1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
10 * maintain and access the global list of routerinfos for known
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
24 * Right now, routerinfo_t objects are used in these ways:
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
88 * TODO: Authority certificates should be a separate module.
90 * TODO: dir_server_t stuff should be in a separate module.
93 #define ROUTERLIST_PRIVATE
95 #include "backtrace.h"
96 #include "crypto_ed25519.h"
97 #include "circuitstats.h"
99 #include "connection.h"
101 #include "directory.h"
104 #include "entrynodes.h"
107 #include "hibernate.h"
109 #include "microdesc.h"
110 #include "networkstatus.h"
111 #include "nodelist.h"
112 #include "policies.h"
114 #include "rendcommon.h"
115 #include "rendservice.h"
118 #include "routerlist.h"
119 #include "routerparse.h"
120 #include "routerset.h"
124 // #define DEBUG_ROUTERLIST
126 /****************************************************************************/
128 /* Typed wrappers for different digestmap types; used to avoid type
131 DECLARE_TYPED_DIGESTMAP_FNS(sdmap_
, digest_sd_map_t
, signed_descriptor_t
)
132 DECLARE_TYPED_DIGESTMAP_FNS(rimap_
, digest_ri_map_t
, routerinfo_t
)
133 DECLARE_TYPED_DIGESTMAP_FNS(eimap_
, digest_ei_map_t
, extrainfo_t
)
134 DECLARE_TYPED_DIGESTMAP_FNS(dsmap_
, digest_ds_map_t
, download_status_t
)
135 #define SDMAP_FOREACH(map, keyvar, valvar) \
136 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
138 #define RIMAP_FOREACH(map, keyvar, valvar) \
139 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
140 #define EIMAP_FOREACH(map, keyvar, valvar) \
141 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
142 #define DSMAP_FOREACH(map, keyvar, valvar) \
143 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
146 /* Forward declaration for cert_list_t */
147 typedef struct cert_list_t cert_list_t
;
149 /* static function prototypes */
150 static int compute_weighted_bandwidths(const smartlist_t
*sl
,
151 bandwidth_weight_rule_t rule
,
152 double **bandwidths_out
);
153 static const routerstatus_t
*router_pick_trusteddirserver_impl(
154 const smartlist_t
*sourcelist
, dirinfo_type_t auth
,
155 int flags
, int *n_busy_out
);
156 static const routerstatus_t
*router_pick_dirserver_generic(
157 smartlist_t
*sourcelist
,
158 dirinfo_type_t type
, int flags
);
159 static void mark_all_dirservers_up(smartlist_t
*server_list
);
160 static void dir_server_free(dir_server_t
*ds
);
161 static int signed_desc_digest_is_recognized(signed_descriptor_t
*desc
);
162 static const char *signed_descriptor_get_body_impl(
163 const signed_descriptor_t
*desc
,
164 int with_annotations
);
165 static void list_pending_downloads(digestmap_t
*result
,
166 digest256map_t
*result256
,
167 int purpose
, const char *prefix
);
168 static void list_pending_fpsk_downloads(fp_pair_map_t
*result
);
169 static void launch_dummy_descriptor_download_as_needed(time_t now
,
170 const or_options_t
*options
);
171 static void download_status_reset_by_sk_in_cl(cert_list_t
*cl
,
173 static int download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
175 time_t now
, int max_failures
);
177 /****************************************************************************/
179 /** Global list of a dir_server_t object for each directory
181 static smartlist_t
*trusted_dir_servers
= NULL
;
182 /** Global list of dir_server_t objects for all directory authorities
183 * and all fallback directory servers. */
184 static smartlist_t
*fallback_dir_servers
= NULL
;
186 /** List of certificates for a single authority, and download status for
187 * latest certificate.
191 * The keys of download status map are cert->signing_key_digest for pending
192 * downloads by (identity digest/signing key digest) pair; functions such
193 * as authority_cert_get_by_digest() already assume these are unique.
195 struct digest_ds_map_t
*dl_status_map
;
196 /* There is also a dlstatus for the download by identity key only */
197 download_status_t dl_status_by_id
;
200 /** Map from v3 identity key digest to cert_list_t. */
201 static digestmap_t
*trusted_dir_certs
= NULL
;
202 /** True iff any key certificate in at least one member of
203 * <b>trusted_dir_certs</b> has changed since we last flushed the
204 * certificates to disk. */
205 static int trusted_dir_servers_certs_changed
= 0;
207 /** Global list of all of the routers that we know about. */
208 static routerlist_t
*routerlist
= NULL
;
210 /** List of strings for nicknames we've already warned about and that are
211 * still unknown / unavailable. */
212 static smartlist_t
*warned_nicknames
= NULL
;
214 /** The last time we tried to download any routerdesc, or 0 for "never". We
215 * use this to rate-limit download attempts when the number of routerdescs to
216 * download is low. */
217 static time_t last_descriptor_download_attempted
= 0;
219 /** Return the number of directory authorities whose type matches some bit set
222 get_n_authorities(dirinfo_type_t type
)
225 if (!trusted_dir_servers
)
227 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
233 /** Initialise schedule, want_authority, and increment on in the download
234 * status dlstatus, then call download_status_reset() on it.
235 * It is safe to call this function or download_status_reset() multiple times
236 * on a new dlstatus. But it should *not* be called after a dlstatus has been
237 * used to count download attempts or failures. */
239 download_status_cert_init(download_status_t
*dlstatus
)
241 dlstatus
->schedule
= DL_SCHED_CONSENSUS
;
242 dlstatus
->want_authority
= DL_WANT_ANY_DIRSERVER
;
243 dlstatus
->increment_on
= DL_SCHED_INCREMENT_FAILURE
;
244 dlstatus
->backoff
= DL_SCHED_RANDOM_EXPONENTIAL
;
245 dlstatus
->last_backoff_position
= 0;
246 dlstatus
->last_delay_used
= 0;
248 /* Use the new schedule to set next_attempt_at */
249 download_status_reset(dlstatus
);
252 /** Reset the download status of a specified element in a dsmap */
254 download_status_reset_by_sk_in_cl(cert_list_t
*cl
, const char *digest
)
256 download_status_t
*dlstatus
= NULL
;
261 /* Make sure we have a dsmap */
262 if (!(cl
->dl_status_map
)) {
263 cl
->dl_status_map
= dsmap_new();
265 /* Look for a download_status_t in the map with this digest */
266 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
269 /* Insert before we reset */
270 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
271 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
272 download_status_cert_init(dlstatus
);
274 tor_assert(dlstatus
);
275 /* Go ahead and reset it */
276 download_status_reset(dlstatus
);
280 * Return true if the download for this signing key digest in cl is ready
281 * to be re-attempted.
284 download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
286 time_t now
, int max_failures
)
289 download_status_t
*dlstatus
= NULL
;
294 /* Make sure we have a dsmap */
295 if (!(cl
->dl_status_map
)) {
296 cl
->dl_status_map
= dsmap_new();
298 /* Look for a download_status_t in the map with this digest */
299 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
302 /* Use download_status_is_ready() */
303 rv
= download_status_is_ready(dlstatus
, now
, max_failures
);
306 * If we don't know anything about it, return 1, since we haven't
307 * tried this one before. We need to create a new entry here,
310 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
311 download_status_cert_init(dlstatus
);
312 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
319 /** Helper: Return the cert_list_t for an authority whose authority ID is
320 * <b>id_digest</b>, allocating a new list if necessary. */
322 get_cert_list(const char *id_digest
)
325 if (!trusted_dir_certs
)
326 trusted_dir_certs
= digestmap_new();
327 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
329 cl
= tor_malloc_zero(sizeof(cert_list_t
));
330 download_status_cert_init(&cl
->dl_status_by_id
);
331 cl
->certs
= smartlist_new();
332 cl
->dl_status_map
= dsmap_new();
333 digestmap_set(trusted_dir_certs
, id_digest
, cl
);
338 /** Return a list of authority ID digests with potentially enumerable lists
339 * of download_status_t objects; used by controller GETINFO queries.
342 MOCK_IMPL(smartlist_t
*,
343 list_authority_ids_with_downloads
, (void))
345 smartlist_t
*ids
= smartlist_new();
351 if (trusted_dir_certs
) {
352 for (i
= digestmap_iter_init(trusted_dir_certs
);
353 !(digestmap_iter_done(i
));
354 i
= digestmap_iter_next(trusted_dir_certs
, i
)) {
356 * We always have at least dl_status_by_id to query, so no need to
357 * probe deeper than the existence of a cert_list_t.
359 digestmap_iter_get(i
, &digest
, &cl
);
360 tmp
= tor_malloc(DIGEST_LEN
);
361 memcpy(tmp
, digest
, DIGEST_LEN
);
362 smartlist_add(ids
, tmp
);
365 /* else definitely no downlaods going since nothing even has a cert list */
370 /** Given an authority ID digest, return a pointer to the default download
371 * status, or NULL if there is no such entry in trusted_dir_certs */
373 MOCK_IMPL(download_status_t
*,
374 id_only_download_status_for_authority_id
, (const char *digest
))
376 download_status_t
*dl
= NULL
;
379 if (trusted_dir_certs
) {
380 cl
= digestmap_get(trusted_dir_certs
, digest
);
382 dl
= &(cl
->dl_status_by_id
);
389 /** Given an authority ID digest, return a smartlist of signing key digests
390 * for which download_status_t is potentially queryable, or NULL if no such
391 * authority ID digest is known. */
393 MOCK_IMPL(smartlist_t
*,
394 list_sk_digests_for_authority_id
, (const char *digest
))
396 smartlist_t
*sks
= NULL
;
399 const char *sk_digest
;
401 download_status_t
*dl
;
403 if (trusted_dir_certs
) {
404 cl
= digestmap_get(trusted_dir_certs
, digest
);
406 sks
= smartlist_new();
407 if (cl
->dl_status_map
) {
408 for (i
= dsmap_iter_init(cl
->dl_status_map
);
409 !(dsmap_iter_done(i
));
410 i
= dsmap_iter_next(cl
->dl_status_map
, i
)) {
411 /* Pull the digest out and add it to the list */
412 dsmap_iter_get(i
, &sk_digest
, &dl
);
413 tmp
= tor_malloc(DIGEST_LEN
);
414 memcpy(tmp
, sk_digest
, DIGEST_LEN
);
415 smartlist_add(sks
, tmp
);
424 /** Given an authority ID digest and a signing key digest, return the
425 * download_status_t or NULL if none exists. */
427 MOCK_IMPL(download_status_t
*,
428 download_status_for_authority_id_and_sk
,
429 (const char *id_digest
, const char *sk_digest
))
431 download_status_t
*dl
= NULL
;
432 cert_list_t
*cl
= NULL
;
434 if (trusted_dir_certs
) {
435 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
436 if (cl
&& cl
->dl_status_map
) {
437 dl
= dsmap_get(cl
->dl_status_map
, sk_digest
);
444 /** Release all space held by a cert_list_t */
446 cert_list_free(cert_list_t
*cl
)
451 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
452 authority_cert_free(cert
));
453 smartlist_free(cl
->certs
);
454 dsmap_free(cl
->dl_status_map
, tor_free_
);
458 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
460 cert_list_free_(void *cl
)
465 /** Reload the cached v3 key certificates from the cached-certs file in
466 * the data directory. Return 0 on success, -1 on failure. */
468 trusted_dirs_reload_certs(void)
474 filename
= get_datadir_fname("cached-certs");
475 contents
= read_file_to_str(filename
, RFTS_IGNORE_MISSING
, NULL
);
479 r
= trusted_dirs_load_certs_from_string(
481 TRUSTED_DIRS_CERTS_SRC_FROM_STORE
, 1, NULL
);
486 /** Helper: return true iff we already have loaded the exact cert
489 already_have_cert(authority_cert_t
*cert
)
491 cert_list_t
*cl
= get_cert_list(cert
->cache_info
.identity_digest
);
493 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
495 if (tor_memeq(c
->cache_info
.signed_descriptor_digest
,
496 cert
->cache_info
.signed_descriptor_digest
,
503 /** Load a bunch of new key certificates from the string <b>contents</b>. If
504 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
505 * from the cache, and we don't need to flush them to disk. If we are a
506 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
507 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
508 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
509 * need to flush any changed certificates to disk now. Return 0 on success,
510 * -1 if any certs fail to parse.
512 * If source_dir is non-NULL, it's the identity digest for a directory that
513 * we've just successfully retrieved certificates from, so try it first to
514 * fetch any missing certificates.
517 trusted_dirs_load_certs_from_string(const char *contents
, int source
,
518 int flush
, const char *source_dir
)
522 int failure_code
= 0;
523 int from_store
= (source
== TRUSTED_DIRS_CERTS_SRC_FROM_STORE
);
524 int added_trusted_cert
= 0;
526 for (s
= contents
; *s
; s
= eos
) {
527 authority_cert_t
*cert
= authority_cert_parse_from_string(s
, &eos
);
533 ds
= trusteddirserver_get_by_v3_auth_digest(
534 cert
->cache_info
.identity_digest
);
535 log_debug(LD_DIR
, "Parsed certificate for %s",
536 ds
? ds
->nickname
: "unknown authority");
538 if (already_have_cert(cert
)) {
539 /* we already have this one. continue. */
540 log_info(LD_DIR
, "Skipping %s certificate for %s that we "
542 from_store
? "cached" : "downloaded",
543 ds
? ds
->nickname
: "an old or new authority");
546 * A duplicate on download should be treated as a failure, so we call
547 * authority_cert_dl_failed() to reset the download status to make sure
548 * we can't try again. Since we've implemented the fp-sk mechanism
549 * to download certs by signing key, this should be much rarer than it
550 * was and is perhaps cause for concern.
553 if (authdir_mode(get_options())) {
555 "Got a certificate for %s, but we already have it. "
556 "Maybe they haven't updated it. Waiting for a while.",
557 ds
? ds
->nickname
: "an old or new authority");
560 "Got a certificate for %s, but we already have it. "
561 "Maybe they haven't updated it. Waiting for a while.",
562 ds
? ds
->nickname
: "an old or new authority");
566 * This is where we care about the source; authority_cert_dl_failed()
567 * needs to know whether the download was by fp or (fp,sk) pair to
568 * twiddle the right bit in the download map.
570 if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
) {
571 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
573 } else if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST
) {
574 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
575 cert
->signing_key_digest
, 404);
579 authority_cert_free(cert
);
584 added_trusted_cert
= 1;
585 log_info(LD_DIR
, "Adding %s certificate for directory authority %s with "
586 "signing key %s", from_store
? "cached" : "downloaded",
587 ds
->nickname
, hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
589 int adding
= directory_caches_unknown_auth_certs(get_options());
590 log_info(LD_DIR
, "%s %s certificate for unrecognized directory "
591 "authority with signing key %s",
592 adding
? "Adding" : "Not adding",
593 from_store
? "cached" : "downloaded",
594 hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
596 authority_cert_free(cert
);
601 cl
= get_cert_list(cert
->cache_info
.identity_digest
);
602 smartlist_add(cl
->certs
, cert
);
603 if (ds
&& cert
->cache_info
.published_on
> ds
->addr_current_at
) {
604 /* Check to see whether we should update our view of the authority's
606 if (cert
->addr
&& cert
->dir_port
&&
607 (ds
->addr
!= cert
->addr
||
608 ds
->dir_port
!= cert
->dir_port
)) {
609 char *a
= tor_dup_ip(cert
->addr
);
610 log_notice(LD_DIR
, "Updating address for directory authority %s "
611 "from %s:%d to %s:%d based on certificate.",
612 ds
->nickname
, ds
->address
, (int)ds
->dir_port
,
615 ds
->addr
= cert
->addr
;
616 ds
->dir_port
= cert
->dir_port
;
618 ds
->addr_current_at
= cert
->cache_info
.published_on
;
622 trusted_dir_servers_certs_changed
= 1;
626 trusted_dirs_flush_certs_to_disk();
628 /* call this even if failure_code is <0, since some certs might have
629 * succeeded, but only pass source_dir if there were no failures,
630 * and at least one more authority certificate was added to the store.
631 * This avoids retrying a directory that's serving bad or entirely duplicate
633 if (failure_code
== 0 && added_trusted_cert
) {
634 networkstatus_note_certs_arrived(source_dir
);
636 networkstatus_note_certs_arrived(NULL
);
642 /** Save all v3 key certificates to the cached-certs file. */
644 trusted_dirs_flush_certs_to_disk(void)
649 if (!trusted_dir_servers_certs_changed
|| !trusted_dir_certs
)
652 chunks
= smartlist_new();
653 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
654 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
656 sized_chunk_t
*c
= tor_malloc(sizeof(sized_chunk_t
));
657 c
->bytes
= cert
->cache_info
.signed_descriptor_body
;
658 c
->len
= cert
->cache_info
.signed_descriptor_len
;
659 smartlist_add(chunks
, c
);
661 } DIGESTMAP_FOREACH_END
;
663 filename
= get_datadir_fname("cached-certs");
664 if (write_chunks_to_file(filename
, chunks
, 0, 0)) {
665 log_warn(LD_FS
, "Error writing certificates to disk.");
668 SMARTLIST_FOREACH(chunks
, sized_chunk_t
*, c
, tor_free(c
));
669 smartlist_free(chunks
);
671 trusted_dir_servers_certs_changed
= 0;
675 compare_certs_by_pubdates(const void **_a
, const void **_b
)
677 const authority_cert_t
*cert1
= *_a
, *cert2
=*_b
;
679 if (cert1
->cache_info
.published_on
< cert2
->cache_info
.published_on
)
681 else if (cert1
->cache_info
.published_on
> cert2
->cache_info
.published_on
)
687 /** Remove all expired v3 authority certificates that have been superseded for
688 * more than 48 hours or, if not expired, that were published more than 7 days
689 * before being superseded. (If the most recent cert was published more than 48
690 * hours ago, then we aren't going to get any consensuses signed with older
693 trusted_dirs_remove_old_certs(void)
695 time_t now
= time(NULL
);
696 #define DEAD_CERT_LIFETIME (2*24*60*60)
697 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
698 if (!trusted_dir_certs
)
701 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
702 /* Sort the list from first-published to last-published */
703 smartlist_sort(cl
->certs
, compare_certs_by_pubdates
);
705 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
706 if (cert_sl_idx
== smartlist_len(cl
->certs
) - 1) {
707 /* This is the most recently published cert. Keep it. */
710 authority_cert_t
*next_cert
= smartlist_get(cl
->certs
, cert_sl_idx
+1);
711 const time_t next_cert_published
= next_cert
->cache_info
.published_on
;
712 if (next_cert_published
> now
) {
713 /* All later certs are published in the future. Keep everything
714 * we didn't discard. */
717 int should_remove
= 0;
718 if (cert
->expires
+ DEAD_CERT_LIFETIME
< now
) {
719 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
722 } else if (next_cert_published
+ SUPERSEDED_CERT_LIFETIME
< now
) {
723 /* Certificate has been superseded for OLD_CERT_LIFETIME.
729 SMARTLIST_DEL_CURRENT_KEEPORDER(cl
->certs
, cert
);
730 authority_cert_free(cert
);
731 trusted_dir_servers_certs_changed
= 1;
733 } SMARTLIST_FOREACH_END(cert
);
735 } DIGESTMAP_FOREACH_END
;
736 #undef DEAD_CERT_LIFETIME
737 #undef OLD_CERT_LIFETIME
739 trusted_dirs_flush_certs_to_disk();
742 /** Return the newest v3 authority certificate whose v3 authority identity key
743 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
744 * or it has no certificate. */
746 authority_cert_get_newest_by_id(const char *id_digest
)
749 authority_cert_t
*best
= NULL
;
750 if (!trusted_dir_certs
||
751 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
754 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
756 if (!best
|| cert
->cache_info
.published_on
> best
->cache_info
.published_on
)
762 /** Return the newest v3 authority certificate whose directory signing key has
763 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
766 authority_cert_get_by_sk_digest(const char *sk_digest
)
769 if (!trusted_dir_certs
)
772 if ((c
= get_my_v3_authority_cert()) &&
773 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
775 if ((c
= get_my_v3_legacy_cert()) &&
776 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
779 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
780 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
782 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
785 } DIGESTMAP_FOREACH_END
;
789 /** Return the v3 authority certificate with signing key matching
790 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
791 * Return NULL if no such authority is known. */
793 authority_cert_get_by_digests(const char *id_digest
,
794 const char *sk_digest
)
797 if (!trusted_dir_certs
||
798 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
800 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
801 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
807 /** Add every known authority_cert_t to <b>certs_out</b>. */
809 authority_cert_get_all(smartlist_t
*certs_out
)
811 tor_assert(certs_out
);
812 if (!trusted_dir_certs
)
815 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
816 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
817 smartlist_add(certs_out
, c
));
818 } DIGESTMAP_FOREACH_END
;
821 /** Called when an attempt to download a certificate with the authority with
822 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
823 * fails with HTTP response code <b>status</b>: remember the failure, so we
824 * don't try again immediately. */
826 authority_cert_dl_failed(const char *id_digest
,
827 const char *signing_key_digest
, int status
)
830 download_status_t
*dlstatus
= NULL
;
831 char id_digest_str
[2*DIGEST_LEN
+1];
832 char sk_digest_str
[2*DIGEST_LEN
+1];
834 if (!trusted_dir_certs
||
835 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
839 * Are we noting a failed download of the latest cert for the id digest,
840 * or of a download by (id, signing key) digest pair?
842 if (!signing_key_digest
) {
843 /* Just by id digest */
844 download_status_failed(&cl
->dl_status_by_id
, status
);
846 /* Reset by (id, signing key) digest pair
848 * Look for a download_status_t in the map with this digest
850 dlstatus
= dsmap_get(cl
->dl_status_map
, signing_key_digest
);
853 download_status_failed(dlstatus
, status
);
856 * Do this rather than hex_str(), since hex_str clobbers
857 * old results and we call twice in the param list.
859 base16_encode(id_digest_str
, sizeof(id_digest_str
),
860 id_digest
, DIGEST_LEN
);
861 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
862 signing_key_digest
, DIGEST_LEN
);
864 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
865 "status %d, but knew nothing about the download.",
866 id_digest_str
, sk_digest_str
, status
);
871 static const char *BAD_SIGNING_KEYS
[] = {
872 "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
873 "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
874 "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
875 "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
876 "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
877 "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
878 "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
879 "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
880 "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
881 "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
885 /** Return true iff <b>cert</b> authenticates some atuhority signing key
886 * which, because of the old openssl heartbleed vulnerability, should
887 * never be trusted. */
889 authority_cert_is_blacklisted(const authority_cert_t
*cert
)
891 char hex_digest
[HEX_DIGEST_LEN
+1];
893 base16_encode(hex_digest
, sizeof(hex_digest
),
894 cert
->signing_key_digest
, sizeof(cert
->signing_key_digest
));
896 for (i
= 0; BAD_SIGNING_KEYS
[i
]; ++i
) {
897 if (!strcasecmp(hex_digest
, BAD_SIGNING_KEYS
[i
])) {
904 /** Return true iff when we've been getting enough failures when trying to
905 * download the certificate with ID digest <b>id_digest</b> that we're willing
906 * to start bugging the user about it. */
908 authority_cert_dl_looks_uncertain(const char *id_digest
)
910 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
913 if (!trusted_dir_certs
||
914 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
917 n_failures
= download_status_get_n_failures(&cl
->dl_status_by_id
);
918 return n_failures
>= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER
;
921 /* Fetch the authority certificates specified in resource.
