search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'public/bug23985_029' into maint-0.2.9
[tor.git] / src / or / dirserv.c
blobda34c196f4ed202e4da53e06938d4e1c71310a60
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define DIRSERV_PRIVATE
7 #include "or.h"
8 #include "buffers.h"
9 #include "config.h"
10 #include "confparse.h"
11 #include "channel.h"
12 #include "channeltls.h"
13 #include "command.h"
14 #include "connection.h"
15 #include "connection_or.h"
16 #include "control.h"
17 #include "directory.h"
18 #include "dirserv.h"
19 #include "dirvote.h"
20 #include "hibernate.h"
21 #include "keypin.h"
22 #include "main.h"
23 #include "microdesc.h"
24 #include "networkstatus.h"
25 #include "nodelist.h"
26 #include "policies.h"
27 #include "protover.h"
28 #include "rephist.h"
29 #include "router.h"
30 #include "routerlist.h"
31 #include "routerparse.h"
32 #include "routerset.h"
33 #include "torcert.h"
34
35 /**
36 * \file dirserv.c
37 * \brief Directory server core implementation. Manages directory
38 * contents and generates directories.
39 *
40 * This module implements most of directory cache functionality, and some of
41 * the directory authority functionality. The directory.c module delegates
42 * here in order to handle incoming requests from clients, via
43 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
44 * module is reponsible for spooling directory objects (in whole or in part)
45 * onto buf_t instances, and then closing the dir_connection_t once the
46 * objects are totally flushed.
47 *
48 * The directory.c module also delegates here for handling descriptor uploads
49 * via dirserv_add_multiple_descriptors().
50 *
51 * Additionally, this module handles some aspects of voting, including:
52 * deciding how to vote on individual flags (based on decisions reached in
53 * rephist.c), of formatting routerstatus lines, and deciding what relays to
54 * include in an authority's vote. (TODO: Those functions could profitably be
55 * split off. They only live in this file because historically they were
56 * shared among the v1, v2, and v3 directory code.)
57 */
58
59 /** How far in the future do we allow a router to get? (seconds) */
60 #define ROUTER_ALLOW_SKEW (60*60*12)
61 /** How many seconds do we wait before regenerating the directory? */
62 #define DIR_REGEN_SLACK_TIME 30
63 /** If we're a cache, keep this many networkstatuses around from non-trusted
64 * directory authorities. */
65 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
66
67 /** Total number of routers with measured bandwidth; this is set by
68 * dirserv_count_measured_bws() before the loop in
69 * dirserv_generate_networkstatus_vote_obj() and checked by
70 * dirserv_get_credible_bandwidth() and
71 * dirserv_compute_performance_thresholds() */
72 static int routers_with_measured_bw = 0;
73
74 static void directory_remove_invalid(void);
75 static char *format_versions_list(config_line_t *ln);
76 struct authdir_config_t;
77 static uint32_t
78 dirserv_get_status_impl(const char *fp, const char *nickname,
79 uint32_t addr, uint16_t or_port,
80 const char *platform, const char **msg,
81 int severity);
82 static void clear_cached_dir(cached_dir_t *d);
83 static const signed_descriptor_t *get_signed_descriptor_by_fp(
84 const char *fp,
85 int extrainfo,
86 time_t publish_cutoff);
87 static was_router_added_t dirserv_add_extrainfo(extrainfo_t *ei,
88 const char **msg);
89 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri);
90 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri);
91
92 /************** Fingerprint handling code ************/
93
94 /* 1 Historically used to indicate Named */
95 #define FP_INVALID 2 /**< Believed invalid. */
96 #define FP_REJECT 4 /**< We will not publish this router. */
97 /* 8 Historically used to avoid using this as a dir. */
98 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
99 /* 32 Historically used to indicade Unnamed */
100
101 /** Target of status_by_digest map. */
102 typedef uint32_t router_status_t;
103
104 static void add_fingerprint_to_dir(const char *fp,
105 struct authdir_config_t *list,
106 router_status_t add_status);
107
108 /** List of nickname-\>identity fingerprint mappings for all the routers
109 * that we name. Used to prevent router impersonation. */
110 typedef struct authdir_config_t {
111 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
112 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
113 } authdir_config_t;
114
115 /** Should be static; exposed for testing. */
116 static authdir_config_t *fingerprint_list = NULL;
117
118 /** Allocate and return a new, empty, authdir_config_t. */
119 static authdir_config_t *
120 authdir_config_new(void)
121 {
122 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
123 list->fp_by_name = strmap_new();
124 list->status_by_digest = digestmap_new();
125 return list;
126 }
127
128 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
129 * <b>list</b>, or-ing the currently set status flags with
130 * <b>add_status</b>.
131 */
132 /* static */ void
133 add_fingerprint_to_dir(const char *fp, authdir_config_t *list,
134 router_status_t add_status)
135 {
136 char *fingerprint;
137 char d[DIGEST_LEN];
138 router_status_t *status;
139 tor_assert(fp);
140 tor_assert(list);
141
142 fingerprint = tor_strdup(fp);
143 tor_strstrip(fingerprint, " ");
144 if (base16_decode(d, DIGEST_LEN,
145 fingerprint, strlen(fingerprint)) != DIGEST_LEN) {
146 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
147 escaped(fp));
148 tor_free(fingerprint);
149 return;
150 }
151
152 status = digestmap_get(list->status_by_digest, d);
153 if (!status) {
154 status = tor_malloc_zero(sizeof(router_status_t));
155 digestmap_set(list->status_by_digest, d, status);
156 }
157
158 tor_free(fingerprint);
159 *status |= add_status;
160 return;
161 }
162
163 /** Add the fingerprint for this OR to the global list of recognized
164 * identity key fingerprints. */
165 int
166 dirserv_add_own_fingerprint(crypto_pk_t *pk)
167 {
168 char fp[FINGERPRINT_LEN+1];
169 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
170 log_err(LD_BUG, "Error computing fingerprint");
171 return -1;
172 }
173 if (!fingerprint_list)
174 fingerprint_list = authdir_config_new();
175 add_fingerprint_to_dir(fp, fingerprint_list, 0);
176 return 0;
177 }
178
179 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
180 * file. The file format is line-based, with each non-blank holding one
181 * nickname, some space, and a fingerprint for that nickname. On success,
182 * replace the current fingerprint list with the new list and return 0. On
183 * failure, leave the current fingerprint list untouched, and return -1. */
184 int
185 dirserv_load_fingerprint_file(void)
186 {
187 char *fname;
188 char *cf;
189 char *nickname, *fingerprint;
190 authdir_config_t *fingerprint_list_new;
191 int result;
192 config_line_t *front=NULL, *list;
193
194 fname = get_datadir_fname("approved-routers");
195 log_info(LD_GENERAL,
196 "Reloading approved fingerprints from \"%s\"...", fname);
197
198 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
199 if (!cf) {
200 log_warn(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
201 tor_free(fname);
202 return 0;
203 }
204 tor_free(fname);
205
206 result = config_get_lines(cf, &front, 0);
207 tor_free(cf);
208 if (result < 0) {
209 log_warn(LD_CONFIG, "Error reading from fingerprint file");
210 return -1;
211 }
212
213 fingerprint_list_new = authdir_config_new();
214
215 for (list=front; list; list=list->next) {
216 char digest_tmp[DIGEST_LEN];
217 router_status_t add_status = 0;
218 nickname = list->key; fingerprint = list->value;
219 tor_strstrip(fingerprint, " "); /* remove spaces */
220 if (strlen(fingerprint) != HEX_DIGEST_LEN ||
221 base16_decode(digest_tmp, sizeof(digest_tmp),
222 fingerprint, HEX_DIGEST_LEN) != sizeof(digest_tmp)) {
223 log_notice(LD_CONFIG,
224 "Invalid fingerprint (nickname '%s', "
225 "fingerprint %s). Skipping.",
226 nickname, fingerprint);
227 continue;
228 }
229 if (!strcasecmp(nickname, "!reject")) {
230 add_status = FP_REJECT;
231 } else if (!strcasecmp(nickname, "!badexit")) {
232 add_status = FP_BADEXIT;
233 } else if (!strcasecmp(nickname, "!invalid")) {
234 add_status = FP_INVALID;
235 }
236 add_fingerprint_to_dir(fingerprint, fingerprint_list_new, add_status);
237 }
238
239 config_free_lines(front);
240 dirserv_free_fingerprint_list();
241 fingerprint_list = fingerprint_list_new;
242 /* Delete any routers whose fingerprints we no longer recognize */
243 directory_remove_invalid();
244 return 0;
245 }
246
247 /* If this is set, then we don't allow routers that have advertised an Ed25519
248 * identity to stop doing so. This is going to be essential for good identity
249 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
250 * just sign fake descriptors missing the Ed25519 key. But we won't actually
251 * be able to prevent that kind of thing until we're confident that there
252 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
253 * to leave this #undef.
254 */
255 #undef DISABLE_DISABLING_ED25519
256
257 /** Check whether <b>router</b> has a nickname/identity key combination that
258 * we recognize from the fingerprint list, or an IP we automatically act on
259 * according to our configuration. Return the appropriate router status.
260 *
261 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
262 * *<b>msg</b> to an explanation of why. */
263 uint32_t
264 dirserv_router_get_status(const routerinfo_t *router, const char **msg,
265 int severity)
266 {
267 char d[DIGEST_LEN];
268 const int key_pinning = get_options()->AuthDirPinKeys;
269
270 if (crypto_pk_get_digest(router->identity_pkey, d)) {
271 log_warn(LD_BUG,"Error computing fingerprint");
272 if (msg)
273 *msg = "Bug: Error computing fingerprint";
274 return FP_REJECT;
275 }
276
277 /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
278 * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
279 * But just in case a relay doesn't provide or lies about its version, or
280 * doesn't include an ntor key in its descriptor, check that it exists,
281 * and is non-zero (clients check that it's non-zero before using it). */
282 if (!routerinfo_has_curve25519_onion_key(router)) {
283 log_fn(severity, LD_DIR,
284 "Descriptor from router %s is missing an ntor curve25519 onion "
285 "key.", router_describe(router));
286 if (msg)
287 *msg = "Missing ntor curve25519 onion key. Please upgrade!";
288 return FP_REJECT;
289 }
290
291 if (router->cache_info.signing_key_cert) {
292 /* This has an ed25519 identity key. */
293 if (KEYPIN_MISMATCH ==
294 keypin_check((const uint8_t*)router->cache_info.identity_digest,
295 router->cache_info.signing_key_cert->signing_key.pubkey)) {
296 log_fn(severity, LD_DIR,
297 "Descriptor from router %s has an Ed25519 key, "
298 "but the <rsa,ed25519> keys don't match what they were before.",
299 router_describe(router));
300 if (key_pinning) {
301 if (msg) {
302 *msg = "Ed25519 identity key or RSA identity key has changed.";
303 }
304 return FP_REJECT;
305 }
306 }
307 } else {
308 /* No ed25519 key */
309 if (KEYPIN_MISMATCH == keypin_check_lone_rsa(
310 (const uint8_t*)router->cache_info.identity_digest)) {
311 log_fn(severity, LD_DIR,
312 "Descriptor from router %s has no Ed25519 key, "
313 "when we previously knew an Ed25519 for it. Ignoring for now, "
314 "since Ed25519 keys are fairly new.",
315 router_describe(router));
316 #ifdef DISABLE_DISABLING_ED25519
317 if (key_pinning) {
318 if (msg) {
319 *msg = "Ed25519 identity key has disappeared.";
320 }
321 return FP_REJECT;
322 }
323 #endif
324 }
325 }
326
327 return dirserv_get_status_impl(d, router->nickname,
328 router->addr, router->or_port,
329 router->platform, msg, severity);
330 }
331
332 /** Return true if there is no point in downloading the router described by
333 * <b>rs</b> because this directory would reject it. */
334 int
335 dirserv_would_reject_router(const routerstatus_t *rs)
336 {
337 uint32_t res;
338
339 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
340 rs->addr, rs->or_port,
341 NULL, NULL, LOG_DEBUG);
342
343 return (res & FP_REJECT) != 0;
344 }
345
346 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
347 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
348 * port and platform (logging only) as arguments.
349 *
350 * Log messages at 'severity'. (There's not much point in
351 * logging that we're rejecting servers we'll not download.)
352 */
353 static uint32_t
354 dirserv_get_status_impl(const char *id_digest, const char *nickname,
355 uint32_t addr, uint16_t or_port,
356 const char *platform, const char **msg, int severity)
357 {
358 uint32_t result = 0;
359 router_status_t *status_by_digest;
360
361 if (!fingerprint_list)
362 fingerprint_list = authdir_config_new();
363
364 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
365 strmap_size(fingerprint_list->fp_by_name),
366 digestmap_size(fingerprint_list->status_by_digest));
367
368 if (platform) {
369 tor_version_t ver_tmp;
370 if (tor_version_parse_platform(platform, &ver_tmp, 1) < 0) {
371 if (msg) {
372 *msg = "Malformed platform string.";
373 }
374 return FP_REJECT;
375 }
376 }
377
378 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
379 * missing some important security fixes too. Disable them. */
380 if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) {
381 if (msg)
382 *msg = "Tor version is insecure or unsupported. Please upgrade!";
383 return FP_REJECT;
384 }
385
386 /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't
387 * keep their consensus up to date so they make bad guards.
388 * The simple fix is to just drop them from the network. */
389 if (platform &&
390 tor_version_as_new_as(platform,"0.2.9.0-alpha") &&
391 !tor_version_as_new_as(platform,"0.2.9.5-alpha")) {
392 if (msg)
393 *msg = "Tor version contains bug 20499. Please upgrade!";
394 return FP_REJECT;
395 }
396
397 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
398 id_digest);
399 if (status_by_digest)
400 result |= *status_by_digest;
401
402 if (result & FP_REJECT) {
403 if (msg)
404 *msg = "Fingerprint is marked rejected -- please contact us?";
405 return FP_REJECT;
406 } else if (result & FP_INVALID) {
407 if (msg)
408 *msg = "Fingerprint is marked invalid";
409 }
410
411 if (authdir_policy_badexit_address(addr, or_port)) {
412 log_fn(severity, LD_DIRSERV,
413 "Marking '%s' as bad exit because of address '%s'",
414 nickname, fmt_addr32(addr));
415 result |= FP_BADEXIT;
416 }
417
418 if (!authdir_policy_permits_address(addr, or_port)) {
419 log_fn(severity, LD_DIRSERV, "Rejecting '%s' because of address '%s'",
420 nickname, fmt_addr32(addr));
421 if (msg)
422 *msg = "Suspicious relay address range -- please contact us?";
423 return FP_REJECT;
424 }
425 if (!authdir_policy_valid_address(addr, or_port)) {
426 log_fn(severity, LD_DIRSERV,
427 "Not marking '%s' valid because of address '%s'",
428 nickname, fmt_addr32(addr));
429 result |= FP_INVALID;
430 }
431
432 return result;
433 }
434
435 /** Clear the current fingerprint list. */
436 void
437 dirserv_free_fingerprint_list(void)
438 {
439 if (!fingerprint_list)
440 return;
441
442 strmap_free(fingerprint_list->fp_by_name, tor_free_);
443 digestmap_free(fingerprint_list->status_by_digest, tor_free_);
444 tor_free(fingerprint_list);
445 }
446
447 /*
448 * Descriptor list
449 */
450
451 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
452 * unless we're configured to not care. Return 0 if all ok. */
453 static int
454 dirserv_router_has_valid_address(routerinfo_t *ri)
455 {
456 tor_addr_t addr;
457 if (get_options()->DirAllowPrivateAddresses)
458 return 0; /* whatever it is, we're fine with it */
459 tor_addr_from_ipv4h(&addr, ri->addr);
460
461 if (tor_addr_is_internal(&addr, 0)) {
462 log_info(LD_DIRSERV,
463 "Router %s published internal IP address. Refusing.",
464 router_describe(ri));
465 return -1; /* it's a private IP, we should reject it */
466 }
467 return 0;
468 }
469
470 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
471 * set its is_valid,running fields and return 0. Otherwise, return -1.
472 *
473 * If the router is rejected, set *<b>msg</b> to an explanation of why.
474 *
475 * If <b>complain</b> then explain at log-level 'notice' why we refused
476 * a descriptor; else explain at log-level 'info'.
