search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'public/bug23985_029' into maint-0.2.9
[tor.git] / src / or / routerlist.c
blob1ad03b6cda235a98c103aafc971947a10f9e34cc
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file routerlist.c
9 * \brief Code to
10 * maintain and access the global list of routerinfos for known
11 * servers.
12 *
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
19 *
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
22 * networkstatus.
23 *
24 * Right now, routerinfo_t objects are used in these ways:
25 * <ul>
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
34 * else wants them.
35 * </ul>
36 *
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
42 *
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
48 *
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
53 *
54 * <br>
55 *
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
60 *
61 * <br>
62 *
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
66 *
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
71 *
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
77 *
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
80 *
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
87 *
88 * TODO: Authority certificates should be a separate module.
89 *
90 * TODO: dir_server_t stuff should be in a separate module.
91 **/
92
93 #define ROUTERLIST_PRIVATE
94 #include "or.h"
95 #include "backtrace.h"
96 #include "crypto_ed25519.h"
97 #include "circuitstats.h"
98 #include "config.h"
99 #include "connection.h"
100 #include "control.h"
101 #include "directory.h"
102 #include "dirserv.h"
103 #include "dirvote.h"
104 #include "entrynodes.h"
105 #include "fp_pair.h"
106 #include "geoip.h"
107 #include "hibernate.h"
108 #include "main.h"
109 #include "microdesc.h"
110 #include "networkstatus.h"
111 #include "nodelist.h"
112 #include "policies.h"
113 #include "reasons.h"
114 #include "rendcommon.h"
115 #include "rendservice.h"
116 #include "rephist.h"
117 #include "router.h"
118 #include "routerlist.h"
119 #include "routerparse.h"
120 #include "routerset.h"
121 #include "sandbox.h"
122 #include "torcert.h"
123
124 // #define DEBUG_ROUTERLIST
125
126 /****************************************************************************/
127
128 /* Typed wrappers for different digestmap types; used to avoid type
129 * confusion. */
130
131 DECLARE_TYPED_DIGESTMAP_FNS(sdmap_, digest_sd_map_t, signed_descriptor_t)
132 DECLARE_TYPED_DIGESTMAP_FNS(rimap_, digest_ri_map_t, routerinfo_t)
133 DECLARE_TYPED_DIGESTMAP_FNS(eimap_, digest_ei_map_t, extrainfo_t)
134 DECLARE_TYPED_DIGESTMAP_FNS(dsmap_, digest_ds_map_t, download_status_t)
135 #define SDMAP_FOREACH(map, keyvar, valvar) \
136 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
137 valvar)
138 #define RIMAP_FOREACH(map, keyvar, valvar) \
139 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
140 #define EIMAP_FOREACH(map, keyvar, valvar) \
141 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
142 #define DSMAP_FOREACH(map, keyvar, valvar) \
143 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
144 valvar)
145
146 /* Forward declaration for cert_list_t */
147 typedef struct cert_list_t cert_list_t;
148
149 /* static function prototypes */
150 static int compute_weighted_bandwidths(const smartlist_t *sl,
151 bandwidth_weight_rule_t rule,
152 double **bandwidths_out);
153 static const routerstatus_t *router_pick_trusteddirserver_impl(
154 const smartlist_t *sourcelist, dirinfo_type_t auth,
155 int flags, int *n_busy_out);
156 static const routerstatus_t *router_pick_dirserver_generic(
157 smartlist_t *sourcelist,
158 dirinfo_type_t type, int flags);
159 static void mark_all_dirservers_up(smartlist_t *server_list);
160 static void dir_server_free(dir_server_t *ds);
161 static int signed_desc_digest_is_recognized(signed_descriptor_t *desc);
162 static const char *signed_descriptor_get_body_impl(
163 const signed_descriptor_t *desc,
164 int with_annotations);
165 static void list_pending_downloads(digestmap_t *result,
166 digest256map_t *result256,
167 int purpose, const char *prefix);
168 static void list_pending_fpsk_downloads(fp_pair_map_t *result);
169 static void launch_dummy_descriptor_download_as_needed(time_t now,
170 const or_options_t *options);
171 static void download_status_reset_by_sk_in_cl(cert_list_t *cl,
172 const char *digest);
173 static int download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
174 const char *digest,
175 time_t now, int max_failures);
176
177 /****************************************************************************/
178
179 /** Global list of a dir_server_t object for each directory
180 * authority. */
181 static smartlist_t *trusted_dir_servers = NULL;
182 /** Global list of dir_server_t objects for all directory authorities
183 * and all fallback directory servers. */
184 static smartlist_t *fallback_dir_servers = NULL;
185
186 /** List of certificates for a single authority, and download status for
187 * latest certificate.
188 */
189 struct cert_list_t {
190 /*
191 * The keys of download status map are cert->signing_key_digest for pending
192 * downloads by (identity digest/signing key digest) pair; functions such
193 * as authority_cert_get_by_digest() already assume these are unique.
194 */
195 struct digest_ds_map_t *dl_status_map;
196 /* There is also a dlstatus for the download by identity key only */
197 download_status_t dl_status_by_id;
198 smartlist_t *certs;
199 };
200 /** Map from v3 identity key digest to cert_list_t. */
201 static digestmap_t *trusted_dir_certs = NULL;
202 /** True iff any key certificate in at least one member of
203 * <b>trusted_dir_certs</b> has changed since we last flushed the
204 * certificates to disk. */
205 static int trusted_dir_servers_certs_changed = 0;
206
207 /** Global list of all of the routers that we know about. */
208 static routerlist_t *routerlist = NULL;
209
210 /** List of strings for nicknames we've already warned about and that are
211 * still unknown / unavailable. */
212 static smartlist_t *warned_nicknames = NULL;
213
214 /** The last time we tried to download any routerdesc, or 0 for "never". We
215 * use this to rate-limit download attempts when the number of routerdescs to
216 * download is low. */
217 static time_t last_descriptor_download_attempted = 0;
218
219 /** Return the number of directory authorities whose type matches some bit set
220 * in <b>type</b> */
221 int
222 get_n_authorities(dirinfo_type_t type)
223 {
224 int n = 0;
225 if (!trusted_dir_servers)
226 return 0;
227 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
228 if (ds->type & type)
229 ++n);
230 return n;
231 }
232
233 /** Initialise schedule, want_authority, and increment on in the download
234 * status dlstatus, then call download_status_reset() on it.
235 * It is safe to call this function or download_status_reset() multiple times
236 * on a new dlstatus. But it should *not* be called after a dlstatus has been
237 * used to count download attempts or failures. */
238 static void
239 download_status_cert_init(download_status_t *dlstatus)
240 {
241 dlstatus->schedule = DL_SCHED_CONSENSUS;
242 dlstatus->want_authority = DL_WANT_ANY_DIRSERVER;
243 dlstatus->increment_on = DL_SCHED_INCREMENT_FAILURE;
244 dlstatus->backoff = DL_SCHED_RANDOM_EXPONENTIAL;
245 dlstatus->last_backoff_position = 0;
246 dlstatus->last_delay_used = 0;
247
248 /* Use the new schedule to set next_attempt_at */
249 download_status_reset(dlstatus);
250 }
251
252 /** Reset the download status of a specified element in a dsmap */
253 static void
254 download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
255 {
256 download_status_t *dlstatus = NULL;
257
258 tor_assert(cl);
259 tor_assert(digest);
260
261 /* Make sure we have a dsmap */
262 if (!(cl->dl_status_map)) {
263 cl->dl_status_map = dsmap_new();
264 }
265 /* Look for a download_status_t in the map with this digest */
266 dlstatus = dsmap_get(cl->dl_status_map, digest);
267 /* Got one? */
268 if (!dlstatus) {
269 /* Insert before we reset */
270 dlstatus = tor_malloc_zero(sizeof(*dlstatus));
271 dsmap_set(cl->dl_status_map, digest, dlstatus);
272 download_status_cert_init(dlstatus);
273 }
274 tor_assert(dlstatus);
275 /* Go ahead and reset it */
276 download_status_reset(dlstatus);
277 }
278
279 /**
280 * Return true if the download for this signing key digest in cl is ready
281 * to be re-attempted.
282 */
283 static int
284 download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
285 const char *digest,
286 time_t now, int max_failures)
287 {
288 int rv = 0;
289 download_status_t *dlstatus = NULL;
290
291 tor_assert(cl);
292 tor_assert(digest);
293
294 /* Make sure we have a dsmap */
295 if (!(cl->dl_status_map)) {
296 cl->dl_status_map = dsmap_new();
297 }
298 /* Look for a download_status_t in the map with this digest */
299 dlstatus = dsmap_get(cl->dl_status_map, digest);
300 /* Got one? */
301 if (dlstatus) {
302 /* Use download_status_is_ready() */
303 rv = download_status_is_ready(dlstatus, now, max_failures);
304 } else {
305 /*
306 * If we don't know anything about it, return 1, since we haven't
307 * tried this one before. We need to create a new entry here,
308 * too.
309 */
310 dlstatus = tor_malloc_zero(sizeof(*dlstatus));
311 download_status_cert_init(dlstatus);
312 dsmap_set(cl->dl_status_map, digest, dlstatus);
313 rv = 1;
314 }
315
316 return rv;
317 }
318
319 /** Helper: Return the cert_list_t for an authority whose authority ID is
320 * <b>id_digest</b>, allocating a new list if necessary. */
321 static cert_list_t *
322 get_cert_list(const char *id_digest)
323 {
324 cert_list_t *cl;
325 if (!trusted_dir_certs)
326 trusted_dir_certs = digestmap_new();
327 cl = digestmap_get(trusted_dir_certs, id_digest);
328 if (!cl) {
329 cl = tor_malloc_zero(sizeof(cert_list_t));
330 download_status_cert_init(&cl->dl_status_by_id);
331 cl->certs = smartlist_new();
332 cl->dl_status_map = dsmap_new();
333 digestmap_set(trusted_dir_certs, id_digest, cl);
334 }
335 return cl;
336 }
337
338 /** Return a list of authority ID digests with potentially enumerable lists
339 * of download_status_t objects; used by controller GETINFO queries.
340 */
341
342 MOCK_IMPL(smartlist_t *,
343 list_authority_ids_with_downloads, (void))
344 {
345 smartlist_t *ids = smartlist_new();
346 digestmap_iter_t *i;
347 const char *digest;
348 char *tmp;
349 void *cl;
350
351 if (trusted_dir_certs) {
352 for (i = digestmap_iter_init(trusted_dir_certs);
353 !(digestmap_iter_done(i));
354 i = digestmap_iter_next(trusted_dir_certs, i)) {
355 /*
356 * We always have at least dl_status_by_id to query, so no need to
357 * probe deeper than the existence of a cert_list_t.
358 */
359 digestmap_iter_get(i, &digest, &cl);
360 tmp = tor_malloc(DIGEST_LEN);
361 memcpy(tmp, digest, DIGEST_LEN);
362 smartlist_add(ids, tmp);
363 }
364 }
365 /* else definitely no downlaods going since nothing even has a cert list */
366
367 return ids;
368 }
369
370 /** Given an authority ID digest, return a pointer to the default download
371 * status, or NULL if there is no such entry in trusted_dir_certs */
372
373 MOCK_IMPL(download_status_t *,
374 id_only_download_status_for_authority_id, (const char *digest))
375 {
376 download_status_t *dl = NULL;
377 cert_list_t *cl;
378
379 if (trusted_dir_certs) {
380 cl = digestmap_get(trusted_dir_certs, digest);
381 if (cl) {
382 dl = &(cl->dl_status_by_id);
383 }
384 }
385
386 return dl;
387 }
388
389 /** Given an authority ID digest, return a smartlist of signing key digests
390 * for which download_status_t is potentially queryable, or NULL if no such
391 * authority ID digest is known. */
392
393 MOCK_IMPL(smartlist_t *,
394 list_sk_digests_for_authority_id, (const char *digest))
395 {
396 smartlist_t *sks = NULL;
397 cert_list_t *cl;
398 dsmap_iter_t *i;
399 const char *sk_digest;
400 char *tmp;
401 download_status_t *dl;
402
403 if (trusted_dir_certs) {
404 cl = digestmap_get(trusted_dir_certs, digest);
405 if (cl) {
406 sks = smartlist_new();
407 if (cl->dl_status_map) {
408 for (i = dsmap_iter_init(cl->dl_status_map);
409 !(dsmap_iter_done(i));
410 i = dsmap_iter_next(cl->dl_status_map, i)) {
411 /* Pull the digest out and add it to the list */
412 dsmap_iter_get(i, &sk_digest, &dl);
413 tmp = tor_malloc(DIGEST_LEN);
414 memcpy(tmp, sk_digest, DIGEST_LEN);
415 smartlist_add(sks, tmp);
416 }
417 }
418 }
419 }
420
421 return sks;
422 }
423
424 /** Given an authority ID digest and a signing key digest, return the
425 * download_status_t or NULL if none exists. */
426
427 MOCK_IMPL(download_status_t *,
428 download_status_for_authority_id_and_sk,
429 (const char *id_digest, const char *sk_digest))
430 {
431 download_status_t *dl = NULL;
432 cert_list_t *cl = NULL;
433
434 if (trusted_dir_certs) {
435 cl = digestmap_get(trusted_dir_certs, id_digest);
436 if (cl && cl->dl_status_map) {
437 dl = dsmap_get(cl->dl_status_map, sk_digest);
438 }
439 }
440
441 return dl;
442 }
443
444 /** Release all space held by a cert_list_t */
445 static void
446 cert_list_free(cert_list_t *cl)
447 {
448 if (!cl)
449 return;
450
451 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
452 authority_cert_free(cert));
453 smartlist_free(cl->certs);
454 dsmap_free(cl->dl_status_map, tor_free_);
455 tor_free(cl);
456 }
457
458 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
459 static void
460 cert_list_free_(void *cl)
461 {
462 cert_list_free(cl);
463 }
464
465 /** Reload the cached v3 key certificates from the cached-certs file in
466 * the data directory. Return 0 on success, -1 on failure. */
467 int
468 trusted_dirs_reload_certs(void)
469 {
470 char *filename;
471 char *contents;
472 int r;
473
474 filename = get_datadir_fname("cached-certs");
475 contents = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
476 tor_free(filename);
477 if (!contents)
478 return 0;
479 r = trusted_dirs_load_certs_from_string(
480 contents,
481 TRUSTED_DIRS_CERTS_SRC_FROM_STORE, 1, NULL);
482 tor_free(contents);
483 return r;
484 }
485
486 /** Helper: return true iff we already have loaded the exact cert
487 * <b>cert</b>. */
488 static inline int
489 already_have_cert(authority_cert_t *cert)
490 {
491 cert_list_t *cl = get_cert_list(cert->cache_info.identity_digest);
492
493 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, c,
494 {
495 if (tor_memeq(c->cache_info.signed_descriptor_digest,
496 cert->cache_info.signed_descriptor_digest,
497 DIGEST_LEN))
498 return 1;
499 });
500 return 0;
501 }
502
503 /** Load a bunch of new key certificates from the string <b>contents</b>. If
504 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
505 * from the cache, and we don't need to flush them to disk. If we are a
506 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
507 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
508 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
509 * need to flush any changed certificates to disk now. Return 0 on success,
510 * -1 if any certs fail to parse.
511 *
512 * If source_dir is non-NULL, it's the identity digest for a directory that
513 * we've just successfully retrieved certificates from, so try it first to
514 * fetch any missing certificates.
515 */
516 int
517 trusted_dirs_load_certs_from_string(const char *contents, int source,
518 int flush, const char *source_dir)
519 {
520 dir_server_t *ds;
521 const char *s, *eos;
522 int failure_code = 0;
523 int from_store = (source == TRUSTED_DIRS_CERTS_SRC_FROM_STORE);
524 int added_trusted_cert = 0;
525
526 for (s = contents; *s; s = eos) {
527 authority_cert_t *cert = authority_cert_parse_from_string(s, &eos);
528 cert_list_t *cl;
529 if (!cert) {
530 failure_code = -1;
531 break;
532 }
533 ds = trusteddirserver_get_by_v3_auth_digest(
534 cert->cache_info.identity_digest);
535 log_debug(LD_DIR, "Parsed certificate for %s",
536 ds ? ds->nickname : "unknown authority");
537
538 if (already_have_cert(cert)) {
539 /* we already have this one. continue. */
540 log_info(LD_DIR, "Skipping %s certificate for %s that we "
541 "already have.",
542 from_store ? "cached" : "downloaded",
543 ds ? ds->nickname : "an old or new authority");
544
545 /*
546 * A duplicate on download should be treated as a failure, so we call
547 * authority_cert_dl_failed() to reset the download status to make sure
548 * we can't try again. Since we've implemented the fp-sk mechanism
549 * to download certs by signing key, this should be much rarer than it
550 * was and is perhaps cause for concern.
551 */
552 if (!from_store) {
553 if (authdir_mode(get_options())) {
554 log_warn(LD_DIR,
555 "Got a certificate for %s, but we already have it. "
556 "Maybe they haven't updated it. Waiting for a while.",
557 ds ? ds->nickname : "an old or new authority");
558 } else {
559 log_info(LD_DIR,
560 "Got a certificate for %s, but we already have it. "
561 "Maybe they haven't updated it. Waiting for a while.",
562 ds ? ds->nickname : "an old or new authority");
563 }
564
565 /*
566 * This is where we care about the source; authority_cert_dl_failed()
567 * needs to know whether the download was by fp or (fp,sk) pair to
568 * twiddle the right bit in the download map.
569 */
570 if (source == TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST) {
571 authority_cert_dl_failed(cert->cache_info.identity_digest,
572 NULL, 404);
573 } else if (source == TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST) {
574 authority_cert_dl_failed(cert->cache_info.identity_digest,
575 cert->signing_key_digest, 404);
576 }
577 }
578
579 authority_cert_free(cert);
580 continue;
581 }
582
583 if (ds) {
584 added_trusted_cert = 1;
585 log_info(LD_DIR, "Adding %s certificate for directory authority %s with "
586 "signing key %s", from_store ? "cached" : "downloaded",
587 ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
588 } else {
589 int adding = directory_caches_unknown_auth_certs(get_options());
590 log_info(LD_DIR, "%s %s certificate for unrecognized directory "
591 "authority with signing key %s",
592 adding ? "Adding" : "Not adding",
593 from_store ? "cached" : "downloaded",
594 hex_str(cert->signing_key_digest,DIGEST_LEN));
595 if (!adding) {
596 authority_cert_free(cert);
597 continue;
598 }
599 }
600
601 cl = get_cert_list(cert->cache_info.identity_digest);
602 smartlist_add(cl->certs, cert);
603 if (ds && cert->cache_info.published_on > ds->addr_current_at) {
604 /* Check to see whether we should update our view of the authority's
605 * address. */
606 if (cert->addr && cert->dir_port &&
607 (ds->addr != cert->addr ||
608 ds->dir_port != cert->dir_port)) {
609 char *a = tor_dup_ip(cert->addr);
610 log_notice(LD_DIR, "Updating address for directory authority %s "
611 "from %s:%d to %s:%d based on certificate.",
612 ds->nickname, ds->address, (int)ds->dir_port,
613 a, cert->dir_port);
614 tor_free(a);
615 ds->addr = cert->addr;
616 ds->dir_port = cert->dir_port;
617 }
618 ds->addr_current_at = cert->cache_info.published_on;
619 }
620
621 if (!from_store)
622 trusted_dir_servers_certs_changed = 1;
623 }
624
625 if (flush)
626 trusted_dirs_flush_certs_to_disk();
627
628 /* call this even if failure_code is <0, since some certs might have
629 * succeeded, but only pass source_dir if there were no failures,
630 * and at least one more authority certificate was added to the store.
631 * This avoids retrying a directory that's serving bad or entirely duplicate
632 * certificates. */
633 if (failure_code == 0 && added_trusted_cert) {
634 networkstatus_note_certs_arrived(source_dir);
635 } else {
636 networkstatus_note_certs_arrived(NULL);
637 }
638
639 return failure_code;
640 }
641
642 /** Save all v3 key certificates to the cached-certs file. */
643 void
644 trusted_dirs_flush_certs_to_disk(void)
645 {
646 char *filename;
647 smartlist_t *chunks;
648
649 if (!trusted_dir_servers_certs_changed || !trusted_dir_certs)
650 return;
651
652 chunks = smartlist_new();
653 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
654 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
655 {
656 sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
657 c->bytes = cert->cache_info.signed_descriptor_body;
658 c->len = cert->cache_info.signed_descriptor_len;
659 smartlist_add(chunks, c);
660 });
661 } DIGESTMAP_FOREACH_END;
662
663 filename = get_datadir_fname("cached-certs");
664 if (write_chunks_to_file(filename, chunks, 0, 0)) {
665 log_warn(LD_FS, "Error writing certificates to disk.");
666 }
667 tor_free(filename);
668 SMARTLIST_FOREACH(chunks, sized_chunk_t *, c, tor_free(c));
669 smartlist_free(chunks);
670
671 trusted_dir_servers_certs_changed = 0;
672 }
673
674 static int
675 compare_certs_by_pubdates(const void **_a, const void **_b)
676 {
677 const authority_cert_t *cert1 = *_a, *cert2=*_b;
678
679 if (cert1->cache_info.published_on < cert2->cache_info.published_on)
680 return -1;
681 else if (cert1->cache_info.published_on > cert2->cache_info.published_on)
682 return 1;
683 else
684 return 0;
685 }
686
687 /** Remove all expired v3 authority certificates that have been superseded for
688 * more than 48 hours or, if not expired, that were published more than 7 days
689 * before being superseded. (If the most recent cert was published more than 48
690 * hours ago, then we aren't going to get any consensuses signed with older
691 * keys.) */
692 static void
693 trusted_dirs_remove_old_certs(void)
694 {
695 time_t now = time(NULL);
696 #define DEAD_CERT_LIFETIME (2*24*60*60)
697 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
698 if (!trusted_dir_certs)
699 return;
700
701 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
702 /* Sort the list from first-published to last-published */
703 smartlist_sort(cl->certs, compare_certs_by_pubdates);
704
705 SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
706 if (cert_sl_idx == smartlist_len(cl->certs) - 1) {
707 /* This is the most recently published cert. Keep it. */
708 continue;
709 }
710 authority_cert_t *next_cert = smartlist_get(cl->certs, cert_sl_idx+1);
711 const time_t next_cert_published = next_cert->cache_info.published_on;
712 if (next_cert_published > now) {
713 /* All later certs are published in the future. Keep everything
714 * we didn't discard. */
715 break;
716 }
717 int should_remove = 0;
718 if (cert->expires + DEAD_CERT_LIFETIME < now) {
719 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
720 * Remove it. */
721 should_remove = 1;
722 } else if (next_cert_published + SUPERSEDED_CERT_LIFETIME < now) {
723 /* Certificate has been superseded for OLD_CERT_LIFETIME.
724 * Remove it.
725 */
726 should_remove = 1;
727 }
728 if (should_remove) {
729 SMARTLIST_DEL_CURRENT_KEEPORDER(cl->certs, cert);
730 authority_cert_free(cert);
731 trusted_dir_servers_certs_changed = 1;
732 }
733 } SMARTLIST_FOREACH_END(cert);
734
735 } DIGESTMAP_FOREACH_END;
736 #undef DEAD_CERT_LIFETIME
737 #undef OLD_CERT_LIFETIME
738
739 trusted_dirs_flush_certs_to_disk();
740 }
741
742 /** Return the newest v3 authority certificate whose v3 authority identity key
743 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
744 * or it has no certificate. */
745 authority_cert_t *
746 authority_cert_get_newest_by_id(const char *id_digest)
747 {
748 cert_list_t *cl;
749 authority_cert_t *best = NULL;
750 if (!trusted_dir_certs ||
751 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
752 return NULL;
753
754 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
755 {
756 if (!best || cert->cache_info.published_on > best->cache_info.published_on)
757 best = cert;
758 });
759 return best;
760 }
761
762 /** Return the newest v3 authority certificate whose directory signing key has
763 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
764 */
765 authority_cert_t *
766 authority_cert_get_by_sk_digest(const char *sk_digest)
767 {
768 authority_cert_t *c;
769 if (!trusted_dir_certs)
770 return NULL;
771
772 if ((c = get_my_v3_authority_cert()) &&
773 tor_memeq(c->signing_key_digest, sk_digest, DIGEST_LEN))
774 return c;
775 if ((c = get_my_v3_legacy_cert()) &&
776 tor_memeq(c->signing_key_digest, sk_digest, DIGEST_LEN))
777 return c;
778
779 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
780 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
781 {
782 if (tor_memeq(cert->signing_key_digest, sk_digest, DIGEST_LEN))
783 return cert;
784 });
785 } DIGESTMAP_FOREACH_END;
786 return NULL;
787 }
788
789 /** Return the v3 authority certificate with signing key matching
790 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
791 * Return NULL if no such authority is known. */
792 authority_cert_t *
793 authority_cert_get_by_digests(const char *id_digest,
794 const char *sk_digest)
795 {
796 cert_list_t *cl;
797 if (!trusted_dir_certs ||
798 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
799 return NULL;
800 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
801 if (tor_memeq(cert->signing_key_digest, sk_digest, DIGEST_LEN))
802 return cert; );
803
804 return NULL;
805 }
806
807 /** Add every known authority_cert_t to <b>certs_out</b>. */
808 void
809 authority_cert_get_all(smartlist_t *certs_out)
810 {
811 tor_assert(certs_out);
812 if (!trusted_dir_certs)
813 return;
814
815 DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
816 SMARTLIST_FOREACH(cl->certs, authority_cert_t *, c,
817 smartlist_add(certs_out, c));
818 } DIGESTMAP_FOREACH_END;
819 }
820
821 /** Called when an attempt to download a certificate with the authority with
822 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
823 * fails with HTTP response code <b>status</b>: remember the failure, so we
824 * don't try again immediately. */
825 void
826 authority_cert_dl_failed(const char *id_digest,
827 const char *signing_key_digest, int status)
828 {
829 cert_list_t *cl;
830 download_status_t *dlstatus = NULL;
831 char id_digest_str[2*DIGEST_LEN+1];
832 char sk_digest_str[2*DIGEST_LEN+1];
833
834 if (!trusted_dir_certs ||
835 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
836 return;
837
838 /*
839 * Are we noting a failed download of the latest cert for the id digest,
840 * or of a download by (id, signing key) digest pair?
841 */
842 if (!signing_key_digest) {
843 /* Just by id digest */
844 download_status_failed(&cl->dl_status_by_id, status);
845 } else {
846 /* Reset by (id, signing key) digest pair
847 *
848 * Look for a download_status_t in the map with this digest
849 */
850 dlstatus = dsmap_get(cl->dl_status_map, signing_key_digest);
851 /* Got one? */
852 if (dlstatus) {
853 download_status_failed(dlstatus, status);
854 } else {
855 /*
856 * Do this rather than hex_str(), since hex_str clobbers
857 * old results and we call twice in the param list.
