_set(rl->identity_map,
3137 ri_new->cache_info.identity_digest, ri_new);
3138 tor_assert(!ri_tmp || ri_tmp == ri_old);
3139 sdmap_set(rl->desc_digest_map,
3140 ri_new->cache_info.signed_descriptor_digest,
3141 &(ri_new->cache_info));
3142
3143 if (!tor_digest_is_zero(ri_new->cache_info.extra_info_digest)) {
3144 sdmap_set(rl->desc_by_eid_map, ri_new->cache_info.extra_info_digest,
3145 &ri_new->cache_info);
3146 }
3147
3148 same_descriptors = tor_memeq(ri_old->cache_info.signed_descriptor_digest,
3149 ri_new->cache_info.signed_descriptor_digest,
3150 DIGEST_LEN);
3151
3152 if (should_cache_old_descriptors() &&
3153 ri_old->purpose == ROUTER_PURPOSE_GENERAL &&
3154 !same_descriptors) {
3155 /* ri_old is going to become a signed_descriptor_t and go into
3156 * old_routers */
3157 signed_descriptor_t *sd = signed_descriptor_from_routerinfo(ri_old);
3158 smartlist_add(rl->old_routers, sd);
3159 sd->routerlist_index = smartlist_len(rl->old_routers)-1;
3160 sdmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
3161 if (!tor_digest_is_zero(sd->extra_info_digest))
3162 sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
3163 } else {
3164 /* We're dropping ri_old. */
3165 if (!same_descriptors) {
3166 /* digests don't match; The sdmap_set above didn't replace */
3167 sdmap_remove(rl->desc_digest_map,
3168 ri_old->cache_info.signed_descriptor_digest);
3169
3170 if (tor_memneq(ri_old->cache_info.extra_info_digest,
3171 ri_new->cache_info.extra_info_digest, DIGEST_LEN)) {
3172 ei_tmp = eimap_remove(rl->extra_info_map,
3173 ri_old->cache_info.extra_info_digest);
3174 if (ei_tmp) {
3175 rl->extrainfo_store.bytes_dropped +=
3176 ei_tmp->cache_info.signed_descriptor_len;
3177 extrainfo_free(ei_tmp);
3178 }
3179 }
3180
3181 if (!tor_digest_is_zero(ri_old->cache_info.extra_info_digest)) {
3182 sdmap_remove(rl->desc_by_eid_map,
3183 ri_old->cache_info.extra_info_digest);
3184 }
3185 }
3186 rl->desc_store.bytes_dropped += ri_old->cache_info.signed_descriptor_len;
3187 routerinfo_free(ri_old);
3188 }
3189 #ifdef DEBUG_ROUTERLIST
3190 routerlist_assert_ok(rl);
3191 #endif
3192 }
3193
3194 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3195 * it as a fresh routerinfo_t. */
3196 static routerinfo_t *
3197 routerlist_reparse_old(routerlist_t *rl, signed_descriptor_t *sd)
3198 {
3199 routerinfo_t *ri;
3200 const char *body;
3201
3202 body = signed_descriptor_get_annotations(sd);
3203
3204 ri = router_parse_entry_from_string(body,
3205 body+sd->signed_descriptor_len+sd->annotations_len,
3206 0, 1, NULL, NULL);
3207 if (!ri)
3208 return NULL;
3209 memcpy(&ri->cache_info, sd, sizeof(signed_descriptor_t));
3210 sd->signed_descriptor_body = NULL; /* Steal reference. */
3211 ri->cache_info.routerlist_index = -1;
3212
3213 routerlist_remove_old(rl, sd, -1);
3214
3215 return ri;
3216 }
3217
3218 /** Free all memory held by the routerlist module. */
3219 void
3220 routerlist_free_all(void)
3221 {
3222 routerlist_free(routerlist);
3223 routerlist = NULL;
3224 if (warned_nicknames) {
3225 SMARTLIST_FOREACH(warned_nicknames, char *, cp, tor_free(cp));
3226 smartlist_free(warned_nicknames);
3227 warned_nicknames = NULL;
3228 }
3229 clear_dir_servers();
3230 smartlist_free(trusted_dir_servers);
3231 smartlist_free(fallback_dir_servers);
3232 trusted_dir_servers = fallback_dir_servers = NULL;
3233 if (trusted_dir_certs) {
3234 digestmap_free(trusted_dir_certs, cert_list_free_);
3235 trusted_dir_certs = NULL;
3236 }
3237 }
3238
3239 /** Forget that we have issued any router-related warnings, so that we'll
3240 * warn again if we see the same errors. */
3241 void
3242 routerlist_reset_warnings(void)
3243 {
3244 if (!warned_nicknames)
3245 warned_nicknames = smartlist_new();
3246 SMARTLIST_FOREACH(warned_nicknames, char *, cp, tor_free(cp));
3247 smartlist_clear(warned_nicknames); /* now the list is empty. */
3248
3249 networkstatus_reset_warnings();
3250 }
3251
3252 /** Return 1 if the signed descriptor of this router is older than
3253 * <b>seconds</b> seconds. Otherwise return 0. */
3254 MOCK_IMPL(int,
3255 router_descriptor_is_older_than,(const routerinfo_t *router, int seconds))
3256 {
3257 return router->cache_info.published_on < approx_time() - seconds;
3258 }
3259
3260 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3261 * older entries (if any) with the same key. Note: Callers should not hold
3262 * their pointers to <b>router</b> if this function fails; <b>router</b>
3263 * will either be inserted into the routerlist or freed. Similarly, even
3264 * if this call succeeds, they should not hold their pointers to
3265 * <b>router</b> after subsequent calls with other routerinfo's -- they
3266 * might cause the original routerinfo to get freed.
3267 *
3268 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3269 * the poster of the router to know something.
3270 *
3271 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3272 * <b>from_fetch</b>, we received it in response to a request we made.
3273 * (If both are false, that means it was uploaded to us as an auth dir
3274 * server or via the controller.)
3275 *
3276 * This function should be called *after*
3277 * routers_update_status_from_consensus_networkstatus; subsequently, you
3278 * should call router_rebuild_store and routerlist_descriptors_added.
3279 */
3280 was_router_added_t
3281 router_add_to_routerlist(routerinfo_t *router, const char **msg,
3282 int from_cache, int from_fetch)
3283 {
3284 const char *id_digest;
3285 const or_options_t *options = get_options();
3286 int authdir = authdir_mode_handles_descs(options, router->purpose);
3287 int authdir_believes_valid = 0;
3288 routerinfo_t *old_router;
3289 networkstatus_t *consensus =
3290 networkstatus_get_latest_consensus_by_flavor(FLAV_NS);
3291 int in_consensus = 0;
3292
3293 tor_assert(msg);
3294
3295 if (!routerlist)
3296 router_get_routerlist();
3297
3298 id_digest = router->cache_info.identity_digest;
3299
3300 old_router = router_get_mutable_by_digest(id_digest);
3301
3302 /* Make sure that it isn't expired. */
3303 if (router->cert_expiration_time < approx_time()) {
3304 routerinfo_free(router);
3305 *msg = "Some certs on this router are expired.";
3306 return ROUTER_CERTS_EXPIRED;
3307 }
3308
3309 /* Make sure that we haven't already got this exact descriptor. */
3310 if (sdmap_get(routerlist->desc_digest_map,
3311 router->cache_info.signed_descriptor_digest)) {
3312 /* If we have this descriptor already and the new descriptor is a bridge
3313 * descriptor, replace it. If we had a bridge descriptor before and the
3314 * new one is not a bridge descriptor, don't replace it. */
3315
3316 /* Only members of routerlist->identity_map can be bridges; we don't
3317 * put bridges in old_routers. */
3318 const int was_bridge = old_router &&
3319 old_router->purpose == ROUTER_PURPOSE_BRIDGE;
3320
3321 if (routerinfo_is_a_configured_bridge(router) &&
3322 router->purpose == ROUTER_PURPOSE_BRIDGE &&
3323 !was_bridge) {
3324 log_info(LD_DIR, "Replacing non-bridge descriptor with bridge "
3325 "descriptor for router %s",
3326 router_describe(router));
3327 } else {
3328 log_info(LD_DIR,
3329 "Dropping descriptor that we already have for router %s",
3330 router_describe(router));
3331 *msg = "Router descriptor was not new.";
3332 routerinfo_free(router);
3333 return ROUTER_IS_ALREADY_KNOWN;
3334 }
3335 }
3336
3337 if (authdir) {
3338 if (authdir_wants_to_reject_router(router, msg,
3339 !from_cache && !from_fetch,
3340 &authdir_believes_valid)) {
3341 tor_assert(*msg);
3342 routerinfo_free(router);
3343 return ROUTER_AUTHDIR_REJECTS;
3344 }
3345 } else if (from_fetch) {
3346 /* Only check the descriptor digest against the network statuses when
3347 * we are receiving in response to a fetch. */
3348
3349 if (!signed_desc_digest_is_recognized(&router->cache_info) &&
3350 !routerinfo_is_a_configured_bridge(router)) {
3351 /* We asked for it, so some networkstatus must have listed it when we
3352 * did. Save it if we're a cache in case somebody else asks for it. */
3353 log_info(LD_DIR,
3354 "Received a no-longer-recognized descriptor for router %s",
3355 router_describe(router));
3356 *msg = "Router descriptor is not referenced by any network-status.";
3357
3358 /* Only journal this desc if we'll be serving it. */
3359 if (!from_cache && should_cache_old_descriptors())
3360 signed_desc_append_to_journal(&router->cache_info,
3361 &routerlist->desc_store);
3362 routerlist_insert_old(routerlist, router);
3363 return ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS;
3364 }
3365 }
3366
3367 /* We no longer need a router with this descriptor digest. */
3368 if (consensus) {
3369 routerstatus_t *rs = networkstatus_vote_find_mutable_entry(
3370 consensus, id_digest);
3371 if (rs && tor_memeq(rs->descriptor_digest,
3372 router->cache_info.signed_descriptor_digest,
3373 DIGEST_LEN)) {
3374 in_consensus = 1;
3375 }
3376 }
3377
3378 if (router->purpose == ROUTER_PURPOSE_GENERAL &&
3379 consensus && !in_consensus && !authdir) {
3380 /* If it's a general router not listed in the consensus, then don't
3381 * consider replacing the latest router with it. */
3382 if (!from_cache && should_cache_old_descriptors())
3383 signed_desc_append_to_journal(&router->cache_info,
3384 &routerlist->desc_store);
3385 routerlist_insert_old(routerlist, router);
3386 *msg = "Skipping router descriptor: not in consensus.";
3387 return ROUTER_NOT_IN_CONSENSUS;
3388 }
3389
3390 /* If we're reading a bridge descriptor from our cache, and we don't
3391 * recognize it as one of our currently configured bridges, drop the
3392 * descriptor. Otherwise we could end up using it as one of our entry
3393 * guards even if it isn't in our Bridge config lines. */
3394 if (router->purpose == ROUTER_PURPOSE_BRIDGE && from_cache &&
3395 !authdir_mode_bridge(options) &&
3396 !routerinfo_is_a_configured_bridge(router)) {
3397 log_info(LD_DIR, "Dropping bridge descriptor for %s because we have "
3398 "no bridge configured at that address.",
3399 safe_str_client(router_describe(router)));
3400 *msg = "Router descriptor was not a configured bridge.";
3401 routerinfo_free(router);
3402 return ROUTER_WAS_NOT_WANTED;
3403 }
3404
3405 /* If we have a router with the same identity key, choose the newer one. */
3406 if (old_router) {
3407 if (!in_consensus && (router->cache_info.published_on <=
3408 old_router->cache_info.published_on)) {
3409 /* Same key, but old. This one is not listed in the consensus. */
3410 log_debug(LD_DIR, "Not-new descriptor for router %s",
3411 router_describe(router));
3412 /* Only journal this desc if we'll be serving it. */
3413 if (!from_cache && should_cache_old_descriptors())
3414 signed_desc_append_to_journal(&router->cache_info,
3415 &routerlist->desc_store);
3416 routerlist_insert_old(routerlist, router);
3417 *msg = "Router descriptor was not new.";
3418 return ROUTER_IS_ALREADY_KNOWN;
3419 } else {
3420 /* Same key, and either new, or listed in the consensus. */
3421 log_debug(LD_DIR, "Replacing entry for router %s",
3422 router_describe(router));
3423 routerlist_replace(routerlist, old_router, router);
3424 if (!from_cache) {
3425 signed_desc_append_to_journal(&router->cache_info,
3426 &routerlist->desc_store);
3427 }
3428 *msg = authdir_believes_valid ? "Valid server updated" :
3429 ("Invalid server updated. (This dirserver is marking your "
3430 "server as unapproved.)");
3431 return ROUTER_ADDED_SUCCESSFULLY;
3432 }
3433 }
3434
3435 if (!in_consensus && from_cache &&
3436 router_descriptor_is_older_than(router, OLD_ROUTER_DESC_MAX_AGE)) {
3437 *msg = "Router descriptor was really old.";
3438 routerinfo_free(router);
3439 return ROUTER_WAS_TOO_OLD;
3440 }
3441
3442 /* We haven't seen a router with this identity before. Add it to the end of
3443 * the list. */
3444 routerlist_insert(routerlist, router);
3445 if (!from_cache) {
3446 signed_desc_append_to_journal(&router->cache_info,
3447 &routerlist->desc_store);
3448 }
3449 return ROUTER_ADDED_SUCCESSFULLY;
3450 }
3451
3452 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
3453 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
3454 * we actually inserted it, ROUTER_BAD_EI otherwise.