922 * If we are a bridge client, and node is a configured bridge, fetch from node
923 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
924 * rs. Otherwise, fetch from a random directory mirror. */
926 authority_certs_fetch_resource_impl(const char *resource
,
927 const char *dir_hint
,
929 const routerstatus_t
*rs
)
931 const or_options_t
*options
= get_options();
932 int get_via_tor
= purpose_needs_anonymity(DIR_PURPOSE_FETCH_CERTIFICATE
, 0);
934 /* Make sure bridge clients never connect to anything but a bridge */
935 if (options
->UseBridges
) {
936 if (node
&& !node_is_a_configured_bridge(node
)) {
937 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
940 /* If we're using bridges, and there's no node, use a 3-hop path. */
945 const dir_indirection_t indirection
= get_via_tor
? DIRIND_ANONYMOUS
948 /* If we've just downloaded a consensus from a bridge, re-use that
950 if (options
->UseBridges
&& node
&& !get_via_tor
) {
951 /* clients always make OR connections to bridges */
952 tor_addr_port_t or_ap
;
953 /* we are willing to use a non-preferred address if we need to */
954 fascist_firewall_choose_address_node(node
, FIREWALL_OR_CONNECTION
, 0,
956 directory_initiate_command(&or_ap
.addr
, or_ap
.port
,
957 NULL
, 0, /*no dirport*/
959 DIR_PURPOSE_FETCH_CERTIFICATE
,
962 resource
, NULL
, 0, 0);
967 /* If we've just downloaded a consensus from a directory, re-use that
969 directory_initiate_command_routerstatus(rs
,
970 DIR_PURPOSE_FETCH_CERTIFICATE
,
971 0, indirection
, resource
, NULL
,
976 /* Otherwise, we want certs from a random fallback or directory
977 * mirror, because they will almost always succeed. */
978 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
979 resource
, PDS_RETRY_IF_NO_SERVERS
,
980 DL_WANT_ANY_DIRSERVER
);
983 /** Try to download any v3 authority certificates that we may be missing. If
984 * <b>status</b> is provided, try to get all the ones that were used to sign
985 * <b>status</b>. Additionally, try to have a non-expired certificate for
986 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
989 * If dir_hint is non-NULL, it's the identity digest for a directory that
990 * we've just successfully retrieved a consensus or certificates from, so try
991 * it first to fetch any missing certificates.
994 authority_certs_fetch_missing(networkstatus_t
*status
, time_t now
,
995 const char *dir_hint
)
998 * The pending_id digestmap tracks pending certificate downloads by
999 * identity digest; the pending_cert digestmap tracks pending downloads
1000 * by (identity digest, signing key digest) pairs.
1002 digestmap_t
*pending_id
;
1003 fp_pair_map_t
*pending_cert
;
1005 * The missing_id_digests smartlist will hold a list of id digests
1006 * we want to fetch the newest cert for; the missing_cert_digests
1007 * smartlist will hold a list of fp_pair_t with an identity and
1008 * signing key digest.
1010 smartlist_t
*missing_cert_digests
, *missing_id_digests
;
1011 char *resource
= NULL
;
1013 const or_options_t
*options
= get_options();
1014 const int cache
= directory_caches_unknown_auth_certs(options
);
1015 fp_pair_t
*fp_tmp
= NULL
;
1016 char id_digest_str
[2*DIGEST_LEN
+1];
1017 char sk_digest_str
[2*DIGEST_LEN
+1];
1019 if (should_delay_dir_fetches(options
, NULL
))
1022 pending_cert
= fp_pair_map_new();
1023 pending_id
= digestmap_new();
1024 missing_cert_digests
= smartlist_new();
1025 missing_id_digests
= smartlist_new();
1028 * First, we get the lists of already pending downloads so we don't
1031 list_pending_downloads(pending_id
, NULL
,
1032 DIR_PURPOSE_FETCH_CERTIFICATE
, "fp/");
1033 list_pending_fpsk_downloads(pending_cert
);
1036 * Now, we download any trusted authority certs we don't have by
1037 * identity digest only. This gets the latest cert for that authority.
1039 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers
, dir_server_t
*, ds
) {
1041 if (!(ds
->type
& V3_DIRINFO
))
1043 if (smartlist_contains_digest(missing_id_digests
,
1044 ds
->v3_identity_digest
))
1046 cl
= get_cert_list(ds
->v3_identity_digest
);
1047 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
1048 if (now
< cert
->expires
) {
1049 /* It's not expired, and we weren't looking for something to
1050 * verify a consensus with. Call it done. */
1051 download_status_reset(&(cl
->dl_status_by_id
));
1052 /* No sense trying to download it specifically by signing key hash */
1053 download_status_reset_by_sk_in_cl(cl
, cert
->signing_key_digest
);
1057 } SMARTLIST_FOREACH_END(cert
);
1059 download_status_is_ready(&(cl
->dl_status_by_id
), now
,
1060 options
->TestingCertMaxDownloadTries
) &&
1061 !digestmap_get(pending_id
, ds
->v3_identity_digest
)) {
1063 "No current certificate known for authority %s "
1064 "(ID digest %s); launching request.",
1065 ds
->nickname
, hex_str(ds
->v3_identity_digest
, DIGEST_LEN
));
1066 smartlist_add(missing_id_digests
, ds
->v3_identity_digest
);
1068 } SMARTLIST_FOREACH_END(ds
);
1071 * Next, if we have a consensus, scan through it and look for anything
1072 * signed with a key from a cert we don't have. Those get downloaded
1073 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1074 * (identity digest), and it's one of the trusted dir server certs
1075 * we started off above or a pending download in pending_id, don't
1076 * try to get it yet. Most likely, the one we'll get for that will
1077 * have the right signing key too, and we'd just be downloading
1081 SMARTLIST_FOREACH_BEGIN(status
->voters
, networkstatus_voter_info_t
*,
1083 if (!smartlist_len(voter
->sigs
))
1084 continue; /* This authority never signed this consensus, so don't
1085 * go looking for a cert with key digest 0000000000. */
1087 !trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
))
1088 continue; /* We are not a cache, and we don't know this authority.*/
1091 * If we don't know *any* cert for this authority, and a download by ID
1092 * is pending or we added it to missing_id_digests above, skip this
1093 * one for now to avoid duplicate downloads.
1095 cl
= get_cert_list(voter
->identity_digest
);
1096 if (smartlist_len(cl
->certs
) == 0) {
1097 /* We have no certs at all for this one */
1099 /* Do we have a download of one pending? */
1100 if (digestmap_get(pending_id
, voter
->identity_digest
))
1104 * Are we about to launch a download of one due to the trusted
1105 * dir server check above?
1107 if (smartlist_contains_digest(missing_id_digests
,
1108 voter
->identity_digest
))
1112 SMARTLIST_FOREACH_BEGIN(voter
->sigs
, document_signature_t
*, sig
) {
1113 authority_cert_t
*cert
=
1114 authority_cert_get_by_digests(voter
->identity_digest
,
1115 sig
->signing_key_digest
);
1117 if (now
< cert
->expires
)
1118 download_status_reset_by_sk_in_cl(cl
, sig
->signing_key_digest
);
1121 if (download_status_is_ready_by_sk_in_cl(
1122 cl
, sig
->signing_key_digest
,
1123 now
, options
->TestingCertMaxDownloadTries
) &&
1124 !fp_pair_map_get_by_digests(pending_cert
,
1125 voter
->identity_digest
,
1126 sig
->signing_key_digest
)) {
1128 * Do this rather than hex_str(), since hex_str clobbers
1129 * old results and we call twice in the param list.
1131 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1132 voter
->identity_digest
, DIGEST_LEN
);
1133 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1134 sig
->signing_key_digest
, DIGEST_LEN
);
1136 if (voter
->nickname
) {
1138 "We're missing a certificate from authority %s "
1139 "(ID digest %s) with signing key %s: "
1140 "launching request.",
1141 voter
->nickname
, id_digest_str
, sk_digest_str
);
1144 "We're missing a certificate from authority ID digest "
1145 "%s with signing key %s: launching request.",
1146 id_digest_str
, sk_digest_str
);
1149 /* Allocate a new fp_pair_t to append */
1150 fp_tmp
= tor_malloc(sizeof(*fp_tmp
));
1151 memcpy(fp_tmp
->first
, voter
->identity_digest
, sizeof(fp_tmp
->first
));
1152 memcpy(fp_tmp
->second
, sig
->signing_key_digest
,
1153 sizeof(fp_tmp
->second
));
1154 smartlist_add(missing_cert_digests
, fp_tmp
);
1156 } SMARTLIST_FOREACH_END(sig
);
1157 } SMARTLIST_FOREACH_END(voter
);
1160 /* Bridge clients look up the node for the dir_hint */
1161 const node_t
*node
= NULL
;
1162 /* All clients, including bridge clients, look up the routerstatus for the
1164 const routerstatus_t
*rs
= NULL
;
1166 /* If we still need certificates, try the directory that just successfully
1167 * served us a consensus or certificates.
1168 * As soon as the directory fails to provide additional certificates, we try
1169 * another, randomly selected directory. This avoids continual retries.
1170 * (We only ever have one outstanding request per certificate.)
1173 if (options
->UseBridges
) {
1174 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1175 * or something else fetched over tor, we won't find the node here, but
1176 * we will find the rs. */
1177 node
= node_get_by_id(dir_hint
);
1180 /* All clients try the consensus routerstatus, then the fallback
1182 rs
= router_get_consensus_status_by_id(dir_hint
);
1184 /* This will also find authorities */
1185 const dir_server_t
*ds
= router_get_fallback_dirserver_by_digest(
1188 rs
= &ds
->fake_status
;
1193 log_warn(LD_BUG
, "Directory %s delivered a consensus, but %s"
1194 "no routerstatus could be found for it.",
1195 options
->UseBridges
? "no node and " : "",
1196 hex_str(dir_hint
, DIGEST_LEN
));
1200 /* Do downloads by identity digest */
1201 if (smartlist_len(missing_id_digests
) > 0) {
1203 smartlist_t
*fps
= smartlist_new();
1205 smartlist_add(fps
, tor_strdup("fp/"));
1207 SMARTLIST_FOREACH_BEGIN(missing_id_digests
, const char *, d
) {
1210 if (digestmap_get(pending_id
, d
))
1213 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1217 tor_asprintf(&fp
, "+%s", id_digest_str
);
1219 /* No need for tor_asprintf() in this case; first one gets no '+' */
1220 fp
= tor_strdup(id_digest_str
);
1224 smartlist_add(fps
, fp
);
1225 } SMARTLIST_FOREACH_END(d
);
1227 if (smartlist_len(fps
) > 1) {
1228 resource
= smartlist_join_strings(fps
, "", 0, NULL
);
1229 /* node and rs are directories that just gave us a consensus or
1231 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1234 /* else we didn't add any: they were all pending */
1236 SMARTLIST_FOREACH(fps
, char *, cp
, tor_free(cp
));
1237 smartlist_free(fps
);
1240 /* Do downloads by identity digest/signing key pair */
1241 if (smartlist_len(missing_cert_digests
) > 0) {
1243 smartlist_t
*fp_pairs
= smartlist_new();
1245 smartlist_add(fp_pairs
, tor_strdup("fp-sk/"));
1247 SMARTLIST_FOREACH_BEGIN(missing_cert_digests
, const fp_pair_t
*, d
) {
1248 char *fp_pair
= NULL
;
1250 if (fp_pair_map_get(pending_cert
, d
))
1253 /* Construct string encodings of the digests */
1254 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1255 d
->first
, DIGEST_LEN
);
1256 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1257 d
->second
, DIGEST_LEN
);
1259 /* Now tor_asprintf() */
1261 tor_asprintf(&fp_pair
, "+%s-%s", id_digest_str
, sk_digest_str
);
1263 /* First one in the list doesn't get a '+' */
1264 tor_asprintf(&fp_pair
, "%s-%s", id_digest_str
, sk_digest_str
);
1268 /* Add it to the list of pairs to request */
1269 smartlist_add(fp_pairs
, fp_pair
);
1270 } SMARTLIST_FOREACH_END(d
);
1272 if (smartlist_len(fp_pairs
) > 1) {
1273 resource
= smartlist_join_strings(fp_pairs
, "", 0, NULL
);
1274 /* node and rs are directories that just gave us a consensus or
1276 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1279 /* else they were all pending */
1281 SMARTLIST_FOREACH(fp_pairs
, char *, p
, tor_free(p
));
1282 smartlist_free(fp_pairs
);
1285 smartlist_free(missing_id_digests
);
1286 SMARTLIST_FOREACH(missing_cert_digests
, fp_pair_t
*, p
, tor_free(p
));
1287 smartlist_free(missing_cert_digests
);
1288 digestmap_free(pending_id
, NULL
);
1289 fp_pair_map_free(pending_cert
, NULL
);
1292 /* Router descriptor storage.
1294 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1295 * routerdescs arrive, we append them to a journal file named
1296 * "cached-descriptors.new".
1298 * From time to time, we replace "cached-descriptors" with a new file
1299 * containing only the live, non-superseded descriptors, and clear
1300 * cached-routers.new.
1302 * On startup, we read both files.
1305 /** Helper: return 1 iff the router log is so big we want to rebuild the
1308 router_should_rebuild_store(desc_store_t
*store
)
1310 if (store
->store_len
> (1<<16))
1311 return (store
->journal_len
> store
->store_len
/ 2 ||
1312 store
->bytes_dropped
> store
->store_len
/ 2);
1314 return store
->journal_len
> (1<<15);
1317 /** Return the desc_store_t in <b>rl</b> that should be used to store
1319 static inline desc_store_t
*
1320 desc_get_store(routerlist_t
*rl
, const signed_descriptor_t
*sd
)
1322 if (sd
->is_extrainfo
)
1323 return &rl
->extrainfo_store
;
1325 return &rl
->desc_store
;
1328 /** Add the signed_descriptor_t in <b>desc</b> to the router
1329 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1330 * offset appropriately. */
1332 signed_desc_append_to_journal(signed_descriptor_t
*desc
,
1333 desc_store_t
*store
)
1335 char *fname
= get_datadir_fname_suffix(store
->fname_base
, ".new");
1336 const char *body
= signed_descriptor_get_body_impl(desc
,1);
1337 size_t len
= desc
->signed_descriptor_len
+ desc
->annotations_len
;
1339 if (append_bytes_to_file(fname
, body
, len
, 1)) {
1340 log_warn(LD_FS
, "Unable to store router descriptor");
1344 desc
->saved_location
= SAVED_IN_JOURNAL
;
1347 desc
->saved_offset
= store
->journal_len
;
1348 store
->journal_len
+= len
;
1353 /** Sorting helper: return <0, 0, or >0 depending on whether the
1354 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1355 * the signed_descriptor_t* in *<b>b</b>. */
1357 compare_signed_descriptors_by_age_(const void **_a
, const void **_b
)
1359 const signed_descriptor_t
*r1
= *_a
, *r2
= *_b
;
1360 return (int)(r1
->published_on
- r2
->published_on
);
1364 #define RRS_DONT_REMOVE_OLD 2
1366 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1367 * <b>flags</b>, then atomically replace the saved router store with the
1368 * routers currently in our routerlist, and clear the journal. Unless
1369 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1370 * rebuilding the store. Return 0 on success, -1 on failure.
1373 router_rebuild_store(int flags
, desc_store_t
*store
)
1375 smartlist_t
*chunk_list
= NULL
;
1376 char *fname
= NULL
, *fname_tmp
= NULL
;
1379 smartlist_t
*signed_descriptors
= NULL
;
1381 size_t total_expected_len
= 0;
1383 int force
= flags
& RRS_FORCE
;
1385 if (!force
&& !router_should_rebuild_store(store
)) {
1394 if (store
->type
== EXTRAINFO_STORE
)
1395 had_any
= !eimap_isempty(routerlist
->extra_info_map
);
1397 had_any
= (smartlist_len(routerlist
->routers
)+
1398 smartlist_len(routerlist
->old_routers
))>0;
1400 /* Don't save deadweight. */
1401 if (!(flags
& RRS_DONT_REMOVE_OLD
))
1402 routerlist_remove_old_routers();
1404 log_info(LD_DIR
, "Rebuilding %s cache", store
->description
);
1406 fname
= get_datadir_fname(store
->fname_base
);
1407 fname_tmp
= get_datadir_fname_suffix(store
->fname_base
, ".tmp");
1409 chunk_list
= smartlist_new();
1411 /* We sort the routers by age to enhance locality on disk. */
1412 signed_descriptors
= smartlist_new();
1413 if (store
->type
== EXTRAINFO_STORE
) {
1415 for (iter
= eimap_iter_init(routerlist
->extra_info_map
);
1416 !eimap_iter_done(iter
);
1417 iter
= eimap_iter_next(routerlist
->extra_info_map
, iter
)) {
1420 eimap_iter_get(iter
, &key
, &ei
);
1421 smartlist_add(signed_descriptors
, &ei
->cache_info
);
1424 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
1425 smartlist_add(signed_descriptors
, sd
));
1426 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, ri
,
1427 smartlist_add(signed_descriptors
, &ri
->cache_info
));
1430 smartlist_sort(signed_descriptors
, compare_signed_descriptors_by_age_
);
1432 /* Now, add the appropriate members to chunk_list */
1433 SMARTLIST_FOREACH_BEGIN(signed_descriptors
, signed_descriptor_t
*, sd
) {
1435 const char *body
= signed_descriptor_get_body_impl(sd
, 1);
1437 log_warn(LD_BUG
, "No descriptor available for router.");
1440 if (sd
->do_not_cache
) {
1444 c
= tor_malloc(sizeof(sized_chunk_t
));
1446 c
->len
= sd
->signed_descriptor_len
+ sd
->annotations_len
;
1447 total_expected_len
+= c
->len
;
1448 smartlist_add(chunk_list
, c
);
1449 } SMARTLIST_FOREACH_END(sd
);
1451 if (write_chunks_to_file(fname_tmp
, chunk_list
, 1, 1)<0) {
1452 log_warn(LD_FS
, "Error writing router store to disk.");
1456 /* Our mmap is now invalid. */
1458 int res
= tor_munmap_file(store
->mmap
);
1461 log_warn(LD_FS
, "Unable to munmap route store in %s", fname
);
1465 if (replace_file(fname_tmp
, fname
)<0) {
1466 log_warn(LD_FS
, "Error replacing old router store: %s", strerror(errno
));
1471 store
->mmap
= tor_mmap_file(fname
);
1472 if (! store
->mmap
) {
1473 if (errno
== ERANGE
) {
1475 if (total_expected_len
) {
1476 log_warn(LD_FS
, "We wrote some bytes to a new descriptor file at '%s',"
1477 " but when we went to mmap it, it was empty!", fname
);
1478 } else if (had_any
) {
1479 log_info(LD_FS
, "We just removed every descriptor in '%s'. This is "
1480 "okay if we're just starting up after a long time. "
1481 "Otherwise, it's a bug.", fname
);
1484 log_warn(LD_FS
, "Unable to mmap new descriptor file at '%s'.",fname
);
1488 log_info(LD_DIR
, "Reconstructing pointers into cache");
1491 SMARTLIST_FOREACH_BEGIN(signed_descriptors
, signed_descriptor_t
*, sd
) {
1492 if (sd
->do_not_cache
)
1494 sd
->saved_location
= SAVED_IN_CACHE
;
1496 tor_free(sd
->signed_descriptor_body
); // sets it to null
1497 sd
->saved_offset
= offset
;
1499 offset
+= sd
->signed_descriptor_len
+ sd
->annotations_len
;
1500 signed_descriptor_get_body(sd
); /* reconstruct and assert */
1501 } SMARTLIST_FOREACH_END(sd
);
1504 fname
= get_datadir_fname_suffix(store
->fname_base
, ".new");
1505 write_str_to_file(fname
, "", 1);
1508 store
->store_len
= (size_t) offset
;
1509 store
->journal_len
= 0;
1510 store
->bytes_dropped
= 0;
1512 smartlist_free(signed_descriptors
);
1514 tor_free(fname_tmp
);
1516 SMARTLIST_FOREACH(chunk_list
, sized_chunk_t
*, c
, tor_free(c
));
1517 smartlist_free(chunk_list
);
1523 /** Helper: Reload a cache file and its associated journal, setting metadata
1524 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1525 * else reload the router descriptor store. */
1527 router_reload_router_list_impl(desc_store_t
*store
)
1529 char *fname
= NULL
, *contents
= NULL
;
1531 int extrainfo
= (store
->type
== EXTRAINFO_STORE
);
1532 store
->journal_len
= store
->store_len
= 0;
1534 fname
= get_datadir_fname(store
->fname_base
);
1537 /* get rid of it first */
1538 int res
= tor_munmap_file(store
->mmap
);
1541 log_warn(LD_FS
, "Failed to munmap %s", fname
);
1547 store
->mmap
= tor_mmap_file(fname
);
1549 store
->store_len
= store
->mmap
->size
;
1551 router_load_extrainfo_from_string(store
->mmap
->data
,
1552 store
->mmap
->data
+store
->mmap
->size
,
1553 SAVED_IN_CACHE
, NULL
, 0);
1555 router_load_routers_from_string(store
->mmap
->data
,
1556 store
->mmap
->data
+store
->mmap
->size
,
1557 SAVED_IN_CACHE
, NULL
, 0, NULL
);
1561 fname
= get_datadir_fname_suffix(store
->fname_base
, ".new");
1562 /* don't load empty files - we wouldn't get any data, even if we tried */
1563 if (file_status(fname
) == FN_FILE
)
1564 contents
= read_file_to_str(fname
, RFTS_BIN
|RFTS_IGNORE_MISSING
, &st
);
1567 router_load_extrainfo_from_string(contents
, NULL
,SAVED_IN_JOURNAL
,
1570 router_load_routers_from_string(contents
, NULL
, SAVED_IN_JOURNAL
,
1572 store
->journal_len
= (size_t) st
.st_size
;
1578 if (store
->journal_len
) {
1579 /* Always clear the journal on startup.*/
1580 router_rebuild_store(RRS_FORCE
, store
);
1581 } else if (!extrainfo
) {
1582 /* Don't cache expired routers. (This is in an else because
1583 * router_rebuild_store() also calls remove_old_routers().) */
1584 routerlist_remove_old_routers();
1590 /** Load all cached router descriptors and extra-info documents from the
1591 * store. Return 0 on success and -1 on failure.
1594 router_reload_router_list(void)
1596 routerlist_t
*rl
= router_get_routerlist();
1597 if (router_reload_router_list_impl(&rl
->desc_store
))
1599 if (router_reload_router_list_impl(&rl
->extrainfo_store
))
1604 /** Return a smartlist containing a list of dir_server_t * for all
1605 * known trusted dirservers. Callers must not modify the list or its
1609 router_get_trusted_dir_servers(void)
1611 if (!trusted_dir_servers
)
1612 trusted_dir_servers
= smartlist_new();
1614 return trusted_dir_servers
;
1618 router_get_fallback_dir_servers(void)
1620 if (!fallback_dir_servers
)
1621 fallback_dir_servers
= smartlist_new();
1623 return fallback_dir_servers
;
1626 /** Try to find a running dirserver that supports operations of <b>type</b>.
1628 * If there are no running dirservers in our routerlist and the
1629 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1630 * (including authorities) as running again, and pick one.
1632 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1633 * dirservers that we can't reach.
1635 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1636 * (if we're a dirserver).
1638 * Don't pick a fallback directory mirror if any non-fallback is viable;
1639 * (the fallback directory mirrors include the authorities)
1640 * try to avoid using servers that have returned 503 recently.
1642 const routerstatus_t
*
1643 router_pick_directory_server(dirinfo_type_t type
, int flags
)
1646 const routerstatus_t
*choice
;
1651 choice
= router_pick_directory_server_impl(type
, flags
, &busy
);
1652 if (choice
|| !(flags
& PDS_RETRY_IF_NO_SERVERS
))
1656 /* If the reason that we got no server is that servers are "busy",
1657 * we must be excluding good servers because we already have serverdesc
1658 * fetches with them. Do not mark down servers up because of this. */
1659 tor_assert((flags
& (PDS_NO_EXISTING_SERVERDESC_FETCH
|
1660 PDS_NO_EXISTING_MICRODESC_FETCH
)));
1665 "No reachable router entries for dirservers. "
1666 "Trying them all again.");
1667 /* mark all fallback directory mirrors as up again */
1668 mark_all_dirservers_up(fallback_dir_servers
);
1670 choice
= router_pick_directory_server_impl(type
, flags
, NULL
);
1674 /** Return the dir_server_t for the directory authority whose identity
1675 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1678 router_get_trusteddirserver_by_digest(const char *digest
)
1680 if (!trusted_dir_servers
)
1683 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
1685 if (tor_memeq(ds
->digest
, digest
, DIGEST_LEN
))
1692 /** Return the dir_server_t for the fallback dirserver whose identity
1693 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1694 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1695 * and UseDefaultFallbackDirs torrc options.)
1696 * The list of fallback directories includes the list of authorities.