858 */
859 base16_encode(id_digest_str, sizeof(id_digest_str),
860 id_digest, DIGEST_LEN);
861 base16_encode(sk_digest_str, sizeof(sk_digest_str),
862 signing_key_digest, DIGEST_LEN);
863 log_warn(LD_BUG,
864 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
865 "status %d, but knew nothing about the download.",
866 id_digest_str, sk_digest_str, status);
867 }
868 }
869 }
870
871 static const char *BAD_SIGNING_KEYS[] = {
872 "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
873 "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
874 "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
875 "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
876 "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
877 "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
878 "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
879 "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
880 "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
881 "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
882 NULL,
883 };
884
885 /** Return true iff <b>cert</b> authenticates some atuhority signing key
886 * which, because of the old openssl heartbleed vulnerability, should
887 * never be trusted. */
888 int
889 authority_cert_is_blacklisted(const authority_cert_t *cert)
890 {
891 char hex_digest[HEX_DIGEST_LEN+1];
892 int i;
893 base16_encode(hex_digest, sizeof(hex_digest),
894 cert->signing_key_digest, sizeof(cert->signing_key_digest));
895
896 for (i = 0; BAD_SIGNING_KEYS[i]; ++i) {
897 if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) {
898 return 1;
899 }
900 }
901 return 0;
902 }
903
904 /** Return true iff when we've been getting enough failures when trying to
905 * download the certificate with ID digest <b>id_digest</b> that we're willing
906 * to start bugging the user about it. */
907 int
908 authority_cert_dl_looks_uncertain(const char *id_digest)
909 {
910 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
911 cert_list_t *cl;
912 int n_failures;
913 if (!trusted_dir_certs ||
914 !(cl = digestmap_get(trusted_dir_certs, id_digest)))
915 return 0;
916
917 n_failures = download_status_get_n_failures(&cl->dl_status_by_id);
918 return n_failures >= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER;
919 }
920
921 /* Fetch the authority certificates specified in resource.
922 * If we are a bridge client, and node is a configured bridge, fetch from node
923 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
924 * rs. Otherwise, fetch from a random directory mirror. */
925 static void
926 authority_certs_fetch_resource_impl(const char *resource,
927 const char *dir_hint,
928 const node_t *node,
929 const routerstatus_t *rs)
930 {
931 const or_options_t *options = get_options();
932 int get_via_tor = purpose_needs_anonymity(DIR_PURPOSE_FETCH_CERTIFICATE, 0);
933
934 /* Make sure bridge clients never connect to anything but a bridge */
935 if (options->UseBridges) {
936 if (node && !node_is_a_configured_bridge(node)) {
937 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
938 get_via_tor = 1;
939 } else if (!node) {
940 /* If we're using bridges, and there's no node, use a 3-hop path. */
941 get_via_tor = 1;
942 }
943 }
944
945 const dir_indirection_t indirection = get_via_tor ? DIRIND_ANONYMOUS
946 : DIRIND_ONEHOP;
947
948 /* If we've just downloaded a consensus from a bridge, re-use that
949 * bridge */
950 if (options->UseBridges && node && !get_via_tor) {
951 /* clients always make OR connections to bridges */
952 tor_addr_port_t or_ap;
953 /* we are willing to use a non-preferred address if we need to */
954 fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
955 &or_ap);
956 directory_initiate_command(&or_ap.addr, or_ap.port,
957 NULL, 0, /*no dirport*/
958 dir_hint,
959 DIR_PURPOSE_FETCH_CERTIFICATE,
960 0,
961 indirection,
962 resource, NULL, 0, 0);
963 return;
964 }
965
966 if (rs) {
967 /* If we've just downloaded a consensus from a directory, re-use that
968 * directory */
969 directory_initiate_command_routerstatus(rs,
970 DIR_PURPOSE_FETCH_CERTIFICATE,
971 0, indirection, resource, NULL,
972 0, 0);
973 return;
974 }
975
976 /* Otherwise, we want certs from a random fallback or directory
977 * mirror, because they will almost always succeed. */
978 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
979 resource, PDS_RETRY_IF_NO_SERVERS,
980 DL_WANT_ANY_DIRSERVER);
981 }
982
983 /** Try to download any v3 authority certificates that we may be missing. If
984 * <b>status</b> is provided, try to get all the ones that were used to sign
985 * <b>status</b>. Additionally, try to have a non-expired certificate for
986 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
987 * already have.
988 *
989 * If dir_hint is non-NULL, it's the identity digest for a directory that
990 * we've just successfully retrieved a consensus or certificates from, so try
991 * it first to fetch any missing certificates.
992 **/
993 void
994 authority_certs_fetch_missing(networkstatus_t *status, time_t now,
995 const char *dir_hint)
996 {
997 /*
998 * The pending_id digestmap tracks pending certificate downloads by
999 * identity digest; the pending_cert digestmap tracks pending downloads
1000 * by (identity digest, signing key digest) pairs.
1001 */
1002 digestmap_t *pending_id;
1003 fp_pair_map_t *pending_cert;
1004 /*
1005 * The missing_id_digests smartlist will hold a list of id digests
1006 * we want to fetch the newest cert for; the missing_cert_digests
1007 * smartlist will hold a list of fp_pair_t with an identity and
1008 * signing key digest.
1009 */
1010 smartlist_t *missing_cert_digests, *missing_id_digests;
1011 char *resource = NULL;
1012 cert_list_t *cl;
1013 const or_options_t *options = get_options();
1014 const int cache = directory_caches_unknown_auth_certs(options);
1015 fp_pair_t *fp_tmp = NULL;
1016 char id_digest_str[2*DIGEST_LEN+1];
1017 char sk_digest_str[2*DIGEST_LEN+1];
1018
1019 if (should_delay_dir_fetches(options, NULL))
1020 return;
1021
1022 pending_cert = fp_pair_map_new();
1023 pending_id = digestmap_new();
1024 missing_cert_digests = smartlist_new();
1025 missing_id_digests = smartlist_new();
1026
1027 /*
1028 * First, we get the lists of already pending downloads so we don't
1029 * duplicate effort.
1030 */
1031 list_pending_downloads(pending_id, NULL,
1032 DIR_PURPOSE_FETCH_CERTIFICATE, "fp/");
1033 list_pending_fpsk_downloads(pending_cert);
1034
1035 /*
1036 * Now, we download any trusted authority certs we don't have by
1037 * identity digest only. This gets the latest cert for that authority.
1038 */
1039 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers, dir_server_t *, ds) {
1040 int found = 0;
1041 if (!(ds->type & V3_DIRINFO))
1042 continue;
1043 if (smartlist_contains_digest(missing_id_digests,
1044 ds->v3_identity_digest))
1045 continue;
1046 cl = get_cert_list(ds->v3_identity_digest);
1047 SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
1048 if (now < cert->expires) {
1049 /* It's not expired, and we weren't looking for something to
1050 * verify a consensus with. Call it done. */
1051 download_status_reset(&(cl->dl_status_by_id));
1052 /* No sense trying to download it specifically by signing key hash */
1053 download_status_reset_by_sk_in_cl(cl, cert->signing_key_digest);
1054 found = 1;
1055 break;
1056 }
1057 } SMARTLIST_FOREACH_END(cert);
1058 if (!found &&
1059 download_status_is_ready(&(cl->dl_status_by_id), now,
1060 options->TestingCertMaxDownloadTries) &&
1061 !digestmap_get(pending_id, ds->v3_identity_digest)) {
1062 log_info(LD_DIR,
1063 "No current certificate known for authority %s "
1064 "(ID digest %s); launching request.",
1065 ds->nickname, hex_str(ds->v3_identity_digest, DIGEST_LEN));
1066 smartlist_add(missing_id_digests, ds->v3_identity_digest);
1067 }
1068 } SMARTLIST_FOREACH_END(ds);
1069
1070 /*
1071 * Next, if we have a consensus, scan through it and look for anything
1072 * signed with a key from a cert we don't have. Those get downloaded
1073 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1074 * (identity digest), and it's one of the trusted dir server certs
1075 * we started off above or a pending download in pending_id, don't
1076 * try to get it yet. Most likely, the one we'll get for that will
1077 * have the right signing key too, and we'd just be downloading
1078 * redundantly.
1079 */
1080 if (status) {
1081 SMARTLIST_FOREACH_BEGIN(status->voters, networkstatus_voter_info_t *,
1082 voter) {
1083 if (!smartlist_len(voter->sigs))
1084 continue; /* This authority never signed this consensus, so don't
1085 * go looking for a cert with key digest 0000000000. */
1086 if (!cache &&
1087 !trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
1088 continue; /* We are not a cache, and we don't know this authority.*/
1089
1090 /*
1091 * If we don't know *any* cert for this authority, and a download by ID
1092 * is pending or we added it to missing_id_digests above, skip this
1093 * one for now to avoid duplicate downloads.
1094 */
1095 cl = get_cert_list(voter->identity_digest);
1096 if (smartlist_len(cl->certs) == 0) {
1097 /* We have no certs at all for this one */
1098
1099 /* Do we have a download of one pending? */
1100 if (digestmap_get(pending_id, voter->identity_digest))
1101 continue;
1102
1103 /*
1104 * Are we about to launch a download of one due to the trusted
1105 * dir server check above?
1106 */
1107 if (smartlist_contains_digest(missing_id_digests,
1108 voter->identity_digest))
1109 continue;
1110 }
1111
1112 SMARTLIST_FOREACH_BEGIN(voter->sigs, document_signature_t *, sig) {
1113 authority_cert_t *cert =
1114 authority_cert_get_by_digests(voter->identity_digest,
1115 sig->signing_key_digest);
1116 if (cert) {
1117 if (now < cert->expires)
1118 download_status_reset_by_sk_in_cl(cl, sig->signing_key_digest);
1119 continue;
1120 }
1121 if (download_status_is_ready_by_sk_in_cl(
1122 cl, sig->signing_key_digest,
1123 now, options->TestingCertMaxDownloadTries) &&
1124 !fp_pair_map_get_by_digests(pending_cert,
1125 voter->identity_digest,
1126 sig->signing_key_digest)) {
1127 /*
1128 * Do this rather than hex_str(), since hex_str clobbers
1129 * old results and we call twice in the param list.
1130 */
1131 base16_encode(id_digest_str, sizeof(id_digest_str),
1132 voter->identity_digest, DIGEST_LEN);
1133 base16_encode(sk_digest_str, sizeof(sk_digest_str),
1134 sig->signing_key_digest, DIGEST_LEN);
1135
1136 if (voter->nickname) {
1137 log_info(LD_DIR,
1138 "We're missing a certificate from authority %s "
1139 "(ID digest %s) with signing key %s: "
1140 "launching request.",
1141 voter->nickname, id_digest_str, sk_digest_str);
1142 } else {
1143 log_info(LD_DIR,
1144 "We're missing a certificate from authority ID digest "
1145 "%s with signing key %s: launching request.",
1146 id_digest_str, sk_digest_str);
1147 }
1148
1149 /* Allocate a new fp_pair_t to append */
1150 fp_tmp = tor_malloc(sizeof(*fp_tmp));
1151 memcpy(fp_tmp->first, voter->identity_digest, sizeof(fp_tmp->first));
1152 memcpy(fp_tmp->second, sig->signing_key_digest,
1153 sizeof(fp_tmp->second));
1154 smartlist_add(missing_cert_digests, fp_tmp);
1155 }
1156 } SMARTLIST_FOREACH_END(sig);
1157 } SMARTLIST_FOREACH_END(voter);
1158 }
1159
1160 /* Bridge clients look up the node for the dir_hint */
1161 const node_t *node = NULL;
1162 /* All clients, including bridge clients, look up the routerstatus for the
1163 * dir_hint */
1164 const routerstatus_t *rs = NULL;
1165
1166 /* If we still need certificates, try the directory that just successfully
1167 * served us a consensus or certificates.
1168 * As soon as the directory fails to provide additional certificates, we try
1169 * another, randomly selected directory. This avoids continual retries.
1170 * (We only ever have one outstanding request per certificate.)
1171 */
1172 if (dir_hint) {
1173 if (options->UseBridges) {
1174 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1175 * or something else fetched over tor, we won't find the node here, but
1176 * we will find the rs. */
1177 node = node_get_by_id(dir_hint);
1178 }
1179
1180 /* All clients try the consensus routerstatus, then the fallback
1181 * routerstatus */
1182 rs = router_get_consensus_status_by_id(dir_hint);
1183 if (!rs) {
1184 /* This will also find authorities */
1185 const dir_server_t *ds = router_get_fallback_dirserver_by_digest(
1186 dir_hint);
1187 if (ds) {
1188 rs = &ds->fake_status;
1189 }
1190 }
1191
1192 if (!node && !rs) {
1193 log_warn(LD_BUG, "Directory %s delivered a consensus, but %s"
1194 "no routerstatus could be found for it.",
1195 options->UseBridges ? "no node and " : "",
1196 hex_str(dir_hint, DIGEST_LEN));
1197 }
1198 }
1199
1200 /* Do downloads by identity digest */
1201 if (smartlist_len(missing_id_digests) > 0) {
1202 int need_plus = 0;
1203 smartlist_t *fps = smartlist_new();
1204
1205 smartlist_add(fps, tor_strdup("fp/"));
1206
1207 SMARTLIST_FOREACH_BEGIN(missing_id_digests, const char *, d) {
1208 char *fp = NULL;
1209
1210 if (digestmap_get(pending_id, d))
1211 continue;
1212
1213 base16_encode(id_digest_str, sizeof(id_digest_str),
1214 d, DIGEST_LEN);
1215
1216 if (need_plus) {
1217 tor_asprintf(&fp, "+%s", id_digest_str);
1218 } else {
1219 /* No need for tor_asprintf() in this case; first one gets no '+' */
1220 fp = tor_strdup(id_digest_str);
1221 need_plus = 1;
1222 }
1223
1224 smartlist_add(fps, fp);
1225 } SMARTLIST_FOREACH_END(d);
1226
1227 if (smartlist_len(fps) > 1) {
1228 resource = smartlist_join_strings(fps, "", 0, NULL);
1229 /* node and rs are directories that just gave us a consensus or
1230 * certificates */
1231 authority_certs_fetch_resource_impl(resource, dir_hint, node, rs);
1232 tor_free(resource);
1233 }
1234 /* else we didn't add any: they were all pending */
1235
1236 SMARTLIST_FOREACH(fps, char *, cp, tor_free(cp));
1237 smartlist_free(fps);
1238 }
1239
1240 /* Do downloads by identity digest/signing key pair */
1241 if (smartlist_len(missing_cert_digests) > 0) {
1242 int need_plus = 0;
1243 smartlist_t *fp_pairs = smartlist_new();
1244
1245 smartlist_add(fp_pairs, tor_strdup("fp-sk/"));
1246
1247 SMARTLIST_FOREACH_BEGIN(missing_cert_digests, const fp_pair_t *, d) {
1248 char *fp_pair = NULL;
1249
1250 if (fp_pair_map_get(pending_cert, d))
1251 continue;
1252
1253 /* Construct string encodings of the digests */
1254 base16_encode(id_digest_str, sizeof(id_digest_str),
1255 d->first, DIGEST_LEN);
1256 base16_encode(sk_digest_str, sizeof(sk_digest_str),
1257 d->second, DIGEST_LEN);
1258
1259 /* Now tor_asprintf() */
1260 if (need_plus) {
1261 tor_asprintf(&fp_pair, "+%s-%s", id_digest_str, sk_digest_str);
1262 } else {
1263 /* First one in the list doesn't get a '+' */
1264 tor_asprintf(&fp_pair, "%s-%s", id_digest_str, sk_digest_str);
1265 need_plus = 1;
1266 }
1267
1268 /* Add it to the list of pairs to request */
1269 smartlist_add(fp_pairs, fp_pair);
1270 } SMARTLIST_FOREACH_END(d);
1271
1272 if (smartlist_len(fp_pairs) > 1) {
1273 resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
1274 /* node and rs are directories that just gave us a consensus or
1275 * certificates */
1276 authority_certs_fetch_resource_impl(resource, dir_hint, node, rs);
1277 tor_free(resource);
1278 }
1279 /* else they were all pending */
1280
1281 SMARTLIST_FOREACH(fp_pairs, char *, p, tor_free(p));
1282 smartlist_free(fp_pairs);
1283 }
1284
1285 smartlist_free(missing_id_digests);
1286 SMARTLIST_FOREACH(missing_cert_digests, fp_pair_t *, p, tor_free(p));
1287 smartlist_free(missing_cert_digests);
1288 digestmap_free(pending_id, NULL);
1289 fp_pair_map_free(pending_cert, NULL);
1290 }
1291
1292 /* Router descriptor storage.
1293 *
1294 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1295 * routerdescs arrive, we append them to a journal file named
1296 * "cached-descriptors.new".
1297 *
1298 * From time to time, we replace "cached-descriptors" with a new file
1299 * containing only the live, non-superseded descriptors, and clear
1300 * cached-routers.new.
1301 *
1302 * On startup, we read both files.
1303 */
1304
1305 /** Helper: return 1 iff the router log is so big we want to rebuild the
1306 * store. */
1307 static int
1308 router_should_rebuild_store(desc_store_t *store)
1309 {
1310 if (store->store_len > (1<<16))
1311 return (store->journal_len > store->store_len / 2 ||
1312 store->bytes_dropped > store->store_len / 2);
1313 else
1314 return store->journal_len > (1<<15);
1315 }
1316
1317 /** Return the desc_store_t in <b>rl</b> that should be used to store
1318 * <b>sd</b>. */
1319 static inline desc_store_t *
1320 desc_get_store(routerlist_t *rl, const signed_descriptor_t *sd)
1321 {
1322 if (sd->is_extrainfo)
1323 return &rl->extrainfo_store;
1324 else
1325 return &rl->desc_store;
1326 }
1327
1328 /** Add the signed_descriptor_t in <b>desc</b> to the router
1329 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1330 * offset appropriately. */
1331 static int
1332 signed_desc_append_to_journal(signed_descriptor_t *desc,
1333 desc_store_t *store)
1334 {
1335 char *fname = get_datadir_fname_suffix(store->fname_base, ".new");
1336 const char *body = signed_descriptor_get_body_impl(desc,1);
1337 size_t len = desc->signed_descriptor_len + desc->annotations_len;
1338
1339 if (append_bytes_to_file(fname, body, len, 1)) {
1340 log_warn(LD_FS, "Unable to store router descriptor");
1341 tor_free(fname);
1342 return -1;
1343 }
1344 desc->saved_location = SAVED_IN_JOURNAL;
1345 tor_free(fname);
1346
1347 desc->saved_offset = store->journal_len;
1348 store->journal_len += len;
1349
1350 return 0;
1351 }
1352
1353 /** Sorting helper: return &lt;0, 0, or &gt;0 depending on whether the
1354 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1355 * the signed_descriptor_t* in *<b>b</b>. */
1356 static int
1357 compare_signed_descriptors_by_age_(const void **_a, const void **_b)
1358 {
1359 const signed_descriptor_t *r1 = *_a, *r2 = *_b;
1360 return (int)(r1->published_on - r2->published_on);
1361 }
1362
1363 #define RRS_FORCE 1
1364 #define RRS_DONT_REMOVE_OLD 2
1365
1366 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1367 * <b>flags</b>, then atomically replace the saved router store with the
1368 * routers currently in our routerlist, and clear the journal. Unless
1369 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1370 * rebuilding the store. Return 0 on success, -1 on failure.
1371 */
1372 static int
1373 router_rebuild_store(int flags, desc_store_t *store)
1374 {
1375 smartlist_t *chunk_list = NULL;
1376 char *fname = NULL, *fname_tmp = NULL;
1377 int r = -1;
1378 off_t offset = 0;
1379 smartlist_t *signed_descriptors = NULL;
1380 int nocache=0;
1381 size_t total_expected_len = 0;
1382 int had_any;
1383 int force = flags & RRS_FORCE;
1384
1385 if (!force && !router_should_rebuild_store(store)) {
1386 r = 0;
1387 goto done;
1388 }
1389 if (!routerlist) {
1390 r = 0;
1391 goto done;
1392 }
1393
1394 if (store->type == EXTRAINFO_STORE)
1395 had_any = !eimap_isempty(routerlist->extra_info_map);
1396 else
1397 had_any = (smartlist_len(routerlist->routers)+
1398 smartlist_len(routerlist->old_routers))>0;
1399
1400 /* Don't save deadweight. */
1401 if (!(flags & RRS_DONT_REMOVE_OLD))
1402 routerlist_remove_old_routers();
1403
1404 log_info(LD_DIR, "Rebuilding %s cache", store->description);
1405
1406 fname = get_datadir_fname(store->fname_base);
1407 fname_tmp = get_datadir_fname_suffix(store->fname_base, ".tmp");
1408
1409 chunk_list = smartlist_new();
1410
1411 /* We sort the routers by age to enhance locality on disk. */
1412 signed_descriptors = smartlist_new();
1413 if (store->type == EXTRAINFO_STORE) {
1414 eimap_iter_t *iter;
1415 for (iter = eimap_iter_init(routerlist->extra_info_map);
1416 !eimap_iter_done(iter);
1417 iter = eimap_iter_next(routerlist->extra_info_map, iter)) {
1418 const char *key;
1419 extrainfo_t *ei;
1420 eimap_iter_get(iter, &key, &ei);
1421 smartlist_add(signed_descriptors, &ei->cache_info);
1422 }
1423 } else {
1424 SMARTLIST_FOREACH(routerlist->old_routers, signed_descriptor_t *, sd,
1425 smartlist_add(signed_descriptors, sd));
1426 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, ri,
1427 smartlist_add(signed_descriptors, &ri->cache_info));
1428 }
1429
1430 smartlist_sort(signed_descriptors, compare_signed_descriptors_by_age_);
1431
1432 /* Now, add the appropriate members to chunk_list */
1433 SMARTLIST_FOREACH_BEGIN(signed_descriptors, signed_descriptor_t *, sd) {
1434 sized_chunk_t *c;
1435 const char *body = signed_descriptor_get_body_impl(sd, 1);
1436 if (!body) {
1437 log_warn(LD_BUG, "No descriptor available for router.");
1438 goto done;
1439 }
1440 if (sd->do_not_cache) {
1441 ++nocache;
1442 continue;
1443 }
1444 c = tor_malloc(sizeof(sized_chunk_t));
1445 c->bytes = body;
1446 c->len = sd->signed_descriptor_len + sd->annotations_len;
1447 total_expected_len += c->len;
1448 smartlist_add(chunk_list, c);
1449 } SMARTLIST_FOREACH_END(sd);
1450
1451 if (write_chunks_to_file(fname_tmp, chunk_list, 1, 1)<0) {
1452 log_warn(LD_FS, "Error writing router store to disk.");
1453 goto done;
1454 }
1455
1456 /* Our mmap is now invalid. */
1457 if (store->mmap) {
1458 int res = tor_munmap_file(store->mmap);
1459 store->mmap = NULL;
1460 if (res != 0) {
1461 log_warn(LD_FS, "Unable to munmap route store in %s", fname);
1462 }
1463 }
1464
1465 if (replace_file(fname_tmp, fname)<0) {
1466 log_warn(LD_FS, "Error replacing old router store: %s", strerror(errno));
1467 goto done;
1468 }
1469
1470 errno = 0;
1471 store->mmap = tor_mmap_file(fname);
1472 if (! store->mmap) {
1473 if (errno == ERANGE) {
1474 /* empty store.*/
1475 if (total_expected_len) {
1476 log_warn(LD_FS, "We wrote some bytes to a new descriptor file at '%s',"
1477 " but when we went to mmap it, it was empty!", fname);
1478 } else if (had_any) {
1479 log_info(LD_FS, "We just removed every descriptor in '%s'. This is "
1480 "okay if we're just starting up after a long time. "
1481 "Otherwise, it's a bug.", fname);
1482 }
1483 } else {
1484 log_warn(LD_FS, "Unable to mmap new descriptor file at '%s'.",fname);
1485 }
1486 }
1487
1488 log_info(LD_DIR, "Reconstructing pointers into cache");
1489
1490 offset = 0;
1491 SMARTLIST_FOREACH_BEGIN(signed_descriptors, signed_descriptor_t *, sd) {
1492 if (sd->do_not_cache)
1493 continue;
1494 sd->saved_location = SAVED_IN_CACHE;
1495 if (store->mmap) {
1496 tor_free(sd->signed_descriptor_body); // sets it to null
1497 sd->saved_offset = offset;
1498 }
1499 offset += sd->signed_descriptor_len + sd->annotations_len;
1500 signed_descriptor_get_body(sd); /* reconstruct and assert */
1501 } SMARTLIST_FOREACH_END(sd);
1502
1503 tor_free(fname);
1504 fname = get_datadir_fname_suffix(store->fname_base, ".new");
1505 write_str_to_file(fname, "", 1);
1506
1507 r = 0;
1508 store->store_len = (size_t) offset;
1509 store->journal_len = 0;
1510 store->bytes_dropped = 0;
1511 done:
1512 smartlist_free(signed_descriptors);
1513 tor_free(fname);
1514 tor_free(fname_tmp);
1515 if (chunk_list) {
1516 SMARTLIST_FOREACH(chunk_list, sized_chunk_t *, c, tor_free(c));
1517 smartlist_free(chunk_list);
1518 }
1519
1520 return r;
1521 }
1522
1523 /** Helper: Reload a cache file and its associated journal, setting metadata
1524 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1525 * else reload the router descriptor store. */
1526 static int
1527 router_reload_router_list_impl(desc_store_t *store)
1528 {
1529 char *fname = NULL, *contents = NULL;
1530 struct stat st;
1531 int extrainfo = (store->type == EXTRAINFO_STORE);
1532 store->journal_len = store->store_len = 0;
1533
1534 fname = get_datadir_fname(store->fname_base);
1535
1536 if (store->mmap) {
1537 /* get rid of it first */
1538 int res = tor_munmap_file(store->mmap);
1539 store->mmap = NULL;
1540 if (res != 0) {
1541 log_warn(LD_FS, "Failed to munmap %s", fname);
1542 tor_free(fname);
1543 return -1;
1544 }
1545 }
1546
1547 store->mmap = tor_mmap_file(fname);
1548 if (store->mmap) {
1549 store->store_len = store->mmap->size;
1550 if (extrainfo)
1551 router_load_extrainfo_from_string(store->mmap->data,
1552 store->mmap->data+store->mmap->size,
1553 SAVED_IN_CACHE, NULL, 0);
1554 else
1555 router_load_routers_from_string(store->mmap->data,
1556 store->mmap->data+store->mmap->size,
1557 SAVED_IN_CACHE, NULL, 0, NULL);
1558 }
1559
1560 tor_free(fname);
1561 fname = get_datadir_fname_suffix(store->fname_base, ".new");
1562 /* don't load empty files - we wouldn't get any data, even if we tried */
1563 if (file_status(fname) == FN_FILE)
1564 contents = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
1565 if (contents) {
1566 if (extrainfo)
1567 router_load_extrainfo_from_string(contents, NULL,SAVED_IN_JOURNAL,
1568 NULL, 0);
1569 else
1570 router_load_routers_from_string(contents, NULL, SAVED_IN_JOURNAL,
1571 NULL, 0, NULL);
1572 store->journal_len = (size_t) st.st_size;
1573 tor_free(contents);
1574 }
1575
1576 tor_free(fname);
1577
1578 if (store->journal_len) {
1579 /* Always clear the journal on startup.*/
1580 router_rebuild_store(RRS_FORCE, store);
1581 } else if (!extrainfo) {
1582 /* Don't cache expired routers. (This is in an else because
1583 * router_rebuild_store() also calls remove_old_routers().) */
1584 routerlist_remove_old_routers();
1585 }
1586
1587 return 0;
1588 }
1589
1590 /** Load all cached router descriptors and extra-info documents from the
1591 * store. Return 0 on success and -1 on failure.