477 */
478 int
479 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
480 int complain, int *valid_out)
481 {
482 /* Okay. Now check whether the fingerprint is recognized. */
483 time_t now;
484 int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
485 uint32_t status = dirserv_router_get_status(ri, msg, severity);
486 tor_assert(msg);
487 if (status & FP_REJECT)
488 return -1; /* msg is already set. */
489
490 /* Is there too much clock skew? */
491 now = time(NULL);
492 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
493 log_fn(severity, LD_DIRSERV, "Publication time for %s is too "
494 "far (%d minutes) in the future; possible clock skew. Not adding "
495 "(%s)",
496 router_describe(ri),
497 (int)((ri->cache_info.published_on-now)/60),
498 esc_router_info(ri));
499 *msg = "Rejected: Your clock is set too far in the future, or your "
500 "timezone is not correct.";
501 return -1;
502 }
503 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
504 log_fn(severity, LD_DIRSERV,
505 "Publication time for %s is too far "
506 "(%d minutes) in the past. Not adding (%s)",
507 router_describe(ri),
508 (int)((now-ri->cache_info.published_on)/60),
509 esc_router_info(ri));
510 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
511 " or your timezone is not correct.";
512 return -1;
513 }
514 if (dirserv_router_has_valid_address(ri) < 0) {
515 log_fn(severity, LD_DIRSERV,
516 "Router %s has invalid address. Not adding (%s).",
517 router_describe(ri),
518 esc_router_info(ri));
519 *msg = "Rejected: Address is a private address.";
520 return -1;
521 }
522
523 *valid_out = ! (status & FP_INVALID);
524
525 return 0;
526 }
527
528 /** Update the relevant flags of <b>node</b> based on our opinion as a
529 * directory authority in <b>authstatus</b>, as returned by
530 * dirserv_router_get_status or equivalent. */
531 void
532 dirserv_set_node_flags_from_authoritative_status(node_t *node,
533 uint32_t authstatus)
534 {
535 node->is_valid = (authstatus & FP_INVALID) ? 0 : 1;
536 node->is_bad_exit = (authstatus & FP_BADEXIT) ? 1 : 0;
537 }
538
539 /** True iff <b>a</b> is more severe than <b>b</b>. */
540 static int
541 WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
542 {
543 return a < b;
544 }
545
546 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
547 * returns the most severe error that occurred for any one of them. */
548 was_router_added_t
549 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
550 const char *source,
551 const char **msg)
552 {
553 was_router_added_t r, r_tmp;
554 const char *msg_out;
555 smartlist_t *list;
556 const char *s;
557 int n_parsed = 0;
558 time_t now = time(NULL);
559 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
560 char time_buf[ISO_TIME_LEN+1];
561 int general = purpose == ROUTER_PURPOSE_GENERAL;
562 tor_assert(msg);
563
564 r=ROUTER_ADDED_SUCCESSFULLY; /*Least severe return value. */
565
566 format_iso_time(time_buf, now);
567 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
568 "@uploaded-at %s\n"
569 "@source %s\n"
570 "%s%s%s", time_buf, escaped(source),
571 !general ? "@purpose " : "",
572 !general ? router_purpose_to_string(purpose) : "",
573 !general ? "\n" : "")<0) {
574 *msg = "Couldn't format annotations";
575 return -1;
576 }
577
578 s = desc;
579 list = smartlist_new();
580 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
581 annotation_buf, NULL)) {
582 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
583 msg_out = NULL;
584 tor_assert(ri->purpose == purpose);
585 r_tmp = dirserv_add_descriptor(ri, &msg_out, source);
586 if (WRA_MORE_SEVERE(r_tmp, r)) {
587 r = r_tmp;
588 *msg = msg_out;
589 }
590 });
591 }
592 n_parsed += smartlist_len(list);
593 smartlist_clear(list);
594
595 s = desc;
596 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
597 NULL, NULL)) {
598 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
599 msg_out = NULL;
600
601 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
602 if (WRA_MORE_SEVERE(r_tmp, r)) {
603 r = r_tmp;
604 *msg = msg_out;
605 }
606 });
607 }
608 n_parsed += smartlist_len(list);
609 smartlist_free(list);
610
611 if (! *msg) {
612 if (!n_parsed) {
613 *msg = "No descriptors found in your POST.";
614 if (WRA_WAS_ADDED(r))
615 r = ROUTER_IS_ALREADY_KNOWN;
616 } else {
617 *msg = "(no message)";
618 }
619 }
620
621 return r;
622 }
623
624 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
625 * the list of server descriptors. Set *<b>msg</b> to a message that should be
626 * passed back to the origin of this descriptor, or NULL if there is no such
627 * message. Use <b>source</b> to produce better log messages.
628 *
629 * If <b>ri</b> is not added to the list of server descriptors, free it.
630 * That means the caller must not access <b>ri</b> after this function
631 * returns, since it might have been freed.
632 *
633 * Return the status of the operation.
634 *
635 * This function is only called when fresh descriptors are posted, not when
636 * we re-load the cache.
637 */
638 was_router_added_t
639 dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
640 {
641 was_router_added_t r;
642 routerinfo_t *ri_old;
643 char *desc, *nickname;
644 const size_t desclen = ri->cache_info.signed_descriptor_len +
645 ri->cache_info.annotations_len;
646 const int key_pinning = get_options()->AuthDirPinKeys;
647 *msg = NULL;
648
649 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
650 * network and it'll clog everything up. */
651 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
652 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor '%s'"
653 " (source: %s) with size %d. Either this is an attack, or the "
654 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
655 ri->nickname, source, (int)ri->cache_info.signed_descriptor_len,
656 MAX_DESCRIPTOR_UPLOAD_SIZE);
657 *msg = "Router descriptor was too large.";
658 control_event_or_authdir_new_descriptor("REJECTED",
659 ri->cache_info.signed_descriptor_body,
660 desclen, *msg);
661 r = ROUTER_AUTHDIR_REJECTS;
662 goto fail;
663 }
664
665 /* Check whether this descriptor is semantically identical to the last one
666 * from this server. (We do this here and not in router_add_to_routerlist
667 * because we want to be able to accept the newest router descriptor that
668 * another authority has, so we all converge on the same one.) */
669 ri_old = router_get_mutable_by_digest(ri->cache_info.identity_digest);
670 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
671 && router_differences_are_cosmetic(ri_old, ri)
672 && !router_is_me(ri)) {
673 log_info(LD_DIRSERV,
674 "Not replacing descriptor from %s (source: %s); "
675 "differences are cosmetic.",
676 router_describe(ri), source);
677 *msg = "Not replacing router descriptor; no information has changed since "
678 "the last one with this identity.";
679 control_event_or_authdir_new_descriptor("DROPPED",
680 ri->cache_info.signed_descriptor_body,
681 desclen, *msg);
682 r = ROUTER_IS_ALREADY_KNOWN;
683 goto fail;
684 }
685
686 /* Do keypinning again ... this time, to add the pin if appropriate */
687 int keypin_status;
688 if (ri->cache_info.signing_key_cert) {
689 keypin_status = keypin_check_and_add(
690 (const uint8_t*)ri->cache_info.identity_digest,
691 ri->cache_info.signing_key_cert->signing_key.pubkey,
692 ! key_pinning);
693 } else {
694 keypin_status = keypin_check_lone_rsa(
695 (const uint8_t*)ri->cache_info.identity_digest);
696 #ifndef DISABLE_DISABLING_ED25519
697 if (keypin_status == KEYPIN_MISMATCH)
698 keypin_status = KEYPIN_NOT_FOUND;
699 #endif
700 }
701 if (keypin_status == KEYPIN_MISMATCH && key_pinning) {
702 log_info(LD_DIRSERV, "Dropping descriptor from %s (source: %s) because "
703 "its key did not match an older RSA/Ed25519 keypair",
704 router_describe(ri), source);
705 *msg = "Looks like your keypair does not match its older value.";
706 r = ROUTER_AUTHDIR_REJECTS;
707 goto fail;
708 }
709
710 /* Make a copy of desc, since router_add_to_routerlist might free
711 * ri and its associated signed_descriptor_t. */
712 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
713 nickname = tor_strdup(ri->nickname);
714
715 /* Tell if we're about to need to launch a test if we add this. */
716 ri->needs_retest_if_added =
717 dirserv_should_launch_reachability_test(ri, ri_old);
718
719 r = router_add_to_routerlist(ri, msg, 0, 0);
720 if (!WRA_WAS_ADDED(r)) {
721 /* unless the routerinfo was fine, just out-of-date */
722 if (WRA_WAS_REJECTED(r))
723 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
724 log_info(LD_DIRSERV,
725 "Did not add descriptor from '%s' (source: %s): %s.",
726 nickname, source, *msg ? *msg : "(no message)");
727 } else {
728 smartlist_t *changed;
729 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
730
731 changed = smartlist_new();
732 smartlist_add(changed, ri);
733 routerlist_descriptors_added(changed, 0);
734 smartlist_free(changed);
735 if (!*msg) {
736 *msg = "Descriptor accepted";
737 }
738 log_info(LD_DIRSERV,
739 "Added descriptor from '%s' (source: %s): %s.",
740 nickname, source, *msg);
741 }
742 tor_free(desc);
743 tor_free(nickname);
744 return r;
745 fail:
746 {
747 const char *desc_digest = ri->cache_info.signed_descriptor_digest;
748 download_status_t *dls =
749 router_get_dl_status_by_descriptor_digest(desc_digest);
750 if (dls) {
751 log_info(LD_GENERAL, "Marking router with descriptor %s as rejected, "
752 "and therefore undownloadable",
753 hex_str(desc_digest, DIGEST_LEN));
754 download_status_mark_impossible(dls);
755 }
756 routerinfo_free(ri);
757 }
758 return r;
759 }
760
761 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
762 static was_router_added_t
763 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
764 {
765 routerinfo_t *ri;
766 int r;
767 was_router_added_t rv;
768 tor_assert(msg);
769 *msg = NULL;
770
771 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
772 * can mess with some of the flags in ri->cache_info. */
773 ri = router_get_mutable_by_digest(ei->cache_info.identity_digest);
774 if (!ri) {
775 *msg = "No corresponding router descriptor for extra-info descriptor";
776 rv = ROUTER_BAD_EI;
777 goto fail;
778 }
779
780 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
781 * network and it'll clog everything up. */
782 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
783 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
784 "with size %d. Either this is an attack, or the "
785 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
786 (int)ei->cache_info.signed_descriptor_len,
787 MAX_EXTRAINFO_UPLOAD_SIZE);
788 *msg = "Extrainfo document was too large";
789 rv = ROUTER_BAD_EI;
790 goto fail;
791 }
792
793 if ((r = routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei,
794 &ri->cache_info, msg))) {
795 if (r<0) {
796 extrainfo_free(ei);
797 return ROUTER_IS_ALREADY_KNOWN;
798 }
799 rv = ROUTER_BAD_EI;
800 goto fail;
801 }
802 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
803 return ROUTER_ADDED_SUCCESSFULLY;
804 fail:
805 {
806 const char *d = ei->cache_info.signed_descriptor_digest;
807 signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d);
808 if (sd) {
809 log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
810 "rejected, and therefore undownloadable",
811 hex_str((char*)d,DIGEST_LEN));
812 download_status_mark_impossible(&sd->ei_dl_status);
813 }
814 extrainfo_free(ei);
815 }
816 return rv;
817 }
818
819 /** Remove all descriptors whose nicknames or fingerprints no longer
820 * are allowed by our fingerprint list. (Descriptors that used to be
821 * good can become bad when we reload the fingerprint list.)
822 */
823 static void
824 directory_remove_invalid(void)
825 {
826 routerlist_t *rl = router_get_routerlist();
827 smartlist_t *nodes = smartlist_new();
828 smartlist_add_all(nodes, nodelist_get_list());
829
830 SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
831 const char *msg = NULL;
832 routerinfo_t *ent = node->ri;
833 char description[NODE_DESC_BUF_LEN];
834 uint32_t r;
835 if (!ent)
836 continue;
837 r = dirserv_router_get_status(ent, &msg, LOG_INFO);
838 router_get_description(description, ent);
839 if (r & FP_REJECT) {
840 log_info(LD_DIRSERV, "Router %s is now rejected: %s",
841 description, msg?msg:"");
842 routerlist_remove(rl, ent, 0, time(NULL));
843 continue;
844 }
845 if (bool_neq((r & FP_INVALID), !node->is_valid)) {
846 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", description,
847 (r&FP_INVALID) ? "in" : "");
848 node->is_valid = (r&FP_INVALID)?0:1;
849 }
850 if (bool_neq((r & FP_BADEXIT), node->is_bad_exit)) {
851 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
852 (r & FP_BADEXIT) ? "bad" : "good");
853 node->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
854 }
855 } SMARTLIST_FOREACH_END(node);
856
857 routerlist_assert_ok(rl);
858 smartlist_free(nodes);
859 }
860
861 /**
862 * Allocate and return a description of the status of the server <b>desc</b>,
863 * for use in a v1-style router-status line. The server is listed
864 * as running iff <b>is_live</b> is true.
865 */
866 static char *
867 list_single_server_status(const routerinfo_t *desc, int is_live)
868 {
869 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
870 char *cp;
871 const node_t *node;
872
873 tor_assert(desc);
874
875 cp = buf;
876 if (!is_live) {
877 *cp++ = '!';
878 }
879 node = node_get_by_id(desc->cache_info.identity_digest);
880 if (node && node->is_valid) {
881 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
882 cp += strlen(cp);
883 *cp++ = '=';
884 }
885 *cp++ = '$';
886 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
887 DIGEST_LEN);
888 return tor_strdup(buf);
889 }
890
891 /* DOCDOC running_long_enough_to_decide_unreachable */
892 static inline int
893 running_long_enough_to_decide_unreachable(void)
894 {
895 return time_of_process_start
896 + get_options()->TestingAuthDirTimeToLearnReachability < approx_time();
897 }
898
899 /** Each server needs to have passed a reachability test no more
900 * than this number of seconds ago, or it is listed as down in
901 * the directory. */
902 #define REACHABLE_TIMEOUT (45*60)
903
904 /** If we tested a router and found it reachable _at least this long_ after it
905 * declared itself hibernating, it is probably done hibernating and we just
906 * missed a descriptor from it. */
907 #define HIBERNATION_PUBLICATION_SKEW (60*60)
908
909 /** Treat a router as alive if
910 * - It's me, and I'm not hibernating.
911 * or - We've found it reachable recently. */
912 void
913 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
914 {
915 /*XXXX This function is a mess. Separate out the part that calculates
916 whether it's reachable and the part that tells rephist that the router was
917 unreachable.
918 */
919 int answer;
920 const or_options_t *options = get_options();
921 node_t *node = node_get_mutable_by_id(router->cache_info.identity_digest);
922 tor_assert(node);
923
924 if (router_is_me(router)) {
925 /* We always know if we are down ourselves. */
926 answer = ! we_are_hibernating();
927 } else if (router->is_hibernating &&
928 (router->cache_info.published_on +
929 HIBERNATION_PUBLICATION_SKEW) > node->last_reachable) {
930 /* A hibernating router is down unless we (somehow) had contact with it
931 * since it declared itself to be hibernating. */
932 answer = 0;
933 } else if (options->AssumeReachable) {
934 /* If AssumeReachable, everybody is up unless they say they are down! */
935 answer = 1;
936 } else {
937 /* Otherwise, a router counts as up if we found all announced OR
938 ports reachable in the last REACHABLE_TIMEOUT seconds.
939
940 XXX prop186 For now there's always one IPv4 and at most one
941 IPv6 OR port.
942
943 If we're not on IPv6, don't consider reachability of potential
944 IPv6 OR port since that'd kill all dual stack relays until a
945 majority of the dir auths have IPv6 connectivity. */
946 answer = (now < node->last_reachable + REACHABLE_TIMEOUT &&
947 (options->AuthDirHasIPv6Connectivity != 1 ||
948 tor_addr_is_null(&router->ipv6_addr) ||
949 now < node->last_reachable6 + REACHABLE_TIMEOUT));
950 }
951
952 if (!answer && running_long_enough_to_decide_unreachable()) {
953 /* Not considered reachable. tell rephist about that.
954
955 Because we launch a reachability test for each router every
956 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
957 been down since at least that time after we last successfully reached
958 it.
959
960 XXX ipv6
961 */
962 time_t when = now;
963 if (node->last_reachable &&
964 node->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD < now)
965 when = node->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD;
966 rep_hist_note_router_unreachable(router->cache_info.identity_digest, when);
967 }
968
969 node->is_running = answer;
970 }
971
972 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
973 * contents of a v1-style router-status line, and store it in
974 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
975 *
976 * If for_controller is true, include the routers with very old descriptors.
977 */
978 int
979 list_server_status_v1(smartlist_t *routers, char **router_status_out,
980 int for_controller)
981 {
982 /* List of entries in a router-status style: An optional !, then an optional
983 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
984 smartlist_t *rs_entries;
985 time_t now = time(NULL);
986 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
987 const or_options_t *options = get_options();
988 /* We include v2 dir auths here too, because they need to answer
989 * controllers. Eventually we'll deprecate this whole function;
990 * see also networkstatus_getinfo_by_purpose(). */
991 int authdir = authdir_mode_publishes_statuses(options);
992 tor_assert(router_status_out);
993
994 rs_entries = smartlist_new();
995
996 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
997 const node_t *node = node_get_by_id(ri->cache_info.identity_digest);
998 tor_assert(node);
999 if (authdir) {
1000 /* Update router status in routerinfo_t. */
1001 dirserv_set_router_is_running(ri, now);
1002 }
1003 if (for_controller) {
1004 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
1005 char *cp = name_buf;
1006 if (!node->is_running)
1007 *cp++ = '!';
1008 router_get_verbose_nickname(cp, ri);
1009 smartlist_add(rs_entries, tor_strdup(name_buf));
1010 } else if (ri->cache_info.published_on >= cutoff) {
1011 smartlist_add(rs_entries, list_single_server_status(ri,
1012 node->is_running));
1013 }
1014 } SMARTLIST_FOREACH_END(ri);
1015
1016 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
1017
1018 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
1019 smartlist_free(rs_entries);
1020
1021 return 0;
1022 }
1023
1024 /** Given a (possibly empty) list of config_line_t, each line of which contains
1025 * a list of comma-separated version numbers surrounded by optional space,
1026 * allocate and return a new string containing the version numbers, in order,
1027 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1028 */
1029 static char *
1030 format_versions_list(config_line_t *ln)
1031 {
1032 smartlist_t *versions;
1033 char *result;
1034 versions = smartlist_new();
1035 for ( ; ln; ln = ln->next) {
1036 smartlist_split_string(versions, ln->value, ",",
1037 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1038 }
1039 sort_version_list(versions, 1);
1040 result = smartlist_join_strings(versions,",",0,NULL);
1041 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1042 smartlist_free(versions);
1043 return result;
1044 }
1045
1046 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1047 * not hibernating, having observed bw greater 0, and not too old. Else
1048 * return 0.
