1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "confparse.h"
12 #include "channeltls.h"
14 #include "connection.h"
15 #include "connection_or.h"
17 #include "directory.h"
20 #include "hibernate.h"
23 #include "microdesc.h"
24 #include "networkstatus.h"
30 #include "routerlist.h"
31 #include "routerparse.h"
32 #include "routerset.h"
37 * \brief Directory server core implementation. Manages directory
38 * contents and generates directories.
40 * This module implements most of directory cache functionality, and some of
41 * the directory authority functionality. The directory.c module delegates
42 * here in order to handle incoming requests from clients, via
43 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
44 * module is reponsible for spooling directory objects (in whole or in part)
45 * onto buf_t instances, and then closing the dir_connection_t once the
46 * objects are totally flushed.
48 * The directory.c module also delegates here for handling descriptor uploads
49 * via dirserv_add_multiple_descriptors().
51 * Additionally, this module handles some aspects of voting, including:
52 * deciding how to vote on individual flags (based on decisions reached in
53 * rephist.c), of formatting routerstatus lines, and deciding what relays to
54 * include in an authority's vote. (TODO: Those functions could profitably be
55 * split off. They only live in this file because historically they were
56 * shared among the v1, v2, and v3 directory code.)
59 /** How far in the future do we allow a router to get? (seconds) */
60 #define ROUTER_ALLOW_SKEW (60*60*12)
61 /** How many seconds do we wait before regenerating the directory? */
62 #define DIR_REGEN_SLACK_TIME 30
63 /** If we're a cache, keep this many networkstatuses around from non-trusted
64 * directory authorities. */
65 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
67 /** Total number of routers with measured bandwidth; this is set by
68 * dirserv_count_measured_bws() before the loop in
69 * dirserv_generate_networkstatus_vote_obj() and checked by
70 * dirserv_get_credible_bandwidth() and
71 * dirserv_compute_performance_thresholds() */
72 static int routers_with_measured_bw
= 0;
74 static void directory_remove_invalid(void);
75 static char *format_versions_list(config_line_t
*ln
);
76 struct authdir_config_t
;
78 dirserv_get_status_impl(const char *fp
, const char *nickname
,
79 uint32_t addr
, uint16_t or_port
,
80 const char *platform
, const char **msg
,
82 static void clear_cached_dir(cached_dir_t
*d
);
83 static const signed_descriptor_t
*get_signed_descriptor_by_fp(
86 time_t publish_cutoff
);
87 static was_router_added_t
dirserv_add_extrainfo(extrainfo_t
*ei
,
89 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
);
90 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
);
92 /************** Fingerprint handling code ************/
94 /* 1 Historically used to indicate Named */
95 #define FP_INVALID 2 /**< Believed invalid. */
96 #define FP_REJECT 4 /**< We will not publish this router. */
97 /* 8 Historically used to avoid using this as a dir. */
98 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
99 /* 32 Historically used to indicade Unnamed */
101 /** Target of status_by_digest map. */
102 typedef uint32_t router_status_t
;
104 static void add_fingerprint_to_dir(const char *fp
,
105 struct authdir_config_t
*list
,
106 router_status_t add_status
);
108 /** List of nickname-\>identity fingerprint mappings for all the routers
109 * that we name. Used to prevent router impersonation. */
110 typedef struct authdir_config_t
{
111 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
112 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
115 /** Should be static; exposed for testing. */
116 static authdir_config_t
*fingerprint_list
= NULL
;
118 /** Allocate and return a new, empty, authdir_config_t. */
119 static authdir_config_t
*
120 authdir_config_new(void)
122 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
123 list
->fp_by_name
= strmap_new();
124 list
->status_by_digest
= digestmap_new();
128 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
129 * <b>list</b>, or-ing the currently set status flags with
133 add_fingerprint_to_dir(const char *fp
, authdir_config_t
*list
,
134 router_status_t add_status
)
138 router_status_t
*status
;
142 fingerprint
= tor_strdup(fp
);
143 tor_strstrip(fingerprint
, " ");
144 if (base16_decode(d
, DIGEST_LEN
,
145 fingerprint
, strlen(fingerprint
)) != DIGEST_LEN
) {
146 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
148 tor_free(fingerprint
);
152 status
= digestmap_get(list
->status_by_digest
, d
);
154 status
= tor_malloc_zero(sizeof(router_status_t
));
155 digestmap_set(list
->status_by_digest
, d
, status
);
158 tor_free(fingerprint
);
159 *status
|= add_status
;
163 /** Add the fingerprint for this OR to the global list of recognized
164 * identity key fingerprints. */
166 dirserv_add_own_fingerprint(crypto_pk_t
*pk
)
168 char fp
[FINGERPRINT_LEN
+1];
169 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
170 log_err(LD_BUG
, "Error computing fingerprint");
173 if (!fingerprint_list
)
174 fingerprint_list
= authdir_config_new();
175 add_fingerprint_to_dir(fp
, fingerprint_list
, 0);
179 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
180 * file. The file format is line-based, with each non-blank holding one
181 * nickname, some space, and a fingerprint for that nickname. On success,
182 * replace the current fingerprint list with the new list and return 0. On
183 * failure, leave the current fingerprint list untouched, and return -1. */
185 dirserv_load_fingerprint_file(void)
189 char *nickname
, *fingerprint
;
190 authdir_config_t
*fingerprint_list_new
;
192 config_line_t
*front
=NULL
, *list
;
194 fname
= get_datadir_fname("approved-routers");
196 "Reloading approved fingerprints from \"%s\"...", fname
);
198 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
200 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
206 result
= config_get_lines(cf
, &front
, 0);
209 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
213 fingerprint_list_new
= authdir_config_new();
215 for (list
=front
; list
; list
=list
->next
) {
216 char digest_tmp
[DIGEST_LEN
];
217 router_status_t add_status
= 0;
218 nickname
= list
->key
; fingerprint
= list
->value
;
219 tor_strstrip(fingerprint
, " "); /* remove spaces */
220 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
221 base16_decode(digest_tmp
, sizeof(digest_tmp
),
222 fingerprint
, HEX_DIGEST_LEN
) != sizeof(digest_tmp
)) {
223 log_notice(LD_CONFIG
,
224 "Invalid fingerprint (nickname '%s', "
225 "fingerprint %s). Skipping.",
226 nickname
, fingerprint
);
229 if (!strcasecmp(nickname
, "!reject")) {
230 add_status
= FP_REJECT
;
231 } else if (!strcasecmp(nickname
, "!badexit")) {
232 add_status
= FP_BADEXIT
;
233 } else if (!strcasecmp(nickname
, "!invalid")) {
234 add_status
= FP_INVALID
;
236 add_fingerprint_to_dir(fingerprint
, fingerprint_list_new
, add_status
);
239 config_free_lines(front
);
240 dirserv_free_fingerprint_list();
241 fingerprint_list
= fingerprint_list_new
;
242 /* Delete any routers whose fingerprints we no longer recognize */
243 directory_remove_invalid();
247 /* If this is set, then we don't allow routers that have advertised an Ed25519
248 * identity to stop doing so. This is going to be essential for good identity
249 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
250 * just sign fake descriptors missing the Ed25519 key. But we won't actually
251 * be able to prevent that kind of thing until we're confident that there
252 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
253 * to leave this #undef.
255 #undef DISABLE_DISABLING_ED25519
257 /** Check whether <b>router</b> has a nickname/identity key combination that
258 * we recognize from the fingerprint list, or an IP we automatically act on
259 * according to our configuration. Return the appropriate router status.
261 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
262 * *<b>msg</b> to an explanation of why. */
264 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
,
268 const int key_pinning
= get_options()->AuthDirPinKeys
;
270 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
271 log_warn(LD_BUG
,"Error computing fingerprint");
273 *msg
= "Bug: Error computing fingerprint";
277 /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
278 * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
279 * But just in case a relay doesn't provide or lies about its version, or
280 * doesn't include an ntor key in its descriptor, check that it exists,
281 * and is non-zero (clients check that it's non-zero before using it). */
282 if (!routerinfo_has_curve25519_onion_key(router
)) {
283 log_fn(severity
, LD_DIR
,
284 "Descriptor from router %s is missing an ntor curve25519 onion "
285 "key.", router_describe(router
));
287 *msg
= "Missing ntor curve25519 onion key. Please upgrade!";
291 if (router
->cache_info
.signing_key_cert
) {
292 /* This has an ed25519 identity key. */
293 if (KEYPIN_MISMATCH
==
294 keypin_check((const uint8_t*)router
->cache_info
.identity_digest
,
295 router
->cache_info
.signing_key_cert
->signing_key
.pubkey
)) {
296 log_fn(severity
, LD_DIR
,
297 "Descriptor from router %s has an Ed25519 key, "
298 "but the <rsa,ed25519> keys don't match what they were before.",
299 router_describe(router
));
302 *msg
= "Ed25519 identity key or RSA identity key has changed.";
309 if (KEYPIN_MISMATCH
== keypin_check_lone_rsa(
310 (const uint8_t*)router
->cache_info
.identity_digest
)) {
311 log_fn(severity
, LD_DIR
,
312 "Descriptor from router %s has no Ed25519 key, "
313 "when we previously knew an Ed25519 for it. Ignoring for now, "
314 "since Ed25519 keys are fairly new.",
315 router_describe(router
));
316 #ifdef DISABLE_DISABLING_ED25519
319 *msg
= "Ed25519 identity key has disappeared.";
327 return dirserv_get_status_impl(d
, router
->nickname
,
328 router
->addr
, router
->or_port
,
329 router
->platform
, msg
, severity
);
332 /** Return true if there is no point in downloading the router described by
333 * <b>rs</b> because this directory would reject it. */
335 dirserv_would_reject_router(const routerstatus_t
*rs
)
339 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
340 rs
->addr
, rs
->or_port
,
341 NULL
, NULL
, LOG_DEBUG
);
343 return (res
& FP_REJECT
) != 0;
346 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
347 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
348 * port and platform (logging only) as arguments.
350 * Log messages at 'severity'. (There's not much point in
351 * logging that we're rejecting servers we'll not download.)
354 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
355 uint32_t addr
, uint16_t or_port
,
356 const char *platform
, const char **msg
, int severity
)
359 router_status_t
*status_by_digest
;
361 if (!fingerprint_list
)
362 fingerprint_list
= authdir_config_new();
364 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
365 strmap_size(fingerprint_list
->fp_by_name
),
366 digestmap_size(fingerprint_list
->status_by_digest
));
369 tor_version_t ver_tmp
;
370 if (tor_version_parse_platform(platform
, &ver_tmp
, 1) < 0) {
372 *msg
= "Malformed platform string.";
378 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
379 * missing some important security fixes too. Disable them. */
380 if (platform
&& !tor_version_as_new_as(platform
,"0.2.4.18-rc")) {
382 *msg
= "Tor version is insecure or unsupported. Please upgrade!";
386 /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't
387 * keep their consensus up to date so they make bad guards.
388 * The simple fix is to just drop them from the network. */
390 tor_version_as_new_as(platform
,"0.2.9.0-alpha") &&
391 !tor_version_as_new_as(platform
,"0.2.9.5-alpha")) {
393 *msg
= "Tor version contains bug 20499. Please upgrade!";
397 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
399 if (status_by_digest
)
400 result
|= *status_by_digest
;
402 if (result
& FP_REJECT
) {
404 *msg
= "Fingerprint is marked rejected -- please contact us?";
406 } else if (result
& FP_INVALID
) {
408 *msg
= "Fingerprint is marked invalid";
411 if (authdir_policy_badexit_address(addr
, or_port
)) {
412 log_fn(severity
, LD_DIRSERV
,
413 "Marking '%s' as bad exit because of address '%s'",
414 nickname
, fmt_addr32(addr
));
415 result
|= FP_BADEXIT
;
418 if (!authdir_policy_permits_address(addr
, or_port
)) {
419 log_fn(severity
, LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
420 nickname
, fmt_addr32(addr
));
422 *msg
= "Suspicious relay address range -- please contact us?";
425 if (!authdir_policy_valid_address(addr
, or_port
)) {
426 log_fn(severity
, LD_DIRSERV
,
427 "Not marking '%s' valid because of address '%s'",
428 nickname
, fmt_addr32(addr
));
429 result
|= FP_INVALID
;
435 /** Clear the current fingerprint list. */
437 dirserv_free_fingerprint_list(void)
439 if (!fingerprint_list
)
442 strmap_free(fingerprint_list
->fp_by_name
, tor_free_
);
443 digestmap_free(fingerprint_list
->status_by_digest
, tor_free_
);
444 tor_free(fingerprint_list
);
451 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
452 * unless we're configured to not care. Return 0 if all ok. */
454 dirserv_router_has_valid_address(routerinfo_t
*ri
)
457 if (get_options()->DirAllowPrivateAddresses
)
458 return 0; /* whatever it is, we're fine with it */
459 tor_addr_from_ipv4h(&addr
, ri
->addr
);
461 if (tor_addr_is_internal(&addr
, 0)) {
463 "Router %s published internal IP address. Refusing.",
464 router_describe(ri
));
465 return -1; /* it's a private IP, we should reject it */
470 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
471 * set its is_valid,running fields and return 0. Otherwise, return -1.
473 * If the router is rejected, set *<b>msg</b> to an explanation of why.
475 * If <b>complain</b> then explain at log-level 'notice' why we refused
476 * a descriptor; else explain at log-level 'info'.