1592 */
1593 int
1594 router_reload_router_list(void)
1595 {
1596 routerlist_t *rl = router_get_routerlist();
1597 if (router_reload_router_list_impl(&rl->desc_store))
1598 return -1;
1599 if (router_reload_router_list_impl(&rl->extrainfo_store))
1600 return -1;
1601 return 0;
1602 }
1603
1604 /** Return a smartlist containing a list of dir_server_t * for all
1605 * known trusted dirservers. Callers must not modify the list or its
1606 * contents.
1607 */
1608 const smartlist_t *
1609 router_get_trusted_dir_servers(void)
1610 {
1611 if (!trusted_dir_servers)
1612 trusted_dir_servers = smartlist_new();
1613
1614 return trusted_dir_servers;
1615 }
1616
1617 const smartlist_t *
1618 router_get_fallback_dir_servers(void)
1619 {
1620 if (!fallback_dir_servers)
1621 fallback_dir_servers = smartlist_new();
1622
1623 return fallback_dir_servers;
1624 }
1625
1626 /** Try to find a running dirserver that supports operations of <b>type</b>.
1627 *
1628 * If there are no running dirservers in our routerlist and the
1629 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1630 * (including authorities) as running again, and pick one.
1631 *
1632 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1633 * dirservers that we can't reach.
1634 *
1635 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1636 * (if we're a dirserver).
1637 *
1638 * Don't pick a fallback directory mirror if any non-fallback is viable;
1639 * (the fallback directory mirrors include the authorities)
1640 * try to avoid using servers that have returned 503 recently.
1641 */
1642 const routerstatus_t *
1643 router_pick_directory_server(dirinfo_type_t type, int flags)
1644 {
1645 int busy = 0;
1646 const routerstatus_t *choice;
1647
1648 if (!routerlist)
1649 return NULL;
1650
1651 choice = router_pick_directory_server_impl(type, flags, &busy);
1652 if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS))
1653 return choice;
1654
1655 if (busy) {
1656 /* If the reason that we got no server is that servers are "busy",
1657 * we must be excluding good servers because we already have serverdesc
1658 * fetches with them. Do not mark down servers up because of this. */
1659 tor_assert((flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
1660 PDS_NO_EXISTING_MICRODESC_FETCH)));
1661 return NULL;
1662 }
1663
1664 log_info(LD_DIR,
1665 "No reachable router entries for dirservers. "
1666 "Trying them all again.");
1667 /* mark all fallback directory mirrors as up again */
1668 mark_all_dirservers_up(fallback_dir_servers);
1669 /* try again */
1670 choice = router_pick_directory_server_impl(type, flags, NULL);
1671 return choice;
1672 }
1673
1674 /** Return the dir_server_t for the directory authority whose identity
1675 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1676 */
1677 dir_server_t *
1678 router_get_trusteddirserver_by_digest(const char *digest)
1679 {
1680 if (!trusted_dir_servers)
1681 return NULL;
1682
1683 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
1684 {
1685 if (tor_memeq(ds->digest, digest, DIGEST_LEN))
1686 return ds;
1687 });
1688
1689 return NULL;
1690 }
1691
1692 /** Return the dir_server_t for the fallback dirserver whose identity
1693 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1694 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1695 * and UseDefaultFallbackDirs torrc options.)
1696 * The list of fallback directories includes the list of authorities.
1697 */
1698 dir_server_t *
1699 router_get_fallback_dirserver_by_digest(const char *digest)
1700 {
1701 if (!fallback_dir_servers)
1702 return NULL;
1703
1704 if (!digest)
1705 return NULL;
1706
1707 SMARTLIST_FOREACH(fallback_dir_servers, dir_server_t *, ds,
1708 {
1709 if (tor_memeq(ds->digest, digest, DIGEST_LEN))
1710 return ds;
1711 });
1712
1713 return NULL;
1714 }
1715
1716 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1717 * or 0 if no such fallback is in the list of fallback_dir_servers.
1718 * (fallback_dir_servers is affected by the FallbackDir and
1719 * UseDefaultFallbackDirs torrc options.)
1720 * The list of fallback directories includes the list of authorities.
1721 */
1722 int
1723 router_digest_is_fallback_dir(const char *digest)
1724 {
1725 return (router_get_fallback_dirserver_by_digest(digest) != NULL);
1726 }
1727
1728 /** Return the dir_server_t for the directory authority whose
1729 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1730 * is known.
1731 */
1732 MOCK_IMPL(dir_server_t *,
1733 trusteddirserver_get_by_v3_auth_digest, (const char *digest))
1734 {
1735 if (!trusted_dir_servers)
1736 return NULL;
1737
1738 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
1739 {
1740 if (tor_memeq(ds->v3_identity_digest, digest, DIGEST_LEN) &&
1741 (ds->type & V3_DIRINFO))
1742 return ds;
1743 });
1744
1745 return NULL;
1746 }
1747
1748 /** Try to find a running directory authority. Flags are as for
1749 * router_pick_directory_server.
1750 */
1751 const routerstatus_t *
1752 router_pick_trusteddirserver(dirinfo_type_t type, int flags)
1753 {
1754 return router_pick_dirserver_generic(trusted_dir_servers, type, flags);
1755 }
1756
1757 /** Try to find a running fallback directory. Flags are as for
1758 * router_pick_directory_server.
1759 */
1760 const routerstatus_t *
1761 router_pick_fallback_dirserver(dirinfo_type_t type, int flags)
1762 {
1763 return router_pick_dirserver_generic(fallback_dir_servers, type, flags);
1764 }
1765
1766 /** Try to find a running fallback directory. Flags are as for
1767 * router_pick_directory_server.
1768 */
1769 static const routerstatus_t *
1770 router_pick_dirserver_generic(smartlist_t *sourcelist,
1771 dirinfo_type_t type, int flags)
1772 {
1773 const routerstatus_t *choice;
1774 int busy = 0;
1775
1776 choice = router_pick_trusteddirserver_impl(sourcelist, type, flags, &busy);
1777 if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS))
1778 return choice;
1779 if (busy) {
1780 /* If the reason that we got no server is that servers are "busy",
1781 * we must be excluding good servers because we already have serverdesc
1782 * fetches with them. Do not mark down servers up because of this. */
1783 tor_assert((flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
1784 PDS_NO_EXISTING_MICRODESC_FETCH)));
1785 return NULL;
1786 }
1787
1788 log_info(LD_DIR,
1789 "No dirservers are reachable. Trying them all again.");
1790 mark_all_dirservers_up(sourcelist);
1791 return router_pick_trusteddirserver_impl(sourcelist, type, flags, NULL);
1792 }
1793
1794 /* Check if we already have a directory fetch from ap, for serverdesc
1795 * (including extrainfo) or microdesc documents.
1796 * If so, return 1, if not, return 0.
1797 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1798 */
1799 STATIC int
1800 router_is_already_dir_fetching(const tor_addr_port_t *ap, int serverdesc,
1801 int microdesc)
1802 {
1803 if (!ap || tor_addr_is_null(&ap->addr) || !ap->port) {
1804 return 0;
1805 }
1806
1807 /* XX/teor - we're not checking tunnel connections here, see #17848
1808 */
1809 if (serverdesc && (
1810 connection_get_by_type_addr_port_purpose(
1811 CONN_TYPE_DIR, &ap->addr, ap->port, DIR_PURPOSE_FETCH_SERVERDESC)
1812 || connection_get_by_type_addr_port_purpose(
1813 CONN_TYPE_DIR, &ap->addr, ap->port, DIR_PURPOSE_FETCH_EXTRAINFO))) {
1814 return 1;
1815 }
1816
1817 if (microdesc && (
1818 connection_get_by_type_addr_port_purpose(
1819 CONN_TYPE_DIR, &ap->addr, ap->port, DIR_PURPOSE_FETCH_MICRODESC))) {
1820 return 1;
1821 }
1822
1823 return 0;
1824 }
1825
1826 /* Check if we already have a directory fetch from ds, for serverdesc
1827 * (including extrainfo) or microdesc documents.
1828 * If so, return 1, if not, return 0.
1829 */
1830 static int
1831 router_is_already_dir_fetching_ds(const dir_server_t *ds,
1832 int serverdesc,
1833 int microdesc)
1834 {
1835 tor_addr_port_t ipv4_dir_ap, ipv6_dir_ap;
1836
1837 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1838 tor_addr_from_ipv4h(&ipv4_dir_ap.addr, ds->addr);
1839 ipv4_dir_ap.port = ds->dir_port;
1840 tor_addr_copy(&ipv6_dir_ap.addr, &ds->ipv6_addr);
1841 ipv6_dir_ap.port = ds->dir_port;
1842
1843 return (router_is_already_dir_fetching(&ipv4_dir_ap, serverdesc, microdesc)
1844 || router_is_already_dir_fetching(&ipv6_dir_ap, serverdesc, microdesc));
1845 }
1846
1847 /* Check if we already have a directory fetch from rs, for serverdesc
1848 * (including extrainfo) or microdesc documents.
1849 * If so, return 1, if not, return 0.
1850 */
1851 static int
1852 router_is_already_dir_fetching_rs(const routerstatus_t *rs,
1853 int serverdesc,
1854 int microdesc)
1855 {
1856 tor_addr_port_t ipv4_dir_ap, ipv6_dir_ap;
1857
1858 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1859 tor_addr_from_ipv4h(&ipv4_dir_ap.addr, rs->addr);
1860 ipv4_dir_ap.port = rs->dir_port;
1861 tor_addr_copy(&ipv6_dir_ap.addr, &rs->ipv6_addr);
1862 ipv6_dir_ap.port = rs->dir_port;
1863
1864 return (router_is_already_dir_fetching(&ipv4_dir_ap, serverdesc, microdesc)
1865 || router_is_already_dir_fetching(&ipv6_dir_ap, serverdesc, microdesc));
1866 }
1867
1868 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1869 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1870 #endif
1871
1872 /* Log a message if rs is not found or not a preferred address */
1873 static void
1874 router_picked_poor_directory_log(const routerstatus_t *rs)
1875 {
1876 const networkstatus_t *usable_consensus;
1877 usable_consensus = networkstatus_get_reasonably_live_consensus(time(NULL),
1878 usable_consensus_flavor());
1879
1880 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1881 /* Don't log early in the bootstrap process, it's normal to pick from a
1882 * small pool of nodes. Of course, this won't help if we're trying to
1883 * diagnose bootstrap issues. */
1884 if (!smartlist_len(nodelist_get_list()) || !usable_consensus
1885 || !router_have_minimum_dir_info()) {
1886 return;
1887 }
1888 #endif
1889
1890 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1891 * Sometimes this is normal, sometimes it can be a reachability issue. */
1892 if (!rs) {
1893 /* This happens a lot, so it's at debug level */
1894 log_debug(LD_DIR, "Wanted to make an outgoing directory connection, but "
1895 "we couldn't find a directory that fit our criteria. "
1896 "Perhaps we will succeed next time with less strict criteria.");
1897 } else if (!fascist_firewall_allows_rs(rs, FIREWALL_OR_CONNECTION, 1)
1898 && !fascist_firewall_allows_rs(rs, FIREWALL_DIR_CONNECTION, 1)
1899 ) {
1900 /* This is rare, and might be interesting to users trying to diagnose
1901 * connection issues on dual-stack machines. */
1902 log_info(LD_DIR, "Selected a directory %s with non-preferred OR and Dir "
1903 "addresses for launching an outgoing connection: "
1904 "IPv4 %s OR %d Dir %d IPv6 %s OR %d Dir %d",
1905 routerstatus_describe(rs),
1906 fmt_addr32(rs->addr), rs->or_port,
1907 rs->dir_port, fmt_addr(&rs->ipv6_addr),
1908 rs->ipv6_orport, rs->dir_port);
1909 }
1910 }
1911
1912 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1913
1914 /** How long do we avoid using a directory server after it's given us a 503? */
1915 #define DIR_503_TIMEOUT (60*60)
1916
1917 /* Common retry code for router_pick_directory_server_impl and
1918 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1919 * Must be called before RETRY_WITHOUT_EXCLUDE().
1920 *
1921 * If we got no result, and we are applying IP preferences, and we are a
1922 * client that could use an alternate IP version, try again with the
1923 * opposite preferences. */
1924 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1925 STMT_BEGIN \
1926 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1927 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1928 && !n_busy) { \
1929 n_excluded = 0; \
1930 n_busy = 0; \
1931 try_ip_pref = 0; \
1932 goto retry_label; \
1933 } \
1934 STMT_END \
1935
1936 /* Common retry code for router_pick_directory_server_impl and
1937 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1938 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1939 *
1940 * If we got no result, and we are excluding nodes, and StrictNodes is
1941 * not set, try again without excluding nodes. */
1942 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1943 STMT_BEGIN \
1944 if (result == NULL && try_excluding && !options->StrictNodes \
1945 && n_excluded && !n_busy) { \
1946 try_excluding = 0; \
1947 n_excluded = 0; \
1948 n_busy = 0; \
1949 try_ip_pref = 1; \
1950 goto retry_label; \
1951 } \
1952 STMT_END
1953
1954 /* When iterating through the routerlist, can OR address/port preference
1955 * and reachability checks be skipped?
1956 */
1957 int
1958 router_skip_or_reachability(const or_options_t *options, int try_ip_pref)
1959 {
1960 /* Servers always have and prefer IPv4.
1961 * And if clients are checking against the firewall for reachability only,
1962 * but there's no firewall, don't bother checking */
1963 return server_mode(options) || (!try_ip_pref && !firewall_is_fascist_or());
1964 }
1965
1966 /* When iterating through the routerlist, can Dir address/port preference
1967 * and reachability checks be skipped?
1968 */
1969 static int
1970 router_skip_dir_reachability(const or_options_t *options, int try_ip_pref)
1971 {
1972 /* Servers always have and prefer IPv4.
1973 * And if clients are checking against the firewall for reachability only,
1974 * but there's no firewall, don't bother checking */
1975 return server_mode(options) || (!try_ip_pref && !firewall_is_fascist_dir());
1976 }
1977
1978 /** Pick a random running valid directory server/mirror from our
1979 * routerlist. Arguments are as for router_pick_directory_server(), except:
1980 *
1981 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1982 * directories that we excluded for no other reason than
1983 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1984 */
1985 STATIC const routerstatus_t *
1986 router_pick_directory_server_impl(dirinfo_type_t type, int flags,
1987 int *n_busy_out)
1988 {
1989 const or_options_t *options = get_options();
1990 const node_t *result;
1991 smartlist_t *direct, *tunnel;
1992 smartlist_t *trusted_direct, *trusted_tunnel;
1993 smartlist_t *overloaded_direct, *overloaded_tunnel;
1994 time_t now = time(NULL);
1995 const networkstatus_t *consensus = networkstatus_get_latest_consensus();
1996 const int requireother = ! (flags & PDS_ALLOW_SELF);
1997 const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
1998 const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH);
1999 const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH);
2000 const int for_guard = (flags & PDS_FOR_GUARD);
2001 int try_excluding = 1, n_excluded = 0, n_busy = 0;
2002 int try_ip_pref = 1;
2003
2004 if (!consensus)
2005 return NULL;
2006
2007 retry_search:
2008
2009 direct = smartlist_new();
2010 tunnel = smartlist_new();
2011 trusted_direct = smartlist_new();
2012 trusted_tunnel = smartlist_new();
2013 overloaded_direct = smartlist_new();
2014 overloaded_tunnel = smartlist_new();
2015
2016 const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
2017 const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
2018 const int must_have_or = directory_must_use_begindir(options);
2019
2020 /* Find all the running dirservers we know about. */
2021 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
2022 int is_trusted, is_trusted_extrainfo;
2023 int is_overloaded;
2024 const routerstatus_t *status = node->rs;
2025 const country_t country = node->country;
2026 if (!status)
2027 continue;
2028
2029 if (!node->is_running || !node_is_dir(node) || !node->is_valid)
2030 continue;
2031 if (requireother && router_digest_is_me(node->identity))
2032 continue;
2033 is_trusted = router_digest_is_trusted_dir(node->identity);
2034 is_trusted_extrainfo = router_digest_is_trusted_dir_type(
2035 node->identity, EXTRAINFO_DIRINFO);
2036 if ((type & EXTRAINFO_DIRINFO) &&
2037 !router_supports_extrainfo(node->identity, is_trusted_extrainfo))
2038 continue;
2039 /* Don't make the same node a guard twice */
2040 if (for_guard && node->using_as_guard) {
2041 continue;
2042 }
2043 /* Ensure that a directory guard is actually a guard node. */
2044 if (for_guard && !node->is_possible_guard) {
2045 continue;
2046 }
2047 if (try_excluding &&
2048 routerset_contains_routerstatus(options->ExcludeNodes, status,
2049 country)) {
2050 ++n_excluded;
2051 continue;
2052 }
2053
2054 if (router_is_already_dir_fetching_rs(status,
2055 no_serverdesc_fetching,
2056 no_microdesc_fetching)) {
2057 ++n_busy;
2058 continue;
2059 }
2060
2061 is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now;
2062
2063 /* Clients use IPv6 addresses if the server has one and the client
2064 * prefers IPv6.
2065 * Add the router if its preferred address and port are reachable.
2066 * If we don't get any routers, we'll try again with the non-preferred
2067 * address for each router (if any). (To ensure correct load-balancing
2068 * we try routers that only have one address both times.)
2069 */
2070 if (!fascistfirewall || skip_or_fw ||
2071 fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
2072 try_ip_pref))
2073 smartlist_add(is_trusted ? trusted_tunnel :
2074 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
2075 else if (!must_have_or && (skip_dir_fw ||
2076 fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION,
2077 try_ip_pref)))
2078 smartlist_add(is_trusted ? trusted_direct :
2079 is_overloaded ? overloaded_direct : direct, (void*)node);
2080 } SMARTLIST_FOREACH_END(node);
2081
2082 if (smartlist_len(tunnel)) {
2083 result = node_sl_choose_by_bandwidth(tunnel, WEIGHT_FOR_DIR);
2084 } else if (smartlist_len(overloaded_tunnel)) {
2085 result = node_sl_choose_by_bandwidth(overloaded_tunnel,
2086 WEIGHT_FOR_DIR);
2087 } else if (smartlist_len(trusted_tunnel)) {
2088 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2089 * yet. Maybe one day we should. */
2090 /* FFFF We also don't load balance over authorities yet. I think this
2091 * is a feature, but it could easily be a bug. -RD */
2092 result = smartlist_choose(trusted_tunnel);
2093 } else if (smartlist_len(direct)) {
2094 result = node_sl_choose_by_bandwidth(direct, WEIGHT_FOR_DIR);
2095 } else if (smartlist_len(overloaded_direct)) {
2096 result = node_sl_choose_by_bandwidth(overloaded_direct,
2097 WEIGHT_FOR_DIR);
2098 } else {
2099 result = smartlist_choose(trusted_direct);
2100 }
2101 smartlist_free(direct);
2102 smartlist_free(tunnel);
2103 smartlist_free(trusted_direct);
2104 smartlist_free(trusted_tunnel);
2105 smartlist_free(overloaded_direct);
2106 smartlist_free(overloaded_tunnel);
2107
2108 RETRY_ALTERNATE_IP_VERSION(retry_search);
2109
2110 RETRY_WITHOUT_EXCLUDE(retry_search);
2111
2112 if (n_busy_out)
2113 *n_busy_out = n_busy;
2114
2115 router_picked_poor_directory_log(result ? result->rs : NULL);
2116
2117 return result ? result->rs : NULL;
2118 }
2119
2120 /** Pick a random element from a list of dir_server_t, weighting by their
2121 * <b>weight</b> field. */
2122 static const dir_server_t *
2123 dirserver_choose_by_weight(const smartlist_t *servers, double authority_weight)
2124 {
2125 int n = smartlist_len(servers);
2126 int i;
2127 double *weights_dbl;
2128 uint64_t *weights_u64;
2129 const dir_server_t *ds;
2130
2131 weights_dbl = tor_calloc(n, sizeof(double));
2132 weights_u64 = tor_calloc(n, sizeof(uint64_t));
2133 for (i = 0; i < n; ++i) {
2134 ds = smartlist_get(servers, i);
2135 weights_dbl[i] = ds->weight;
2136 if (ds->is_authority)
2137 weights_dbl[i] *= authority_weight;
2138 }
2139
2140 scale_array_elements_to_u64(weights_u64, weights_dbl, n, NULL);
2141 i = choose_array_element_by_weight(weights_u64, n);
2142 tor_free(weights_dbl);
2143 tor_free(weights_u64);
2144 return (i < 0) ? NULL : smartlist_get(servers, i);
2145 }
2146
2147 /** Choose randomly from among the dir_server_ts in sourcelist that
2148 * are up. Flags are as for router_pick_directory_server_impl().
2149 */
2150 static const routerstatus_t *
2151 router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
2152 dirinfo_type_t type, int flags,
2153 int *n_busy_out)
2154 {
2155 const or_options_t *options = get_options();
2156 smartlist_t *direct, *tunnel;
2157 smartlist_t *overloaded_direct, *overloaded_tunnel;
2158 const routerinfo_t *me = router_get_my_routerinfo();
2159 const routerstatus_t *result = NULL;
2160 time_t now = time(NULL);
2161 const int requireother = ! (flags & PDS_ALLOW_SELF);
2162 const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
2163 const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH);
2164 const int no_microdesc_fetching =(flags & PDS_NO_EXISTING_MICRODESC_FETCH);
2165 const double auth_weight = (sourcelist == fallback_dir_servers) ?
2166 options->DirAuthorityFallbackRate : 1.0;
2167 smartlist_t *pick_from;
2168 int n_busy = 0;
2169 int try_excluding = 1, n_excluded = 0;
2170 int try_ip_pref = 1;
2171
2172 if (!sourcelist)
2173 return NULL;
2174
2175 retry_search:
2176
2177 direct = smartlist_new();
2178 tunnel = smartlist_new();
2179 overloaded_direct = smartlist_new();
2180 overloaded_tunnel = smartlist_new();
2181
2182 const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
2183 const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
2184 const int must_have_or = directory_must_use_begindir(options);
2185
2186 SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
2187 {
2188 int is_overloaded =
2189 d->fake_status.last_dir_503_at + DIR_503_TIMEOUT > now;
2190 if (!d->is_running) continue;
2191 if ((type & d->type) == 0)
2192 continue;
2193 int is_trusted_extrainfo = router_digest_is_trusted_dir_type(
2194 d->digest, EXTRAINFO_DIRINFO);
2195 if ((type & EXTRAINFO_DIRINFO) &&
2196 !router_supports_extrainfo(d->digest, is_trusted_extrainfo))
2197 continue;
2198 if (requireother && me && router_digest_is_me(d->digest))
2199 continue;
2200 if (try_excluding &&
2201 routerset_contains_routerstatus(options->ExcludeNodes,
2202 &d->fake_status, -1)) {
2203 ++n_excluded;
2204 continue;
2205 }
2206
2207 if (router_is_already_dir_fetching_ds(d, no_serverdesc_fetching,
2208 no_microdesc_fetching)) {
2209 ++n_busy;
2210 continue;
2211 }
2212
2213 /* Clients use IPv6 addresses if the server has one and the client
2214 * prefers IPv6.
2215 * Add the router if its preferred address and port are reachable.
2216 * If we don't get any routers, we'll try again with the non-preferred
2217 * address for each router (if any). (To ensure correct load-balancing
2218 * we try routers that only have one address both times.)
2219 */
2220 if (!fascistfirewall || skip_or_fw ||
2221 fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
2222 try_ip_pref))
2223 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
2224 else if (!must_have_or && (skip_dir_fw ||
2225 fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
2226 try_ip_pref)))
2227 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
2228 }
2229 SMARTLIST_FOREACH_END(d);
2230
2231 if (smartlist_len(tunnel)) {
2232 pick_from = tunnel;
2233 } else if (smartlist_len(overloaded_tunnel)) {
2234 pick_from = overloaded_tunnel;
2235 } else if (smartlist_len(direct)) {
2236 pick_from = direct;
2237 } else {
2238 pick_from = overloaded_direct;
2239 }
2240
2241 {
2242 const dir_server_t *selection =
2243 dirserver_choose_by_weight(pick_from, auth_weight);
2244
2245 if (selection)
2246 result = &selection->fake_status;
2247 }
2248
2249 smartlist_free(direct);
2250 smartlist_free(tunnel);
2251 smartlist_free(overloaded_direct);
2252 smartlist_free(overloaded_tunnel);
2253
2254 RETRY_ALTERNATE_IP_VERSION(retry_search);
2255
2256 RETRY_WITHOUT_EXCLUDE(retry_search);
2257
2258 router_picked_poor_directory_log(result);
2259
2260 if (n_busy_out)
2261 *n_busy_out = n_busy;
2262 return result;
2263 }
2264
2265 /** Mark as running every dir_server_t in <b>server_list</b>. */
2266 static void
2267 mark_all_dirservers_up(smartlist_t *server_list)
2268 {
2269 if (server_list) {
2270 SMARTLIST_FOREACH_BEGIN(server_list, dir_server_t *, dir) {
2271 routerstatus_t *rs;
2272 node_t *node;
2273 dir->is_running = 1;
2274 node = node_get_mutable_by_id(dir->digest);
2275 if (node)
2276 node->is_running = 1;
2277 rs = router_get_mutable_consensus_status_by_id(dir->digest);
2278 if (rs) {
2279 rs->last_dir_503_at = 0;
2280 control_event_networkstatus_changed_single(rs);
2281 }
2282 } SMARTLIST_FOREACH_END(dir);
2283 }
2284 router_dir_info_changed();
2285 }
2286
2287 /** Return true iff r1 and r2 have the same address and OR port. */
2288 int
2289 routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2)
2290 {
2291 return r1->addr == r2->addr && r1->or_port == r2->or_port &&
2292 tor_addr_eq(&r1->ipv6_addr, &r2->ipv6_addr) &&
2293 r1->ipv6_orport == r2->ipv6_orport;
2294 }
2295
2296 /** Reset all internal variables used to count failed downloads of network
2297 * status objects. */
2298 void
2299 router_reset_status_download_failures(void)
2300 {
2301 mark_all_dirservers_up(fallback_dir_servers);
2302 }
2303
2304 /** Given a <b>router</b>, add every node_t in its family (including the
2305 * node itself!) to <b>sl</b>.
2306 *
2307 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2308 * to the smartlist!
2309 */
2310 static void
2311 routerlist_add_node_and_family(smartlist_t *sl, const routerinfo_t *router)
2312 {
2313 /* XXXX MOVE ? */
2314 node_t fake_node;
2315 const node_t *node = node_get_by_id(router->cache_info.identity_digest);;
2316 if (node == NULL) {
2317 memset(&fake_node, 0, sizeof(fake_node));
2318 fake_node.ri = (routerinfo_t *)router;
2319 memcpy(fake_node.identity, router->cache_info.identity_digest, DIGEST_LEN);
2320 node = &fake_node;
2321 }
2322 nodelist_add_node_and_family(sl, node);
2323 }
2324
2325 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2326 * we can pick a node for a circuit.