1699 router_get_fallback_dirserver_by_digest(const char *digest
)
1701 if (!fallback_dir_servers
)
1707 SMARTLIST_FOREACH(fallback_dir_servers
, dir_server_t
*, ds
,
1709 if (tor_memeq(ds
->digest
, digest
, DIGEST_LEN
))
1716 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1717 * or 0 if no such fallback is in the list of fallback_dir_servers.
1718 * (fallback_dir_servers is affected by the FallbackDir and
1719 * UseDefaultFallbackDirs torrc options.)
1720 * The list of fallback directories includes the list of authorities.
1723 router_digest_is_fallback_dir(const char *digest
)
1725 return (router_get_fallback_dirserver_by_digest(digest
) != NULL
);
1728 /** Return the dir_server_t for the directory authority whose
1729 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1732 MOCK_IMPL(dir_server_t
*,
1733 trusteddirserver_get_by_v3_auth_digest
, (const char *digest
))
1735 if (!trusted_dir_servers
)
1738 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
1740 if (tor_memeq(ds
->v3_identity_digest
, digest
, DIGEST_LEN
) &&
1741 (ds
->type
& V3_DIRINFO
))
1748 /** Try to find a running directory authority. Flags are as for
1749 * router_pick_directory_server.
1751 const routerstatus_t
*
1752 router_pick_trusteddirserver(dirinfo_type_t type
, int flags
)
1754 return router_pick_dirserver_generic(trusted_dir_servers
, type
, flags
);
1757 /** Try to find a running fallback directory. Flags are as for
1758 * router_pick_directory_server.
1760 const routerstatus_t
*
1761 router_pick_fallback_dirserver(dirinfo_type_t type
, int flags
)
1763 return router_pick_dirserver_generic(fallback_dir_servers
, type
, flags
);
1766 /** Try to find a running fallback directory. Flags are as for
1767 * router_pick_directory_server.
1769 static const routerstatus_t
*
1770 router_pick_dirserver_generic(smartlist_t
*sourcelist
,
1771 dirinfo_type_t type
, int flags
)
1773 const routerstatus_t
*choice
;
1776 choice
= router_pick_trusteddirserver_impl(sourcelist
, type
, flags
, &busy
);
1777 if (choice
|| !(flags
& PDS_RETRY_IF_NO_SERVERS
))
1780 /* If the reason that we got no server is that servers are "busy",
1781 * we must be excluding good servers because we already have serverdesc
1782 * fetches with them. Do not mark down servers up because of this. */
1783 tor_assert((flags
& (PDS_NO_EXISTING_SERVERDESC_FETCH
|
1784 PDS_NO_EXISTING_MICRODESC_FETCH
)));
1789 "No dirservers are reachable. Trying them all again.");
1790 mark_all_dirservers_up(sourcelist
);
1791 return router_pick_trusteddirserver_impl(sourcelist
, type
, flags
, NULL
);
1794 /* Check if we already have a directory fetch from ap, for serverdesc
1795 * (including extrainfo) or microdesc documents.
1796 * If so, return 1, if not, return 0.
1797 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1800 router_is_already_dir_fetching(const tor_addr_port_t
*ap
, int serverdesc
,
1803 if (!ap
|| tor_addr_is_null(&ap
->addr
) || !ap
->port
) {
1807 /* XX/teor - we're not checking tunnel connections here, see #17848
1810 connection_get_by_type_addr_port_purpose(
1811 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_SERVERDESC
)
1812 || connection_get_by_type_addr_port_purpose(
1813 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_EXTRAINFO
))) {
1818 connection_get_by_type_addr_port_purpose(
1819 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_MICRODESC
))) {
1826 /* Check if we already have a directory fetch from ds, for serverdesc
1827 * (including extrainfo) or microdesc documents.
1828 * If so, return 1, if not, return 0.
1831 router_is_already_dir_fetching_ds(const dir_server_t
*ds
,
1835 tor_addr_port_t ipv4_dir_ap
, ipv6_dir_ap
;
1837 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1838 tor_addr_from_ipv4h(&ipv4_dir_ap
.addr
, ds
->addr
);
1839 ipv4_dir_ap
.port
= ds
->dir_port
;
1840 tor_addr_copy(&ipv6_dir_ap
.addr
, &ds
->ipv6_addr
);
1841 ipv6_dir_ap
.port
= ds
->dir_port
;
1843 return (router_is_already_dir_fetching(&ipv4_dir_ap
, serverdesc
, microdesc
)
1844 || router_is_already_dir_fetching(&ipv6_dir_ap
, serverdesc
, microdesc
));
1847 /* Check if we already have a directory fetch from rs, for serverdesc
1848 * (including extrainfo) or microdesc documents.
1849 * If so, return 1, if not, return 0.
1852 router_is_already_dir_fetching_rs(const routerstatus_t
*rs
,
1856 tor_addr_port_t ipv4_dir_ap
, ipv6_dir_ap
;
1858 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1859 tor_addr_from_ipv4h(&ipv4_dir_ap
.addr
, rs
->addr
);
1860 ipv4_dir_ap
.port
= rs
->dir_port
;
1861 tor_addr_copy(&ipv6_dir_ap
.addr
, &rs
->ipv6_addr
);
1862 ipv6_dir_ap
.port
= rs
->dir_port
;
1864 return (router_is_already_dir_fetching(&ipv4_dir_ap
, serverdesc
, microdesc
)
1865 || router_is_already_dir_fetching(&ipv6_dir_ap
, serverdesc
, microdesc
));
1868 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1869 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1872 /* Log a message if rs is not found or not a preferred address */
1874 router_picked_poor_directory_log(const routerstatus_t
*rs
)
1876 const networkstatus_t
*usable_consensus
;
1877 usable_consensus
= networkstatus_get_reasonably_live_consensus(time(NULL
),
1878 usable_consensus_flavor());
1880 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1881 /* Don't log early in the bootstrap process, it's normal to pick from a
1882 * small pool of nodes. Of course, this won't help if we're trying to
1883 * diagnose bootstrap issues. */
1884 if (!smartlist_len(nodelist_get_list()) || !usable_consensus
1885 || !router_have_minimum_dir_info()) {
1890 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1891 * Sometimes this is normal, sometimes it can be a reachability issue. */
1893 /* This happens a lot, so it's at debug level */
1894 log_debug(LD_DIR
, "Wanted to make an outgoing directory connection, but "
1895 "we couldn't find a directory that fit our criteria. "
1896 "Perhaps we will succeed next time with less strict criteria.");
1897 } else if (!fascist_firewall_allows_rs(rs
, FIREWALL_OR_CONNECTION
, 1)
1898 && !fascist_firewall_allows_rs(rs
, FIREWALL_DIR_CONNECTION
, 1)
1900 /* This is rare, and might be interesting to users trying to diagnose
1901 * connection issues on dual-stack machines. */
1902 log_info(LD_DIR
, "Selected a directory %s with non-preferred OR and Dir "
1903 "addresses for launching an outgoing connection: "
1904 "IPv4 %s OR %d Dir %d IPv6 %s OR %d Dir %d",
1905 routerstatus_describe(rs
),
1906 fmt_addr32(rs
->addr
), rs
->or_port
,
1907 rs
->dir_port
, fmt_addr(&rs
->ipv6_addr
),
1908 rs
->ipv6_orport
, rs
->dir_port
);
1912 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1914 /** How long do we avoid using a directory server after it's given us a 503? */
1915 #define DIR_503_TIMEOUT (60*60)
1917 /* Common retry code for router_pick_directory_server_impl and
1918 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1919 * Must be called before RETRY_WITHOUT_EXCLUDE().
1921 * If we got no result, and we are applying IP preferences, and we are a
1922 * client that could use an alternate IP version, try again with the
1923 * opposite preferences. */
1924 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1926 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1927 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1936 /* Common retry code for router_pick_directory_server_impl and
1937 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1938 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1940 * If we got no result, and we are excluding nodes, and StrictNodes is
1941 * not set, try again without excluding nodes. */
1942 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1944 if (result == NULL && try_excluding && !options->StrictNodes \
1945 && n_excluded && !n_busy) { \
1946 try_excluding = 0; \
1954 /* When iterating through the routerlist, can OR address/port preference
1955 * and reachability checks be skipped?
1958 router_skip_or_reachability(const or_options_t
*options
, int try_ip_pref
)
1960 /* Servers always have and prefer IPv4.
1961 * And if clients are checking against the firewall for reachability only,
1962 * but there's no firewall, don't bother checking */
1963 return server_mode(options
) || (!try_ip_pref
&& !firewall_is_fascist_or());
1966 /* When iterating through the routerlist, can Dir address/port preference
1967 * and reachability checks be skipped?
1970 router_skip_dir_reachability(const or_options_t
*options
, int try_ip_pref
)
1972 /* Servers always have and prefer IPv4.
1973 * And if clients are checking against the firewall for reachability only,
1974 * but there's no firewall, don't bother checking */
1975 return server_mode(options
) || (!try_ip_pref
&& !firewall_is_fascist_dir());
1978 /** Pick a random running valid directory server/mirror from our
1979 * routerlist. Arguments are as for router_pick_directory_server(), except:
1981 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1982 * directories that we excluded for no other reason than
1983 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1985 STATIC
const routerstatus_t
*
1986 router_pick_directory_server_impl(dirinfo_type_t type
, int flags
,
1989 const or_options_t
*options
= get_options();
1990 const node_t
*result
;
1991 smartlist_t
*direct
, *tunnel
;
1992 smartlist_t
*trusted_direct
, *trusted_tunnel
;
1993 smartlist_t
*overloaded_direct
, *overloaded_tunnel
;
1994 time_t now
= time(NULL
);
1995 const networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
1996 const int requireother
= ! (flags
& PDS_ALLOW_SELF
);
1997 const int fascistfirewall
= ! (flags
& PDS_IGNORE_FASCISTFIREWALL
);
1998 const int no_serverdesc_fetching
=(flags
& PDS_NO_EXISTING_SERVERDESC_FETCH
);
1999 const int no_microdesc_fetching
= (flags
& PDS_NO_EXISTING_MICRODESC_FETCH
);
2000 const int for_guard
= (flags
& PDS_FOR_GUARD
);
2001 int try_excluding
= 1, n_excluded
= 0, n_busy
= 0;
2002 int try_ip_pref
= 1;
2009 direct
= smartlist_new();
2010 tunnel
= smartlist_new();
2011 trusted_direct
= smartlist_new();
2012 trusted_tunnel
= smartlist_new();
2013 overloaded_direct
= smartlist_new();
2014 overloaded_tunnel
= smartlist_new();
2016 const int skip_or_fw
= router_skip_or_reachability(options
, try_ip_pref
);
2017 const int skip_dir_fw
= router_skip_dir_reachability(options
, try_ip_pref
);
2018 const int must_have_or
= directory_must_use_begindir(options
);
2020 /* Find all the running dirservers we know about. */
2021 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t
*, node
) {
2022 int is_trusted
, is_trusted_extrainfo
;
2024 const routerstatus_t
*status
= node
->rs
;
2025 const country_t country
= node
->country
;
2029 if (!node
->is_running
|| !node_is_dir(node
) || !node
->is_valid
)
2031 if (requireother
&& router_digest_is_me(node
->identity
))
2033 is_trusted
= router_digest_is_trusted_dir(node
->identity
);
2034 is_trusted_extrainfo
= router_digest_is_trusted_dir_type(
2035 node
->identity
, EXTRAINFO_DIRINFO
);
2036 if ((type
& EXTRAINFO_DIRINFO
) &&
2037 !router_supports_extrainfo(node
->identity
, is_trusted_extrainfo
))
2039 /* Don't make the same node a guard twice */
2040 if (for_guard
&& node
->using_as_guard
) {
2043 /* Ensure that a directory guard is actually a guard node. */
2044 if (for_guard
&& !node
->is_possible_guard
) {
2047 if (try_excluding
&&
2048 routerset_contains_routerstatus(options
->ExcludeNodes
, status
,
2054 if (router_is_already_dir_fetching_rs(status
,
2055 no_serverdesc_fetching
,
2056 no_microdesc_fetching
)) {
2061 is_overloaded
= status
->last_dir_503_at
+ DIR_503_TIMEOUT
> now
;
2063 /* Clients use IPv6 addresses if the server has one and the client
2065 * Add the router if its preferred address and port are reachable.
2066 * If we don't get any routers, we'll try again with the non-preferred
2067 * address for each router (if any). (To ensure correct load-balancing
2068 * we try routers that only have one address both times.)
2070 if (!fascistfirewall
|| skip_or_fw
||
2071 fascist_firewall_allows_node(node
, FIREWALL_OR_CONNECTION
,
2073 smartlist_add(is_trusted
? trusted_tunnel
:
2074 is_overloaded
? overloaded_tunnel
: tunnel
, (void*)node
);
2075 else if (!must_have_or
&& (skip_dir_fw
||
2076 fascist_firewall_allows_node(node
, FIREWALL_DIR_CONNECTION
,
2078 smartlist_add(is_trusted
? trusted_direct
:
2079 is_overloaded
? overloaded_direct
: direct
, (void*)node
);
2080 } SMARTLIST_FOREACH_END(node
);
2082 if (smartlist_len(tunnel
)) {
2083 result
= node_sl_choose_by_bandwidth(tunnel
, WEIGHT_FOR_DIR
);
2084 } else if (smartlist_len(overloaded_tunnel
)) {
2085 result
= node_sl_choose_by_bandwidth(overloaded_tunnel
,
2087 } else if (smartlist_len(trusted_tunnel
)) {
2088 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2089 * yet. Maybe one day we should. */
2090 /* FFFF We also don't load balance over authorities yet. I think this
2091 * is a feature, but it could easily be a bug. -RD */
2092 result
= smartlist_choose(trusted_tunnel
);
2093 } else if (smartlist_len(direct
)) {
2094 result
= node_sl_choose_by_bandwidth(direct
, WEIGHT_FOR_DIR
);
2095 } else if (smartlist_len(overloaded_direct
)) {
2096 result
= node_sl_choose_by_bandwidth(overloaded_direct
,
2099 result
= smartlist_choose(trusted_direct
);
2101 smartlist_free(direct
);
2102 smartlist_free(tunnel
);
2103 smartlist_free(trusted_direct
);
2104 smartlist_free(trusted_tunnel
);
2105 smartlist_free(overloaded_direct
);
2106 smartlist_free(overloaded_tunnel
);
2108 RETRY_ALTERNATE_IP_VERSION(retry_search
);
2110 RETRY_WITHOUT_EXCLUDE(retry_search
);
2113 *n_busy_out
= n_busy
;
2115 router_picked_poor_directory_log(result
? result
->rs
: NULL
);
2117 return result
? result
->rs
: NULL
;
2120 /** Pick a random element from a list of dir_server_t, weighting by their
2121 * <b>weight</b> field. */
2122 static const dir_server_t
*
2123 dirserver_choose_by_weight(const smartlist_t
*servers
, double authority_weight
)
2125 int n
= smartlist_len(servers
);
2127 double *weights_dbl
;
2128 uint64_t *weights_u64
;
2129 const dir_server_t
*ds
;
2131 weights_dbl
= tor_calloc(n
, sizeof(double));
2132 weights_u64
= tor_calloc(n
, sizeof(uint64_t));
2133 for (i
= 0; i
< n
; ++i
) {
2134 ds
= smartlist_get(servers
, i
);
2135 weights_dbl
[i
] = ds
->weight
;
2136 if (ds
->is_authority
)
2137 weights_dbl
[i
] *= authority_weight
;
2140 scale_array_elements_to_u64(weights_u64
, weights_dbl
, n
, NULL
);
2141 i
= choose_array_element_by_weight(weights_u64
, n
);
2142 tor_free(weights_dbl
);
2143 tor_free(weights_u64
);
2144 return (i
< 0) ? NULL
: smartlist_get(servers
, i
);
2147 /** Choose randomly from among the dir_server_ts in sourcelist that
2148 * are up. Flags are as for router_pick_directory_server_impl().
2150 static const routerstatus_t
*
2151 router_pick_trusteddirserver_impl(const smartlist_t
*sourcelist
,
2152 dirinfo_type_t type
, int flags
,
2155 const or_options_t
*options
= get_options();
2156 smartlist_t
*direct
, *tunnel
;
2157 smartlist_t
*overloaded_direct
, *overloaded_tunnel
;
2158 const routerinfo_t
*me
= router_get_my_routerinfo();
2159 const routerstatus_t
*result
= NULL
;
2160 time_t now
= time(NULL
);
2161 const int requireother
= ! (flags
& PDS_ALLOW_SELF
);
2162 const int fascistfirewall
= ! (flags
& PDS_IGNORE_FASCISTFIREWALL
);
2163 const int no_serverdesc_fetching
=(flags
& PDS_NO_EXISTING_SERVERDESC_FETCH
);
2164 const int no_microdesc_fetching
=(flags
& PDS_NO_EXISTING_MICRODESC_FETCH
);
2165 const double auth_weight
= (sourcelist
== fallback_dir_servers
) ?
2166 options
->DirAuthorityFallbackRate
: 1.0;
2167 smartlist_t
*pick_from
;
2169 int try_excluding
= 1, n_excluded
= 0;
2170 int try_ip_pref
= 1;
2177 direct
= smartlist_new();
2178 tunnel
= smartlist_new();
2179 overloaded_direct
= smartlist_new();
2180 overloaded_tunnel
= smartlist_new();
2182 const int skip_or_fw
= router_skip_or_reachability(options
, try_ip_pref
);
2183 const int skip_dir_fw
= router_skip_dir_reachability(options
, try_ip_pref
);
2184 const int must_have_or
= directory_must_use_begindir(options
);
2186 SMARTLIST_FOREACH_BEGIN(sourcelist
, const dir_server_t
*, d
)
2189 d
->fake_status
.last_dir_503_at
+ DIR_503_TIMEOUT
> now
;
2190 if (!d
->is_running
) continue;
2191 if ((type
& d
->type
) == 0)
2193 int is_trusted_extrainfo
= router_digest_is_trusted_dir_type(
2194 d
->digest
, EXTRAINFO_DIRINFO
);
2195 if ((type
& EXTRAINFO_DIRINFO
) &&
2196 !router_supports_extrainfo(d
->digest
, is_trusted_extrainfo
))
2198 if (requireother
&& me
&& router_digest_is_me(d
->digest
))
2200 if (try_excluding
&&
2201 routerset_contains_routerstatus(options
->ExcludeNodes
,
2202 &d
->fake_status
, -1)) {
2207 if (router_is_already_dir_fetching_ds(d
, no_serverdesc_fetching
,
2208 no_microdesc_fetching
)) {
2213 /* Clients use IPv6 addresses if the server has one and the client
2215 * Add the router if its preferred address and port are reachable.
2216 * If we don't get any routers, we'll try again with the non-preferred
2217 * address for each router (if any). (To ensure correct load-balancing
2218 * we try routers that only have one address both times.)
2220 if (!fascistfirewall
|| skip_or_fw
||
2221 fascist_firewall_allows_dir_server(d
, FIREWALL_OR_CONNECTION
,
2223 smartlist_add(is_overloaded
? overloaded_tunnel
: tunnel
, (void*)d
);
2224 else if (!must_have_or
&& (skip_dir_fw
||
2225 fascist_firewall_allows_dir_server(d
, FIREWALL_DIR_CONNECTION
,
2227 smartlist_add(is_overloaded
? overloaded_direct
: direct
, (void*)d
);
2229 SMARTLIST_FOREACH_END(d
);
2231 if (smartlist_len(tunnel
)) {
2233 } else if (smartlist_len(overloaded_tunnel
)) {
2234 pick_from
= overloaded_tunnel
;
2235 } else if (smartlist_len(direct
)) {
2238 pick_from
= overloaded_direct
;
2242 const dir_server_t
*selection
=
2243 dirserver_choose_by_weight(pick_from
, auth_weight
);
2246 result
= &selection
->fake_status
;
2249 smartlist_free(direct
);
2250 smartlist_free(tunnel
);
2251 smartlist_free(overloaded_direct
);
2252 smartlist_free(overloaded_tunnel
);
2254 RETRY_ALTERNATE_IP_VERSION(retry_search
);
2256 RETRY_WITHOUT_EXCLUDE(retry_search
);
2258 router_picked_poor_directory_log(result
);
2261 *n_busy_out
= n_busy
;
2265 /** Mark as running every dir_server_t in <b>server_list</b>. */
2267 mark_all_dirservers_up(smartlist_t
*server_list
)
2270 SMARTLIST_FOREACH_BEGIN(server_list
, dir_server_t
*, dir
) {
2273 dir
->is_running
= 1;
2274 node
= node_get_mutable_by_id(dir
->digest
);
2276 node
->is_running
= 1;
2277 rs
= router_get_mutable_consensus_status_by_id(dir
->digest
);
2279 rs
->last_dir_503_at
= 0;
2280 control_event_networkstatus_changed_single(rs
);
2282 } SMARTLIST_FOREACH_END(dir
);
2284 router_dir_info_changed();
2287 /** Return true iff r1 and r2 have the same address and OR port. */
2289 routers_have_same_or_addrs(const routerinfo_t
*r1
, const routerinfo_t
*r2
)
2291 return r1
->addr
== r2
->addr
&& r1
->or_port
== r2
->or_port
&&
2292 tor_addr_eq(&r1
->ipv6_addr
, &r2
->ipv6_addr
) &&
2293 r1
->ipv6_orport
== r2
->ipv6_orport
;
2296 /** Reset all internal variables used to count failed downloads of network
2297 * status objects. */
2299 router_reset_status_download_failures(void)
2301 mark_all_dirservers_up(fallback_dir_servers
);
2304 /** Given a <b>router</b>, add every node_t in its family (including the
2305 * node itself!) to <b>sl</b>.
2307 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2311 routerlist_add_node_and_family(smartlist_t
*sl
, const routerinfo_t
*router
)
2315 const node_t
*node
= node_get_by_id(router
->cache_info
.identity_digest
);;
2317 memset(&fake_node
, 0, sizeof(fake_node
));
2318 fake_node
.ri
= (routerinfo_t
*)router
;
2319 memcpy(fake_node
.identity
, router
->cache_info
.identity_digest
, DIGEST_LEN
);
2322 nodelist_add_node_and_family(sl
, node
);
2325 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2326 * we can pick a node for a circuit.
2329 router_add_running_nodes_to_smartlist(smartlist_t
*sl
, int allow_invalid
,
2330 int need_uptime
, int need_capacity
,
2331 int need_guard
, int need_desc
,
2332 int pref_addr
, int direct_conn
)
2334 const int check_reach
= !router_skip_or_reachability(get_options(),
2337 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t
*, node
) {
2338 if (!node
->is_running
||
2339 (!node
->is_valid
&& !allow_invalid
))
2341 if (need_desc
&& !(node
->ri
|| (node
->rs
&& node
->md
)))
2343 if (node
->ri
&& node
->ri
->purpose
!= ROUTER_PURPOSE_GENERAL
)
2345 if (node_is_unreliable(node
, need_uptime
, need_capacity
, need_guard
))
2347 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2348 if (node
->rs
&& !routerstatus_version_supports_extend2_cells(node
->rs
, 1))
2350 /* Don't choose nodes if we are certain they can't do ntor. */
2351 if ((node
->ri
|| node
->md
) && !node_has_curve25519_onion_key(node
))
2353 /* Choose a node with an OR address that matches the firewall rules */
2354 if (direct_conn
&& check_reach
&&
2355 !fascist_firewall_allows_node(node
,
2356 FIREWALL_OR_CONNECTION
,
2360 smartlist_add(sl
, (void *)node
);
2361 } SMARTLIST_FOREACH_END(node
);
2364 /** Look through the routerlist until we find a router that has my key.