479 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
480 int complain
, int *valid_out
)
482 /* Okay. Now check whether the fingerprint is recognized. */
484 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
485 uint32_t status
= dirserv_router_get_status(ri
, msg
, severity
);
487 if (status
& FP_REJECT
)
488 return -1; /* msg is already set. */
490 /* Is there too much clock skew? */
492 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
493 log_fn(severity
, LD_DIRSERV
, "Publication time for %s is too "
494 "far (%d minutes) in the future; possible clock skew. Not adding "
497 (int)((ri
->cache_info
.published_on
-now
)/60),
498 esc_router_info(ri
));
499 *msg
= "Rejected: Your clock is set too far in the future, or your "
500 "timezone is not correct.";
503 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
504 log_fn(severity
, LD_DIRSERV
,
505 "Publication time for %s is too far "
506 "(%d minutes) in the past. Not adding (%s)",
508 (int)((now
-ri
->cache_info
.published_on
)/60),
509 esc_router_info(ri
));
510 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
511 " or your timezone is not correct.";
514 if (dirserv_router_has_valid_address(ri
) < 0) {
515 log_fn(severity
, LD_DIRSERV
,
516 "Router %s has invalid address. Not adding (%s).",
518 esc_router_info(ri
));
519 *msg
= "Rejected: Address is a private address.";
523 *valid_out
= ! (status
& FP_INVALID
);
528 /** Update the relevant flags of <b>node</b> based on our opinion as a
529 * directory authority in <b>authstatus</b>, as returned by
530 * dirserv_router_get_status or equivalent. */
532 dirserv_set_node_flags_from_authoritative_status(node_t
*node
,
535 node
->is_valid
= (authstatus
& FP_INVALID
) ? 0 : 1;
536 node
->is_bad_exit
= (authstatus
& FP_BADEXIT
) ? 1 : 0;
539 /** True iff <b>a</b> is more severe than <b>b</b>. */
541 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
546 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
547 * returns the most severe error that occurred for any one of them. */
549 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
553 was_router_added_t r
, r_tmp
;
558 time_t now
= time(NULL
);
559 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
560 char time_buf
[ISO_TIME_LEN
+1];
561 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
564 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
566 format_iso_time(time_buf
, now
);
567 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
570 "%s%s%s", time_buf
, escaped(source
),
571 !general
? "@purpose " : "",
572 !general
? router_purpose_to_string(purpose
) : "",
573 !general
? "\n" : "")<0) {
574 *msg
= "Couldn't format annotations";
579 list
= smartlist_new();
580 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
581 annotation_buf
, NULL
)) {
582 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
584 tor_assert(ri
->purpose
== purpose
);
585 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
586 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
592 n_parsed
+= smartlist_len(list
);
593 smartlist_clear(list
);
596 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
598 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
601 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
602 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
608 n_parsed
+= smartlist_len(list
);
609 smartlist_free(list
);
613 *msg
= "No descriptors found in your POST.";
614 if (WRA_WAS_ADDED(r
))
615 r
= ROUTER_IS_ALREADY_KNOWN
;
617 *msg
= "(no message)";
624 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
625 * the list of server descriptors. Set *<b>msg</b> to a message that should be
626 * passed back to the origin of this descriptor, or NULL if there is no such
627 * message. Use <b>source</b> to produce better log messages.
629 * If <b>ri</b> is not added to the list of server descriptors, free it.
630 * That means the caller must not access <b>ri</b> after this function
631 * returns, since it might have been freed.
633 * Return the status of the operation.
635 * This function is only called when fresh descriptors are posted, not when
636 * we re-load the cache.
639 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
641 was_router_added_t r
;
642 routerinfo_t
*ri_old
;
643 char *desc
, *nickname
;
644 const size_t desclen
= ri
->cache_info
.signed_descriptor_len
+
645 ri
->cache_info
.annotations_len
;
646 const int key_pinning
= get_options()->AuthDirPinKeys
;
649 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
650 * network and it'll clog everything up. */
651 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
652 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
653 " (source: %s) with size %d. Either this is an attack, or the "
654 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
655 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
656 MAX_DESCRIPTOR_UPLOAD_SIZE
);
657 *msg
= "Router descriptor was too large.";
658 control_event_or_authdir_new_descriptor("REJECTED",
659 ri
->cache_info
.signed_descriptor_body
,
661 r
= ROUTER_AUTHDIR_REJECTS
;
665 /* Check whether this descriptor is semantically identical to the last one
666 * from this server. (We do this here and not in router_add_to_routerlist
667 * because we want to be able to accept the newest router descriptor that
668 * another authority has, so we all converge on the same one.) */
669 ri_old
= router_get_mutable_by_digest(ri
->cache_info
.identity_digest
);
670 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
671 && router_differences_are_cosmetic(ri_old
, ri
)
672 && !router_is_me(ri
)) {
674 "Not replacing descriptor from %s (source: %s); "
675 "differences are cosmetic.",
676 router_describe(ri
), source
);
677 *msg
= "Not replacing router descriptor; no information has changed since "
678 "the last one with this identity.";
679 control_event_or_authdir_new_descriptor("DROPPED",
680 ri
->cache_info
.signed_descriptor_body
,
682 r
= ROUTER_IS_ALREADY_KNOWN
;
686 /* Do keypinning again ... this time, to add the pin if appropriate */
688 if (ri
->cache_info
.signing_key_cert
) {
689 keypin_status
= keypin_check_and_add(
690 (const uint8_t*)ri
->cache_info
.identity_digest
,
691 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
694 keypin_status
= keypin_check_lone_rsa(
695 (const uint8_t*)ri
->cache_info
.identity_digest
);
696 #ifndef DISABLE_DISABLING_ED25519
697 if (keypin_status
== KEYPIN_MISMATCH
)
698 keypin_status
= KEYPIN_NOT_FOUND
;
701 if (keypin_status
== KEYPIN_MISMATCH
&& key_pinning
) {
702 log_info(LD_DIRSERV
, "Dropping descriptor from %s (source: %s) because "
703 "its key did not match an older RSA/Ed25519 keypair",
704 router_describe(ri
), source
);
705 *msg
= "Looks like your keypair does not match its older value.";
706 r
= ROUTER_AUTHDIR_REJECTS
;
710 /* Make a copy of desc, since router_add_to_routerlist might free
711 * ri and its associated signed_descriptor_t. */
712 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
713 nickname
= tor_strdup(ri
->nickname
);
715 /* Tell if we're about to need to launch a test if we add this. */
716 ri
->needs_retest_if_added
=
717 dirserv_should_launch_reachability_test(ri
, ri_old
);
719 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
720 if (!WRA_WAS_ADDED(r
)) {
721 /* unless the routerinfo was fine, just out-of-date */
722 if (WRA_WAS_REJECTED(r
))
723 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
725 "Did not add descriptor from '%s' (source: %s): %s.",
726 nickname
, source
, *msg
? *msg
: "(no message)");
728 smartlist_t
*changed
;
729 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
731 changed
= smartlist_new();
732 smartlist_add(changed
, ri
);
733 routerlist_descriptors_added(changed
, 0);
734 smartlist_free(changed
);
736 *msg
= "Descriptor accepted";
739 "Added descriptor from '%s' (source: %s): %s.",
740 nickname
, source
, *msg
);
747 const char *desc_digest
= ri
->cache_info
.signed_descriptor_digest
;
748 download_status_t
*dls
=
749 router_get_dl_status_by_descriptor_digest(desc_digest
);
751 log_info(LD_GENERAL
, "Marking router with descriptor %s as rejected, "
752 "and therefore undownloadable",
753 hex_str(desc_digest
, DIGEST_LEN
));
754 download_status_mark_impossible(dls
);
761 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
762 static was_router_added_t
763 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
767 was_router_added_t rv
;
771 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
772 * can mess with some of the flags in ri->cache_info. */
773 ri
= router_get_mutable_by_digest(ei
->cache_info
.identity_digest
);
775 *msg
= "No corresponding router descriptor for extra-info descriptor";
780 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
781 * network and it'll clog everything up. */
782 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
783 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
784 "with size %d. Either this is an attack, or the "
785 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
786 (int)ei
->cache_info
.signed_descriptor_len
,
787 MAX_EXTRAINFO_UPLOAD_SIZE
);
788 *msg
= "Extrainfo document was too large";
793 if ((r
= routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
,
794 &ri
->cache_info
, msg
))) {
797 return ROUTER_IS_ALREADY_KNOWN
;
802 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
803 return ROUTER_ADDED_SUCCESSFULLY
;
806 const char *d
= ei
->cache_info
.signed_descriptor_digest
;
807 signed_descriptor_t
*sd
= router_get_by_extrainfo_digest((char*)d
);
809 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
810 "rejected, and therefore undownloadable",
811 hex_str((char*)d
,DIGEST_LEN
));
812 download_status_mark_impossible(&sd
->ei_dl_status
);
819 /** Remove all descriptors whose nicknames or fingerprints no longer
820 * are allowed by our fingerprint list. (Descriptors that used to be
821 * good can become bad when we reload the fingerprint list.)
824 directory_remove_invalid(void)
826 routerlist_t
*rl
= router_get_routerlist();
827 smartlist_t
*nodes
= smartlist_new();
828 smartlist_add_all(nodes
, nodelist_get_list());
830 SMARTLIST_FOREACH_BEGIN(nodes
, node_t
*, node
) {
831 const char *msg
= NULL
;
832 routerinfo_t
*ent
= node
->ri
;
833 char description
[NODE_DESC_BUF_LEN
];
837 r
= dirserv_router_get_status(ent
, &msg
, LOG_INFO
);
838 router_get_description(description
, ent
);
840 log_info(LD_DIRSERV
, "Router %s is now rejected: %s",
841 description
, msg
?msg
:"");
842 routerlist_remove(rl
, ent
, 0, time(NULL
));
845 if (bool_neq((r
& FP_INVALID
), !node
->is_valid
)) {
846 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", description
,
847 (r
&FP_INVALID
) ? "in" : "");
848 node
->is_valid
= (r
&FP_INVALID
)?0:1;
850 if (bool_neq((r
& FP_BADEXIT
), node
->is_bad_exit
)) {
851 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", description
,
852 (r
& FP_BADEXIT
) ? "bad" : "good");
853 node
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
855 } SMARTLIST_FOREACH_END(node
);
857 routerlist_assert_ok(rl
);
858 smartlist_free(nodes
);
862 * Allocate and return a description of the status of the server <b>desc</b>,
863 * for use in a v1-style router-status line. The server is listed
864 * as running iff <b>is_live</b> is true.
867 list_single_server_status(const routerinfo_t
*desc
, int is_live
)
869 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
879 node
= node_get_by_id(desc
->cache_info
.identity_digest
);
880 if (node
&& node
->is_valid
) {
881 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
886 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
888 return tor_strdup(buf
);
891 /* DOCDOC running_long_enough_to_decide_unreachable */
893 running_long_enough_to_decide_unreachable(void)
895 return time_of_process_start
896 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
899 /** Each server needs to have passed a reachability test no more
900 * than this number of seconds ago, or it is listed as down in
902 #define REACHABLE_TIMEOUT (45*60)
904 /** If we tested a router and found it reachable _at least this long_ after it
905 * declared itself hibernating, it is probably done hibernating and we just
906 * missed a descriptor from it. */
907 #define HIBERNATION_PUBLICATION_SKEW (60*60)
909 /** Treat a router as alive if
910 * - It's me, and I'm not hibernating.
911 * or - We've found it reachable recently. */
913 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
915 /*XXXX This function is a mess. Separate out the part that calculates
916 whether it's reachable and the part that tells rephist that the router was
920 const or_options_t
*options
= get_options();
921 node_t
*node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
924 if (router_is_me(router
)) {
925 /* We always know if we are down ourselves. */
926 answer
= ! we_are_hibernating();
927 } else if (router
->is_hibernating
&&
928 (router
->cache_info
.published_on
+
929 HIBERNATION_PUBLICATION_SKEW
) > node
->last_reachable
) {
930 /* A hibernating router is down unless we (somehow) had contact with it
931 * since it declared itself to be hibernating. */
933 } else if (options
->AssumeReachable
) {
934 /* If AssumeReachable, everybody is up unless they say they are down! */
937 /* Otherwise, a router counts as up if we found all announced OR
938 ports reachable in the last REACHABLE_TIMEOUT seconds.
940 XXX prop186 For now there's always one IPv4 and at most one
943 If we're not on IPv6, don't consider reachability of potential
944 IPv6 OR port since that'd kill all dual stack relays until a
945 majority of the dir auths have IPv6 connectivity. */
946 answer
= (now
< node
->last_reachable
+ REACHABLE_TIMEOUT
&&
947 (options
->AuthDirHasIPv6Connectivity
!= 1 ||
948 tor_addr_is_null(&router
->ipv6_addr
) ||
949 now
< node
->last_reachable6
+ REACHABLE_TIMEOUT
));
952 if (!answer
&& running_long_enough_to_decide_unreachable()) {
953 /* Not considered reachable. tell rephist about that.
955 Because we launch a reachability test for each router every
956 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
957 been down since at least that time after we last successfully reached
963 if (node
->last_reachable
&&
964 node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
< now
)
965 when
= node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
;
966 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, when
);
969 node
->is_running
= answer
;
972 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
973 * contents of a v1-style router-status line, and store it in
974 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
976 * If for_controller is true, include the routers with very old descriptors.