2327 */
2328 void
2329 router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
2330 int need_uptime, int need_capacity,
2331 int need_guard, int need_desc,
2332 int pref_addr, int direct_conn)
2333 {
2334 const int check_reach = !router_skip_or_reachability(get_options(),
2335 pref_addr);
2336 /* XXXX MOVE */
2337 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
2338 if (!node->is_running ||
2339 (!node->is_valid && !allow_invalid))
2340 continue;
2341 if (need_desc && !(node->ri || (node->rs && node->md)))
2342 continue;
2343 if (node->ri && node->ri->purpose != ROUTER_PURPOSE_GENERAL)
2344 continue;
2345 if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
2346 continue;
2347 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2348 if (node->rs && !routerstatus_version_supports_extend2_cells(node->rs, 1))
2349 continue;
2350 /* Don't choose nodes if we are certain they can't do ntor. */
2351 if ((node->ri || node->md) && !node_has_curve25519_onion_key(node))
2352 continue;
2353 /* Choose a node with an OR address that matches the firewall rules */
2354 if (direct_conn && check_reach &&
2355 !fascist_firewall_allows_node(node,
2356 FIREWALL_OR_CONNECTION,
2357 pref_addr))
2358 continue;
2359
2360 smartlist_add(sl, (void *)node);
2361 } SMARTLIST_FOREACH_END(node);
2362 }
2363
2364 /** Look through the routerlist until we find a router that has my key.
2365 Return it. */
2366 const routerinfo_t *
2367 routerlist_find_my_routerinfo(void)
2368 {
2369 if (!routerlist)
2370 return NULL;
2371
2372 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, router,
2373 {
2374 if (router_is_me(router))
2375 return router;
2376 });
2377 return NULL;
2378 }
2379
2380 /** Return the smaller of the router's configured BandwidthRate
2381 * and its advertised capacity. */
2382 uint32_t
2383 router_get_advertised_bandwidth(const routerinfo_t *router)
2384 {
2385 if (router->bandwidthcapacity < router->bandwidthrate)
2386 return router->bandwidthcapacity;
2387 return router->bandwidthrate;
2388 }
2389
2390 /** Do not weight any declared bandwidth more than this much when picking
2391 * routers by bandwidth. */
2392 #define DEFAULT_MAX_BELIEVABLE_BANDWIDTH 10000000 /* 10 MB/sec */
2393
2394 /** Return the smaller of the router's configured BandwidthRate
2395 * and its advertised capacity, capped by max-believe-bw. */
2396 uint32_t
2397 router_get_advertised_bandwidth_capped(const routerinfo_t *router)
2398 {
2399 uint32_t result = router->bandwidthcapacity;
2400 if (result > router->bandwidthrate)
2401 result = router->bandwidthrate;
2402 if (result > DEFAULT_MAX_BELIEVABLE_BANDWIDTH)
2403 result = DEFAULT_MAX_BELIEVABLE_BANDWIDTH;
2404 return result;
2405 }
2406
2407 /** Given an array of double/uint64_t unions that are currently being used as
2408 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2409 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2410 * the sum of all elements in the array _before_ scaling. */
2411 STATIC void
2412 scale_array_elements_to_u64(uint64_t *entries_out, const double *entries_in,
2413 int n_entries,
2414 uint64_t *total_out)
2415 {
2416 double total = 0.0;
2417 double scale_factor = 0.0;
2418 int i;
2419
2420 for (i = 0; i < n_entries; ++i)
2421 total += entries_in[i];
2422
2423 if (total > 0.0) {
2424 scale_factor = ((double)INT64_MAX) / total;
2425 scale_factor /= 4.0; /* make sure we're very far away from overflowing */
2426 }
2427
2428 for (i = 0; i < n_entries; ++i)
2429 entries_out[i] = tor_llround(entries_in[i] * scale_factor);
2430
2431 if (total_out)
2432 *total_out = (uint64_t) total;
2433 }
2434
2435 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2436 * choosing each element with a probability proportional to its (uint64_t)
2437 * value, and return the index of that element. If all elements are 0, choose
2438 * an index at random. Return -1 on error.
2439 */
2440 STATIC int
2441 choose_array_element_by_weight(const uint64_t *entries, int n_entries)
2442 {
2443 int i;
2444 uint64_t rand_val;
2445 uint64_t total = 0;
2446
2447 for (i = 0; i < n_entries; ++i)
2448 total += entries[i];
2449
2450 if (n_entries < 1)
2451 return -1;
2452
2453 if (total == 0)
2454 return crypto_rand_int(n_entries);
2455
2456 tor_assert(total < INT64_MAX);
2457
2458 rand_val = crypto_rand_uint64(total);
2459
2460 return select_array_member_cumulative_timei(
2461 entries, n_entries, total, rand_val);
2462 }
2463
2464 /** When weighting bridges, enforce these values as lower and upper
2465 * bound for believable bandwidth, because there is no way for us
2466 * to verify a bridge's bandwidth currently. */
2467 #define BRIDGE_MIN_BELIEVABLE_BANDWIDTH 20000 /* 20 kB/sec */
2468 #define BRIDGE_MAX_BELIEVABLE_BANDWIDTH 100000 /* 100 kB/sec */
2469
2470 /** Return the smaller of the router's configured BandwidthRate
2471 * and its advertised capacity, making sure to stay within the
2472 * interval between bridge-min-believe-bw and
2473 * bridge-max-believe-bw. */
2474 static uint32_t
2475 bridge_get_advertised_bandwidth_bounded(routerinfo_t *router)
2476 {
2477 uint32_t result = router->bandwidthcapacity;
2478 if (result > router->bandwidthrate)
2479 result = router->bandwidthrate;
2480 if (result > BRIDGE_MAX_BELIEVABLE_BANDWIDTH)
2481 result = BRIDGE_MAX_BELIEVABLE_BANDWIDTH;
2482 else if (result < BRIDGE_MIN_BELIEVABLE_BANDWIDTH)
2483 result = BRIDGE_MIN_BELIEVABLE_BANDWIDTH;
2484 return result;
2485 }
2486
2487 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2488 * INT32_MAX. */
2489 static inline int32_t
2490 kb_to_bytes(uint32_t bw)
2491 {
2492 return (bw > (INT32_MAX/1000)) ? INT32_MAX : bw*1000;
2493 }
2494
2495 /** Helper function:
2496 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2497 * the advertised bandwidth of each element using the consensus
2498 * bandwidth weights.
2499 *
2500 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2501 * nodes' bandwidth equally regardless of their Exit status, since there may
2502 * be some in the list because they exit to obscure ports. If
2503 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2504 * exit-node's bandwidth less depending on the smallness of the fraction of
2505 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2506 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2507 * guards proportionally less.
2508 */
2509 static const node_t *
2510 smartlist_choose_node_by_bandwidth_weights(const smartlist_t *sl,
2511 bandwidth_weight_rule_t rule)
2512 {
2513 double *bandwidths_dbl=NULL;
2514 uint64_t *bandwidths_u64=NULL;
2515
2516 if (compute_weighted_bandwidths(sl, rule, &bandwidths_dbl) < 0)
2517 return NULL;
2518
2519 bandwidths_u64 = tor_calloc(smartlist_len(sl), sizeof(uint64_t));
2520 scale_array_elements_to_u64(bandwidths_u64, bandwidths_dbl,
2521 smartlist_len(sl), NULL);
2522
2523 {
2524 int idx = choose_array_element_by_weight(bandwidths_u64,
2525 smartlist_len(sl));
2526 tor_free(bandwidths_dbl);
2527 tor_free(bandwidths_u64);
2528 return idx < 0 ? NULL : smartlist_get(sl, idx);
2529 }
2530 }
2531
2532 /** Given a list of routers and a weighting rule as in
2533 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2534 * values for each node and store them in a freshly allocated
2535 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2536 * as doubles. Return 0 on success, -1 on failure. */
2537 static int
2538 compute_weighted_bandwidths(const smartlist_t *sl,
2539 bandwidth_weight_rule_t rule,
2540 double **bandwidths_out)
2541 {
2542 int64_t weight_scale;
2543 double Wg = -1, Wm = -1, We = -1, Wd = -1;
2544 double Wgb = -1, Wmb = -1, Web = -1, Wdb = -1;
2545 uint64_t weighted_bw = 0;
2546 guardfraction_bandwidth_t guardfraction_bw;
2547 double *bandwidths;
2548
2549 /* Can't choose exit and guard at same time */
2550 tor_assert(rule == NO_WEIGHTING ||
2551 rule == WEIGHT_FOR_EXIT ||
2552 rule == WEIGHT_FOR_GUARD ||
2553 rule == WEIGHT_FOR_MID ||
2554 rule == WEIGHT_FOR_DIR);
2555
2556 if (smartlist_len(sl) == 0) {
2557 log_info(LD_CIRC,
2558 "Empty routerlist passed in to consensus weight node "
2559 "selection for rule %s",
2560 bandwidth_weight_rule_to_string(rule));
2561 return -1;
2562 }
2563
2564 weight_scale = networkstatus_get_weight_scale_param(NULL);
2565
2566 if (rule == WEIGHT_FOR_GUARD) {
2567 Wg = networkstatus_get_bw_weight(NULL, "Wgg", -1);
2568 Wm = networkstatus_get_bw_weight(NULL, "Wgm", -1); /* Bridges */
2569 We = 0;
2570 Wd = networkstatus_get_bw_weight(NULL, "Wgd", -1);
2571
2572 Wgb = networkstatus_get_bw_weight(NULL, "Wgb", -1);
2573 Wmb = networkstatus_get_bw_weight(NULL, "Wmb", -1);
2574 Web = networkstatus_get_bw_weight(NULL, "Web", -1);
2575 Wdb = networkstatus_get_bw_weight(NULL, "Wdb", -1);
2576 } else if (rule == WEIGHT_FOR_MID) {
2577 Wg = networkstatus_get_bw_weight(NULL, "Wmg", -1);
2578 Wm = networkstatus_get_bw_weight(NULL, "Wmm", -1);
2579 We = networkstatus_get_bw_weight(NULL, "Wme", -1);
2580 Wd = networkstatus_get_bw_weight(NULL, "Wmd", -1);
2581
2582 Wgb = networkstatus_get_bw_weight(NULL, "Wgb", -1);
2583 Wmb = networkstatus_get_bw_weight(NULL, "Wmb", -1);
2584 Web = networkstatus_get_bw_weight(NULL, "Web", -1);
2585 Wdb = networkstatus_get_bw_weight(NULL, "Wdb", -1);
2586 } else if (rule == WEIGHT_FOR_EXIT) {
2587 // Guards CAN be exits if they have weird exit policies
2588 // They are d then I guess...
2589 We = networkstatus_get_bw_weight(NULL, "Wee", -1);
2590 Wm = networkstatus_get_bw_weight(NULL, "Wem", -1); /* Odd exit policies */
2591 Wd = networkstatus_get_bw_weight(NULL, "Wed", -1);
2592 Wg = networkstatus_get_bw_weight(NULL, "Weg", -1); /* Odd exit policies */
2593
2594 Wgb = networkstatus_get_bw_weight(NULL, "Wgb", -1);
2595 Wmb = networkstatus_get_bw_weight(NULL, "Wmb", -1);
2596 Web = networkstatus_get_bw_weight(NULL, "Web", -1);
2597 Wdb = networkstatus_get_bw_weight(NULL, "Wdb", -1);
2598 } else if (rule == WEIGHT_FOR_DIR) {
2599 We = networkstatus_get_bw_weight(NULL, "Wbe", -1);
2600 Wm = networkstatus_get_bw_weight(NULL, "Wbm", -1);
2601 Wd = networkstatus_get_bw_weight(NULL, "Wbd", -1);
2602 Wg = networkstatus_get_bw_weight(NULL, "Wbg", -1);
2603
2604 Wgb = Wmb = Web = Wdb = weight_scale;
2605 } else if (rule == NO_WEIGHTING) {
2606 Wg = Wm = We = Wd = weight_scale;
2607 Wgb = Wmb = Web = Wdb = weight_scale;
2608 }
2609
2610 if (Wg < 0 || Wm < 0 || We < 0 || Wd < 0 || Wgb < 0 || Wmb < 0 || Wdb < 0
2611 || Web < 0) {
2612 log_debug(LD_CIRC,
2613 "Got negative bandwidth weights. Defaulting to naive selection"
2614 " algorithm.");
2615 Wg = Wm = We = Wd = weight_scale;
2616 Wgb = Wmb = Web = Wdb = weight_scale;
2617 }
2618
2619 Wg /= weight_scale;
2620 Wm /= weight_scale;
2621 We /= weight_scale;
2622 Wd /= weight_scale;
2623
2624 Wgb /= weight_scale;
2625 Wmb /= weight_scale;
2626 Web /= weight_scale;
2627 Wdb /= weight_scale;
2628
2629 bandwidths = tor_calloc(smartlist_len(sl), sizeof(double));
2630
2631 // Cycle through smartlist and total the bandwidth.
2632 static int warned_missing_bw = 0;
2633 SMARTLIST_FOREACH_BEGIN(sl, const node_t *, node) {
2634 int is_exit = 0, is_guard = 0, is_dir = 0, this_bw = 0;
2635 double weight = 1;
2636 double weight_without_guard_flag = 0; /* Used for guardfraction */
2637 double final_weight = 0;
2638 is_exit = node->is_exit && ! node->is_bad_exit;
2639 is_guard = node->is_possible_guard;
2640 is_dir = node_is_dir(node);
2641 if (node->rs) {
2642 if (!node->rs->has_bandwidth) {
2643 /* This should never happen, unless all the authorites downgrade
2644 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2645 if (! warned_missing_bw) {
2646 log_warn(LD_BUG,
2647 "Consensus is missing some bandwidths. Using a naive "
2648 "router selection algorithm");
2649 warned_missing_bw = 1;
2650 }
2651 this_bw = 30000; /* Chosen arbitrarily */
2652 } else {
2653 this_bw = kb_to_bytes(node->rs->bandwidth_kb);
2654 }
2655 } else if (node->ri) {
2656 /* bridge or other descriptor not in our consensus */
2657 this_bw = bridge_get_advertised_bandwidth_bounded(node->ri);
2658 } else {
2659 /* We can't use this one. */
2660 continue;
2661 }
2662
2663 if (is_guard && is_exit) {
2664 weight = (is_dir ? Wdb*Wd : Wd);
2665 weight_without_guard_flag = (is_dir ? Web*We : We);
2666 } else if (is_guard) {
2667 weight = (is_dir ? Wgb*Wg : Wg);
2668 weight_without_guard_flag = (is_dir ? Wmb*Wm : Wm);
2669 } else if (is_exit) {
2670 weight = (is_dir ? Web*We : We);
2671 } else { // middle
2672 weight = (is_dir ? Wmb*Wm : Wm);
2673 }
2674 /* These should be impossible; but overflows here would be bad, so let's
2675 * make sure. */
2676 if (this_bw < 0)
2677 this_bw = 0;
2678 if (weight < 0.0)
2679 weight = 0.0;
2680 if (weight_without_guard_flag < 0.0)
2681 weight_without_guard_flag = 0.0;
2682
2683 /* If guardfraction information is available in the consensus, we
2684 * want to calculate this router's bandwidth according to its
2685 * guardfraction. Quoting from proposal236:
2686 *
2687 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2688 * client would apply to N for position p if it had the guard
2689 * flag, Wpn the weight if it did not have the guard flag, and B the
2690 * measured bandwidth of N in the consensus. Then instead of choosing
2691 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2692 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2693 */
2694 if (node->rs && node->rs->has_guardfraction && rule != WEIGHT_FOR_GUARD) {
2695 /* XXX The assert should actually check for is_guard. However,
2696 * that crashes dirauths because of #13297. This should be
2697 * equivalent: */
2698 tor_assert(node->rs->is_possible_guard);
2699
2700 guard_get_guardfraction_bandwidth(&guardfraction_bw,
2701 this_bw,
2702 node->rs->guardfraction_percentage);
2703
2704 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2705 final_weight =
2706 guardfraction_bw.guard_bw * weight +
2707 guardfraction_bw.non_guard_bw * weight_without_guard_flag;
2708
2709 log_debug(LD_GENERAL, "%s: Guardfraction weight %f instead of %f (%s)",
2710 node->rs->nickname, final_weight, weight*this_bw,
2711 bandwidth_weight_rule_to_string(rule));
2712 } else { /* no guardfraction information. calculate the weight normally. */
2713 final_weight = weight*this_bw;
2714 }
2715
2716 bandwidths[node_sl_idx] = final_weight + 0.5;
2717 } SMARTLIST_FOREACH_END(node);
2718
2719 log_debug(LD_CIRC, "Generated weighted bandwidths for rule %s based "
2720 "on weights "
2721 "Wg=%f Wm=%f We=%f Wd=%f with total bw "U64_FORMAT,
2722 bandwidth_weight_rule_to_string(rule),
2723 Wg, Wm, We, Wd, U64_PRINTF_ARG(weighted_bw));
2724
2725 *bandwidths_out = bandwidths;
2726
2727 return 0;
2728 }
2729
2730 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2731 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2732 * descriptors. */
2733 double
2734 frac_nodes_with_descriptors(const smartlist_t *sl,
2735 bandwidth_weight_rule_t rule)
2736 {
2737 double *bandwidths = NULL;
2738 double total, present;
2739
2740 if (smartlist_len(sl) == 0)
2741 return 0.0;
2742
2743 if (compute_weighted_bandwidths(sl, rule, &bandwidths) < 0) {
2744 int n_with_descs = 0;
2745 SMARTLIST_FOREACH(sl, const node_t *, node, {
2746 if (node_has_descriptor(node))
2747 n_with_descs++;
2748 });
2749 return ((double)n_with_descs) / (double)smartlist_len(sl);
2750 }
2751
2752 total = present = 0.0;
2753 SMARTLIST_FOREACH_BEGIN(sl, const node_t *, node) {
2754 const double bw = bandwidths[node_sl_idx];
2755 total += bw;
2756 if (node_has_descriptor(node))
2757 present += bw;
2758 } SMARTLIST_FOREACH_END(node);
2759
2760 tor_free(bandwidths);
2761
2762 if (total < 1.0)
2763 return 0;
2764
2765 return present / total;
2766 }
2767
2768 /** Choose a random element of status list <b>sl</b>, weighted by
2769 * the advertised bandwidth of each node */
2770 const node_t *
2771 node_sl_choose_by_bandwidth(const smartlist_t *sl,
2772 bandwidth_weight_rule_t rule)
2773 { /*XXXX MOVE */
2774 return smartlist_choose_node_by_bandwidth_weights(sl, rule);
2775 }
2776
2777 /** Return a random running node from the nodelist. Never
2778 * pick a node that is in
2779 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2780 * even if they are the only nodes available.
2781 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2782 * a minimum uptime, return one of those.
2783 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2784 * advertised capacity of each router.
2785 * If <b>CRN_ALLOW_INVALID</b> is not set in flags, consider only Valid
2786 * routers.
2787 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2788 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2789 * picking an exit node, otherwise we weight bandwidths for picking a relay
2790 * node (that is, possibly discounting exit nodes).
2791 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2792 * have a routerinfo or microdescriptor -- that is, enough info to be
2793 * used to build a circuit.
2794 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2795 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2796 * (regardless of this flag, we exclude nodes that aren't allowed by the
2797 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2798 */
2799 const node_t *
2800 router_choose_random_node(smartlist_t *excludedsmartlist,
2801 routerset_t *excludedset,
2802 router_crn_flags_t flags)
2803 { /* XXXX MOVE */
2804 const int need_uptime = (flags & CRN_NEED_UPTIME) != 0;
2805 const int need_capacity = (flags & CRN_NEED_CAPACITY) != 0;
2806 const int need_guard = (flags & CRN_NEED_GUARD) != 0;
2807 const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0;
2808 const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0;
2809 const int need_desc = (flags & CRN_NEED_DESC) != 0;
2810 const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
2811 const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
2812
2813 smartlist_t *sl=smartlist_new(),
2814 *excludednodes=smartlist_new();
2815 const node_t *choice = NULL;
2816 const routerinfo_t *r;
2817 bandwidth_weight_rule_t rule;
2818
2819 tor_assert(!(weight_for_exit && need_guard));
2820 rule = weight_for_exit ? WEIGHT_FOR_EXIT :
2821 (need_guard ? WEIGHT_FOR_GUARD : WEIGHT_FOR_MID);
2822
2823 /* Exclude relays that allow single hop exit circuits, if the user
2824 * wants to (such relays might be risky) */
2825 if (get_options()->ExcludeSingleHopRelays) {
2826 SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
2827 if (node_allows_single_hop_exits(node)) {
2828 smartlist_add(excludednodes, node);
2829 });
2830 }
2831
2832 /* If the node_t is not found we won't be to exclude ourself but we
2833 * won't be able to pick ourself in router_choose_random_node() so
2834 * this is fine to at least try with our routerinfo_t object. */
2835 if ((r = router_get_my_routerinfo()))
2836 routerlist_add_node_and_family(excludednodes, r);
2837
2838 router_add_running_nodes_to_smartlist(sl, allow_invalid,
2839 need_uptime, need_capacity,
2840 need_guard, need_desc, pref_addr,
2841 direct_conn);
2842 log_debug(LD_CIRC,
2843 "We found %d running nodes.",
2844 smartlist_len(sl));
2845
2846 smartlist_subtract(sl,excludednodes);
2847 log_debug(LD_CIRC,
2848 "We removed %d excludednodes, leaving %d nodes.",
2849 smartlist_len(excludednodes),
2850 smartlist_len(sl));
2851
2852 if (excludedsmartlist) {
2853 smartlist_subtract(sl,excludedsmartlist);
2854 log_debug(LD_CIRC,
2855 "We removed %d excludedsmartlist, leaving %d nodes.",
2856 smartlist_len(excludedsmartlist),
2857 smartlist_len(sl));
2858 }
2859 if (excludedset) {
2860 routerset_subtract_nodes(sl,excludedset);
2861 log_debug(LD_CIRC,
2862 "We removed excludedset, leaving %d nodes.",
2863 smartlist_len(sl));
2864 }
2865
2866 // Always weight by bandwidth
2867 choice = node_sl_choose_by_bandwidth(sl, rule);
2868
2869 smartlist_free(sl);
2870 if (!choice && (need_uptime || need_capacity || need_guard || pref_addr)) {
2871 /* try once more -- recurse but with fewer restrictions. */
2872 log_info(LD_CIRC,
2873 "We couldn't find any live%s%s%s routers; falling back "
2874 "to list of all routers.",
2875 need_capacity?", fast":"",
2876 need_uptime?", stable":"",
2877 need_guard?", guard":"");
2878 flags &= ~ (CRN_NEED_UPTIME|CRN_NEED_CAPACITY|CRN_NEED_GUARD|
2879 CRN_PREF_ADDR);
2880 choice = router_choose_random_node(
2881 excludedsmartlist, excludedset, flags);
2882 }
2883 smartlist_free(excludednodes);
2884 if (!choice) {
2885 log_warn(LD_CIRC,
2886 "No available nodes when trying to choose node. Failing.");
2887 }
2888 return choice;
2889 }
2890
2891 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2892 * Return 0 on success, -1 on failure. Store the result into the
2893 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2894 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2895 * at <b>nickname_out</b>.
2896 *
2897 * The recognized format is:
2898 * HexName = Dollar? HexDigest NamePart?
2899 * Dollar = '?'
2900 * HexDigest = HexChar*20
2901 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2902 * NamePart = QualChar Name
2903 * QualChar = '=' | '~'
2904 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2905 * NameChar = Any ASCII alphanumeric character
2906 */
2907 int
2908 hex_digest_nickname_decode(const char *hexdigest,
2909 char *digest_out,
2910 char *nickname_qualifier_char_out,
2911 char *nickname_out)
2912 {
2913 size_t len;
2914
2915 tor_assert(hexdigest);
2916 if (hexdigest[0] == '$')
2917 ++hexdigest;
2918
2919 len = strlen(hexdigest);
2920 if (len < HEX_DIGEST_LEN) {
2921 return -1;
2922 } else if (len > HEX_DIGEST_LEN && (hexdigest[HEX_DIGEST_LEN] == '=' ||
2923 hexdigest[HEX_DIGEST_LEN] == '~') &&
2924 len <= HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN) {
2925 *nickname_qualifier_char_out = hexdigest[HEX_DIGEST_LEN];
2926 strlcpy(nickname_out, hexdigest+HEX_DIGEST_LEN+1 , MAX_NICKNAME_LEN+1);
2927 } else if (len == HEX_DIGEST_LEN) {
2928 ;
2929 } else {
2930 return -1;
2931 }
2932
2933 if (base16_decode(digest_out, DIGEST_LEN,
2934 hexdigest, HEX_DIGEST_LEN) != DIGEST_LEN)
2935 return -1;
2936 return 0;
2937 }
2938
2939 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2940 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2941 * (which is optionally prefixed with a single dollar sign). Return false if
2942 * <b>hexdigest</b> is malformed, or it doesn't match. */
2943 int
2944 hex_digest_nickname_matches(const char *hexdigest, const char *identity_digest,
2945 const char *nickname, int is_named)
2946 {
2947 char digest[DIGEST_LEN];
2948 char nn_char='\0';
2949 char nn_buf[MAX_NICKNAME_LEN+1];
2950
2951 if (hex_digest_nickname_decode(hexdigest, digest, &nn_char, nn_buf) == -1)
2952 return 0;
2953
2954 if (nn_char == '=' || nn_char == '~') {
2955 if (!nickname)
2956 return 0;
2957 if (strcasecmp(nn_buf, nickname))
2958 return 0;
2959 if (nn_char == '=' && !is_named)
2960 return 0;
2961 }
2962
2963 return tor_memeq(digest, identity_digest, DIGEST_LEN);
2964 }
2965
2966 /** Return true iff <b>router</b> is listed as named in the current
2967 * consensus. */
2968 int
2969 router_is_named(const routerinfo_t *router)
2970 {
2971 const char *digest =
2972 networkstatus_get_router_digest_by_nickname(router->nickname);
2973
2974 return (digest &&
2975 tor_memeq(digest, router->cache_info.identity_digest, DIGEST_LEN));
2976 }
2977
2978 /** Return true iff <b>digest</b> is the digest of the identity key of a
2979 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2980 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2981 int
2982 router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type)
2983 {
2984 if (!trusted_dir_servers)
2985 return 0;
2986 if (authdir_mode(get_options()) && router_digest_is_me(digest))
2987 return 1;
2988 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
2989 if (tor_memeq(digest, ent->digest, DIGEST_LEN)) {
2990 return (!type) || ((type & ent->type) != 0);
2991 });
2992 return 0;
2993 }
2994
2995 /** Return true iff <b>addr</b> is the address of one of our trusted
2996 * directory authorities. */
2997 int
2998 router_addr_is_trusted_dir(uint32_t addr)
2999 {
3000 if (!trusted_dir_servers)
3001 return 0;
3002 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
3003 if (ent->addr == addr)
3004 return 1;
3005 );
3006 return 0;
3007 }
3008
3009 /** If hexdigest is correctly formed, base16_decode it into
3010 * digest, which must have DIGEST_LEN space in it.
3011 * Return 0 on success, -1 on failure.