2366 const routerinfo_t
*
2367 routerlist_find_my_routerinfo(void)
2372 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, router
,
2374 if (router_is_me(router
))
2380 /** Return the smaller of the router's configured BandwidthRate
2381 * and its advertised capacity. */
2383 router_get_advertised_bandwidth(const routerinfo_t
*router
)
2385 if (router
->bandwidthcapacity
< router
->bandwidthrate
)
2386 return router
->bandwidthcapacity
;
2387 return router
->bandwidthrate
;
2390 /** Do not weight any declared bandwidth more than this much when picking
2391 * routers by bandwidth. */
2392 #define DEFAULT_MAX_BELIEVABLE_BANDWIDTH 10000000 /* 10 MB/sec */
2394 /** Return the smaller of the router's configured BandwidthRate
2395 * and its advertised capacity, capped by max-believe-bw. */
2397 router_get_advertised_bandwidth_capped(const routerinfo_t
*router
)
2399 uint32_t result
= router
->bandwidthcapacity
;
2400 if (result
> router
->bandwidthrate
)
2401 result
= router
->bandwidthrate
;
2402 if (result
> DEFAULT_MAX_BELIEVABLE_BANDWIDTH
)
2403 result
= DEFAULT_MAX_BELIEVABLE_BANDWIDTH
;
2407 /** Given an array of double/uint64_t unions that are currently being used as
2408 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2409 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2410 * the sum of all elements in the array _before_ scaling. */
2412 scale_array_elements_to_u64(uint64_t *entries_out
, const double *entries_in
,
2414 uint64_t *total_out
)
2417 double scale_factor
= 0.0;
2420 for (i
= 0; i
< n_entries
; ++i
)
2421 total
+= entries_in
[i
];
2424 scale_factor
= ((double)INT64_MAX
) / total
;
2425 scale_factor
/= 4.0; /* make sure we're very far away from overflowing */
2428 for (i
= 0; i
< n_entries
; ++i
)
2429 entries_out
[i
] = tor_llround(entries_in
[i
] * scale_factor
);
2432 *total_out
= (uint64_t) total
;
2435 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2436 * choosing each element with a probability proportional to its (uint64_t)
2437 * value, and return the index of that element. If all elements are 0, choose
2438 * an index at random. Return -1 on error.
2441 choose_array_element_by_weight(const uint64_t *entries
, int n_entries
)
2447 for (i
= 0; i
< n_entries
; ++i
)
2448 total
+= entries
[i
];
2454 return crypto_rand_int(n_entries
);
2456 tor_assert(total
< INT64_MAX
);
2458 rand_val
= crypto_rand_uint64(total
);
2460 return select_array_member_cumulative_timei(
2461 entries
, n_entries
, total
, rand_val
);
2464 /** When weighting bridges, enforce these values as lower and upper
2465 * bound for believable bandwidth, because there is no way for us
2466 * to verify a bridge's bandwidth currently. */
2467 #define BRIDGE_MIN_BELIEVABLE_BANDWIDTH 20000 /* 20 kB/sec */
2468 #define BRIDGE_MAX_BELIEVABLE_BANDWIDTH 100000 /* 100 kB/sec */
2470 /** Return the smaller of the router's configured BandwidthRate
2471 * and its advertised capacity, making sure to stay within the
2472 * interval between bridge-min-believe-bw and
2473 * bridge-max-believe-bw. */
2475 bridge_get_advertised_bandwidth_bounded(routerinfo_t
*router
)
2477 uint32_t result
= router
->bandwidthcapacity
;
2478 if (result
> router
->bandwidthrate
)
2479 result
= router
->bandwidthrate
;
2480 if (result
> BRIDGE_MAX_BELIEVABLE_BANDWIDTH
)
2481 result
= BRIDGE_MAX_BELIEVABLE_BANDWIDTH
;
2482 else if (result
< BRIDGE_MIN_BELIEVABLE_BANDWIDTH
)
2483 result
= BRIDGE_MIN_BELIEVABLE_BANDWIDTH
;
2487 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2489 static inline int32_t
2490 kb_to_bytes(uint32_t bw
)
2492 return (bw
> (INT32_MAX
/1000)) ? INT32_MAX
: bw
*1000;
2495 /** Helper function:
2496 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2497 * the advertised bandwidth of each element using the consensus
2498 * bandwidth weights.
2500 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2501 * nodes' bandwidth equally regardless of their Exit status, since there may
2502 * be some in the list because they exit to obscure ports. If
2503 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2504 * exit-node's bandwidth less depending on the smallness of the fraction of
2505 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2506 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2507 * guards proportionally less.
2509 static const node_t
*
2510 smartlist_choose_node_by_bandwidth_weights(const smartlist_t
*sl
,
2511 bandwidth_weight_rule_t rule
)
2513 double *bandwidths_dbl
=NULL
;
2514 uint64_t *bandwidths_u64
=NULL
;
2516 if (compute_weighted_bandwidths(sl
, rule
, &bandwidths_dbl
) < 0)
2519 bandwidths_u64
= tor_calloc(smartlist_len(sl
), sizeof(uint64_t));
2520 scale_array_elements_to_u64(bandwidths_u64
, bandwidths_dbl
,
2521 smartlist_len(sl
), NULL
);
2524 int idx
= choose_array_element_by_weight(bandwidths_u64
,
2526 tor_free(bandwidths_dbl
);
2527 tor_free(bandwidths_u64
);
2528 return idx
< 0 ? NULL
: smartlist_get(sl
, idx
);
2532 /** Given a list of routers and a weighting rule as in
2533 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2534 * values for each node and store them in a freshly allocated
2535 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2536 * as doubles. Return 0 on success, -1 on failure. */
2538 compute_weighted_bandwidths(const smartlist_t
*sl
,
2539 bandwidth_weight_rule_t rule
,
2540 double **bandwidths_out
)
2542 int64_t weight_scale
;
2543 double Wg
= -1, Wm
= -1, We
= -1, Wd
= -1;
2544 double Wgb
= -1, Wmb
= -1, Web
= -1, Wdb
= -1;
2545 uint64_t weighted_bw
= 0;
2546 guardfraction_bandwidth_t guardfraction_bw
;
2549 /* Can't choose exit and guard at same time */
2550 tor_assert(rule
== NO_WEIGHTING
||
2551 rule
== WEIGHT_FOR_EXIT
||
2552 rule
== WEIGHT_FOR_GUARD
||
2553 rule
== WEIGHT_FOR_MID
||
2554 rule
== WEIGHT_FOR_DIR
);
2556 if (smartlist_len(sl
) == 0) {
2558 "Empty routerlist passed in to consensus weight node "
2559 "selection for rule %s",
2560 bandwidth_weight_rule_to_string(rule
));
2564 weight_scale
= networkstatus_get_weight_scale_param(NULL
);
2566 if (rule
== WEIGHT_FOR_GUARD
) {
2567 Wg
= networkstatus_get_bw_weight(NULL
, "Wgg", -1);
2568 Wm
= networkstatus_get_bw_weight(NULL
, "Wgm", -1); /* Bridges */
2570 Wd
= networkstatus_get_bw_weight(NULL
, "Wgd", -1);
2572 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2573 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2574 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2575 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2576 } else if (rule
== WEIGHT_FOR_MID
) {
2577 Wg
= networkstatus_get_bw_weight(NULL
, "Wmg", -1);
2578 Wm
= networkstatus_get_bw_weight(NULL
, "Wmm", -1);
2579 We
= networkstatus_get_bw_weight(NULL
, "Wme", -1);
2580 Wd
= networkstatus_get_bw_weight(NULL
, "Wmd", -1);
2582 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2583 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2584 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2585 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2586 } else if (rule
== WEIGHT_FOR_EXIT
) {
2587 // Guards CAN be exits if they have weird exit policies
2588 // They are d then I guess...
2589 We
= networkstatus_get_bw_weight(NULL
, "Wee", -1);
2590 Wm
= networkstatus_get_bw_weight(NULL
, "Wem", -1); /* Odd exit policies */
2591 Wd
= networkstatus_get_bw_weight(NULL
, "Wed", -1);
2592 Wg
= networkstatus_get_bw_weight(NULL
, "Weg", -1); /* Odd exit policies */
2594 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2595 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2596 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2597 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2598 } else if (rule
== WEIGHT_FOR_DIR
) {
2599 We
= networkstatus_get_bw_weight(NULL
, "Wbe", -1);
2600 Wm
= networkstatus_get_bw_weight(NULL
, "Wbm", -1);
2601 Wd
= networkstatus_get_bw_weight(NULL
, "Wbd", -1);
2602 Wg
= networkstatus_get_bw_weight(NULL
, "Wbg", -1);
2604 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2605 } else if (rule
== NO_WEIGHTING
) {
2606 Wg
= Wm
= We
= Wd
= weight_scale
;
2607 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2610 if (Wg
< 0 || Wm
< 0 || We
< 0 || Wd
< 0 || Wgb
< 0 || Wmb
< 0 || Wdb
< 0
2613 "Got negative bandwidth weights. Defaulting to naive selection"
2615 Wg
= Wm
= We
= Wd
= weight_scale
;
2616 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2624 Wgb
/= weight_scale
;
2625 Wmb
/= weight_scale
;
2626 Web
/= weight_scale
;
2627 Wdb
/= weight_scale
;
2629 bandwidths
= tor_calloc(smartlist_len(sl
), sizeof(double));
2631 // Cycle through smartlist and total the bandwidth.
2632 static int warned_missing_bw
= 0;
2633 SMARTLIST_FOREACH_BEGIN(sl
, const node_t
*, node
) {
2634 int is_exit
= 0, is_guard
= 0, is_dir
= 0, this_bw
= 0;
2636 double weight_without_guard_flag
= 0; /* Used for guardfraction */
2637 double final_weight
= 0;
2638 is_exit
= node
->is_exit
&& ! node
->is_bad_exit
;
2639 is_guard
= node
->is_possible_guard
;
2640 is_dir
= node_is_dir(node
);
2642 if (!node
->rs
->has_bandwidth
) {
2643 /* This should never happen, unless all the authorites downgrade
2644 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2645 if (! warned_missing_bw
) {
2647 "Consensus is missing some bandwidths. Using a naive "
2648 "router selection algorithm");
2649 warned_missing_bw
= 1;
2651 this_bw
= 30000; /* Chosen arbitrarily */
2653 this_bw
= kb_to_bytes(node
->rs
->bandwidth_kb
);
2655 } else if (node
->ri
) {
2656 /* bridge or other descriptor not in our consensus */
2657 this_bw
= bridge_get_advertised_bandwidth_bounded(node
->ri
);
2659 /* We can't use this one. */
2663 if (is_guard
&& is_exit
) {
2664 weight
= (is_dir
? Wdb
*Wd
: Wd
);
2665 weight_without_guard_flag
= (is_dir
? Web
*We
: We
);
2666 } else if (is_guard
) {
2667 weight
= (is_dir
? Wgb
*Wg
: Wg
);
2668 weight_without_guard_flag
= (is_dir
? Wmb
*Wm
: Wm
);
2669 } else if (is_exit
) {
2670 weight
= (is_dir
? Web
*We
: We
);
2672 weight
= (is_dir
? Wmb
*Wm
: Wm
);
2674 /* These should be impossible; but overflows here would be bad, so let's
2680 if (weight_without_guard_flag
< 0.0)
2681 weight_without_guard_flag
= 0.0;
2683 /* If guardfraction information is available in the consensus, we
2684 * want to calculate this router's bandwidth according to its
2685 * guardfraction. Quoting from proposal236:
2687 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2688 * client would apply to N for position p if it had the guard
2689 * flag, Wpn the weight if it did not have the guard flag, and B the
2690 * measured bandwidth of N in the consensus. Then instead of choosing
2691 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2692 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2694 if (node
->rs
&& node
->rs
->has_guardfraction
&& rule
!= WEIGHT_FOR_GUARD
) {
2695 /* XXX The assert should actually check for is_guard. However,
2696 * that crashes dirauths because of #13297. This should be
2698 tor_assert(node
->rs
->is_possible_guard
);
2700 guard_get_guardfraction_bandwidth(&guardfraction_bw
,
2702 node
->rs
->guardfraction_percentage
);
2704 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2706 guardfraction_bw
.guard_bw
* weight
+
2707 guardfraction_bw
.non_guard_bw
* weight_without_guard_flag
;
2709 log_debug(LD_GENERAL
, "%s: Guardfraction weight %f instead of %f (%s)",
2710 node
->rs
->nickname
, final_weight
, weight
*this_bw
,
2711 bandwidth_weight_rule_to_string(rule
));
2712 } else { /* no guardfraction information. calculate the weight normally. */
2713 final_weight
= weight
*this_bw
;
2716 bandwidths
[node_sl_idx
] = final_weight
+ 0.5;
2717 } SMARTLIST_FOREACH_END(node
);
2719 log_debug(LD_CIRC
, "Generated weighted bandwidths for rule %s based "
2721 "Wg=%f Wm=%f We=%f Wd=%f with total bw "U64_FORMAT
,
2722 bandwidth_weight_rule_to_string(rule
),
2723 Wg
, Wm
, We
, Wd
, U64_PRINTF_ARG(weighted_bw
));
2725 *bandwidths_out
= bandwidths
;
2730 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2731 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2734 frac_nodes_with_descriptors(const smartlist_t
*sl
,
2735 bandwidth_weight_rule_t rule
)
2737 double *bandwidths
= NULL
;
2738 double total
, present
;
2740 if (smartlist_len(sl
) == 0)
2743 if (compute_weighted_bandwidths(sl
, rule
, &bandwidths
) < 0) {
2744 int n_with_descs
= 0;
2745 SMARTLIST_FOREACH(sl
, const node_t
*, node
, {
2746 if (node_has_descriptor(node
))
2749 return ((double)n_with_descs
) / (double)smartlist_len(sl
);
2752 total
= present
= 0.0;
2753 SMARTLIST_FOREACH_BEGIN(sl
, const node_t
*, node
) {
2754 const double bw
= bandwidths
[node_sl_idx
];
2756 if (node_has_descriptor(node
))
2758 } SMARTLIST_FOREACH_END(node
);
2760 tor_free(bandwidths
);
2765 return present
/ total
;
2768 /** Choose a random element of status list <b>sl</b>, weighted by
2769 * the advertised bandwidth of each node */
2771 node_sl_choose_by_bandwidth(const smartlist_t
*sl
,
2772 bandwidth_weight_rule_t rule
)
2774 return smartlist_choose_node_by_bandwidth_weights(sl
, rule
);
2777 /** Return a random running node from the nodelist. Never
2778 * pick a node that is in
2779 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2780 * even if they are the only nodes available.
2781 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2782 * a minimum uptime, return one of those.
2783 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2784 * advertised capacity of each router.
2785 * If <b>CRN_ALLOW_INVALID</b> is not set in flags, consider only Valid
2787 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2788 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2789 * picking an exit node, otherwise we weight bandwidths for picking a relay
2790 * node (that is, possibly discounting exit nodes).
2791 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2792 * have a routerinfo or microdescriptor -- that is, enough info to be
2793 * used to build a circuit.
2794 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2795 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2796 * (regardless of this flag, we exclude nodes that aren't allowed by the
2797 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2800 router_choose_random_node(smartlist_t
*excludedsmartlist
,
2801 routerset_t
*excludedset
,
2802 router_crn_flags_t flags
)
2804 const int need_uptime
= (flags
& CRN_NEED_UPTIME
) != 0;
2805 const int need_capacity
= (flags
& CRN_NEED_CAPACITY
) != 0;
2806 const int need_guard
= (flags
& CRN_NEED_GUARD
) != 0;
2807 const int allow_invalid
= (flags
& CRN_ALLOW_INVALID
) != 0;
2808 const int weight_for_exit
= (flags
& CRN_WEIGHT_AS_EXIT
) != 0;
2809 const int need_desc
= (flags
& CRN_NEED_DESC
) != 0;
2810 const int pref_addr
= (flags
& CRN_PREF_ADDR
) != 0;
2811 const int direct_conn
= (flags
& CRN_DIRECT_CONN
) != 0;
2813 smartlist_t
*sl
=smartlist_new(),
2814 *excludednodes
=smartlist_new();
2815 const node_t
*choice
= NULL
;
2816 const routerinfo_t
*r
;
2817 bandwidth_weight_rule_t rule
;
2819 tor_assert(!(weight_for_exit
&& need_guard
));
2820 rule
= weight_for_exit
? WEIGHT_FOR_EXIT
:
2821 (need_guard
? WEIGHT_FOR_GUARD
: WEIGHT_FOR_MID
);
2823 /* Exclude relays that allow single hop exit circuits, if the user
2824 * wants to (such relays might be risky) */
2825 if (get_options()->ExcludeSingleHopRelays
) {
2826 SMARTLIST_FOREACH(nodelist_get_list(), node_t
*, node
,
2827 if (node_allows_single_hop_exits(node
)) {
2828 smartlist_add(excludednodes
, node
);
2832 /* If the node_t is not found we won't be to exclude ourself but we
2833 * won't be able to pick ourself in router_choose_random_node() so
2834 * this is fine to at least try with our routerinfo_t object. */
2835 if ((r
= router_get_my_routerinfo()))
2836 routerlist_add_node_and_family(excludednodes
, r
);
2838 router_add_running_nodes_to_smartlist(sl
, allow_invalid
,
2839 need_uptime
, need_capacity
,
2840 need_guard
, need_desc
, pref_addr
,
2843 "We found %d running nodes.",
2846 smartlist_subtract(sl
,excludednodes
);
2848 "We removed %d excludednodes, leaving %d nodes.",
2849 smartlist_len(excludednodes
),
2852 if (excludedsmartlist
) {
2853 smartlist_subtract(sl
,excludedsmartlist
);
2855 "We removed %d excludedsmartlist, leaving %d nodes.",
2856 smartlist_len(excludedsmartlist
),
2860 routerset_subtract_nodes(sl
,excludedset
);
2862 "We removed excludedset, leaving %d nodes.",
2866 // Always weight by bandwidth
2867 choice
= node_sl_choose_by_bandwidth(sl
, rule
);
2870 if (!choice
&& (need_uptime
|| need_capacity
|| need_guard
|| pref_addr
)) {
2871 /* try once more -- recurse but with fewer restrictions. */
2873 "We couldn't find any live%s%s%s routers; falling back "
2874 "to list of all routers.",
2875 need_capacity
?", fast":"",
2876 need_uptime
?", stable":"",
2877 need_guard
?", guard":"");
2878 flags
&= ~ (CRN_NEED_UPTIME
|CRN_NEED_CAPACITY
|CRN_NEED_GUARD
|
2880 choice
= router_choose_random_node(
2881 excludedsmartlist
, excludedset
, flags
);
2883 smartlist_free(excludednodes
);
2886 "No available nodes when trying to choose node. Failing.");
2891 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2892 * Return 0 on success, -1 on failure. Store the result into the
2893 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2894 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2895 * at <b>nickname_out</b>.
2897 * The recognized format is:
2898 * HexName = Dollar? HexDigest NamePart?
2900 * HexDigest = HexChar*20
2901 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2902 * NamePart = QualChar Name
2903 * QualChar = '=' | '~'
2904 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2905 * NameChar = Any ASCII alphanumeric character
2908 hex_digest_nickname_decode(const char *hexdigest
,
2910 char *nickname_qualifier_char_out
,
2915 tor_assert(hexdigest
);
2916 if (hexdigest
[0] == '$')
2919 len
= strlen(hexdigest
);
2920 if (len
< HEX_DIGEST_LEN
) {
2922 } else if (len
> HEX_DIGEST_LEN
&& (hexdigest
[HEX_DIGEST_LEN
] == '=' ||
2923 hexdigest
[HEX_DIGEST_LEN
] == '~') &&
2924 len
<= HEX_DIGEST_LEN
+1+MAX_NICKNAME_LEN
) {
2925 *nickname_qualifier_char_out
= hexdigest
[HEX_DIGEST_LEN
];
2926 strlcpy(nickname_out
, hexdigest
+HEX_DIGEST_LEN
+1 , MAX_NICKNAME_LEN
+1);
2927 } else if (len
== HEX_DIGEST_LEN
) {
2933 if (base16_decode(digest_out
, DIGEST_LEN
,
2934 hexdigest
, HEX_DIGEST_LEN
) != DIGEST_LEN
)
2939 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2940 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2941 * (which is optionally prefixed with a single dollar sign). Return false if
2942 * <b>hexdigest</b> is malformed, or it doesn't match. */
2944 hex_digest_nickname_matches(const char *hexdigest
, const char *identity_digest
,
2945 const char *nickname
, int is_named
)
2947 char digest
[DIGEST_LEN
];
2949 char nn_buf
[MAX_NICKNAME_LEN
+1];
2951 if (hex_digest_nickname_decode(hexdigest
, digest
, &nn_char
, nn_buf
) == -1)
2954 if (nn_char
== '=' || nn_char
== '~') {
2957 if (strcasecmp(nn_buf
, nickname
))
2959 if (nn_char
== '=' && !is_named
)
2963 return tor_memeq(digest
, identity_digest
, DIGEST_LEN
);
2966 /** Return true iff <b>router</b> is listed as named in the current
2969 router_is_named(const routerinfo_t
*router
)
2971 const char *digest
=
2972 networkstatus_get_router_digest_by_nickname(router
->nickname
);
2975 tor_memeq(digest
, router
->cache_info
.identity_digest
, DIGEST_LEN
));
2978 /** Return true iff <b>digest</b> is the digest of the identity key of a
2979 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2980 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2982 router_digest_is_trusted_dir_type(const char *digest
, dirinfo_type_t type
)
2984 if (!trusted_dir_servers
)
2986 if (authdir_mode(get_options()) && router_digest_is_me(digest
))
2988 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ent
,
2989 if (tor_memeq(digest
, ent
->digest
, DIGEST_LEN
)) {
2990 return (!type
) || ((type
& ent
->type
) != 0);
2995 /** Return true iff <b>addr</b> is the address of one of our trusted
2996 * directory authorities. */
2998 router_addr_is_trusted_dir(uint32_t addr
)
3000 if (!trusted_dir_servers
)
3002 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ent
,
3003 if (ent
->addr
== addr
)
3009 /** If hexdigest is correctly formed, base16_decode it into
3010 * digest, which must have DIGEST_LEN space in it.
3011 * Return 0 on success, -1 on failure.
3014 hexdigest_to_digest(const char *hexdigest
, char *digest
)
3016 if (hexdigest
[0]=='$')
3018 if (strlen(hexdigest
) < HEX_DIGEST_LEN
||
3019 base16_decode(digest
,DIGEST_LEN
,hexdigest
,HEX_DIGEST_LEN
) != DIGEST_LEN
)
3024 /** As router_get_by_id_digest,but return a pointer that you're allowed to
3027 router_get_mutable_by_digest(const char *digest
)
3031 if (!routerlist
) return NULL
;
3033 // routerlist_assert_ok(routerlist);
3035 return rimap_get(routerlist
->identity_map
, digest
);
3038 /** Return the router in our routerlist whose 20-byte key digest
3039 * is <b>digest</b>. Return NULL if no such router is known. */
3040 const routerinfo_t
*
3041 router_get_by_id_digest(const char *digest
)
3043 return router_get_mutable_by_digest(digest
);
3046 /** Return the router in our routerlist whose 20-byte descriptor
3047 * is <b>digest</b>. Return NULL if no such router is known. */
3048 signed_descriptor_t
*
3049 router_get_by_descriptor_digest(const char *digest
)
3053 if (!routerlist
) return NULL
;
3055 return sdmap_get(routerlist
->desc_digest_map
, digest
);
3058 /** Return the signed descriptor for the router in our routerlist whose
3059 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3061 MOCK_IMPL(signed_descriptor_t
*,
3062 router_get_by_extrainfo_digest
,(const char *digest
))
3066 if (!routerlist
) return NULL
;
3068 return sdmap_get(routerlist
->desc_by_eid_map
, digest
);
3071 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3072 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3073 * document is known. */
3074 signed_descriptor_t
*
3075 extrainfo_get_by_descriptor_digest(const char *digest
)
3079 if (!routerlist
) return NULL
;
3080 ei
= eimap_get(routerlist
->extra_info_map
, digest
);
3081 return ei
? &ei
->cache_info
: NULL
;
3084 /** Return a pointer to the signed textual representation of a descriptor.
3085 * The returned string is not guaranteed to be NUL-terminated: the string's
3086 * length will be in desc-\>signed_descriptor_len.
3088 * If <b>with_annotations</b> is set, the returned string will include
3090 * (if any) preceding the descriptor. This will increase the length of the
3091 * string by desc-\>annotations_len.
3093 * The caller must not free the string returned.