979 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
982 /* List of entries in a router-status style: An optional !, then an optional
983 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
984 smartlist_t
*rs_entries
;
985 time_t now
= time(NULL
);
986 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
987 const or_options_t
*options
= get_options();
988 /* We include v2 dir auths here too, because they need to answer
989 * controllers. Eventually we'll deprecate this whole function;
990 * see also networkstatus_getinfo_by_purpose(). */
991 int authdir
= authdir_mode_publishes_statuses(options
);
992 tor_assert(router_status_out
);
994 rs_entries
= smartlist_new();
996 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
997 const node_t
*node
= node_get_by_id(ri
->cache_info
.identity_digest
);
1000 /* Update router status in routerinfo_t. */
1001 dirserv_set_router_is_running(ri
, now
);
1003 if (for_controller
) {
1004 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
1005 char *cp
= name_buf
;
1006 if (!node
->is_running
)
1008 router_get_verbose_nickname(cp
, ri
);
1009 smartlist_add(rs_entries
, tor_strdup(name_buf
));
1010 } else if (ri
->cache_info
.published_on
>= cutoff
) {
1011 smartlist_add(rs_entries
, list_single_server_status(ri
,
1014 } SMARTLIST_FOREACH_END(ri
);
1016 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
1018 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
1019 smartlist_free(rs_entries
);
1024 /** Given a (possibly empty) list of config_line_t, each line of which contains
1025 * a list of comma-separated version numbers surrounded by optional space,
1026 * allocate and return a new string containing the version numbers, in order,
1027 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1030 format_versions_list(config_line_t
*ln
)
1032 smartlist_t
*versions
;
1034 versions
= smartlist_new();
1035 for ( ; ln
; ln
= ln
->next
) {
1036 smartlist_split_string(versions
, ln
->value
, ",",
1037 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
1039 sort_version_list(versions
, 1);
1040 result
= smartlist_join_strings(versions
,",",0,NULL
);
1041 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
1042 smartlist_free(versions
);
1046 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1047 * not hibernating, having observed bw greater 0, and not too old. Else
1051 router_is_active(const routerinfo_t
*ri
, const node_t
*node
, time_t now
)
1053 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1054 if (ri
->cache_info
.published_on
< cutoff
) {
1057 if (!node
->is_running
|| !node
->is_valid
|| ri
->is_hibernating
) {
1060 /* Only require bandwith capacity in non-test networks, or
1061 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
1062 if (!ri
->bandwidthcapacity
) {
1063 if (get_options()->TestingTorNetwork
) {
1064 if (get_options()->TestingMinExitFlagThreshold
> 0) {
1065 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
1066 * then require bandwidthcapacity */
1070 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
1077 /********************************************************************/
1079 /* A set of functions to answer questions about how we'd like to behave
1080 * as a directory mirror/client. */
1082 /** Return 1 if we fetch our directory material directly from the
1083 * authorities, rather than from a mirror. */
1085 directory_fetches_from_authorities(const or_options_t
*options
)
1087 const routerinfo_t
*me
;
1090 if (options
->FetchDirInfoEarly
)
1092 if (options
->BridgeRelay
== 1)
1094 if (server_mode(options
) &&
1095 router_pick_published_address(options
, &addr
, 1) < 0)
1096 return 1; /* we don't know our IP address; ask an authority. */
1097 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1098 should_refuse_unknown_exits(options
);
1099 if (!dir_server_mode(options
) && !refuseunknown
)
1101 if (!server_mode(options
) || !advertised_server_mode())
1103 me
= router_get_my_routerinfo();
1104 if (!me
|| (!me
->supports_tunnelled_dir_requests
&& !refuseunknown
))
1105 return 0; /* if we don't service directory requests, return 0 too */
1109 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1110 * on the "mirror" schedule rather than the "client" schedule.
1113 directory_fetches_dir_info_early(const or_options_t
*options
)
1115 return directory_fetches_from_authorities(options
);
1118 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1119 * on a very passive schedule -- waiting long enough for ordinary clients
1120 * to probably have the info we want. These would include bridge users,
1121 * and maybe others in the future e.g. if a Tor client uses another Tor
1122 * client as a directory guard.
1125 directory_fetches_dir_info_later(const or_options_t
*options
)
1127 return options
->UseBridges
!= 0;
1130 /** Return true iff we want to fetch and keep certificates for authorities
1131 * that we don't acknowledge as authorities ourself.
1134 directory_caches_unknown_auth_certs(const or_options_t
*options
)
1136 return dir_server_mode(options
) || options
->BridgeRelay
;
1139 /** Return 1 if we want to keep descriptors, networkstatuses, etc around.
1141 * Check options->DirPort_set and directory_permits_begindir_requests()
1142 * to see if we are willing to serve these directory documents to others via
1143 * the DirPort and begindir-over-ORPort, respectively.
1146 directory_caches_dir_info(const or_options_t
*options
)
1148 if (options
->BridgeRelay
|| dir_server_mode(options
))
1150 if (!server_mode(options
) || !advertised_server_mode())
1152 /* We need an up-to-date view of network info if we're going to try to
1153 * block exit attempts from unknown relays. */
1154 return ! router_my_exit_policy_is_reject_star() &&
1155 should_refuse_unknown_exits(options
);
1158 /** Return 1 if we want to allow remote people to ask us directory
1159 * requests via the "begin_dir" interface, which doesn't require
1160 * having any separate port open. */
1162 directory_permits_begindir_requests(const or_options_t
*options
)
1164 return options
->BridgeRelay
!= 0 || dir_server_mode(options
);
1167 /** Return 1 if we have no need to fetch new descriptors. This generally
1168 * happens when we're not a dir cache and we haven't built any circuits
1172 directory_too_idle_to_fetch_descriptors(const or_options_t
*options
,
1175 return !directory_caches_dir_info(options
) &&
1176 !options
->FetchUselessDescriptors
&&
1177 rep_hist_circbuilding_dormant(now
);
1180 /********************************************************************/
1182 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1183 * currently serving. */
1184 static strmap_t
*cached_consensuses
= NULL
;
1186 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1187 * any references. */
1189 cached_dir_decref(cached_dir_t
*d
)
1191 if (!d
|| --d
->refcnt
> 0)
1193 clear_cached_dir(d
);
1197 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1198 * published at <b>published</b>. */
1200 new_cached_dir(char *s
, time_t published
)
1202 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1205 d
->dir_len
= strlen(s
);
1206 d
->published
= published
;
1207 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1209 log_warn(LD_BUG
, "Error compressing directory");
1214 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1216 clear_cached_dir(cached_dir_t
*d
)
1220 memset(d
, 0, sizeof(cached_dir_t
));
1223 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1225 free_cached_dir_(void *_d
)
1231 d
= (cached_dir_t
*)_d
;
1232 cached_dir_decref(d
);
1235 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1236 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1237 * validation is performed. */
1239 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1240 const char *flavor_name
,
1241 const common_digests_t
*digests
,
1244 cached_dir_t
*new_networkstatus
;
1245 cached_dir_t
*old_networkstatus
;
1246 if (!cached_consensuses
)
1247 cached_consensuses
= strmap_new();
1249 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1250 memcpy(&new_networkstatus
->digests
, digests
, sizeof(common_digests_t
));
1251 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1253 if (old_networkstatus
)
1254 cached_dir_decref(old_networkstatus
);
1257 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1258 * optionally compressed format, suitable for sending to clients. */
1260 dirserv_get_consensus(const char *flavor_name
)
1262 if (!cached_consensuses
)
1264 return strmap_get(cached_consensuses
, flavor_name
);
1267 /** If a router's uptime is at least this value, then it is always
1268 * considered stable, regardless of the rest of the network. This
1269 * way we resist attacks where an attacker doubles the size of the
1270 * network using allegedly high-uptime nodes, displacing all the
1271 * current guards. */
1272 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1273 /** If a router's MTBF is at least this value, then it is always stable.
1274 * See above. (Corresponds to about 7 days for current decay rates.) */
1275 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1276 /** Similarly, every node with at least this much weighted time known can be
1277 * considered familiar enough to be a guard. Corresponds to about 20 days for
1278 * current decay rates.
1280 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1281 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1283 #define WFU_TO_GUARANTEE_GUARD (0.98)
1285 /* Thresholds for server performance: set by
1286 * dirserv_compute_performance_thresholds, and used by
1287 * generate_v2_networkstatus */
1289 /** Any router with an uptime of at least this value is stable. */
1290 static uint32_t stable_uptime
= 0; /* start at a safe value */
1291 /** Any router with an mtbf of at least this value is stable. */
1292 static double stable_mtbf
= 0.0;
1293 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1294 * than stable_uptime. */
1295 static int enough_mtbf_info
= 0;
1296 /** Any router with a weighted fractional uptime of at least this much might
1297 * be good as a guard. */
1298 static double guard_wfu
= 0.0;
1299 /** Don't call a router a guard unless we've known about it for at least this
1301 static long guard_tk
= 0;
1302 /** Any router with a bandwidth at least this high is "Fast" */
1303 static uint32_t fast_bandwidth_kb
= 0;
1304 /** If exits can be guards, then all guards must have a bandwidth this
1306 static uint32_t guard_bandwidth_including_exits_kb
= 0;
1307 /** If exits can't be guards, then all guards must have a bandwidth this
1309 static uint32_t guard_bandwidth_excluding_exits_kb
= 0;
1311 /** Helper: estimate the uptime of a router given its stated uptime and the
1312 * amount of time since it last stated its stated uptime. */
1314 real_uptime(const routerinfo_t
*router
, time_t now
)
1316 if (now
< router
->cache_info
.published_on
)
1317 return router
->uptime
;
1319 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1322 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1323 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1324 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1328 dirserv_thinks_router_is_unreliable(time_t now
,
1329 routerinfo_t
*router
,
1330 int need_uptime
, int need_capacity
)
1333 if (!enough_mtbf_info
) {
1334 /* XXXX We should change the rule from
1335 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1336 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1337 * hit a point where we need to reset a lot of authorities at once,
1338 * none of them would be in a position to declare Stable.
1340 long uptime
= real_uptime(router
, now
);
1341 if ((unsigned)uptime
< stable_uptime
&&
1342 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1346 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1347 if (mtbf
< stable_mtbf
&&
1348 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1352 if (need_capacity
) {
1353 uint32_t bw_kb
= dirserv_get_credible_bandwidth_kb(router
);
1354 if (bw_kb
< fast_bandwidth_kb
)
1360 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1362 * Right now this means it advertises support for it, it has a high uptime,
1363 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1364 * considered Running.
1366 * This function needs to be called after router-\>is_running has
1370 dirserv_thinks_router_is_hs_dir(const routerinfo_t
*router
,
1371 const node_t
*node
, time_t now
)
1376 /* If we haven't been running for at least
1377 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1378 * have accurate data telling us a relay has been up for at least
1379 * that long. We also want to allow a bit of slack: Reachability
1380 * tests aren't instant. If we haven't been running long enough,
1381 * trust the relay. */
1383 if (stats_n_seconds_working
>
1384 get_options()->MinUptimeHidServDirectoryV2
* 1.1)
1385 uptime
= MIN(rep_hist_get_uptime(router
->cache_info
.identity_digest
, now
),
1386 real_uptime(router
, now
));
1388 uptime
= real_uptime(router
, now
);
1390 return (router
->wants_to_be_hs_dir
&&
1391 router
->supports_tunnelled_dir_requests
&&
1392 node
->is_stable
&& node
->is_fast
&&
1393 uptime
>= get_options()->MinUptimeHidServDirectoryV2
&&
1394 router_is_active(router
, node
, now
));
1397 /** Don't consider routers with less bandwidth than this when computing
1399 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1401 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1402 * include a router in our calculations, and return true iff we should; the
1403 * require_mbw parameter is passed in by
1404 * dirserv_compute_performance_thresholds() and controls whether we ever
1405 * count routers with only advertised bandwidths */
1407 router_counts_toward_thresholds(const node_t
*node
, time_t now
,
1408 const digestmap_t
*omit_as_sybil
,
1411 /* Have measured bw? */
1413 dirserv_has_measured_bw(node
->identity
);
1414 uint64_t min_bw_kb
= ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB
;
1415 const or_options_t
*options
= get_options();
1417 if (options
->TestingTorNetwork
) {
1418 min_bw_kb
= (int64_t)options
->TestingMinExitFlagThreshold
/ 1000;
1421 return node
->ri
&& router_is_active(node
->ri
, node
, now
) &&
1422 !digestmap_get(omit_as_sybil
, node
->identity
) &&
1423 (dirserv_get_credible_bandwidth_kb(node
->ri
) >= min_bw_kb
) &&
1424 (have_mbw
|| !require_mbw
);
1427 /** Look through the routerlist, the Mean Time Between Failure history, and
1428 * the Weighted Fractional Uptime history, and use them to set thresholds for
1429 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1430 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1431 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1433 * Also, set the is_exit flag of each router appropriately. */
1435 dirserv_compute_performance_thresholds(digestmap_t
*omit_as_sybil
)
1437 int n_active
, n_active_nonexit
, n_familiar
;
1438 uint32_t *uptimes
, *bandwidths_kb
, *bandwidths_excluding_exits_kb
;
1440 double *mtbfs
, *wfus
;
1441 smartlist_t
*nodelist
;
1442 time_t now
= time(NULL
);
1443 const or_options_t
*options
= get_options();
1447 (routers_with_measured_bw
>
1448 options
->MinMeasuredBWsForAuthToIgnoreAdvertised
) ? 1 : 0;
1450 /* initialize these all here, in case there are no routers */