1049 */
1050 static int
1051 router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
1052 {
1053 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1054 if (ri->cache_info.published_on < cutoff) {
1055 return 0;
1056 }
1057 if (!node->is_running || !node->is_valid || ri->is_hibernating) {
1058 return 0;
1059 }
1060 /* Only require bandwith capacity in non-test networks, or
1061 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
1062 if (!ri->bandwidthcapacity) {
1063 if (get_options()->TestingTorNetwork) {
1064 if (get_options()->TestingMinExitFlagThreshold > 0) {
1065 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
1066 * then require bandwidthcapacity */
1067 return 0;
1068 }
1069 } else {
1070 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
1071 return 0;
1072 }
1073 }
1074 return 1;
1075 }
1076
1077 /********************************************************************/
1078
1079 /* A set of functions to answer questions about how we'd like to behave
1080 * as a directory mirror/client. */
1081
1082 /** Return 1 if we fetch our directory material directly from the
1083 * authorities, rather than from a mirror. */
1084 int
1085 directory_fetches_from_authorities(const or_options_t *options)
1086 {
1087 const routerinfo_t *me;
1088 uint32_t addr;
1089 int refuseunknown;
1090 if (options->FetchDirInfoEarly)
1091 return 1;
1092 if (options->BridgeRelay == 1)
1093 return 0;
1094 if (server_mode(options) &&
1095 router_pick_published_address(options, &addr, 1) < 0)
1096 return 1; /* we don't know our IP address; ask an authority. */
1097 refuseunknown = ! router_my_exit_policy_is_reject_star() &&
1098 should_refuse_unknown_exits(options);
1099 if (!dir_server_mode(options) && !refuseunknown)
1100 return 0;
1101 if (!server_mode(options) || !advertised_server_mode())
1102 return 0;
1103 me = router_get_my_routerinfo();
1104 if (!me || (!me->supports_tunnelled_dir_requests && !refuseunknown))
1105 return 0; /* if we don't service directory requests, return 0 too */
1106 return 1;
1107 }
1108
1109 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1110 * on the "mirror" schedule rather than the "client" schedule.
1111 */
1112 int
1113 directory_fetches_dir_info_early(const or_options_t *options)
1114 {
1115 return directory_fetches_from_authorities(options);
1116 }
1117
1118 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1119 * on a very passive schedule -- waiting long enough for ordinary clients
1120 * to probably have the info we want. These would include bridge users,
1121 * and maybe others in the future e.g. if a Tor client uses another Tor
1122 * client as a directory guard.
1123 */
1124 int
1125 directory_fetches_dir_info_later(const or_options_t *options)
1126 {
1127 return options->UseBridges != 0;
1128 }
1129
1130 /** Return true iff we want to fetch and keep certificates for authorities
1131 * that we don't acknowledge as authorities ourself.
1132 */
1133 int
1134 directory_caches_unknown_auth_certs(const or_options_t *options)
1135 {
1136 return dir_server_mode(options) || options->BridgeRelay;
1137 }
1138
1139 /** Return 1 if we want to keep descriptors, networkstatuses, etc around.
1140 * Else return 0.
1141 * Check options->DirPort_set and directory_permits_begindir_requests()
1142 * to see if we are willing to serve these directory documents to others via
1143 * the DirPort and begindir-over-ORPort, respectively.
1144 */
1145 int
1146 directory_caches_dir_info(const or_options_t *options)
1147 {
1148 if (options->BridgeRelay || dir_server_mode(options))
1149 return 1;
1150 if (!server_mode(options) || !advertised_server_mode())
1151 return 0;
1152 /* We need an up-to-date view of network info if we're going to try to
1153 * block exit attempts from unknown relays. */
1154 return ! router_my_exit_policy_is_reject_star() &&
1155 should_refuse_unknown_exits(options);
1156 }
1157
1158 /** Return 1 if we want to allow remote people to ask us directory
1159 * requests via the "begin_dir" interface, which doesn't require
1160 * having any separate port open. */
1161 int
1162 directory_permits_begindir_requests(const or_options_t *options)
1163 {
1164 return options->BridgeRelay != 0 || dir_server_mode(options);
1165 }
1166
1167 /** Return 1 if we have no need to fetch new descriptors. This generally
1168 * happens when we're not a dir cache and we haven't built any circuits
1169 * lately.
1170 */
1171 int
1172 directory_too_idle_to_fetch_descriptors(const or_options_t *options,
1173 time_t now)
1174 {
1175 return !directory_caches_dir_info(options) &&
1176 !options->FetchUselessDescriptors &&
1177 rep_hist_circbuilding_dormant(now);
1178 }
1179
1180 /********************************************************************/
1181
1182 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1183 * currently serving. */
1184 static strmap_t *cached_consensuses = NULL;
1185
1186 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1187 * any references. */
1188 void
1189 cached_dir_decref(cached_dir_t *d)
1190 {
1191 if (!d || --d->refcnt > 0)
1192 return;
1193 clear_cached_dir(d);
1194 tor_free(d);
1195 }
1196
1197 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1198 * published at <b>published</b>. */
1199 cached_dir_t *
1200 new_cached_dir(char *s, time_t published)
1201 {
1202 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1203 d->refcnt = 1;
1204 d->dir = s;
1205 d->dir_len = strlen(s);
1206 d->published = published;
1207 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1208 ZLIB_METHOD)) {
1209 log_warn(LD_BUG, "Error compressing directory");
1210 }
1211 return d;
1212 }
1213
1214 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1215 static void
1216 clear_cached_dir(cached_dir_t *d)
1217 {
1218 tor_free(d->dir);
1219 tor_free(d->dir_z);
1220 memset(d, 0, sizeof(cached_dir_t));
1221 }
1222
1223 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1224 static void
1225 free_cached_dir_(void *_d)
1226 {
1227 cached_dir_t *d;
1228 if (!_d)
1229 return;
1230
1231 d = (cached_dir_t *)_d;
1232 cached_dir_decref(d);
1233 }
1234
1235 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1236 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1237 * validation is performed. */
1238 void
1239 dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
1240 const char *flavor_name,
1241 const common_digests_t *digests,
1242 time_t published)
1243 {
1244 cached_dir_t *new_networkstatus;
1245 cached_dir_t *old_networkstatus;
1246 if (!cached_consensuses)
1247 cached_consensuses = strmap_new();
1248
1249 new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
1250 memcpy(&new_networkstatus->digests, digests, sizeof(common_digests_t));
1251 old_networkstatus = strmap_set(cached_consensuses, flavor_name,
1252 new_networkstatus);
1253 if (old_networkstatus)
1254 cached_dir_decref(old_networkstatus);
1255 }
1256
1257 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1258 * optionally compressed format, suitable for sending to clients. */
1259 cached_dir_t *
1260 dirserv_get_consensus(const char *flavor_name)
1261 {
1262 if (!cached_consensuses)
1263 return NULL;
1264 return strmap_get(cached_consensuses, flavor_name);
1265 }
1266
1267 /** If a router's uptime is at least this value, then it is always
1268 * considered stable, regardless of the rest of the network. This
1269 * way we resist attacks where an attacker doubles the size of the
1270 * network using allegedly high-uptime nodes, displacing all the
1271 * current guards. */
1272 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1273 /** If a router's MTBF is at least this value, then it is always stable.
1274 * See above. (Corresponds to about 7 days for current decay rates.) */
1275 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1276 /** Similarly, every node with at least this much weighted time known can be
1277 * considered familiar enough to be a guard. Corresponds to about 20 days for
1278 * current decay rates.
1279 */
1280 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1281 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1282 */
1283 #define WFU_TO_GUARANTEE_GUARD (0.98)
1284
1285 /* Thresholds for server performance: set by
1286 * dirserv_compute_performance_thresholds, and used by
1287 * generate_v2_networkstatus */
1288
1289 /** Any router with an uptime of at least this value is stable. */
1290 static uint32_t stable_uptime = 0; /* start at a safe value */
1291 /** Any router with an mtbf of at least this value is stable. */
1292 static double stable_mtbf = 0.0;
1293 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1294 * than stable_uptime. */
1295 static int enough_mtbf_info = 0;
1296 /** Any router with a weighted fractional uptime of at least this much might
1297 * be good as a guard. */
1298 static double guard_wfu = 0.0;
1299 /** Don't call a router a guard unless we've known about it for at least this
1300 * many seconds. */
1301 static long guard_tk = 0;
1302 /** Any router with a bandwidth at least this high is "Fast" */
1303 static uint32_t fast_bandwidth_kb = 0;
1304 /** If exits can be guards, then all guards must have a bandwidth this
1305 * high. */
1306 static uint32_t guard_bandwidth_including_exits_kb = 0;
1307 /** If exits can't be guards, then all guards must have a bandwidth this
1308 * high. */
1309 static uint32_t guard_bandwidth_excluding_exits_kb = 0;
1310
1311 /** Helper: estimate the uptime of a router given its stated uptime and the
1312 * amount of time since it last stated its stated uptime. */
1313 static inline long
1314 real_uptime(const routerinfo_t *router, time_t now)
1315 {
1316 if (now < router->cache_info.published_on)
1317 return router->uptime;
1318 else
1319 return router->uptime + (now - router->cache_info.published_on);
1320 }
1321
1322 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1323 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1324 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1325 * bandwidth.
1326 */
1327 static int
1328 dirserv_thinks_router_is_unreliable(time_t now,
1329 routerinfo_t *router,
1330 int need_uptime, int need_capacity)
1331 {
1332 if (need_uptime) {
1333 if (!enough_mtbf_info) {
1334 /* XXXX We should change the rule from
1335 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1336 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1337 * hit a point where we need to reset a lot of authorities at once,
1338 * none of them would be in a position to declare Stable.
1339 */
1340 long uptime = real_uptime(router, now);
1341 if ((unsigned)uptime < stable_uptime &&
1342 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1343 return 1;
1344 } else {
1345 double mtbf =
1346 rep_hist_get_stability(router->cache_info.identity_digest, now);
1347 if (mtbf < stable_mtbf &&
1348 mtbf < MTBF_TO_GUARANTEE_STABLE)
1349 return 1;
1350 }
1351 }
1352 if (need_capacity) {
1353 uint32_t bw_kb = dirserv_get_credible_bandwidth_kb(router);
1354 if (bw_kb < fast_bandwidth_kb)
1355 return 1;
1356 }
1357 return 0;
1358 }
1359
1360 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1361 *
1362 * Right now this means it advertises support for it, it has a high uptime,
1363 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1364 * considered Running.
1365 *
1366 * This function needs to be called after router-\>is_running has
1367 * been set.
1368 */
1369 static int
1370 dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
1371 const node_t *node, time_t now)
1372 {
1373
1374 long uptime;
1375
1376 /* If we haven't been running for at least
1377 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1378 * have accurate data telling us a relay has been up for at least
1379 * that long. We also want to allow a bit of slack: Reachability
1380 * tests aren't instant. If we haven't been running long enough,
1381 * trust the relay. */
1382
1383 if (stats_n_seconds_working >
1384 get_options()->MinUptimeHidServDirectoryV2 * 1.1)
1385 uptime = MIN(rep_hist_get_uptime(router->cache_info.identity_digest, now),
1386 real_uptime(router, now));
1387 else
1388 uptime = real_uptime(router, now);
1389
1390 return (router->wants_to_be_hs_dir &&
1391 router->supports_tunnelled_dir_requests &&
1392 node->is_stable && node->is_fast &&
1393 uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
1394 router_is_active(router, node, now));
1395 }
1396
1397 /** Don't consider routers with less bandwidth than this when computing
1398 * thresholds. */
1399 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1400
1401 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1402 * include a router in our calculations, and return true iff we should; the
1403 * require_mbw parameter is passed in by
1404 * dirserv_compute_performance_thresholds() and controls whether we ever
1405 * count routers with only advertised bandwidths */
1406 static int
1407 router_counts_toward_thresholds(const node_t *node, time_t now,
1408 const digestmap_t *omit_as_sybil,
1409 int require_mbw)
1410 {
1411 /* Have measured bw? */
1412 int have_mbw =
1413 dirserv_has_measured_bw(node->identity);
1414 uint64_t min_bw_kb = ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB;
1415 const or_options_t *options = get_options();
1416
1417 if (options->TestingTorNetwork) {
1418 min_bw_kb = (int64_t)options->TestingMinExitFlagThreshold / 1000;
1419 }
1420
1421 return node->ri && router_is_active(node->ri, node, now) &&
1422 !digestmap_get(omit_as_sybil, node->identity) &&
1423 (dirserv_get_credible_bandwidth_kb(node->ri) >= min_bw_kb) &&
1424 (have_mbw || !require_mbw);
1425 }
1426
1427 /** Look through the routerlist, the Mean Time Between Failure history, and
1428 * the Weighted Fractional Uptime history, and use them to set thresholds for
1429 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1430 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1431 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1432 *
1433 * Also, set the is_exit flag of each router appropriately. */
1434 static void
1435 dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
1436 {
1437 int n_active, n_active_nonexit, n_familiar;
1438 uint32_t *uptimes, *bandwidths_kb, *bandwidths_excluding_exits_kb;
1439 long *tks;
1440 double *mtbfs, *wfus;
1441 smartlist_t *nodelist;
1442 time_t now = time(NULL);
1443 const or_options_t *options = get_options();
1444
1445 /* Require mbw? */
1446 int require_mbw =
1447 (routers_with_measured_bw >
1448 options->MinMeasuredBWsForAuthToIgnoreAdvertised) ? 1 : 0;
1449
1450 /* initialize these all here, in case there are no routers */
1451 stable_uptime = 0;
1452 stable_mtbf = 0;
1453 fast_bandwidth_kb = 0;
1454 guard_bandwidth_including_exits_kb = 0;
1455 guard_bandwidth_excluding_exits_kb = 0;
1456 guard_tk = 0;
1457 guard_wfu = 0;
1458
1459 nodelist_assert_ok();
1460 nodelist = nodelist_get_list();
1461
1462 /* Initialize arrays that will hold values for each router. We'll
1463 * sort them and use that to compute thresholds. */
1464 n_active = n_active_nonexit = 0;
1465 /* Uptime for every active router. */
1466 uptimes = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
1467 /* Bandwidth for every active router. */
1468 bandwidths_kb = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
1469 /* Bandwidth for every active non-exit router. */
1470 bandwidths_excluding_exits_kb =
1471 tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
1472 /* Weighted mean time between failure for each active router. */
1473 mtbfs = tor_calloc(smartlist_len(nodelist), sizeof(double));
1474 /* Time-known for each active router. */
1475 tks = tor_calloc(smartlist_len(nodelist), sizeof(long));
1476 /* Weighted fractional uptime for each active router. */
1477 wfus = tor_calloc(smartlist_len(nodelist), sizeof(double));
1478
1479 /* Now, fill in the arrays. */
1480 SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
1481 if (options->BridgeAuthoritativeDir &&
1482 node->ri &&
1483 node->ri->purpose != ROUTER_PURPOSE_BRIDGE)
1484 continue;
1485 if (router_counts_toward_thresholds(node, now, omit_as_sybil,
1486 require_mbw)) {
1487 routerinfo_t *ri = node->ri;
1488 const char *id = node->identity;
1489 uint32_t bw_kb;
1490 /* resolve spurious clang shallow analysis null pointer errors */
1491 tor_assert(ri);
1492 node->is_exit = (!router_exit_policy_rejects_all(ri) &&
1493 exit_policy_is_general_exit(ri->exit_policy));
1494 uptimes[n_active] = (uint32_t)real_uptime(ri, now);
1495 mtbfs[n_active] = rep_hist_get_stability(id, now);
1496 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1497 bandwidths_kb[n_active] = bw_kb = dirserv_get_credible_bandwidth_kb(ri);
1498 if (!node->is_exit || node->is_bad_exit) {
1499 bandwidths_excluding_exits_kb[n_active_nonexit] = bw_kb;
1500 ++n_active_nonexit;
1501 }
1502 ++n_active;
1503 }
1504 } SMARTLIST_FOREACH_END(node);
1505
1506 /* Now, compute thresholds. */
1507 if (n_active) {
1508 /* The median uptime is stable. */
1509 stable_uptime = median_uint32(uptimes, n_active);
1510 /* The median mtbf is stable, if we have enough mtbf info */
1511 stable_mtbf = median_double(mtbfs, n_active);
1512 /* The 12.5th percentile bandwidth is fast. */
1513 fast_bandwidth_kb = find_nth_uint32(bandwidths_kb, n_active, n_active/8);
1514 /* (Now bandwidths is sorted.) */
1515 if (fast_bandwidth_kb < RELAY_REQUIRED_MIN_BANDWIDTH/(2 * 1000))
1516 fast_bandwidth_kb = bandwidths_kb[n_active/4];
1517 guard_bandwidth_including_exits_kb =
1518 third_quartile_uint32(bandwidths_kb, n_active);
1519 guard_tk = find_nth_long(tks, n_active, n_active/8);
1520 }
1521
1522 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1523 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1524
1525 {
1526 /* We can vote on a parameter for the minimum and maximum. */
1527 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1528 int32_t min_fast_kb, max_fast_kb, min_fast, max_fast;
1529 min_fast = networkstatus_get_param(NULL, "FastFlagMinThreshold",
1530 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
1531 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
1532 INT32_MAX);
1533 if (options->TestingTorNetwork) {
1534 min_fast = (int32_t)options->TestingMinFastFlagThreshold;
1535 }
1536 max_fast = networkstatus_get_param(NULL, "FastFlagMaxThreshold",
1537 INT32_MAX, min_fast, INT32_MAX);
1538 min_fast_kb = min_fast / 1000;
1539 max_fast_kb = max_fast / 1000;
1540
1541 if (fast_bandwidth_kb < (uint32_t)min_fast_kb)
1542 fast_bandwidth_kb = min_fast_kb;
1543 if (fast_bandwidth_kb > (uint32_t)max_fast_kb)
1544 fast_bandwidth_kb = max_fast_kb;
1545 }
1546 /* Protect sufficiently fast nodes from being pushed out of the set
1547 * of Fast nodes. */
1548 if (options->AuthDirFastGuarantee &&
1549 fast_bandwidth_kb > options->AuthDirFastGuarantee/1000)
1550 fast_bandwidth_kb = (uint32_t)options->AuthDirFastGuarantee/1000;
1551
1552 /* Now that we have a time-known that 7/8 routers are known longer than,
1553 * fill wfus with the wfu of every such "familiar" router. */
1554 n_familiar = 0;
1555
1556 SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
1557 if (router_counts_toward_thresholds(node, now,
1558 omit_as_sybil, require_mbw)) {
1559 routerinfo_t *ri = node->ri;
1560 const char *id = ri->cache_info.identity_digest;
1561 long tk = rep_hist_get_weighted_time_known(id, now);
1562 if (tk < guard_tk)
1563 continue;
1564 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1565 }
1566 } SMARTLIST_FOREACH_END(node);
1567 if (n_familiar)
1568 guard_wfu = median_double(wfus, n_familiar);
1569 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1570 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1571
1572 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1573
1574 if (n_active_nonexit) {
1575 guard_bandwidth_excluding_exits_kb =
1576 find_nth_uint32(bandwidths_excluding_exits_kb,
1577 n_active_nonexit, n_active_nonexit*3/4);
1578 }
1579
1580 log_info(LD_DIRSERV,
1581 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1582 "For Fast: %lu kilobytes/sec. "
1583 "For Guard: WFU %.03f%%, time-known %lu sec, "
1584 "and bandwidth %lu or %lu kilobytes/sec. "
1585 "We%s have enough stability data.",
1586 (unsigned long)stable_uptime,
1587 (unsigned long)stable_mtbf,
1588 (unsigned long)fast_bandwidth_kb,
1589 guard_wfu*100,
1590 (unsigned long)guard_tk,
1591 (unsigned long)guard_bandwidth_including_exits_kb,
1592 (unsigned long)guard_bandwidth_excluding_exits_kb,
1593 enough_mtbf_info ? "" : " don't");
1594
1595 tor_free(uptimes);
1596 tor_free(mtbfs);
1597 tor_free(bandwidths_kb);
1598 tor_free(bandwidths_excluding_exits_kb);
1599 tor_free(tks);
1600 tor_free(wfus);
1601 }
1602
1603 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1604 * for the status flags, specifically for bridges.
