search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'public/bug23985_029' into maint-0.2.9
[tor.git] / src / or / statefile.c
blob8fa4324b258ac66035b8c45c98d4fb406067f444
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file statefile.c
9 *
10 * \brief Handles parsing and encoding the persistent 'state' file that carries
11 * miscellaneous persistent state between Tor invocations.
12 *
13 * This 'state' file is a typed key-value store that allows multiple
14 * entries for the same key. It follows the same metaformat as described
15 * in confparse.c, and uses the same code to read and write itself.
16 *
17 * The state file is most suitable for small values that don't change too
18 * frequently. For values that become very large, we typically use a separate
19 * file -- for example, see how we handle microdescriptors, by storing them in
20 * a separate file with a journal.
21 *
22 * The current state is accessed via get_or_state(), which returns a singleton
23 * or_state_t object. Functions that change it should call
24 * or_state_mark_dirty() to ensure that it will get written to disk.
25 *
26 * The or_state_save() function additionally calls various functioens
27 * throughout Tor that might want to flush more state to the the disk,
28 * including some in rephist.c, entrynodes.c, circuitstats.c, hibernate.c.
29 */
30
31 #define STATEFILE_PRIVATE
32 #include "or.h"
33 #include "circuitstats.h"
34 #include "config.h"
35 #include "confparse.h"
36 #include "connection.h"
37 #include "entrynodes.h"
38 #include "hibernate.h"
39 #include "rephist.h"
40 #include "router.h"
41 #include "sandbox.h"
42 #include "statefile.h"
43
44 /** A list of state-file "abbreviations," for compatibility. */
45 static config_abbrev_t state_abbrevs_[] = {
46 { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 },
47 { "HelperNode", "EntryGuard", 0, 0 },
48 { "HelperNodeDownSince", "EntryGuardDownSince", 0, 0 },
49 { "HelperNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
50 { "EntryNode", "EntryGuard", 0, 0 },
51 { "EntryNodeDownSince", "EntryGuardDownSince", 0, 0 },
52 { "EntryNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
53 { NULL, NULL, 0, 0},
54 };
55
56 /*XXXX these next two are duplicates or near-duplicates from config.c */
57 #define VAR(name,conftype,member,initvalue) \
58 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_state_t, member), \
59 initvalue }
60 /** As VAR, but the option name and member name are the same. */
61 #define V(member,conftype,initvalue) \
62 VAR(#member, conftype, member, initvalue)
63
64 /** Array of "state" variables saved to the ~/.tor/state file. */
65 static config_var_t state_vars_[] = {
66 /* Remember to document these in state-contents.txt ! */
67
68 V(AccountingBytesReadInInterval, MEMUNIT, NULL),
69 V(AccountingBytesWrittenInInterval, MEMUNIT, NULL),
70 V(AccountingExpectedUsage, MEMUNIT, NULL),
71 V(AccountingIntervalStart, ISOTIME, NULL),
72 V(AccountingSecondsActive, INTERVAL, NULL),
73 V(AccountingSecondsToReachSoftLimit,INTERVAL, NULL),
74 V(AccountingSoftLimitHitAt, ISOTIME, NULL),
75 V(AccountingBytesAtSoftLimit, MEMUNIT, NULL),
76
77 VAR("EntryGuard", LINELIST_S, EntryGuards, NULL),
78 VAR("EntryGuardDownSince", LINELIST_S, EntryGuards, NULL),
79 VAR("EntryGuardUnlistedSince", LINELIST_S, EntryGuards, NULL),
80 VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL),
81 VAR("EntryGuardPathBias", LINELIST_S, EntryGuards, NULL),
82 VAR("EntryGuardPathUseBias", LINELIST_S, EntryGuards, NULL),
83 V(EntryGuards, LINELIST_V, NULL),
84
85 VAR("TransportProxy", LINELIST_S, TransportProxies, NULL),
86 V(TransportProxies, LINELIST_V, NULL),
87
88 V(BWHistoryReadEnds, ISOTIME, NULL),
89 V(BWHistoryReadInterval, UINT, "900"),
90 V(BWHistoryReadValues, CSV, ""),
91 V(BWHistoryReadMaxima, CSV, ""),
92 V(BWHistoryWriteEnds, ISOTIME, NULL),
93 V(BWHistoryWriteInterval, UINT, "900"),
94 V(BWHistoryWriteValues, CSV, ""),
95 V(BWHistoryWriteMaxima, CSV, ""),
96 V(BWHistoryDirReadEnds, ISOTIME, NULL),
97 V(BWHistoryDirReadInterval, UINT, "900"),
98 V(BWHistoryDirReadValues, CSV, ""),