1453 fast_bandwidth_kb
= 0;
1454 guard_bandwidth_including_exits_kb
= 0;
1455 guard_bandwidth_excluding_exits_kb
= 0;
1459 nodelist_assert_ok();
1460 nodelist
= nodelist_get_list();
1462 /* Initialize arrays that will hold values for each router. We'll
1463 * sort them and use that to compute thresholds. */
1464 n_active
= n_active_nonexit
= 0;
1465 /* Uptime for every active router. */
1466 uptimes
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1467 /* Bandwidth for every active router. */
1468 bandwidths_kb
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1469 /* Bandwidth for every active non-exit router. */
1470 bandwidths_excluding_exits_kb
=
1471 tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1472 /* Weighted mean time between failure for each active router. */
1473 mtbfs
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1474 /* Time-known for each active router. */
1475 tks
= tor_calloc(smartlist_len(nodelist
), sizeof(long));
1476 /* Weighted fractional uptime for each active router. */
1477 wfus
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1479 /* Now, fill in the arrays. */
1480 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1481 if (options
->BridgeAuthoritativeDir
&&
1483 node
->ri
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
1485 if (router_counts_toward_thresholds(node
, now
, omit_as_sybil
,
1487 routerinfo_t
*ri
= node
->ri
;
1488 const char *id
= node
->identity
;
1490 /* resolve spurious clang shallow analysis null pointer errors */
1492 node
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1493 exit_policy_is_general_exit(ri
->exit_policy
));
1494 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1495 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1496 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1497 bandwidths_kb
[n_active
] = bw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
1498 if (!node
->is_exit
|| node
->is_bad_exit
) {
1499 bandwidths_excluding_exits_kb
[n_active_nonexit
] = bw_kb
;
1504 } SMARTLIST_FOREACH_END(node
);
1506 /* Now, compute thresholds. */
1508 /* The median uptime is stable. */
1509 stable_uptime
= median_uint32(uptimes
, n_active
);
1510 /* The median mtbf is stable, if we have enough mtbf info */
1511 stable_mtbf
= median_double(mtbfs
, n_active
);
1512 /* The 12.5th percentile bandwidth is fast. */
1513 fast_bandwidth_kb
= find_nth_uint32(bandwidths_kb
, n_active
, n_active
/8);
1514 /* (Now bandwidths is sorted.) */
1515 if (fast_bandwidth_kb
< RELAY_REQUIRED_MIN_BANDWIDTH
/(2 * 1000))
1516 fast_bandwidth_kb
= bandwidths_kb
[n_active
/4];
1517 guard_bandwidth_including_exits_kb
=
1518 third_quartile_uint32(bandwidths_kb
, n_active
);
1519 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1522 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1523 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1526 /* We can vote on a parameter for the minimum and maximum. */
1527 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1528 int32_t min_fast_kb
, max_fast_kb
, min_fast
, max_fast
;
1529 min_fast
= networkstatus_get_param(NULL
, "FastFlagMinThreshold",
1530 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1531 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1533 if (options
->TestingTorNetwork
) {
1534 min_fast
= (int32_t)options
->TestingMinFastFlagThreshold
;
1536 max_fast
= networkstatus_get_param(NULL
, "FastFlagMaxThreshold",
1537 INT32_MAX
, min_fast
, INT32_MAX
);
1538 min_fast_kb
= min_fast
/ 1000;
1539 max_fast_kb
= max_fast
/ 1000;
1541 if (fast_bandwidth_kb
< (uint32_t)min_fast_kb
)
1542 fast_bandwidth_kb
= min_fast_kb
;
1543 if (fast_bandwidth_kb
> (uint32_t)max_fast_kb
)
1544 fast_bandwidth_kb
= max_fast_kb
;
1546 /* Protect sufficiently fast nodes from being pushed out of the set
1548 if (options
->AuthDirFastGuarantee
&&
1549 fast_bandwidth_kb
> options
->AuthDirFastGuarantee
/1000)
1550 fast_bandwidth_kb
= (uint32_t)options
->AuthDirFastGuarantee
/1000;
1552 /* Now that we have a time-known that 7/8 routers are known longer than,
1553 * fill wfus with the wfu of every such "familiar" router. */
1556 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1557 if (router_counts_toward_thresholds(node
, now
,
1558 omit_as_sybil
, require_mbw
)) {
1559 routerinfo_t
*ri
= node
->ri
;
1560 const char *id
= ri
->cache_info
.identity_digest
;
1561 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1564 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1566 } SMARTLIST_FOREACH_END(node
);
1568 guard_wfu
= median_double(wfus
, n_familiar
);
1569 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1570 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1572 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1574 if (n_active_nonexit
) {
1575 guard_bandwidth_excluding_exits_kb
=
1576 find_nth_uint32(bandwidths_excluding_exits_kb
,
1577 n_active_nonexit
, n_active_nonexit
*3/4);
1580 log_info(LD_DIRSERV
,
1581 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1582 "For Fast: %lu kilobytes/sec. "
1583 "For Guard: WFU %.03f%%, time-known %lu sec, "
1584 "and bandwidth %lu or %lu kilobytes/sec. "
1585 "We%s have enough stability data.",
1586 (unsigned long)stable_uptime
,
1587 (unsigned long)stable_mtbf
,
1588 (unsigned long)fast_bandwidth_kb
,
1590 (unsigned long)guard_tk
,
1591 (unsigned long)guard_bandwidth_including_exits_kb
,
1592 (unsigned long)guard_bandwidth_excluding_exits_kb
,
1593 enough_mtbf_info
? "" : " don't");
1597 tor_free(bandwidths_kb
);
1598 tor_free(bandwidths_excluding_exits_kb
);
1603 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1604 * for the status flags, specifically for bridges.
1606 * This is only called by a Bridge Authority from
1607 * networkstatus_getinfo_by_purpose().
1610 dirserv_compute_bridge_flag_thresholds(void)
1612 digestmap_t
*omit_as_sybil
= digestmap_new();
1613 dirserv_compute_performance_thresholds(omit_as_sybil
);
1614 digestmap_free(omit_as_sybil
, NULL
);
1617 /** Measured bandwidth cache entry */
1618 typedef struct mbw_cache_entry_s
{
1621 } mbw_cache_entry_t
;
1623 /** Measured bandwidth cache - keys are identity_digests, values are
1624 * mbw_cache_entry_t *. */
1625 static digestmap_t
*mbw_cache
= NULL
;
1627 /** Store a measured bandwidth cache entry when reading the measured
1628 * bandwidths file. */
1630 dirserv_cache_measured_bw(const measured_bw_line_t
*parsed_line
,
1633 mbw_cache_entry_t
*e
= NULL
;
1635 tor_assert(parsed_line
);
1637 /* Allocate a cache if we need */
1638 if (!mbw_cache
) mbw_cache
= digestmap_new();
1640 /* Check if we have an existing entry */
1641 e
= digestmap_get(mbw_cache
, parsed_line
->node_id
);
1642 /* If we do, we can re-use it */
1644 /* Check that we really are newer, and update */
1645 if (as_of
> e
->as_of
) {
1646 e
->mbw_kb
= parsed_line
->bw_kb
;
1650 /* We'll have to insert a new entry */
1651 e
= tor_malloc(sizeof(*e
));
1652 e
->mbw_kb
= parsed_line
->bw_kb
;
1654 digestmap_set(mbw_cache
, parsed_line
->node_id
, e
);
1658 /** Clear and free the measured bandwidth cache */
1660 dirserv_clear_measured_bw_cache(void)
1663 /* Free the map and all entries */
1664 digestmap_free(mbw_cache
, tor_free_
);
1669 /** Scan the measured bandwidth cache and remove expired entries */
1671 dirserv_expire_measured_bw_cache(time_t now
)
1675 /* Iterate through the cache and check each entry */
1676 DIGESTMAP_FOREACH_MODIFY(mbw_cache
, k
, mbw_cache_entry_t
*, e
) {
1677 if (now
> e
->as_of
+ MAX_MEASUREMENT_AGE
) {
1681 } DIGESTMAP_FOREACH_END
;
1683 /* Check if we cleared the whole thing and free if so */
1684 if (digestmap_size(mbw_cache
) == 0) {
1685 digestmap_free(mbw_cache
, tor_free_
);
1691 /** Get the current size of the measured bandwidth cache */
1693 dirserv_get_measured_bw_cache_size(void)
1695 if (mbw_cache
) return digestmap_size(mbw_cache
);
1699 /** Query the cache by identity digest, return value indicates whether
1700 * we found it. The bw_out and as_of_out pointers receive the cached
1701 * bandwidth value and the time it was cached if not NULL. */
1703 dirserv_query_measured_bw_cache_kb(const char *node_id
, long *bw_kb_out
,
1706 mbw_cache_entry_t
*v
= NULL
;
1709 if (mbw_cache
&& node_id
) {
1710 v
= digestmap_get(mbw_cache
, node_id
);
1712 /* Found something */
1714 if (bw_kb_out
) *bw_kb_out
= v
->mbw_kb
;
1715 if (as_of_out
) *as_of_out
= v
->as_of
;
1722 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1724 dirserv_has_measured_bw(const char *node_id
)
1726 return dirserv_query_measured_bw_cache_kb(node_id
, NULL
, NULL
);
1729 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1730 * preferring measured to advertised values if available. */
1733 dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
)
1737 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1738 * signed) longs and the ones router_get_advertised_bandwidth() returns
1745 * * First try to see if we have a measured bandwidth; don't bother with
1746 * as_of_out here, on the theory that a stale measured bandwidth is still
1747 * better to trust than an advertised one.
1749 if (dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1752 bw_kb
= (uint32_t)mbw_kb
;
1754 /* If not, fall back to advertised */
1755 bw_kb
= router_get_advertised_bandwidth(ri
) / 1000;
1762 /** Look through the routerlist, and using the measured bandwidth cache count
1763 * how many measured bandwidths we know. This is used to decide whether we
1764 * ever trust advertised bandwidths for purposes of assigning flags. */
1766 dirserv_count_measured_bws(const smartlist_t
*routers
)
1768 /* Initialize this first */
1769 routers_with_measured_bw
= 0;
1771 /* Iterate over the routerlist and count measured bandwidths */
1772 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
1773 /* Check if we know a measured bandwidth for this one */
1774 if (dirserv_has_measured_bw(ri
->cache_info
.identity_digest
)) {
1775 ++routers_with_measured_bw
;
1777 } SMARTLIST_FOREACH_END(ri
);
1780 /** Return the bandwidth we believe for assigning flags; prefer measured
1781 * over advertised, and if we have above a threshold quantity of measured
1782 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1785 dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
)
1792 /* Check if we have a measured bandwidth, and check the threshold if not */
1793 if (!(dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1795 threshold
= get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1796 if (routers_with_measured_bw
> threshold
) {
1797 /* Return zero for unmeasured bandwidth if we are above threshold */
1800 /* Return an advertised bandwidth otherwise */
1801 bw_kb
= router_get_advertised_bandwidth_capped(ri
) / 1000;
1804 /* We have the measured bandwidth in mbw */
1805 bw_kb
= (uint32_t)mbw_kb
;
1811 /** Give a statement of our current performance thresholds for inclusion
1812 * in a vote document. */
1814 dirserv_get_flag_thresholds_line(void)
1817 const int measured_threshold
=
1818 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1819 const int enough_measured_bw
= routers_with_measured_bw
> measured_threshold
;
1821 tor_asprintf(&result
,
1822 "stable-uptime=%lu stable-mtbf=%lu "
1824 "guard-wfu=%.03f%% guard-tk=%lu "
1825 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1826 "enough-mtbf=%d ignoring-advertised-bws=%d",
1827 (unsigned long)stable_uptime
,
1828 (unsigned long)stable_mtbf
,
1829 (unsigned long)fast_bandwidth_kb
*1000,
1831 (unsigned long)guard_tk
,
1832 (unsigned long)guard_bandwidth_including_exits_kb
*1000,
1833 (unsigned long)guard_bandwidth_excluding_exits_kb
*1000,
1834 enough_mtbf_info
? 1 : 0,
1835 enough_measured_bw
? 1 : 0);
1840 /** Given a platform string as in a routerinfo_t (possibly null), return a
1841 * newly allocated version string for a networkstatus document, or NULL if the
1842 * platform doesn't give a Tor version. */
1844 version_from_platform(const char *platform
)
1846 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1847 const char *eos
= find_whitespace(platform
+4);
1848 if (eos
&& !strcmpstart(eos
, " (r")) {
1849 /* XXXX Unify this logic with the other version extraction
1850 * logic in routerparse.c. */
1851 eos
= find_whitespace(eos
+1);
1854 return tor_strndup(platform
, eos
-platform
);
1860 /** Helper: write the router-status information in <b>rs</b> into a newly
1861 * allocated character buffer. Use the same format as in network-status
1862 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1863 * Return 0 on success, -1 on failure.
1865 * The format argument has one of the following values:
1866 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1867 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1868 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1870 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1871 * it contains additional information for the vote.
1872 * NS_CONTROL_PORT - Output a NS document for the control port
1875 routerstatus_format_entry(const routerstatus_t
*rs
, const char *version
,
1876 const char *protocols
,
1877 routerstatus_format_type_t format
,
1878 const vote_routerstatus_t
*vrs
)
1881 char *result
= NULL
;
1883 char published
[ISO_TIME_LEN
+1];
1884 char identity64
[BASE64_DIGEST_LEN
+1];
1885 char digest64
[BASE64_DIGEST_LEN
+1];
1886 smartlist_t
*chunks
= smartlist_new();
1888 format_iso_time(published
, rs
->published_on
);
1889 digest_to_base64(identity64
, rs
->identity_digest
);
1890 digest_to_base64(digest64
, rs
->descriptor_digest
);
1892 smartlist_add_asprintf(chunks
,
1893 "r %s %s %s%s%s %s %d %d\n",
1896 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
1897 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
1899 fmt_addr32(rs
->addr
),
1903 /* TODO: Maybe we want to pass in what we need to build the rest of
1904 * this here, instead of in the caller. Then we could use the
1905 * networkstatus_type_t values, with an additional control port value
1908 /* V3 microdesc consensuses don't have "a" lines. */
1909 if (format
== NS_V3_CONSENSUS_MICRODESC
)
1912 /* Possible "a" line. At most one for now. */
1913 if (!tor_addr_is_null(&rs
->ipv6_addr
)) {
1914 smartlist_add_asprintf(chunks
, "a %s\n",
1915 fmt_addrport(&rs
->ipv6_addr
, rs
->ipv6_orport
));
1918 if (format
== NS_V3_CONSENSUS
)
1921 smartlist_add_asprintf(chunks
,
1922 "s%s%s%s%s%s%s%s%s%s%s\n",
1923 /* These must stay in alphabetical order. */
1924 rs
->is_authority
?" Authority":"",
1925 rs
->is_bad_exit
?" BadExit":"",
1926 rs
->is_exit
?" Exit":"",
1927 rs
->is_fast
?" Fast":"",
1928 rs
->is_possible_guard
?" Guard":"",
1929 rs
->is_hs_dir
?" HSDir":"",
1930 rs
->is_flagged_running
?" Running":"",
1931 rs
->is_stable
?" Stable":"",
1932 rs
->is_v2_dir
?" V2Dir":"",
1933 rs
->is_valid
?" Valid":"");
1935 /* length of "opt v \n" */
1936 #define V_LINE_OVERHEAD 7
1937 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
1938 smartlist_add_asprintf(chunks
, "v %s\n", version
);
1941 smartlist_add_asprintf(chunks
, "pr %s\n", protocols
);
1944 if (format
!= NS_V2
) {
1945 const routerinfo_t
* desc
= router_get_by_id_digest(rs
->identity_digest
);
1948 if (format
!= NS_CONTROL_PORT
) {
1949 /* Blow up more or less nicely if we didn't get anything or not the
1950 * thing we expected.