3455 */
3456 was_router_added_t
3457 router_add_extrainfo_to_routerlist(extrainfo_t *ei, const char **msg,
3458 int from_cache, int from_fetch)
3459 {
3460 was_router_added_t inserted;
3461 (void)from_fetch;
3462 if (msg) *msg = NULL;
3463 /*XXXX023 Do something with msg */
3464
3465 inserted = extrainfo_insert(router_get_routerlist(), ei, !from_cache);
3466
3467 if (WRA_WAS_ADDED(inserted) && !from_cache)
3468 signed_desc_append_to_journal(&ei->cache_info,
3469 &routerlist->extrainfo_store);
3470
3471 return inserted;
3472 }
3473
3474 /** Sorting helper: return &lt;0, 0, or &gt;0 depending on whether the
3475 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
3476 * to, or later than that of *<b>b</b>. */
3477 static int
3478 compare_old_routers_by_identity_(const void **_a, const void **_b)
3479 {
3480 int i;
3481 const signed_descriptor_t *r1 = *_a, *r2 = *_b;
3482 if ((i = fast_memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN)))
3483 return i;
3484 return (int)(r1->published_on - r2->published_on);
3485 }
3486
3487 /** Internal type used to represent how long an old descriptor was valid,
3488 * where it appeared in the list of old descriptors, and whether it's extra
3489 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
3490 struct duration_idx_t {
3491 int duration;
3492 int idx;
3493 int old;
3494 };
3495
3496 /** Sorting helper: compare two duration_idx_t by their duration. */
3497 static int
3498 compare_duration_idx_(const void *_d1, const void *_d2)
3499 {
3500 const struct duration_idx_t *d1 = _d1;
3501 const struct duration_idx_t *d2 = _d2;
3502 return d1->duration - d2->duration;
3503 }
3504
3505 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
3506 * must contain routerinfo_t with the same identity and with publication time
3507 * in ascending order. Remove members from this range until there are no more
3508 * than max_descriptors_per_router() remaining. Start by removing the oldest
3509 * members from before <b>cutoff</b>, then remove members which were current
3510 * for the lowest amount of time. The order of members of old_routers at
3511 * indices <b>lo</b> or higher may be changed.
3512 */
3513 static void
3514 routerlist_remove_old_cached_routers_with_id(time_t now,
3515 time_t cutoff, int lo, int hi,
3516 digestset_t *retain)
3517 {
3518 int i, n = hi-lo+1;
3519 unsigned n_extra, n_rmv = 0;
3520 struct duration_idx_t *lifespans;
3521 uint8_t *rmv, *must_keep;
3522 smartlist_t *lst = routerlist->old_routers;
3523 #if 1
3524 const char *ident;
3525 tor_assert(hi < smartlist_len(lst));
3526 tor_assert(lo <= hi);
3527 ident = ((signed_descriptor_t*)smartlist_get(lst, lo))->identity_digest;
3528 for (i = lo+1; i <= hi; ++i) {
3529 signed_descriptor_t *r = smartlist_get(lst, i);
3530 tor_assert(tor_memeq(ident, r->identity_digest, DIGEST_LEN));
3531 }
3532 #endif
3533 /* Check whether we need to do anything at all. */
3534 {
3535 int mdpr = directory_caches_dir_info(get_options()) ? 2 : 1;
3536 if (n <= mdpr)
3537 return;
3538 n_extra = n - mdpr;
3539 }
3540
3541 lifespans = tor_calloc(n, sizeof(struct duration_idx_t));
3542 rmv = tor_calloc(n, sizeof(uint8_t));
3543 must_keep = tor_calloc(n, sizeof(uint8_t));
3544 /* Set lifespans to contain the lifespan and index of each server. */
3545 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
3546 for (i = lo; i <= hi; ++i) {
3547 signed_descriptor_t *r = smartlist_get(lst, i);
3548 signed_descriptor_t *r_next;
3549 lifespans[i-lo].idx = i;
3550 if (r->last_listed_as_valid_until >= now ||
3551 (retain && digestset_contains(retain, r->signed_descriptor_digest))) {
3552 must_keep[i-lo] = 1;
3553 }
3554 if (i < hi) {
3555 r_next = smartlist_get(lst, i+1);
3556 tor_assert(r->published_on <= r_next->published_on);
3557 lifespans[i-lo].duration = (int)(r_next->published_on - r->published_on);
3558 } else {
3559 r_next = NULL;
3560 lifespans[i-lo].duration = INT_MAX;
3561 }
3562 if (!must_keep[i-lo] && r->published_on < cutoff && n_rmv < n_extra) {
3563 ++n_rmv;
3564 lifespans[i-lo].old = 1;
3565 rmv[i-lo] = 1;
3566 }
3567 }
3568
3569 if (n_rmv < n_extra) {
3570 /**
3571 * We aren't removing enough servers for being old. Sort lifespans by
3572 * the duration of liveness, and remove the ones we're not already going to
3573 * remove based on how long they were alive.
3574 **/
3575 qsort(lifespans, n, sizeof(struct duration_idx_t), compare_duration_idx_);
3576 for (i = 0; i < n && n_rmv < n_extra; ++i) {
3577 if (!must_keep[lifespans[i].idx-lo] && !lifespans[i].old) {
3578 rmv[lifespans[i].idx-lo] = 1;
3579 ++n_rmv;
3580 }
3581 }
3582 }
3583
3584 i = hi;
3585 do {
3586 if (rmv[i-lo])
3587 routerlist_remove_old(routerlist, smartlist_get(lst, i), i);
3588 } while (--i >= lo);
3589 tor_free(must_keep);
3590 tor_free(rmv);
3591 tor_free(lifespans);
3592 }
3593
3594 /** Deactivate any routers from the routerlist that are more than
3595 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
3596 * remove old routers from the list of cached routers if we have too many.
3597 */
3598 void
3599 routerlist_remove_old_routers(void)
3600 {
3601 int i, hi=-1;
3602 const char *cur_id = NULL;
3603 time_t now = time(NULL);
3604 time_t cutoff;
3605 routerinfo_t *router;
3606 signed_descriptor_t *sd;
3607 digestset_t *retain;
3608 const networkstatus_t *consensus = networkstatus_get_latest_consensus();
3609
3610 trusted_dirs_remove_old_certs();
3611
3612 if (!routerlist || !consensus)
3613 return;
3614
3615 // routerlist_assert_ok(routerlist);
3616
3617 /* We need to guess how many router descriptors we will wind up wanting to
3618 retain, so that we can be sure to allocate a large enough Bloom filter
3619 to hold the digest set. Overestimating is fine; underestimating is bad.