3012 */
3013 int
3014 hexdigest_to_digest(const char *hexdigest, char *digest)
3015 {
3016 if (hexdigest[0]=='$')
3017 ++hexdigest;
3018 if (strlen(hexdigest) < HEX_DIGEST_LEN ||
3019 base16_decode(digest,DIGEST_LEN,hexdigest,HEX_DIGEST_LEN) != DIGEST_LEN)
3020 return -1;
3021 return 0;
3022 }
3023
3024 /** As router_get_by_id_digest,but return a pointer that you're allowed to
3025 * modify */
3026 routerinfo_t *
3027 router_get_mutable_by_digest(const char *digest)
3028 {
3029 tor_assert(digest);
3030
3031 if (!routerlist) return NULL;
3032
3033 // routerlist_assert_ok(routerlist);
3034
3035 return rimap_get(routerlist->identity_map, digest);
3036 }
3037
3038 /** Return the router in our routerlist whose 20-byte key digest
3039 * is <b>digest</b>. Return NULL if no such router is known. */
3040 const routerinfo_t *
3041 router_get_by_id_digest(const char *digest)
3042 {
3043 return router_get_mutable_by_digest(digest);
3044 }
3045
3046 /** Return the router in our routerlist whose 20-byte descriptor
3047 * is <b>digest</b>. Return NULL if no such router is known. */
3048 signed_descriptor_t *
3049 router_get_by_descriptor_digest(const char *digest)
3050 {
3051 tor_assert(digest);
3052
3053 if (!routerlist) return NULL;
3054
3055 return sdmap_get(routerlist->desc_digest_map, digest);
3056 }
3057
3058 /** Return the signed descriptor for the router in our routerlist whose
3059 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3060 * is known. */
3061 MOCK_IMPL(signed_descriptor_t *,
3062 router_get_by_extrainfo_digest,(const char *digest))
3063 {
3064 tor_assert(digest);
3065
3066 if (!routerlist) return NULL;
3067
3068 return sdmap_get(routerlist->desc_by_eid_map, digest);
3069 }
3070
3071 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3072 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3073 * document is known. */
3074 signed_descriptor_t *
3075 extrainfo_get_by_descriptor_digest(const char *digest)
3076 {
3077 extrainfo_t *ei;
3078 tor_assert(digest);
3079 if (!routerlist) return NULL;
3080 ei = eimap_get(routerlist->extra_info_map, digest);
3081 return ei ? &ei->cache_info : NULL;
3082 }
3083
3084 /** Return a pointer to the signed textual representation of a descriptor.
3085 * The returned string is not guaranteed to be NUL-terminated: the string's
3086 * length will be in desc-\>signed_descriptor_len.
3087 *
3088 * If <b>with_annotations</b> is set, the returned string will include
3089 * the annotations
3090 * (if any) preceding the descriptor. This will increase the length of the
3091 * string by desc-\>annotations_len.
3092 *
3093 * The caller must not free the string returned.
3094 */
3095 static const char *
3096 signed_descriptor_get_body_impl(const signed_descriptor_t *desc,
3097 int with_annotations)
3098 {
3099 const char *r = NULL;
3100 size_t len = desc->signed_descriptor_len;
3101 off_t offset = desc->saved_offset;
3102 if (with_annotations)
3103 len += desc->annotations_len;
3104 else
3105 offset += desc->annotations_len;
3106
3107 tor_assert(len > 32);
3108 if (desc->saved_location == SAVED_IN_CACHE && routerlist) {
3109 desc_store_t *store = desc_get_store(router_get_routerlist(), desc);
3110 if (store && store->mmap) {
3111 tor_assert(desc->saved_offset + len <= store->mmap->size);
3112 r = store->mmap->data + offset;
3113 } else if (store) {
3114 log_err(LD_DIR, "We couldn't read a descriptor that is supposedly "
3115 "mmaped in our cache. Is another process running in our data "
3116 "directory? Exiting.");
3117 exit(1);
3118 }
3119 }
3120 if (!r) /* no mmap, or not in cache. */
3121 r = desc->signed_descriptor_body +
3122 (with_annotations ? 0 : desc->annotations_len);
3123
3124 tor_assert(r);
3125 if (!with_annotations) {
3126 if (fast_memcmp("router ", r, 7) && fast_memcmp("extra-info ", r, 11)) {
3127 char *cp = tor_strndup(r, 64);
3128 log_err(LD_DIR, "descriptor at %p begins with unexpected string %s. "
3129 "Is another process running in our data directory? Exiting.",
3130 desc, escaped(cp));
3131 exit(1);
3132 }
3133 }
3134
3135 return r;
3136 }
3137
3138 /** Return a pointer to the signed textual representation of a descriptor.
3139 * The returned string is not guaranteed to be NUL-terminated: the string's
3140 * length will be in desc-\>signed_descriptor_len.
3141 *
3142 * The caller must not free the string returned.
3143 */
3144 const char *
3145 signed_descriptor_get_body(const signed_descriptor_t *desc)
3146 {
3147 return signed_descriptor_get_body_impl(desc, 0);
3148 }
3149
3150 /** As signed_descriptor_get_body(), but points to the beginning of the
3151 * annotations section rather than the beginning of the descriptor. */
3152 const char *
3153 signed_descriptor_get_annotations(const signed_descriptor_t *desc)
3154 {
3155 return signed_descriptor_get_body_impl(desc, 1);
3156 }
3157
3158 /** Return the current list of all known routers. */
3159 routerlist_t *
3160 router_get_routerlist(void)
3161 {
3162 if (PREDICT_UNLIKELY(!routerlist)) {
3163 routerlist = tor_malloc_zero(sizeof(routerlist_t));
3164 routerlist->routers = smartlist_new();
3165 routerlist->old_routers = smartlist_new();
3166 routerlist->identity_map = rimap_new();
3167 routerlist->desc_digest_map = sdmap_new();
3168 routerlist->desc_by_eid_map = sdmap_new();
3169 routerlist->extra_info_map = eimap_new();
3170
3171 routerlist->desc_store.fname_base = "cached-descriptors";
3172 routerlist->extrainfo_store.fname_base = "cached-extrainfo";
3173
3174 routerlist->desc_store.type = ROUTER_STORE;
3175 routerlist->extrainfo_store.type = EXTRAINFO_STORE;
3176
3177 routerlist->desc_store.description = "router descriptors";
3178 routerlist->extrainfo_store.description = "extra-info documents";
3179 }
3180 return routerlist;
3181 }
3182
3183 /** Free all storage held by <b>router</b>. */
3184 void
3185 routerinfo_free(routerinfo_t *router)
3186 {
3187 if (!router)
3188 return;
3189
3190 tor_free(router->cache_info.signed_descriptor_body);
3191 tor_free(router->nickname);
3192 tor_free(router->platform);
3193 tor_free(router->protocol_list);
3194 tor_free(router->contact_info);
3195 if (router->onion_pkey)
3196 crypto_pk_free(router->onion_pkey);
3197 tor_free(router->onion_curve25519_pkey);
3198 if (router->identity_pkey)
3199 crypto_pk_free(router->identity_pkey);
3200 tor_cert_free(router->cache_info.signing_key_cert);
3201 if (router->declared_family) {
3202 SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
3203 smartlist_free(router->declared_family);
3204 }
3205 addr_policy_list_free(router->exit_policy);
3206 short_policy_free(router->ipv6_exit_policy);
3207
3208 memset(router, 77, sizeof(routerinfo_t));
3209
3210 tor_free(router);
3211 }
3212
3213 /** Release all storage held by <b>extrainfo</b> */
3214 void
3215 extrainfo_free(extrainfo_t *extrainfo)
3216 {
3217 if (!extrainfo)
3218 return;
3219 tor_cert_free(extrainfo->cache_info.signing_key_cert);
3220 tor_free(extrainfo->cache_info.signed_descriptor_body);
3221 tor_free(extrainfo->pending_sig);
3222
3223 memset(extrainfo, 88, sizeof(extrainfo_t)); /* debug bad memory usage */
3224 tor_free(extrainfo);
3225 }
3226
3227 /** Release storage held by <b>sd</b>. */
3228 static void
3229 signed_descriptor_free(signed_descriptor_t *sd)
3230 {
3231 if (!sd)
3232 return;
3233
3234 tor_free(sd->signed_descriptor_body);
3235 tor_cert_free(sd->signing_key_cert);
3236
3237 memset(sd, 99, sizeof(signed_descriptor_t)); /* Debug bad mem usage */
3238 tor_free(sd);
3239 }
3240
3241 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3242 * memory inside the object and by zeroing its content. */
3243 static void
3244 signed_descriptor_reset(signed_descriptor_t *sd)
3245 {
3246 tor_assert(sd);
3247 tor_free(sd->signed_descriptor_body);
3248 tor_cert_free(sd->signing_key_cert);
3249 memset(sd, 0, sizeof(*sd));
3250 }
3251
3252 /** Copy src into dest, and steal all references inside src so that when
3253 * we free src, we don't mess up dest. */
3254 static void
3255 signed_descriptor_move(signed_descriptor_t *dest,
3256 signed_descriptor_t *src)
3257 {
3258 tor_assert(dest != src);
3259 /* Cleanup destination object before overwriting it.*/
3260 signed_descriptor_reset(dest);
3261 memcpy(dest, src, sizeof(signed_descriptor_t));
3262 src->signed_descriptor_body = NULL;
3263 src->signing_key_cert = NULL;
3264 dest->routerlist_index = -1;
3265 }
3266
3267 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3268 * routerinfo.
3269 */
3270 static signed_descriptor_t *
3271 signed_descriptor_from_routerinfo(routerinfo_t *ri)
3272 {
3273 signed_descriptor_t *sd;
3274 tor_assert(ri->purpose == ROUTER_PURPOSE_GENERAL);
3275 sd = tor_malloc_zero(sizeof(signed_descriptor_t));
3276 signed_descriptor_move(sd, &ri->cache_info);
3277 routerinfo_free(ri);
3278 return sd;
3279 }
3280
3281 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3282 static void
3283 extrainfo_free_(void *e)
3284 {
3285 extrainfo_free(e);
3286 }
3287
3288 /** Free all storage held by a routerlist <b>rl</b>. */
3289 void
3290 routerlist_free(routerlist_t *rl)
3291 {
3292 if (!rl)
3293 return;
3294 rimap_free(rl->identity_map, NULL);
3295 sdmap_free(rl->desc_digest_map, NULL);
3296 sdmap_free(rl->desc_by_eid_map, NULL);
3297 eimap_free(rl->extra_info_map, extrainfo_free_);
3298 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3299 routerinfo_free(r));
3300 SMARTLIST_FOREACH(rl->old_routers, signed_descriptor_t *, sd,
3301 signed_descriptor_free(sd));
3302 smartlist_free(rl->routers);
3303 smartlist_free(rl->old_routers);
3304 if (rl->desc_store.mmap) {
3305 int res = tor_munmap_file(routerlist->desc_store.mmap);
3306 if (res != 0) {
3307 log_warn(LD_FS, "Failed to munmap routerlist->desc_store.mmap");
3308 }
3309 }
3310 if (rl->extrainfo_store.mmap) {
3311 int res = tor_munmap_file(routerlist->extrainfo_store.mmap);
3312 if (res != 0) {
3313 log_warn(LD_FS, "Failed to munmap routerlist->extrainfo_store.mmap");
3314 }
3315 }
3316 tor_free(rl);
3317
3318 router_dir_info_changed();
3319 }
3320
3321 /** Log information about how much memory is being used for routerlist,
3322 * at log level <b>severity</b>. */
3323 void
3324 dump_routerlist_mem_usage(int severity)
3325 {
3326 uint64_t livedescs = 0;
3327 uint64_t olddescs = 0;
3328 if (!routerlist)
3329 return;
3330 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
3331 livedescs += r->cache_info.signed_descriptor_len);
3332 SMARTLIST_FOREACH(routerlist->old_routers, signed_descriptor_t *, sd,
3333 olddescs += sd->signed_descriptor_len);
3334
3335 tor_log(severity, LD_DIR,
3336 "In %d live descriptors: "U64_FORMAT" bytes. "
3337 "In %d old descriptors: "U64_FORMAT" bytes.",
3338 smartlist_len(routerlist->routers), U64_PRINTF_ARG(livedescs),
3339 smartlist_len(routerlist->old_routers), U64_PRINTF_ARG(olddescs));
3340 }
3341
3342 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3343 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3344 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3345 * is not in <b>sl</b>. */
3346 static inline int
3347 routerlist_find_elt_(smartlist_t *sl, void *ri, int idx)
3348 {
3349 if (idx < 0) {
3350 idx = -1;
3351 SMARTLIST_FOREACH(sl, routerinfo_t *, r,
3352 if (r == ri) {
3353 idx = r_sl_idx;
3354 break;
3355 });
3356 } else {
3357 tor_assert(idx < smartlist_len(sl));
3358 tor_assert(smartlist_get(sl, idx) == ri);
3359 };
3360 return idx;
3361 }
3362
3363 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3364 * as needed. There must be no previous member of <b>rl</b> with the same
3365 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3366 * instead.
3367 */
3368 static void
3369 routerlist_insert(routerlist_t *rl, routerinfo_t *ri)
3370 {
3371 routerinfo_t *ri_old;
3372 signed_descriptor_t *sd_old;
3373 {
3374 const routerinfo_t *ri_generated = router_get_my_routerinfo();
3375 tor_assert(ri_generated != ri);
3376 }
3377 tor_assert(ri->cache_info.routerlist_index == -1);
3378
3379 ri_old = rimap_set(rl->identity_map, ri->cache_info.identity_digest, ri);
3380 tor_assert(!ri_old);
3381
3382 sd_old = sdmap_set(rl->desc_digest_map,
3383 ri->cache_info.signed_descriptor_digest,
3384 &(ri->cache_info));
3385 if (sd_old) {
3386 int idx = sd_old->routerlist_index;
3387 sd_old->routerlist_index = -1;
3388 smartlist_del(rl->old_routers, idx);
3389 if (idx < smartlist_len(rl->old_routers)) {
3390 signed_descriptor_t *d = smartlist_get(rl->old_routers, idx);
3391 d->routerlist_index = idx;
3392 }
3393 rl->desc_store.bytes_dropped += sd_old->signed_descriptor_len;
3394 sdmap_remove(rl->desc_by_eid_map, sd_old->extra_info_digest);
3395 signed_descriptor_free(sd_old);
3396 }
3397
3398 if (!tor_digest_is_zero(ri->cache_info.extra_info_digest))
3399 sdmap_set(rl->desc_by_eid_map, ri->cache_info.extra_info_digest,
3400 &ri->cache_info);
3401 smartlist_add(rl->routers, ri);
3402 ri->cache_info.routerlist_index = smartlist_len(rl->routers) - 1;
3403 nodelist_set_routerinfo(ri, NULL);
3404 router_dir_info_changed();
3405 #ifdef DEBUG_ROUTERLIST
3406 routerlist_assert_ok(rl);
3407 #endif
3408 }
3409
3410 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3411 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3412 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3413 MOCK_IMPL(STATIC was_router_added_t,
3414 extrainfo_insert,(routerlist_t *rl, extrainfo_t *ei, int warn_if_incompatible))
3415 {
3416 was_router_added_t r;
3417 const char *compatibility_error_msg;
3418 routerinfo_t *ri = rimap_get(rl->identity_map,
3419 ei->cache_info.identity_digest);
3420 signed_descriptor_t *sd =
3421 sdmap_get(rl->desc_by_eid_map, ei->cache_info.signed_descriptor_digest);
3422 extrainfo_t *ei_tmp;
3423 const int severity = warn_if_incompatible ? LOG_WARN : LOG_INFO;
3424
3425 {
3426 extrainfo_t *ei_generated = router_get_my_extrainfo();
3427 tor_assert(ei_generated != ei);
3428 }
3429
3430 if (!ri) {
3431 /* This router is unknown; we can't even verify the signature. Give up.*/
3432 r = ROUTER_NOT_IN_CONSENSUS;
3433 goto done;
3434 }
3435 if (! sd) {
3436 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3437 * This just won't work. */;
3438 static ratelim_t no_sd_ratelim = RATELIM_INIT(1800);
3439 r = ROUTER_BAD_EI;
3440 log_fn_ratelim(&no_sd_ratelim, severity, LD_BUG,
3441 "No entry found in extrainfo map.");
3442 goto done;
3443 }
3444 if (tor_memneq(ei->cache_info.signed_descriptor_digest,
3445 sd->extra_info_digest, DIGEST_LEN)) {
3446 static ratelim_t digest_mismatch_ratelim = RATELIM_INIT(1800);
3447 /* The sd we got from the map doesn't match the digest we used to look
3448 * it up. This makes no sense. */
3449 r = ROUTER_BAD_EI;
3450 log_fn_ratelim(&digest_mismatch_ratelim, severity, LD_BUG,
3451 "Mismatch in digest in extrainfo map.");
3452 goto done;
3453 }
3454 if (routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei, sd,
3455 &compatibility_error_msg)) {
3456 char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
3457 r = (ri->cache_info.extrainfo_is_bogus) ?
3458 ROUTER_BAD_EI : ROUTER_NOT_IN_CONSENSUS;
3459
3460 base16_encode(d1, sizeof(d1), ri->cache_info.identity_digest, DIGEST_LEN);
3461 base16_encode(d2, sizeof(d2), ei->cache_info.identity_digest, DIGEST_LEN);
3462
3463 log_fn(severity,LD_DIR,
3464 "router info incompatible with extra info (ri id: %s, ei id %s, "
3465 "reason: %s)", d1, d2, compatibility_error_msg);
3466
3467 goto done;
3468 }
3469
3470 /* Okay, if we make it here, we definitely have a router corresponding to
3471 * this extrainfo. */
3472
3473 ei_tmp = eimap_set(rl->extra_info_map,
3474 ei->cache_info.signed_descriptor_digest,
3475 ei);
3476 r = ROUTER_ADDED_SUCCESSFULLY;
3477 if (ei_tmp) {
3478 rl->extrainfo_store.bytes_dropped +=
3479 ei_tmp->cache_info.signed_descriptor_len;
3480 extrainfo_free(ei_tmp);
3481 }
3482
3483 done:
3484 if (r != ROUTER_ADDED_SUCCESSFULLY)
3485 extrainfo_free(ei);
3486
3487 #ifdef DEBUG_ROUTERLIST
3488 routerlist_assert_ok(rl);
3489 #endif
3490 return r;
3491 }
3492
3493 #define should_cache_old_descriptors() \
3494 directory_caches_dir_info(get_options())
3495
3496 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3497 * a copy of router <b>ri</b> yet, add it to the list of old (not
3498 * recommended but still served) descriptors. Else free it. */
3499 static void
3500 routerlist_insert_old(routerlist_t *rl, routerinfo_t *ri)
3501 {
3502 {
3503 const routerinfo_t *ri_generated = router_get_my_routerinfo();
3504 tor_assert(ri_generated != ri);
3505 }
3506 tor_assert(ri->cache_info.routerlist_index == -1);
3507
3508 if (should_cache_old_descriptors() &&
3509 ri->purpose == ROUTER_PURPOSE_GENERAL &&
3510 !sdmap_get(rl->desc_digest_map,
3511 ri->cache_info.signed_descriptor_digest)) {
3512 signed_descriptor_t *sd = signed_descriptor_from_routerinfo(ri);
3513 sdmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
3514 smartlist_add(rl->old_routers, sd);
3515 sd->routerlist_index = smartlist_len(rl->old_routers)-1;
3516 if (!tor_digest_is_zero(sd->extra_info_digest))
3517 sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
3518 } else {
3519 routerinfo_free(ri);
3520 }
3521 #ifdef DEBUG_ROUTERLIST
3522 routerlist_assert_ok(rl);
3523 #endif
3524 }
3525
3526 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3527 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl-&gt;routers,
3528 * idx) == ri, we don't need to do a linear search over the list to decide
3529 * which to remove. We fill the gap in rl-&gt;routers with a later element in
3530 * the list, if any exists. <b>ri</b> is freed.
3531 *
3532 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3533 * it to rl-&gt;old_routers. */
3534 void
3535 routerlist_remove(routerlist_t *rl, routerinfo_t *ri, int make_old, time_t now)
3536 {
3537 routerinfo_t *ri_tmp;
3538 extrainfo_t *ei_tmp;
3539 int idx = ri->cache_info.routerlist_index;
3540 tor_assert(0 <= idx && idx < smartlist_len(rl->routers));
3541 tor_assert(smartlist_get(rl->routers, idx) == ri);
3542
3543 nodelist_remove_routerinfo(ri);
3544
3545 /* make sure the rephist module knows that it's not running */
3546 rep_hist_note_router_unreachable(ri->cache_info.identity_digest, now);
3547
3548 ri->cache_info.routerlist_index = -1;
3549 smartlist_del(rl->routers, idx);
3550 if (idx < smartlist_len(rl->routers)) {
3551 routerinfo_t *r = smartlist_get(rl->routers, idx);
3552 r->cache_info.routerlist_index = idx;
3553 }
3554
3555 ri_tmp = rimap_remove(rl->identity_map, ri->cache_info.identity_digest);
3556 router_dir_info_changed();
3557 tor_assert(ri_tmp == ri);
3558
3559 if (make_old && should_cache_old_descriptors() &&
3560 ri->purpose == ROUTER_PURPOSE_GENERAL) {
3561 signed_descriptor_t *sd;
3562 sd = signed_descriptor_from_routerinfo(ri);
3563 smartlist_add(rl->old_routers, sd);
3564 sd->routerlist_index = smartlist_len(rl->old_routers)-1;
3565 sdmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
3566 if (!tor_digest_is_zero(sd->extra_info_digest))
3567 sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
3568 } else {
3569 signed_descriptor_t *sd_tmp;
3570 sd_tmp = sdmap_remove(rl->desc_digest_map,
3571 ri->cache_info.signed_descriptor_digest);
3572 tor_assert(sd_tmp == &(ri->cache_info));
3573 rl->desc_store.bytes_dropped += ri->cache_info.signed_descriptor_len;
3574 ei_tmp = eimap_remove(rl->extra_info_map,
3575 ri->cache_info.extra_info_digest);
3576 if (ei_tmp) {
3577 rl->extrainfo_store.bytes_dropped +=
3578 ei_tmp->cache_info.signed_descriptor_len;
3579 extrainfo_free(ei_tmp);
3580 }
3581 if (!tor_digest_is_zero(ri->cache_info.extra_info_digest))
3582 sdmap_remove(rl->desc_by_eid_map, ri->cache_info.extra_info_digest);
3583 routerinfo_free(ri);
3584 }
3585 #ifdef DEBUG_ROUTERLIST
3586 routerlist_assert_ok(rl);
3587 #endif
3588 }
3589
3590 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3591 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3592 * <b>sd</b>. */
3593 static void
3594 routerlist_remove_old(routerlist_t *rl, signed_descriptor_t *sd, int idx)
3595 {
3596 signed_descriptor_t *sd_tmp;
3597 extrainfo_t *ei_tmp;
3598 desc_store_t *store;
3599 if (idx == -1) {
3600 idx = sd->routerlist_index;
3601 }
3602 tor_assert(0 <= idx && idx < smartlist_len(rl->old_routers));
3603 /* XXXX edmanm's bridge relay triggered the following assert while
3604 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3605 * can get a backtrace. */
3606 tor_assert(smartlist_get(rl->old_routers, idx) == sd);
3607 tor_assert(idx == sd->routerlist_index);
3608
3609 sd->routerlist_index = -1;
3610 smartlist_del(rl->old_routers, idx);
3611 if (idx < smartlist_len(rl->old_routers)) {
3612 signed_descriptor_t *d = smartlist_get(rl->old_routers, idx);
3613 d->routerlist_index = idx;
3614 }
3615 sd_tmp = sdmap_remove(rl->desc_digest_map,
3616 sd->signed_descriptor_digest);
3617 tor_assert(sd_tmp == sd);
3618 store = desc_get_store(rl, sd);
3619 if (store)
3620 store->bytes_dropped += sd->signed_descriptor_len;
3621
3622 ei_tmp = eimap_remove(rl->extra_info_map,
3623 sd->extra_info_digest);
3624 if (ei_tmp) {
3625 rl->extrainfo_store.bytes_dropped +=
3626 ei_tmp->cache_info.signed_descriptor_len;
3627 extrainfo_free(ei_tmp);
3628 }
3629 if (!tor_digest_is_zero(sd->extra_info_digest))
3630 sdmap_remove(rl->desc_by_eid_map, sd->extra_info_digest);
3631
3632 signed_descriptor_free(sd);
3633 #ifdef DEBUG_ROUTERLIST
3634 routerlist_assert_ok(rl);
3635 #endif
3636 }
3637
3638 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3639 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3640 * smartlist_get(rl-&gt;routers, idx) == ri, we don't need to do a linear
3641 * search over the list to decide which to remove. We put ri_new in the same
3642 * index as ri_old, if possible. ri is freed as appropriate.
3643 *
3644 * If should_cache_descriptors() is true, instead of deleting the router,
3645 * we add it to rl-&gt;old_routers. */
3646 static void
3647 routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
3648 routerinfo_t *ri_new)
3649 {
3650 int idx;
3651 int same_descriptors;
3652
3653 routerinfo_t *ri_tmp;
3654 extrainfo_t *ei_tmp;
3655 {
3656 const routerinfo_t *ri_generated = router_get_my_routerinfo();
3657 tor_assert(ri_generated != ri_new);
3658 }
3659 tor_assert(ri_old != ri_new);
3660 tor_assert(ri_new->cache_info.routerlist_index == -1);
3661
3662 idx = ri_old->cache_info.routerlist_index;
3663 tor_assert(0 <= idx && idx < smartlist_len(rl->routers));
3664 tor_assert(smartlist_get(rl->routers, idx) == ri_old);
3665
3666 {
3667 routerinfo_t *ri_old_tmp=NULL;
3668 nodelist_set_routerinfo(ri_new, &ri_old_tmp);
3669 tor_assert(ri_old == ri_old_tmp);
3670 }
3671
3672 router_dir_info_changed();
3673 if (idx >= 0) {
3674 smartlist_set(rl->routers, idx, ri_new);
3675 ri_old->cache_info.routerlist_index = -1;
3676 ri_new->cache_info.routerlist_index = idx;
3677 /* Check that ri_old is not in rl->routers anymore: */
3678 tor_assert( routerlist_find_elt_(rl->routers, ri_old, -1) == -1 );
3679 } else {
3680 log_warn(LD_BUG, "Appending entry from routerlist_replace.");
3681 routerlist_insert(rl, ri_new);
3682 return;
3683 }
3684 if (tor_memneq(ri_old->cache_info.identity_digest,
3685 ri_new->cache_info.identity_digest, DIGEST_LEN)) {
3686 /* digests don't match; digestmap_set won't replace */
3687 rimap_remove(rl->identity_map, ri_old->cache_info.identity_digest);
3688 }
3689 ri_tmp = rimap_set(rl->identity_map,
3690 ri_new->cache_info.identity_digest, ri_new);
3691 tor_assert(!ri_tmp || ri_tmp == ri_old);
3692 sdmap_set(rl->desc_digest_map,
3693 ri_new->cache_info.signed_descriptor_digest,
3694 &(ri_new->cache_info));
3695
3696 if (!tor_digest_is_zero(ri_new->cache_info.extra_info_digest)) {
3697 sdmap_set(rl->desc_by_eid_map, ri_new->cache_info.extra_info_digest,
3698 &ri_new->cache_info);
3699 }
3700
3701 same_descriptors = tor_memeq(ri_old->cache_info.signed_descriptor_digest,
3702 ri_new->cache_info.signed_descriptor_digest,
3703 DIGEST_LEN);
3704
3705 if (should_cache_old_descriptors() &&
3706 ri_old->purpose == ROUTER_PURPOSE_GENERAL &&
3707 !same_descriptors) {
3708 /* ri_old is going to become a signed_descriptor_t and go into
3709 * old_routers */
3710 signed_descriptor_t *sd = signed_descriptor_from_routerinfo(ri_old);
3711 smartlist_add(rl->old_routers, sd);
3712 sd->routerlist_index = smartlist_len(rl->old_routers)-1;
3713 sdmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
3714 if (!tor_digest_is_zero(sd->extra_info_digest))
3715 sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
3716 } else {
3717 /* We're dropping ri_old. */
3718 if (!same_descriptors) {
3719 /* digests don't match; The sdmap_set above didn't replace */
3720 sdmap_remove(rl->desc_digest_map,
3721 ri_old->cache_info.signed_descriptor_digest);
3722
3723 if (tor_memneq(ri_old->cache_info.extra_info_digest,
3724 ri_new->cache_info.extra_info_digest, DIGEST_LEN)) {
3725 ei_tmp = eimap_remove(rl->extra_info_map,
3726 ri_old->cache_info.extra_info_digest);
3727 if (ei_tmp) {
3728 rl->extrainfo_store.bytes_dropped +=
3729 ei_tmp->cache_info.signed_descriptor_len;
3730 extrainfo_free(ei_tmp);
3731 }
3732 }
3733
3734 if (!tor_digest_is_zero(ri_old->cache_info.extra_info_digest)) {
3735 sdmap_remove(rl->desc_by_eid_map,
3736 ri_old->cache_info.extra_info_digest);
3737 }
3738 }
3739 rl->desc_store.bytes_dropped += ri_old->cache_info.signed_descriptor_len;
3740 routerinfo_free(ri_old);
3741 }
3742 #ifdef DEBUG_ROUTERLIST
3743 routerlist_assert_ok(rl);
3744 #endif
3745 }
3746
3747 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3748 * it as a fresh routerinfo_t. */
3749 static routerinfo_t *
3750 routerlist_reparse_old(routerlist_t *rl, signed_descriptor_t *sd)
3751 {
3752 routerinfo_t *ri;
3753 const char *body;
3754
3755 body = signed_descriptor_get_annotations(sd);
3756
3757 ri = router_parse_entry_from_string(body,
3758 body+sd->signed_descriptor_len+sd->annotations_len,
3759 0, 1, NULL, NULL);
3760 if (!ri)
3761 return NULL;
3762 signed_descriptor_move(&ri->cache_info, sd);
3763
3764 routerlist_remove_old(rl, sd, -1);
3765
3766 return ri;
3767 }
3768
3769 /** Free all memory held by the routerlist module.