1953 char id
[HEX_DIGEST_LEN
+1];
1954 char dd
[HEX_DIGEST_LEN
+1];
1956 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1957 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
1958 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
1959 "(wanted descriptor %s).",
1964 /* This assert could fire for the control port, because
1965 * it can request NS documents before all descriptors
1966 * have been fetched. Therefore, we only do this test when
1967 * format != NS_CONTROL_PORT. */
1968 if (tor_memneq(desc
->cache_info
.signed_descriptor_digest
,
1969 rs
->descriptor_digest
,
1971 char rl_d
[HEX_DIGEST_LEN
+1];
1972 char rs_d
[HEX_DIGEST_LEN
+1];
1973 char id
[HEX_DIGEST_LEN
+1];
1975 base16_encode(rl_d
, sizeof(rl_d
),
1976 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
1977 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
1978 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1979 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
1980 "the one in routerstatus: %s vs %s "
1984 tor_assert(tor_memeq(desc
->cache_info
.signed_descriptor_digest
,
1985 rs
->descriptor_digest
,
1990 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
1991 bw_kb
= rs
->bandwidth_kb
;
1994 bw_kb
= router_get_advertised_bandwidth_capped(desc
) / 1000;
1996 smartlist_add_asprintf(chunks
,
1997 "w Bandwidth=%d", bw_kb
);
1999 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->has_measured_bw
) {
2000 smartlist_add_asprintf(chunks
,
2001 " Measured=%d", vrs
->measured_bw_kb
);
2003 /* Write down guardfraction information if we have it. */
2004 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->status
.has_guardfraction
) {
2005 smartlist_add_asprintf(chunks
,
2006 " GuardFraction=%d",
2007 vrs
->status
.guardfraction_percentage
);
2010 smartlist_add(chunks
, tor_strdup("\n"));
2013 summary
= policy_summarize(desc
->exit_policy
, AF_INET
);
2014 smartlist_add_asprintf(chunks
, "p %s\n", summary
);
2018 if (format
== NS_V3_VOTE
&& vrs
) {
2019 if (tor_mem_is_zero((char*)vrs
->ed25519_id
, ED25519_PUBKEY_LEN
)) {
2020 smartlist_add(chunks
, tor_strdup("id ed25519 none\n"));
2022 char ed_b64
[BASE64_DIGEST256_LEN
+1];
2023 digest256_to_base64(ed_b64
, (const char*)vrs
->ed25519_id
);
2024 smartlist_add_asprintf(chunks
, "id ed25519 %s\n", ed_b64
);
2030 result
= smartlist_join_strings(chunks
, "", 0, NULL
);
2033 SMARTLIST_FOREACH(chunks
, char *, cp
, tor_free(cp
));
2034 smartlist_free(chunks
);
2039 /** Helper for sorting: compares two routerinfos first by address, and then by
2040 * descending order of "usefulness". (An authority is more useful than a
2041 * non-authority; a running router is more useful than a non-running router;
2042 * and a router with more bandwidth is more useful than one with less.)
2045 compare_routerinfo_by_ip_and_bw_(const void **a
, const void **b
)
2047 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2048 int first_is_auth
, second_is_auth
;
2049 uint32_t bw_kb_first
, bw_kb_second
;
2050 const node_t
*node_first
, *node_second
;
2051 int first_is_running
, second_is_running
;
2053 /* we return -1 if first should appear before second... that is,
2054 * if first is a better router. */
2055 if (first
->addr
< second
->addr
)
2057 else if (first
->addr
> second
->addr
)
2060 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2061 * reality, we will almost never get here, since addresses will usually be
2065 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2067 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2069 if (first_is_auth
&& !second_is_auth
)
2071 else if (!first_is_auth
&& second_is_auth
)
2074 node_first
= node_get_by_id(first
->cache_info
.identity_digest
);
2075 node_second
= node_get_by_id(second
->cache_info
.identity_digest
);
2076 first_is_running
= node_first
&& node_first
->is_running
;
2077 second_is_running
= node_second
&& node_second
->is_running
;
2079 if (first_is_running
&& !second_is_running
)
2081 else if (!first_is_running
&& second_is_running
)
2084 bw_kb_first
= dirserv_get_bandwidth_for_router_kb(first
);
2085 bw_kb_second
= dirserv_get_bandwidth_for_router_kb(second
);
2087 if (bw_kb_first
> bw_kb_second
)
2089 else if (bw_kb_first
< bw_kb_second
)
2092 /* They're equal! Compare by identity digest, so there's a
2093 * deterministic order and we avoid flapping. */
2094 return fast_memcmp(first
->cache_info
.identity_digest
,
2095 second
->cache_info
.identity_digest
,
2099 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2100 * whose keys are the identity digests of those routers that we're going to
2101 * exclude for Sybil-like appearance. */
2102 static digestmap_t
*
2103 get_possible_sybil_list(const smartlist_t
*routers
)
2105 const or_options_t
*options
= get_options();
2106 digestmap_t
*omit_as_sybil
;
2107 smartlist_t
*routers_by_ip
= smartlist_new();
2110 /* Allow at most this number of Tor servers on a single IP address, ... */
2111 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2112 /* ... unless it's a directory authority, in which case allow more. */
2113 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2114 if (max_with_same_addr
<= 0)
2115 max_with_same_addr
= INT_MAX
;
2116 if (max_with_same_addr_on_authority
<= 0)
2117 max_with_same_addr_on_authority
= INT_MAX
;
2119 smartlist_add_all(routers_by_ip
, routers
);
2120 smartlist_sort(routers_by_ip
, compare_routerinfo_by_ip_and_bw_
);
2121 omit_as_sybil
= digestmap_new();
2125 SMARTLIST_FOREACH_BEGIN(routers_by_ip
, routerinfo_t
*, ri
) {
2126 if (last_addr
!= ri
->addr
) {
2127 last_addr
= ri
->addr
;
2129 } else if (++addr_count
> max_with_same_addr
) {
2130 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2131 addr_count
> max_with_same_addr_on_authority
)
2132 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2134 } SMARTLIST_FOREACH_END(ri
);
2136 smartlist_free(routers_by_ip
);
2137 return omit_as_sybil
;
2140 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2141 * remove the older one. If they are exactly the same age, remove the one
2142 * with the greater descriptor digest. May alter the order of the list. */
2144 routers_make_ed_keys_unique(smartlist_t
*routers
)
2147 digest256map_t
*by_ed_key
= digest256map_new();
2149 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2150 ri
->omit_from_vote
= 0;
2151 if (ri
->cache_info
.signing_key_cert
== NULL
)
2152 continue; /* No ed key */
2153 const uint8_t *pk
= ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
;
2154 if ((ri2
= digest256map_get(by_ed_key
, pk
))) {
2155 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2156 * one has the earlier published_on. */
2157 const time_t ri_pub
= ri
->cache_info
.published_on
;
2158 const time_t ri2_pub
= ri2
->cache_info
.published_on
;
2159 if (ri2_pub
< ri_pub
||
2160 (ri2_pub
== ri_pub
&&
2161 fast_memcmp(ri
->cache_info
.signed_descriptor_digest
,
2162 ri2
->cache_info
.signed_descriptor_digest
,DIGEST_LEN
)<0)) {
2163 digest256map_set(by_ed_key
, pk
, ri
);
2164 ri2
->omit_from_vote
= 1;
2166 ri
->omit_from_vote
= 1;
2170 digest256map_set(by_ed_key
, pk
, ri
);
2172 } SMARTLIST_FOREACH_END(ri
);
2174 digest256map_free(by_ed_key
, NULL
);
2176 /* Now remove every router where the omit_from_vote flag got set. */
2177 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
2178 if (ri
->omit_from_vote
) {
2179 SMARTLIST_DEL_CURRENT(routers
, ri
);
2181 } SMARTLIST_FOREACH_END(ri
);
2184 /** Extract status information from <b>ri</b> and from other authority
2185 * functions and store it in <b>rs</b>>.
2187 * We assume that ri-\>is_running has already been set, e.g. by
2188 * dirserv_set_router_is_running(ri, now);
2191 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2197 const or_options_t
*options
= get_options();
2198 uint32_t routerbw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
2200 memset(rs
, 0, sizeof(routerstatus_t
));
2203 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2205 /* Already set by compute_performance_thresholds. */
2206 rs
->is_exit
= node
->is_exit
;
2207 rs
->is_stable
= node
->is_stable
=
2208 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0);
2209 rs
->is_fast
= node
->is_fast
=
2210 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2211 rs
->is_flagged_running
= node
->is_running
; /* computed above */
2213 rs
->is_valid
= node
->is_valid
;
2215 if (node
->is_fast
&& node
->is_stable
&&
2216 ((options
->AuthDirGuardBWGuarantee
&&
2217 routerbw_kb
>= options
->AuthDirGuardBWGuarantee
/1000) ||
2218 routerbw_kb
>= MIN(guard_bandwidth_including_exits_kb
,
2219 guard_bandwidth_excluding_exits_kb
))) {
2220 long tk
= rep_hist_get_weighted_time_known(
2221 node
->identity
, now
);
2222 double wfu
= rep_hist_get_weighted_fractional_uptime(
2223 node
->identity
, now
);
2224 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2226 rs
->is_possible_guard
= 0;
2229 rs
->is_bad_exit
= listbadexits
&& node
->is_bad_exit
;
2230 rs
->is_hs_dir
= node
->is_hs_dir
=
2231 dirserv_thinks_router_is_hs_dir(ri
, node
, now
);
2233 rs
->is_named
= rs
->is_unnamed
= 0;
2235 rs
->published_on
= ri
->cache_info
.published_on
;
2236 memcpy(rs
->identity_digest
, node
->identity
, DIGEST_LEN
);
2237 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2239 rs
->addr
= ri
->addr
;
2240 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2241 rs
->or_port
= ri
->or_port
;
2242 rs
->dir_port
= ri
->dir_port
;
2243 rs
->is_v2_dir
= ri
->supports_tunnelled_dir_requests
;
2244 if (options
->AuthDirHasIPv6Connectivity
== 1 &&
2245 !tor_addr_is_null(&ri
->ipv6_addr
) &&
2246 node
->last_reachable6
>= now
- REACHABLE_TIMEOUT
) {
2247 /* We're configured as having IPv6 connectivity. There's an IPv6
2248 OR port and it's reachable so copy it to the routerstatus. */
2249 tor_addr_copy(&rs
->ipv6_addr
, &ri
->ipv6_addr
);
2250 rs
->ipv6_orport
= ri
->ipv6_orport
;
2253 if (options
->TestingTorNetwork
) {
2254 dirserv_set_routerstatus_testing(rs
);
2258 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2259 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2260 * respectively. But don't set the corresponding node flags.
2261 * Should only be called if TestingTorNetwork is set. */
2263 dirserv_set_routerstatus_testing(routerstatus_t
*rs
)
2265 const or_options_t
*options
= get_options();
2267 tor_assert(options
->TestingTorNetwork
);
2269 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteExit
,
2272 } else if (options
->TestingDirAuthVoteExitIsStrict
) {
2276 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteGuard
,
2278 rs
->is_possible_guard
= 1;
2279 } else if (options
->TestingDirAuthVoteGuardIsStrict
) {
2280 rs
->is_possible_guard
= 0;
2283 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteHSDir
,
2286 } else if (options
->TestingDirAuthVoteHSDirIsStrict
) {
2291 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2292 * too narrow an IP-space. Clear out its flags: we don't want people
2295 * Leave its BadExit flag alone though, since if we think it's a bad exit,
2296 * we want to vote that way in case all the other authorities are voting
2300 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2302 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2303 rs
->is_flagged_running
= rs
->is_named
= rs
->is_valid
=
2304 rs
->is_hs_dir
= rs
->is_v2_dir
= rs
->is_possible_guard
= 0;
2305 /* FFFF we might want some mechanism to check later on if we
2306 * missed zeroing any flags: it's easy to add a new flag but
2307 * forget to add it to this clause. */
2310 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2311 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2312 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2313 * information to it.
2315 * Return 1 if we applied the information and 0 if we couldn't find a
2318 * Requires that <b>vote_routerstatuses</b> be sorted.
2321 guardfraction_line_apply(const char *guard_id
,
2322 uint32_t guardfraction_percentage
,
2323 smartlist_t
*vote_routerstatuses
)
2325 vote_routerstatus_t
*vrs
= NULL
;
2327 tor_assert(vote_routerstatuses
);
2329 vrs
= smartlist_bsearch(vote_routerstatuses
, guard_id
,
2330 compare_digest_to_vote_routerstatus_entry
);
2336 vrs
->status
.has_guardfraction
= 1;
2337 vrs
->status
.guardfraction_percentage
= guardfraction_percentage
;
2342 /* Given a guard line from a guardfraction file, parse it and register
2343 * its information to <b>vote_routerstatuses</b>.
2346 * * 1 if the line was proper and its information got registered.
2347 * * 0 if the line was proper but no currently active guard was found
2348 * to register the guardfraction information to.
2349 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2350 newly allocated string containing the error message.