3620 */
3621 {
3622 /* We'll probably retain everything in the consensus. */
3623 int n_max_retain = smartlist_len(consensus->routerstatus_list);
3624 retain = digestset_new(n_max_retain);
3625 }
3626
3627 cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
3628 /* Retain anything listed in the consensus. */
3629 if (consensus) {
3630 SMARTLIST_FOREACH(consensus->routerstatus_list, routerstatus_t *, rs,
3631 if (rs->published_on >= cutoff)
3632 digestset_add(retain, rs->descriptor_digest));
3633 }
3634
3635 /* If we have a consensus, we should consider pruning current routers that
3636 * are too old and that nobody recommends. (If we don't have a consensus,
3637 * then we should get one before we decide to kill routers.) */
3638
3639 if (consensus) {
3640 cutoff = now - ROUTER_MAX_AGE;
3641 /* Remove too-old unrecommended members of routerlist->routers. */
3642 for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
3643 router = smartlist_get(routerlist->routers, i);
3644 if (router->cache_info.published_on <= cutoff &&
3645 router->cache_info.last_listed_as_valid_until < now &&
3646 !digestset_contains(retain,
3647 router->cache_info.signed_descriptor_digest)) {
3648 /* Too old: remove it. (If we're a cache, just move it into
3649 * old_routers.) */
3650 log_info(LD_DIR,
3651 "Forgetting obsolete (too old) routerinfo for router %s",
3652 router_describe(router));
3653 routerlist_remove(routerlist, router, 1, now);
3654 i--;
3655 }
3656 }
3657 }
3658
3659 //routerlist_assert_ok(routerlist);
3660
3661 /* Remove far-too-old members of routerlist->old_routers. */
3662 cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
3663 for (i = 0; i < smartlist_len(routerlist->old_routers); ++i) {
3664 sd = smartlist_get(routerlist->old_routers, i);
3665 if (sd->published_on <= cutoff &&
3666 sd->last_listed_as_valid_until < now &&
3667 !digestset_contains(retain, sd->signed_descriptor_digest)) {
3668 /* Too old. Remove it. */
3669 routerlist_remove_old(routerlist, sd, i--);
3670 }
3671 }
3672
3673 //routerlist_assert_ok(routerlist);
3674
3675 log_info(LD_DIR, "We have %d live routers and %d old router descriptors.",
3676 smartlist_len(routerlist->routers),
3677 smartlist_len(routerlist->old_routers));
3678
3679 /* Now we might have to look at routerlist->old_routers for extraneous
3680 * members. (We'd keep all the members if we could, but we need to save
3681 * space.) First, check whether we have too many router descriptors, total.
3682 * We're okay with having too many for some given router, so long as the
3683 * total number doesn't approach max_descriptors_per_router()*len(router).
3684 */
3685 if (smartlist_len(routerlist->old_routers) <
3686 smartlist_len(routerlist->routers))
3687 goto done;
3688
3689 /* Sort by identity, then fix indices. */
3690 smartlist_sort(routerlist->old_routers, compare_old_routers_by_identity_);
3691 /* Fix indices. */
3692 for (i = 0; i < smartlist_len(routerlist->old_routers); ++i) {
3693 signed_descriptor_t *r = smartlist_get(routerlist->old_routers, i);
3694 r->routerlist_index = i;
3695 }
3696
3697 /* Iterate through the list from back to front, so when we remove descriptors
3698 * we don't mess up groups we haven't gotten to. */
3699 for (i = smartlist_len(routerlist->old_routers)-1; i >= 0; --i) {
3700 signed_descriptor_t *r = smartlist_get(routerlist->old_routers, i);
3701 if (!cur_id) {
3702 cur_id = r->identity_digest;
3703 hi = i;
3704 }
3705 if (tor_memneq(cur_id, r->identity_digest, DIGEST_LEN)) {
3706 routerlist_remove_old_cached_routers_with_id(now,
3707 cutoff, i+1, hi, retain);
3708 cur_id = r->identity_digest;
3709 hi = i;
3710 }
3711 }
3712 if (hi>=0)
3713 routerlist_remove_old_cached_routers_with_id(now, cutoff, 0, hi, retain);
3714 //routerlist_assert_ok(routerlist);
3715
3716 done:
3717 digestset_free(retain);
3718 router_rebuild_store(RRS_DONT_REMOVE_OLD, &routerlist->desc_store);
3719 router_rebuild_store(RRS_DONT_REMOVE_OLD,&routerlist->extrainfo_store);
3720 }
3721
3722 /** We just added a new set of descriptors. Take whatever extra steps
3723 * we need. */
3724 void
3725 routerlist_descriptors_added(smartlist_t *sl, int from_cache)
3726 {
3727 tor_assert(sl);
3728 control_event_descriptors_changed(sl);
3729 SMARTLIST_FOREACH_BEGIN(sl, routerinfo_t *, ri) {
3730 if (ri->purpose == ROUTER_PURPOSE_BRIDGE)
3731 learned_bridge_descriptor(ri, from_cache);
3732 if (ri->needs_retest_if_added) {
3733 ri->needs_retest_if_added = 0;
3734 dirserv_single_reachability_test(approx_time(), ri);
3735 }
3736 } SMARTLIST_FOREACH_END(ri);
3737 }
3738
3739 /**
3740 * Code to parse a single router descriptor and insert it into the
3741 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
3742 * descriptor was well-formed but could not be added; and 1 if the
3743 * descriptor was added.
3744 *
3745 * If we don't add it and <b>msg</b> is not NULL, then assign to
3746 * *<b>msg</b> a static string describing the reason for refusing the
3747 * descriptor.
3748 *
3749 * This is used only by the controller.
3750 */
3751 int
3752 router_load_single_router(const char *s, uint8_t purpose, int cache,
3753 const char **msg)
3754 {
3755 routerinfo_t *ri;
3756 was_router_added_t r;
3757 smartlist_t *lst;
3758 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
3759 tor_assert(msg);
3760 *msg = NULL;
3761
3762 tor_snprintf(annotation_buf, sizeof(annotation_buf),
3763 "@source controller\n"
3764 "@purpose %s\n", router_purpose_to_string(purpose));
3765
3766 if (!(ri = router_parse_entry_from_string(s, NULL, 1, 0,
3767 annotation_buf, NULL))) {
3768 log_warn(LD_DIR, "Error parsing router descriptor; dropping.");
3769 *msg = "Couldn't parse router descriptor.";
3770 return -1;
3771 }
3772 tor_assert(ri->purpose == purpose);
3773 if (router_is_me(ri)) {
3774 log_warn(LD_DIR, "Router's identity key matches mine; dropping.");
3775 *msg = "Router's identity key matches mine.";
3776 routerinfo_free(ri);
3777 return 0;
3778 }
3779
3780 if (!cache) /* obey the preference of the controller */
3781 ri->cache_info.do_not_cache = 1;
3782
3783 lst = smartlist_new();
3784 smartlist_add(lst, ri);
3785 routers_update_status_from_consensus_networkstatus(lst, 0);
3786
3787 r = router_add_to_routerlist(ri, msg, 0, 0);
3788 if (!WRA_WAS_ADDED(r)) {
3789 /* we've already assigned to *msg now, and ri is already freed */
3790 tor_assert(*msg);
3791 if (r == ROUTER_AUTHDIR_REJECTS)
3792 log_warn(LD_DIR, "Couldn't add router to list: %s Dropping.", *msg);
3793 smartlist_free(lst);
3794 return 0;
3795 } else {
3796 routerlist_descriptors_added(lst, 0);
3797 smartlist_free(lst);
3798 log_debug(LD_DIR, "Added router to list");
3799 return 1;
3800 }
3801 }
3802
3803 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
3804 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
3805 * are in response to a query to the network: cache them by adding them to
3806 * the journal.
3807 *
3808 * Return the number of routers actually added.
3809 *
3810 * If <b>requested_fingerprints</b> is provided, it must contain a list of
3811 * uppercased fingerprints. Do not update any router whose
3812 * fingerprint is not on the list; after updating a router, remove its
3813 * fingerprint from the list.
3814 *
3815 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
3816 * are descriptor digests. Otherwise they are identity digests.
3817 */
3818 int
3819 router_load_routers_from_string(const char *s, const char *eos,
3820 saved_location_t saved_location,
3821 smartlist_t *requested_fingerprints,
3822 int descriptor_digests,
3823 const char *prepend_annotations)
3824 {
3825 smartlist_t *routers = smartlist_new(), *changed = smartlist_new();
3826 char fp[HEX_DIGEST_LEN+1];
3827 const char *msg;
3828 int from_cache = (saved_location != SAVED_NOWHERE);
3829 int allow_annotations = (saved_location != SAVED_NOWHERE);
3830 int any_changed = 0;
3831 smartlist_t *invalid_digests = smartlist_new();
3832
3833 router_parse_list_from_string(&s, eos, routers, saved_location, 0,
3834 allow_annotations, prepend_annotations,
3835 invalid_digests);
3836
3837 routers_update_status_from_consensus_networkstatus(routers, !from_cache);
3838
3839 log_info(LD_DIR, "%d elements to add", smartlist_len(routers));
3840
3841 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
3842 was_router_added_t r;
3843 char d[DIGEST_LEN];
3844 if (requested_fingerprints) {
3845 base16_encode(fp, sizeof(fp), descriptor_digests ?
3846 ri->cache_info.signed_descriptor_digest :
3847 ri->cache_info.identity_digest,
3848 DIGEST_LEN);
3849 if (smartlist_contains_string(requested_fingerprints, fp)) {
3850 smartlist_string_remove(requested_fingerprints, fp);
3851 } else {
3852 char *requested =
3853 smartlist_join_strings(requested_fingerprints," ",0,NULL);
3854 log_warn(LD_DIR,
3855 "We received a router descriptor with a fingerprint (%s) "
3856 "that we never requested. (We asked for: %s.) Dropping.",
3857 fp, requested);
3858 tor_free(requested);
3859 routerinfo_free(ri);
3860 continue;
3861 }
3862 }
3863
3864 memcpy(d, ri->cache_info.signed_descriptor_digest, DIGEST_LEN);
3865 r = router_add_to_routerlist(ri, &msg, from_cache, !from_cache);
3866 if (WRA_WAS_ADDED(r)) {
3867 any_changed++;
3868 smartlist_add(changed, ri);
3869 routerlist_descriptors_added(changed, from_cache);
3870 smartlist_clear(changed);
3871 } else if (WRA_NEVER_DOWNLOADABLE(r)) {
3872 download_status_t *dl_status;
3873 dl_status = router_get_dl_status_by_descriptor_digest(d);
3874 if (dl_status) {
3875 log_info(LD_GENERAL, "Marking router %s as never downloadable",
3876 hex_str(d, DIGEST_LEN));
3877 download_status_mark_impossible(dl_status);
3878 }
3879 }
3880 } SMARTLIST_FOREACH_END(ri);
3881
3882 SMARTLIST_FOREACH_BEGIN(invalid_digests, const uint8_t *, bad_digest) {
3883 /* This digest is never going to be parseable. */
3884 base16_encode(fp, sizeof(fp), (char*)bad_digest, DIGEST_LEN);
3885 if (requested_fingerprints && descriptor_digests) {
3886 if (! smartlist_contains_string(requested_fingerprints, fp)) {
3887 /* But we didn't ask for it, so we should assume shennanegans. */
3888 continue;
3889 }
3890 smartlist_string_remove(requested_fingerprints, fp);
3891 }
3892 download_status_t *dls;
3893 dls = router_get_dl_status_by_descriptor_digest((char*)bad_digest);
3894 if (dls) {
3895 log_info(LD_GENERAL, "Marking router with descriptor %s as unparseable, "
3896 "and therefore undownloadable", fp);
3897 download_status_mark_impossible(dls);
3898 }
3899 } SMARTLIST_FOREACH_END(bad_digest);
3900 SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
3901 smartlist_free(invalid_digests);
3902
3903 routerlist_assert_ok(routerlist);
3904
3905 if (any_changed)
3906 router_rebuild_store(0, &routerlist->desc_store);
3907
3908 smartlist_free(routers);
3909 smartlist_free(changed);
3910
3911 return any_changed;
3912 }
3913
3914 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
3915 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
3916 * router_load_routers_from_string(). */
3917 void
3918 router_load_extrainfo_from_string(const char *s, const char *eos,
3919 saved_location_t saved_location,
3920 smartlist_t *requested_fingerprints,
3921 int descriptor_digests)
3922 {
3923 smartlist_t *extrainfo_list = smartlist_new();
3924 const char *msg;
3925 int from_cache = (saved_location != SAVED_NOWHERE);
3926 smartlist_t *invalid_digests = smartlist_new();
3927
3928 router_parse_list_from_string(&s, eos, extrainfo_list, saved_location, 1, 0,
3929 NULL, invalid_digests);
3930
3931 log_info(LD_DIR, "%d elements to add", smartlist_len(extrainfo_list));
3932
3933 SMARTLIST_FOREACH_BEGIN(extrainfo_list, extrainfo_t *, ei) {
3934 uint8_t d[DIGEST_LEN];
3935 memcpy(d, ei->cache_info.signed_descriptor_digest, DIGEST_LEN);
3936 was_router_added_t added =
3937 router_add_extrainfo_to_routerlist(ei, &msg, from_cache, !from_cache);
3938 if (WRA_WAS_ADDED(added) && requested_fingerprints) {
3939 char fp[HEX_DIGEST_LEN+1];
3940 base16_encode(fp, sizeof(fp), descriptor_digests ?