3770 * Note: Calling routerlist_free_all() should always be paired with
3771 * a call to nodelist_free_all(). These should only be called during
3772 * cleanup.
3773 */
3774 void
3775 routerlist_free_all(void)
3776 {
3777 routerlist_free(routerlist);
3778 routerlist = NULL;
3779 if (warned_nicknames) {
3780 SMARTLIST_FOREACH(warned_nicknames, char *, cp, tor_free(cp));
3781 smartlist_free(warned_nicknames);
3782 warned_nicknames = NULL;
3783 }
3784 clear_dir_servers();
3785 smartlist_free(trusted_dir_servers);
3786 smartlist_free(fallback_dir_servers);
3787 trusted_dir_servers = fallback_dir_servers = NULL;
3788 if (trusted_dir_certs) {
3789 digestmap_free(trusted_dir_certs, cert_list_free_);
3790 trusted_dir_certs = NULL;
3791 }
3792 }
3793
3794 /** Forget that we have issued any router-related warnings, so that we'll
3795 * warn again if we see the same errors. */
3796 void
3797 routerlist_reset_warnings(void)
3798 {
3799 if (!warned_nicknames)
3800 warned_nicknames = smartlist_new();
3801 SMARTLIST_FOREACH(warned_nicknames, char *, cp, tor_free(cp));
3802 smartlist_clear(warned_nicknames); /* now the list is empty. */
3803
3804 networkstatus_reset_warnings();
3805 }
3806
3807 /** Return 1 if the signed descriptor of this router is older than
3808 * <b>seconds</b> seconds. Otherwise return 0. */
3809 MOCK_IMPL(int,
3810 router_descriptor_is_older_than,(const routerinfo_t *router, int seconds))
3811 {
3812 return router->cache_info.published_on < approx_time() - seconds;
3813 }
3814
3815 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3816 * older entries (if any) with the same key. Note: Callers should not hold
3817 * their pointers to <b>router</b> if this function fails; <b>router</b>
3818 * will either be inserted into the routerlist or freed. Similarly, even
3819 * if this call succeeds, they should not hold their pointers to
3820 * <b>router</b> after subsequent calls with other routerinfo's -- they
3821 * might cause the original routerinfo to get freed.
3822 *
3823 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3824 * the poster of the router to know something.
3825 *
3826 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3827 * <b>from_fetch</b>, we received it in response to a request we made.
3828 * (If both are false, that means it was uploaded to us as an auth dir
3829 * server or via the controller.)
3830 *
3831 * This function should be called *after*
3832 * routers_update_status_from_consensus_networkstatus; subsequently, you
3833 * should call router_rebuild_store and routerlist_descriptors_added.
3834 */
3835 was_router_added_t
3836 router_add_to_routerlist(routerinfo_t *router, const char **msg,
3837 int from_cache, int from_fetch)
3838 {
3839 const char *id_digest;
3840 const or_options_t *options = get_options();
3841 int authdir = authdir_mode_handles_descs(options, router->purpose);
3842 int authdir_believes_valid = 0;
3843 routerinfo_t *old_router;
3844 networkstatus_t *consensus =
3845 networkstatus_get_latest_consensus_by_flavor(FLAV_NS);
3846 int in_consensus = 0;
3847
3848 tor_assert(msg);
3849
3850 if (!routerlist)
3851 router_get_routerlist();
3852
3853 id_digest = router->cache_info.identity_digest;
3854
3855 old_router = router_get_mutable_by_digest(id_digest);
3856
3857 /* Make sure that it isn't expired. */
3858 if (router->cert_expiration_time < approx_time()) {
3859 routerinfo_free(router);
3860 *msg = "Some certs on this router are expired.";
3861 return ROUTER_CERTS_EXPIRED;
3862 }
3863
3864 /* Make sure that we haven't already got this exact descriptor. */
3865 if (sdmap_get(routerlist->desc_digest_map,
3866 router->cache_info.signed_descriptor_digest)) {
3867 /* If we have this descriptor already and the new descriptor is a bridge
3868 * descriptor, replace it. If we had a bridge descriptor before and the
3869 * new one is not a bridge descriptor, don't replace it. */
3870
3871 /* Only members of routerlist->identity_map can be bridges; we don't
3872 * put bridges in old_routers. */
3873 const int was_bridge = old_router &&
3874 old_router->purpose == ROUTER_PURPOSE_BRIDGE;
3875
3876 if (routerinfo_is_a_configured_bridge(router) &&
3877 router->purpose == ROUTER_PURPOSE_BRIDGE &&
3878 !was_bridge) {
3879 log_info(LD_DIR, "Replacing non-bridge descriptor with bridge "
3880 "descriptor for router %s",
3881 router_describe(router));
3882 } else {
3883 log_info(LD_DIR,
3884 "Dropping descriptor that we already have for router %s",
3885 router_describe(router));
3886 *msg = "Router descriptor was not new.";
3887 routerinfo_free(router);
3888 return ROUTER_IS_ALREADY_KNOWN;
3889 }
3890 }
3891
3892 if (authdir) {
3893 if (authdir_wants_to_reject_router(router, msg,
3894 !from_cache && !from_fetch,
3895 &authdir_believes_valid)) {
3896 tor_assert(*msg);
3897 routerinfo_free(router);
3898 return ROUTER_AUTHDIR_REJECTS;
3899 }
3900 } else if (from_fetch) {
3901 /* Only check the descriptor digest against the network statuses when
3902 * we are receiving in response to a fetch. */
3903
3904 if (!signed_desc_digest_is_recognized(&router->cache_info) &&
3905 !routerinfo_is_a_configured_bridge(router)) {
3906 /* We asked for it, so some networkstatus must have listed it when we
3907 * did. Save it if we're a cache in case somebody else asks for it. */
3908 log_info(LD_DIR,
3909 "Received a no-longer-recognized descriptor for router %s",
3910 router_describe(router));
3911 *msg = "Router descriptor is not referenced by any network-status.";
3912
3913 /* Only journal this desc if we'll be serving it. */
3914 if (!from_cache && should_cache_old_descriptors())
3915 signed_desc_append_to_journal(&router->cache_info,
3916 &routerlist->desc_store);
3917 routerlist_insert_old(routerlist, router);
3918 return ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS;
3919 }
3920 }
3921
3922 /* We no longer need a router with this descriptor digest. */
3923 if (consensus) {
3924 routerstatus_t *rs = networkstatus_vote_find_mutable_entry(
3925 consensus, id_digest);
3926 if (rs && tor_memeq(rs->descriptor_digest,
3927 router->cache_info.signed_descriptor_digest,
3928 DIGEST_LEN)) {
3929 in_consensus = 1;
3930 }
3931 }
3932
3933 if (router->purpose == ROUTER_PURPOSE_GENERAL &&
3934 consensus && !in_consensus && !authdir) {
3935 /* If it's a general router not listed in the consensus, then don't
3936 * consider replacing the latest router with it. */
3937 if (!from_cache && should_cache_old_descriptors())
3938 signed_desc_append_to_journal(&router->cache_info,
3939 &routerlist->desc_store);
3940 routerlist_insert_old(routerlist, router);
3941 *msg = "Skipping router descriptor: not in consensus.";
3942 return ROUTER_NOT_IN_CONSENSUS;
3943 }
3944
3945 /* If we're reading a bridge descriptor from our cache, and we don't
3946 * recognize it as one of our currently configured bridges, drop the
3947 * descriptor. Otherwise we could end up using it as one of our entry
3948 * guards even if it isn't in our Bridge config lines. */
3949 if (router->purpose == ROUTER_PURPOSE_BRIDGE && from_cache &&
3950 !authdir_mode_bridge(options) &&
3951 !routerinfo_is_a_configured_bridge(router)) {
3952 log_info(LD_DIR, "Dropping bridge descriptor for %s because we have "
3953 "no bridge configured at that address.",
3954 safe_str_client(router_describe(router)));
3955 *msg = "Router descriptor was not a configured bridge.";
3956 routerinfo_free(router);
3957 return ROUTER_WAS_NOT_WANTED;
3958 }
3959
3960 /* If we have a router with the same identity key, choose the newer one. */
3961 if (old_router) {
3962 if (!in_consensus && (router->cache_info.published_on <=
3963 old_router->cache_info.published_on)) {
3964 /* Same key, but old. This one is not listed in the consensus. */
3965 log_debug(LD_DIR, "Not-new descriptor for router %s",
3966 router_describe(router));
3967 /* Only journal this desc if we'll be serving it. */
3968 if (!from_cache && should_cache_old_descriptors())
3969 signed_desc_append_to_journal(&router->cache_info,
3970 &routerlist->desc_store);
3971 routerlist_insert_old(routerlist, router);
3972 *msg = "Router descriptor was not new.";
3973 return ROUTER_IS_ALREADY_KNOWN;
3974 } else {
3975 /* Same key, and either new, or listed in the consensus. */
3976 log_debug(LD_DIR, "Replacing entry for router %s",
3977 router_describe(router));
3978 routerlist_replace(routerlist, old_router, router);
3979 if (!from_cache) {
3980 signed_desc_append_to_journal(&router->cache_info,
3981 &routerlist->desc_store);
3982 }
3983 *msg = authdir_believes_valid ? "Valid server updated" :
3984 ("Invalid server updated. (This dirserver is marking your "
3985 "server as unapproved.)");
3986 return ROUTER_ADDED_SUCCESSFULLY;
3987 }
3988 }
3989
3990 if (!in_consensus && from_cache &&
3991 router_descriptor_is_older_than(router, OLD_ROUTER_DESC_MAX_AGE)) {
3992 *msg = "Router descriptor was really old.";
3993 routerinfo_free(router);
3994 return ROUTER_WAS_TOO_OLD;
3995 }
3996
3997 /* We haven't seen a router with this identity before. Add it to the end of
3998 * the list. */
3999 routerlist_insert(routerlist, router);
4000 if (!from_cache) {
4001 signed_desc_append_to_journal(&router->cache_info,
4002 &routerlist->desc_store);
4003 }
4004 return ROUTER_ADDED_SUCCESSFULLY;
4005 }
4006
4007 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
4008 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
4009 * we actually inserted it, ROUTER_BAD_EI otherwise.
4010 */
4011 was_router_added_t
4012 router_add_extrainfo_to_routerlist(extrainfo_t *ei, const char **msg,
4013 int from_cache, int from_fetch)
4014 {
4015 was_router_added_t inserted;
4016 (void)from_fetch;
4017 if (msg) *msg = NULL;
4018 /*XXXX Do something with msg */
4019
4020 inserted = extrainfo_insert(router_get_routerlist(), ei, !from_cache);
4021
4022 if (WRA_WAS_ADDED(inserted) && !from_cache)
4023 signed_desc_append_to_journal(&ei->cache_info,
4024 &routerlist->extrainfo_store);
4025
4026 return inserted;
4027 }
4028
4029 /** Sorting helper: return &lt;0, 0, or &gt;0 depending on whether the
4030 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4031 * to, or later than that of *<b>b</b>. */
4032 static int
4033 compare_old_routers_by_identity_(const void **_a, const void **_b)
4034 {
4035 int i;
4036 const signed_descriptor_t *r1 = *_a, *r2 = *_b;
4037 if ((i = fast_memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN)))
4038 return i;
4039 return (int)(r1->published_on - r2->published_on);
4040 }
4041
4042 /** Internal type used to represent how long an old descriptor was valid,
4043 * where it appeared in the list of old descriptors, and whether it's extra
4044 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4045 struct duration_idx_t {
4046 int duration;
4047 int idx;
4048 int old;
4049 };
4050
4051 /** Sorting helper: compare two duration_idx_t by their duration. */
4052 static int
4053 compare_duration_idx_(const void *_d1, const void *_d2)
4054 {
4055 const struct duration_idx_t *d1 = _d1;
4056 const struct duration_idx_t *d2 = _d2;
4057 return d1->duration - d2->duration;
4058 }
4059
4060 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4061 * must contain routerinfo_t with the same identity and with publication time
4062 * in ascending order. Remove members from this range until there are no more
4063 * than max_descriptors_per_router() remaining. Start by removing the oldest
4064 * members from before <b>cutoff</b>, then remove members which were current
4065 * for the lowest amount of time. The order of members of old_routers at
4066 * indices <b>lo</b> or higher may be changed.
4067 */
4068 static void
4069 routerlist_remove_old_cached_routers_with_id(time_t now,
4070 time_t cutoff, int lo, int hi,
4071 digestset_t *retain)
4072 {
4073 int i, n = hi-lo+1;
4074 unsigned n_extra, n_rmv = 0;
4075 struct duration_idx_t *lifespans;
4076 uint8_t *rmv, *must_keep;
4077 smartlist_t *lst = routerlist->old_routers;
4078 #if 1
4079 const char *ident;
4080 tor_assert(hi < smartlist_len(lst));
4081 tor_assert(lo <= hi);
4082 ident = ((signed_descriptor_t*)smartlist_get(lst, lo))->identity_digest;
4083 for (i = lo+1; i <= hi; ++i) {
4084 signed_descriptor_t *r = smartlist_get(lst, i);
4085 tor_assert(tor_memeq(ident, r->identity_digest, DIGEST_LEN));
4086 }
4087 #endif
4088 /* Check whether we need to do anything at all. */
4089 {
4090 int mdpr = directory_caches_dir_info(get_options()) ? 2 : 1;
4091 if (n <= mdpr)
4092 return;
4093 n_extra = n - mdpr;
4094 }
4095
4096 lifespans = tor_calloc(n, sizeof(struct duration_idx_t));
4097 rmv = tor_calloc(n, sizeof(uint8_t));
4098 must_keep = tor_calloc(n, sizeof(uint8_t));
4099 /* Set lifespans to contain the lifespan and index of each server. */
4100 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4101 for (i = lo; i <= hi; ++i) {
4102 signed_descriptor_t *r = smartlist_get(lst, i);
4103 signed_descriptor_t *r_next;
4104 lifespans[i-lo].idx = i;
4105 if (r->last_listed_as_valid_until >= now ||
4106 (retain && digestset_contains(retain, r->signed_descriptor_digest))) {
4107 must_keep[i-lo] = 1;
4108 }
4109 if (i < hi) {
4110 r_next = smartlist_get(lst, i+1);
4111 tor_assert(r->published_on <= r_next->published_on);
4112 lifespans[i-lo].duration = (int)(r_next->published_on - r->published_on);
4113 } else {
4114 r_next = NULL;
4115 lifespans[i-lo].duration = INT_MAX;
4116 }
4117 if (!must_keep[i-lo] && r->published_on < cutoff && n_rmv < n_extra) {
4118 ++n_rmv;
4119 lifespans[i-lo].old = 1;
4120 rmv[i-lo] = 1;
4121 }
4122 }
4123
4124 if (n_rmv < n_extra) {
4125 /**
4126 * We aren't removing enough servers for being old. Sort lifespans by
4127 * the duration of liveness, and remove the ones we're not already going to
4128 * remove based on how long they were alive.
4129 **/
4130 qsort(lifespans, n, sizeof(struct duration_idx_t), compare_duration_idx_);
4131 for (i = 0; i < n && n_rmv < n_extra; ++i) {
4132 if (!must_keep[lifespans[i].idx-lo] && !lifespans[i].old) {
4133 rmv[lifespans[i].idx-lo] = 1;
4134 ++n_rmv;
4135 }
4136 }
4137 }
4138
4139 i = hi;
4140 do {
4141 if (rmv[i-lo])
4142 routerlist_remove_old(routerlist, smartlist_get(lst, i), i);
4143 } while (--i >= lo);
4144 tor_free(must_keep);
4145 tor_free(rmv);
4146 tor_free(lifespans);
4147 }
4148
4149 /** Deactivate any routers from the routerlist that are more than
4150 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4151 * remove old routers from the list of cached routers if we have too many.
4152 */
4153 void
4154 routerlist_remove_old_routers(void)
4155 {
4156 int i, hi=-1;
4157 const char *cur_id = NULL;
4158 time_t now = time(NULL);
4159 time_t cutoff;
4160 routerinfo_t *router;
4161 signed_descriptor_t *sd;
4162 digestset_t *retain;
4163 const networkstatus_t *consensus = networkstatus_get_latest_consensus();
4164
4165 trusted_dirs_remove_old_certs();
4166
4167 if (!routerlist || !consensus)
4168 return;
4169
4170 // routerlist_assert_ok(routerlist);
4171
4172 /* We need to guess how many router descriptors we will wind up wanting to
4173 retain, so that we can be sure to allocate a large enough Bloom filter
4174 to hold the digest set. Overestimating is fine; underestimating is bad.
4175 */
4176 {
4177 /* We'll probably retain everything in the consensus. */
4178 int n_max_retain = smartlist_len(consensus->routerstatus_list);
4179 retain = digestset_new(n_max_retain);
4180 }
4181
4182 cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
4183 /* Retain anything listed in the consensus. */
4184 if (consensus) {
4185 SMARTLIST_FOREACH(consensus->routerstatus_list, routerstatus_t *, rs,
4186 if (rs->published_on >= cutoff)
4187 digestset_add(retain, rs->descriptor_digest));
4188 }
4189
4190 /* If we have a consensus, we should consider pruning current routers that
4191 * are too old and that nobody recommends. (If we don't have a consensus,
4192 * then we should get one before we decide to kill routers.) */
4193
4194 if (consensus) {
4195 cutoff = now - ROUTER_MAX_AGE;
4196 /* Remove too-old unrecommended members of routerlist->routers. */
4197 for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
4198 router = smartlist_get(routerlist->routers, i);
4199 if (router->cache_info.published_on <= cutoff &&
4200 router->cache_info.last_listed_as_valid_until < now &&
4201 !digestset_contains(retain,
4202 router->cache_info.signed_descriptor_digest)) {
4203 /* Too old: remove it. (If we're a cache, just move it into
4204 * old_routers.) */
4205 log_info(LD_DIR,
4206 "Forgetting obsolete (too old) routerinfo for router %s",
4207 router_describe(router));
4208 routerlist_remove(routerlist, router, 1, now);
4209 i--;
4210 }
4211 }
4212 }
4213
4214 //routerlist_assert_ok(routerlist);
4215
4216 /* Remove far-too-old members of routerlist->old_routers. */
4217 cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
4218 for (i = 0; i < smartlist_len(routerlist->old_routers); ++i) {
4219 sd = smartlist_get(routerlist->old_routers, i);
4220 if (sd->published_on <= cutoff &&
4221 sd->last_listed_as_valid_until < now &&
4222 !digestset_contains(retain, sd->signed_descriptor_digest)) {
4223 /* Too old. Remove it. */
4224 routerlist_remove_old(routerlist, sd, i--);
4225 }
4226 }
4227
4228 //routerlist_assert_ok(routerlist);
4229
4230 log_info(LD_DIR, "We have %d live routers and %d old router descriptors.",
4231 smartlist_len(routerlist->routers),
4232 smartlist_len(routerlist->old_routers));
4233
4234 /* Now we might have to look at routerlist->old_routers for extraneous
4235 * members. (We'd keep all the members if we could, but we need to save
4236 * space.) First, check whether we have too many router descriptors, total.
4237 * We're okay with having too many for some given router, so long as the
4238 * total number doesn't approach max_descriptors_per_router()*len(router).
4239 */
4240 if (smartlist_len(routerlist->old_routers) <
4241 smartlist_len(routerlist->routers))
4242 goto done;
4243
4244 /* Sort by identity, then fix indices. */
4245 smartlist_sort(routerlist->old_routers, compare_old_routers_by_identity_);
4246 /* Fix indices. */
4247 for (i = 0; i < smartlist_len(routerlist->old_routers); ++i) {
4248 signed_descriptor_t *r = smartlist_get(routerlist->old_routers, i);
4249 r->routerlist_index = i;
4250 }
4251
4252 /* Iterate through the list from back to front, so when we remove descriptors
4253 * we don't mess up groups we haven't gotten to. */
4254 for (i = smartlist_len(routerlist->old_routers)-1; i >= 0; --i) {
4255 signed_descriptor_t *r = smartlist_get(routerlist->old_routers, i);
4256 if (!cur_id) {
4257 cur_id = r->identity_digest;
4258 hi = i;
4259 }
4260 if (tor_memneq(cur_id, r->identity_digest, DIGEST_LEN)) {
4261 routerlist_remove_old_cached_routers_with_id(now,
4262 cutoff, i+1, hi, retain);
4263 cur_id = r->identity_digest;
4264 hi = i;
4265 }
4266 }
4267 if (hi>=0)
4268 routerlist_remove_old_cached_routers_with_id(now, cutoff, 0, hi, retain);
4269 //routerlist_assert_ok(routerlist);
4270
4271 done:
4272 digestset_free(retain);
4273 router_rebuild_store(RRS_DONT_REMOVE_OLD, &routerlist->desc_store);
4274 router_rebuild_store(RRS_DONT_REMOVE_OLD,&routerlist->extrainfo_store);
4275 }
4276
4277 /** We just added a new set of descriptors. Take whatever extra steps
4278 * we need. */
4279 void
4280 routerlist_descriptors_added(smartlist_t *sl, int from_cache)
4281 {
4282 tor_assert(sl);
4283 control_event_descriptors_changed(sl);
4284 SMARTLIST_FOREACH_BEGIN(sl, routerinfo_t *, ri) {
4285 if (ri->purpose == ROUTER_PURPOSE_BRIDGE)
4286 learned_bridge_descriptor(ri, from_cache);
4287 if (ri->needs_retest_if_added) {
4288 ri->needs_retest_if_added = 0;
4289 dirserv_single_reachability_test(approx_time(), ri);
4290 }
4291 } SMARTLIST_FOREACH_END(ri);
4292 }
4293
4294 /**
4295 * Code to parse a single router descriptor and insert it into the
4296 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4297 * descriptor was well-formed but could not be added; and 1 if the
4298 * descriptor was added.
4299 *
4300 * If we don't add it and <b>msg</b> is not NULL, then assign to
4301 * *<b>msg</b> a static string describing the reason for refusing the
4302 * descriptor.
4303 *
4304 * This is used only by the controller.
4305 */
4306 int
4307 router_load_single_router(const char *s, uint8_t purpose, int cache,
4308 const char **msg)
4309 {
4310 routerinfo_t *ri;
4311 was_router_added_t r;
4312 smartlist_t *lst;
4313 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
4314 tor_assert(msg);
4315 *msg = NULL;
4316
4317 tor_snprintf(annotation_buf, sizeof(annotation_buf),
4318 "@source controller\n"
4319 "@purpose %s\n", router_purpose_to_string(purpose));
4320
4321 if (!(ri = router_parse_entry_from_string(s, NULL, 1, 0,
4322 annotation_buf, NULL))) {
4323 log_warn(LD_DIR, "Error parsing router descriptor; dropping.");
4324 *msg = "Couldn't parse router descriptor.";
4325 return -1;
4326 }
4327 tor_assert(ri->purpose == purpose);
4328 if (router_is_me(ri)) {
4329 log_warn(LD_DIR, "Router's identity key matches mine; dropping.");
4330 *msg = "Router's identity key matches mine.";
4331 routerinfo_free(ri);
4332 return 0;
4333 }
4334
4335 if (!cache) /* obey the preference of the controller */
4336 ri->cache_info.do_not_cache = 1;
4337
4338 lst = smartlist_new();
4339 smartlist_add(lst, ri);
4340 routers_update_status_from_consensus_networkstatus(lst, 0);
4341
4342 r = router_add_to_routerlist(ri, msg, 0, 0);
4343 if (!WRA_WAS_ADDED(r)) {
4344 /* we've already assigned to *msg now, and ri is already freed */
4345 tor_assert(*msg);
4346 if (r == ROUTER_AUTHDIR_REJECTS)
4347 log_warn(LD_DIR, "Couldn't add router to list: %s Dropping.", *msg);
4348 smartlist_free(lst);
4349 return 0;
4350 } else {
4351 routerlist_descriptors_added(lst, 0);
4352 smartlist_free(lst);
4353 log_debug(LD_DIR, "Added router to list");
4354 return 1;
4355 }
4356 }
4357
4358 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4359 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4360 * are in response to a query to the network: cache them by adding them to
4361 * the journal.
4362 *
4363 * Return the number of routers actually added.
4364 *
4365 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4366 * uppercased fingerprints. Do not update any router whose
4367 * fingerprint is not on the list; after updating a router, remove its
4368 * fingerprint from the list.
4369 *
4370 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4371 * are descriptor digests. Otherwise they are identity digests.
4372 */
4373 int
4374 router_load_routers_from_string(const char *s, const char *eos,
4375 saved_location_t saved_location,
4376 smartlist_t *requested_fingerprints,
4377 int descriptor_digests,
4378 const char *prepend_annotations)
4379 {
4380 smartlist_t *routers = smartlist_new(), *changed = smartlist_new();
4381 char fp[HEX_DIGEST_LEN+1];
4382 const char *msg;
4383 int from_cache = (saved_location != SAVED_NOWHERE);
4384 int allow_annotations = (saved_location != SAVED_NOWHERE);
4385 int any_changed = 0;
4386 smartlist_t *invalid_digests = smartlist_new();
4387
4388 router_parse_list_from_string(&s, eos, routers, saved_location, 0,
4389 allow_annotations, prepend_annotations,
4390 invalid_digests);
4391
4392 routers_update_status_from_consensus_networkstatus(routers, !from_cache);
4393
4394 log_info(LD_DIR, "%d elements to add", smartlist_len(routers));
4395
4396 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
4397 was_router_added_t r;
4398 char d[DIGEST_LEN];
4399 if (requested_fingerprints) {
4400 base16_encode(fp, sizeof(fp), descriptor_digests ?