2353 guardfraction_file_parse_guard_line(const char *guard_line
,
2354 smartlist_t
*vote_routerstatuses
,
2357 char guard_id
[DIGEST_LEN
];
2358 uint32_t guardfraction
;
2359 char *inputs_tmp
= NULL
;
2362 smartlist_t
*sl
= smartlist_new();
2365 tor_assert(err_msg
);
2367 /* guard_line should contain something like this:
2368 <hex digest> <guardfraction> <appearances> */
2369 smartlist_split_string(sl
, guard_line
, " ",
2370 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2371 if (smartlist_len(sl
) < 3) {
2372 tor_asprintf(err_msg
, "bad line '%s'", guard_line
);
2376 inputs_tmp
= smartlist_get(sl
, 0);
2377 if (strlen(inputs_tmp
) != HEX_DIGEST_LEN
||
2378 base16_decode(guard_id
, DIGEST_LEN
,
2379 inputs_tmp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2380 tor_asprintf(err_msg
, "bad digest '%s'", inputs_tmp
);
2384 inputs_tmp
= smartlist_get(sl
, 1);
2385 /* Guardfraction is an integer in [0, 100]. */
2387 (uint32_t) tor_parse_long(inputs_tmp
, 10, 0, 100, &num_ok
, NULL
);
2389 tor_asprintf(err_msg
, "wrong percentage '%s'", inputs_tmp
);
2393 /* If routerstatuses were provided, apply this info to actual routers. */
2394 if (vote_routerstatuses
) {
2395 retval
= guardfraction_line_apply(guard_id
, guardfraction
,
2396 vote_routerstatuses
);
2398 retval
= 0; /* If we got this far, line was correctly formatted. */
2403 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2409 /** Given an inputs line from a guardfraction file, parse it and
2410 * register its information to <b>total_consensuses</b> and
2411 * <b>total_days</b>.
2413 * Return 0 if it parsed well. Return -1 if there was an error, and
2414 * set <b>err_msg</b> to a newly allocated string containing the
2418 guardfraction_file_parse_inputs_line(const char *inputs_line
,
2419 int *total_consensuses
,
2424 char *inputs_tmp
= NULL
;
2426 smartlist_t
*sl
= smartlist_new();
2428 tor_assert(err_msg
);
2430 /* Second line is inputs information:
2431 * n-inputs <total_consensuses> <total_days>. */
2432 smartlist_split_string(sl
, inputs_line
, " ",
2433 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2434 if (smartlist_len(sl
) < 2) {
2435 tor_asprintf(err_msg
, "incomplete line '%s'", inputs_line
);
2439 inputs_tmp
= smartlist_get(sl
, 0);
2440 *total_consensuses
=
2441 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2443 tor_asprintf(err_msg
, "unparseable consensus '%s'", inputs_tmp
);
2447 inputs_tmp
= smartlist_get(sl
, 1);
2449 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2451 tor_asprintf(err_msg
, "unparseable days '%s'", inputs_tmp
);
2458 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2464 /* Maximum age of a guardfraction file that we are willing to accept. */
2465 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2467 /** Static strings of guardfraction files. */
2468 #define GUARDFRACTION_DATE_STR "written-at"
2469 #define GUARDFRACTION_INPUTS "n-inputs"
2470 #define GUARDFRACTION_GUARD "guard-seen"
2471 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2473 /** Given a guardfraction file in a string, parse it and register the
2474 * guardfraction information to the provided vote routerstatuses.
2476 * This is the rough format of the guardfraction file:
2478 * guardfraction-file-version 1
2479 * written-at <date and time>
2480 * n-inputs <number of consesuses parsed> <number of days considered>
2482 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2483 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2484 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2485 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2486 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2489 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2490 * should tolerate errors in all lines but the written-at header.
2493 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str
,
2494 smartlist_t
*vote_routerstatuses
)
2496 config_line_t
*front
=NULL
, *line
;
2499 int current_line_n
= 0; /* line counter for better log messages */
2501 /* Guardfraction info to be parsed */
2502 int total_consensuses
= 0;
2506 int guards_read_n
= 0;
2507 int guards_applied_n
= 0;
2509 /* Parse file and split it in lines */
2510 ret_tmp
= config_get_lines(guardfraction_file_str
, &front
, 0);
2512 log_warn(LD_CONFIG
, "Error reading from guardfraction file");
2516 /* Sort routerstatuses (needed later when applying guardfraction info) */
2517 if (vote_routerstatuses
)
2518 smartlist_sort(vote_routerstatuses
, compare_vote_routerstatus_entries
);
2520 for (line
= front
; line
; line
=line
->next
) {
2523 if (!strcmp(line
->key
, GUARDFRACTION_VERSION
)) {
2525 unsigned int version
;
2528 (unsigned int) tor_parse_long(line
->value
,
2529 10, 0, INT_MAX
, &num_ok
, NULL
);
2531 if (!num_ok
|| version
!= 1) {
2532 log_warn(LD_GENERAL
, "Got unknown guardfraction version %d.", version
);
2535 } else if (!strcmp(line
->key
, GUARDFRACTION_DATE_STR
)) {
2536 time_t file_written_at
;
2537 time_t now
= time(NULL
);
2539 /* First line is 'written-at <date>' */
2540 if (parse_iso_time(line
->value
, &file_written_at
) < 0) {
2541 log_warn(LD_CONFIG
, "Guardfraction:%d: Bad date '%s'. Ignoring",
2542 current_line_n
, line
->value
);
2543 goto done
; /* don't tolerate failure here. */
2545 if (file_written_at
< now
- MAX_GUARDFRACTION_FILE_AGE
) {
2546 log_warn(LD_CONFIG
, "Guardfraction:%d: was written very long ago '%s'",
2547 current_line_n
, line
->value
);
2548 goto done
; /* don't tolerate failure here. */
2550 } else if (!strcmp(line
->key
, GUARDFRACTION_INPUTS
)) {
2551 char *err_msg
= NULL
;
2553 if (guardfraction_file_parse_inputs_line(line
->value
,
2557 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2558 current_line_n
, err_msg
);
2563 } else if (!strcmp(line
->key
, GUARDFRACTION_GUARD
)) {
2564 char *err_msg
= NULL
;
2566 ret_tmp
= guardfraction_file_parse_guard_line(line
->value
,
2567 vote_routerstatuses
,
2569 if (ret_tmp
< 0) { /* failed while parsing the guard line */
2570 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2571 current_line_n
, err_msg
);
2576 /* Successfully parsed guard line. Check if it was applied properly. */
2582 log_warn(LD_CONFIG
, "Unknown guardfraction line %d (%s %s)",
2583 current_line_n
, line
->key
, line
->value
);
2590 "Successfully parsed guardfraction file with %d consensuses over "
2591 "%d days. Parsed %d nodes and applied %d of them%s.",
2592 total_consensuses
, total_days
, guards_read_n
, guards_applied_n
,
2593 vote_routerstatuses
? "" : " (no routerstatus provided)" );
2596 config_free_lines(front
);
2601 return guards_read_n
;
2605 /** Read a guardfraction file at <b>fname</b> and load all its
2606 * information to <b>vote_routerstatuses</b>. */
2608 dirserv_read_guardfraction_file(const char *fname
,
2609 smartlist_t
*vote_routerstatuses
)
2611 char *guardfraction_file_str
;
2613 /* Read file to a string */
2614 guardfraction_file_str
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
2615 if (!guardfraction_file_str
) {
2616 log_warn(LD_FS
, "Cannot open guardfraction file '%s'. Failing.", fname
);
2620 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str
,
2621 vote_routerstatuses
);
2625 * Helper function to parse out a line in the measured bandwidth file
2626 * into a measured_bw_line_t output structure. Returns -1 on failure
2630 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2632 char *line
= tor_strdup(orig_line
);
2635 int got_node_id
= 0;
2636 char *strtok_state
; /* lame sauce d'jour */
2637 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2640 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2641 escaped(orig_line
));
2646 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2647 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2648 escaped(orig_line
));
2654 if (strcmpstart(cp
, "bw=") == 0) {
2658 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2659 escaped(orig_line
));
2665 out
->bw_kb
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2666 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2667 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2668 escaped(orig_line
));
2673 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2675 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2676 escaped(orig_line
));
2680 cp
+=strlen("node_id=$");
2682 if (strlen(cp
) != HEX_DIGEST_LEN
||
2683 base16_decode(out
->node_id
, DIGEST_LEN
,
2684 cp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2685 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2686 escaped(orig_line
));
2690 strlcpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2693 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2695 if (got_bw
&& got_node_id
) {
2699 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2700 escaped(orig_line
));
2707 * Helper function to apply a parsed measurement line to a list
2708 * of bandwidth statuses. Returns true if a line is found,
2712 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2713 smartlist_t
*routerstatuses
)
2715 vote_routerstatus_t
*rs
= NULL
;
2716 if (!routerstatuses
)
2719 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2720 compare_digest_to_vote_routerstatus_entry
);
2723 rs
->has_measured_bw
= 1;
2724 rs
->measured_bw_kb
= (uint32_t)parsed_line
->bw_kb
;
2726 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2727 parsed_line
->node_hex
);
2734 * Read the measured bandwidth file and apply it to the list of
2735 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2738 dirserv_read_measured_bandwidths(const char *from_file
,
2739 smartlist_t
*routerstatuses
)
2742 FILE *fp
= tor_fopen_cloexec(from_file
, "r");
2743 int applied_lines
= 0;
2744 time_t file_time
, now
;
2748 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2753 if (!fgets(line
, sizeof(line
), fp
)
2754 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2755 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2761 line
[strlen(line
)-1] = '\0';
2762 file_time
= (time_t)tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2764 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2771 if ((now
- file_time
) > MAX_MEASUREMENT_AGE
) {
2772 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2773 (unsigned)(time(NULL
) - file_time
));
2779 smartlist_sort(routerstatuses
, compare_vote_routerstatus_entries
);
2782 measured_bw_line_t parsed_line
;
2783 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2784 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2785 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2786 dirserv_cache_measured_bw(&parsed_line
, file_time
);
2787 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2793 /* Now would be a nice time to clean the cache, too */
2794 dirserv_expire_measured_bw_cache(now
);
2797 log_info(LD_DIRSERV
,
2798 "Bandwidth measurement file successfully read. "
2799 "Applied %d measurements.", applied_lines
);
2803 /** Return a new networkstatus_t* containing our current opinion. (For v3
2806 dirserv_generate_networkstatus_vote_obj(crypto_pk_t
*private_key
,
2807 authority_cert_t
*cert
)
2809 const or_options_t
*options
= get_options();
2810 networkstatus_t
*v3_out
= NULL
;
2812 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2813 const char *contact
;
2814 smartlist_t
*routers
, *routerstatuses
;
2815 char identity_digest
[DIGEST_LEN
];
2816 char signing_key_digest
[DIGEST_LEN
];
2817 int listbadexits
= options
->AuthDirListBadExits
;
2818 routerlist_t
*rl
= router_get_routerlist();
2819 time_t now
= time(NULL
);
2820 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2821 networkstatus_voter_info_t
*voter
= NULL
;
2822 vote_timing_t timing
;
2823 digestmap_t
*omit_as_sybil
= NULL
;
2824 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2825 smartlist_t
*microdescriptors
= NULL
;
2827 tor_assert(private_key
);
2830 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2831 log_err(LD_BUG
, "Error computing signing key digest");
2834 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2835 log_err(LD_BUG
, "Error computing identity key digest");
2838 if (resolve_my_address(LOG_WARN
, options
, &addr
, NULL
, &hostname
)<0) {
2839 log_warn(LD_NET
, "Couldn't resolve my hostname");
2842 if (!hostname
|| !strchr(hostname
, '.')) {
2844 hostname
= tor_dup_ip(addr
);
2847 if (options
->VersioningAuthoritativeDir
) {
2848 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2849 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2852 contact
= get_options()->ContactInfo
;
2857 * Do this so dirserv_compute_performance_thresholds() and
2858 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2860 if (options
->V3BandwidthsFile
) {
2861 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
, NULL
);
2864 * No bandwidths file; clear the measured bandwidth cache in case we had
2865 * one last time around.
2867 if (dirserv_get_measured_bw_cache_size() > 0) {
2868 dirserv_clear_measured_bw_cache();
2872 /* precompute this part, since we need it to decide what "stable"
2874 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2875 dirserv_set_router_is_running(ri
, now
);
2878 routers
= smartlist_new();
2879 smartlist_add_all(routers
, rl
->routers
);
2880 routers_make_ed_keys_unique(routers
);
2881 /* After this point, don't use rl->routers; use 'routers' instead. */
2882 routers_sort_by_identity(routers
);
2883 omit_as_sybil
= get_possible_sybil_list(routers
);
2885 DIGESTMAP_FOREACH(omit_as_sybil
, sybil_id
, void *, ignore
) {
2887 rep_hist_make_router_pessimal(sybil_id
, now
);
2888 } DIGESTMAP_FOREACH_END
;
2890 /* Count how many have measured bandwidths so we know how to assign flags;
2891 * this must come before dirserv_compute_performance_thresholds() */
2892 dirserv_count_measured_bws(routers
);
2894 dirserv_compute_performance_thresholds(omit_as_sybil
);
2896 routerstatuses
= smartlist_new();
2897 microdescriptors
= smartlist_new();
2899 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2900 if (ri
->cache_info
.published_on
>= cutoff
) {
2902 vote_routerstatus_t
*vrs
;
2903 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2907 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2909 set_routerstatus_from_routerinfo(rs
, node
, ri
, now
,
2912 if (ri
->cache_info
.signing_key_cert
) {
2913 memcpy(vrs
->ed25519_id
,
2914 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
2915 ED25519_PUBKEY_LEN
);
2918 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2919 clear_status_flags_on_sybil(rs
);
2921 if (!vote_on_reachability
)
2922 rs
->is_flagged_running
= 0;
2924 vrs
->version
= version_from_platform(ri
->platform
);
2925 if (ri
->protocol_list
) {
2926 vrs
->protocols
= tor_strdup(ri
->protocol_list
);
2928 vrs
->protocols
= tor_strdup(
2929 protover_compute_for_old_tor(vrs
->version
));
2931 vrs
->microdesc
= dirvote_format_all_microdesc_vote_lines(ri
, now
,
2934 smartlist_add(routerstatuses
, vrs
);
2936 } SMARTLIST_FOREACH_END(ri
);
2939 smartlist_t
*added
=
2940 microdescs_add_list_to_cache(get_microdesc_cache(),
2941 microdescriptors
, SAVED_NOWHERE
, 0);
2942 smartlist_free(added
);
2943 smartlist_free(microdescriptors
);
2946 smartlist_free(routers
);
2947 digestmap_free(omit_as_sybil
, NULL
);
2949 /* Apply guardfraction information to routerstatuses. */
2950 if (options
->GuardfractionFile
) {
2951 dirserv_read_guardfraction_file(options
->GuardfractionFile
,
2955 /* This pass through applies the measured bw lines to the routerstatuses */
2956 if (options
->V3BandwidthsFile
) {
2957 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2961 * No bandwidths file; clear the measured bandwidth cache in case we had
2962 * one last time around.