3941 ei->cache_info.signed_descriptor_digest :
3942 ei->cache_info.identity_digest,
3943 DIGEST_LEN);
3944 smartlist_string_remove(requested_fingerprints, fp);
3945 /* We silently let people stuff us with extrainfos we didn't ask for,
3946 * so long as we would have wanted them anyway. Since we always fetch
3947 * all the extrainfos we want, and we never actually act on them
3948 * inside Tor, this should be harmless. */
3949 } else if (WRA_NEVER_DOWNLOADABLE(added)) {
3950 signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d);
3951 if (sd) {
3952 log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
3953 "unparseable, and therefore undownloadable",
3954 hex_str((char*)d,DIGEST_LEN));
3955 download_status_mark_impossible(&sd->ei_dl_status);
3956 }
3957 }
3958 } SMARTLIST_FOREACH_END(ei);
3959
3960 SMARTLIST_FOREACH_BEGIN(invalid_digests, const uint8_t *, bad_digest) {
3961 /* This digest is never going to be parseable. */
3962 char fp[HEX_DIGEST_LEN+1];
3963 base16_encode(fp, sizeof(fp), (char*)bad_digest, DIGEST_LEN);
3964 if (requested_fingerprints) {
3965 if (! smartlist_contains_string(requested_fingerprints, fp)) {
3966 /* But we didn't ask for it, so we should assume shennanegans. */
3967 continue;
3968 }
3969 smartlist_string_remove(requested_fingerprints, fp);
3970 }
3971 signed_descriptor_t *sd =
3972 router_get_by_extrainfo_digest((char*)bad_digest);
3973 if (sd) {
3974 log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
3975 "unparseable, and therefore undownloadable", fp);
3976 download_status_mark_impossible(&sd->ei_dl_status);
3977 }
3978 } SMARTLIST_FOREACH_END(bad_digest);
3979 SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
3980 smartlist_free(invalid_digests);
3981
3982 routerlist_assert_ok(routerlist);
3983 router_rebuild_store(0, &router_get_routerlist()->extrainfo_store);
3984
3985 smartlist_free(extrainfo_list);
3986 }
3987
3988 /** Return true iff any networkstatus includes a descriptor whose digest
3989 * is that of <b>desc</b>. */
3990 static int
3991 signed_desc_digest_is_recognized(signed_descriptor_t *desc)
3992 {
3993 const routerstatus_t *rs;
3994 networkstatus_t *consensus = networkstatus_get_latest_consensus();
3995
3996 if (consensus) {
3997 rs = networkstatus_vote_find_entry(consensus, desc->identity_digest);
3998 if (rs && tor_memeq(rs->descriptor_digest,
3999 desc->signed_descriptor_digest, DIGEST_LEN))
4000 return 1;
4001 }
4002 return 0;
4003 }
4004
4005 /** Update downloads for router descriptors and/or microdescriptors as
4006 * appropriate. */
4007 void
4008 update_all_descriptor_downloads(time_t now)
4009 {
4010 if (get_options()->DisableNetwork)
4011 return;
4012 update_router_descriptor_downloads(now);
4013 update_microdesc_downloads(now);
4014 launch_dummy_descriptor_download_as_needed(now, get_options());
4015 }
4016
4017 /** Clear all our timeouts for fetching v3 directory stuff, and then
4018 * give it all a try again. */
4019 void
4020 routerlist_retry_directory_downloads(time_t now)
4021 {
4022 (void)now;
4023 router_reset_status_download_failures();
4024 router_reset_descriptor_download_failures();
4025 reschedule_directory_downloads();
4026 }
4027
4028 /** Return true iff <b>router</b> does not permit exit streams.
4029 */
4030 int
4031 router_exit_policy_rejects_all(const routerinfo_t *router)
4032 {
4033 return router->policy_is_reject_star;
4034 }
4035
4036 /** Create an directory server at <b>address</b>:<b>port</b>, with OR identity
4037 * key <b>digest</b>. If <b>address</b> is NULL, add ourself. If
4038 * <b>is_authority</b>, this is a directory authority. Return the new
4039 * directory server entry on success or NULL on failure. */
4040 static dir_server_t *
4041 dir_server_new(int is_authority,
4042 const char *nickname,
4043 const tor_addr_t *addr,
4044 const char *hostname,
4045 uint16_t dir_port, uint16_t or_port,
4046 const char *digest, const char *v3_auth_digest,
4047 dirinfo_type_t type,
4048 double weight)
4049 {
4050 dir_server_t *ent;
4051 uint32_t a;
4052 char *hostname_ = NULL;
4053
4054 if (weight < 0)
4055 return NULL;
4056
4057 if (tor_addr_family(addr) == AF_INET)
4058 a = tor_addr_to_ipv4h(addr);
4059 else
4060 return NULL; /*XXXX Support IPv6 */
4061
4062 if (!hostname)
4063 hostname_ = tor_dup_addr(addr);
4064 else
4065 hostname_ = tor_strdup(hostname);
4066
4067 ent = tor_malloc_zero(sizeof(dir_server_t));
4068 ent->nickname = nickname ? tor_strdup(nickname) : NULL;
4069 ent->address = hostname_;
4070 ent->addr = a;
4071 ent->dir_port = dir_port;
4072 ent->or_port = or_port;
4073 ent->is_running = 1;
4074 ent->is_authority = is_authority;
4075 ent->type = type;
4076 ent->weight = weight;
4077 memcpy(ent->digest, digest, DIGEST_LEN);
4078 if (v3_auth_digest && (type & V3_DIRINFO))
4079 memcpy(ent->v3_identity_digest, v3_auth_digest, DIGEST_LEN);
4080
4081 if (nickname)
4082 tor_asprintf(&ent->description, "directory server \"%s\" at %s:%d",
4083 nickname, hostname, (int)dir_port);
4084 else
4085 tor_asprintf(&ent->description, "directory server at %s:%d",
4086 hostname, (int)dir_port);
4087
4088 ent->fake_status.addr = ent->addr;
4089 memcpy(ent->fake_status.identity_digest, digest, DIGEST_LEN);
4090 if (nickname)
4091 strlcpy(ent->fake_status.nickname, nickname,
4092 sizeof(ent->fake_status.nickname));
4093 else
4094 ent->fake_status.nickname[0] = '\0';
4095 ent->fake_status.dir_port = ent->dir_port;
4096 ent->fake_status.or_port = ent->or_port;
4097
4098 return ent;
4099 }
4100
4101 /** Create an authoritative directory server at
4102 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4103 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4104 * server entry on success or NULL if we couldn't add it. */
4105 dir_server_t *
4106 trusted_dir_server_new(const char *nickname, const char *address,
4107 uint16_t dir_port, uint16_t or_port,
4108 const char *digest, const char *v3_auth_digest,
4109 dirinfo_type_t type, double weight)
4110 {
4111 uint32_t a;
4112 tor_addr_t addr;
4113 char *hostname=NULL;
4114 dir_server_t *result;
4115
4116 if (!address) { /* The address is us; we should guess. */
4117 if (resolve_my_address(LOG_WARN, get_options(),
4118 &a, NULL, &hostname) < 0) {
4119 log_warn(LD_CONFIG,
4120 "Couldn't find a suitable address when adding ourself as a "
4121 "trusted directory server.");
4122 return NULL;
4123 }
4124 if (!hostname)
4125 hostname = tor_dup_ip(a);
4126 } else {
4127 if (tor_lookup_hostname(address, &a)) {
4128 log_warn(LD_CONFIG,
4129 "Unable to lookup address for directory server at '%s'",
4130 address);
4131 return NULL;
4132 }
4133 hostname = tor_strdup(address);
4134 }
4135 tor_addr_from_ipv4h(&addr, a);
4136
4137 result = dir_server_new(1, nickname, &addr, hostname,
4138 dir_port, or_port, digest,
4139 v3_auth_digest, type, weight);
4140 tor_free(hostname);
4141 return result;
4142 }
4143
4144 /** Return a new dir_server_t for a fallback directory server at
4145 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4146 * <b>id_digest</b> */
4147 dir_server_t *
4148 fallback_dir_server_new(const tor_addr_t *addr,
4149 uint16_t dir_port, uint16_t or_port,
4150 const char *id_digest, double weight)
4151 {
4152 return dir_server_new(0, NULL, addr, NULL, dir_port, or_port, id_digest,
4153 NULL, ALL_DIRINFO, weight);
4154 }
4155
4156 /** Add a directory server to the global list(s). */
4157 void
4158 dir_server_add(dir_server_t *ent)
4159 {
4160 if (!trusted_dir_servers)
4161 trusted_dir_servers = smartlist_new();
4162 if (!fallback_dir_servers)
4163 fallback_dir_servers = smartlist_new();
4164
4165 if (ent->is_authority)
4166 smartlist_add(trusted_dir_servers, ent);
4167
4168 smartlist_add(fallback_dir_servers, ent);
4169 router_dir_info_changed();
4170 }
4171
4172 /** Free storage held in <b>cert</b>. */
4173 void
4174 authority_cert_free(authority_cert_t *cert)
4175 {
4176 if (!cert)
4177 return;
4178
4179 tor_free(cert->cache_info.signed_descriptor_body);
4180 crypto_pk_free(cert->signing_key);
4181 crypto_pk_free(cert->identity_key);
4182
4183 tor_free(cert);
4184 }
4185
4186 /** Free storage held in <b>ds</b>. */
4187 static void
4188 dir_server_free(dir_server_t *ds)
4189 {
4190 if (!ds)
4191 return;
4192
4193 tor_free(ds->nickname);
4194 tor_free(ds->description);
4195 tor_free(ds->address);
4196 tor_free(ds);
4197 }
4198
4199 /** Remove all members from the list of dir servers. */
4200 void
4201 clear_dir_servers(void)
4202 {
4203 if (fallback_dir_servers) {
4204 SMARTLIST_FOREACH(fallback_dir_servers, dir_server_t *, ent,
4205 dir_server_free(ent));
4206 smartlist_clear(fallback_dir_servers);
4207 } else {
4208 fallback_dir_servers = smartlist_new();
4209 }
4210 if (trusted_dir_servers) {
4211 smartlist_clear(trusted_dir_servers);
4212 } else {
4213 trusted_dir_servers = smartlist_new();
4214 }
4215 router_dir_info_changed();
4216 }
4217
4218 /** For every current directory connection whose purpose is <b>purpose</b>,
4219 * and where the resource being downloaded begins with <b>prefix</b>, split
4220 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4221 * purpose==DIR_PURPPOSE_FETCH_MICRODESC), decode them, and set the
4222 * corresponding elements of <b>result</b> to a nonzero value.