4401 ri->cache_info.signed_descriptor_digest :
4402 ri->cache_info.identity_digest,
4403 DIGEST_LEN);
4404 if (smartlist_contains_string(requested_fingerprints, fp)) {
4405 smartlist_string_remove(requested_fingerprints, fp);
4406 } else {
4407 char *requested =
4408 smartlist_join_strings(requested_fingerprints," ",0,NULL);
4409 log_warn(LD_DIR,
4410 "We received a router descriptor with a fingerprint (%s) "
4411 "that we never requested. (We asked for: %s.) Dropping.",
4412 fp, requested);
4413 tor_free(requested);
4414 routerinfo_free(ri);
4415 continue;
4416 }
4417 }
4418
4419 memcpy(d, ri->cache_info.signed_descriptor_digest, DIGEST_LEN);
4420 r = router_add_to_routerlist(ri, &msg, from_cache, !from_cache);
4421 if (WRA_WAS_ADDED(r)) {
4422 any_changed++;
4423 smartlist_add(changed, ri);
4424 routerlist_descriptors_added(changed, from_cache);
4425 smartlist_clear(changed);
4426 } else if (WRA_NEVER_DOWNLOADABLE(r)) {
4427 download_status_t *dl_status;
4428 dl_status = router_get_dl_status_by_descriptor_digest(d);
4429 if (dl_status) {
4430 log_info(LD_GENERAL, "Marking router %s as never downloadable",
4431 hex_str(d, DIGEST_LEN));
4432 download_status_mark_impossible(dl_status);
4433 }
4434 }
4435 } SMARTLIST_FOREACH_END(ri);
4436
4437 SMARTLIST_FOREACH_BEGIN(invalid_digests, const uint8_t *, bad_digest) {
4438 /* This digest is never going to be parseable. */
4439 base16_encode(fp, sizeof(fp), (char*)bad_digest, DIGEST_LEN);
4440 if (requested_fingerprints && descriptor_digests) {
4441 if (! smartlist_contains_string(requested_fingerprints, fp)) {
4442 /* But we didn't ask for it, so we should assume shennanegans. */
4443 continue;
4444 }
4445 smartlist_string_remove(requested_fingerprints, fp);
4446 }
4447 download_status_t *dls;
4448 dls = router_get_dl_status_by_descriptor_digest((char*)bad_digest);
4449 if (dls) {
4450 log_info(LD_GENERAL, "Marking router with descriptor %s as unparseable, "
4451 "and therefore undownloadable", fp);
4452 download_status_mark_impossible(dls);
4453 }
4454 } SMARTLIST_FOREACH_END(bad_digest);
4455 SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
4456 smartlist_free(invalid_digests);
4457
4458 routerlist_assert_ok(routerlist);
4459
4460 if (any_changed)
4461 router_rebuild_store(0, &routerlist->desc_store);
4462
4463 smartlist_free(routers);
4464 smartlist_free(changed);
4465
4466 return any_changed;
4467 }
4468
4469 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4470 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4471 * router_load_routers_from_string(). */
4472 void
4473 router_load_extrainfo_from_string(const char *s, const char *eos,
4474 saved_location_t saved_location,
4475 smartlist_t *requested_fingerprints,
4476 int descriptor_digests)
4477 {
4478 smartlist_t *extrainfo_list = smartlist_new();
4479 const char *msg;
4480 int from_cache = (saved_location != SAVED_NOWHERE);
4481 smartlist_t *invalid_digests = smartlist_new();
4482
4483 router_parse_list_from_string(&s, eos, extrainfo_list, saved_location, 1, 0,
4484 NULL, invalid_digests);
4485
4486 log_info(LD_DIR, "%d elements to add", smartlist_len(extrainfo_list));
4487
4488 SMARTLIST_FOREACH_BEGIN(extrainfo_list, extrainfo_t *, ei) {
4489 uint8_t d[DIGEST_LEN];
4490 memcpy(d, ei->cache_info.signed_descriptor_digest, DIGEST_LEN);
4491 was_router_added_t added =
4492 router_add_extrainfo_to_routerlist(ei, &msg, from_cache, !from_cache);
4493 if (WRA_WAS_ADDED(added) && requested_fingerprints) {
4494 char fp[HEX_DIGEST_LEN+1];
4495 base16_encode(fp, sizeof(fp), descriptor_digests ?
4496 ei->cache_info.signed_descriptor_digest :
4497 ei->cache_info.identity_digest,
4498 DIGEST_LEN);
4499 smartlist_string_remove(requested_fingerprints, fp);
4500 /* We silently let people stuff us with extrainfos we didn't ask for,
4501 * so long as we would have wanted them anyway. Since we always fetch
4502 * all the extrainfos we want, and we never actually act on them
4503 * inside Tor, this should be harmless. */
4504 } else if (WRA_NEVER_DOWNLOADABLE(added)) {
4505 signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d);
4506 if (sd) {
4507 log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
4508 "unparseable, and therefore undownloadable",
4509 hex_str((char*)d,DIGEST_LEN));
4510 download_status_mark_impossible(&sd->ei_dl_status);
4511 }
4512 }
4513 } SMARTLIST_FOREACH_END(ei);
4514
4515 SMARTLIST_FOREACH_BEGIN(invalid_digests, const uint8_t *, bad_digest) {
4516 /* This digest is never going to be parseable. */
4517 char fp[HEX_DIGEST_LEN+1];
4518 base16_encode(fp, sizeof(fp), (char*)bad_digest, DIGEST_LEN);
4519 if (requested_fingerprints) {
4520 if (! smartlist_contains_string(requested_fingerprints, fp)) {
4521 /* But we didn't ask for it, so we should assume shennanegans. */
4522 continue;
4523 }
4524 smartlist_string_remove(requested_fingerprints, fp);
4525 }
4526 signed_descriptor_t *sd =
4527 router_get_by_extrainfo_digest((char*)bad_digest);
4528 if (sd) {
4529 log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
4530 "unparseable, and therefore undownloadable", fp);
4531 download_status_mark_impossible(&sd->ei_dl_status);
4532 }
4533 } SMARTLIST_FOREACH_END(bad_digest);
4534 SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
4535 smartlist_free(invalid_digests);
4536
4537 routerlist_assert_ok(routerlist);
4538 router_rebuild_store(0, &router_get_routerlist()->extrainfo_store);
4539
4540 smartlist_free(extrainfo_list);
4541 }
4542
4543 /** Return true iff any networkstatus includes a descriptor whose digest
4544 * is that of <b>desc</b>. */
4545 static int
4546 signed_desc_digest_is_recognized(signed_descriptor_t *desc)
4547 {
4548 const routerstatus_t *rs;
4549 networkstatus_t *consensus = networkstatus_get_latest_consensus();
4550
4551 if (consensus) {
4552 rs = networkstatus_vote_find_entry(consensus, desc->identity_digest);
4553 if (rs && tor_memeq(rs->descriptor_digest,
4554 desc->signed_descriptor_digest, DIGEST_LEN))
4555 return 1;
4556 }
4557 return 0;
4558 }
4559
4560 /** Update downloads for router descriptors and/or microdescriptors as
4561 * appropriate. */
4562 void
4563 update_all_descriptor_downloads(time_t now)
4564 {
4565 if (get_options()->DisableNetwork)
4566 return;
4567 update_router_descriptor_downloads(now);
4568 update_microdesc_downloads(now);
4569 launch_dummy_descriptor_download_as_needed(now, get_options());
4570 }
4571
4572 /** Clear all our timeouts for fetching v3 directory stuff, and then
4573 * give it all a try again. */
4574 void
4575 routerlist_retry_directory_downloads(time_t now)
4576 {
4577 (void)now;
4578
4579 log_debug(LD_GENERAL,
4580 "In routerlist_retry_directory_downloads()");
4581
4582 router_reset_status_download_failures();
4583 router_reset_descriptor_download_failures();
4584 reschedule_directory_downloads();
4585 }
4586
4587 /** Return true iff <b>router</b> does not permit exit streams.
4588 */
4589 int
4590 router_exit_policy_rejects_all(const routerinfo_t *router)
4591 {
4592 return router->policy_is_reject_star;
4593 }
4594
4595 /** Create an directory server at <b>address</b>:<b>port</b>, with OR identity
4596 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4597 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4598 * the new directory server entry on success or NULL on failure. */
4599 static dir_server_t *
4600 dir_server_new(int is_authority,
4601 const char *nickname,
4602 const tor_addr_t *addr,
4603 const char *hostname,
4604 uint16_t dir_port, uint16_t or_port,
4605 const tor_addr_port_t *addrport_ipv6,
4606 const char *digest, const char *v3_auth_digest,
4607 dirinfo_type_t type,
4608 double weight)
4609 {
4610 dir_server_t *ent;
4611 uint32_t a;
4612 char *hostname_ = NULL;
4613
4614 tor_assert(digest);
4615
4616 if (weight < 0)
4617 return NULL;
4618
4619 if (tor_addr_family(addr) == AF_INET)
4620 a = tor_addr_to_ipv4h(addr);
4621 else
4622 return NULL;
4623
4624 if (!hostname)
4625 hostname_ = tor_addr_to_str_dup(addr);
4626 else
4627 hostname_ = tor_strdup(hostname);
4628
4629 ent = tor_malloc_zero(sizeof(dir_server_t));
4630 ent->nickname = nickname ? tor_strdup(nickname) : NULL;
4631 ent->address = hostname_;
4632 ent->addr = a;
4633 ent->dir_port = dir_port;
4634 ent->or_port = or_port;
4635 ent->is_running = 1;
4636 ent->is_authority = is_authority;
4637 ent->type = type;
4638 ent->weight = weight;
4639 if (addrport_ipv6) {
4640 if (tor_addr_family(&addrport_ipv6->addr) != AF_INET6) {
4641 log_warn(LD_BUG, "Hey, I got a non-ipv6 addr as addrport_ipv6.");
4642 tor_addr_make_unspec(&ent->ipv6_addr);
4643 } else {
4644 tor_addr_copy(&ent->ipv6_addr, &addrport_ipv6->addr);
4645 ent->ipv6_orport = addrport_ipv6->port;
4646 }
4647 } else {
4648 tor_addr_make_unspec(&ent->ipv6_addr);
4649 }
4650
4651 memcpy(ent->digest, digest, DIGEST_LEN);
4652 if (v3_auth_digest && (type & V3_DIRINFO))
4653 memcpy(ent->v3_identity_digest, v3_auth_digest, DIGEST_LEN);
4654
4655 if (nickname)
4656 tor_asprintf(&ent->description, "directory server \"%s\" at %s:%d",
4657 nickname, hostname_, (int)dir_port);
4658 else
4659 tor_asprintf(&ent->description, "directory server at %s:%d",
4660 hostname_, (int)dir_port);
4661
4662 ent->fake_status.addr = ent->addr;
4663 tor_addr_copy(&ent->fake_status.ipv6_addr, &ent->ipv6_addr);
4664 memcpy(ent->fake_status.identity_digest, digest, DIGEST_LEN);
4665 if (nickname)
4666 strlcpy(ent->fake_status.nickname, nickname,
4667 sizeof(ent->fake_status.nickname));
4668 else
4669 ent->fake_status.nickname[0] = '\0';
4670 ent->fake_status.dir_port = ent->dir_port;
4671 ent->fake_status.or_port = ent->or_port;
4672 ent->fake_status.ipv6_orport = ent->ipv6_orport;
4673
4674 return ent;
4675 }
4676
4677 /** Create an authoritative directory server at
4678 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4679 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4680 * server entry on success or NULL if we couldn't add it. */
4681 dir_server_t *
4682 trusted_dir_server_new(const char *nickname, const char *address,
4683 uint16_t dir_port, uint16_t or_port,
4684 const tor_addr_port_t *ipv6_addrport,
4685 const char *digest, const char *v3_auth_digest,
4686 dirinfo_type_t type, double weight)
4687 {
4688 uint32_t a;
4689 tor_addr_t addr;
4690 char *hostname=NULL;
4691 dir_server_t *result;
4692
4693 if (!address) { /* The address is us; we should guess. */
4694 if (resolve_my_address(LOG_WARN, get_options(),
4695 &a, NULL, &hostname) < 0) {
4696 log_warn(LD_CONFIG,
4697 "Couldn't find a suitable address when adding ourself as a "
4698 "trusted directory server.");
4699 return NULL;
4700 }
4701 if (!hostname)
4702 hostname = tor_dup_ip(a);
4703 } else {
4704 if (tor_lookup_hostname(address, &a)) {
4705 log_warn(LD_CONFIG,
4706 "Unable to lookup address for directory server at '%s'",
4707 address);
4708 return NULL;
4709 }
4710 hostname = tor_strdup(address);
4711 }
4712 tor_addr_from_ipv4h(&addr, a);
4713
4714 result = dir_server_new(1, nickname, &addr, hostname,
4715 dir_port, or_port,
4716 ipv6_addrport,
4717 digest,
4718 v3_auth_digest, type, weight);
4719 tor_free(hostname);
4720 return result;
4721 }
4722
4723 /** Return a new dir_server_t for a fallback directory server at
4724 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4725 * <b>id_digest</b> */
4726 dir_server_t *
4727 fallback_dir_server_new(const tor_addr_t *addr,
4728 uint16_t dir_port, uint16_t or_port,
4729 const tor_addr_port_t *addrport_ipv6,
4730 const char *id_digest, double weight)
4731 {
4732 return dir_server_new(0, NULL, addr, NULL, dir_port, or_port,
4733 addrport_ipv6,
4734 id_digest,
4735 NULL, ALL_DIRINFO, weight);
4736 }
4737
4738 /** Add a directory server to the global list(s). */
4739 void
4740 dir_server_add(dir_server_t *ent)
4741 {
4742 if (!trusted_dir_servers)
4743 trusted_dir_servers = smartlist_new();
4744 if (!fallback_dir_servers)
4745 fallback_dir_servers = smartlist_new();
4746
4747 if (ent->is_authority)
4748 smartlist_add(trusted_dir_servers, ent);
4749
4750 smartlist_add(fallback_dir_servers, ent);
4751 router_dir_info_changed();
4752 }
4753
4754 /** Free storage held in <b>cert</b>. */
4755 void
4756 authority_cert_free(authority_cert_t *cert)
4757 {
4758 if (!cert)
4759 return;
4760
4761 tor_free(cert->cache_info.signed_descriptor_body);
4762 crypto_pk_free(cert->signing_key);
4763 crypto_pk_free(cert->identity_key);
4764
4765 tor_free(cert);
4766 }
4767
4768 /** Free storage held in <b>ds</b>. */
4769 static void
4770 dir_server_free(dir_server_t *ds)
4771 {
4772 if (!ds)
4773 return;
4774
4775 tor_free(ds->nickname);
4776 tor_free(ds->description);
4777 tor_free(ds->address);
4778 tor_free(ds);
4779 }
4780
4781 /** Remove all members from the list of dir servers. */
4782 void
4783 clear_dir_servers(void)
4784 {
4785 if (fallback_dir_servers) {
4786 SMARTLIST_FOREACH(fallback_dir_servers, dir_server_t *, ent,
4787 dir_server_free(ent));
4788 smartlist_clear(fallback_dir_servers);
4789 } else {
4790 fallback_dir_servers = smartlist_new();
4791 }
4792 if (trusted_dir_servers) {
4793 smartlist_clear(trusted_dir_servers);
4794 } else {
4795 trusted_dir_servers = smartlist_new();
4796 }
4797 router_dir_info_changed();
4798 }
4799
4800 /** For every current directory connection whose purpose is <b>purpose</b>,
4801 * and where the resource being downloaded begins with <b>prefix</b>, split
4802 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4803 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4804 * corresponding elements of <b>result</b> to a nonzero value.
4805 */
4806 static void
4807 list_pending_downloads(digestmap_t *result, digest256map_t *result256,
4808 int purpose, const char *prefix)
4809 {
4810 const size_t p_len = strlen(prefix);
4811 smartlist_t *tmp = smartlist_new();
4812 smartlist_t *conns = get_connection_array();
4813 int flags = DSR_HEX;
4814 if (purpose == DIR_PURPOSE_FETCH_MICRODESC)
4815 flags = DSR_DIGEST256|DSR_BASE64;
4816
4817 tor_assert(result || result256);
4818
4819 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
4820 if (conn->type == CONN_TYPE_DIR &&
4821 conn->purpose == purpose &&
4822 !conn->marked_for_close) {
4823 const char *resource = TO_DIR_CONN(conn)->requested_resource;
4824 if (!strcmpstart(resource, prefix))
4825 dir_split_resource_into_fingerprints(resource + p_len,
4826 tmp, NULL, flags);
4827 }
4828 } SMARTLIST_FOREACH_END(conn);
4829
4830 if (result) {
4831 SMARTLIST_FOREACH(tmp, char *, d,
4832 {
4833 digestmap_set(result, d, (void*)1);
4834 tor_free(d);
4835 });
4836 } else if (result256) {
4837 SMARTLIST_FOREACH(tmp, uint8_t *, d,
4838 {
4839 digest256map_set(result256, d, (void*)1);
4840 tor_free(d);
4841 });
4842 }
4843 smartlist_free(tmp);
4844 }
4845
4846 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4847 * true) we are currently downloading by descriptor digest, set result[d] to
4848 * (void*)1. */
4849 static void
4850 list_pending_descriptor_downloads(digestmap_t *result, int extrainfo)
4851 {
4852 int purpose =
4853 extrainfo ? DIR_PURPOSE_FETCH_EXTRAINFO : DIR_PURPOSE_FETCH_SERVERDESC;
4854 list_pending_downloads(result, NULL, purpose, "d/");
4855 }
4856
4857 /** For every microdescriptor we are currently downloading by descriptor
4858 * digest, set result[d] to (void*)1.
4859 */
4860 void
4861 list_pending_microdesc_downloads(digest256map_t *result)
4862 {
4863 list_pending_downloads(NULL, result, DIR_PURPOSE_FETCH_MICRODESC, "d/");
4864 }
4865
4866 /** For every certificate we are currently downloading by (identity digest,
4867 * signing key digest) pair, set result[fp_pair] to (void *1).
4868 */
4869 static void
4870 list_pending_fpsk_downloads(fp_pair_map_t *result)
4871 {
4872 const char *pfx = "fp-sk/";
4873 smartlist_t *tmp;
4874 smartlist_t *conns;
4875 const char *resource;
4876
4877 tor_assert(result);
4878
4879 tmp = smartlist_new();
4880 conns = get_connection_array();
4881
4882 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
4883 if (conn->type == CONN_TYPE_DIR &&
4884 conn->purpose == DIR_PURPOSE_FETCH_CERTIFICATE &&
4885 !conn->marked_for_close) {
4886 resource = TO_DIR_CONN(conn)->requested_resource;
4887 if (!strcmpstart(resource, pfx))
4888 dir_split_resource_into_fingerprint_pairs(resource + strlen(pfx),
4889 tmp);
4890 }
4891 } SMARTLIST_FOREACH_END(conn);
4892
4893 SMARTLIST_FOREACH_BEGIN(tmp, fp_pair_t *, fp) {
4894 fp_pair_map_set(result, fp, (void*)1);
4895 tor_free(fp);
4896 } SMARTLIST_FOREACH_END(fp);
4897
4898 smartlist_free(tmp);
4899 }
4900
4901 /** Launch downloads for all the descriptors whose digests or digests256
4902 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4903 * range.) If <b>source</b> is given, download from <b>source</b>;
4904 * otherwise, download from an appropriate random directory server.
4905 */
4906 MOCK_IMPL(STATIC void, initiate_descriptor_downloads,
4907 (const routerstatus_t *source, int purpose, smartlist_t *digests,
4908 int lo, int hi, int pds_flags))
4909 {
4910 char *resource, *cp;
4911 int digest_len, enc_digest_len;
4912 const char *sep;
4913 int b64_256;
4914 smartlist_t *tmp;
4915
4916 if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
4917 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4918 * 256-bit digests. */
4919 digest_len = DIGEST256_LEN;
4920 enc_digest_len = BASE64_DIGEST256_LEN + 1;
4921 sep = "-";
4922 b64_256 = 1;
4923 } else {
4924 digest_len = DIGEST_LEN;
4925 enc_digest_len = HEX_DIGEST_LEN + 1;
4926 sep = "+";
4927 b64_256 = 0;
4928 }
4929
4930 if (lo < 0)
4931 lo = 0;
4932 if (hi > smartlist_len(digests))
4933 hi = smartlist_len(digests);
4934
4935 if (hi-lo <= 0)
4936 return;
4937
4938 tmp = smartlist_new();
4939
4940 for (; lo < hi; ++lo) {
4941 cp = tor_malloc(enc_digest_len);
4942 if (b64_256) {
4943 digest256_to_base64(cp, smartlist_get(digests, lo));
4944 } else {
4945 base16_encode(cp, enc_digest_len, smartlist_get(digests, lo),
4946 digest_len);
4947 }
4948 smartlist_add(tmp, cp);
4949 }
4950
4951 cp = smartlist_join_strings(tmp, sep, 0, NULL);
4952 tor_asprintf(&resource, "d/%s.z", cp);
4953
4954 SMARTLIST_FOREACH(tmp, char *, cp1, tor_free(cp1));
4955 smartlist_free(tmp);
4956 tor_free(cp);
4957
4958 if (source) {
4959 /* We know which authority or directory mirror we want. */
4960 directory_initiate_command_routerstatus(source, purpose,
4961 ROUTER_PURPOSE_GENERAL,
4962 DIRIND_ONEHOP,
4963 resource, NULL, 0, 0);
4964 } else {
4965 directory_get_from_dirserver(purpose, ROUTER_PURPOSE_GENERAL, resource,
4966 pds_flags, DL_WANT_ANY_DIRSERVER);
4967 }
4968 tor_free(resource);
4969 }
4970
4971 /** Return the max number of hashes to put in a URL for a given request.
4972 */
4973 static int
4974 max_dl_per_request(const or_options_t *options, int purpose)
4975 {
4976 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4977 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4978 * /tor/server/d/.z) == 4026
4979 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4980 * So use 96 because it's a nice number.
4981 *
4982 * For microdescriptors, the calculation is
4983 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4984 * /tor/micro/d/.z) == 4027
4985 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4986 * So use 90 because it's a nice number.
4987 */
4988 int max = 96;
4989 if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
4990 max = 90;
4991 }
4992 /* If we're going to tunnel our connections, we can ask for a lot more
4993 * in a request. */
4994 if (directory_must_use_begindir(options)) {
4995 max = 500;
4996 }
4997 return max;
4998 }
4999
5000 /** Don't split our requests so finely that we are requesting fewer than
5001 * this number per server. */
5002 #define MIN_DL_PER_REQUEST 4
5003 /** To prevent a single screwy cache from confusing us by selective reply,
5004 * try to split our requests into at least this many requests. */
5005 #define MIN_REQUESTS 3
5006 /** If we want fewer than this many descriptors, wait until we
5007 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
5008 #define MAX_DL_TO_DELAY 16
5009
5010 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
5011 * router descriptor digests or microdescriptor digest256s in
5012 * <b>downloadable</b>, decide whether to delay fetching until we have more.
5013 * If we don't want to delay, launch one or more requests to the appropriate
5014 * directory authorities.
5015 */
5016 void
5017 launch_descriptor_downloads(int purpose,
5018 smartlist_t *downloadable,
5019 const routerstatus_t *source, time_t now)
5020 {
5021 const or_options_t *options = get_options();
5022 const char *descname;
5023 const int fetch_microdesc = (purpose == DIR_PURPOSE_FETCH_MICRODESC);
5024 int n_downloadable = smartlist_len(downloadable);
5025
5026 int i, n_per_request, max_dl_per_req;
5027 const char *req_plural = "", *rtr_plural = "";
5028 int pds_flags = PDS_RETRY_IF_NO_SERVERS;
5029
5030 tor_assert(fetch_microdesc || purpose == DIR_PURPOSE_FETCH_SERVERDESC);
5031 descname = fetch_microdesc ? "microdesc" : "routerdesc";
5032
5033 if (!n_downloadable)
5034 return;
5035
5036 if (!directory_fetches_dir_info_early(options)) {
5037 if (n_downloadable >= MAX_DL_TO_DELAY) {
5038 log_debug(LD_DIR,
5039 "There are enough downloadable %ss to launch requests.",
5040 descname);
5041 } else if (! router_have_minimum_dir_info()) {
5042 log_debug(LD_DIR,
5043 "We are only missing %d %ss, but we'll fetch anyway, since "
5044 "we don't yet have enough directory info.",
5045 n_downloadable, descname);
5046 } else {
5047
5048 /* should delay */
5049 if ((last_descriptor_download_attempted +
5050 options->TestingClientMaxIntervalWithoutRequest) > now)
5051 return;
5052
5053 if (last_descriptor_download_attempted) {
5054 log_info(LD_DIR,
5055 "There are not many downloadable %ss, but we've "
5056 "been waiting long enough (%d seconds). Downloading.",
5057 descname,
5058 (int)(now-last_descriptor_download_attempted));
5059 } else {
5060 log_info(LD_DIR,
5061 "There are not many downloadable %ss, but we haven't "
5062 "tried downloading descriptors recently. Downloading.",
5063 descname);
5064 }
5065 }
5066 }
5067
5068 if (!authdir_mode_any_nonhidserv(options)) {
5069 /* If we wind up going to the authorities, we want to only open one
5070 * connection to each authority at a time, so that we don't overload
5071 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5072 * regardless of whether we're a cache or not.
5073 *
5074 * Setting this flag can make initiate_descriptor_downloads() ignore
5075 * requests. We need to make sure that we do in fact call
5076 * update_router_descriptor_downloads() later on, once the connections
5077 * have succeeded or failed.
5078 */
5079 pds_flags |= fetch_microdesc ?
5080 PDS_NO_EXISTING_MICRODESC_FETCH :
5081 PDS_NO_EXISTING_SERVERDESC_FETCH;
5082 }
5083
5084 n_per_request = CEIL_DIV(n_downloadable, MIN_REQUESTS);
5085 max_dl_per_req = max_dl_per_request(options, purpose);
5086
5087 if (n_per_request > max_dl_per_req)
5088 n_per_request = max_dl_per_req;
5089
5090 if (n_per_request < MIN_DL_PER_REQUEST)
5091 n_per_request = MIN_DL_PER_REQUEST;
5092
5093 if (n_downloadable > n_per_request)
5094 req_plural = rtr_plural = "s";
5095 else if (n_downloadable > 1)
5096 rtr_plural = "s";
5097
5098 log_info(LD_DIR,
5099 "Launching %d request%s for %d %s%s, %d at a time",
5100 CEIL_DIV(n_downloadable, n_per_request), req_plural,
5101 n_downloadable, descname, rtr_plural, n_per_request);
5102 smartlist_sort_digests(downloadable);
5103 for (i=0; i < n_downloadable; i += n_per_request) {
5104 initiate_descriptor_downloads(source, purpose,
5105 downloadable, i, i+n_per_request,
5106 pds_flags);
5107 }
5108 last_descriptor_download_attempted = now;
5109 }
5110
5111 /** For any descriptor that we want that's currently listed in
5112 * <b>consensus</b>, download it as appropriate. */
5113 void
5114 update_consensus_router_descriptor_downloads(time_t now, int is_vote,
5115 networkstatus_t *consensus)
5116 {
5117 const or_options_t *options = get_options();
5118 digestmap_t *map = NULL;
5119 smartlist_t *no_longer_old = smartlist_new();
5120 smartlist_t *downloadable = smartlist_new();
5121 routerstatus_t *source = NULL;
5122 int authdir = authdir_mode(options);
5123 int n_delayed=0, n_have=0, n_would_reject=0, n_wouldnt_use=0,
5124 n_inprogress=0, n_in_oldrouters=0;
5125
5126 if (directory_too_idle_to_fetch_descriptors(options, now))
5127 goto done;
5128 if (!consensus)
5129 goto done;
5130
5131 if (is_vote) {
5132 /* where's it from, so we know whom to ask for descriptors */
5133 dir_server_t *ds;
5134 networkstatus_voter_info_t *voter = smartlist_get(consensus->voters, 0);
5135 tor_assert(voter);
5136 ds = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
5137 if (ds)
5138 source = &(ds->fake_status);
5139 else
5140 log_warn(LD_DIR, "couldn't lookup source from vote?");
5141 }
5142
5143 map = digestmap_new();
5144 list_pending_descriptor_downloads(map, 0);
5145 SMARTLIST_FOREACH_BEGIN(consensus->routerstatus_list, void *, rsp) {
5146 routerstatus_t *rs =
5147 is_vote ? &(((vote_routerstatus_t *)rsp)->status) : rsp;
5148 signed_descriptor_t *sd;
5149 if ((sd = router_get_by_descriptor_digest(rs->descriptor_digest))) {
5150 const routerinfo_t *ri;
5151 ++n_have;
5152 if (!(ri = router_get_by_id_digest(rs->identity_digest)) ||
5153 tor_memneq(ri->cache_info.signed_descriptor_digest,
5154 sd->signed_descriptor_digest, DIGEST_LEN)) {
5155 /* We have a descriptor with this digest, but either there is no
5156 * entry in routerlist with the same ID (!ri), or there is one,
5157 * but the identity digest differs (memneq).