1605 *
1606 * This is only called by a Bridge Authority from
1607 * networkstatus_getinfo_by_purpose().
1608 */
1609 void
1610 dirserv_compute_bridge_flag_thresholds(void)
1611 {
1612 digestmap_t *omit_as_sybil = digestmap_new();
1613 dirserv_compute_performance_thresholds(omit_as_sybil);
1614 digestmap_free(omit_as_sybil, NULL);
1615 }
1616
1617 /** Measured bandwidth cache entry */
1618 typedef struct mbw_cache_entry_s {
1619 long mbw_kb;
1620 time_t as_of;
1621 } mbw_cache_entry_t;
1622
1623 /** Measured bandwidth cache - keys are identity_digests, values are
1624 * mbw_cache_entry_t *. */
1625 static digestmap_t *mbw_cache = NULL;
1626
1627 /** Store a measured bandwidth cache entry when reading the measured
1628 * bandwidths file. */
1629 STATIC void
1630 dirserv_cache_measured_bw(const measured_bw_line_t *parsed_line,
1631 time_t as_of)
1632 {
1633 mbw_cache_entry_t *e = NULL;
1634
1635 tor_assert(parsed_line);
1636
1637 /* Allocate a cache if we need */
1638 if (!mbw_cache) mbw_cache = digestmap_new();
1639
1640 /* Check if we have an existing entry */
1641 e = digestmap_get(mbw_cache, parsed_line->node_id);
1642 /* If we do, we can re-use it */
1643 if (e) {
1644 /* Check that we really are newer, and update */
1645 if (as_of > e->as_of) {
1646 e->mbw_kb = parsed_line->bw_kb;
1647 e->as_of = as_of;
1648 }
1649 } else {
1650 /* We'll have to insert a new entry */
1651 e = tor_malloc(sizeof(*e));
1652 e->mbw_kb = parsed_line->bw_kb;
1653 e->as_of = as_of;
1654 digestmap_set(mbw_cache, parsed_line->node_id, e);
1655 }
1656 }
1657
1658 /** Clear and free the measured bandwidth cache */
1659 STATIC void
1660 dirserv_clear_measured_bw_cache(void)
1661 {
1662 if (mbw_cache) {
1663 /* Free the map and all entries */
1664 digestmap_free(mbw_cache, tor_free_);
1665 mbw_cache = NULL;
1666 }
1667 }
1668
1669 /** Scan the measured bandwidth cache and remove expired entries */
1670 STATIC void
1671 dirserv_expire_measured_bw_cache(time_t now)
1672 {
1673
1674 if (mbw_cache) {
1675 /* Iterate through the cache and check each entry */
1676 DIGESTMAP_FOREACH_MODIFY(mbw_cache, k, mbw_cache_entry_t *, e) {
1677 if (now > e->as_of + MAX_MEASUREMENT_AGE) {
1678 tor_free(e);
1679 MAP_DEL_CURRENT(k);
1680 }
1681 } DIGESTMAP_FOREACH_END;
1682
1683 /* Check if we cleared the whole thing and free if so */
1684 if (digestmap_size(mbw_cache) == 0) {
1685 digestmap_free(mbw_cache, tor_free_);
1686 mbw_cache = 0;
1687 }
1688 }
1689 }
1690
1691 /** Get the current size of the measured bandwidth cache */
1692 STATIC int
1693 dirserv_get_measured_bw_cache_size(void)
1694 {
1695 if (mbw_cache) return digestmap_size(mbw_cache);
1696 else return 0;
1697 }
1698
1699 /** Query the cache by identity digest, return value indicates whether
1700 * we found it. The bw_out and as_of_out pointers receive the cached
1701 * bandwidth value and the time it was cached if not NULL. */
1702 STATIC int
1703 dirserv_query_measured_bw_cache_kb(const char *node_id, long *bw_kb_out,
1704 time_t *as_of_out)
1705 {
1706 mbw_cache_entry_t *v = NULL;
1707 int rv = 0;
1708
1709 if (mbw_cache && node_id) {
1710 v = digestmap_get(mbw_cache, node_id);
1711 if (v) {
1712 /* Found something */
1713 rv = 1;
1714 if (bw_kb_out) *bw_kb_out = v->mbw_kb;
1715 if (as_of_out) *as_of_out = v->as_of;
1716 }
1717 }
1718
1719 return rv;
1720 }
1721
1722 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1723 STATIC int
1724 dirserv_has_measured_bw(const char *node_id)
1725 {
1726 return dirserv_query_measured_bw_cache_kb(node_id, NULL, NULL);
1727 }
1728
1729 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1730 * preferring measured to advertised values if available. */
1731
1732 static uint32_t
1733 dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri)
1734 {
1735 uint32_t bw_kb = 0;
1736 /*
1737 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1738 * signed) longs and the ones router_get_advertised_bandwidth() returns
1739 * are uint32_t.
1740 */
1741 long mbw_kb = 0;
1742
1743 if (ri) {
1744 /*
1745 * * First try to see if we have a measured bandwidth; don't bother with
1746 * as_of_out here, on the theory that a stale measured bandwidth is still
1747 * better to trust than an advertised one.
1748 */
1749 if (dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest,
1750 &mbw_kb, NULL)) {
1751 /* Got one! */
1752 bw_kb = (uint32_t)mbw_kb;
1753 } else {
1754 /* If not, fall back to advertised */
1755 bw_kb = router_get_advertised_bandwidth(ri) / 1000;
1756 }
1757 }
1758
1759 return bw_kb;
1760 }
1761
1762 /** Look through the routerlist, and using the measured bandwidth cache count
1763 * how many measured bandwidths we know. This is used to decide whether we
1764 * ever trust advertised bandwidths for purposes of assigning flags. */
1765 static void
1766 dirserv_count_measured_bws(const smartlist_t *routers)
1767 {
1768 /* Initialize this first */
1769 routers_with_measured_bw = 0;
1770
1771 /* Iterate over the routerlist and count measured bandwidths */
1772 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
1773 /* Check if we know a measured bandwidth for this one */
1774 if (dirserv_has_measured_bw(ri->cache_info.identity_digest)) {
1775 ++routers_with_measured_bw;
1776 }
1777 } SMARTLIST_FOREACH_END(ri);
1778 }
1779
1780 /** Return the bandwidth we believe for assigning flags; prefer measured
1781 * over advertised, and if we have above a threshold quantity of measured
1782 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1783 * return 0. */
1784 static uint32_t
1785 dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri)
1786 {
1787 int threshold;
1788 uint32_t bw_kb = 0;
1789 long mbw_kb;
1790
1791 tor_assert(ri);
1792 /* Check if we have a measured bandwidth, and check the threshold if not */
1793 if (!(dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest,
1794 &mbw_kb, NULL))) {
1795 threshold = get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised;
1796 if (routers_with_measured_bw > threshold) {
1797 /* Return zero for unmeasured bandwidth if we are above threshold */
1798 bw_kb = 0;
1799 } else {
1800 /* Return an advertised bandwidth otherwise */
1801 bw_kb = router_get_advertised_bandwidth_capped(ri) / 1000;
1802 }
1803 } else {
1804 /* We have the measured bandwidth in mbw */
1805 bw_kb = (uint32_t)mbw_kb;
1806 }
1807
1808 return bw_kb;
1809 }
1810
1811 /** Give a statement of our current performance thresholds for inclusion
1812 * in a vote document. */
1813 char *
1814 dirserv_get_flag_thresholds_line(void)
1815 {
1816 char *result=NULL;
1817 const int measured_threshold =
1818 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised;
1819 const int enough_measured_bw = routers_with_measured_bw > measured_threshold;
1820
1821 tor_asprintf(&result,
1822 "stable-uptime=%lu stable-mtbf=%lu "
1823 "fast-speed=%lu "
1824 "guard-wfu=%.03f%% guard-tk=%lu "
1825 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1826 "enough-mtbf=%d ignoring-advertised-bws=%d",
1827 (unsigned long)stable_uptime,
1828 (unsigned long)stable_mtbf,
1829 (unsigned long)fast_bandwidth_kb*1000,
1830 guard_wfu*100,
1831 (unsigned long)guard_tk,
1832 (unsigned long)guard_bandwidth_including_exits_kb*1000,
1833 (unsigned long)guard_bandwidth_excluding_exits_kb*1000,
1834 enough_mtbf_info ? 1 : 0,
1835 enough_measured_bw ? 1 : 0);
1836
1837 return result;
1838 }
1839
1840 /** Given a platform string as in a routerinfo_t (possibly null), return a
1841 * newly allocated version string for a networkstatus document, or NULL if the
1842 * platform doesn't give a Tor version. */
1843 static char *
1844 version_from_platform(const char *platform)
1845 {
1846 if (platform && !strcmpstart(platform, "Tor ")) {
1847 const char *eos = find_whitespace(platform+4);
1848 if (eos && !strcmpstart(eos, " (r")) {
1849 /* XXXX Unify this logic with the other version extraction
1850 * logic in routerparse.c. */
1851 eos = find_whitespace(eos+1);
1852 }
1853 if (eos) {
1854 return tor_strndup(platform, eos-platform);
1855 }
1856 }
1857 return NULL;
1858 }
1859
1860 /** Helper: write the router-status information in <b>rs</b> into a newly
1861 * allocated character buffer. Use the same format as in network-status
1862 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1863 * Return 0 on success, -1 on failure.
1864 *
1865 * The format argument has one of the following values:
1866 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1867 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1868 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1869 * consensus entry.
1870 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1871 * it contains additional information for the vote.
1872 * NS_CONTROL_PORT - Output a NS document for the control port
1873 */
1874 char *
1875 routerstatus_format_entry(const routerstatus_t *rs, const char *version,
1876 const char *protocols,
1877 routerstatus_format_type_t format,
1878 const vote_routerstatus_t *vrs)
1879 {
1880 char *summary;
1881 char *result = NULL;
1882
1883 char published[ISO_TIME_LEN+1];
1884 char identity64[BASE64_DIGEST_LEN+1];
1885 char digest64[BASE64_DIGEST_LEN+1];
1886 smartlist_t *chunks = smartlist_new();
1887
1888 format_iso_time(published, rs->published_on);
1889 digest_to_base64(identity64, rs->identity_digest);
1890 digest_to_base64(digest64, rs->descriptor_digest);
1891
1892 smartlist_add_asprintf(chunks,
1893 "r %s %s %s%s%s %s %d %d\n",
1894 rs->nickname,
1895 identity64,
1896 (format==NS_V3_CONSENSUS_MICRODESC)?"":digest64,
1897 (format==NS_V3_CONSENSUS_MICRODESC)?"":" ",
1898 published,
1899 fmt_addr32(rs->addr),
1900 (int)rs->or_port,
1901 (int)rs->dir_port);
1902
1903 /* TODO: Maybe we want to pass in what we need to build the rest of
1904 * this here, instead of in the caller. Then we could use the
1905 * networkstatus_type_t values, with an additional control port value
1906 * added -MP */
1907
1908 /* V3 microdesc consensuses don't have "a" lines. */
1909 if (format == NS_V3_CONSENSUS_MICRODESC)
1910 goto done;
1911
1912 /* Possible "a" line. At most one for now. */
1913 if (!tor_addr_is_null(&rs->ipv6_addr)) {
1914 smartlist_add_asprintf(chunks, "a %s\n",
1915 fmt_addrport(&rs->ipv6_addr, rs->ipv6_orport));
1916 }
1917
1918 if (format == NS_V3_CONSENSUS)
1919 goto done;
1920
1921 smartlist_add_asprintf(chunks,
1922 "s%s%s%s%s%s%s%s%s%s%s\n",
1923 /* These must stay in alphabetical order. */
1924 rs->is_authority?" Authority":"",
1925 rs->is_bad_exit?" BadExit":"",
1926 rs->is_exit?" Exit":"",
1927 rs->is_fast?" Fast":"",
1928 rs->is_possible_guard?" Guard":"",
1929 rs->is_hs_dir?" HSDir":"",
1930 rs->is_flagged_running?" Running":"",
1931 rs->is_stable?" Stable":"",
1932 rs->is_v2_dir?" V2Dir":"",
1933 rs->is_valid?" Valid":"");
1934
1935 /* length of "opt v \n" */
1936 #define V_LINE_OVERHEAD 7
1937 if (version && strlen(version) < MAX_V_LINE_LEN - V_LINE_OVERHEAD) {
1938 smartlist_add_asprintf(chunks, "v %s\n", version);
1939 }
1940 if (protocols) {
1941 smartlist_add_asprintf(chunks, "pr %s\n", protocols);
1942 }
1943
1944 if (format != NS_V2) {
1945 const routerinfo_t* desc = router_get_by_id_digest(rs->identity_digest);
1946 uint32_t bw_kb;
1947
1948 if (format != NS_CONTROL_PORT) {
1949 /* Blow up more or less nicely if we didn't get anything or not the
1950 * thing we expected.