4223 */
4224 static void
4225 list_pending_downloads(digestmap_t *result, digest256map_t *result256,
4226 int purpose, const char *prefix)
4227 {
4228 const size_t p_len = strlen(prefix);
4229 smartlist_t *tmp = smartlist_new();
4230 smartlist_t *conns = get_connection_array();
4231 int flags = DSR_HEX;
4232 if (purpose == DIR_PURPOSE_FETCH_MICRODESC)
4233 flags = DSR_DIGEST256|DSR_BASE64;
4234
4235 tor_assert(result || result256);
4236
4237 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
4238 if (conn->type == CONN_TYPE_DIR &&
4239 conn->purpose == purpose &&
4240 !conn->marked_for_close) {
4241 const char *resource = TO_DIR_CONN(conn)->requested_resource;
4242 if (!strcmpstart(resource, prefix))
4243 dir_split_resource_into_fingerprints(resource + p_len,
4244 tmp, NULL, flags);
4245 }
4246 } SMARTLIST_FOREACH_END(conn);
4247
4248 if (result) {
4249 SMARTLIST_FOREACH(tmp, char *, d,
4250 {
4251 digestmap_set(result, d, (void*)1);
4252 tor_free(d);
4253 });
4254 } else if (result256) {
4255 SMARTLIST_FOREACH(tmp, uint8_t *, d,
4256 {
4257 digest256map_set(result256, d, (void*)1);
4258 tor_free(d);
4259 });
4260 }
4261 smartlist_free(tmp);
4262 }
4263
4264 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4265 * true) we are currently downloading by descriptor digest, set result[d] to
4266 * (void*)1. */
4267 static void
4268 list_pending_descriptor_downloads(digestmap_t *result, int extrainfo)
4269 {
4270 int purpose =
4271 extrainfo ? DIR_PURPOSE_FETCH_EXTRAINFO : DIR_PURPOSE_FETCH_SERVERDESC;
4272 list_pending_downloads(result, NULL, purpose, "d/");
4273 }
4274
4275 /** For every microdescriptor we are currently downloading by descriptor
4276 * digest, set result[d] to (void*)1.
4277 */
4278 void
4279 list_pending_microdesc_downloads(digest256map_t *result)
4280 {
4281 list_pending_downloads(NULL, result, DIR_PURPOSE_FETCH_MICRODESC, "d/");
4282 }
4283
4284 /** For every certificate we are currently downloading by (identity digest,
4285 * signing key digest) pair, set result[fp_pair] to (void *1).
4286 */
4287 static void
4288 list_pending_fpsk_downloads(fp_pair_map_t *result)
4289 {
4290 const char *pfx = "fp-sk/";
4291 smartlist_t *tmp;
4292 smartlist_t *conns;
4293 const char *resource;
4294
4295 tor_assert(result);
4296
4297 tmp = smartlist_new();
4298 conns = get_connection_array();
4299
4300 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
4301 if (conn->type == CONN_TYPE_DIR &&
4302 conn->purpose == DIR_PURPOSE_FETCH_CERTIFICATE &&
4303 !conn->marked_for_close) {
4304 resource = TO_DIR_CONN(conn)->requested_resource;
4305 if (!strcmpstart(resource, pfx))
4306 dir_split_resource_into_fingerprint_pairs(resource + strlen(pfx),
4307 tmp);
4308 }
4309 } SMARTLIST_FOREACH_END(conn);
4310
4311 SMARTLIST_FOREACH_BEGIN(tmp, fp_pair_t *, fp) {
4312 fp_pair_map_set(result, fp, (void*)1);
4313 tor_free(fp);
4314 } SMARTLIST_FOREACH_END(fp);
4315
4316 smartlist_free(tmp);
4317 }
4318
4319 /** Launch downloads for all the descriptors whose digests or digests256
4320 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4321 * range.) If <b>source</b> is given, download from <b>source</b>;
4322 * otherwise, download from an appropriate random directory server.
4323 */
4324 MOCK_IMPL(STATIC void, initiate_descriptor_downloads,
4325 (const routerstatus_t *source, int purpose, smartlist_t *digests,
4326 int lo, int hi, int pds_flags))
4327 {
4328 char *resource, *cp;
4329 int digest_len, enc_digest_len;
4330 const char *sep;
4331 int b64_256;
4332 smartlist_t *tmp;
4333
4334 if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
4335 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4336 * 256-bit digests. */
4337 digest_len = DIGEST256_LEN;
4338 enc_digest_len = BASE64_DIGEST256_LEN + 1;
4339 sep = "-";
4340 b64_256 = 1;
4341 } else {
4342 digest_len = DIGEST_LEN;
4343 enc_digest_len = HEX_DIGEST_LEN + 1;
4344 sep = "+";
4345 b64_256 = 0;
4346 }
4347
4348 if (lo < 0)
4349 lo = 0;
4350 if (hi > smartlist_len(digests))
4351 hi = smartlist_len(digests);
4352
4353 if (hi-lo <= 0)
4354 return;
4355
4356 tmp = smartlist_new();
4357
4358 for (; lo < hi; ++lo) {
4359 cp = tor_malloc(enc_digest_len);
4360 if (b64_256) {
4361 digest256_to_base64(cp, smartlist_get(digests, lo));
4362 } else {
4363 base16_encode(cp, enc_digest_len, smartlist_get(digests, lo),
4364 digest_len);
4365 }
4366 smartlist_add(tmp, cp);
4367 }
4368
4369 cp = smartlist_join_strings(tmp, sep, 0, NULL);
4370 tor_asprintf(&resource, "d/%s.z", cp);
4371
4372 SMARTLIST_FOREACH(tmp, char *, cp1, tor_free(cp1));
4373 smartlist_free(tmp);
4374 tor_free(cp);
4375
4376 if (source) {
4377 /* We know which authority we want. */
4378 directory_initiate_command_routerstatus(source, purpose,
4379 ROUTER_PURPOSE_GENERAL,
4380 DIRIND_ONEHOP,
4381 resource, NULL, 0, 0);
4382 } else {
4383 directory_get_from_dirserver(purpose, ROUTER_PURPOSE_GENERAL, resource,
4384 pds_flags);
4385 }
4386 tor_free(resource);
4387 }
4388
4389 /** Return the max number of hashes to put in a URL for a given request.
4390 */
4391 static int
4392 max_dl_per_request(const or_options_t *options, int purpose)
4393 {
4394 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4395 * 4096 - strlen(http://255.255.255.255/tor/server/d/.z) == 4058
4396 * 4058/41 (40 for the hash and 1 for the + that separates them) => 98
4397 * So use 96 because it's a nice number.
4398 */
4399 int max = 96;
4400 if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
4401 max = 92;
4402 }
4403 /* If we're going to tunnel our connections, we can ask for a lot more
4404 * in a request. */
4405 if (!directory_fetches_from_authorities(options)) {
4406 max = 500;
4407 }
4408 return max;
4409 }
4410
4411 /** Don't split our requests so finely that we are requesting fewer than
4412 * this number per server. */
4413 #define MIN_DL_PER_REQUEST 4
4414 /** To prevent a single screwy cache from confusing us by selective reply,
4415 * try to split our requests into at least this many requests. */
4416 #define MIN_REQUESTS 3
4417 /** If we want fewer than this many descriptors, wait until we
4418 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
4419 #define MAX_DL_TO_DELAY 16
4420
4421 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
4422 * router descriptor digests or microdescriptor digest256s in
4423 * <b>downloadable</b>, decide whether to delay fetching until we have more.
4424 * If we don't want to delay, launch one or more requests to the appropriate
4425 * directory authorities.
4426 */
4427 void
4428 launch_descriptor_downloads(int purpose,
4429 smartlist_t *downloadable,
4430 const routerstatus_t *source, time_t now)
4431 {
4432 const or_options_t *options = get_options();
4433 const char *descname;
4434 const int fetch_microdesc = (purpose == DIR_PURPOSE_FETCH_MICRODESC);
4435 int n_downloadable = smartlist_len(downloadable);
4436
4437 int i, n_per_request, max_dl_per_req;
4438 const char *req_plural = "", *rtr_plural = "";
4439 int pds_flags = PDS_RETRY_IF_NO_SERVERS;
4440
4441 tor_assert(fetch_microdesc || purpose == DIR_PURPOSE_FETCH_SERVERDESC);
4442 descname = fetch_microdesc ? "microdesc" : "routerdesc";
4443
4444 if (!n_downloadable)
4445 return;
4446
4447 if (!directory_fetches_dir_info_early(options)) {
4448 if (n_downloadable >= MAX_DL_TO_DELAY) {
4449 log_debug(LD_DIR,
4450 "There are enough downloadable %ss to launch requests.",
4451 descname);
4452 } else {
4453
4454 /* should delay */
4455 if ((last_descriptor_download_attempted +
4456 options->TestingClientMaxIntervalWithoutRequest) > now)
4457 return;
4458
4459 if (last_descriptor_download_attempted) {
4460 log_info(LD_DIR,
4461 "There are not many downloadable %ss, but we've "
4462 "been waiting long enough (%d seconds). Downloading.",
4463 descname,
4464 (int)(now-last_descriptor_download_attempted));
4465 } else {
4466 log_info(LD_DIR,
4467 "There are not many downloadable %ss, but we haven't "
4468 "tried downloading descriptors recently. Downloading.",
4469 descname);
4470 }
4471 }
4472 }
4473
4474 if (!authdir_mode_any_nonhidserv(options)) {
4475 /* If we wind up going to the authorities, we want to only open one
4476 * connection to each authority at a time, so that we don't overload
4477 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
4478 * regardless of whether we're a cache or not.