99 V(BWHistoryDirReadMaxima, CSV, ""),
100 V(BWHistoryDirWriteEnds, ISOTIME, NULL),
101 V(BWHistoryDirWriteInterval, UINT, "900"),
102 V(BWHistoryDirWriteValues, CSV, ""),
103 V(BWHistoryDirWriteMaxima, CSV, ""),
104
105 V(TorVersion, STRING, NULL),
106
107 V(LastRotatedOnionKey, ISOTIME, NULL),
108 V(LastWritten, ISOTIME, NULL),
109
110 V(TotalBuildTimes, UINT, NULL),
111 V(CircuitBuildAbandonedCount, UINT, "0"),
112 VAR("CircuitBuildTimeBin", LINELIST_S, BuildtimeHistogram, NULL),
113 VAR("BuildtimeHistogram", LINELIST_V, BuildtimeHistogram, NULL),
114 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
115 };
116
117 #undef VAR
118 #undef V
119
120 static int or_state_validate(or_state_t *state, char **msg);
121
122 static int or_state_validate_cb(void *old_options, void *options,
123 void *default_options,
124 int from_setconf, char **msg);
125
126 /** Magic value for or_state_t. */
127 #define OR_STATE_MAGIC 0x57A73f57
128
129 /** "Extra" variable in the state that receives lines we can't parse. This
130 * lets us preserve options from versions of Tor newer than us. */
131 static config_var_t state_extra_var = {
132 "__extra", CONFIG_TYPE_LINELIST, STRUCT_OFFSET(or_state_t, ExtraLines), NULL
133 };
134
135 /** Configuration format for or_state_t. */
136 static const config_format_t state_format = {
137 sizeof(or_state_t),
138 OR_STATE_MAGIC,
139 STRUCT_OFFSET(or_state_t, magic_),
140 state_abbrevs_,
141 NULL,
142 state_vars_,
143 or_state_validate_cb,
144 &state_extra_var,
145 };
146
147 /** Persistent serialized state. */
148 static or_state_t *global_state = NULL;
149
150 /** Return the persistent state struct for this Tor. */
151 MOCK_IMPL(or_state_t *,
152 get_or_state, (void))
153 {
154 tor_assert(global_state);
155 return global_state;
156 }
157
158 /** Return true iff we have loaded the global state for this Tor */
159 int
160 or_state_loaded(void)
161 {
162 return global_state != NULL;
163 }
164
165 /** Return true if <b>line</b> is a valid state TransportProxy line.
166 * Return false otherwise. */
167 static int
168 state_transport_line_is_valid(const char *line)
169 {
170 smartlist_t *items = NULL;
171 char *addrport=NULL;
172 tor_addr_t addr;
173 uint16_t port = 0;
174 int r;
175
176 items = smartlist_new();
177 smartlist_split_string(items, line, NULL,
178 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
179
180 if (smartlist_len(items) != 2) {
181 log_warn(LD_CONFIG, "state: Not enough arguments in TransportProxy line.");
182 goto err;
183 }
184
185 addrport = smartlist_get(items, 1);
186 if (tor_addr_port_lookup(addrport, &addr, &port) < 0) {
187 log_warn(LD_CONFIG, "state: Could not parse addrport.");
188 goto err;
189 }
190
191 if (!port) {
192 log_warn(LD_CONFIG, "state: Transport line did not contain port.");
193 goto err;
194 }
195
196 r = 1;
197 goto done;
198
199 err:
200 r = 0;
201
202 done:
203 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
204 smartlist_free(items);
205 return r;
206 }
207
208 /** Return 0 if all TransportProxy lines in <b>state</b> are well
209 * formed. Otherwise, return -1. */
210 static int
211 validate_transports_in_state(or_state_t *state)
212 {
213 int broken = 0;
214 config_line_t *line;
215
216 for (line = state->TransportProxies ; line ; line = line->next) {
217 tor_assert(!strcmp(line->key, "TransportProxy"));
218 if (!state_transport_line_is_valid(line->value))
219 broken = 1;
220 }
221
222 if (broken)
223 log_warn(LD_CONFIG, "state: State file seems to be broken.");
224
225 return 0;
226 }
227
228 static int
229 or_state_validate_cb(void *old_state, void *state, void *default_state,
230 int from_setconf, char **msg)
231 {
232 /* We don't use these; only options do. Still, we need to match that
233 * signature. */
234 (void) from_setconf;
235 (void) default_state;
236 (void) old_state;
237
238 return or_state_validate(state, msg);
239 }
240
241 /** Return 0 if every setting in <b>state</b> is reasonable, and a
242 * permissible transition from <b>old_state</b>. Else warn and return -1.
243 * Should have no side effects, except for normalizing the contents of
244 * <b>state</b>.