1951 */
1952 if (!desc) {
1953 char id[HEX_DIGEST_LEN+1];
1954 char dd[HEX_DIGEST_LEN+1];
1955
1956 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
1957 base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
1958 log_warn(LD_BUG, "Cannot get any descriptor for %s "
1959 "(wanted descriptor %s).",
1960 id, dd);
1961 goto err;
1962 }
1963
1964 /* This assert could fire for the control port, because
1965 * it can request NS documents before all descriptors
1966 * have been fetched. Therefore, we only do this test when
1967 * format != NS_CONTROL_PORT. */
1968 if (tor_memneq(desc->cache_info.signed_descriptor_digest,
1969 rs->descriptor_digest,
1970 DIGEST_LEN)) {
1971 char rl_d[HEX_DIGEST_LEN+1];
1972 char rs_d[HEX_DIGEST_LEN+1];
1973 char id[HEX_DIGEST_LEN+1];
1974
1975 base16_encode(rl_d, sizeof(rl_d),
1976 desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
1977 base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
1978 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
1979 log_err(LD_BUG, "descriptor digest in routerlist does not match "
1980 "the one in routerstatus: %s vs %s "
1981 "(router %s)\n",
1982 rl_d, rs_d, id);
1983
1984 tor_assert(tor_memeq(desc->cache_info.signed_descriptor_digest,
1985 rs->descriptor_digest,
1986 DIGEST_LEN));
1987 }
1988 }
1989
1990 if (format == NS_CONTROL_PORT && rs->has_bandwidth) {
1991 bw_kb = rs->bandwidth_kb;
1992 } else {
1993 tor_assert(desc);
1994 bw_kb = router_get_advertised_bandwidth_capped(desc) / 1000;
1995 }
1996 smartlist_add_asprintf(chunks,
1997 "w Bandwidth=%d", bw_kb);
1998
1999 if (format == NS_V3_VOTE && vrs && vrs->has_measured_bw) {
2000 smartlist_add_asprintf(chunks,
2001 " Measured=%d", vrs->measured_bw_kb);
2002 }
2003 /* Write down guardfraction information if we have it. */
2004 if (format == NS_V3_VOTE && vrs && vrs->status.has_guardfraction) {
2005 smartlist_add_asprintf(chunks,
2006 " GuardFraction=%d",
2007 vrs->status.guardfraction_percentage);
2008 }
2009
2010 smartlist_add(chunks, tor_strdup("\n"));
2011
2012 if (desc) {
2013 summary = policy_summarize(desc->exit_policy, AF_INET);
2014 smartlist_add_asprintf(chunks, "p %s\n", summary);
2015 tor_free(summary);
2016 }
2017
2018 if (format == NS_V3_VOTE && vrs) {
2019 if (tor_mem_is_zero((char*)vrs->ed25519_id, ED25519_PUBKEY_LEN)) {
2020 smartlist_add(chunks, tor_strdup("id ed25519 none\n"));
2021 } else {
2022 char ed_b64[BASE64_DIGEST256_LEN+1];
2023 digest256_to_base64(ed_b64, (const char*)vrs->ed25519_id);
2024 smartlist_add_asprintf(chunks, "id ed25519 %s\n", ed_b64);
2025 }
2026 }
2027 }
2028
2029 done:
2030 result = smartlist_join_strings(chunks, "", 0, NULL);
2031
2032 err:
2033 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2034 smartlist_free(chunks);
2035
2036 return result;
2037 }
2038
2039 /** Helper for sorting: compares two routerinfos first by address, and then by
2040 * descending order of "usefulness". (An authority is more useful than a
2041 * non-authority; a running router is more useful than a non-running router;
2042 * and a router with more bandwidth is more useful than one with less.)
2043 **/
2044 static int
2045 compare_routerinfo_by_ip_and_bw_(const void **a, const void **b)
2046 {
2047 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
2048 int first_is_auth, second_is_auth;
2049 uint32_t bw_kb_first, bw_kb_second;
2050 const node_t *node_first, *node_second;
2051 int first_is_running, second_is_running;
2052
2053 /* we return -1 if first should appear before second... that is,
2054 * if first is a better router. */
2055 if (first->addr < second->addr)
2056 return -1;
2057 else if (first->addr > second->addr)
2058 return 1;
2059
2060 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2061 * reality, we will almost never get here, since addresses will usually be
2062 * different. */
2063
2064 first_is_auth =
2065 router_digest_is_trusted_dir(first->cache_info.identity_digest);
2066 second_is_auth =
2067 router_digest_is_trusted_dir(second->cache_info.identity_digest);
2068
2069 if (first_is_auth && !second_is_auth)
2070 return -1;
2071 else if (!first_is_auth && second_is_auth)
2072 return 1;
2073
2074 node_first = node_get_by_id(first->cache_info.identity_digest);
2075 node_second = node_get_by_id(second->cache_info.identity_digest);
2076 first_is_running = node_first && node_first->is_running;
2077 second_is_running = node_second && node_second->is_running;
2078
2079 if (first_is_running && !second_is_running)
2080 return -1;
2081 else if (!first_is_running && second_is_running)
2082 return 1;
2083
2084 bw_kb_first = dirserv_get_bandwidth_for_router_kb(first);
2085 bw_kb_second = dirserv_get_bandwidth_for_router_kb(second);
2086
2087 if (bw_kb_first > bw_kb_second)
2088 return -1;
2089 else if (bw_kb_first < bw_kb_second)
2090 return 1;
2091
2092 /* They're equal! Compare by identity digest, so there's a
2093 * deterministic order and we avoid flapping. */
2094 return fast_memcmp(first->cache_info.identity_digest,
2095 second->cache_info.identity_digest,
2096 DIGEST_LEN);
2097 }
2098
2099 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2100 * whose keys are the identity digests of those routers that we're going to
2101 * exclude for Sybil-like appearance. */
2102 static digestmap_t *
2103 get_possible_sybil_list(const smartlist_t *routers)
2104 {
2105 const or_options_t *options = get_options();
2106 digestmap_t *omit_as_sybil;
2107 smartlist_t *routers_by_ip = smartlist_new();
2108 uint32_t last_addr;
2109 int addr_count;
2110 /* Allow at most this number of Tor servers on a single IP address, ... */
2111 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
2112 /* ... unless it's a directory authority, in which case allow more. */
2113 int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
2114 if (max_with_same_addr <= 0)
2115 max_with_same_addr = INT_MAX;
2116 if (max_with_same_addr_on_authority <= 0)
2117 max_with_same_addr_on_authority = INT_MAX;
2118
2119 smartlist_add_all(routers_by_ip, routers);
2120 smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_);
2121 omit_as_sybil = digestmap_new();
2122
2123 last_addr = 0;
2124 addr_count = 0;
2125 SMARTLIST_FOREACH_BEGIN(routers_by_ip, routerinfo_t *, ri) {
2126 if (last_addr != ri->addr) {
2127 last_addr = ri->addr;
2128 addr_count = 1;
2129 } else if (++addr_count > max_with_same_addr) {
2130 if (!router_addr_is_trusted_dir(ri->addr) ||
2131 addr_count > max_with_same_addr_on_authority)
2132 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2133 }
2134 } SMARTLIST_FOREACH_END(ri);
2135
2136 smartlist_free(routers_by_ip);
2137 return omit_as_sybil;
2138 }
2139
2140 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2141 * remove the older one. If they are exactly the same age, remove the one
2142 * with the greater descriptor digest. May alter the order of the list. */
2143 static void
2144 routers_make_ed_keys_unique(smartlist_t *routers)
2145 {
2146 routerinfo_t *ri2;
2147 digest256map_t *by_ed_key = digest256map_new();
2148
2149 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
2150 ri->omit_from_vote = 0;
2151 if (ri->cache_info.signing_key_cert == NULL)
2152 continue; /* No ed key */
2153 const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
2154 if ((ri2 = digest256map_get(by_ed_key, pk))) {
2155 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2156 * one has the earlier published_on. */
2157 const time_t ri_pub = ri->cache_info.published_on;
2158 const time_t ri2_pub = ri2->cache_info.published_on;
2159 if (ri2_pub < ri_pub ||
2160 (ri2_pub == ri_pub &&
2161 fast_memcmp(ri->cache_info.signed_descriptor_digest,
2162 ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
2163 digest256map_set(by_ed_key, pk, ri);
2164 ri2->omit_from_vote = 1;
2165 } else {
2166 ri->omit_from_vote = 1;
2167 }
2168 } else {
2169 /* Add to map */
2170 digest256map_set(by_ed_key, pk, ri);
2171 }
2172 } SMARTLIST_FOREACH_END(ri);
2173
2174 digest256map_free(by_ed_key, NULL);
2175
2176 /* Now remove every router where the omit_from_vote flag got set. */
2177 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
2178 if (ri->omit_from_vote) {
2179 SMARTLIST_DEL_CURRENT(routers, ri);
2180 }
2181 } SMARTLIST_FOREACH_END(ri);
2182 }
2183
2184 /** Extract status information from <b>ri</b> and from other authority
2185 * functions and store it in <b>rs</b>>.
2186 *
2187 * We assume that ri-\>is_running has already been set, e.g. by
2188 * dirserv_set_router_is_running(ri, now);
2189 */
2190 void
2191 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2192 node_t *node,
2193 routerinfo_t *ri,
2194 time_t now,
2195 int listbadexits)
2196 {
2197 const or_options_t *options = get_options();
2198 uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri);
2199
2200 memset(rs, 0, sizeof(routerstatus_t));
2201
2202 rs->is_authority =
2203 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2204
2205 /* Already set by compute_performance_thresholds. */
2206 rs->is_exit = node->is_exit;
2207 rs->is_stable = node->is_stable =
2208 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0);
2209 rs->is_fast = node->is_fast =
2210 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2211 rs->is_flagged_running = node->is_running; /* computed above */
2212
2213 rs->is_valid = node->is_valid;
2214
2215 if (node->is_fast && node->is_stable &&
2216 ((options->AuthDirGuardBWGuarantee &&
2217 routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) ||
2218 routerbw_kb >= MIN(guard_bandwidth_including_exits_kb,
2219 guard_bandwidth_excluding_exits_kb))) {
2220 long tk = rep_hist_get_weighted_time_known(
2221 node->identity, now);
2222 double wfu = rep_hist_get_weighted_fractional_uptime(
2223 node->identity, now);
2224 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2225 } else {
2226 rs->is_possible_guard = 0;
2227 }
2228
2229 rs->is_bad_exit = listbadexits && node->is_bad_exit;
2230 rs->is_hs_dir = node->is_hs_dir =
2231 dirserv_thinks_router_is_hs_dir(ri, node, now);
2232
2233 rs->is_named = rs->is_unnamed = 0;
2234
2235 rs->published_on = ri->cache_info.published_on;
2236 memcpy(rs->identity_digest, node->identity, DIGEST_LEN);
2237 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2238 DIGEST_LEN);
2239 rs->addr = ri->addr;
2240 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2241 rs->or_port = ri->or_port;
2242 rs->dir_port = ri->dir_port;
2243 rs->is_v2_dir = ri->supports_tunnelled_dir_requests;
2244 if (options->AuthDirHasIPv6Connectivity == 1 &&
2245 !tor_addr_is_null(&ri->ipv6_addr) &&
2246 node->last_reachable6 >= now - REACHABLE_TIMEOUT) {
2247 /* We're configured as having IPv6 connectivity. There's an IPv6
2248 OR port and it's reachable so copy it to the routerstatus. */
2249 tor_addr_copy(&rs->ipv6_addr, &ri->ipv6_addr);
2250 rs->ipv6_orport = ri->ipv6_orport;
2251 }
2252
2253 if (options->TestingTorNetwork) {
2254 dirserv_set_routerstatus_testing(rs);
2255 }
2256 }
2257
2258 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2259 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2260 * respectively. But don't set the corresponding node flags.
2261 * Should only be called if TestingTorNetwork is set. */
2262 STATIC void
2263 dirserv_set_routerstatus_testing(routerstatus_t *rs)
2264 {
2265 const or_options_t *options = get_options();
2266
2267 tor_assert(options->TestingTorNetwork);
2268
2269 if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit,
2270 rs, 0)) {
2271 rs->is_exit = 1;
2272 } else if (options->TestingDirAuthVoteExitIsStrict) {
2273 rs->is_exit = 0;
2274 }
2275
2276 if (routerset_contains_routerstatus(options->TestingDirAuthVoteGuard,
2277 rs, 0)) {
2278 rs->is_possible_guard = 1;
2279 } else if (options->TestingDirAuthVoteGuardIsStrict) {
2280 rs->is_possible_guard = 0;
2281 }
2282
2283 if (routerset_contains_routerstatus(options->TestingDirAuthVoteHSDir,
2284 rs, 0)) {
2285 rs->is_hs_dir = 1;
2286 } else if (options->TestingDirAuthVoteHSDirIsStrict) {
2287 rs->is_hs_dir = 0;
2288 }
2289 }
2290
2291 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2292 * too narrow an IP-space. Clear out its flags: we don't want people
2293 * using it.
2294 *
2295 * Leave its BadExit flag alone though, since if we think it's a bad exit,
2296 * we want to vote that way in case all the other authorities are voting
2297 * Running and Exit.
2298 */
2299 static void
2300 clear_status_flags_on_sybil(routerstatus_t *rs)
2301 {
2302 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2303 rs->is_flagged_running = rs->is_named = rs->is_valid =
2304 rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
2305 /* FFFF we might want some mechanism to check later on if we
2306 * missed zeroing any flags: it's easy to add a new flag but
2307 * forget to add it to this clause. */
2308 }
2309
2310 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2311 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2312 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2313 * information to it.
2314 *
2315 * Return 1 if we applied the information and 0 if we couldn't find a
2316 * matching guard.
2317 *
2318 * Requires that <b>vote_routerstatuses</b> be sorted.
2319 */
2320 static int
2321 guardfraction_line_apply(const char *guard_id,
2322 uint32_t guardfraction_percentage,
2323 smartlist_t *vote_routerstatuses)
2324 {
2325 vote_routerstatus_t *vrs = NULL;
2326
2327 tor_assert(vote_routerstatuses);
2328
2329 vrs = smartlist_bsearch(vote_routerstatuses, guard_id,
2330 compare_digest_to_vote_routerstatus_entry);
2331
2332 if (!vrs) {
2333 return 0;
2334 }
2335
2336 vrs->status.has_guardfraction = 1;
2337 vrs->status.guardfraction_percentage = guardfraction_percentage;
2338
2339 return 1;
2340 }
2341
2342 /* Given a guard line from a guardfraction file, parse it and register
2343 * its information to <b>vote_routerstatuses</b>.
2344 *
2345 * Return:
2346 * * 1 if the line was proper and its information got registered.
2347 * * 0 if the line was proper but no currently active guard was found
2348 * to register the guardfraction information to.
2349 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2350 newly allocated string containing the error message.
2351 */
2352 static int
2353 guardfraction_file_parse_guard_line(const char *guard_line,
2354 smartlist_t *vote_routerstatuses,
2355 char **err_msg)
2356 {
2357 char guard_id[DIGEST_LEN];
2358 uint32_t guardfraction;
2359 char *inputs_tmp = NULL;
2360 int num_ok = 1;
2361
2362 smartlist_t *sl = smartlist_new();
2363 int retval = -1;
2364
2365 tor_assert(err_msg);
2366
2367 /* guard_line should contain something like this:
2368 <hex digest> <guardfraction> <appearances> */
2369 smartlist_split_string(sl, guard_line, " ",
2370 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
2371 if (smartlist_len(sl) < 3) {
2372 tor_asprintf(err_msg, "bad line '%s'", guard_line);
2373 goto done;
2374 }
2375
2376 inputs_tmp = smartlist_get(sl, 0);
2377 if (strlen(inputs_tmp) != HEX_DIGEST_LEN ||
2378 base16_decode(guard_id, DIGEST_LEN,
2379 inputs_tmp, HEX_DIGEST_LEN) != DIGEST_LEN) {
2380 tor_asprintf(err_msg, "bad digest '%s'", inputs_tmp);
2381 goto done;
2382 }
2383
2384 inputs_tmp = smartlist_get(sl, 1);
2385 /* Guardfraction is an integer in [0, 100]. */
2386 guardfraction =
2387 (uint32_t) tor_parse_long(inputs_tmp, 10, 0, 100, &num_ok, NULL);
2388 if (!num_ok) {
2389 tor_asprintf(err_msg, "wrong percentage '%s'", inputs_tmp);
2390 goto done;
2391 }
2392
2393 /* If routerstatuses were provided, apply this info to actual routers. */
2394 if (vote_routerstatuses) {
2395 retval = guardfraction_line_apply(guard_id, guardfraction,
2396 vote_routerstatuses);
2397 } else {
2398 retval = 0; /* If we got this far, line was correctly formatted. */
2399 }
2400
2401 done:
2402
2403 SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
2404 smartlist_free(sl);
2405
2406 return retval;
2407 }
2408
2409 /** Given an inputs line from a guardfraction file, parse it and
2410 * register its information to <b>total_consensuses</b> and
2411 * <b>total_days</b>.
2412 *
2413 * Return 0 if it parsed well. Return -1 if there was an error, and
2414 * set <b>err_msg</b> to a newly allocated string containing the
2415 * error message.
2416 */
2417 static int
2418 guardfraction_file_parse_inputs_line(const char *inputs_line,
2419 int *total_consensuses,
2420 int *total_days,
2421 char **err_msg)
2422 {
2423 int retval = -1;
2424 char *inputs_tmp = NULL;
2425 int num_ok = 1;
2426 smartlist_t *sl = smartlist_new();
2427
2428 tor_assert(err_msg);
2429
2430 /* Second line is inputs information:
2431 * n-inputs <total_consensuses> <total_days>. */
2432 smartlist_split_string(sl, inputs_line, " ",
2433 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
2434 if (smartlist_len(sl) < 2) {
2435 tor_asprintf(err_msg, "incomplete line '%s'", inputs_line);
2436 goto done;
2437 }
2438
2439 inputs_tmp = smartlist_get(sl, 0);
2440 *total_consensuses =
2441 (int) tor_parse_long(inputs_tmp, 10, 0, INT_MAX, &num_ok, NULL);
2442 if (!num_ok) {
2443 tor_asprintf(err_msg, "unparseable consensus '%s'", inputs_tmp);
2444 goto done;
2445 }
2446
2447 inputs_tmp = smartlist_get(sl, 1);
2448 *total_days =
2449 (int) tor_parse_long(inputs_tmp, 10, 0, INT_MAX, &num_ok, NULL);
2450 if (!num_ok) {
2451 tor_asprintf(err_msg, "unparseable days '%s'", inputs_tmp);
2452 goto done;
2453 }
2454
2455 retval = 0;
2456
2457 done:
2458 SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
2459 smartlist_free(sl);
2460
2461 return retval;
2462 }
2463
2464 /* Maximum age of a guardfraction file that we are willing to accept. */
2465 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2466
2467 /** Static strings of guardfraction files. */
2468 #define GUARDFRACTION_DATE_STR "written-at"
2469 #define GUARDFRACTION_INPUTS "n-inputs"
2470 #define GUARDFRACTION_GUARD "guard-seen"
2471 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2472
2473 /** Given a guardfraction file in a string, parse it and register the
2474 * guardfraction information to the provided vote routerstatuses.