4479 *
4480 * Setting this flag can make initiate_descriptor_downloads() ignore
4481 * requests. We need to make sure that we do in fact call
4482 * update_router_descriptor_downloads() later on, once the connections
4483 * have succeeded or failed.
4484 */
4485 pds_flags |= fetch_microdesc ?
4486 PDS_NO_EXISTING_MICRODESC_FETCH :
4487 PDS_NO_EXISTING_SERVERDESC_FETCH;
4488 }
4489
4490 n_per_request = CEIL_DIV(n_downloadable, MIN_REQUESTS);
4491 max_dl_per_req = max_dl_per_request(options, purpose);
4492
4493 if (n_per_request > max_dl_per_req)
4494 n_per_request = max_dl_per_req;
4495
4496 if (n_per_request < MIN_DL_PER_REQUEST)
4497 n_per_request = MIN_DL_PER_REQUEST;
4498
4499 if (n_downloadable > n_per_request)
4500 req_plural = rtr_plural = "s";
4501 else if (n_downloadable > 1)
4502 rtr_plural = "s";
4503
4504 log_info(LD_DIR,
4505 "Launching %d request%s for %d %s%s, %d at a time",
4506 CEIL_DIV(n_downloadable, n_per_request), req_plural,
4507 n_downloadable, descname, rtr_plural, n_per_request);
4508 smartlist_sort_digests(downloadable);
4509 for (i=0; i < n_downloadable; i += n_per_request) {
4510 initiate_descriptor_downloads(source, purpose,
4511 downloadable, i, i+n_per_request,
4512 pds_flags);
4513 }
4514 last_descriptor_download_attempted = now;
4515 }
4516
4517 /** For any descriptor that we want that's currently listed in
4518 * <b>consensus</b>, download it as appropriate. */
4519 void
4520 update_consensus_router_descriptor_downloads(time_t now, int is_vote,
4521 networkstatus_t *consensus)
4522 {
4523 const or_options_t *options = get_options();
4524 digestmap_t *map = NULL;
4525 smartlist_t *no_longer_old = smartlist_new();
4526 smartlist_t *downloadable = smartlist_new();
4527 routerstatus_t *source = NULL;
4528 int authdir = authdir_mode(options);
4529 int n_delayed=0, n_have=0, n_would_reject=0, n_wouldnt_use=0,
4530 n_inprogress=0, n_in_oldrouters=0;
4531
4532 if (directory_too_idle_to_fetch_descriptors(options, now))
4533 goto done;
4534 if (!consensus)
4535 goto done;
4536
4537 if (is_vote) {
4538 /* where's it from, so we know whom to ask for descriptors */
4539 dir_server_t *ds;
4540 networkstatus_voter_info_t *voter = smartlist_get(consensus->voters, 0);
4541 tor_assert(voter);
4542 ds = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
4543 if (ds)
4544 source = &(ds->fake_status);
4545 else
4546 log_warn(LD_DIR, "couldn't lookup source from vote?");
4547 }
4548
4549 map = digestmap_new();
4550 list_pending_descriptor_downloads(map, 0);
4551 SMARTLIST_FOREACH_BEGIN(consensus->routerstatus_list, void *, rsp) {
4552 routerstatus_t *rs =
4553 is_vote ? &(((vote_routerstatus_t *)rsp)->status) : rsp;
4554 signed_descriptor_t *sd;
4555 if ((sd = router_get_by_descriptor_digest(rs->descriptor_digest))) {
4556 const routerinfo_t *ri;
4557 ++n_have;
4558 if (!(ri = router_get_by_id_digest(rs->identity_digest)) ||
4559 tor_memneq(ri->cache_info.signed_descriptor_digest,
4560 sd->signed_descriptor_digest, DIGEST_LEN)) {
4561 /* We have a descriptor with this digest, but either there is no
4562 * entry in routerlist with the same ID (!ri), or there is one,
4563 * but the identity digest differs (memneq).
4564 */
4565 smartlist_add(no_longer_old, sd);
4566 ++n_in_oldrouters; /* We have it in old_routers. */
4567 }
4568 continue; /* We have it already. */
4569 }
4570 if (digestmap_get(map, rs->descriptor_digest)) {
4571 ++n_inprogress;
4572 continue; /* We have an in-progress download. */
4573 }
4574 if (!download_status_is_ready(&rs->dl_status, now,
4575 options->TestingDescriptorMaxDownloadTries)) {
4576 ++n_delayed; /* Not ready for retry. */
4577 continue;
4578 }
4579 if (authdir && dirserv_would_reject_router(rs)) {
4580 ++n_would_reject;
4581 continue; /* We would throw it out immediately. */
4582 }
4583 if (!directory_caches_dir_info(options) &&
4584 !client_would_use_router(rs, now, options)) {
4585 ++n_wouldnt_use;
4586 continue; /* We would never use it ourself. */
4587 }
4588 if (is_vote && source) {
4589 char time_bufnew[ISO_TIME_LEN+1];
4590 char time_bufold[ISO_TIME_LEN+1];
4591 const routerinfo_t *oldrouter;
4592 oldrouter = router_get_by_id_digest(rs->identity_digest);
4593 format_iso_time(time_bufnew, rs->published_on);
4594 if (oldrouter)
4595 format_iso_time(time_bufold, oldrouter->cache_info.published_on);
4596 log_info(LD_DIR, "Learned about %s (%s vs %s) from %s's vote (%s)",
4597 routerstatus_describe(rs),
4598 time_bufnew,
4599 oldrouter ? time_bufold : "none",
4600 source->nickname, oldrouter ? "known" : "unknown");
4601 }
4602 smartlist_add(downloadable, rs->descriptor_digest);
4603 } SMARTLIST_FOREACH_END(rsp);
4604
4605 if (!authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL)
4606 && smartlist_len(no_longer_old)) {
4607 routerlist_t *rl = router_get_routerlist();
4608 log_info(LD_DIR, "%d router descriptors listed in consensus are "
4609 "currently in old_routers; making them current.",
4610 smartlist_len(no_longer_old));
4611 SMARTLIST_FOREACH_BEGIN(no_longer_old, signed_descriptor_t *, sd) {
4612 const char *msg;
4613 was_router_added_t r;
4614 routerinfo_t *ri = routerlist_reparse_old(rl, sd);
4615 if (!ri) {
4616 log_warn(LD_BUG, "Failed to re-parse a router.");
4617 continue;
4618 }
4619 r = router_add_to_routerlist(ri, &msg, 1, 0);
4620 if (WRA_WAS_OUTDATED(r)) {
4621 log_warn(LD_DIR, "Couldn't add re-parsed router: %s",
4622 msg?msg:"???");
4623 }
4624 } SMARTLIST_FOREACH_END(sd);
4625 routerlist_assert_ok(rl);
4626 }
4627
4628 log_info(LD_DIR,
4629 "%d router descriptors downloadable. %d delayed; %d present "
4630 "(%d of those were in old_routers); %d would_reject; "
4631 "%d wouldnt_use; %d in progress.",
4632 smartlist_len(downloadable), n_delayed, n_have, n_in_oldrouters,
4633 n_would_reject, n_wouldnt_use, n_inprogress);
4634
4635 launch_descriptor_downloads(DIR_PURPOSE_FETCH_SERVERDESC,
4636 downloadable, source, now);
4637
4638 digestmap_free(map, NULL);
4639 done:
4640 smartlist_free(downloadable);
4641 smartlist_free(no_longer_old);
4642 }
4643
4644 /** How often should we launch a server/authority request to be sure of getting
4645 * a guess for our IP? */
4646 /*XXXX024 this info should come from netinfo cells or something, or we should
4647 * do this only when we aren't seeing incoming data. see bug 652. */
4648 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
4649
4650 /** As needed, launch a dummy router descriptor fetch to see if our
4651 * address has changed. */
4652 static void
4653 launch_dummy_descriptor_download_as_needed(time_t now,
4654 const or_options_t *options)
4655 {
4656 static time_t last_dummy_download = 0;
4657 /* XXXX024 we could be smarter here; see notes on bug 652. */
4658 /* If we're a server that doesn't have a configured address, we rely on
4659 * directory fetches to learn when our address changes. So if we haven't
4660 * tried to get any routerdescs in a long time, try a dummy fetch now. */
4661 if (!options->Address &&
4662 server_mode(options) &&
4663 last_descriptor_download_attempted + DUMMY_DOWNLOAD_INTERVAL < now &&
4664 last_dummy_download + DUMMY_DOWNLOAD_INTERVAL < now) {
4665 last_dummy_download = now;
4666 directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC,
4667 ROUTER_PURPOSE_GENERAL, "authority.z",
4668 PDS_RETRY_IF_NO_SERVERS);
4669 }
4670 }
4671
4672 /** Launch downloads for router status as needed. */
4673 void
4674 update_router_descriptor_downloads(time_t now)
4675 {
4676 const or_options_t *options = get_options();
4677 if (should_delay_dir_fetches(options, NULL))
4678 return;
4679 if (!we_fetch_router_descriptors(options))
4680 return;
4681
4682 update_consensus_router_descriptor_downloads(now, 0,
4683 networkstatus_get_reasonably_live_consensus(now, FLAV_NS));
4684 }
4685
4686 /** Launch extrainfo downloads as needed. */
4687 void
4688 update_extrainfo_downloads(time_t now)
4689 {