3096 signed_descriptor_get_body_impl(const signed_descriptor_t
*desc
,
3097 int with_annotations
)
3099 const char *r
= NULL
;
3100 size_t len
= desc
->signed_descriptor_len
;
3101 off_t offset
= desc
->saved_offset
;
3102 if (with_annotations
)
3103 len
+= desc
->annotations_len
;
3105 offset
+= desc
->annotations_len
;
3107 tor_assert(len
> 32);
3108 if (desc
->saved_location
== SAVED_IN_CACHE
&& routerlist
) {
3109 desc_store_t
*store
= desc_get_store(router_get_routerlist(), desc
);
3110 if (store
&& store
->mmap
) {
3111 tor_assert(desc
->saved_offset
+ len
<= store
->mmap
->size
);
3112 r
= store
->mmap
->data
+ offset
;
3114 log_err(LD_DIR
, "We couldn't read a descriptor that is supposedly "
3115 "mmaped in our cache. Is another process running in our data "
3116 "directory? Exiting.");
3120 if (!r
) /* no mmap, or not in cache. */
3121 r
= desc
->signed_descriptor_body
+
3122 (with_annotations
? 0 : desc
->annotations_len
);
3125 if (!with_annotations
) {
3126 if (fast_memcmp("router ", r
, 7) && fast_memcmp("extra-info ", r
, 11)) {
3127 char *cp
= tor_strndup(r
, 64);
3128 log_err(LD_DIR
, "descriptor at %p begins with unexpected string %s. "
3129 "Is another process running in our data directory? Exiting.",
3138 /** Return a pointer to the signed textual representation of a descriptor.
3139 * The returned string is not guaranteed to be NUL-terminated: the string's
3140 * length will be in desc-\>signed_descriptor_len.
3142 * The caller must not free the string returned.
3145 signed_descriptor_get_body(const signed_descriptor_t
*desc
)
3147 return signed_descriptor_get_body_impl(desc
, 0);
3150 /** As signed_descriptor_get_body(), but points to the beginning of the
3151 * annotations section rather than the beginning of the descriptor. */
3153 signed_descriptor_get_annotations(const signed_descriptor_t
*desc
)
3155 return signed_descriptor_get_body_impl(desc
, 1);
3158 /** Return the current list of all known routers. */
3160 router_get_routerlist(void)
3162 if (PREDICT_UNLIKELY(!routerlist
)) {
3163 routerlist
= tor_malloc_zero(sizeof(routerlist_t
));
3164 routerlist
->routers
= smartlist_new();
3165 routerlist
->old_routers
= smartlist_new();
3166 routerlist
->identity_map
= rimap_new();
3167 routerlist
->desc_digest_map
= sdmap_new();
3168 routerlist
->desc_by_eid_map
= sdmap_new();
3169 routerlist
->extra_info_map
= eimap_new();
3171 routerlist
->desc_store
.fname_base
= "cached-descriptors";
3172 routerlist
->extrainfo_store
.fname_base
= "cached-extrainfo";
3174 routerlist
->desc_store
.type
= ROUTER_STORE
;
3175 routerlist
->extrainfo_store
.type
= EXTRAINFO_STORE
;
3177 routerlist
->desc_store
.description
= "router descriptors";
3178 routerlist
->extrainfo_store
.description
= "extra-info documents";
3183 /** Free all storage held by <b>router</b>. */
3185 routerinfo_free(routerinfo_t
*router
)
3190 tor_free(router
->cache_info
.signed_descriptor_body
);
3191 tor_free(router
->nickname
);
3192 tor_free(router
->platform
);
3193 tor_free(router
->protocol_list
);
3194 tor_free(router
->contact_info
);
3195 if (router
->onion_pkey
)
3196 crypto_pk_free(router
->onion_pkey
);
3197 tor_free(router
->onion_curve25519_pkey
);
3198 if (router
->identity_pkey
)
3199 crypto_pk_free(router
->identity_pkey
);
3200 tor_cert_free(router
->cache_info
.signing_key_cert
);
3201 if (router
->declared_family
) {
3202 SMARTLIST_FOREACH(router
->declared_family
, char *, s
, tor_free(s
));
3203 smartlist_free(router
->declared_family
);
3205 addr_policy_list_free(router
->exit_policy
);
3206 short_policy_free(router
->ipv6_exit_policy
);
3208 memset(router
, 77, sizeof(routerinfo_t
));
3213 /** Release all storage held by <b>extrainfo</b> */
3215 extrainfo_free(extrainfo_t
*extrainfo
)
3219 tor_cert_free(extrainfo
->cache_info
.signing_key_cert
);
3220 tor_free(extrainfo
->cache_info
.signed_descriptor_body
);
3221 tor_free(extrainfo
->pending_sig
);
3223 memset(extrainfo
, 88, sizeof(extrainfo_t
)); /* debug bad memory usage */
3224 tor_free(extrainfo
);
3227 /** Release storage held by <b>sd</b>. */
3229 signed_descriptor_free(signed_descriptor_t
*sd
)
3234 tor_free(sd
->signed_descriptor_body
);
3235 tor_cert_free(sd
->signing_key_cert
);
3237 memset(sd
, 99, sizeof(signed_descriptor_t
)); /* Debug bad mem usage */
3241 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3242 * memory inside the object and by zeroing its content. */
3244 signed_descriptor_reset(signed_descriptor_t
*sd
)
3247 tor_free(sd
->signed_descriptor_body
);
3248 tor_cert_free(sd
->signing_key_cert
);
3249 memset(sd
, 0, sizeof(*sd
));
3252 /** Copy src into dest, and steal all references inside src so that when
3253 * we free src, we don't mess up dest. */
3255 signed_descriptor_move(signed_descriptor_t
*dest
,
3256 signed_descriptor_t
*src
)
3258 tor_assert(dest
!= src
);
3259 /* Cleanup destination object before overwriting it.*/
3260 signed_descriptor_reset(dest
);
3261 memcpy(dest
, src
, sizeof(signed_descriptor_t
));
3262 src
->signed_descriptor_body
= NULL
;
3263 src
->signing_key_cert
= NULL
;
3264 dest
->routerlist_index
= -1;
3267 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3270 static signed_descriptor_t
*
3271 signed_descriptor_from_routerinfo(routerinfo_t
*ri
)
3273 signed_descriptor_t
*sd
;
3274 tor_assert(ri
->purpose
== ROUTER_PURPOSE_GENERAL
);
3275 sd
= tor_malloc_zero(sizeof(signed_descriptor_t
));
3276 signed_descriptor_move(sd
, &ri
->cache_info
);
3277 routerinfo_free(ri
);
3281 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3283 extrainfo_free_(void *e
)
3288 /** Free all storage held by a routerlist <b>rl</b>. */
3290 routerlist_free(routerlist_t
*rl
)
3294 rimap_free(rl
->identity_map
, NULL
);
3295 sdmap_free(rl
->desc_digest_map
, NULL
);
3296 sdmap_free(rl
->desc_by_eid_map
, NULL
);
3297 eimap_free(rl
->extra_info_map
, extrainfo_free_
);
3298 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3299 routerinfo_free(r
));
3300 SMARTLIST_FOREACH(rl
->old_routers
, signed_descriptor_t
*, sd
,
3301 signed_descriptor_free(sd
));
3302 smartlist_free(rl
->routers
);
3303 smartlist_free(rl
->old_routers
);
3304 if (rl
->desc_store
.mmap
) {
3305 int res
= tor_munmap_file(routerlist
->desc_store
.mmap
);
3307 log_warn(LD_FS
, "Failed to munmap routerlist->desc_store.mmap");
3310 if (rl
->extrainfo_store
.mmap
) {
3311 int res
= tor_munmap_file(routerlist
->extrainfo_store
.mmap
);
3313 log_warn(LD_FS
, "Failed to munmap routerlist->extrainfo_store.mmap");
3318 router_dir_info_changed();
3321 /** Log information about how much memory is being used for routerlist,
3322 * at log level <b>severity</b>. */
3324 dump_routerlist_mem_usage(int severity
)
3326 uint64_t livedescs
= 0;
3327 uint64_t olddescs
= 0;
3330 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, r
,
3331 livedescs
+= r
->cache_info
.signed_descriptor_len
);
3332 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
3333 olddescs
+= sd
->signed_descriptor_len
);
3335 tor_log(severity
, LD_DIR
,
3336 "In %d live descriptors: "U64_FORMAT
" bytes. "
3337 "In %d old descriptors: "U64_FORMAT
" bytes.",
3338 smartlist_len(routerlist
->routers
), U64_PRINTF_ARG(livedescs
),
3339 smartlist_len(routerlist
->old_routers
), U64_PRINTF_ARG(olddescs
));
3342 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3343 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3344 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3345 * is not in <b>sl</b>. */
3347 routerlist_find_elt_(smartlist_t
*sl
, void *ri
, int idx
)
3351 SMARTLIST_FOREACH(sl
, routerinfo_t
*, r
,
3357 tor_assert(idx
< smartlist_len(sl
));
3358 tor_assert(smartlist_get(sl
, idx
) == ri
);
3363 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3364 * as needed. There must be no previous member of <b>rl</b> with the same
3365 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3369 routerlist_insert(routerlist_t
*rl
, routerinfo_t
*ri
)
3371 routerinfo_t
*ri_old
;
3372 signed_descriptor_t
*sd_old
;
3374 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3375 tor_assert(ri_generated
!= ri
);
3377 tor_assert(ri
->cache_info
.routerlist_index
== -1);
3379 ri_old
= rimap_set(rl
->identity_map
, ri
->cache_info
.identity_digest
, ri
);
3380 tor_assert(!ri_old
);
3382 sd_old
= sdmap_set(rl
->desc_digest_map
,
3383 ri
->cache_info
.signed_descriptor_digest
,
3386 int idx
= sd_old
->routerlist_index
;
3387 sd_old
->routerlist_index
= -1;
3388 smartlist_del(rl
->old_routers
, idx
);
3389 if (idx
< smartlist_len(rl
->old_routers
)) {
3390 signed_descriptor_t
*d
= smartlist_get(rl
->old_routers
, idx
);
3391 d
->routerlist_index
= idx
;
3393 rl
->desc_store
.bytes_dropped
+= sd_old
->signed_descriptor_len
;
3394 sdmap_remove(rl
->desc_by_eid_map
, sd_old
->extra_info_digest
);
3395 signed_descriptor_free(sd_old
);
3398 if (!tor_digest_is_zero(ri
->cache_info
.extra_info_digest
))
3399 sdmap_set(rl
->desc_by_eid_map
, ri
->cache_info
.extra_info_digest
,
3401 smartlist_add(rl
->routers
, ri
);
3402 ri
->cache_info
.routerlist_index
= smartlist_len(rl
->routers
) - 1;
3403 nodelist_set_routerinfo(ri
, NULL
);
3404 router_dir_info_changed();
3405 #ifdef DEBUG_ROUTERLIST
3406 routerlist_assert_ok(rl
);
3410 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3411 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3412 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3413 MOCK_IMPL(STATIC was_router_added_t
,
3414 extrainfo_insert
,(routerlist_t
*rl
, extrainfo_t
*ei
, int warn_if_incompatible
))
3416 was_router_added_t r
;
3417 const char *compatibility_error_msg
;
3418 routerinfo_t
*ri
= rimap_get(rl
->identity_map
,
3419 ei
->cache_info
.identity_digest
);
3420 signed_descriptor_t
*sd
=
3421 sdmap_get(rl
->desc_by_eid_map
, ei
->cache_info
.signed_descriptor_digest
);
3422 extrainfo_t
*ei_tmp
;
3423 const int severity
= warn_if_incompatible
? LOG_WARN
: LOG_INFO
;
3426 extrainfo_t
*ei_generated
= router_get_my_extrainfo();
3427 tor_assert(ei_generated
!= ei
);
3431 /* This router is unknown; we can't even verify the signature. Give up.*/
3432 r
= ROUTER_NOT_IN_CONSENSUS
;
3436 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3437 * This just won't work. */;
3438 static ratelim_t no_sd_ratelim
= RATELIM_INIT(1800);
3440 log_fn_ratelim(&no_sd_ratelim
, severity
, LD_BUG
,
3441 "No entry found in extrainfo map.");
3444 if (tor_memneq(ei
->cache_info
.signed_descriptor_digest
,
3445 sd
->extra_info_digest
, DIGEST_LEN
)) {
3446 static ratelim_t digest_mismatch_ratelim
= RATELIM_INIT(1800);
3447 /* The sd we got from the map doesn't match the digest we used to look
3448 * it up. This makes no sense. */
3450 log_fn_ratelim(&digest_mismatch_ratelim
, severity
, LD_BUG
,
3451 "Mismatch in digest in extrainfo map.");
3454 if (routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
, sd
,
3455 &compatibility_error_msg
)) {
3456 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
3457 r
= (ri
->cache_info
.extrainfo_is_bogus
) ?
3458 ROUTER_BAD_EI
: ROUTER_NOT_IN_CONSENSUS
;
3460 base16_encode(d1
, sizeof(d1
), ri
->cache_info
.identity_digest
, DIGEST_LEN
);
3461 base16_encode(d2
, sizeof(d2
), ei
->cache_info
.identity_digest
, DIGEST_LEN
);
3463 log_fn(severity
,LD_DIR
,
3464 "router info incompatible with extra info (ri id: %s, ei id %s, "
3465 "reason: %s)", d1
, d2
, compatibility_error_msg
);
3470 /* Okay, if we make it here, we definitely have a router corresponding to
3471 * this extrainfo. */
3473 ei_tmp
= eimap_set(rl
->extra_info_map
,
3474 ei
->cache_info
.signed_descriptor_digest
,
3476 r
= ROUTER_ADDED_SUCCESSFULLY
;
3478 rl
->extrainfo_store
.bytes_dropped
+=
3479 ei_tmp
->cache_info
.signed_descriptor_len
;
3480 extrainfo_free(ei_tmp
);
3484 if (r
!= ROUTER_ADDED_SUCCESSFULLY
)
3487 #ifdef DEBUG_ROUTERLIST
3488 routerlist_assert_ok(rl
);
3493 #define should_cache_old_descriptors() \
3494 directory_caches_dir_info(get_options())
3496 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3497 * a copy of router <b>ri</b> yet, add it to the list of old (not
3498 * recommended but still served) descriptors. Else free it. */
3500 routerlist_insert_old(routerlist_t
*rl
, routerinfo_t
*ri
)
3503 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3504 tor_assert(ri_generated
!= ri
);
3506 tor_assert(ri
->cache_info
.routerlist_index
== -1);
3508 if (should_cache_old_descriptors() &&
3509 ri
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3510 !sdmap_get(rl
->desc_digest_map
,
3511 ri
->cache_info
.signed_descriptor_digest
)) {
3512 signed_descriptor_t
*sd
= signed_descriptor_from_routerinfo(ri
);
3513 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3514 smartlist_add(rl
->old_routers
, sd
);
3515 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3516 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3517 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3519 routerinfo_free(ri
);
3521 #ifdef DEBUG_ROUTERLIST
3522 routerlist_assert_ok(rl
);
3526 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3527 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl->routers,
3528 * idx) == ri, we don't need to do a linear search over the list to decide
3529 * which to remove. We fill the gap in rl->routers with a later element in
3530 * the list, if any exists. <b>ri</b> is freed.
3532 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3533 * it to rl->old_routers. */
3535 routerlist_remove(routerlist_t
*rl
, routerinfo_t
*ri
, int make_old
, time_t now
)
3537 routerinfo_t
*ri_tmp
;
3538 extrainfo_t
*ei_tmp
;
3539 int idx
= ri
->cache_info
.routerlist_index
;
3540 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->routers
));
3541 tor_assert(smartlist_get(rl
->routers
, idx
) == ri
);
3543 nodelist_remove_routerinfo(ri
);
3545 /* make sure the rephist module knows that it's not running */
3546 rep_hist_note_router_unreachable(ri
->cache_info
.identity_digest
, now
);
3548 ri
->cache_info
.routerlist_index
= -1;
3549 smartlist_del(rl
->routers
, idx
);
3550 if (idx
< smartlist_len(rl
->routers
)) {
3551 routerinfo_t
*r
= smartlist_get(rl
->routers
, idx
);
3552 r
->cache_info
.routerlist_index
= idx
;
3555 ri_tmp
= rimap_remove(rl
->identity_map
, ri
->cache_info
.identity_digest
);
3556 router_dir_info_changed();
3557 tor_assert(ri_tmp
== ri
);
3559 if (make_old
&& should_cache_old_descriptors() &&
3560 ri
->purpose
== ROUTER_PURPOSE_GENERAL
) {
3561 signed_descriptor_t
*sd
;
3562 sd
= signed_descriptor_from_routerinfo(ri
);
3563 smartlist_add(rl
->old_routers
, sd
);
3564 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3565 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3566 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3567 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3569 signed_descriptor_t
*sd_tmp
;
3570 sd_tmp
= sdmap_remove(rl
->desc_digest_map
,
3571 ri
->cache_info
.signed_descriptor_digest
);
3572 tor_assert(sd_tmp
== &(ri
->cache_info
));
3573 rl
->desc_store
.bytes_dropped
+= ri
->cache_info
.signed_descriptor_len
;
3574 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3575 ri
->cache_info
.extra_info_digest
);
3577 rl
->extrainfo_store
.bytes_dropped
+=
3578 ei_tmp
->cache_info
.signed_descriptor_len
;
3579 extrainfo_free(ei_tmp
);
3581 if (!tor_digest_is_zero(ri
->cache_info
.extra_info_digest
))
3582 sdmap_remove(rl
->desc_by_eid_map
, ri
->cache_info
.extra_info_digest
);
3583 routerinfo_free(ri
);
3585 #ifdef DEBUG_ROUTERLIST
3586 routerlist_assert_ok(rl
);
3590 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3591 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3594 routerlist_remove_old(routerlist_t
*rl
, signed_descriptor_t
*sd
, int idx
)
3596 signed_descriptor_t
*sd_tmp
;
3597 extrainfo_t
*ei_tmp
;
3598 desc_store_t
*store
;
3600 idx
= sd
->routerlist_index
;
3602 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->old_routers
));
3603 /* XXXX edmanm's bridge relay triggered the following assert while
3604 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3605 * can get a backtrace. */
3606 tor_assert(smartlist_get(rl
->old_routers
, idx
) == sd
);
3607 tor_assert(idx
== sd
->routerlist_index
);
3609 sd
->routerlist_index
= -1;
3610 smartlist_del(rl
->old_routers
, idx
);
3611 if (idx
< smartlist_len(rl
->old_routers
)) {
3612 signed_descriptor_t
*d
= smartlist_get(rl
->old_routers
, idx
);
3613 d
->routerlist_index
= idx
;
3615 sd_tmp
= sdmap_remove(rl
->desc_digest_map
,
3616 sd
->signed_descriptor_digest
);
3617 tor_assert(sd_tmp
== sd
);
3618 store
= desc_get_store(rl
, sd
);
3620 store
->bytes_dropped
+= sd
->signed_descriptor_len
;
3622 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3623 sd
->extra_info_digest
);
3625 rl
->extrainfo_store
.bytes_dropped
+=
3626 ei_tmp
->cache_info
.signed_descriptor_len
;
3627 extrainfo_free(ei_tmp
);
3629 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3630 sdmap_remove(rl
->desc_by_eid_map
, sd
->extra_info_digest
);
3632 signed_descriptor_free(sd
);
3633 #ifdef DEBUG_ROUTERLIST
3634 routerlist_assert_ok(rl
);
3638 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3639 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3640 * smartlist_get(rl->routers, idx) == ri, we don't need to do a linear
3641 * search over the list to decide which to remove. We put ri_new in the same
3642 * index as ri_old, if possible. ri is freed as appropriate.
3644 * If should_cache_descriptors() is true, instead of deleting the router,
3645 * we add it to rl->old_routers. */
3647 routerlist_replace(routerlist_t
*rl
, routerinfo_t
*ri_old
,
3648 routerinfo_t
*ri_new
)
3651 int same_descriptors
;
3653 routerinfo_t
*ri_tmp
;
3654 extrainfo_t
*ei_tmp
;
3656 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3657 tor_assert(ri_generated
!= ri_new
);
3659 tor_assert(ri_old
!= ri_new
);
3660 tor_assert(ri_new
->cache_info
.routerlist_index
== -1);
3662 idx
= ri_old
->cache_info
.routerlist_index
;
3663 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->routers
));
3664 tor_assert(smartlist_get(rl
->routers
, idx
) == ri_old
);
3667 routerinfo_t
*ri_old_tmp
=NULL
;
3668 nodelist_set_routerinfo(ri_new
, &ri_old_tmp
);
3669 tor_assert(ri_old
== ri_old_tmp
);
3672 router_dir_info_changed();
3674 smartlist_set(rl
->routers
, idx
, ri_new
);
3675 ri_old
->cache_info
.routerlist_index
= -1;
3676 ri_new
->cache_info
.routerlist_index
= idx
;
3677 /* Check that ri_old is not in rl->routers anymore: */
3678 tor_assert( routerlist_find_elt_(rl
->routers
, ri_old
, -1) == -1 );
3680 log_warn(LD_BUG
, "Appending entry from routerlist_replace.");
3681 routerlist_insert(rl
, ri_new
);
3684 if (tor_memneq(ri_old
->cache_info
.identity_digest
,
3685 ri_new
->cache_info
.identity_digest
, DIGEST_LEN
)) {
3686 /* digests don't match; digestmap_set won't replace */
3687 rimap_remove(rl
->identity_map
, ri_old
->cache_info
.identity_digest
);
3689 ri_tmp
= rimap_set(rl
->identity_map
,
3690 ri_new
->cache_info
.identity_digest
, ri_new
);
3691 tor_assert(!ri_tmp
|| ri_tmp
== ri_old
);
3692 sdmap_set(rl
->desc_digest_map
,
3693 ri_new
->cache_info
.signed_descriptor_digest
,
3694 &(ri_new
->cache_info
));
3696 if (!tor_digest_is_zero(ri_new
->cache_info
.extra_info_digest
)) {
3697 sdmap_set(rl
->desc_by_eid_map
, ri_new
->cache_info
.extra_info_digest
,
3698 &ri_new
->cache_info
);
3701 same_descriptors
= tor_memeq(ri_old
->cache_info
.signed_descriptor_digest
,
3702 ri_new
->cache_info
.signed_descriptor_digest
,
3705 if (should_cache_old_descriptors() &&
3706 ri_old
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3707 !same_descriptors
) {
3708 /* ri_old is going to become a signed_descriptor_t and go into
3710 signed_descriptor_t
*sd
= signed_descriptor_from_routerinfo(ri_old
);
3711 smartlist_add(rl
->old_routers
, sd
);
3712 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3713 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3714 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3715 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3717 /* We're dropping ri_old. */
3718 if (!same_descriptors
) {
3719 /* digests don't match; The sdmap_set above didn't replace */
3720 sdmap_remove(rl
->desc_digest_map
,
3721 ri_old
->cache_info
.signed_descriptor_digest
);
3723 if (tor_memneq(ri_old
->cache_info
.extra_info_digest
,
3724 ri_new
->cache_info
.extra_info_digest
, DIGEST_LEN
)) {
3725 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3726 ri_old
->cache_info
.extra_info_digest
);
3728 rl
->extrainfo_store
.bytes_dropped
+=
3729 ei_tmp
->cache_info
.signed_descriptor_len
;
3730 extrainfo_free(ei_tmp
);
3734 if (!tor_digest_is_zero(ri_old
->cache_info
.extra_info_digest
)) {
3735 sdmap_remove(rl
->desc_by_eid_map
,
3736 ri_old
->cache_info
.extra_info_digest
);
3739 rl
->desc_store
.bytes_dropped
+= ri_old
->cache_info
.signed_descriptor_len
;
3740 routerinfo_free(ri_old
);
3742 #ifdef DEBUG_ROUTERLIST
3743 routerlist_assert_ok(rl
);
3747 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3748 * it as a fresh routerinfo_t. */
3749 static routerinfo_t
*
3750 routerlist_reparse_old(routerlist_t
*rl
, signed_descriptor_t
*sd
)
3755 body
= signed_descriptor_get_annotations(sd
);
3757 ri
= router_parse_entry_from_string(body
,
3758 body
+sd
->signed_descriptor_len
+sd
->annotations_len
,
3762 signed_descriptor_move(&ri
->cache_info
, sd
);
3764 routerlist_remove_old(rl
, sd
, -1);
3769 /** Free all memory held by the routerlist module.