2964 if (dirserv_get_measured_bw_cache_size() > 0) {
2965 dirserv_clear_measured_bw_cache();
2969 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2971 v3_out
->type
= NS_TYPE_VOTE
;
2972 dirvote_get_preferred_voting_intervals(&timing
);
2973 v3_out
->published
= now
;
2975 char tbuf
[ISO_TIME_LEN
+1];
2976 networkstatus_t
*current_consensus
=
2977 networkstatus_get_live_consensus(now
);
2978 long last_consensus_interval
; /* only used to pick a valid_after */
2979 if (current_consensus
)
2980 last_consensus_interval
= current_consensus
->fresh_until
-
2981 current_consensus
->valid_after
;
2983 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2984 v3_out
->valid_after
=
2985 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
,
2986 options
->TestingV3AuthVotingStartOffset
);
2987 format_iso_time(tbuf
, v3_out
->valid_after
);
2988 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2989 "consensus_set=%d, last_interval=%d",
2990 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2992 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2993 v3_out
->valid_until
= v3_out
->valid_after
+
2994 (timing
.vote_interval
* timing
.n_intervals_valid
);
2995 v3_out
->vote_seconds
= timing
.vote_delay
;
2996 v3_out
->dist_seconds
= timing
.dist_delay
;
2997 tor_assert(v3_out
->vote_seconds
> 0);
2998 tor_assert(v3_out
->dist_seconds
> 0);
2999 tor_assert(timing
.n_intervals_valid
> 0);
3001 v3_out
->client_versions
= client_versions
;
3002 v3_out
->server_versions
= server_versions
;
3004 /* These are hardwired, to avoid disaster. */
3005 v3_out
->recommended_relay_protocols
=
3006 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3007 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3008 v3_out
->recommended_client_protocols
=
3009 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3010 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3011 v3_out
->required_client_protocols
=
3012 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3013 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3014 v3_out
->required_relay_protocols
=
3015 tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3016 "Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
3018 /* We are not allowed to vote to require anything we don't have. */
3019 tor_assert(protover_all_supported(v3_out
->required_relay_protocols
, NULL
));
3020 tor_assert(protover_all_supported(v3_out
->required_client_protocols
, NULL
));
3022 /* We should not recommend anything we don't have. */
3023 tor_assert_nonfatal(protover_all_supported(
3024 v3_out
->recommended_relay_protocols
, NULL
));
3025 tor_assert_nonfatal(protover_all_supported(
3026 v3_out
->recommended_client_protocols
, NULL
));
3028 v3_out
->package_lines
= smartlist_new();
3031 for (cl
= get_options()->RecommendedPackages
; cl
; cl
= cl
->next
) {
3032 if (validate_recommended_package_line(cl
->value
))
3033 smartlist_add(v3_out
->package_lines
, tor_strdup(cl
->value
));
3037 v3_out
->known_flags
= smartlist_new();
3038 smartlist_split_string(v3_out
->known_flags
,
3039 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
3040 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
3041 if (vote_on_reachability
)
3042 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
3044 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
3045 smartlist_sort_strings(v3_out
->known_flags
);
3047 if (options
->ConsensusParams
) {
3048 v3_out
->net_params
= smartlist_new();
3049 smartlist_split_string(v3_out
->net_params
,
3050 options
->ConsensusParams
, NULL
, 0, 0);
3051 smartlist_sort_strings(v3_out
->net_params
);
3054 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
3055 voter
->nickname
= tor_strdup(options
->Nickname
);
3056 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
3057 voter
->sigs
= smartlist_new();
3058 voter
->address
= hostname
;
3060 voter
->dir_port
= router_get_advertised_dir_port(options
, 0);
3061 voter
->or_port
= router_get_advertised_or_port(options
);
3062 voter
->contact
= tor_strdup(contact
);
3063 if (options
->V3AuthUseLegacyKey
) {
3064 authority_cert_t
*c
= get_my_v3_legacy_cert();
3066 if (crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
)) {
3067 log_warn(LD_BUG
, "Unable to compute digest of legacy v3 identity key");
3068 memset(voter
->legacy_id_digest
, 0, DIGEST_LEN
);
3073 v3_out
->voters
= smartlist_new();
3074 smartlist_add(v3_out
->voters
, voter
);
3075 v3_out
->cert
= authority_cert_dup(cert
);
3076 v3_out
->routerstatus_list
= routerstatuses
;
3077 /* Note: networkstatus_digest is unset; it won't get set until we actually
3078 * format the vote. */
3083 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3084 * pointers, adds copies of digests to fps_out, and doesn't use the
3085 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3086 * requests, adds identity digests.
3089 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
3090 const char **msg
, int for_unencrypted_conn
,
3096 if (!strcmp(key
, "all")) {
3097 routerlist_t
*rl
= router_get_routerlist();
3098 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3099 smartlist_add(fps_out
,
3100 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
3101 /* Treat "all" requests as if they were unencrypted */
3102 for_unencrypted_conn
= 1;
3103 } else if (!strcmp(key
, "authority")) {
3104 const routerinfo_t
*ri
= router_get_my_routerinfo();
3106 smartlist_add(fps_out
,
3107 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
3108 } else if (!strcmpstart(key
, "d/")) {
3110 key
+= strlen("d/");
3111 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3112 DSR_HEX
|DSR_SORT_UNIQ
);
3113 } else if (!strcmpstart(key
, "fp/")) {
3114 key
+= strlen("fp/");
3115 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
3116 DSR_HEX
|DSR_SORT_UNIQ
);
3118 *msg
= "Key not recognized";
3122 if (for_unencrypted_conn
) {
3123 /* Remove anything that insists it not be sent unencrypted. */
3124 SMARTLIST_FOREACH_BEGIN(fps_out
, char *, cp
) {
3125 const signed_descriptor_t
*sd
;
3127 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
3128 else if (is_extrainfo
)
3129 sd
= extrainfo_get_by_descriptor_digest(cp
);
3131 sd
= router_get_by_descriptor_digest(cp
);
3132 if (sd
&& !sd
->send_unencrypted
) {
3134 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
3136 } SMARTLIST_FOREACH_END(cp
);
3139 if (!smartlist_len(fps_out
)) {
3140 *msg
= "Servers unavailable";
3146 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3147 * <b>key</b>. The key should be either
3148 * - "/tor/server/authority" for our own routerinfo;
3149 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3150 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3151 * hex identity digests; or
3152 * - "/tor/server/d/D" where D is a plus-separated sequence
3153 * of server descriptor digests, in hex.
3155 * Return 0 if we found some matching descriptors, or -1 if we do not
3156 * have any descriptors, no matching descriptors, or if we did not
3157 * recognize the key (URL).
3158 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3161 * XXXX rename this function. It's only called from the controller.
3162 * XXXX in fact, refactor this function, merging as much as possible.
3165 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3170 if (!strcmp(key
, "/tor/server/all")) {
3171 routerlist_t
*rl
= router_get_routerlist();
3172 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3173 smartlist_add(descs_out
, &(r
->cache_info
)));
3174 } else if (!strcmp(key
, "/tor/server/authority")) {
3175 const routerinfo_t
*ri
= router_get_my_routerinfo();
3177 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3178 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3179 smartlist_t
*digests
= smartlist_new();
3180 key
+= strlen("/tor/server/d/");
3181 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3182 DSR_HEX
|DSR_SORT_UNIQ
);
3183 SMARTLIST_FOREACH(digests
, const char *, d
,
3185 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3187 smartlist_add(descs_out
,sd
);
3189 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3190 smartlist_free(digests
);
3191 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3192 smartlist_t
*digests
= smartlist_new();
3193 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3194 key
+= strlen("/tor/server/fp/");
3195 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3196 DSR_HEX
|DSR_SORT_UNIQ
);
3197 SMARTLIST_FOREACH_BEGIN(digests
, const char *, d
) {
3198 if (router_digest_is_me(d
)) {
3199 /* calling router_get_my_routerinfo() to make sure it exists */
3200 const routerinfo_t
*ri
= router_get_my_routerinfo();
3202 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3204 const routerinfo_t
*ri
= router_get_by_id_digest(d
);
3205 /* Don't actually serve a descriptor that everyone will think is
3206 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3207 * Tors from downloading descriptors that they will throw away.
3209 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3210 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3212 } SMARTLIST_FOREACH_END(d
);
3213 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3214 smartlist_free(digests
);
3216 *msg
= "Key not recognized";
3220 if (!smartlist_len(descs_out
)) {
3221 *msg
= "Servers unavailable";
3227 /** Called when a TLS handshake has completed successfully with a
3228 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3229 * a certificate with digest <b>digest_rcvd</b>.
3231 * Inform the reachability checker that we could get to this relay.
3234 dirserv_orconn_tls_done(const tor_addr_t
*addr
,
3236 const char *digest_rcvd
)
3238 node_t
*node
= NULL
;
3239 tor_addr_port_t orport
;
3240 routerinfo_t
*ri
= NULL
;
3241 time_t now
= time(NULL
);
3243 tor_assert(digest_rcvd
);
3245 node
= node_get_mutable_by_id(digest_rcvd
);
3246 if (node
== NULL
|| node
->ri
== NULL
)
3250 tor_addr_copy(&orport
.addr
, addr
);
3251 orport
.port
= or_port
;
3252 if (router_has_orport(ri
, &orport
)) {
3253 /* Found the right router. */
3254 if (!authdir_mode_bridge(get_options()) ||
3255 ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3256 char addrstr
[TOR_ADDR_BUF_LEN
];
3257 /* This is a bridge or we're not a bridge authorititative --
3258 mark it as reachable. */
3259 log_info(LD_DIRSERV
, "Found router %s to be reachable at %s:%d. Yay.",
3260 router_describe(ri
),
3261 tor_addr_to_str(addrstr
, addr
, sizeof(addrstr
), 1),
3263 if (tor_addr_family(addr
) == AF_INET
) {
3264 rep_hist_note_router_reachable(digest_rcvd
, addr
, or_port
, now
);
3265 node
->last_reachable
= now
;
3266 } else if (tor_addr_family(addr
) == AF_INET6
) {
3267 /* No rephist for IPv6. */
3268 node
->last_reachable6
= now
;
3274 /** Called when we, as an authority, receive a new router descriptor either as
3275 * an upload or a download. Used to decide whether to relaunch reachability
3276 * testing for the server. */
3278 dirserv_should_launch_reachability_test(const routerinfo_t
*ri
,
3279 const routerinfo_t
*ri_old
)
3281 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3284 /* New router: Launch an immediate reachability test, so we will have an
3285 * opinion soon in case we're generating a consensus soon */
3288 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3289 /* It just came out of hibernation; launch a reachability test */
3292 if (! routers_have_same_or_addrs(ri
, ri_old
)) {
3293 /* Address or port changed; launch a reachability test */
3299 /** Helper function for dirserv_test_reachability(). Start a TLS
3300 * connection to <b>router</b>, and annotate it with when we started
3303 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3305 channel_t
*chan
= NULL
;
3306 node_t
*node
= NULL
;
3307 tor_addr_t router_addr
;
3311 node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
3315 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3316 router
->nickname
, fmt_addr32(router
->addr
), router
->or_port
);
3317 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3318 chan
= channel_tls_connect(&router_addr
, router
->or_port
,
3319 router
->cache_info
.identity_digest
);
3320 if (chan
) command_setup_channel(chan
);
3322 /* Possible IPv6. */
3323 if (get_options()->AuthDirHasIPv6Connectivity
== 1 &&
3324 !tor_addr_is_null(&router
->ipv6_addr
)) {
3325 char addrstr
[TOR_ADDR_BUF_LEN
];
3326 log_debug(LD_OR
, "Testing reachability of %s at %s:%u.",
3328 tor_addr_to_str(addrstr
, &router
->ipv6_addr
, sizeof(addrstr
), 1),
3329 router
->ipv6_orport
);
3330 chan
= channel_tls_connect(&router
->ipv6_addr
, router
->ipv6_orport
,
3331 router
->cache_info
.identity_digest
);
3332 if (chan
) command_setup_channel(chan
);
3336 /** Auth dir server only: load balance such that we only
3337 * try a few connections per call.