4690 const or_options_t *options = get_options();
4691 routerlist_t *rl;
4692 smartlist_t *wanted;
4693 digestmap_t *pending;
4694 int old_routers, i, max_dl_per_req;
4695 int n_no_ei = 0, n_pending = 0, n_have = 0, n_delay = 0, n_bogus[2] = {0,0};
4696 if (! options->DownloadExtraInfo)
4697 return;
4698 if (should_delay_dir_fetches(options, NULL))
4699 return;
4700 if (!router_have_minimum_dir_info())
4701 return;
4702
4703 pending = digestmap_new();
4704 list_pending_descriptor_downloads(pending, 1);
4705 rl = router_get_routerlist();
4706 wanted = smartlist_new();
4707 for (old_routers = 0; old_routers < 2; ++old_routers) {
4708 smartlist_t *lst = old_routers ? rl->old_routers : rl->routers;
4709 for (i = 0; i < smartlist_len(lst); ++i) {
4710 signed_descriptor_t *sd;
4711 char *d;
4712 if (old_routers)
4713 sd = smartlist_get(lst, i);
4714 else
4715 sd = &((routerinfo_t*)smartlist_get(lst, i))->cache_info;
4716 if (sd->is_extrainfo)
4717 continue; /* This should never happen. */
4718 if (old_routers && !router_get_by_id_digest(sd->identity_digest))
4719 continue; /* Couldn't check the signature if we got it. */
4720 if (sd->extrainfo_is_bogus)
4721 continue;
4722 d = sd->extra_info_digest;
4723 if (tor_digest_is_zero(d)) {
4724 ++n_no_ei;
4725 continue;
4726 }
4727 if (eimap_get(rl->extra_info_map, d)) {
4728 ++n_have;
4729 continue;
4730 }
4731 if (!download_status_is_ready(&sd->ei_dl_status, now,
4732 options->TestingDescriptorMaxDownloadTries)) {
4733 ++n_delay;
4734 continue;
4735 }
4736 if (digestmap_get(pending, d)) {
4737 ++n_pending;
4738 continue;
4739 }
4740
4741 const signed_descriptor_t *sd2 = router_get_by_extrainfo_digest(d);
4742 if (sd2 != sd) {
4743 if (sd2 != NULL) {
4744 char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
4745 char d3[HEX_DIGEST_LEN+1], d4[HEX_DIGEST_LEN+1];
4746 base16_encode(d1, sizeof(d1), sd->identity_digest, DIGEST_LEN);
4747 base16_encode(d2, sizeof(d2), sd2->identity_digest, DIGEST_LEN);
4748 base16_encode(d3, sizeof(d3), d, DIGEST_LEN);
4749 base16_encode(d4, sizeof(d3), sd2->extra_info_digest, DIGEST_LEN);
4750
4751 log_info(LD_DIR, "Found an entry in %s with mismatched "
4752 "router_get_by_extrainfo_digest() value. This has ID %s "
4753 "but the entry in the map has ID %s. This has EI digest "
4754 "%s and the entry in the map has EI digest %s.",
4755 old_routers?"old_routers":"routers",
4756 d1, d2, d3, d4);
4757 } else {
4758 char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
4759 base16_encode(d1, sizeof(d1), sd->identity_digest, DIGEST_LEN);
4760 base16_encode(d2, sizeof(d2), d, DIGEST_LEN);
4761
4762 log_info(LD_DIR, "Found an entry in %s with NULL "
4763 "router_get_by_extrainfo_digest() value. This has ID %s "
4764 "and EI digest %s.",
4765 old_routers?"old_routers":"routers",
4766 d1, d2);
4767 }
4768 ++n_bogus[old_routers];
4769 continue;
4770 }
4771 smartlist_add(wanted, d);
4772 }
4773 }
4774 digestmap_free(pending, NULL);
4775
4776 log_info(LD_DIR, "Extrainfo download status: %d router with no ei, %d "
4777 "with present ei, %d delaying, %d pending, %d downloadable, %d "
4778 "bogus in routers, %d bogus in old_routers",
4779 n_no_ei, n_have, n_delay, n_pending, smartlist_len(wanted),
4780 n_bogus[0], n_bogus[1]);
4781
4782 smartlist_shuffle(wanted);
4783
4784 max_dl_per_req = max_dl_per_request(options, DIR_PURPOSE_FETCH_EXTRAINFO);
4785 for (i = 0; i < smartlist_len(wanted); i += max_dl_per_req) {
4786 initiate_descriptor_downloads(NULL, DIR_PURPOSE_FETCH_EXTRAINFO,
4787 wanted, i, i+max_dl_per_req,
4788 PDS_RETRY_IF_NO_SERVERS|PDS_NO_EXISTING_SERVERDESC_FETCH);
4789 }
4790
4791 smartlist_free(wanted);
4792 }
4793
4794 /** Reset the descriptor download failure count on all routers, so that we
4795 * can retry any long-failed routers immediately.
4796 */
4797 void
4798 router_reset_descriptor_download_failures(void)
4799 {
4800 networkstatus_reset_download_failures();
4801 last_descriptor_download_attempted = 0;
4802 if (!routerlist)
4803 return;
4804 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, ri,
4805 {
4806 download_status_reset(&ri->cache_info.ei_dl_status);
4807 });
4808 SMARTLIST_FOREACH(routerlist->old_routers, signed_descriptor_t *, sd,
4809 {
4810 download_status_reset(&sd->ei_dl_status);
4811 });
4812 }
4813
4814 /** Any changes in a router descriptor's publication time larger than this are
4815 * automatically non-cosmetic. */
4816 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
4817
4818 /** We allow uptime to vary from how much it ought to be by this much. */
4819 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
4820
4821 /** Return true iff the only differences between r1 and r2 are such that
4822 * would not cause a recent (post 0.1.1.6) dirserver to republish.
4823 */
4824 int
4825 router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2)
4826 {
4827 time_t r1pub, r2pub;
4828 long time_difference;
4829 tor_assert(r1 && r2);
4830
4831 /* r1 should be the one that was published first. */
4832 if (r1->cache_info.published_on > r2->cache_info.published_on) {
4833 const routerinfo_t *ri_tmp = r2;
4834 r2 = r1;
4835 r1 = ri_tmp;
4836 }
4837
4838 /* If any key fields differ, they're different. */
4839 if (r1->addr != r2->addr ||
4840 strcasecmp(r1->nickname, r2->nickname) ||
4841 r1->or_port != r2->or_port ||
4842 !tor_addr_eq(&r1->ipv6_addr, &r2->ipv6_addr) ||
4843 r1->ipv6_orport != r2->ipv6_orport ||
4844 r1->dir_port != r2->dir_port ||
4845 r1->purpose != r2->purpose ||
4846 !crypto_pk_eq_keys(r1->onion_pkey, r2->onion_pkey) ||
4847 !crypto_pk_eq_keys(r1->identity_pkey, r2->identity_pkey) ||
4848 strcasecmp(r1->platform, r2->platform) ||
4849 (r1->contact_info && !r2->contact_info) || /* contact_info is optional */
4850 (!r1->contact_info && r2->contact_info) ||
4851 (r1->contact_info && r2->contact_info &&
4852 strcasecmp(r1->contact_info, r2->contact_info)) ||
4853 r1->is_hibernating != r2->is_hibernating ||
4854 cmp_addr_policies(r1->exit_policy, r2->exit_policy))
4855 return 0;
4856 if ((r1->declared_family == NULL) != (r2->declared_family == NULL))
4857 return 0;
4858 if (r1->declared_family && r2->declared_family) {
4859 int i, n;
4860 if (smartlist_len(r1->declared_family)!=smartlist_len(r2->declared_family))
4861 return 0;
4862 n = smartlist_len(r1->declared_family);
4863 for (i=0; i < n; ++i) {
4864 if (strcasecmp(smartlist_get(r1->declared_family, i),
4865 smartlist_get(r2->declared_family, i)))
4866 return 0;
4867 }
4868 }
4869
4870 /* Did bandwidth change a lot? */
4871 if ((r1->bandwidthcapacity < r2->bandwidthcapacity/2) ||
4872 (r2->bandwidthcapacity < r1->bandwidthcapacity/2))
4873 return 0;
4874
4875 /* Did the bandwidthrate or bandwidthburst change? */
4876 if ((r1->bandwidthrate != r2->bandwidthrate) ||
4877 (r1->bandwidthburst != r2->bandwidthburst))
4878 return 0;
4879
4880 /* Did more than 12 hours pass? */
4881 if (r1->cache_info.published_on + ROUTER_MAX_COSMETIC_TIME_DIFFERENCE
4882 < r2->cache_info.published_on)
4883 return 0;
4884
4885 /* Did uptime fail to increase by approximately the amount we would think,
4886 * give or take some slop? */
4887 r1pub = r1->cache_info.published_on;
4888 r2pub = r2->cache_info.published_on;
4889 time_difference = labs(r2->uptime - (r1->uptime + (r2pub - r1pub)));
4890 if (time_difference > ROUTER_ALLOW_UPTIME_DRIFT &&
4891 time_difference > r1->uptime * .05 &&
4892 time_difference > r2->uptime * .05)
4893 return 0;
4894
4895 /* Otherwise, the difference is cosmetic. */
4896 return 1;
4897 }
4898
4899 /** Check whether <b>ri</b> (a.k.a. sd) is a router compatible with the
4900 * extrainfo document
4901 * <b>ei</b>. If no router is compatible with <b>ei</b>, <b>ei</b> should be
4902 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
4903 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
4904 * <b>msg</b> is present, set *<b>msg</b> to a description of the
4905 * incompatibility (if any).