3770 * Note: Calling routerlist_free_all() should always be paired with
3771 * a call to nodelist_free_all(). These should only be called during
3775 routerlist_free_all(void)
3777 routerlist_free(routerlist
);
3779 if (warned_nicknames
) {
3780 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
3781 smartlist_free(warned_nicknames
);
3782 warned_nicknames
= NULL
;
3784 clear_dir_servers();
3785 smartlist_free(trusted_dir_servers
);
3786 smartlist_free(fallback_dir_servers
);
3787 trusted_dir_servers
= fallback_dir_servers
= NULL
;
3788 if (trusted_dir_certs
) {
3789 digestmap_free(trusted_dir_certs
, cert_list_free_
);
3790 trusted_dir_certs
= NULL
;
3794 /** Forget that we have issued any router-related warnings, so that we'll
3795 * warn again if we see the same errors. */
3797 routerlist_reset_warnings(void)
3799 if (!warned_nicknames
)
3800 warned_nicknames
= smartlist_new();
3801 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
3802 smartlist_clear(warned_nicknames
); /* now the list is empty. */
3804 networkstatus_reset_warnings();
3807 /** Return 1 if the signed descriptor of this router is older than
3808 * <b>seconds</b> seconds. Otherwise return 0. */
3810 router_descriptor_is_older_than
,(const routerinfo_t
*router
, int seconds
))
3812 return router
->cache_info
.published_on
< approx_time() - seconds
;
3815 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3816 * older entries (if any) with the same key. Note: Callers should not hold
3817 * their pointers to <b>router</b> if this function fails; <b>router</b>
3818 * will either be inserted into the routerlist or freed. Similarly, even
3819 * if this call succeeds, they should not hold their pointers to
3820 * <b>router</b> after subsequent calls with other routerinfo's -- they
3821 * might cause the original routerinfo to get freed.
3823 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3824 * the poster of the router to know something.
3826 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3827 * <b>from_fetch</b>, we received it in response to a request we made.
3828 * (If both are false, that means it was uploaded to us as an auth dir
3829 * server or via the controller.)
3831 * This function should be called *after*
3832 * routers_update_status_from_consensus_networkstatus; subsequently, you
3833 * should call router_rebuild_store and routerlist_descriptors_added.
3836 router_add_to_routerlist(routerinfo_t
*router
, const char **msg
,
3837 int from_cache
, int from_fetch
)
3839 const char *id_digest
;
3840 const or_options_t
*options
= get_options();
3841 int authdir
= authdir_mode_handles_descs(options
, router
->purpose
);
3842 int authdir_believes_valid
= 0;
3843 routerinfo_t
*old_router
;
3844 networkstatus_t
*consensus
=
3845 networkstatus_get_latest_consensus_by_flavor(FLAV_NS
);
3846 int in_consensus
= 0;
3851 router_get_routerlist();
3853 id_digest
= router
->cache_info
.identity_digest
;
3855 old_router
= router_get_mutable_by_digest(id_digest
);
3857 /* Make sure that it isn't expired. */
3858 if (router
->cert_expiration_time
< approx_time()) {
3859 routerinfo_free(router
);
3860 *msg
= "Some certs on this router are expired.";
3861 return ROUTER_CERTS_EXPIRED
;
3864 /* Make sure that we haven't already got this exact descriptor. */
3865 if (sdmap_get(routerlist
->desc_digest_map
,
3866 router
->cache_info
.signed_descriptor_digest
)) {
3867 /* If we have this descriptor already and the new descriptor is a bridge
3868 * descriptor, replace it. If we had a bridge descriptor before and the
3869 * new one is not a bridge descriptor, don't replace it. */
3871 /* Only members of routerlist->identity_map can be bridges; we don't
3872 * put bridges in old_routers. */
3873 const int was_bridge
= old_router
&&
3874 old_router
->purpose
== ROUTER_PURPOSE_BRIDGE
;
3876 if (routerinfo_is_a_configured_bridge(router
) &&
3877 router
->purpose
== ROUTER_PURPOSE_BRIDGE
&&
3879 log_info(LD_DIR
, "Replacing non-bridge descriptor with bridge "
3880 "descriptor for router %s",
3881 router_describe(router
));
3884 "Dropping descriptor that we already have for router %s",
3885 router_describe(router
));
3886 *msg
= "Router descriptor was not new.";
3887 routerinfo_free(router
);
3888 return ROUTER_IS_ALREADY_KNOWN
;
3893 if (authdir_wants_to_reject_router(router
, msg
,
3894 !from_cache
&& !from_fetch
,
3895 &authdir_believes_valid
)) {
3897 routerinfo_free(router
);
3898 return ROUTER_AUTHDIR_REJECTS
;
3900 } else if (from_fetch
) {
3901 /* Only check the descriptor digest against the network statuses when
3902 * we are receiving in response to a fetch. */
3904 if (!signed_desc_digest_is_recognized(&router
->cache_info
) &&
3905 !routerinfo_is_a_configured_bridge(router
)) {
3906 /* We asked for it, so some networkstatus must have listed it when we
3907 * did. Save it if we're a cache in case somebody else asks for it. */
3909 "Received a no-longer-recognized descriptor for router %s",
3910 router_describe(router
));
3911 *msg
= "Router descriptor is not referenced by any network-status.";
3913 /* Only journal this desc if we'll be serving it. */
3914 if (!from_cache
&& should_cache_old_descriptors())
3915 signed_desc_append_to_journal(&router
->cache_info
,
3916 &routerlist
->desc_store
);
3917 routerlist_insert_old(routerlist
, router
);
3918 return ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS
;
3922 /* We no longer need a router with this descriptor digest. */
3924 routerstatus_t
*rs
= networkstatus_vote_find_mutable_entry(
3925 consensus
, id_digest
);
3926 if (rs
&& tor_memeq(rs
->descriptor_digest
,
3927 router
->cache_info
.signed_descriptor_digest
,
3933 if (router
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3934 consensus
&& !in_consensus
&& !authdir
) {
3935 /* If it's a general router not listed in the consensus, then don't
3936 * consider replacing the latest router with it. */
3937 if (!from_cache
&& should_cache_old_descriptors())
3938 signed_desc_append_to_journal(&router
->cache_info
,
3939 &routerlist
->desc_store
);
3940 routerlist_insert_old(routerlist
, router
);
3941 *msg
= "Skipping router descriptor: not in consensus.";
3942 return ROUTER_NOT_IN_CONSENSUS
;
3945 /* If we're reading a bridge descriptor from our cache, and we don't
3946 * recognize it as one of our currently configured bridges, drop the
3947 * descriptor. Otherwise we could end up using it as one of our entry
3948 * guards even if it isn't in our Bridge config lines. */
3949 if (router
->purpose
== ROUTER_PURPOSE_BRIDGE
&& from_cache
&&
3950 !authdir_mode_bridge(options
) &&
3951 !routerinfo_is_a_configured_bridge(router
)) {
3952 log_info(LD_DIR
, "Dropping bridge descriptor for %s because we have "
3953 "no bridge configured at that address.",
3954 safe_str_client(router_describe(router
)));
3955 *msg
= "Router descriptor was not a configured bridge.";
3956 routerinfo_free(router
);
3957 return ROUTER_WAS_NOT_WANTED
;
3960 /* If we have a router with the same identity key, choose the newer one. */
3962 if (!in_consensus
&& (router
->cache_info
.published_on
<=
3963 old_router
->cache_info
.published_on
)) {
3964 /* Same key, but old. This one is not listed in the consensus. */
3965 log_debug(LD_DIR
, "Not-new descriptor for router %s",
3966 router_describe(router
));
3967 /* Only journal this desc if we'll be serving it. */
3968 if (!from_cache
&& should_cache_old_descriptors())
3969 signed_desc_append_to_journal(&router
->cache_info
,
3970 &routerlist
->desc_store
);
3971 routerlist_insert_old(routerlist
, router
);
3972 *msg
= "Router descriptor was not new.";
3973 return ROUTER_IS_ALREADY_KNOWN
;
3975 /* Same key, and either new, or listed in the consensus. */
3976 log_debug(LD_DIR
, "Replacing entry for router %s",
3977 router_describe(router
));
3978 routerlist_replace(routerlist
, old_router
, router
);
3980 signed_desc_append_to_journal(&router
->cache_info
,
3981 &routerlist
->desc_store
);
3983 *msg
= authdir_believes_valid
? "Valid server updated" :
3984 ("Invalid server updated. (This dirserver is marking your "
3985 "server as unapproved.)");
3986 return ROUTER_ADDED_SUCCESSFULLY
;
3990 if (!in_consensus
&& from_cache
&&
3991 router_descriptor_is_older_than(router
, OLD_ROUTER_DESC_MAX_AGE
)) {
3992 *msg
= "Router descriptor was really old.";
3993 routerinfo_free(router
);
3994 return ROUTER_WAS_TOO_OLD
;
3997 /* We haven't seen a router with this identity before. Add it to the end of
3999 routerlist_insert(routerlist
, router
);
4001 signed_desc_append_to_journal(&router
->cache_info
,
4002 &routerlist
->desc_store
);
4004 return ROUTER_ADDED_SUCCESSFULLY
;
4007 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
4008 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
4009 * we actually inserted it, ROUTER_BAD_EI otherwise.
4012 router_add_extrainfo_to_routerlist(extrainfo_t
*ei
, const char **msg
,
4013 int from_cache
, int from_fetch
)
4015 was_router_added_t inserted
;
4017 if (msg
) *msg
= NULL
;
4018 /*XXXX Do something with msg */
4020 inserted
= extrainfo_insert(router_get_routerlist(), ei
, !from_cache
);
4022 if (WRA_WAS_ADDED(inserted
) && !from_cache
)
4023 signed_desc_append_to_journal(&ei
->cache_info
,
4024 &routerlist
->extrainfo_store
);
4029 /** Sorting helper: return <0, 0, or >0 depending on whether the
4030 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4031 * to, or later than that of *<b>b</b>. */
4033 compare_old_routers_by_identity_(const void **_a
, const void **_b
)
4036 const signed_descriptor_t
*r1
= *_a
, *r2
= *_b
;
4037 if ((i
= fast_memcmp(r1
->identity_digest
, r2
->identity_digest
, DIGEST_LEN
)))
4039 return (int)(r1
->published_on
- r2
->published_on
);
4042 /** Internal type used to represent how long an old descriptor was valid,
4043 * where it appeared in the list of old descriptors, and whether it's extra
4044 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4045 struct duration_idx_t
{
4051 /** Sorting helper: compare two duration_idx_t by their duration. */
4053 compare_duration_idx_(const void *_d1
, const void *_d2
)
4055 const struct duration_idx_t
*d1
= _d1
;
4056 const struct duration_idx_t
*d2
= _d2
;
4057 return d1
->duration
- d2
->duration
;
4060 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4061 * must contain routerinfo_t with the same identity and with publication time
4062 * in ascending order. Remove members from this range until there are no more
4063 * than max_descriptors_per_router() remaining. Start by removing the oldest
4064 * members from before <b>cutoff</b>, then remove members which were current
4065 * for the lowest amount of time. The order of members of old_routers at
4066 * indices <b>lo</b> or higher may be changed.
4069 routerlist_remove_old_cached_routers_with_id(time_t now
,
4070 time_t cutoff
, int lo
, int hi
,
4071 digestset_t
*retain
)
4074 unsigned n_extra
, n_rmv
= 0;
4075 struct duration_idx_t
*lifespans
;
4076 uint8_t *rmv
, *must_keep
;
4077 smartlist_t
*lst
= routerlist
->old_routers
;
4080 tor_assert(hi
< smartlist_len(lst
));
4081 tor_assert(lo
<= hi
);
4082 ident
= ((signed_descriptor_t
*)smartlist_get(lst
, lo
))->identity_digest
;
4083 for (i
= lo
+1; i
<= hi
; ++i
) {
4084 signed_descriptor_t
*r
= smartlist_get(lst
, i
);
4085 tor_assert(tor_memeq(ident
, r
->identity_digest
, DIGEST_LEN
));
4088 /* Check whether we need to do anything at all. */
4090 int mdpr
= directory_caches_dir_info(get_options()) ? 2 : 1;
4096 lifespans
= tor_calloc(n
, sizeof(struct duration_idx_t
));
4097 rmv
= tor_calloc(n
, sizeof(uint8_t));
4098 must_keep
= tor_calloc(n
, sizeof(uint8_t));
4099 /* Set lifespans to contain the lifespan and index of each server. */
4100 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4101 for (i
= lo
; i
<= hi
; ++i
) {
4102 signed_descriptor_t
*r
= smartlist_get(lst
, i
);
4103 signed_descriptor_t
*r_next
;
4104 lifespans
[i
-lo
].idx
= i
;
4105 if (r
->last_listed_as_valid_until
>= now
||
4106 (retain
&& digestset_contains(retain
, r
->signed_descriptor_digest
))) {
4107 must_keep
[i
-lo
] = 1;
4110 r_next
= smartlist_get(lst
, i
+1);
4111 tor_assert(r
->published_on
<= r_next
->published_on
);
4112 lifespans
[i
-lo
].duration
= (int)(r_next
->published_on
- r
->published_on
);
4115 lifespans
[i
-lo
].duration
= INT_MAX
;
4117 if (!must_keep
[i
-lo
] && r
->published_on
< cutoff
&& n_rmv
< n_extra
) {
4119 lifespans
[i
-lo
].old
= 1;
4124 if (n_rmv
< n_extra
) {
4126 * We aren't removing enough servers for being old. Sort lifespans by
4127 * the duration of liveness, and remove the ones we're not already going to
4128 * remove based on how long they were alive.
4130 qsort(lifespans
, n
, sizeof(struct duration_idx_t
), compare_duration_idx_
);
4131 for (i
= 0; i
< n
&& n_rmv
< n_extra
; ++i
) {
4132 if (!must_keep
[lifespans
[i
].idx
-lo
] && !lifespans
[i
].old
) {
4133 rmv
[lifespans
[i
].idx
-lo
] = 1;
4142 routerlist_remove_old(routerlist
, smartlist_get(lst
, i
), i
);
4143 } while (--i
>= lo
);
4144 tor_free(must_keep
);
4146 tor_free(lifespans
);
4149 /** Deactivate any routers from the routerlist that are more than
4150 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4151 * remove old routers from the list of cached routers if we have too many.
4154 routerlist_remove_old_routers(void)
4157 const char *cur_id
= NULL
;
4158 time_t now
= time(NULL
);
4160 routerinfo_t
*router
;
4161 signed_descriptor_t
*sd
;
4162 digestset_t
*retain
;
4163 const networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
4165 trusted_dirs_remove_old_certs();
4167 if (!routerlist
|| !consensus
)
4170 // routerlist_assert_ok(routerlist);
4172 /* We need to guess how many router descriptors we will wind up wanting to
4173 retain, so that we can be sure to allocate a large enough Bloom filter
4174 to hold the digest set. Overestimating is fine; underestimating is bad.
4177 /* We'll probably retain everything in the consensus. */
4178 int n_max_retain
= smartlist_len(consensus
->routerstatus_list
);
4179 retain
= digestset_new(n_max_retain
);
4182 cutoff
= now
- OLD_ROUTER_DESC_MAX_AGE
;
4183 /* Retain anything listed in the consensus. */
4185 SMARTLIST_FOREACH(consensus
->routerstatus_list
, routerstatus_t
*, rs
,
4186 if (rs
->published_on
>= cutoff
)
4187 digestset_add(retain
, rs
->descriptor_digest
));
4190 /* If we have a consensus, we should consider pruning current routers that
4191 * are too old and that nobody recommends. (If we don't have a consensus,
4192 * then we should get one before we decide to kill routers.) */
4195 cutoff
= now
- ROUTER_MAX_AGE
;
4196 /* Remove too-old unrecommended members of routerlist->routers. */
4197 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
4198 router
= smartlist_get(routerlist
->routers
, i
);
4199 if (router
->cache_info
.published_on
<= cutoff
&&
4200 router
->cache_info
.last_listed_as_valid_until
< now
&&
4201 !digestset_contains(retain
,
4202 router
->cache_info
.signed_descriptor_digest
)) {
4203 /* Too old: remove it. (If we're a cache, just move it into
4206 "Forgetting obsolete (too old) routerinfo for router %s",
4207 router_describe(router
));
4208 routerlist_remove(routerlist
, router
, 1, now
);
4214 //routerlist_assert_ok(routerlist);
4216 /* Remove far-too-old members of routerlist->old_routers. */
4217 cutoff
= now
- OLD_ROUTER_DESC_MAX_AGE
;
4218 for (i
= 0; i
< smartlist_len(routerlist
->old_routers
); ++i
) {
4219 sd
= smartlist_get(routerlist
->old_routers
, i
);
4220 if (sd
->published_on
<= cutoff
&&
4221 sd
->last_listed_as_valid_until
< now
&&
4222 !digestset_contains(retain
, sd
->signed_descriptor_digest
)) {
4223 /* Too old. Remove it. */
4224 routerlist_remove_old(routerlist
, sd
, i
--);
4228 //routerlist_assert_ok(routerlist);
4230 log_info(LD_DIR
, "We have %d live routers and %d old router descriptors.",
4231 smartlist_len(routerlist
->routers
),
4232 smartlist_len(routerlist
->old_routers
));
4234 /* Now we might have to look at routerlist->old_routers for extraneous
4235 * members. (We'd keep all the members if we could, but we need to save
4236 * space.) First, check whether we have too many router descriptors, total.
4237 * We're okay with having too many for some given router, so long as the
4238 * total number doesn't approach max_descriptors_per_router()*len(router).
4240 if (smartlist_len(routerlist
->old_routers
) <
4241 smartlist_len(routerlist
->routers
))
4244 /* Sort by identity, then fix indices. */
4245 smartlist_sort(routerlist
->old_routers
, compare_old_routers_by_identity_
);
4247 for (i
= 0; i
< smartlist_len(routerlist
->old_routers
); ++i
) {
4248 signed_descriptor_t
*r
= smartlist_get(routerlist
->old_routers
, i
);
4249 r
->routerlist_index
= i
;
4252 /* Iterate through the list from back to front, so when we remove descriptors
4253 * we don't mess up groups we haven't gotten to. */
4254 for (i
= smartlist_len(routerlist
->old_routers
)-1; i
>= 0; --i
) {
4255 signed_descriptor_t
*r
= smartlist_get(routerlist
->old_routers
, i
);
4257 cur_id
= r
->identity_digest
;
4260 if (tor_memneq(cur_id
, r
->identity_digest
, DIGEST_LEN
)) {
4261 routerlist_remove_old_cached_routers_with_id(now
,
4262 cutoff
, i
+1, hi
, retain
);
4263 cur_id
= r
->identity_digest
;
4268 routerlist_remove_old_cached_routers_with_id(now
, cutoff
, 0, hi
, retain
);
4269 //routerlist_assert_ok(routerlist);
4272 digestset_free(retain
);
4273 router_rebuild_store(RRS_DONT_REMOVE_OLD
, &routerlist
->desc_store
);
4274 router_rebuild_store(RRS_DONT_REMOVE_OLD
,&routerlist
->extrainfo_store
);
4277 /** We just added a new set of descriptors. Take whatever extra steps
4280 routerlist_descriptors_added(smartlist_t
*sl
, int from_cache
)
4283 control_event_descriptors_changed(sl
);
4284 SMARTLIST_FOREACH_BEGIN(sl
, routerinfo_t
*, ri
) {
4285 if (ri
->purpose
== ROUTER_PURPOSE_BRIDGE
)
4286 learned_bridge_descriptor(ri
, from_cache
);
4287 if (ri
->needs_retest_if_added
) {
4288 ri
->needs_retest_if_added
= 0;
4289 dirserv_single_reachability_test(approx_time(), ri
);
4291 } SMARTLIST_FOREACH_END(ri
);
4295 * Code to parse a single router descriptor and insert it into the
4296 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4297 * descriptor was well-formed but could not be added; and 1 if the
4298 * descriptor was added.
4300 * If we don't add it and <b>msg</b> is not NULL, then assign to
4301 * *<b>msg</b> a static string describing the reason for refusing the
4304 * This is used only by the controller.
4307 router_load_single_router(const char *s
, uint8_t purpose
, int cache
,
4311 was_router_added_t r
;
4313 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
4317 tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
4318 "@source controller\n"
4319 "@purpose %s\n", router_purpose_to_string(purpose
));
4321 if (!(ri
= router_parse_entry_from_string(s
, NULL
, 1, 0,
4322 annotation_buf
, NULL
))) {
4323 log_warn(LD_DIR
, "Error parsing router descriptor; dropping.");
4324 *msg
= "Couldn't parse router descriptor.";
4327 tor_assert(ri
->purpose
== purpose
);
4328 if (router_is_me(ri
)) {
4329 log_warn(LD_DIR
, "Router's identity key matches mine; dropping.");
4330 *msg
= "Router's identity key matches mine.";
4331 routerinfo_free(ri
);
4335 if (!cache
) /* obey the preference of the controller */
4336 ri
->cache_info
.do_not_cache
= 1;
4338 lst
= smartlist_new();
4339 smartlist_add(lst
, ri
);
4340 routers_update_status_from_consensus_networkstatus(lst
, 0);
4342 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
4343 if (!WRA_WAS_ADDED(r
)) {
4344 /* we've already assigned to *msg now, and ri is already freed */
4346 if (r
== ROUTER_AUTHDIR_REJECTS
)
4347 log_warn(LD_DIR
, "Couldn't add router to list: %s Dropping.", *msg
);
4348 smartlist_free(lst
);
4351 routerlist_descriptors_added(lst
, 0);
4352 smartlist_free(lst
);
4353 log_debug(LD_DIR
, "Added router to list");
4358 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4359 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4360 * are in response to a query to the network: cache them by adding them to
4363 * Return the number of routers actually added.
4365 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4366 * uppercased fingerprints. Do not update any router whose
4367 * fingerprint is not on the list; after updating a router, remove its
4368 * fingerprint from the list.
4370 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4371 * are descriptor digests. Otherwise they are identity digests.
4374 router_load_routers_from_string(const char *s
, const char *eos
,
4375 saved_location_t saved_location
,
4376 smartlist_t
*requested_fingerprints
,
4377 int descriptor_digests
,
4378 const char *prepend_annotations
)
4380 smartlist_t
*routers
= smartlist_new(), *changed
= smartlist_new();
4381 char fp
[HEX_DIGEST_LEN
+1];
4383 int from_cache
= (saved_location
!= SAVED_NOWHERE
);
4384 int allow_annotations
= (saved_location
!= SAVED_NOWHERE
);
4385 int any_changed
= 0;
4386 smartlist_t
*invalid_digests
= smartlist_new();
4388 router_parse_list_from_string(&s
, eos
, routers
, saved_location
, 0,
4389 allow_annotations
, prepend_annotations
,
4392 routers_update_status_from_consensus_networkstatus(routers
, !from_cache
);
4394 log_info(LD_DIR
, "%d elements to add", smartlist_len(routers
));
4396 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
4397 was_router_added_t r
;
4399 if (requested_fingerprints
) {
4400 base16_encode(fp
, sizeof(fp
), descriptor_digests
?