2475 *
2476 * This is the rough format of the guardfraction file:
2477 *
2478 * guardfraction-file-version 1
2479 * written-at <date and time>
2480 * n-inputs <number of consesuses parsed> <number of days considered>
2481 *
2482 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2483 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2484 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2485 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2486 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2487 * ...
2488 *
2489 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2490 * should tolerate errors in all lines but the written-at header.
2491 */
2492 STATIC int
2493 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str,
2494 smartlist_t *vote_routerstatuses)
2495 {
2496 config_line_t *front=NULL, *line;
2497 int ret_tmp;
2498 int retval = -1;
2499 int current_line_n = 0; /* line counter for better log messages */
2500
2501 /* Guardfraction info to be parsed */
2502 int total_consensuses = 0;
2503 int total_days = 0;
2504
2505 /* Stats */
2506 int guards_read_n = 0;
2507 int guards_applied_n = 0;
2508
2509 /* Parse file and split it in lines */
2510 ret_tmp = config_get_lines(guardfraction_file_str, &front, 0);
2511 if (ret_tmp < 0) {
2512 log_warn(LD_CONFIG, "Error reading from guardfraction file");
2513 goto done;
2514 }
2515
2516 /* Sort routerstatuses (needed later when applying guardfraction info) */
2517 if (vote_routerstatuses)
2518 smartlist_sort(vote_routerstatuses, compare_vote_routerstatus_entries);
2519
2520 for (line = front; line; line=line->next) {
2521 current_line_n++;
2522
2523 if (!strcmp(line->key, GUARDFRACTION_VERSION)) {
2524 int num_ok = 1;
2525 unsigned int version;
2526
2527 version =
2528 (unsigned int) tor_parse_long(line->value,
2529 10, 0, INT_MAX, &num_ok, NULL);
2530
2531 if (!num_ok || version != 1) {
2532 log_warn(LD_GENERAL, "Got unknown guardfraction version %d.", version);
2533 goto done;
2534 }
2535 } else if (!strcmp(line->key, GUARDFRACTION_DATE_STR)) {
2536 time_t file_written_at;
2537 time_t now = time(NULL);
2538
2539 /* First line is 'written-at <date>' */
2540 if (parse_iso_time(line->value, &file_written_at) < 0) {
2541 log_warn(LD_CONFIG, "Guardfraction:%d: Bad date '%s'. Ignoring",
2542 current_line_n, line->value);
2543 goto done; /* don't tolerate failure here. */
2544 }
2545 if (file_written_at < now - MAX_GUARDFRACTION_FILE_AGE) {
2546 log_warn(LD_CONFIG, "Guardfraction:%d: was written very long ago '%s'",
2547 current_line_n, line->value);
2548 goto done; /* don't tolerate failure here. */
2549 }
2550 } else if (!strcmp(line->key, GUARDFRACTION_INPUTS)) {
2551 char *err_msg = NULL;
2552
2553 if (guardfraction_file_parse_inputs_line(line->value,
2554 &total_consensuses,
2555 &total_days,
2556 &err_msg) < 0) {
2557 log_warn(LD_CONFIG, "Guardfraction:%d: %s",
2558 current_line_n, err_msg);
2559 tor_free(err_msg);
2560 continue;
2561 }
2562
2563 } else if (!strcmp(line->key, GUARDFRACTION_GUARD)) {
2564 char *err_msg = NULL;
2565
2566 ret_tmp = guardfraction_file_parse_guard_line(line->value,
2567 vote_routerstatuses,
2568 &err_msg);
2569 if (ret_tmp < 0) { /* failed while parsing the guard line */
2570 log_warn(LD_CONFIG, "Guardfraction:%d: %s",
2571 current_line_n, err_msg);
2572 tor_free(err_msg);
2573 continue;
2574 }
2575
2576 /* Successfully parsed guard line. Check if it was applied properly. */
2577 guards_read_n++;
2578 if (ret_tmp > 0) {
2579 guards_applied_n++;
2580 }
2581 } else {
2582 log_warn(LD_CONFIG, "Unknown guardfraction line %d (%s %s)",
2583 current_line_n, line->key, line->value);
2584 }
2585 }
2586
2587 retval = 0;
2588
2589 log_info(LD_CONFIG,
2590 "Successfully parsed guardfraction file with %d consensuses over "
2591 "%d days. Parsed %d nodes and applied %d of them%s.",
2592 total_consensuses, total_days, guards_read_n, guards_applied_n,
2593 vote_routerstatuses ? "" : " (no routerstatus provided)" );
2594
2595 done:
2596 config_free_lines(front);
2597
2598 if (retval < 0) {
2599 return retval;
2600 } else {
2601 return guards_read_n;
2602 }
2603 }
2604
2605 /** Read a guardfraction file at <b>fname</b> and load all its
2606 * information to <b>vote_routerstatuses</b>. */
2607 int
2608 dirserv_read_guardfraction_file(const char *fname,
2609 smartlist_t *vote_routerstatuses)
2610 {
2611 char *guardfraction_file_str;
2612
2613 /* Read file to a string */
2614 guardfraction_file_str = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
2615 if (!guardfraction_file_str) {
2616 log_warn(LD_FS, "Cannot open guardfraction file '%s'. Failing.", fname);
2617 return -1;
2618 }
2619
2620 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str,
2621 vote_routerstatuses);
2622 }
2623
2624 /**
2625 * Helper function to parse out a line in the measured bandwidth file
2626 * into a measured_bw_line_t output structure. Returns -1 on failure
2627 * or 0 on success.
2628 */
2629 STATIC int
2630 measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line)
2631 {
2632 char *line = tor_strdup(orig_line);
2633 char *cp = line;
2634 int got_bw = 0;
2635 int got_node_id = 0;
2636 char *strtok_state; /* lame sauce d'jour */
2637 cp = tor_strtok_r(cp, " \t", &strtok_state);
2638
2639 if (!cp) {
2640 log_warn(LD_DIRSERV, "Invalid line in bandwidth file: %s",
2641 escaped(orig_line));
2642 tor_free(line);
2643 return -1;
2644 }
2645
2646 if (orig_line[strlen(orig_line)-1] != '\n') {
2647 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2648 escaped(orig_line));
2649 tor_free(line);
2650 return -1;
2651 }
2652
2653 do {
2654 if (strcmpstart(cp, "bw=") == 0) {
2655 int parse_ok = 0;
2656 char *endptr;
2657 if (got_bw) {
2658 log_warn(LD_DIRSERV, "Double bw= in bandwidth file line: %s",
2659 escaped(orig_line));
2660 tor_free(line);
2661 return -1;
2662 }
2663 cp+=strlen("bw=");
2664
2665 out->bw_kb = tor_parse_long(cp, 0, 0, LONG_MAX, &parse_ok, &endptr);
2666 if (!parse_ok || (*endptr && !TOR_ISSPACE(*endptr))) {
2667 log_warn(LD_DIRSERV, "Invalid bandwidth in bandwidth file line: %s",
2668 escaped(orig_line));
2669 tor_free(line);
2670 return -1;
2671 }
2672 got_bw=1;
2673 } else if (strcmpstart(cp, "node_id=$") == 0) {
2674 if (got_node_id) {
2675 log_warn(LD_DIRSERV, "Double node_id= in bandwidth file line: %s",
2676 escaped(orig_line));
2677 tor_free(line);
2678 return -1;
2679 }
2680 cp+=strlen("node_id=$");
2681
2682 if (strlen(cp) != HEX_DIGEST_LEN ||
2683 base16_decode(out->node_id, DIGEST_LEN,
2684 cp, HEX_DIGEST_LEN) != DIGEST_LEN) {
2685 log_warn(LD_DIRSERV, "Invalid node_id in bandwidth file line: %s",
2686 escaped(orig_line));
2687 tor_free(line);
2688 return -1;
2689 }
2690 strlcpy(out->node_hex, cp, sizeof(out->node_hex));
2691 got_node_id=1;
2692 }
2693 } while ((cp = tor_strtok_r(NULL, " \t", &strtok_state)));
2694
2695 if (got_bw && got_node_id) {
2696 tor_free(line);
2697 return 0;
2698 } else {
2699 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2700 escaped(orig_line));
2701 tor_free(line);
2702 return -1;
2703 }
2704 }
2705
2706 /**
2707 * Helper function to apply a parsed measurement line to a list
2708 * of bandwidth statuses. Returns true if a line is found,
2709 * false otherwise.
2710 */
2711 STATIC int
2712 measured_bw_line_apply(measured_bw_line_t *parsed_line,
2713 smartlist_t *routerstatuses)
2714 {
2715 vote_routerstatus_t *rs = NULL;
2716 if (!routerstatuses)
2717 return 0;
2718
2719 rs = smartlist_bsearch(routerstatuses, parsed_line->node_id,
2720 compare_digest_to_vote_routerstatus_entry);
2721
2722 if (rs) {
2723 rs->has_measured_bw = 1;
2724 rs->measured_bw_kb = (uint32_t)parsed_line->bw_kb;
2725 } else {
2726 log_info(LD_DIRSERV, "Node ID %s not found in routerstatus list",
2727 parsed_line->node_hex);
2728 }
2729
2730 return rs != NULL;
2731 }
2732
2733 /**
2734 * Read the measured bandwidth file and apply it to the list of
2735 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2736 */
2737 int
2738 dirserv_read_measured_bandwidths(const char *from_file,
2739 smartlist_t *routerstatuses)
2740 {
2741 char line[512];
2742 FILE *fp = tor_fopen_cloexec(from_file, "r");
2743 int applied_lines = 0;
2744 time_t file_time, now;
2745 int ok;
2746
2747 if (fp == NULL) {
2748 log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
2749 from_file);
2750 return -1;
2751 }
2752
2753 if (!fgets(line, sizeof(line), fp)
2754 || !strlen(line) || line[strlen(line)-1] != '\n') {
2755 log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
2756 escaped(line));
2757 fclose(fp);
2758 return -1;
2759 }
2760
2761 line[strlen(line)-1] = '\0';
2762 file_time = (time_t)tor_parse_ulong(line, 10, 0, ULONG_MAX, &ok, NULL);
2763 if (!ok) {
2764 log_warn(LD_DIRSERV, "Non-integer time in bandwidth file: %s",
2765 escaped(line));
2766 fclose(fp);
2767 return -1;
2768 }
2769
2770 now = time(NULL);
2771 if ((now - file_time) > MAX_MEASUREMENT_AGE) {
2772 log_warn(LD_DIRSERV, "Bandwidth measurement file stale. Age: %u",
2773 (unsigned)(time(NULL) - file_time));
2774 fclose(fp);
2775 return -1;
2776 }
2777
2778 if (routerstatuses)
2779 smartlist_sort(routerstatuses, compare_vote_routerstatus_entries);
2780
2781 while (!feof(fp)) {
2782 measured_bw_line_t parsed_line;
2783 if (fgets(line, sizeof(line), fp) && strlen(line)) {
2784 if (measured_bw_line_parse(&parsed_line, line) != -1) {
2785 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2786 dirserv_cache_measured_bw(&parsed_line, file_time);
2787 if (measured_bw_line_apply(&parsed_line, routerstatuses) > 0)
2788 applied_lines++;
2789 }
2790 }
2791 }
2792
2793 /* Now would be a nice time to clean the cache, too */
2794 dirserv_expire_measured_bw_cache(now);
2795
2796 fclose(fp);
2797 log_info(LD_DIRSERV,
2798 "Bandwidth measurement file successfully read. "
2799 "Applied %d measurements.", applied_lines);
2800 return 0;
2801 }
2802
2803 /** Return a new networkstatus_t* containing our current opinion. (For v3
2804 * authorities) */
2805 networkstatus_t *
2806 dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
2807 authority_cert_t *cert)
2808 {
2809 const or_options_t *options = get_options();
2810 networkstatus_t *v3_out = NULL;
2811 uint32_t addr;
2812 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2813 const char *contact;
2814 smartlist_t *routers, *routerstatuses;
2815 char identity_digest[DIGEST_LEN];
2816 char signing_key_digest[DIGEST_LEN];
2817 int listbadexits = options->AuthDirListBadExits;
2818 routerlist_t *rl = router_get_routerlist();
2819 time_t now = time(NULL);
2820 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2821 networkstatus_voter_info_t *voter = NULL;
2822 vote_timing_t timing;
2823 digestmap_t *omit_as_sybil = NULL;
2824 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
2825 smartlist_t *microdescriptors = NULL;
2826
2827 tor_assert(private_key);
2828 tor_assert(cert);
2829
2830 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2831 log_err(LD_BUG, "Error computing signing key digest");
2832 return NULL;
2833 }
2834 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2835 log_err(LD_BUG, "Error computing identity key digest");
2836 return NULL;
2837 }
2838 if (resolve_my_address(LOG_WARN, options, &addr, NULL, &hostname)<0) {
2839 log_warn(LD_NET, "Couldn't resolve my hostname");
2840 return NULL;
2841 }
2842 if (!hostname || !strchr(hostname, '.')) {
2843 tor_free(hostname);
2844 hostname = tor_dup_ip(addr);
2845 }
2846
2847 if (options->VersioningAuthoritativeDir) {
2848 client_versions = format_versions_list(options->RecommendedClientVersions);
2849 server_versions = format_versions_list(options->RecommendedServerVersions);
2850 }
2851
2852 contact = get_options()->ContactInfo;
2853 if (!contact)
2854 contact = "(none)";
2855
2856 /*
2857 * Do this so dirserv_compute_performance_thresholds() and
2858 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2859 */
2860 if (options->V3BandwidthsFile) {
2861 dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
2862 } else {
2863 /*
2864 * No bandwidths file; clear the measured bandwidth cache in case we had
2865 * one last time around.
2866 */
2867 if (dirserv_get_measured_bw_cache_size() > 0) {
2868 dirserv_clear_measured_bw_cache();
2869 }
2870 }
2871
2872 /* precompute this part, since we need it to decide what "stable"
2873 * means. */
2874 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2875 dirserv_set_router_is_running(ri, now);
2876 });
2877
2878 routers = smartlist_new();
2879 smartlist_add_all(routers, rl->routers);
2880 routers_make_ed_keys_unique(routers);
2881 /* After this point, don't use rl->routers; use 'routers' instead. */
2882 routers_sort_by_identity(routers);
2883 omit_as_sybil = get_possible_sybil_list(routers);
2884
2885 DIGESTMAP_FOREACH(omit_as_sybil, sybil_id, void *, ignore) {
2886 (void) ignore;
2887 rep_hist_make_router_pessimal(sybil_id, now);
2888 } DIGESTMAP_FOREACH_END;
2889
2890 /* Count how many have measured bandwidths so we know how to assign flags;
2891 * this must come before dirserv_compute_performance_thresholds() */
2892 dirserv_count_measured_bws(routers);
2893
2894 dirserv_compute_performance_thresholds(omit_as_sybil);
2895
2896 routerstatuses = smartlist_new();
2897 microdescriptors = smartlist_new();
2898
2899 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
2900 if (ri->cache_info.published_on >= cutoff) {
2901 routerstatus_t *rs;
2902 vote_routerstatus_t *vrs;
2903 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
2904 if (!node)
2905 continue;
2906
2907 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2908 rs = &vrs->status;
2909 set_routerstatus_from_routerinfo(rs, node, ri, now,
2910 listbadexits);
2911
2912 if (ri->cache_info.signing_key_cert) {
2913 memcpy(vrs->ed25519_id,
2914 ri->cache_info.signing_key_cert->signing_key.pubkey,
2915 ED25519_PUBKEY_LEN);
2916 }
2917
2918 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2919 clear_status_flags_on_sybil(rs);
2920
2921 if (!vote_on_reachability)
2922 rs->is_flagged_running = 0;
2923
2924 vrs->version = version_from_platform(ri->platform);
2925 if (ri->protocol_list) {
2926 vrs->protocols = tor_strdup(ri->protocol_list);
2927 } else {
2928 vrs->protocols = tor_strdup(
2929 protover_compute_for_old_tor(vrs->version));
2930 }
2931 vrs->microdesc = dirvote_format_all_microdesc_vote_lines(ri, now,
2932 microdescriptors);
2933
2934 smartlist_add(routerstatuses, vrs);
2935 }
2936 } SMARTLIST_FOREACH_END(ri);
2937
2938 {
2939 smartlist_t *added =
2940 microdescs_add_list_to_cache(get_microdesc_cache(),
2941 microdescriptors, SAVED_NOWHERE, 0);
2942 smartlist_free(added);
2943 smartlist_free(microdescriptors);
2944 }
2945
2946 smartlist_free(routers);
2947 digestmap_free(omit_as_sybil, NULL);
2948
2949 /* Apply guardfraction information to routerstatuses. */
2950 if (options->GuardfractionFile) {
2951 dirserv_read_guardfraction_file(options->GuardfractionFile,
2952 routerstatuses);
2953 }
2954
2955 /* This pass through applies the measured bw lines to the routerstatuses */
2956 if (options->V3BandwidthsFile) {
2957 dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
2958 routerstatuses);
2959 } else {
2960 /*
2961 * No bandwidths file; clear the measured bandwidth cache in case we had
2962 * one last time around.