4906 **/
4907 int
4908 routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
4909 extrainfo_t *ei,
4910 signed_descriptor_t *sd,
4911 const char **msg)
4912 {
4913 int digest_matches, digest256_matches, r=1;
4914 tor_assert(ri);
4915 tor_assert(ei);
4916 if (!sd)
4917 sd = (signed_descriptor_t*)&ri->cache_info;
4918
4919 if (ei->bad_sig) {
4920 if (msg) *msg = "Extrainfo signature was bad, or signed with wrong key.";
4921 return 1;
4922 }
4923
4924 digest_matches = tor_memeq(ei->cache_info.signed_descriptor_digest,
4925 sd->extra_info_digest, DIGEST_LEN);
4926 /* Set digest256_matches to 1 if the digest is correct, or if no
4927 * digest256 was in the ri. */
4928 digest256_matches = tor_memeq(ei->digest256,
4929 sd->extra_info_digest256, DIGEST256_LEN);
4930 digest256_matches |=
4931 tor_mem_is_zero(sd->extra_info_digest256, DIGEST256_LEN);
4932
4933 /* The identity must match exactly to have been generated at the same time
4934 * by the same router. */
4935 if (tor_memneq(ri->cache_info.identity_digest,
4936 ei->cache_info.identity_digest,
4937 DIGEST_LEN)) {
4938 if (msg) *msg = "Extrainfo nickname or identity did not match routerinfo";
4939 goto err; /* different servers */
4940 }
4941
4942 if (! tor_cert_opt_eq(ri->signing_key_cert, ei->signing_key_cert)) {
4943 if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
4944 goto err; /* different servers */
4945 }
4946
4947 if (ei->pending_sig) {
4948 char signed_digest[128];
4949 if (crypto_pk_public_checksig(ri->identity_pkey,
4950 signed_digest, sizeof(signed_digest),
4951 ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
4952 tor_memneq(signed_digest, ei->cache_info.signed_descriptor_digest,
4953 DIGEST_LEN)) {
4954 ei->bad_sig = 1;
4955 tor_free(ei->pending_sig);
4956 if (msg) *msg = "Extrainfo signature bad, or signed with wrong key";
4957 goto err; /* Bad signature, or no match. */
4958 }
4959
4960 ei->cache_info.send_unencrypted = ri->cache_info.send_unencrypted;
4961 tor_free(ei->pending_sig);
4962 }
4963
4964 if (ei->cache_info.published_on < sd->published_on) {
4965 if (msg) *msg = "Extrainfo published time did not match routerdesc";
4966 goto err;
4967 } else if (ei->cache_info.published_on > sd->published_on) {
4968 if (msg) *msg = "Extrainfo published time did not match routerdesc";
4969 r = -1;
4970 goto err;
4971 }
4972
4973 if (!digest256_matches && !digest_matches) {
4974 if (msg) *msg = "Neither digest256 or digest matched "
4975 "digest from routerdesc";
4976 goto err;
4977 }
4978
4979 if (!digest256_matches) {
4980 if (msg) *msg = "Extrainfo digest did not match digest256 from routerdesc";
4981 goto err; /* Digest doesn't match declared value. */
4982 }
4983
4984 if (!digest_matches) {
4985 if (msg) *msg = "Extrainfo digest did not match value from routerdesc";
4986 goto err; /* Digest doesn't match declared value. */
4987 }
4988
4989 return 0;
4990 err:
4991 if (digest_matches) {
4992 /* This signature was okay, and the digest was right: This is indeed the
4993 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
4994 * that lists it. Don't try to fetch this one again. */
4995 sd->extrainfo_is_bogus = 1;
4996 }
4997
4998 return r;
4999 }
5000
5001 /** Assert that the internal representation of <b>rl</b> is
5002 * self-consistent. */
5003 void
5004 routerlist_assert_ok(const routerlist_t *rl)
5005 {
5006 routerinfo_t *r2;
5007 signed_descriptor_t *sd2;
5008 if (!rl)
5009 return;
5010 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, r) {
5011 r2 = rimap_get(rl->identity_map, r->cache_info.identity_digest);
5012 tor_assert(r == r2);
5013 sd2 = sdmap_get(rl->desc_digest_map,
5014 r->cache_info.signed_descriptor_digest);
5015 tor_assert(&(r->cache_info) == sd2);
5016 tor_assert(r->cache_info.routerlist_index == r_sl_idx);
5017 /* XXXX
5018 *
5019 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5020 * commenting this out is just a band-aid.
5021 *
5022 * The problem is that, although well-behaved router descriptors
5023 * should never have the same value for their extra_info_digest, it's
5024 * possible for ill-behaved routers to claim whatever they like there.
5025 *
5026 * The real answer is to trash desc_by_eid_map and instead have
5027 * something that indicates for a given extra-info digest we want,
5028 * what its download status is. We'll do that as a part of routerlist
5029 * refactoring once consensus directories are in. For now,
5030 * this rep violation is probably harmless: an adversary can make us
5031 * reset our retry count for an extrainfo, but that's not the end
5032 * of the world. Changing the representation in 0.2.0.x would just
5033 * destabilize the codebase.
5034 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5035 signed_descriptor_t *sd3 =
5036 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5037 tor_assert(sd3 == &(r->cache_info));
5038 }
5039 */
5040 } SMARTLIST_FOREACH_END(r);
5041 SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) {
5042 r2 = rimap_get(rl->identity_map, sd->identity_digest);
5043 tor_assert(!r2 || sd != &(r2->cache_info));
5044 sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest);
5045 tor_assert(sd == sd2);
5046 tor_assert(sd->routerlist_index == sd_sl_idx);
5047 /* XXXX see above.
5048 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5049 signed_descriptor_t *sd3 =
5050 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5051 tor_assert(sd3 == sd);
5052 }
5053 */
5054 } SMARTLIST_FOREACH_END(sd);
5055
5056 RIMAP_FOREACH(rl->identity_map, d, r) {
5057 tor_assert(tor_memeq(r->cache_info.identity_digest, d, DIGEST_LEN));
5058 } DIGESTMAP_FOREACH_END;
5059 SDMAP_FOREACH(rl->desc_digest_map, d, sd) {
5060 tor_assert(tor_memeq(sd->signed_descriptor_digest, d, DIGEST_LEN));
5061 } DIGESTMAP_FOREACH_END;
5062 SDMAP_FOREACH(rl->desc_by_eid_map, d, sd) {
5063 tor_assert(!tor_digest_is_zero(d));
5064 tor_assert(sd);
5065 tor_assert(tor_memeq(sd->extra_info_digest, d, DIGEST_LEN));
5066 } DIGESTMAP_FOREACH_END;
5067 EIMAP_FOREACH(rl->extra_info_map, d, ei) {
5068 signed_descriptor_t *sd;
5069 tor_assert(tor_memeq(ei->cache_info.signed_descriptor_digest,
5070 d, DIGEST_LEN));
5071 sd = sdmap_get(rl->desc_by_eid_map,
5072 ei->cache_info.signed_descriptor_digest);
5073 // tor_assert(sd); // XXXX see above
5074 if (sd) {
5075 tor_assert(tor_memeq(ei->cache_info.signed_descriptor_digest,
5076 sd->extra_info_digest, DIGEST_LEN));
5077 }
5078 } DIGESTMAP_FOREACH_END;
5079 }
5080
5081 /** Allocate and return a new string representing the contact info
5082 * and platform string for <b>router</b>,
5083 * surrounded by quotes and using standard C escapes.
5084 *
5085 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5086 * thread. Also, each call invalidates the last-returned value, so don't
5087 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5088 *
5089 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5090 */
5091 const char *
5092 esc_router_info(const routerinfo_t *router)
5093 {
5094 static char *info=NULL;
5095 char *esc_contact, *esc_platform;
5096 tor_free(info);
5097
5098 if (!router)
5099 return NULL; /* we're exiting; just free the memory we use */
5100
5101 esc_contact = esc_for_log(router->contact_info);
5102 esc_platform = esc_for_log(router->platform);
5103
5104 tor_asprintf(&info, "Contact %s, Platform %s", esc_contact, esc_platform);
5105 tor_free(esc_contact);
5106 tor_free(esc_platform);
5107
5108 return info;
5109 }
5110
5111 /** Helper for sorting: compare two routerinfos by their identity
5112 * digest. */
5113 static int
5114 compare_routerinfo_by_id_digest_(const void **a, const void **b)
5115 {
5116 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
5117 return fast_memcmp(first->cache_info.identity_digest,
5118 second->cache_info.identity_digest,
5119 DIGEST_LEN);
5120 }
5121
5122 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5123 void
5124 routers_sort_by_identity(smartlist_t *routers)
5125 {
5126 smartlist_sort(routers, compare_routerinfo_by_id_digest_);
5127 }
5128
5129 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5130 * recompute all country info in all configuration node sets and in the
5131 * routerlist. */
5132 void
5133 refresh_all_country_info(void)
5134 {
5135 const or_options_t *options = get_options();
5136
5137 if (options->EntryNodes)
5138 routerset_refresh_countries(options->EntryNodes);
5139 if (options->ExitNodes)
5140 routerset_refresh_countries(options->ExitNodes);
5141 if (options->ExcludeNodes)
5142 routerset_refresh_countries(options->ExcludeNodes);
5143 if (options->ExcludeExitNodes)
5144 routerset_refresh_countries(options->ExcludeExitNodes);
5145 if (options->ExcludeExitNodesUnion_)
5146 routerset_refresh_countries(options->ExcludeExitNodesUnion_);
5147
5148 nodelist_refresh_countries();
5149 }
5150
5151 /** Determine the routers that are responsible for <b>id</b> (binary) and
5152 * add pointers to those routers' routerstatus_t to <b>responsible_dirs</b>.
5153 * Return -1 if we're returning an empty smartlist, else return 0.
5154 */
5155 int
5156 hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
5157 const char *id)
5158 {
5159 int start, found, n_added = 0, i;
5160 networkstatus_t *c = networkstatus_get_latest_consensus();
5161 if (!c || !smartlist_len(c->routerstatus_list)) {
5162 log_warn(LD_REND, "We don't have a consensus, so we can't perform v2 "
5163 "rendezvous operations.");
5164 return -1;
5165 }
5166 tor_assert(id);
5167 start = networkstatus_vote_find_entry_idx(c, id, &found);
5168 if (start == smartlist_len(c->routerstatus_list)) start = 0;
5169 i = start;
5170 do {
5171 routerstatus_t *r = smartlist_get(c->routerstatus_list, i);
5172 if (r->is_hs_dir) {
5173 smartlist_add(responsible_dirs, r);
5174 if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
5175 return 0;
5176 }
5177 if (++i == smartlist_len(c->routerstatus_list))
5178 i = 0;
5179 } while (i != start);
5180
5181 /* Even though we don't have the desired number of hidden service
5182 * directories, be happy if we got any. */
5183 return smartlist_len(responsible_dirs) ? 0 : -1;
5184 }
5185
5186 /** Return true if this node is currently acting as hidden service
5187 * directory, false otherwise. */
5188 int
5189 hid_serv_acting_as_directory(void)
5190 {
5191 const routerinfo_t *me = router_get_my_routerinfo();
5192 if (!me)
5193 return 0;
5194 return 1;
5195 }
5196
5197 /** Return true if this node is responsible for storing the descriptor ID
5198 * in <b>query</b> and false otherwise. */
5199 int
5200 hid_serv_responsible_for_desc_id(const char *query)
5201 {
5202 const routerinfo_t *me;
5203 routerstatus_t *last_rs;
5204 const char *my_id, *last_id;
5205 int result;
5206 smartlist_t *responsible;
5207 if (!hid_serv_acting_as_directory())
5208 return 0;
5209 if (!(me = router_get_my_routerinfo()))
5210 return 0; /* This is redundant, but let's be paranoid. */
5211 my_id = me->cache_info.identity_digest;
5212 responsible = smartlist_new();
5213 if (hid_serv_get_responsible_directories(responsible, query) < 0) {
5214 smartlist_free(responsible);
5215 return 0;
5216 }
5217 last_rs = smartlist_get(responsible, smartlist_len(responsible)-1);
5218 last_id = last_rs->identity_digest;
5219 result = rend_id_is_in_interval(my_id, query, last_id);
5220 smartlist_free(responsible);
5221 return result;
5222 }
5223
The Onion Router