4401 ri
->cache_info
.signed_descriptor_digest
:
4402 ri
->cache_info
.identity_digest
,
4404 if (smartlist_contains_string(requested_fingerprints
, fp
)) {
4405 smartlist_string_remove(requested_fingerprints
, fp
);
4408 smartlist_join_strings(requested_fingerprints
," ",0,NULL
);
4410 "We received a router descriptor with a fingerprint (%s) "
4411 "that we never requested. (We asked for: %s.) Dropping.",
4413 tor_free(requested
);
4414 routerinfo_free(ri
);
4419 memcpy(d
, ri
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
4420 r
= router_add_to_routerlist(ri
, &msg
, from_cache
, !from_cache
);
4421 if (WRA_WAS_ADDED(r
)) {
4423 smartlist_add(changed
, ri
);
4424 routerlist_descriptors_added(changed
, from_cache
);
4425 smartlist_clear(changed
);
4426 } else if (WRA_NEVER_DOWNLOADABLE(r
)) {
4427 download_status_t
*dl_status
;
4428 dl_status
= router_get_dl_status_by_descriptor_digest(d
);
4430 log_info(LD_GENERAL
, "Marking router %s as never downloadable",
4431 hex_str(d
, DIGEST_LEN
));
4432 download_status_mark_impossible(dl_status
);
4435 } SMARTLIST_FOREACH_END(ri
);
4437 SMARTLIST_FOREACH_BEGIN(invalid_digests
, const uint8_t *, bad_digest
) {
4438 /* This digest is never going to be parseable. */
4439 base16_encode(fp
, sizeof(fp
), (char*)bad_digest
, DIGEST_LEN
);
4440 if (requested_fingerprints
&& descriptor_digests
) {
4441 if (! smartlist_contains_string(requested_fingerprints
, fp
)) {
4442 /* But we didn't ask for it, so we should assume shennanegans. */
4445 smartlist_string_remove(requested_fingerprints
, fp
);
4447 download_status_t
*dls
;
4448 dls
= router_get_dl_status_by_descriptor_digest((char*)bad_digest
);
4450 log_info(LD_GENERAL
, "Marking router with descriptor %s as unparseable, "
4451 "and therefore undownloadable", fp
);
4452 download_status_mark_impossible(dls
);
4454 } SMARTLIST_FOREACH_END(bad_digest
);
4455 SMARTLIST_FOREACH(invalid_digests
, uint8_t *, d
, tor_free(d
));
4456 smartlist_free(invalid_digests
);
4458 routerlist_assert_ok(routerlist
);
4461 router_rebuild_store(0, &routerlist
->desc_store
);
4463 smartlist_free(routers
);
4464 smartlist_free(changed
);
4469 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4470 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4471 * router_load_routers_from_string(). */
4473 router_load_extrainfo_from_string(const char *s
, const char *eos
,
4474 saved_location_t saved_location
,
4475 smartlist_t
*requested_fingerprints
,
4476 int descriptor_digests
)
4478 smartlist_t
*extrainfo_list
= smartlist_new();
4480 int from_cache
= (saved_location
!= SAVED_NOWHERE
);
4481 smartlist_t
*invalid_digests
= smartlist_new();
4483 router_parse_list_from_string(&s
, eos
, extrainfo_list
, saved_location
, 1, 0,
4484 NULL
, invalid_digests
);
4486 log_info(LD_DIR
, "%d elements to add", smartlist_len(extrainfo_list
));
4488 SMARTLIST_FOREACH_BEGIN(extrainfo_list
, extrainfo_t
*, ei
) {
4489 uint8_t d
[DIGEST_LEN
];
4490 memcpy(d
, ei
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
4491 was_router_added_t added
=
4492 router_add_extrainfo_to_routerlist(ei
, &msg
, from_cache
, !from_cache
);
4493 if (WRA_WAS_ADDED(added
) && requested_fingerprints
) {
4494 char fp
[HEX_DIGEST_LEN
+1];
4495 base16_encode(fp
, sizeof(fp
), descriptor_digests
?
4496 ei
->cache_info
.signed_descriptor_digest
:
4497 ei
->cache_info
.identity_digest
,
4499 smartlist_string_remove(requested_fingerprints
, fp
);
4500 /* We silently let people stuff us with extrainfos we didn't ask for,
4501 * so long as we would have wanted them anyway. Since we always fetch
4502 * all the extrainfos we want, and we never actually act on them
4503 * inside Tor, this should be harmless. */
4504 } else if (WRA_NEVER_DOWNLOADABLE(added
)) {
4505 signed_descriptor_t
*sd
= router_get_by_extrainfo_digest((char*)d
);
4507 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
4508 "unparseable, and therefore undownloadable",
4509 hex_str((char*)d
,DIGEST_LEN
));
4510 download_status_mark_impossible(&sd
->ei_dl_status
);
4513 } SMARTLIST_FOREACH_END(ei
);
4515 SMARTLIST_FOREACH_BEGIN(invalid_digests
, const uint8_t *, bad_digest
) {
4516 /* This digest is never going to be parseable. */
4517 char fp
[HEX_DIGEST_LEN
+1];
4518 base16_encode(fp
, sizeof(fp
), (char*)bad_digest
, DIGEST_LEN
);
4519 if (requested_fingerprints
) {
4520 if (! smartlist_contains_string(requested_fingerprints
, fp
)) {
4521 /* But we didn't ask for it, so we should assume shennanegans. */
4524 smartlist_string_remove(requested_fingerprints
, fp
);
4526 signed_descriptor_t
*sd
=
4527 router_get_by_extrainfo_digest((char*)bad_digest
);
4529 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
4530 "unparseable, and therefore undownloadable", fp
);
4531 download_status_mark_impossible(&sd
->ei_dl_status
);
4533 } SMARTLIST_FOREACH_END(bad_digest
);
4534 SMARTLIST_FOREACH(invalid_digests
, uint8_t *, d
, tor_free(d
));
4535 smartlist_free(invalid_digests
);
4537 routerlist_assert_ok(routerlist
);
4538 router_rebuild_store(0, &router_get_routerlist()->extrainfo_store
);
4540 smartlist_free(extrainfo_list
);
4543 /** Return true iff any networkstatus includes a descriptor whose digest
4544 * is that of <b>desc</b>. */
4546 signed_desc_digest_is_recognized(signed_descriptor_t
*desc
)
4548 const routerstatus_t
*rs
;
4549 networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
4552 rs
= networkstatus_vote_find_entry(consensus
, desc
->identity_digest
);
4553 if (rs
&& tor_memeq(rs
->descriptor_digest
,
4554 desc
->signed_descriptor_digest
, DIGEST_LEN
))
4560 /** Update downloads for router descriptors and/or microdescriptors as
4563 update_all_descriptor_downloads(time_t now
)
4565 if (get_options()->DisableNetwork
)
4567 update_router_descriptor_downloads(now
);
4568 update_microdesc_downloads(now
);
4569 launch_dummy_descriptor_download_as_needed(now
, get_options());
4572 /** Clear all our timeouts for fetching v3 directory stuff, and then
4573 * give it all a try again. */
4575 routerlist_retry_directory_downloads(time_t now
)
4579 log_debug(LD_GENERAL
,
4580 "In routerlist_retry_directory_downloads()");
4582 router_reset_status_download_failures();
4583 router_reset_descriptor_download_failures();
4584 reschedule_directory_downloads();
4587 /** Return true iff <b>router</b> does not permit exit streams.
4590 router_exit_policy_rejects_all(const routerinfo_t
*router
)
4592 return router
->policy_is_reject_star
;
4595 /** Create an directory server at <b>address</b>:<b>port</b>, with OR identity
4596 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4597 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4598 * the new directory server entry on success or NULL on failure. */
4599 static dir_server_t
*
4600 dir_server_new(int is_authority
,
4601 const char *nickname
,
4602 const tor_addr_t
*addr
,
4603 const char *hostname
,
4604 uint16_t dir_port
, uint16_t or_port
,
4605 const tor_addr_port_t
*addrport_ipv6
,
4606 const char *digest
, const char *v3_auth_digest
,
4607 dirinfo_type_t type
,
4612 char *hostname_
= NULL
;
4619 if (tor_addr_family(addr
) == AF_INET
)
4620 a
= tor_addr_to_ipv4h(addr
);
4625 hostname_
= tor_addr_to_str_dup(addr
);
4627 hostname_
= tor_strdup(hostname
);
4629 ent
= tor_malloc_zero(sizeof(dir_server_t
));
4630 ent
->nickname
= nickname
? tor_strdup(nickname
) : NULL
;
4631 ent
->address
= hostname_
;
4633 ent
->dir_port
= dir_port
;
4634 ent
->or_port
= or_port
;
4635 ent
->is_running
= 1;
4636 ent
->is_authority
= is_authority
;
4638 ent
->weight
= weight
;
4639 if (addrport_ipv6
) {
4640 if (tor_addr_family(&addrport_ipv6
->addr
) != AF_INET6
) {
4641 log_warn(LD_BUG
, "Hey, I got a non-ipv6 addr as addrport_ipv6.");
4642 tor_addr_make_unspec(&ent
->ipv6_addr
);
4644 tor_addr_copy(&ent
->ipv6_addr
, &addrport_ipv6
->addr
);
4645 ent
->ipv6_orport
= addrport_ipv6
->port
;
4648 tor_addr_make_unspec(&ent
->ipv6_addr
);
4651 memcpy(ent
->digest
, digest
, DIGEST_LEN
);
4652 if (v3_auth_digest
&& (type
& V3_DIRINFO
))
4653 memcpy(ent
->v3_identity_digest
, v3_auth_digest
, DIGEST_LEN
);
4656 tor_asprintf(&ent
->description
, "directory server \"%s\" at %s:%d",
4657 nickname
, hostname_
, (int)dir_port
);
4659 tor_asprintf(&ent
->description
, "directory server at %s:%d",
4660 hostname_
, (int)dir_port
);
4662 ent
->fake_status
.addr
= ent
->addr
;
4663 tor_addr_copy(&ent
->fake_status
.ipv6_addr
, &ent
->ipv6_addr
);
4664 memcpy(ent
->fake_status
.identity_digest
, digest
, DIGEST_LEN
);
4666 strlcpy(ent
->fake_status
.nickname
, nickname
,
4667 sizeof(ent
->fake_status
.nickname
));
4669 ent
->fake_status
.nickname
[0] = '\0';
4670 ent
->fake_status
.dir_port
= ent
->dir_port
;
4671 ent
->fake_status
.or_port
= ent
->or_port
;
4672 ent
->fake_status
.ipv6_orport
= ent
->ipv6_orport
;
4677 /** Create an authoritative directory server at
4678 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4679 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4680 * server entry on success or NULL if we couldn't add it. */
4682 trusted_dir_server_new(const char *nickname
, const char *address
,
4683 uint16_t dir_port
, uint16_t or_port
,
4684 const tor_addr_port_t
*ipv6_addrport
,
4685 const char *digest
, const char *v3_auth_digest
,
4686 dirinfo_type_t type
, double weight
)
4690 char *hostname
=NULL
;
4691 dir_server_t
*result
;
4693 if (!address
) { /* The address is us; we should guess. */
4694 if (resolve_my_address(LOG_WARN
, get_options(),
4695 &a
, NULL
, &hostname
) < 0) {
4697 "Couldn't find a suitable address when adding ourself as a "
4698 "trusted directory server.");
4702 hostname
= tor_dup_ip(a
);
4704 if (tor_lookup_hostname(address
, &a
)) {
4706 "Unable to lookup address for directory server at '%s'",
4710 hostname
= tor_strdup(address
);
4712 tor_addr_from_ipv4h(&addr
, a
);
4714 result
= dir_server_new(1, nickname
, &addr
, hostname
,
4718 v3_auth_digest
, type
, weight
);
4723 /** Return a new dir_server_t for a fallback directory server at
4724 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4725 * <b>id_digest</b> */
4727 fallback_dir_server_new(const tor_addr_t
*addr
,
4728 uint16_t dir_port
, uint16_t or_port
,
4729 const tor_addr_port_t
*addrport_ipv6
,
4730 const char *id_digest
, double weight
)
4732 return dir_server_new(0, NULL
, addr
, NULL
, dir_port
, or_port
,
4735 NULL
, ALL_DIRINFO
, weight
);
4738 /** Add a directory server to the global list(s). */
4740 dir_server_add(dir_server_t
*ent
)
4742 if (!trusted_dir_servers
)
4743 trusted_dir_servers
= smartlist_new();
4744 if (!fallback_dir_servers
)
4745 fallback_dir_servers
= smartlist_new();
4747 if (ent
->is_authority
)
4748 smartlist_add(trusted_dir_servers
, ent
);
4750 smartlist_add(fallback_dir_servers
, ent
);
4751 router_dir_info_changed();
4754 /** Free storage held in <b>cert</b>. */
4756 authority_cert_free(authority_cert_t
*cert
)
4761 tor_free(cert
->cache_info
.signed_descriptor_body
);
4762 crypto_pk_free(cert
->signing_key
);
4763 crypto_pk_free(cert
->identity_key
);
4768 /** Free storage held in <b>ds</b>. */
4770 dir_server_free(dir_server_t
*ds
)
4775 tor_free(ds
->nickname
);
4776 tor_free(ds
->description
);
4777 tor_free(ds
->address
);
4781 /** Remove all members from the list of dir servers. */
4783 clear_dir_servers(void)
4785 if (fallback_dir_servers
) {
4786 SMARTLIST_FOREACH(fallback_dir_servers
, dir_server_t
*, ent
,
4787 dir_server_free(ent
));
4788 smartlist_clear(fallback_dir_servers
);
4790 fallback_dir_servers
= smartlist_new();
4792 if (trusted_dir_servers
) {
4793 smartlist_clear(trusted_dir_servers
);
4795 trusted_dir_servers
= smartlist_new();
4797 router_dir_info_changed();
4800 /** For every current directory connection whose purpose is <b>purpose</b>,
4801 * and where the resource being downloaded begins with <b>prefix</b>, split
4802 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4803 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4804 * corresponding elements of <b>result</b> to a nonzero value.
4807 list_pending_downloads(digestmap_t
*result
, digest256map_t
*result256
,
4808 int purpose
, const char *prefix
)
4810 const size_t p_len
= strlen(prefix
);
4811 smartlist_t
*tmp
= smartlist_new();
4812 smartlist_t
*conns
= get_connection_array();
4813 int flags
= DSR_HEX
;
4814 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
)
4815 flags
= DSR_DIGEST256
|DSR_BASE64
;
4817 tor_assert(result
|| result256
);
4819 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
4820 if (conn
->type
== CONN_TYPE_DIR
&&
4821 conn
->purpose
== purpose
&&
4822 !conn
->marked_for_close
) {
4823 const char *resource
= TO_DIR_CONN(conn
)->requested_resource
;
4824 if (!strcmpstart(resource
, prefix
))
4825 dir_split_resource_into_fingerprints(resource
+ p_len
,
4828 } SMARTLIST_FOREACH_END(conn
);
4831 SMARTLIST_FOREACH(tmp
, char *, d
,
4833 digestmap_set(result
, d
, (void*)1);
4836 } else if (result256
) {
4837 SMARTLIST_FOREACH(tmp
, uint8_t *, d
,
4839 digest256map_set(result256
, d
, (void*)1);
4843 smartlist_free(tmp
);
4846 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4847 * true) we are currently downloading by descriptor digest, set result[d] to
4850 list_pending_descriptor_downloads(digestmap_t
*result
, int extrainfo
)
4853 extrainfo
? DIR_PURPOSE_FETCH_EXTRAINFO
: DIR_PURPOSE_FETCH_SERVERDESC
;
4854 list_pending_downloads(result
, NULL
, purpose
, "d/");
4857 /** For every microdescriptor we are currently downloading by descriptor
4858 * digest, set result[d] to (void*)1.
4861 list_pending_microdesc_downloads(digest256map_t
*result
)
4863 list_pending_downloads(NULL
, result
, DIR_PURPOSE_FETCH_MICRODESC
, "d/");
4866 /** For every certificate we are currently downloading by (identity digest,
4867 * signing key digest) pair, set result[fp_pair] to (void *1).
4870 list_pending_fpsk_downloads(fp_pair_map_t
*result
)
4872 const char *pfx
= "fp-sk/";
4875 const char *resource
;
4879 tmp
= smartlist_new();
4880 conns
= get_connection_array();
4882 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
4883 if (conn
->type
== CONN_TYPE_DIR
&&
4884 conn
->purpose
== DIR_PURPOSE_FETCH_CERTIFICATE
&&
4885 !conn
->marked_for_close
) {
4886 resource
= TO_DIR_CONN(conn
)->requested_resource
;
4887 if (!strcmpstart(resource
, pfx
))
4888 dir_split_resource_into_fingerprint_pairs(resource
+ strlen(pfx
),
4891 } SMARTLIST_FOREACH_END(conn
);
4893 SMARTLIST_FOREACH_BEGIN(tmp
, fp_pair_t
*, fp
) {
4894 fp_pair_map_set(result
, fp
, (void*)1);
4896 } SMARTLIST_FOREACH_END(fp
);
4898 smartlist_free(tmp
);
4901 /** Launch downloads for all the descriptors whose digests or digests256
4902 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4903 * range.) If <b>source</b> is given, download from <b>source</b>;
4904 * otherwise, download from an appropriate random directory server.
4906 MOCK_IMPL(STATIC
void, initiate_descriptor_downloads
,
4907 (const routerstatus_t
*source
, int purpose
, smartlist_t
*digests
,
4908 int lo
, int hi
, int pds_flags
))
4910 char *resource
, *cp
;
4911 int digest_len
, enc_digest_len
;
4916 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
) {
4917 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4918 * 256-bit digests. */
4919 digest_len
= DIGEST256_LEN
;
4920 enc_digest_len
= BASE64_DIGEST256_LEN
+ 1;
4924 digest_len
= DIGEST_LEN
;
4925 enc_digest_len
= HEX_DIGEST_LEN
+ 1;
4932 if (hi
> smartlist_len(digests
))
4933 hi
= smartlist_len(digests
);
4938 tmp
= smartlist_new();
4940 for (; lo
< hi
; ++lo
) {
4941 cp
= tor_malloc(enc_digest_len
);
4943 digest256_to_base64(cp
, smartlist_get(digests
, lo
));
4945 base16_encode(cp
, enc_digest_len
, smartlist_get(digests
, lo
),
4948 smartlist_add(tmp
, cp
);
4951 cp
= smartlist_join_strings(tmp
, sep
, 0, NULL
);
4952 tor_asprintf(&resource
, "d/%s.z", cp
);
4954 SMARTLIST_FOREACH(tmp
, char *, cp1
, tor_free(cp1
));
4955 smartlist_free(tmp
);
4959 /* We know which authority or directory mirror we want. */
4960 directory_initiate_command_routerstatus(source
, purpose
,
4961 ROUTER_PURPOSE_GENERAL
,
4963 resource
, NULL
, 0, 0);
4965 directory_get_from_dirserver(purpose
, ROUTER_PURPOSE_GENERAL
, resource
,
4966 pds_flags
, DL_WANT_ANY_DIRSERVER
);
4971 /** Return the max number of hashes to put in a URL for a given request.
4974 max_dl_per_request(const or_options_t
*options
, int purpose
)
4976 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4977 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4978 * /tor/server/d/.z) == 4026
4979 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4980 * So use 96 because it's a nice number.
4982 * For microdescriptors, the calculation is
4983 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4984 * /tor/micro/d/.z) == 4027
4985 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4986 * So use 90 because it's a nice number.
4989 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
) {
4992 /* If we're going to tunnel our connections, we can ask for a lot more
4994 if (directory_must_use_begindir(options
)) {
5000 /** Don't split our requests so finely that we are requesting fewer than
5001 * this number per server. */
5002 #define MIN_DL_PER_REQUEST 4
5003 /** To prevent a single screwy cache from confusing us by selective reply,
5004 * try to split our requests into at least this many requests. */
5005 #define MIN_REQUESTS 3
5006 /** If we want fewer than this many descriptors, wait until we
5007 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
5008 #define MAX_DL_TO_DELAY 16
5010 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
5011 * router descriptor digests or microdescriptor digest256s in
5012 * <b>downloadable</b>, decide whether to delay fetching until we have more.
5013 * If we don't want to delay, launch one or more requests to the appropriate
5014 * directory authorities.
5017 launch_descriptor_downloads(int purpose
,
5018 smartlist_t
*downloadable
,
5019 const routerstatus_t
*source
, time_t now
)
5021 const or_options_t
*options
= get_options();
5022 const char *descname
;
5023 const int fetch_microdesc
= (purpose
== DIR_PURPOSE_FETCH_MICRODESC
);
5024 int n_downloadable
= smartlist_len(downloadable
);
5026 int i
, n_per_request
, max_dl_per_req
;
5027 const char *req_plural
= "", *rtr_plural
= "";
5028 int pds_flags
= PDS_RETRY_IF_NO_SERVERS
;
5030 tor_assert(fetch_microdesc
|| purpose
== DIR_PURPOSE_FETCH_SERVERDESC
);
5031 descname
= fetch_microdesc
? "microdesc" : "routerdesc";
5033 if (!n_downloadable
)
5036 if (!directory_fetches_dir_info_early(options
)) {
5037 if (n_downloadable
>= MAX_DL_TO_DELAY
) {
5039 "There are enough downloadable %ss to launch requests.",
5041 } else if (! router_have_minimum_dir_info()) {
5043 "We are only missing %d %ss, but we'll fetch anyway, since "
5044 "we don't yet have enough directory info.",
5045 n_downloadable
, descname
);
5049 if ((last_descriptor_download_attempted
+
5050 options
->TestingClientMaxIntervalWithoutRequest
) > now
)
5053 if (last_descriptor_download_attempted
) {
5055 "There are not many downloadable %ss, but we've "
5056 "been waiting long enough (%d seconds). Downloading.",
5058 (int)(now
-last_descriptor_download_attempted
));
5061 "There are not many downloadable %ss, but we haven't "
5062 "tried downloading descriptors recently. Downloading.",
5068 if (!authdir_mode_any_nonhidserv(options
)) {
5069 /* If we wind up going to the authorities, we want to only open one
5070 * connection to each authority at a time, so that we don't overload
5071 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5072 * regardless of whether we're a cache or not.
5074 * Setting this flag can make initiate_descriptor_downloads() ignore
5075 * requests. We need to make sure that we do in fact call
5076 * update_router_descriptor_downloads() later on, once the connections
5077 * have succeeded or failed.
5079 pds_flags
|= fetch_microdesc
?
5080 PDS_NO_EXISTING_MICRODESC_FETCH
:
5081 PDS_NO_EXISTING_SERVERDESC_FETCH
;
5084 n_per_request
= CEIL_DIV(n_downloadable
, MIN_REQUESTS
);
5085 max_dl_per_req
= max_dl_per_request(options
, purpose
);
5087 if (n_per_request
> max_dl_per_req
)
5088 n_per_request
= max_dl_per_req
;
5090 if (n_per_request
< MIN_DL_PER_REQUEST
)
5091 n_per_request
= MIN_DL_PER_REQUEST
;
5093 if (n_downloadable
> n_per_request
)
5094 req_plural
= rtr_plural
= "s";
5095 else if (n_downloadable
> 1)
5099 "Launching %d request%s for %d %s%s, %d at a time",
5100 CEIL_DIV(n_downloadable
, n_per_request
), req_plural
,
5101 n_downloadable
, descname
, rtr_plural
, n_per_request
);
5102 smartlist_sort_digests(downloadable
);
5103 for (i
=0; i
< n_downloadable
; i
+= n_per_request
) {
5104 initiate_descriptor_downloads(source
, purpose
,
5105 downloadable
, i
, i
+n_per_request
,
5108 last_descriptor_download_attempted
= now
;
5111 /** For any descriptor that we want that's currently listed in
5112 * <b>consensus</b>, download it as appropriate. */
5114 update_consensus_router_descriptor_downloads(time_t now
, int is_vote
,
5115 networkstatus_t
*consensus
)
5117 const or_options_t
*options
= get_options();
5118 digestmap_t
*map
= NULL
;
5119 smartlist_t
*no_longer_old
= smartlist_new();
5120 smartlist_t
*downloadable
= smartlist_new();
5121 routerstatus_t
*source
= NULL
;
5122 int authdir
= authdir_mode(options
);
5123 int n_delayed
=0, n_have
=0, n_would_reject
=0, n_wouldnt_use
=0,
5124 n_inprogress
=0, n_in_oldrouters
=0;
5126 if (directory_too_idle_to_fetch_descriptors(options
, now
))
5132 /* where's it from, so we know whom to ask for descriptors */
5134 networkstatus_voter_info_t
*voter
= smartlist_get(consensus
->voters
, 0);
5136 ds
= trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
);
5138 source
= &(ds
->fake_status
);
5140 log_warn(LD_DIR
, "couldn't lookup source from vote?");
5143 map
= digestmap_new();
5144 list_pending_descriptor_downloads(map
, 0);
5145 SMARTLIST_FOREACH_BEGIN(consensus
->routerstatus_list
, void *, rsp
) {
5146 routerstatus_t
*rs
=
5147 is_vote
? &(((vote_routerstatus_t
*)rsp
)->status
) : rsp
;
5148 signed_descriptor_t
*sd
;
5149 if ((sd
= router_get_by_descriptor_digest(rs
->descriptor_digest
))) {
5150 const routerinfo_t
*ri
;
5152 if (!(ri
= router_get_by_id_digest(rs
->identity_digest
)) ||
5153 tor_memneq(ri
->cache_info
.signed_descriptor_digest
,
5154 sd
->signed_descriptor_digest
, DIGEST_LEN
)) {
5155 /* We have a descriptor with this digest, but either there is no
5156 * entry in routerlist with the same ID (!ri), or there is one,
5157 * but the identity digest differs (memneq).