2963 */
2964 if (dirserv_get_measured_bw_cache_size() > 0) {
2965 dirserv_clear_measured_bw_cache();
2966 }
2967 }
2968
2969 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
2970
2971 v3_out->type = NS_TYPE_VOTE;
2972 dirvote_get_preferred_voting_intervals(&timing);
2973 v3_out->published = now;
2974 {
2975 char tbuf[ISO_TIME_LEN+1];
2976 networkstatus_t *current_consensus =
2977 networkstatus_get_live_consensus(now);
2978 long last_consensus_interval; /* only used to pick a valid_after */
2979 if (current_consensus)
2980 last_consensus_interval = current_consensus->fresh_until -
2981 current_consensus->valid_after;
2982 else
2983 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
2984 v3_out->valid_after =
2985 dirvote_get_start_of_next_interval(now, (int)last_consensus_interval,
2986 options->TestingV3AuthVotingStartOffset);
2987 format_iso_time(tbuf, v3_out->valid_after);
2988 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
2989 "consensus_set=%d, last_interval=%d",
2990 tbuf, current_consensus?1:0, (int)last_consensus_interval);
2991 }
2992 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
2993 v3_out->valid_until = v3_out->valid_after +
2994 (timing.vote_interval * timing.n_intervals_valid);
2995 v3_out->vote_seconds = timing.vote_delay;
2996 v3_out->dist_seconds = timing.dist_delay;
2997 tor_assert(v3_out->vote_seconds > 0);
2998 tor_assert(v3_out->dist_seconds > 0);
2999 tor_assert(timing.n_intervals_valid > 0);
3000
3001 v3_out->client_versions = client_versions;
3002 v3_out->server_versions = server_versions;
3003
3004 /* These are hardwired, to avoid disaster. */
3005 v3_out->recommended_relay_protocols =
3006 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3007 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3008 v3_out->recommended_client_protocols =
3009 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3010 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3011 v3_out->required_client_protocols =
3012 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3013 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3014 v3_out->required_relay_protocols =
3015 tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3016 "Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
3017
3018 /* We are not allowed to vote to require anything we don't have. */
3019 tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
3020 tor_assert(protover_all_supported(v3_out->required_client_protocols, NULL));
3021
3022 /* We should not recommend anything we don't have. */
3023 tor_assert_nonfatal(protover_all_supported(
3024 v3_out->recommended_relay_protocols, NULL));
3025 tor_assert_nonfatal(protover_all_supported(
3026 v3_out->recommended_client_protocols, NULL));
3027
3028 v3_out->package_lines = smartlist_new();
3029 {
3030 config_line_t *cl;
3031 for (cl = get_options()->RecommendedPackages; cl; cl = cl->next) {
3032 if (validate_recommended_package_line(cl->value))
3033 smartlist_add(v3_out->package_lines, tor_strdup(cl->value));
3034 }
3035 }
3036
3037 v3_out->known_flags = smartlist_new();
3038 smartlist_split_string(v3_out->known_flags,
3039 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
3040 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
3041 if (vote_on_reachability)
3042 smartlist_add(v3_out->known_flags, tor_strdup("Running"));
3043 if (listbadexits)
3044 smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
3045 smartlist_sort_strings(v3_out->known_flags);
3046
3047 if (options->ConsensusParams) {
3048 v3_out->net_params = smartlist_new();
3049 smartlist_split_string(v3_out->net_params,
3050 options->ConsensusParams, NULL, 0, 0);
3051 smartlist_sort_strings(v3_out->net_params);
3052 }
3053
3054 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
3055 voter->nickname = tor_strdup(options->Nickname);
3056 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
3057 voter->sigs = smartlist_new();
3058 voter->address = hostname;
3059 voter->addr = addr;
3060 voter->dir_port = router_get_advertised_dir_port(options, 0);
3061 voter->or_port = router_get_advertised_or_port(options);
3062 voter->contact = tor_strdup(contact);
3063 if (options->V3AuthUseLegacyKey) {
3064 authority_cert_t *c = get_my_v3_legacy_cert();
3065 if (c) {
3066 if (crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest)) {
3067 log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
3068 memset(voter->legacy_id_digest, 0, DIGEST_LEN);
3069 }
3070 }
3071 }
3072
3073 v3_out->voters = smartlist_new();
3074 smartlist_add(v3_out->voters, voter);
3075 v3_out->cert = authority_cert_dup(cert);
3076 v3_out->routerstatus_list = routerstatuses;
3077 /* Note: networkstatus_digest is unset; it won't get set until we actually
3078 * format the vote. */
3079
3080 return v3_out;
3081 }
3082
3083 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3084 * pointers, adds copies of digests to fps_out, and doesn't use the
3085 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3086 * requests, adds identity digests.
3087 */
3088 int
3089 dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
3090 const char **msg, int for_unencrypted_conn,
3091 int is_extrainfo)
3092 {
3093 int by_id = 1;
3094 *msg = NULL;
3095
3096 if (!strcmp(key, "all")) {
3097 routerlist_t *rl = router_get_routerlist();
3098 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3099 smartlist_add(fps_out,
3100 tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
3101 /* Treat "all" requests as if they were unencrypted */
3102 for_unencrypted_conn = 1;
3103 } else if (!strcmp(key, "authority")) {
3104 const routerinfo_t *ri = router_get_my_routerinfo();
3105 if (ri)
3106 smartlist_add(fps_out,
3107 tor_memdup(ri->cache_info.identity_digest, DIGEST_LEN));
3108 } else if (!strcmpstart(key, "d/")) {
3109 by_id = 0;
3110 key += strlen("d/");
3111 dir_split_resource_into_fingerprints(key, fps_out, NULL,
3112 DSR_HEX|DSR_SORT_UNIQ);
3113 } else if (!strcmpstart(key, "fp/")) {
3114 key += strlen("fp/");
3115 dir_split_resource_into_fingerprints(key, fps_out, NULL,
3116 DSR_HEX|DSR_SORT_UNIQ);
3117 } else {
3118 *msg = "Key not recognized";
3119 return -1;
3120 }
3121
3122 if (for_unencrypted_conn) {
3123 /* Remove anything that insists it not be sent unencrypted. */
3124 SMARTLIST_FOREACH_BEGIN(fps_out, char *, cp) {
3125 const signed_descriptor_t *sd;
3126 if (by_id)
3127 sd = get_signed_descriptor_by_fp(cp,is_extrainfo,0);
3128 else if (is_extrainfo)
3129 sd = extrainfo_get_by_descriptor_digest(cp);
3130 else
3131 sd = router_get_by_descriptor_digest(cp);
3132 if (sd && !sd->send_unencrypted) {
3133 tor_free(cp);
3134 SMARTLIST_DEL_CURRENT(fps_out, cp);
3135 }
3136 } SMARTLIST_FOREACH_END(cp);
3137 }
3138
3139 if (!smartlist_len(fps_out)) {
3140 *msg = "Servers unavailable";
3141 return -1;
3142 }
3143 return 0;
3144 }
3145
3146 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3147 * <b>key</b>. The key should be either
3148 * - "/tor/server/authority" for our own routerinfo;
3149 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3150 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3151 * hex identity digests; or
3152 * - "/tor/server/d/D" where D is a plus-separated sequence
3153 * of server descriptor digests, in hex.
3154 *
3155 * Return 0 if we found some matching descriptors, or -1 if we do not
3156 * have any descriptors, no matching descriptors, or if we did not
3157 * recognize the key (URL).
3158 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3159 * message.
3160 *
3161 * XXXX rename this function. It's only called from the controller.
3162 * XXXX in fact, refactor this function, merging as much as possible.
3163 */
3164 int
3165 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
3166 const char **msg)
3167 {
3168 *msg = NULL;
3169
3170 if (!strcmp(key, "/tor/server/all")) {
3171 routerlist_t *rl = router_get_routerlist();
3172 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3173 smartlist_add(descs_out, &(r->cache_info)));
3174 } else if (!strcmp(key, "/tor/server/authority")) {
3175 const routerinfo_t *ri = router_get_my_routerinfo();
3176 if (ri)
3177 smartlist_add(descs_out, (void*) &(ri->cache_info));
3178 } else if (!strcmpstart(key, "/tor/server/d/")) {
3179 smartlist_t *digests = smartlist_new();
3180 key += strlen("/tor/server/d/");
3181 dir_split_resource_into_fingerprints(key, digests, NULL,
3182 DSR_HEX|DSR_SORT_UNIQ);
3183 SMARTLIST_FOREACH(digests, const char *, d,
3184 {
3185 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
3186 if (sd)
3187 smartlist_add(descs_out,sd);
3188 });
3189 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3190 smartlist_free(digests);
3191 } else if (!strcmpstart(key, "/tor/server/fp/")) {
3192 smartlist_t *digests = smartlist_new();
3193 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
3194 key += strlen("/tor/server/fp/");
3195 dir_split_resource_into_fingerprints(key, digests, NULL,
3196 DSR_HEX|DSR_SORT_UNIQ);
3197 SMARTLIST_FOREACH_BEGIN(digests, const char *, d) {
3198 if (router_digest_is_me(d)) {
3199 /* calling router_get_my_routerinfo() to make sure it exists */
3200 const routerinfo_t *ri = router_get_my_routerinfo();
3201 if (ri)
3202 smartlist_add(descs_out, (void*) &(ri->cache_info));
3203 } else {
3204 const routerinfo_t *ri = router_get_by_id_digest(d);
3205 /* Don't actually serve a descriptor that everyone will think is
3206 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3207 * Tors from downloading descriptors that they will throw away.
3208 */
3209 if (ri && ri->cache_info.published_on > cutoff)
3210 smartlist_add(descs_out, (void*) &(ri->cache_info));
3211 }
3212 } SMARTLIST_FOREACH_END(d);
3213 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3214 smartlist_free(digests);
3215 } else {
3216 *msg = "Key not recognized";
3217 return -1;
3218 }
3219
3220 if (!smartlist_len(descs_out)) {
3221 *msg = "Servers unavailable";
3222 return -1;
3223 }
3224 return 0;
3225 }
3226
3227 /** Called when a TLS handshake has completed successfully with a
3228 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3229 * a certificate with digest <b>digest_rcvd</b>.
3230 *
3231 * Inform the reachability checker that we could get to this relay.
3232 */
3233 void
3234 dirserv_orconn_tls_done(const tor_addr_t *addr,
3235 uint16_t or_port,
3236 const char *digest_rcvd)
3237 {
3238 node_t *node = NULL;
3239 tor_addr_port_t orport;
3240 routerinfo_t *ri = NULL;
3241 time_t now = time(NULL);
3242 tor_assert(addr);
3243 tor_assert(digest_rcvd);
3244
3245 node = node_get_mutable_by_id(digest_rcvd);
3246 if (node == NULL || node->ri == NULL)
3247 return;
3248 ri = node->ri;
3249
3250 tor_addr_copy(&orport.addr, addr);
3251 orport.port = or_port;
3252 if (router_has_orport(ri, &orport)) {
3253 /* Found the right router. */
3254 if (!authdir_mode_bridge(get_options()) ||
3255 ri->purpose == ROUTER_PURPOSE_BRIDGE) {
3256 char addrstr[TOR_ADDR_BUF_LEN];
3257 /* This is a bridge or we're not a bridge authorititative --
3258 mark it as reachable. */
3259 log_info(LD_DIRSERV, "Found router %s to be reachable at %s:%d. Yay.",
3260 router_describe(ri),
3261 tor_addr_to_str(addrstr, addr, sizeof(addrstr), 1),
3262 ri->or_port);
3263 if (tor_addr_family(addr) == AF_INET) {
3264 rep_hist_note_router_reachable(digest_rcvd, addr, or_port, now);
3265 node->last_reachable = now;
3266 } else if (tor_addr_family(addr) == AF_INET6) {
3267 /* No rephist for IPv6. */
3268 node->last_reachable6 = now;
3269 }
3270 }
3271 }
3272 }
3273
3274 /** Called when we, as an authority, receive a new router descriptor either as
3275 * an upload or a download. Used to decide whether to relaunch reachability
3276 * testing for the server. */
3277 int
3278 dirserv_should_launch_reachability_test(const routerinfo_t *ri,
3279 const routerinfo_t *ri_old)
3280 {
3281 if (!authdir_mode_handles_descs(get_options(), ri->purpose))
3282 return 0;
3283 if (!ri_old) {
3284 /* New router: Launch an immediate reachability test, so we will have an
3285 * opinion soon in case we're generating a consensus soon */
3286 return 1;
3287 }
3288 if (ri_old->is_hibernating && !ri->is_hibernating) {
3289 /* It just came out of hibernation; launch a reachability test */
3290 return 1;
3291 }
3292 if (! routers_have_same_or_addrs(ri, ri_old)) {
3293 /* Address or port changed; launch a reachability test */
3294 return 1;
3295 }
3296 return 0;
3297 }
3298
3299 /** Helper function for dirserv_test_reachability(). Start a TLS
3300 * connection to <b>router</b>, and annotate it with when we started
3301 * the test. */
3302 void
3303 dirserv_single_reachability_test(time_t now, routerinfo_t *router)
3304 {
3305 channel_t *chan = NULL;
3306 node_t *node = NULL;
3307 tor_addr_t router_addr;
3308 (void) now;
3309
3310 tor_assert(router);
3311 node = node_get_mutable_by_id(router->cache_info.identity_digest);
3312 tor_assert(node);
3313
3314 /* IPv4. */
3315 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
3316 router->nickname, fmt_addr32(router->addr), router->or_port);
3317 tor_addr_from_ipv4h(&router_addr, router->addr);
3318 chan = channel_tls_connect(&router_addr, router->or_port,
3319 router->cache_info.identity_digest);
3320 if (chan) command_setup_channel(chan);
3321
3322 /* Possible IPv6. */
3323 if (get_options()->AuthDirHasIPv6Connectivity == 1 &&
3324 !tor_addr_is_null(&router->ipv6_addr)) {
3325 char addrstr[TOR_ADDR_BUF_LEN];
3326 log_debug(LD_OR, "Testing reachability of %s at %s:%u.",
3327 router->nickname,
3328 tor_addr_to_str(addrstr, &router->ipv6_addr, sizeof(addrstr), 1),
3329 router->ipv6_orport);
3330 chan = channel_tls_connect(&router->ipv6_addr, router->ipv6_orport,
3331 router->cache_info.identity_digest);
3332 if (chan) command_setup_channel(chan);
3333 }
3334 }
3335
3336 /** Auth dir server only: load balance such that we only
3337 * try a few connections per call.
3338 *
3339 * The load balancing is such that if we get called once every ten
3340 * seconds, we will cycle through all the tests in
3341 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3342 */
3343 void
3344 dirserv_test_reachability(time_t now)
3345 {
3346 /* XXX decide what to do here; see or-talk thread "purging old router
3347 * information, revocation." -NM
3348 * We can't afford to mess with this in 0.1.2.x. The reason is that
3349 * if we stop doing reachability tests on some of routerlist, then
3350 * we'll for-sure think they're down, which may have unexpected
3351 * effects in other parts of the code. It doesn't hurt much to do
3352 * the testing, and directory authorities are easy to upgrade. Let's
3353 * wait til 0.2.0. -RD */
3354 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3355 routerlist_t *rl = router_get_routerlist();
3356 static char ctr = 0;
3357 int bridge_auth = authdir_mode_bridge(get_options());
3358
3359 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, router) {
3360 const char *id_digest = router->cache_info.identity_digest;
3361 if (router_is_me(router))
3362 continue;
3363 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
3364 continue; /* bridge authorities only test reachability on bridges */
3365 // if (router->cache_info.published_on > cutoff)
3366 // continue;
3367 if ((((uint8_t)id_digest[0]) % REACHABILITY_MODULO_PER_TEST) == ctr) {
3368 dirserv_single_reachability_test(now, router);
3369 }
3370 } SMARTLIST_FOREACH_END(router);
3371 ctr = (ctr + 1) % REACHABILITY_MODULO_PER_TEST; /* increment ctr */
3372 }
3373
3374 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3375 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3376 * flavor name if we want a flavored v3 status, return a pointer to the
3377 * appropriate cached dir object, or NULL if there isn't one available. */
3378 static cached_dir_t *
3379 lookup_cached_dir_by_fp(const char *fp)
3380 {
3381 cached_dir_t *d = NULL;
3382 if (tor_digest_is_zero(fp) && cached_consensuses) {
3383 d = strmap_get(cached_consensuses, "ns");
3384 } else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses &&
3385 (d = strmap_get(cached_consensuses, fp))) {
3386 /* this here interface is a nasty hack XXXX */;
3387 }
3388 return d;
3389 }
3390
3391 /** Remove from <b>fps</b> every networkstatus key where both
3392 * a) we have a networkstatus document and
3393 * b) it is not newer than <b>cutoff</b>.