5158 */
5159 smartlist_add(no_longer_old, sd);
5160 ++n_in_oldrouters; /* We have it in old_routers. */
5161 }
5162 continue; /* We have it already. */
5163 }
5164 if (digestmap_get(map, rs->descriptor_digest)) {
5165 ++n_inprogress;
5166 continue; /* We have an in-progress download. */
5167 }
5168 if (!download_status_is_ready(&rs->dl_status, now,
5169 options->TestingDescriptorMaxDownloadTries)) {
5170 ++n_delayed; /* Not ready for retry. */
5171 continue;
5172 }
5173 if (authdir && dirserv_would_reject_router(rs)) {
5174 ++n_would_reject;
5175 continue; /* We would throw it out immediately. */
5176 }
5177 if (!directory_caches_dir_info(options) &&
5178 !client_would_use_router(rs, now, options)) {
5179 ++n_wouldnt_use;
5180 continue; /* We would never use it ourself. */
5181 }
5182 if (is_vote && source) {
5183 char time_bufnew[ISO_TIME_LEN+1];
5184 char time_bufold[ISO_TIME_LEN+1];
5185 const routerinfo_t *oldrouter;
5186 oldrouter = router_get_by_id_digest(rs->identity_digest);
5187 format_iso_time(time_bufnew, rs->published_on);
5188 if (oldrouter)
5189 format_iso_time(time_bufold, oldrouter->cache_info.published_on);
5190 log_info(LD_DIR, "Learned about %s (%s vs %s) from %s's vote (%s)",
5191 routerstatus_describe(rs),
5192 time_bufnew,
5193 oldrouter ? time_bufold : "none",
5194 source->nickname, oldrouter ? "known" : "unknown");
5195 }
5196 smartlist_add(downloadable, rs->descriptor_digest);
5197 } SMARTLIST_FOREACH_END(rsp);
5198
5199 if (!authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL)
5200 && smartlist_len(no_longer_old)) {
5201 routerlist_t *rl = router_get_routerlist();
5202 log_info(LD_DIR, "%d router descriptors listed in consensus are "
5203 "currently in old_routers; making them current.",
5204 smartlist_len(no_longer_old));
5205 SMARTLIST_FOREACH_BEGIN(no_longer_old, signed_descriptor_t *, sd) {
5206 const char *msg;
5207 was_router_added_t r;
5208 routerinfo_t *ri = routerlist_reparse_old(rl, sd);
5209 if (!ri) {
5210 log_warn(LD_BUG, "Failed to re-parse a router.");
5211 continue;
5212 }
5213 r = router_add_to_routerlist(ri, &msg, 1, 0);
5214 if (WRA_WAS_OUTDATED(r)) {
5215 log_warn(LD_DIR, "Couldn't add re-parsed router: %s",
5216 msg?msg:"???");
5217 }
5218 } SMARTLIST_FOREACH_END(sd);
5219 routerlist_assert_ok(rl);
5220 }
5221
5222 log_info(LD_DIR,
5223 "%d router descriptors downloadable. %d delayed; %d present "
5224 "(%d of those were in old_routers); %d would_reject; "
5225 "%d wouldnt_use; %d in progress.",
5226 smartlist_len(downloadable), n_delayed, n_have, n_in_oldrouters,
5227 n_would_reject, n_wouldnt_use, n_inprogress);
5228
5229 launch_descriptor_downloads(DIR_PURPOSE_FETCH_SERVERDESC,
5230 downloadable, source, now);
5231
5232 digestmap_free(map, NULL);
5233 done:
5234 smartlist_free(downloadable);
5235 smartlist_free(no_longer_old);
5236 }
5237
5238 /** How often should we launch a server/authority request to be sure of getting
5239 * a guess for our IP? */
5240 /*XXXX+ this info should come from netinfo cells or something, or we should
5241 * do this only when we aren't seeing incoming data. see bug 652. */
5242 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5243
5244 /** As needed, launch a dummy router descriptor fetch to see if our
5245 * address has changed. */
5246 static void
5247 launch_dummy_descriptor_download_as_needed(time_t now,
5248 const or_options_t *options)
5249 {
5250 static time_t last_dummy_download = 0;
5251 /* XXXX+ we could be smarter here; see notes on bug 652. */
5252 /* If we're a server that doesn't have a configured address, we rely on
5253 * directory fetches to learn when our address changes. So if we haven't
5254 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5255 if (!options->Address &&
5256 server_mode(options) &&
5257 last_descriptor_download_attempted + DUMMY_DOWNLOAD_INTERVAL < now &&
5258 last_dummy_download + DUMMY_DOWNLOAD_INTERVAL < now) {
5259 last_dummy_download = now;
5260 /* XX/teor - do we want an authority here, because they are less likely
5261 * to give us the wrong address? (See #17782)
5262 * I'm leaving the previous behaviour intact, because I don't like
5263 * the idea of some relays contacting an authority every 20 minutes. */
5264 directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC,
5265 ROUTER_PURPOSE_GENERAL, "authority.z",
5266 PDS_RETRY_IF_NO_SERVERS,
5267 DL_WANT_ANY_DIRSERVER);
5268 }
5269 }
5270
5271 /** Launch downloads for router status as needed. */
5272 void
5273 update_router_descriptor_downloads(time_t now)
5274 {
5275 const or_options_t *options = get_options();
5276 if (should_delay_dir_fetches(options, NULL))
5277 return;
5278 if (!we_fetch_router_descriptors(options))
5279 return;
5280
5281 update_consensus_router_descriptor_downloads(now, 0,
5282 networkstatus_get_reasonably_live_consensus(now, FLAV_NS));
5283 }
5284
5285 /** Launch extrainfo downloads as needed. */
5286 void
5287 update_extrainfo_downloads(time_t now)
5288 {
5289 const or_options_t *options = get_options();
5290 routerlist_t *rl;
5291 smartlist_t *wanted;
5292 digestmap_t *pending;
5293 int old_routers, i, max_dl_per_req;
5294 int n_no_ei = 0, n_pending = 0, n_have = 0, n_delay = 0, n_bogus[2] = {0,0};
5295 if (! options->DownloadExtraInfo)
5296 return;
5297 if (should_delay_dir_fetches(options, NULL))
5298 return;
5299 if (!router_have_minimum_dir_info())
5300 return;
5301
5302 pending = digestmap_new();
5303 list_pending_descriptor_downloads(pending, 1);
5304 rl = router_get_routerlist();
5305 wanted = smartlist_new();
5306 for (old_routers = 0; old_routers < 2; ++old_routers) {
5307 smartlist_t *lst = old_routers ? rl->old_routers : rl->routers;
5308 for (i = 0; i < smartlist_len(lst); ++i) {
5309 signed_descriptor_t *sd;
5310 char *d;
5311 if (old_routers)
5312 sd = smartlist_get(lst, i);
5313 else
5314 sd = &((routerinfo_t*)smartlist_get(lst, i))->cache_info;
5315 if (sd->is_extrainfo)
5316 continue; /* This should never happen. */
5317 if (old_routers && !router_get_by_id_digest(sd->identity_digest))
5318 continue; /* Couldn't check the signature if we got it. */
5319 if (sd->extrainfo_is_bogus)
5320 continue;
5321 d = sd->extra_info_digest;
5322 if (tor_digest_is_zero(d)) {
5323 ++n_no_ei;
5324 continue;
5325 }
5326 if (eimap_get(rl->extra_info_map, d)) {
5327 ++n_have;
5328 continue;
5329 }
5330 if (!download_status_is_ready(&sd->ei_dl_status, now,
5331 options->TestingDescriptorMaxDownloadTries)) {
5332 ++n_delay;
5333 continue;
5334 }
5335 if (digestmap_get(pending, d)) {
5336 ++n_pending;
5337 continue;
5338 }
5339
5340 const signed_descriptor_t *sd2 = router_get_by_extrainfo_digest(d);
5341 if (sd2 != sd) {
5342 if (sd2 != NULL) {
5343 char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
5344 char d3[HEX_DIGEST_LEN+1], d4[HEX_DIGEST_LEN+1];
5345 base16_encode(d1, sizeof(d1), sd->identity_digest, DIGEST_LEN);
5346 base16_encode(d2, sizeof(d2), sd2->identity_digest, DIGEST_LEN);
5347 base16_encode(d3, sizeof(d3), d, DIGEST_LEN);
5348 base16_encode(d4, sizeof(d3), sd2->extra_info_digest, DIGEST_LEN);
5349
5350 log_info(LD_DIR, "Found an entry in %s with mismatched "
5351 "router_get_by_extrainfo_digest() value. This has ID %s "
5352 "but the entry in the map has ID %s. This has EI digest "
5353 "%s and the entry in the map has EI digest %s.",
5354 old_routers?"old_routers":"routers",
5355 d1, d2, d3, d4);
5356 } else {
5357 char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
5358 base16_encode(d1, sizeof(d1), sd->identity_digest, DIGEST_LEN);
5359 base16_encode(d2, sizeof(d2), d, DIGEST_LEN);
5360
5361 log_info(LD_DIR, "Found an entry in %s with NULL "
5362 "router_get_by_extrainfo_digest() value. This has ID %s "
5363 "and EI digest %s.",
5364 old_routers?"old_routers":"routers",
5365 d1, d2);
5366 }
5367 ++n_bogus[old_routers];
5368 continue;
5369 }
5370 smartlist_add(wanted, d);
5371 }
5372 }
5373 digestmap_free(pending, NULL);
5374
5375 log_info(LD_DIR, "Extrainfo download status: %d router with no ei, %d "
5376 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5377 "bogus in routers, %d bogus in old_routers",
5378 n_no_ei, n_have, n_delay, n_pending, smartlist_len(wanted),
5379 n_bogus[0], n_bogus[1]);
5380
5381 smartlist_shuffle(wanted);
5382
5383 max_dl_per_req = max_dl_per_request(options, DIR_PURPOSE_FETCH_EXTRAINFO);
5384 for (i = 0; i < smartlist_len(wanted); i += max_dl_per_req) {
5385 initiate_descriptor_downloads(NULL, DIR_PURPOSE_FETCH_EXTRAINFO,
5386 wanted, i, i+max_dl_per_req,
5387 PDS_RETRY_IF_NO_SERVERS|PDS_NO_EXISTING_SERVERDESC_FETCH);
5388 }
5389
5390 smartlist_free(wanted);
5391 }
5392
5393 /** Reset the descriptor download failure count on all routers, so that we
5394 * can retry any long-failed routers immediately.
5395 */
5396 void
5397 router_reset_descriptor_download_failures(void)
5398 {
5399 log_debug(LD_GENERAL,
5400 "In router_reset_descriptor_download_failures()");
5401
5402 networkstatus_reset_download_failures();
5403 last_descriptor_download_attempted = 0;
5404 if (!routerlist)
5405 return;
5406 SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, ri,
5407 {
5408 download_status_reset(&ri->cache_info.ei_dl_status);
5409 });
5410 SMARTLIST_FOREACH(routerlist->old_routers, signed_descriptor_t *, sd,
5411 {
5412 download_status_reset(&sd->ei_dl_status);
5413 });
5414 }
5415
5416 /** Any changes in a router descriptor's publication time larger than this are
5417 * automatically non-cosmetic. */
5418 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5419
5420 /** We allow uptime to vary from how much it ought to be by this much. */
5421 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5422
5423 /** Return true iff the only differences between r1 and r2 are such that
5424 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5425 */
5426 int
5427 router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2)
5428 {
5429 time_t r1pub, r2pub;
5430 long time_difference;
5431 tor_assert(r1 && r2);
5432
5433 /* r1 should be the one that was published first. */
5434 if (r1->cache_info.published_on > r2->cache_info.published_on) {
5435 const routerinfo_t *ri_tmp = r2;
5436 r2 = r1;
5437 r1 = ri_tmp;
5438 }
5439
5440 /* If any key fields differ, they're different. */
5441 if (r1->addr != r2->addr ||
5442 strcasecmp(r1->nickname, r2->nickname) ||
5443 r1->or_port != r2->or_port ||
5444 !tor_addr_eq(&r1->ipv6_addr, &r2->ipv6_addr) ||
5445 r1->ipv6_orport != r2->ipv6_orport ||
5446 r1->dir_port != r2->dir_port ||
5447 r1->purpose != r2->purpose ||
5448 !crypto_pk_eq_keys(r1->onion_pkey, r2->onion_pkey) ||
5449 !crypto_pk_eq_keys(r1->identity_pkey, r2->identity_pkey) ||
5450 strcasecmp(r1->platform, r2->platform) ||
5451 (r1->contact_info && !r2->contact_info) || /* contact_info is optional */
5452 (!r1->contact_info && r2->contact_info) ||
5453 (r1->contact_info && r2->contact_info &&
5454 strcasecmp(r1->contact_info, r2->contact_info)) ||
5455 r1->is_hibernating != r2->is_hibernating ||
5456 ! addr_policies_eq(r1->exit_policy, r2->exit_policy) ||
5457 (r1->supports_tunnelled_dir_requests !=
5458 r2->supports_tunnelled_dir_requests))
5459 return 0;
5460 if ((r1->declared_family == NULL) != (r2->declared_family == NULL))
5461 return 0;
5462 if (r1->declared_family && r2->declared_family) {
5463 int i, n;
5464 if (smartlist_len(r1->declared_family)!=smartlist_len(r2->declared_family))
5465 return 0;
5466 n = smartlist_len(r1->declared_family);
5467 for (i=0; i < n; ++i) {
5468 if (strcasecmp(smartlist_get(r1->declared_family, i),
5469 smartlist_get(r2->declared_family, i)))
5470 return 0;
5471 }
5472 }
5473
5474 /* Did bandwidth change a lot? */
5475 if ((r1->bandwidthcapacity < r2->bandwidthcapacity/2) ||
5476 (r2->bandwidthcapacity < r1->bandwidthcapacity/2))
5477 return 0;
5478
5479 /* Did the bandwidthrate or bandwidthburst change? */
5480 if ((r1->bandwidthrate != r2->bandwidthrate) ||
5481 (r1->bandwidthburst != r2->bandwidthburst))
5482 return 0;
5483
5484 /* Did more than 12 hours pass? */
5485 if (r1->cache_info.published_on + ROUTER_MAX_COSMETIC_TIME_DIFFERENCE
5486 < r2->cache_info.published_on)
5487 return 0;
5488
5489 /* Did uptime fail to increase by approximately the amount we would think,
5490 * give or take some slop? */
5491 r1pub = r1->cache_info.published_on;
5492 r2pub = r2->cache_info.published_on;
5493 time_difference = labs(r2->uptime - (r1->uptime + (r2pub - r1pub)));
5494 if (time_difference > ROUTER_ALLOW_UPTIME_DRIFT &&
5495 time_difference > r1->uptime * .05 &&
5496 time_difference > r2->uptime * .05)
5497 return 0;
5498
5499 /* Otherwise, the difference is cosmetic. */
5500 return 1;
5501 }
5502
5503 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5504 * extrainfo document <b>ei</b>.
5505 *
5506 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5507 * for the router. We use it to check the signature of the extrainfo document,
5508 * if it has not already been checked.
5509 *
5510 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5511 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5512 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5513 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5514 * incompatibility (if any).
5515 *
5516 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5517 * but the extrainfo was nonetheless incompatible.
5518 **/
5519 int
5520 routerinfo_incompatible_with_extrainfo(const crypto_pk_t *identity_pkey,
5521 extrainfo_t *ei,
5522 signed_descriptor_t *sd,
5523 const char **msg)
5524 {
5525 int digest_matches, digest256_matches, r=1;
5526 tor_assert(identity_pkey);
5527 tor_assert(sd);
5528 tor_assert(ei);
5529
5530 if (ei->bad_sig) {
5531 if (msg) *msg = "Extrainfo signature was bad, or signed with wrong key.";
5532 return 1;
5533 }
5534
5535 digest_matches = tor_memeq(ei->cache_info.signed_descriptor_digest,
5536 sd->extra_info_digest, DIGEST_LEN);
5537 /* Set digest256_matches to 1 if the digest is correct, or if no
5538 * digest256 was in the ri. */
5539 digest256_matches = tor_memeq(ei->digest256,
5540 sd->extra_info_digest256, DIGEST256_LEN);
5541 digest256_matches |=
5542 tor_mem_is_zero(sd->extra_info_digest256, DIGEST256_LEN);
5543
5544 /* The identity must match exactly to have been generated at the same time
5545 * by the same router. */
5546 if (tor_memneq(sd->identity_digest,
5547 ei->cache_info.identity_digest,
5548 DIGEST_LEN)) {
5549 if (msg) *msg = "Extrainfo nickname or identity did not match routerinfo";
5550 goto err; /* different servers */
5551 }
5552
5553 if (! tor_cert_opt_eq(sd->signing_key_cert,
5554 ei->cache_info.signing_key_cert)) {
5555 if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
5556 goto err; /* different servers */
5557 }
5558
5559 if (ei->pending_sig) {
5560 char signed_digest[128];
5561 if (crypto_pk_public_checksig(identity_pkey,
5562 signed_digest, sizeof(signed_digest),
5563 ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
5564 tor_memneq(signed_digest, ei->cache_info.signed_descriptor_digest,
5565 DIGEST_LEN)) {
5566 ei->bad_sig = 1;
5567 tor_free(ei->pending_sig);
5568 if (msg) *msg = "Extrainfo signature bad, or signed with wrong key";
5569 goto err; /* Bad signature, or no match. */
5570 }
5571
5572 ei->cache_info.send_unencrypted = sd->send_unencrypted;
5573 tor_free(ei->pending_sig);
5574 }
5575
5576 if (ei->cache_info.published_on < sd->published_on) {
5577 if (msg) *msg = "Extrainfo published time did not match routerdesc";
5578 goto err;
5579 } else if (ei->cache_info.published_on > sd->published_on) {
5580 if (msg) *msg = "Extrainfo published time did not match routerdesc";
5581 r = -1;
5582 goto err;
5583 }
5584
5585 if (!digest256_matches && !digest_matches) {
5586 if (msg) *msg = "Neither digest256 or digest matched "
5587 "digest from routerdesc";
5588 goto err;
5589 }
5590
5591 if (!digest256_matches) {
5592 if (msg) *msg = "Extrainfo digest did not match digest256 from routerdesc";
5593 goto err; /* Digest doesn't match declared value. */
5594 }
5595
5596 if (!digest_matches) {
5597 if (msg) *msg = "Extrainfo digest did not match value from routerdesc";
5598 goto err; /* Digest doesn't match declared value. */
5599 }
5600
5601 return 0;
5602 err:
5603 if (digest_matches) {
5604 /* This signature was okay, and the digest was right: This is indeed the
5605 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5606 * that lists it. Don't try to fetch this one again. */
5607 sd->extrainfo_is_bogus = 1;
5608 }
5609
5610 return r;
5611 }
5612
5613 /* Does ri have a valid ntor onion key?
5614 * Valid ntor onion keys exist and have at least one non-zero byte. */
5615 int
5616 routerinfo_has_curve25519_onion_key(const routerinfo_t *ri)
5617 {
5618 if (!ri) {
5619 return 0;
5620 }
5621
5622 if (!ri->onion_curve25519_pkey) {
5623 return 0;
5624 }
5625
5626 if (tor_mem_is_zero((const char*)ri->onion_curve25519_pkey->public_key,
5627 CURVE25519_PUBKEY_LEN)) {
5628 return 0;
5629 }
5630
5631 return 1;
5632 }
5633
5634 /* Is rs running a tor version known to support EXTEND2 cells?
5635 * If allow_unknown_versions is true, return true if we can't tell
5636 * (from a versions line or a protocols line) whether it supports extend2
5637 * cells.
5638 * Otherwise, return false if the version is unknown. */
5639 int
5640 routerstatus_version_supports_extend2_cells(const routerstatus_t *rs,
5641 int allow_unknown_versions)
5642 {
5643 if (!rs) {
5644 return allow_unknown_versions;
5645 }
5646
5647 if (!rs->protocols_known) {
5648 return allow_unknown_versions;
5649 }
5650
5651 return rs->supports_extend2_cells;
5652 }
5653
5654 /** Assert that the internal representation of <b>rl</b> is
5655 * self-consistent. */
5656 void
5657 routerlist_assert_ok(const routerlist_t *rl)
5658 {
5659 routerinfo_t *r2;
5660 signed_descriptor_t *sd2;
5661 if (!rl)
5662 return;
5663 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, r) {
5664 r2 = rimap_get(rl->identity_map, r->cache_info.identity_digest);
5665 tor_assert(r == r2);
5666 sd2 = sdmap_get(rl->desc_digest_map,
5667 r->cache_info.signed_descriptor_digest);
5668 tor_assert(&(r->cache_info) == sd2);
5669 tor_assert(r->cache_info.routerlist_index == r_sl_idx);
5670 /* XXXX
5671 *
5672 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5673 * commenting this out is just a band-aid.
5674 *
5675 * The problem is that, although well-behaved router descriptors
5676 * should never have the same value for their extra_info_digest, it's
5677 * possible for ill-behaved routers to claim whatever they like there.
5678 *
5679 * The real answer is to trash desc_by_eid_map and instead have
5680 * something that indicates for a given extra-info digest we want,
5681 * what its download status is. We'll do that as a part of routerlist
5682 * refactoring once consensus directories are in. For now,
5683 * this rep violation is probably harmless: an adversary can make us
5684 * reset our retry count for an extrainfo, but that's not the end
5685 * of the world. Changing the representation in 0.2.0.x would just
5686 * destabilize the codebase.
5687 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5688 signed_descriptor_t *sd3 =
5689 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5690 tor_assert(sd3 == &(r->cache_info));
5691 }
5692 */
5693 } SMARTLIST_FOREACH_END(r);
5694 SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) {
5695 r2 = rimap_get(rl->identity_map, sd->identity_digest);
5696 tor_assert(!r2 || sd != &(r2->cache_info));
5697 sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest);
5698 tor_assert(sd == sd2);
5699 tor_assert(sd->routerlist_index == sd_sl_idx);
5700 /* XXXX see above.
5701 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5702 signed_descriptor_t *sd3 =
5703 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5704 tor_assert(sd3 == sd);
5705 }
5706 */
5707 } SMARTLIST_FOREACH_END(sd);
5708
5709 RIMAP_FOREACH(rl->identity_map, d, r) {
5710 tor_assert(tor_memeq(r->cache_info.identity_digest, d, DIGEST_LEN));
5711 } DIGESTMAP_FOREACH_END;
5712 SDMAP_FOREACH(rl->desc_digest_map, d, sd) {
5713 tor_assert(tor_memeq(sd->signed_descriptor_digest, d, DIGEST_LEN));
5714 } DIGESTMAP_FOREACH_END;
5715 SDMAP_FOREACH(rl->desc_by_eid_map, d, sd) {
5716 tor_assert(!tor_digest_is_zero(d));
5717 tor_assert(sd);
5718 tor_assert(tor_memeq(sd->extra_info_digest, d, DIGEST_LEN));
5719 } DIGESTMAP_FOREACH_END;
5720 EIMAP_FOREACH(rl->extra_info_map, d, ei) {
5721 signed_descriptor_t *sd;
5722 tor_assert(tor_memeq(ei->cache_info.signed_descriptor_digest,
5723 d, DIGEST_LEN));
5724 sd = sdmap_get(rl->desc_by_eid_map,
5725 ei->cache_info.signed_descriptor_digest);
5726 // tor_assert(sd); // XXXX see above
5727 if (sd) {
5728 tor_assert(tor_memeq(ei->cache_info.signed_descriptor_digest,
5729 sd->extra_info_digest, DIGEST_LEN));
5730 }
5731 } DIGESTMAP_FOREACH_END;
5732 }
5733
5734 /** Allocate and return a new string representing the contact info
5735 * and platform string for <b>router</b>,
5736 * surrounded by quotes and using standard C escapes.
5737 *
5738 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5739 * thread. Also, each call invalidates the last-returned value, so don't
5740 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5741 *
5742 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5743 */
5744 const char *
5745 esc_router_info(const routerinfo_t *router)
5746 {
5747 static char *info=NULL;
5748 char *esc_contact, *esc_platform;
5749 tor_free(info);
5750
5751 if (!router)
5752 return NULL; /* we're exiting; just free the memory we use */
5753
5754 esc_contact = esc_for_log(router->contact_info);
5755 esc_platform = esc_for_log(router->platform);
5756
5757 tor_asprintf(&info, "Contact %s, Platform %s", esc_contact, esc_platform);
5758 tor_free(esc_contact);
5759 tor_free(esc_platform);
5760
5761 return info;
5762 }
5763
5764 /** Helper for sorting: compare two routerinfos by their identity
5765 * digest. */
5766 static int
5767 compare_routerinfo_by_id_digest_(const void **a, const void **b)
5768 {
5769 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
5770 return fast_memcmp(first->cache_info.identity_digest,
5771 second->cache_info.identity_digest,
5772 DIGEST_LEN);
5773 }
5774
5775 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5776 void
5777 routers_sort_by_identity(smartlist_t *routers)
5778 {
5779 smartlist_sort(routers, compare_routerinfo_by_id_digest_);
5780 }
5781
5782 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5783 * recompute all country info in all configuration node sets and in the
5784 * routerlist. */
5785 void
5786 refresh_all_country_info(void)
5787 {
5788 const or_options_t *options = get_options();
5789
5790 if (options->EntryNodes)
5791 routerset_refresh_countries(options->EntryNodes);
5792 if (options->ExitNodes)
5793 routerset_refresh_countries(options->ExitNodes);
5794 if (options->ExcludeNodes)
5795 routerset_refresh_countries(options->ExcludeNodes);
5796 if (options->ExcludeExitNodes)
5797 routerset_refresh_countries(options->ExcludeExitNodes);
5798 if (options->ExcludeExitNodesUnion_)
5799 routerset_refresh_countries(options->ExcludeExitNodesUnion_);
5800
5801 nodelist_refresh_countries();
5802 }
5803
The Onion Router