5159 smartlist_add(no_longer_old
, sd
);
5160 ++n_in_oldrouters
; /* We have it in old_routers. */
5162 continue; /* We have it already. */
5164 if (digestmap_get(map
, rs
->descriptor_digest
)) {
5166 continue; /* We have an in-progress download. */
5168 if (!download_status_is_ready(&rs
->dl_status
, now
,
5169 options
->TestingDescriptorMaxDownloadTries
)) {
5170 ++n_delayed
; /* Not ready for retry. */
5173 if (authdir
&& dirserv_would_reject_router(rs
)) {
5175 continue; /* We would throw it out immediately. */
5177 if (!directory_caches_dir_info(options
) &&
5178 !client_would_use_router(rs
, now
, options
)) {
5180 continue; /* We would never use it ourself. */
5182 if (is_vote
&& source
) {
5183 char time_bufnew
[ISO_TIME_LEN
+1];
5184 char time_bufold
[ISO_TIME_LEN
+1];
5185 const routerinfo_t
*oldrouter
;
5186 oldrouter
= router_get_by_id_digest(rs
->identity_digest
);
5187 format_iso_time(time_bufnew
, rs
->published_on
);
5189 format_iso_time(time_bufold
, oldrouter
->cache_info
.published_on
);
5190 log_info(LD_DIR
, "Learned about %s (%s vs %s) from %s's vote (%s)",
5191 routerstatus_describe(rs
),
5193 oldrouter
? time_bufold
: "none",
5194 source
->nickname
, oldrouter
? "known" : "unknown");
5196 smartlist_add(downloadable
, rs
->descriptor_digest
);
5197 } SMARTLIST_FOREACH_END(rsp
);
5199 if (!authdir_mode_handles_descs(options
, ROUTER_PURPOSE_GENERAL
)
5200 && smartlist_len(no_longer_old
)) {
5201 routerlist_t
*rl
= router_get_routerlist();
5202 log_info(LD_DIR
, "%d router descriptors listed in consensus are "
5203 "currently in old_routers; making them current.",
5204 smartlist_len(no_longer_old
));
5205 SMARTLIST_FOREACH_BEGIN(no_longer_old
, signed_descriptor_t
*, sd
) {
5207 was_router_added_t r
;
5208 routerinfo_t
*ri
= routerlist_reparse_old(rl
, sd
);
5210 log_warn(LD_BUG
, "Failed to re-parse a router.");
5213 r
= router_add_to_routerlist(ri
, &msg
, 1, 0);
5214 if (WRA_WAS_OUTDATED(r
)) {
5215 log_warn(LD_DIR
, "Couldn't add re-parsed router: %s",
5218 } SMARTLIST_FOREACH_END(sd
);
5219 routerlist_assert_ok(rl
);
5223 "%d router descriptors downloadable. %d delayed; %d present "
5224 "(%d of those were in old_routers); %d would_reject; "
5225 "%d wouldnt_use; %d in progress.",
5226 smartlist_len(downloadable
), n_delayed
, n_have
, n_in_oldrouters
,
5227 n_would_reject
, n_wouldnt_use
, n_inprogress
);
5229 launch_descriptor_downloads(DIR_PURPOSE_FETCH_SERVERDESC
,
5230 downloadable
, source
, now
);
5232 digestmap_free(map
, NULL
);
5234 smartlist_free(downloadable
);
5235 smartlist_free(no_longer_old
);
5238 /** How often should we launch a server/authority request to be sure of getting
5239 * a guess for our IP? */
5240 /*XXXX+ this info should come from netinfo cells or something, or we should
5241 * do this only when we aren't seeing incoming data. see bug 652. */
5242 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5244 /** As needed, launch a dummy router descriptor fetch to see if our
5245 * address has changed. */
5247 launch_dummy_descriptor_download_as_needed(time_t now
,
5248 const or_options_t
*options
)
5250 static time_t last_dummy_download
= 0;
5251 /* XXXX+ we could be smarter here; see notes on bug 652. */
5252 /* If we're a server that doesn't have a configured address, we rely on
5253 * directory fetches to learn when our address changes. So if we haven't
5254 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5255 if (!options
->Address
&&
5256 server_mode(options
) &&
5257 last_descriptor_download_attempted
+ DUMMY_DOWNLOAD_INTERVAL
< now
&&
5258 last_dummy_download
+ DUMMY_DOWNLOAD_INTERVAL
< now
) {
5259 last_dummy_download
= now
;
5260 /* XX/teor - do we want an authority here, because they are less likely
5261 * to give us the wrong address? (See #17782)
5262 * I'm leaving the previous behaviour intact, because I don't like
5263 * the idea of some relays contacting an authority every 20 minutes. */
5264 directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC
,
5265 ROUTER_PURPOSE_GENERAL
, "authority.z",
5266 PDS_RETRY_IF_NO_SERVERS
,
5267 DL_WANT_ANY_DIRSERVER
);
5271 /** Launch downloads for router status as needed. */
5273 update_router_descriptor_downloads(time_t now
)
5275 const or_options_t
*options
= get_options();
5276 if (should_delay_dir_fetches(options
, NULL
))
5278 if (!we_fetch_router_descriptors(options
))
5281 update_consensus_router_descriptor_downloads(now
, 0,
5282 networkstatus_get_reasonably_live_consensus(now
, FLAV_NS
));
5285 /** Launch extrainfo downloads as needed. */
5287 update_extrainfo_downloads(time_t now
)
5289 const or_options_t
*options
= get_options();
5291 smartlist_t
*wanted
;
5292 digestmap_t
*pending
;
5293 int old_routers
, i
, max_dl_per_req
;
5294 int n_no_ei
= 0, n_pending
= 0, n_have
= 0, n_delay
= 0, n_bogus
[2] = {0,0};
5295 if (! options
->DownloadExtraInfo
)
5297 if (should_delay_dir_fetches(options
, NULL
))
5299 if (!router_have_minimum_dir_info())
5302 pending
= digestmap_new();
5303 list_pending_descriptor_downloads(pending
, 1);
5304 rl
= router_get_routerlist();
5305 wanted
= smartlist_new();
5306 for (old_routers
= 0; old_routers
< 2; ++old_routers
) {
5307 smartlist_t
*lst
= old_routers
? rl
->old_routers
: rl
->routers
;
5308 for (i
= 0; i
< smartlist_len(lst
); ++i
) {
5309 signed_descriptor_t
*sd
;
5312 sd
= smartlist_get(lst
, i
);
5314 sd
= &((routerinfo_t
*)smartlist_get(lst
, i
))->cache_info
;
5315 if (sd
->is_extrainfo
)
5316 continue; /* This should never happen. */
5317 if (old_routers
&& !router_get_by_id_digest(sd
->identity_digest
))
5318 continue; /* Couldn't check the signature if we got it. */
5319 if (sd
->extrainfo_is_bogus
)
5321 d
= sd
->extra_info_digest
;
5322 if (tor_digest_is_zero(d
)) {
5326 if (eimap_get(rl
->extra_info_map
, d
)) {
5330 if (!download_status_is_ready(&sd
->ei_dl_status
, now
,
5331 options
->TestingDescriptorMaxDownloadTries
)) {
5335 if (digestmap_get(pending
, d
)) {
5340 const signed_descriptor_t
*sd2
= router_get_by_extrainfo_digest(d
);
5343 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
5344 char d3
[HEX_DIGEST_LEN
+1], d4
[HEX_DIGEST_LEN
+1];
5345 base16_encode(d1
, sizeof(d1
), sd
->identity_digest
, DIGEST_LEN
);
5346 base16_encode(d2
, sizeof(d2
), sd2
->identity_digest
, DIGEST_LEN
);
5347 base16_encode(d3
, sizeof(d3
), d
, DIGEST_LEN
);
5348 base16_encode(d4
, sizeof(d3
), sd2
->extra_info_digest
, DIGEST_LEN
);
5350 log_info(LD_DIR
, "Found an entry in %s with mismatched "
5351 "router_get_by_extrainfo_digest() value. This has ID %s "
5352 "but the entry in the map has ID %s. This has EI digest "
5353 "%s and the entry in the map has EI digest %s.",
5354 old_routers
?"old_routers":"routers",
5357 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
5358 base16_encode(d1
, sizeof(d1
), sd
->identity_digest
, DIGEST_LEN
);
5359 base16_encode(d2
, sizeof(d2
), d
, DIGEST_LEN
);
5361 log_info(LD_DIR
, "Found an entry in %s with NULL "
5362 "router_get_by_extrainfo_digest() value. This has ID %s "
5363 "and EI digest %s.",
5364 old_routers
?"old_routers":"routers",
5367 ++n_bogus
[old_routers
];
5370 smartlist_add(wanted
, d
);
5373 digestmap_free(pending
, NULL
);
5375 log_info(LD_DIR
, "Extrainfo download status: %d router with no ei, %d "
5376 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5377 "bogus in routers, %d bogus in old_routers",
5378 n_no_ei
, n_have
, n_delay
, n_pending
, smartlist_len(wanted
),
5379 n_bogus
[0], n_bogus
[1]);
5381 smartlist_shuffle(wanted
);
5383 max_dl_per_req
= max_dl_per_request(options
, DIR_PURPOSE_FETCH_EXTRAINFO
);
5384 for (i
= 0; i
< smartlist_len(wanted
); i
+= max_dl_per_req
) {
5385 initiate_descriptor_downloads(NULL
, DIR_PURPOSE_FETCH_EXTRAINFO
,
5386 wanted
, i
, i
+max_dl_per_req
,
5387 PDS_RETRY_IF_NO_SERVERS
|PDS_NO_EXISTING_SERVERDESC_FETCH
);
5390 smartlist_free(wanted
);
5393 /** Reset the descriptor download failure count on all routers, so that we
5394 * can retry any long-failed routers immediately.
5397 router_reset_descriptor_download_failures(void)
5399 log_debug(LD_GENERAL
,
5400 "In router_reset_descriptor_download_failures()");
5402 networkstatus_reset_download_failures();
5403 last_descriptor_download_attempted
= 0;
5406 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, ri
,
5408 download_status_reset(&ri
->cache_info
.ei_dl_status
);
5410 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
5412 download_status_reset(&sd
->ei_dl_status
);
5416 /** Any changes in a router descriptor's publication time larger than this are
5417 * automatically non-cosmetic. */
5418 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5420 /** We allow uptime to vary from how much it ought to be by this much. */
5421 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5423 /** Return true iff the only differences between r1 and r2 are such that
5424 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5427 router_differences_are_cosmetic(const routerinfo_t
*r1
, const routerinfo_t
*r2
)
5429 time_t r1pub
, r2pub
;
5430 long time_difference
;
5431 tor_assert(r1
&& r2
);
5433 /* r1 should be the one that was published first. */
5434 if (r1
->cache_info
.published_on
> r2
->cache_info
.published_on
) {
5435 const routerinfo_t
*ri_tmp
= r2
;
5440 /* If any key fields differ, they're different. */
5441 if (r1
->addr
!= r2
->addr
||
5442 strcasecmp(r1
->nickname
, r2
->nickname
) ||
5443 r1
->or_port
!= r2
->or_port
||
5444 !tor_addr_eq(&r1
->ipv6_addr
, &r2
->ipv6_addr
) ||
5445 r1
->ipv6_orport
!= r2
->ipv6_orport
||
5446 r1
->dir_port
!= r2
->dir_port
||
5447 r1
->purpose
!= r2
->purpose
||
5448 !crypto_pk_eq_keys(r1
->onion_pkey
, r2
->onion_pkey
) ||
5449 !crypto_pk_eq_keys(r1
->identity_pkey
, r2
->identity_pkey
) ||
5450 strcasecmp(r1
->platform
, r2
->platform
) ||
5451 (r1
->contact_info
&& !r2
->contact_info
) || /* contact_info is optional */
5452 (!r1
->contact_info
&& r2
->contact_info
) ||
5453 (r1
->contact_info
&& r2
->contact_info
&&
5454 strcasecmp(r1
->contact_info
, r2
->contact_info
)) ||
5455 r1
->is_hibernating
!= r2
->is_hibernating
||
5456 ! addr_policies_eq(r1
->exit_policy
, r2
->exit_policy
) ||
5457 (r1
->supports_tunnelled_dir_requests
!=
5458 r2
->supports_tunnelled_dir_requests
))
5460 if ((r1
->declared_family
== NULL
) != (r2
->declared_family
== NULL
))
5462 if (r1
->declared_family
&& r2
->declared_family
) {
5464 if (smartlist_len(r1
->declared_family
)!=smartlist_len(r2
->declared_family
))
5466 n
= smartlist_len(r1
->declared_family
);
5467 for (i
=0; i
< n
; ++i
) {
5468 if (strcasecmp(smartlist_get(r1
->declared_family
, i
),
5469 smartlist_get(r2
->declared_family
, i
)))
5474 /* Did bandwidth change a lot? */
5475 if ((r1
->bandwidthcapacity
< r2
->bandwidthcapacity
/2) ||
5476 (r2
->bandwidthcapacity
< r1
->bandwidthcapacity
/2))
5479 /* Did the bandwidthrate or bandwidthburst change? */
5480 if ((r1
->bandwidthrate
!= r2
->bandwidthrate
) ||
5481 (r1
->bandwidthburst
!= r2
->bandwidthburst
))
5484 /* Did more than 12 hours pass? */
5485 if (r1
->cache_info
.published_on
+ ROUTER_MAX_COSMETIC_TIME_DIFFERENCE
5486 < r2
->cache_info
.published_on
)
5489 /* Did uptime fail to increase by approximately the amount we would think,
5490 * give or take some slop? */
5491 r1pub
= r1
->cache_info
.published_on
;
5492 r2pub
= r2
->cache_info
.published_on
;
5493 time_difference
= labs(r2
->uptime
- (r1
->uptime
+ (r2pub
- r1pub
)));
5494 if (time_difference
> ROUTER_ALLOW_UPTIME_DRIFT
&&
5495 time_difference
> r1
->uptime
* .05 &&
5496 time_difference
> r2
->uptime
* .05)
5499 /* Otherwise, the difference is cosmetic. */
5503 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5504 * extrainfo document <b>ei</b>.
5506 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5507 * for the router. We use it to check the signature of the extrainfo document,
5508 * if it has not already been checked.
5510 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5511 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5512 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5513 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5514 * incompatibility (if any).
5516 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5517 * but the extrainfo was nonetheless incompatible.
5520 routerinfo_incompatible_with_extrainfo(const crypto_pk_t
*identity_pkey
,
5522 signed_descriptor_t
*sd
,
5525 int digest_matches
, digest256_matches
, r
=1;
5526 tor_assert(identity_pkey
);
5531 if (msg
) *msg
= "Extrainfo signature was bad, or signed with wrong key.";
5535 digest_matches
= tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5536 sd
->extra_info_digest
, DIGEST_LEN
);
5537 /* Set digest256_matches to 1 if the digest is correct, or if no
5538 * digest256 was in the ri. */
5539 digest256_matches
= tor_memeq(ei
->digest256
,
5540 sd
->extra_info_digest256
, DIGEST256_LEN
);
5541 digest256_matches
|=
5542 tor_mem_is_zero(sd
->extra_info_digest256
, DIGEST256_LEN
);
5544 /* The identity must match exactly to have been generated at the same time
5545 * by the same router. */
5546 if (tor_memneq(sd
->identity_digest
,
5547 ei
->cache_info
.identity_digest
,
5549 if (msg
) *msg
= "Extrainfo nickname or identity did not match routerinfo";
5550 goto err
; /* different servers */
5553 if (! tor_cert_opt_eq(sd
->signing_key_cert
,
5554 ei
->cache_info
.signing_key_cert
)) {
5555 if (msg
) *msg
= "Extrainfo signing key cert didn't match routerinfo";
5556 goto err
; /* different servers */
5559 if (ei
->pending_sig
) {
5560 char signed_digest
[128];
5561 if (crypto_pk_public_checksig(identity_pkey
,
5562 signed_digest
, sizeof(signed_digest
),
5563 ei
->pending_sig
, ei
->pending_sig_len
) != DIGEST_LEN
||
5564 tor_memneq(signed_digest
, ei
->cache_info
.signed_descriptor_digest
,
5567 tor_free(ei
->pending_sig
);
5568 if (msg
) *msg
= "Extrainfo signature bad, or signed with wrong key";
5569 goto err
; /* Bad signature, or no match. */
5572 ei
->cache_info
.send_unencrypted
= sd
->send_unencrypted
;
5573 tor_free(ei
->pending_sig
);
5576 if (ei
->cache_info
.published_on
< sd
->published_on
) {
5577 if (msg
) *msg
= "Extrainfo published time did not match routerdesc";
5579 } else if (ei
->cache_info
.published_on
> sd
->published_on
) {
5580 if (msg
) *msg
= "Extrainfo published time did not match routerdesc";
5585 if (!digest256_matches
&& !digest_matches
) {
5586 if (msg
) *msg
= "Neither digest256 or digest matched "
5587 "digest from routerdesc";
5591 if (!digest256_matches
) {
5592 if (msg
) *msg
= "Extrainfo digest did not match digest256 from routerdesc";
5593 goto err
; /* Digest doesn't match declared value. */
5596 if (!digest_matches
) {
5597 if (msg
) *msg
= "Extrainfo digest did not match value from routerdesc";
5598 goto err
; /* Digest doesn't match declared value. */
5603 if (digest_matches
) {
5604 /* This signature was okay, and the digest was right: This is indeed the
5605 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5606 * that lists it. Don't try to fetch this one again. */
5607 sd
->extrainfo_is_bogus
= 1;
5613 /* Does ri have a valid ntor onion key?
5614 * Valid ntor onion keys exist and have at least one non-zero byte. */
5616 routerinfo_has_curve25519_onion_key(const routerinfo_t
*ri
)
5622 if (!ri
->onion_curve25519_pkey
) {
5626 if (tor_mem_is_zero((const char*)ri
->onion_curve25519_pkey
->public_key
,
5627 CURVE25519_PUBKEY_LEN
)) {
5634 /* Is rs running a tor version known to support EXTEND2 cells?
5635 * If allow_unknown_versions is true, return true if we can't tell
5636 * (from a versions line or a protocols line) whether it supports extend2
5638 * Otherwise, return false if the version is unknown. */
5640 routerstatus_version_supports_extend2_cells(const routerstatus_t
*rs
,
5641 int allow_unknown_versions
)
5644 return allow_unknown_versions
;
5647 if (!rs
->protocols_known
) {
5648 return allow_unknown_versions
;
5651 return rs
->supports_extend2_cells
;
5654 /** Assert that the internal representation of <b>rl</b> is
5655 * self-consistent. */
5657 routerlist_assert_ok(const routerlist_t
*rl
)
5660 signed_descriptor_t
*sd2
;
5663 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, r
) {
5664 r2
= rimap_get(rl
->identity_map
, r
->cache_info
.identity_digest
);
5665 tor_assert(r
== r2
);
5666 sd2
= sdmap_get(rl
->desc_digest_map
,
5667 r
->cache_info
.signed_descriptor_digest
);
5668 tor_assert(&(r
->cache_info
) == sd2
);
5669 tor_assert(r
->cache_info
.routerlist_index
== r_sl_idx
);
5672 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5673 * commenting this out is just a band-aid.
5675 * The problem is that, although well-behaved router descriptors
5676 * should never have the same value for their extra_info_digest, it's
5677 * possible for ill-behaved routers to claim whatever they like there.
5679 * The real answer is to trash desc_by_eid_map and instead have
5680 * something that indicates for a given extra-info digest we want,
5681 * what its download status is. We'll do that as a part of routerlist
5682 * refactoring once consensus directories are in. For now,
5683 * this rep violation is probably harmless: an adversary can make us
5684 * reset our retry count for an extrainfo, but that's not the end
5685 * of the world. Changing the representation in 0.2.0.x would just
5686 * destabilize the codebase.
5687 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5688 signed_descriptor_t *sd3 =
5689 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5690 tor_assert(sd3 == &(r->cache_info));
5693 } SMARTLIST_FOREACH_END(r
);
5694 SMARTLIST_FOREACH_BEGIN(rl
->old_routers
, signed_descriptor_t
*, sd
) {
5695 r2
= rimap_get(rl
->identity_map
, sd
->identity_digest
);
5696 tor_assert(!r2
|| sd
!= &(r2
->cache_info
));
5697 sd2
= sdmap_get(rl
->desc_digest_map
, sd
->signed_descriptor_digest
);
5698 tor_assert(sd
== sd2
);
5699 tor_assert(sd
->routerlist_index
== sd_sl_idx
);
5701 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5702 signed_descriptor_t *sd3 =
5703 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5704 tor_assert(sd3 == sd);
5707 } SMARTLIST_FOREACH_END(sd
);
5709 RIMAP_FOREACH(rl
->identity_map
, d
, r
) {
5710 tor_assert(tor_memeq(r
->cache_info
.identity_digest
, d
, DIGEST_LEN
));
5711 } DIGESTMAP_FOREACH_END
;
5712 SDMAP_FOREACH(rl
->desc_digest_map
, d
, sd
) {
5713 tor_assert(tor_memeq(sd
->signed_descriptor_digest
, d
, DIGEST_LEN
));
5714 } DIGESTMAP_FOREACH_END
;
5715 SDMAP_FOREACH(rl
->desc_by_eid_map
, d
, sd
) {
5716 tor_assert(!tor_digest_is_zero(d
));
5718 tor_assert(tor_memeq(sd
->extra_info_digest
, d
, DIGEST_LEN
));
5719 } DIGESTMAP_FOREACH_END
;
5720 EIMAP_FOREACH(rl
->extra_info_map
, d
, ei
) {
5721 signed_descriptor_t
*sd
;
5722 tor_assert(tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5724 sd
= sdmap_get(rl
->desc_by_eid_map
,
5725 ei
->cache_info
.signed_descriptor_digest
);
5726 // tor_assert(sd); // XXXX see above
5728 tor_assert(tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5729 sd
->extra_info_digest
, DIGEST_LEN
));
5731 } DIGESTMAP_FOREACH_END
;
5734 /** Allocate and return a new string representing the contact info
5735 * and platform string for <b>router</b>,
5736 * surrounded by quotes and using standard C escapes.
5738 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5739 * thread. Also, each call invalidates the last-returned value, so don't
5740 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5742 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5745 esc_router_info(const routerinfo_t
*router
)
5747 static char *info
=NULL
;
5748 char *esc_contact
, *esc_platform
;
5752 return NULL
; /* we're exiting; just free the memory we use */
5754 esc_contact
= esc_for_log(router
->contact_info
);
5755 esc_platform
= esc_for_log(router
->platform
);
5757 tor_asprintf(&info
, "Contact %s, Platform %s", esc_contact
, esc_platform
);
5758 tor_free(esc_contact
);
5759 tor_free(esc_platform
);
5764 /** Helper for sorting: compare two routerinfos by their identity
5767 compare_routerinfo_by_id_digest_(const void **a
, const void **b
)
5769 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
5770 return fast_memcmp(first
->cache_info
.identity_digest
,
5771 second
->cache_info
.identity_digest
,
5775 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5777 routers_sort_by_identity(smartlist_t
*routers
)
5779 smartlist_sort(routers
, compare_routerinfo_by_id_digest_
);
5782 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5783 * recompute all country info in all configuration node sets and in the
5786 refresh_all_country_info(void)
5788 const or_options_t
*options
= get_options();
5790 if (options
->EntryNodes
)
5791 routerset_refresh_countries(options
->EntryNodes
);
5792 if (options
->ExitNodes
)
5793 routerset_refresh_countries(options
->ExitNodes
);
5794 if (options
->ExcludeNodes
)
5795 routerset_refresh_countries(options
->ExcludeNodes
);
5796 if (options
->ExcludeExitNodes
)
5797 routerset_refresh_countries(options
->ExcludeExitNodes
);
5798 if (options
->ExcludeExitNodesUnion_
)
5799 routerset_refresh_countries(options
->ExcludeExitNodesUnion_
);
5801 nodelist_refresh_countries();