3394 *
3395 * Return 1 if any items were present at all; else return 0.
3396 */
3397 int
3398 dirserv_remove_old_statuses(smartlist_t *fps, time_t cutoff)
3399 {
3400 int found_any = 0;
3401 SMARTLIST_FOREACH_BEGIN(fps, char *, digest) {
3402 cached_dir_t *d = lookup_cached_dir_by_fp(digest);
3403 if (!d)
3404 continue;
3405 found_any = 1;
3406 if (d->published <= cutoff) {
3407 tor_free(digest);
3408 SMARTLIST_DEL_CURRENT(fps, digest);
3409 }
3410 } SMARTLIST_FOREACH_END(digest);
3411
3412 return found_any;
3413 }
3414
3415 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3416 * its extra-info document if <b>extrainfo</b> is true. Return
3417 * NULL if not found or if the descriptor is older than
3418 * <b>publish_cutoff</b>. */
3419 static const signed_descriptor_t *
3420 get_signed_descriptor_by_fp(const char *fp, int extrainfo,
3421 time_t publish_cutoff)
3422 {
3423 if (router_digest_is_me(fp)) {
3424 if (extrainfo)
3425 return &(router_get_my_extrainfo()->cache_info);
3426 else
3427 return &(router_get_my_routerinfo()->cache_info);
3428 } else {
3429 const routerinfo_t *ri = router_get_by_id_digest(fp);
3430 if (ri &&
3431 ri->cache_info.published_on > publish_cutoff) {
3432 if (extrainfo)
3433 return extrainfo_get_by_descriptor_digest(
3434 ri->cache_info.extra_info_digest);
3435 else
3436 return &ri->cache_info;
3437 }
3438 }
3439 return NULL;
3440 }
3441
3442 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3443 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3444 * decide whether to send a 404. */
3445 int
3446 dirserv_have_any_serverdesc(smartlist_t *fps, int spool_src)
3447 {
3448 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3449 SMARTLIST_FOREACH_BEGIN(fps, const char *, fp) {
3450 switch (spool_src)
3451 {
3452 case DIR_SPOOL_EXTRA_BY_DIGEST:
3453 if (extrainfo_get_by_descriptor_digest(fp)) return 1;
3454 break;
3455 case DIR_SPOOL_SERVER_BY_DIGEST:
3456 if (router_get_by_descriptor_digest(fp)) return 1;
3457 break;
3458 case DIR_SPOOL_EXTRA_BY_FP:
3459 case DIR_SPOOL_SERVER_BY_FP:
3460 if (get_signed_descriptor_by_fp(fp,
3461 spool_src == DIR_SPOOL_EXTRA_BY_FP, publish_cutoff))
3462 return 1;
3463 break;
3464 }
3465 } SMARTLIST_FOREACH_END(fp);
3466 return 0;
3467 }
3468
3469 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3470 * a microdescriptor we have. */
3471 int
3472 dirserv_have_any_microdesc(const smartlist_t *fps)
3473 {
3474 microdesc_cache_t *cache = get_microdesc_cache();
3475 SMARTLIST_FOREACH(fps, const char *, fp,
3476 if (microdesc_cache_lookup_by_digest256(cache, fp))
3477 return 1);
3478 return 0;
3479 }
3480
3481 /** Return an approximate estimate of the number of bytes that will
3482 * be needed to transmit the server descriptors (if is_serverdescs --
3483 * they can be either d/ or fp/ queries) or networkstatus objects (if
3484 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3485 * we guess how large the data will be after compression.
3486 *
3487 * The return value is an estimate; it might be larger or smaller.
3488 **/
3489 size_t
3490 dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
3491 int compressed)
3492 {
3493 size_t result;
3494 tor_assert(fps);
3495 if (is_serverdescs) {
3496 int n = smartlist_len(fps);
3497 const routerinfo_t *me = router_get_my_routerinfo();
3498 result = (me?me->cache_info.signed_descriptor_len:2048) * n;
3499 if (compressed)
3500 result /= 2; /* observed compressibility is between 35 and 55%. */
3501 } else {
3502 result = 0;
3503 SMARTLIST_FOREACH(fps, const char *, digest, {
3504 cached_dir_t *dir = lookup_cached_dir_by_fp(digest);
3505 if (dir)
3506 result += compressed ? dir->dir_z_len : dir->dir_len;
3507 });
3508 }
3509 return result;
3510 }
3511
3512 /** Given a list of microdescriptor hashes, guess how many bytes will be
3513 * needed to transmit them, and return the guess. */
3514 size_t
3515 dirserv_estimate_microdesc_size(const smartlist_t *fps, int compressed)
3516 {
3517 size_t result = smartlist_len(fps) * microdesc_average_size(NULL);
3518 if (compressed)
3519 result /= 2;
3520 return result;
3521 }
3522
3523 /** When we're spooling data onto our outbuf, add more whenever we dip
3524 * below this threshold. */
3525 #define DIRSERV_BUFFER_MIN 16384
3526
3527 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3528 * Flushes any remaining data to be (un)compressed, and changes the spool
3529 * source to NONE. Returns 0 on success, negative on failure. */
3530 static int
3531 connection_dirserv_finish_spooling(dir_connection_t *conn)
3532 {
3533 if (conn->zlib_state) {
3534 connection_write_to_buf_zlib("", 0, conn, 1);
3535 tor_zlib_free(conn->zlib_state);
3536 conn->zlib_state = NULL;
3537 }
3538 conn->dir_spool_src = DIR_SPOOL_NONE;
3539 return 0;
3540 }
3541
3542 /** Spooling helper: called when we're sending a bunch of server descriptors,
3543 * and the outbuf has become too empty. Pulls some entries from
3544 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3545 * run out of entries, flushes the zlib state and sets the spool source to
3546 * NONE. Returns 0 on success, negative on failure.
3547 */
3548 static int
3549 connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
3550 {
3551 int by_fp = (conn->dir_spool_src == DIR_SPOOL_SERVER_BY_FP ||
3552 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP);
3553 int extra = (conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP ||
3554 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_DIGEST);
3555 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3556
3557 const or_options_t *options = get_options();
3558
3559 while (smartlist_len(conn->fingerprint_stack) &&
3560 connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN) {
3561 const char *body;
3562 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3563 const signed_descriptor_t *sd = NULL;
3564 if (by_fp) {
3565 sd = get_signed_descriptor_by_fp(fp, extra, publish_cutoff);
3566 } else {
3567 sd = extra ? extrainfo_get_by_descriptor_digest(fp)
3568 : router_get_by_descriptor_digest(fp);
3569 }
3570 tor_free(fp);
3571 if (!sd)
3572 continue;
3573 if (!connection_dir_is_encrypted(conn) && !sd->send_unencrypted) {
3574 /* we did this check once before (so we could have an accurate size
3575 * estimate and maybe send a 404 if somebody asked for only bridges on a
3576 * connection), but we need to do it again in case a previously
3577 * unknown bridge descriptor has shown up between then and now. */
3578 continue;
3579 }
3580
3581 /** If we are the bridge authority and the descriptor is a bridge
3582 * descriptor, remember that we served this descriptor for desc stats. */
3583 if (options->BridgeAuthoritativeDir && by_fp) {
3584 const routerinfo_t *router =
3585 router_get_by_id_digest(sd->identity_digest);
3586 /* router can be NULL here when the bridge auth is asked for its own
3587 * descriptor. */
3588 if (router && router->purpose == ROUTER_PURPOSE_BRIDGE)
3589 rep_hist_note_desc_served(sd->identity_digest);
3590 }
3591 body = signed_descriptor_get_body(sd);
3592 if (conn->zlib_state) {
3593 int last = ! smartlist_len(conn->fingerprint_stack);
3594 connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
3595 last);
3596 if (last) {
3597 tor_zlib_free(conn->zlib_state);
3598 conn->zlib_state = NULL;
3599 }
3600 } else {
3601 connection_write_to_buf(body,
3602 sd->signed_descriptor_len,
3603 TO_CONN(conn));
3604 }
3605 }
3606
3607 if (!smartlist_len(conn->fingerprint_stack)) {
3608 /* We just wrote the last one; finish up. */
3609 if (conn->zlib_state) {
3610 connection_write_to_buf_zlib("", 0, conn, 1);
3611 tor_zlib_free(conn->zlib_state);
3612 conn->zlib_state = NULL;
3613 }
3614 conn->dir_spool_src = DIR_SPOOL_NONE;
3615 smartlist_free(conn->fingerprint_stack);
3616 conn->fingerprint_stack = NULL;
3617 }
3618 return 0;
3619 }
3620
3621 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3622 * and the outbuf has become too empty. Pulls some entries from
3623 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3624 * we run out of entries, flushes the zlib state and sets the spool source to
3625 * NONE. Returns 0 on success, negative on failure.
3626 */
3627 static int
3628 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t *conn)
3629 {
3630 microdesc_cache_t *cache = get_microdesc_cache();
3631 while (smartlist_len(conn->fingerprint_stack) &&
3632 connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN) {
3633 char *fp256 = smartlist_pop_last(conn->fingerprint_stack);
3634 microdesc_t *md = microdesc_cache_lookup_by_digest256(cache, fp256);
3635 tor_free(fp256);
3636 if (!md || !md->body)
3637 continue;
3638 if (conn->zlib_state) {
3639 int last = !smartlist_len(conn->fingerprint_stack);
3640 connection_write_to_buf_zlib(md->body, md->bodylen, conn, last);
3641 if (last) {
3642 tor_zlib_free(conn->zlib_state);
3643 conn->zlib_state = NULL;
3644 }
3645 } else {
3646 connection_write_to_buf(md->body, md->bodylen, TO_CONN(conn));
3647 }
3648 }
3649 if (!smartlist_len(conn->fingerprint_stack)) {
3650 if (conn->zlib_state) {
3651 connection_write_to_buf_zlib("", 0, conn, 1);
3652 tor_zlib_free(conn->zlib_state);
3653 conn->zlib_state = NULL;
3654 }
3655 conn->dir_spool_src = DIR_SPOOL_NONE;
3656 smartlist_free(conn->fingerprint_stack);
3657 conn->fingerprint_stack = NULL;
3658 }
3659 return 0;
3660 }
3661
3662 /** Spooling helper: Called when we're sending a directory or networkstatus,
3663 * and the outbuf has become too empty. Pulls some bytes from
3664 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3665 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3666 * and sets the spool source to NONE. Returns 0 on success, negative on
3667 * failure. */
3668 static int
3669 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t *conn)
3670 {
3671 ssize_t bytes;
3672 int64_t remaining;
3673
3674 bytes = DIRSERV_BUFFER_MIN - connection_get_outbuf_len(TO_CONN(conn));
3675 tor_assert(bytes > 0);
3676 tor_assert(conn->cached_dir);
3677 if (bytes < 8192)
3678 bytes = 8192;
3679 remaining = conn->cached_dir->dir_z_len - conn->cached_dir_offset;
3680 if (bytes > remaining)
3681 bytes = (ssize_t) remaining;
3682
3683 if (conn->zlib_state) {
3684 connection_write_to_buf_zlib(
3685 conn->cached_dir->dir_z + conn->cached_dir_offset,
3686 bytes, conn, bytes == remaining);
3687 } else {
3688 connection_write_to_buf(conn->cached_dir->dir_z + conn->cached_dir_offset,
3689 bytes, TO_CONN(conn));
3690 }
3691 conn->cached_dir_offset += bytes;
3692 if (conn->cached_dir_offset == (int)conn->cached_dir->dir_z_len) {
3693 /* We just wrote the last one; finish up. */
3694 connection_dirserv_finish_spooling(conn);
3695 cached_dir_decref(conn->cached_dir);
3696 conn->cached_dir = NULL;
3697 }
3698 return 0;
3699 }
3700
3701 /** Spooling helper: Called when we're spooling networkstatus objects on
3702 * <b>conn</b>, and the outbuf has become too empty. If the current
3703 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3704 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3705 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3706 * treated as a request for the current consensus.) If we run out of entries,
3707 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3708 * success, negative on failure. */
3709 static int
3710 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
3711 {
3712
3713 while (connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN) {
3714 if (conn->cached_dir) {
3715 int uncompressing = (conn->zlib_state != NULL);
3716 int r = connection_dirserv_add_dir_bytes_to_outbuf(conn);
3717 if (conn->dir_spool_src == DIR_SPOOL_NONE) {
3718 /* add_dir_bytes thinks we're done with the cached_dir. But we
3719 * may have more cached_dirs! */
3720 conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
3721 /* This bit is tricky. If we were uncompressing the last
3722 * networkstatus, we may need to make a new zlib object to
3723 * uncompress the next one. */
3724 if (uncompressing && ! conn->zlib_state &&
3725 conn->fingerprint_stack &&
3726 smartlist_len(conn->fingerprint_stack)) {
3727 conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD, HIGH_COMPRESSION);
3728 }
3729 }
3730 if (r) return r;
3731 } else if (conn->fingerprint_stack &&
3732 smartlist_len(conn->fingerprint_stack)) {
3733 /* Add another networkstatus; start serving it. */
3734 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3735 cached_dir_t *d = lookup_cached_dir_by_fp(fp);
3736 tor_free(fp);
3737 if (d) {
3738 ++d->refcnt;
3739 conn->cached_dir = d;
3740 conn->cached_dir_offset = 0;
3741 }
3742 } else {
3743 connection_dirserv_finish_spooling(conn);
3744 smartlist_free(conn->fingerprint_stack);
3745 conn->fingerprint_stack = NULL;
3746 return 0;
3747 }
3748 }
3749 return 0;
3750 }
3751
3752 /** Called whenever we have flushed some directory data in state
3753 * SERVER_WRITING. */
3754 int
3755 connection_dirserv_flushed_some(dir_connection_t *conn)
3756 {
3757 tor_assert(conn->base_.state == DIR_CONN_STATE_SERVER_WRITING);
3758
3759 if (connection_get_outbuf_len(TO_CONN(conn)) >= DIRSERV_BUFFER_MIN)
3760 return 0;
3761
3762 switch (conn->dir_spool_src) {
3763 case DIR_SPOOL_EXTRA_BY_DIGEST:
3764 case DIR_SPOOL_EXTRA_BY_FP:
3765 case DIR_SPOOL_SERVER_BY_DIGEST:
3766 case DIR_SPOOL_SERVER_BY_FP:
3767 return connection_dirserv_add_servers_to_outbuf(conn);
3768 case DIR_SPOOL_MICRODESC:
3769 return connection_dirserv_add_microdescs_to_outbuf(conn);
3770 case DIR_SPOOL_CACHED_DIR:
3771 return connection_dirserv_add_dir_bytes_to_outbuf(conn);
3772 case DIR_SPOOL_NETWORKSTATUS:
3773 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn);
3774 case DIR_SPOOL_NONE:
3775 default:
3776 return 0;
3777 }
3778 }
3779
3780 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3781 */
3782 /*
3783 The grammar is:
3784
3785 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3786
3787 PACKAGENAME = NONSPACE
3788 VERSION = NONSPACE
3789 URL = NONSPACE
3790 DIGESTS = DIGEST | DIGESTS SP DIGEST
3791 DIGEST = DIGESTTYPE "=" DIGESTVAL
3792
3793 NONSPACE = one or more non-space printing characters
3794
3795 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3796
3797 SP = " "
3798 NL = a newline
3799
3800 */
3801 int
3802 validate_recommended_package_line(const char *line)
3803 {
3804 const char *cp = line;
3805
3806 #define WORD() \
3807 do { \
3808 if (*cp == ' ') \
3809 return 0; \
3810 cp = strchr(cp, ' '); \
3811 if (!cp) \
3812 return 0; \
3813 } while (0)
3814
3815 WORD(); /* skip packagename */
3816 ++cp;
3817 WORD(); /* skip version */
3818 ++cp;
3819 WORD(); /* Skip URL */
3820 ++cp;
3821
3822 /* Skip digesttype=digestval + */
3823 int n_entries = 0;
3824 while (1) {
3825 const char *start_of_word = cp;
3826 const char *end_of_word = strchr(cp, ' ');
3827 if (! end_of_word)
3828 end_of_word = cp + strlen(cp);
3829
3830 if (start_of_word == end_of_word)
3831 return 0;
3832
3833 const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
3834
3835 if (!eq)
3836 return 0;
3837 if (eq == start_of_word)
3838 return 0;
3839 if (eq == end_of_word - 1)
3840 return 0;
3841 if (memchr(eq+1, '=', end_of_word - (eq+1)))
3842 return 0;
3843
3844 ++n_entries;
3845 if (0 == *end_of_word)
3846 break;
3847
3848 cp = end_of_word + 1;
3849 }
3850
3851 /* If we reach this point, we have at least 1 entry. */
3852 tor_assert(n_entries > 0);
3853 return 1;
3854 }
3855
3856 /** Release all storage used by the directory server. */
3857 void
3858 dirserv_free_all(void)
3859 {
3860 dirserv_free_fingerprint_list();
3861
3862 strmap_free(cached_consensuses, free_cached_dir_);
3863 cached_consensuses = NULL;
3864
3865 dirserv_clear_measured_bw_cache();
3866 }
3867
The Onion Router