3339 * The load balancing is such that if we get called once every ten
3340 * seconds, we will cycle through all the tests in
3341 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3344 dirserv_test_reachability(time_t now
)
3346 /* XXX decide what to do here; see or-talk thread "purging old router
3347 * information, revocation." -NM
3348 * We can't afford to mess with this in 0.1.2.x. The reason is that
3349 * if we stop doing reachability tests on some of routerlist, then
3350 * we'll for-sure think they're down, which may have unexpected
3351 * effects in other parts of the code. It doesn't hurt much to do
3352 * the testing, and directory authorities are easy to upgrade. Let's
3353 * wait til 0.2.0. -RD */
3354 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3355 routerlist_t
*rl
= router_get_routerlist();
3356 static char ctr
= 0;
3357 int bridge_auth
= authdir_mode_bridge(get_options());
3359 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3360 const char *id_digest
= router
->cache_info
.identity_digest
;
3361 if (router_is_me(router
))
3363 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3364 continue; /* bridge authorities only test reachability on bridges */
3365 // if (router->cache_info.published_on > cutoff)
3367 if ((((uint8_t)id_digest
[0]) % REACHABILITY_MODULO_PER_TEST
) == ctr
) {
3368 dirserv_single_reachability_test(now
, router
);
3370 } SMARTLIST_FOREACH_END(router
);
3371 ctr
= (ctr
+ 1) % REACHABILITY_MODULO_PER_TEST
; /* increment ctr */
3374 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3375 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3376 * flavor name if we want a flavored v3 status, return a pointer to the
3377 * appropriate cached dir object, or NULL if there isn't one available. */
3378 static cached_dir_t
*
3379 lookup_cached_dir_by_fp(const char *fp
)
3381 cached_dir_t
*d
= NULL
;
3382 if (tor_digest_is_zero(fp
) && cached_consensuses
) {
3383 d
= strmap_get(cached_consensuses
, "ns");
3384 } else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
&&
3385 (d
= strmap_get(cached_consensuses
, fp
))) {
3386 /* this here interface is a nasty hack XXXX */;
3391 /** Remove from <b>fps</b> every networkstatus key where both
3392 * a) we have a networkstatus document and
3393 * b) it is not newer than <b>cutoff</b>.
3395 * Return 1 if any items were present at all; else return 0.
3398 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
3401 SMARTLIST_FOREACH_BEGIN(fps
, char *, digest
) {
3402 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
3406 if (d
->published
<= cutoff
) {
3408 SMARTLIST_DEL_CURRENT(fps
, digest
);
3410 } SMARTLIST_FOREACH_END(digest
);
3415 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3416 * its extra-info document if <b>extrainfo</b> is true. Return
3417 * NULL if not found or if the descriptor is older than
3418 * <b>publish_cutoff</b>. */
3419 static const signed_descriptor_t
*
3420 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
3421 time_t publish_cutoff
)
3423 if (router_digest_is_me(fp
)) {
3425 return &(router_get_my_extrainfo()->cache_info
);
3427 return &(router_get_my_routerinfo()->cache_info
);
3429 const routerinfo_t
*ri
= router_get_by_id_digest(fp
);
3431 ri
->cache_info
.published_on
> publish_cutoff
) {
3433 return extrainfo_get_by_descriptor_digest(
3434 ri
->cache_info
.extra_info_digest
);
3436 return &ri
->cache_info
;
3442 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3443 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3444 * decide whether to send a 404. */
3446 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
3448 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3449 SMARTLIST_FOREACH_BEGIN(fps
, const char *, fp
) {
3452 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3453 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
3455 case DIR_SPOOL_SERVER_BY_DIGEST
:
3456 if (router_get_by_descriptor_digest(fp
)) return 1;
3458 case DIR_SPOOL_EXTRA_BY_FP
:
3459 case DIR_SPOOL_SERVER_BY_FP
:
3460 if (get_signed_descriptor_by_fp(fp
,
3461 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3465 } SMARTLIST_FOREACH_END(fp
);
3469 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3470 * a microdescriptor we have. */
3472 dirserv_have_any_microdesc(const smartlist_t
*fps
)
3474 microdesc_cache_t
*cache
= get_microdesc_cache();
3475 SMARTLIST_FOREACH(fps
, const char *, fp
,
3476 if (microdesc_cache_lookup_by_digest256(cache
, fp
))
3481 /** Return an approximate estimate of the number of bytes that will
3482 * be needed to transmit the server descriptors (if is_serverdescs --
3483 * they can be either d/ or fp/ queries) or networkstatus objects (if
3484 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3485 * we guess how large the data will be after compression.
3487 * The return value is an estimate; it might be larger or smaller.
3490 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3495 if (is_serverdescs
) {
3496 int n
= smartlist_len(fps
);
3497 const routerinfo_t
*me
= router_get_my_routerinfo();
3498 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3500 result
/= 2; /* observed compressibility is between 35 and 55%. */
3503 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3504 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3506 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3512 /** Given a list of microdescriptor hashes, guess how many bytes will be
3513 * needed to transmit them, and return the guess. */
3515 dirserv_estimate_microdesc_size(const smartlist_t
*fps
, int compressed
)
3517 size_t result
= smartlist_len(fps
) * microdesc_average_size(NULL
);
3523 /** When we're spooling data onto our outbuf, add more whenever we dip
3524 * below this threshold. */
3525 #define DIRSERV_BUFFER_MIN 16384
3527 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3528 * Flushes any remaining data to be (un)compressed, and changes the spool
3529 * source to NONE. Returns 0 on success, negative on failure. */
3531 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3533 if (conn
->zlib_state
) {
3534 connection_write_to_buf_zlib("", 0, conn
, 1);
3535 tor_zlib_free(conn
->zlib_state
);
3536 conn
->zlib_state
= NULL
;
3538 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3542 /** Spooling helper: called when we're sending a bunch of server descriptors,
3543 * and the outbuf has become too empty. Pulls some entries from
3544 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3545 * run out of entries, flushes the zlib state and sets the spool source to
3546 * NONE. Returns 0 on success, negative on failure.
3549 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3551 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3552 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3553 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3554 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3555 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3557 const or_options_t
*options
= get_options();
3559 while (smartlist_len(conn
->fingerprint_stack
) &&
3560 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3562 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3563 const signed_descriptor_t
*sd
= NULL
;
3565 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3567 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3568 : router_get_by_descriptor_digest(fp
);
3573 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3574 /* we did this check once before (so we could have an accurate size
3575 * estimate and maybe send a 404 if somebody asked for only bridges on a
3576 * connection), but we need to do it again in case a previously
3577 * unknown bridge descriptor has shown up between then and now. */
3581 /** If we are the bridge authority and the descriptor is a bridge
3582 * descriptor, remember that we served this descriptor for desc stats. */
3583 if (options
->BridgeAuthoritativeDir
&& by_fp
) {
3584 const routerinfo_t
*router
=
3585 router_get_by_id_digest(sd
->identity_digest
);
3586 /* router can be NULL here when the bridge auth is asked for its own
3588 if (router
&& router
->purpose
== ROUTER_PURPOSE_BRIDGE
)
3589 rep_hist_note_desc_served(sd
->identity_digest
);
3591 body
= signed_descriptor_get_body(sd
);
3592 if (conn
->zlib_state
) {
3593 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3594 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3597 tor_zlib_free(conn
->zlib_state
);
3598 conn
->zlib_state
= NULL
;
3601 connection_write_to_buf(body
,
3602 sd
->signed_descriptor_len
,
3607 if (!smartlist_len(conn
->fingerprint_stack
)) {
3608 /* We just wrote the last one; finish up. */
3609 if (conn
->zlib_state
) {
3610 connection_write_to_buf_zlib("", 0, conn
, 1);
3611 tor_zlib_free(conn
->zlib_state
);
3612 conn
->zlib_state
= NULL
;
3614 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3615 smartlist_free(conn
->fingerprint_stack
);
3616 conn
->fingerprint_stack
= NULL
;
3621 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3622 * and the outbuf has become too empty. Pulls some entries from
3623 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3624 * we run out of entries, flushes the zlib state and sets the spool source to
3625 * NONE. Returns 0 on success, negative on failure.
3628 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t
*conn
)
3630 microdesc_cache_t
*cache
= get_microdesc_cache();
3631 while (smartlist_len(conn
->fingerprint_stack
) &&
3632 connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3633 char *fp256
= smartlist_pop_last(conn
->fingerprint_stack
);
3634 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(cache
, fp256
);
3636 if (!md
|| !md
->body
)
3638 if (conn
->zlib_state
) {
3639 int last
= !smartlist_len(conn
->fingerprint_stack
);
3640 connection_write_to_buf_zlib(md
->body
, md
->bodylen
, conn
, last
);
3642 tor_zlib_free(conn
->zlib_state
);
3643 conn
->zlib_state
= NULL
;
3646 connection_write_to_buf(md
->body
, md
->bodylen
, TO_CONN(conn
));
3649 if (!smartlist_len(conn
->fingerprint_stack
)) {
3650 if (conn
->zlib_state
) {
3651 connection_write_to_buf_zlib("", 0, conn
, 1);
3652 tor_zlib_free(conn
->zlib_state
);
3653 conn
->zlib_state
= NULL
;
3655 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3656 smartlist_free(conn
->fingerprint_stack
);
3657 conn
->fingerprint_stack
= NULL
;
3662 /** Spooling helper: Called when we're sending a directory or networkstatus,
3663 * and the outbuf has become too empty. Pulls some bytes from
3664 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3665 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3666 * and sets the spool source to NONE. Returns 0 on success, negative on
3669 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3674 bytes
= DIRSERV_BUFFER_MIN
- connection_get_outbuf_len(TO_CONN(conn
));
3675 tor_assert(bytes
> 0);
3676 tor_assert(conn
->cached_dir
);
3679 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3680 if (bytes
> remaining
)
3681 bytes
= (ssize_t
) remaining
;
3683 if (conn
->zlib_state
) {
3684 connection_write_to_buf_zlib(
3685 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3686 bytes
, conn
, bytes
== remaining
);
3688 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3689 bytes
, TO_CONN(conn
));
3691 conn
->cached_dir_offset
+= bytes
;
3692 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3693 /* We just wrote the last one; finish up. */
3694 connection_dirserv_finish_spooling(conn
);
3695 cached_dir_decref(conn
->cached_dir
);
3696 conn
->cached_dir
= NULL
;
3701 /** Spooling helper: Called when we're spooling networkstatus objects on
3702 * <b>conn</b>, and the outbuf has become too empty. If the current
3703 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3704 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3705 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3706 * treated as a request for the current consensus.) If we run out of entries,
3707 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3708 * success, negative on failure. */
3710 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3713 while (connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
) {
3714 if (conn
->cached_dir
) {
3715 int uncompressing
= (conn
->zlib_state
!= NULL
);
3716 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3717 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3718 /* add_dir_bytes thinks we're done with the cached_dir. But we
3719 * may have more cached_dirs! */
3720 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3721 /* This bit is tricky. If we were uncompressing the last
3722 * networkstatus, we may need to make a new zlib object to
3723 * uncompress the next one. */
3724 if (uncompressing
&& ! conn
->zlib_state
&&
3725 conn
->fingerprint_stack
&&
3726 smartlist_len(conn
->fingerprint_stack
)) {
3727 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
, HIGH_COMPRESSION
);
3731 } else if (conn
->fingerprint_stack
&&
3732 smartlist_len(conn
->fingerprint_stack
)) {
3733 /* Add another networkstatus; start serving it. */
3734 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3735 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3739 conn
->cached_dir
= d
;
3740 conn
->cached_dir_offset
= 0;
3743 connection_dirserv_finish_spooling(conn
);
3744 smartlist_free(conn
->fingerprint_stack
);
3745 conn
->fingerprint_stack
= NULL
;
3752 /** Called whenever we have flushed some directory data in state
3753 * SERVER_WRITING. */
3755 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3757 tor_assert(conn
->base_
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3759 if (connection_get_outbuf_len(TO_CONN(conn
)) >= DIRSERV_BUFFER_MIN
)
3762 switch (conn
->dir_spool_src
) {
3763 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3764 case DIR_SPOOL_EXTRA_BY_FP
:
3765 case DIR_SPOOL_SERVER_BY_DIGEST
:
3766 case DIR_SPOOL_SERVER_BY_FP
:
3767 return connection_dirserv_add_servers_to_outbuf(conn
);
3768 case DIR_SPOOL_MICRODESC
:
3769 return connection_dirserv_add_microdescs_to_outbuf(conn
);
3770 case DIR_SPOOL_CACHED_DIR
:
3771 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3772 case DIR_SPOOL_NETWORKSTATUS
:
3773 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3774 case DIR_SPOOL_NONE
:
3780 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3785 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3787 PACKAGENAME = NONSPACE
3790 DIGESTS = DIGEST | DIGESTS SP DIGEST
3791 DIGEST = DIGESTTYPE "=" DIGESTVAL
3793 NONSPACE = one or more non-space printing characters
3795 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3802 validate_recommended_package_line(const char *line
)
3804 const char *cp
= line
;
3810 cp = strchr(cp, ' '); \
3815 WORD(); /* skip packagename */
3817 WORD(); /* skip version */
3819 WORD(); /* Skip URL */
3822 /* Skip digesttype=digestval + */
3825 const char *start_of_word
= cp
;
3826 const char *end_of_word
= strchr(cp
, ' ');
3828 end_of_word
= cp
+ strlen(cp
);
3830 if (start_of_word
== end_of_word
)
3833 const char *eq
= memchr(start_of_word
, '=', end_of_word
- start_of_word
);
3837 if (eq
== start_of_word
)
3839 if (eq
== end_of_word
- 1)
3841 if (memchr(eq
+1, '=', end_of_word
- (eq
+1)))
3845 if (0 == *end_of_word
)
3848 cp
= end_of_word
+ 1;
3851 /* If we reach this point, we have at least 1 entry. */
3852 tor_assert(n_entries
> 0);
3856 /** Release all storage used by the directory server. */
3858 dirserv_free_all(void)
3860 dirserv_free_fingerprint_list();
3862 strmap_free(cached_consensuses
, free_cached_dir_
);
3863 cached_consensuses
= NULL
;
3865 dirserv_clear_measured_bw_cache();