245 */
246 static int
247 or_state_validate(or_state_t *state, char **msg)
248 {
249 if (entry_guards_parse_state(state, 0, msg)<0)
250 return -1;
251
252 if (validate_transports_in_state(state)<0)
253 return -1;
254
255 return 0;
256 }
257
258 /** Replace the current persistent state with <b>new_state</b> */
259 static int
260 or_state_set(or_state_t *new_state)
261 {
262 char *err = NULL;
263 int ret = 0;
264 tor_assert(new_state);
265 config_free(&state_format, global_state);
266 global_state = new_state;
267 if (entry_guards_parse_state(global_state, 1, &err)<0) {
268 log_warn(LD_GENERAL,"%s",err);
269 tor_free(err);
270 ret = -1;
271 }
272 if (rep_hist_load_state(global_state, &err)<0) {
273 log_warn(LD_GENERAL,"Unparseable bandwidth history state: %s",err);
274 tor_free(err);
275 ret = -1;
276 }
277 if (circuit_build_times_parse_state(
278 get_circuit_build_times_mutable(),global_state) < 0) {
279 ret = -1;
280 }
281 return ret;
282 }
283
284 /**
285 * Save a broken state file to a backup location.
286 */
287 static void
288 or_state_save_broken(char *fname)
289 {
290 int i, res;
291 file_status_t status;
292 char *fname2 = NULL;
293 for (i = 0; i < 100; ++i) {
294 tor_asprintf(&fname2, "%s.%d", fname, i);
295 status = file_status(fname2);
296 if (status == FN_NOENT)
297 break;
298 tor_free(fname2);
299 }
300 if (i == 100) {
301 log_warn(LD_BUG, "Unable to parse state in \"%s\"; too many saved bad "
302 "state files to move aside. Discarding the old state file.",
303 fname);
304 res = unlink(fname);
305 if (res != 0) {
306 log_warn(LD_FS,
307 "Also couldn't discard old state file \"%s\" because "
308 "unlink() failed: %s",
309 fname, strerror(errno));
310 }
311 } else {
312 log_warn(LD_BUG, "Unable to parse state in \"%s\". Moving it aside "
313 "to \"%s\". This could be a bug in Tor; please tell "
314 "the developers.", fname, fname2);
315 if (tor_rename(fname, fname2) < 0) {//XXXX sandbox prohibits
316 log_warn(LD_BUG, "Weirdly, I couldn't even move the state aside. The "
317 "OS gave an error of %s", strerror(errno));
318 }
319 }
320 tor_free(fname2);
321 }
322
323 STATIC or_state_t *
324 or_state_new(void)
325 {
326 or_state_t *new_state = tor_malloc_zero(sizeof(or_state_t));
327 new_state->magic_ = OR_STATE_MAGIC;
328 config_init(&state_format, new_state);
329
330 return new_state;
331 }
332
333 /** Reload the persistent state from disk, generating a new state as needed.
334 * Return 0 on success, less than 0 on failure.
335 */
336 int
337 or_state_load(void)
338 {
339 or_state_t *new_state = NULL;
340 char *contents = NULL, *fname;
341 char *errmsg = NULL;
342 int r = -1, badstate = 0;
343
344 fname = get_datadir_fname("state");
345 switch (file_status(fname)) {
346 case FN_FILE:
347 if (!(contents = read_file_to_str(fname, 0, NULL))) {
348 log_warn(LD_FS, "Unable to read state file \"%s\"", fname);
349 goto done;
350 }
351 break;
352 /* treat empty state files as if the file doesn't exist, and generate
353 * a new state file, overwriting the empty file in or_state_save() */
354 case FN_NOENT:
355 case FN_EMPTY:
356 break;
357 case FN_ERROR:
358 case FN_DIR:
359 default:
360 log_warn(LD_GENERAL,"State file \"%s\" is not a file? Failing.", fname);
361 goto done;
362 }
363 new_state = or_state_new();
364 if (contents) {
365 config_line_t *lines=NULL;
366 int assign_retval;
367 if (config_get_lines(contents, &lines, 0)<0)
368 goto done;
369 assign_retval = config_assign(&state_format, new_state,
370 lines, 0, &errmsg);
371 config_free_lines(lines);
372 if (assign_retval<0)
373 badstate = 1;
374 if (errmsg) {
375 log_warn(LD_GENERAL, "%s", errmsg);
376 tor_free(errmsg);
377 }
378 }
379
380 if (!badstate && or_state_validate(new_state, &errmsg) < 0)
381 badstate = 1;
382
383 if (errmsg) {
384 log_warn(LD_GENERAL, "%s", errmsg);
385 tor_free(errmsg);
386 }
387
388 if (badstate && !contents) {
389 log_warn(LD_BUG, "Uh oh. We couldn't even validate our own default state."
390 " This is a bug in Tor.");
391 goto done;
392 } else if (badstate && contents) {
393 or_state_save_broken(fname);
394
395 tor_free(contents);
396 config_free(&state_format, new_state);
397
398 new_state = or_state_new();
399 } else if (contents) {
400 log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
401 /* Warn the user if their clock has been set backwards,
402 * they could be tricked into using old consensuses */
403 time_t apparent_skew = new_state->LastWritten - time(NULL);
404 if (apparent_skew > 0)
405 clock_skew_warning(NULL, (long)apparent_skew, 1, LD_GENERAL,
406 "local state file", fname);
407 } else {
408 log_info(LD_GENERAL, "Initialized state");
409 }
410 if (or_state_set(new_state) == -1) {
411 or_state_save_broken(fname);
412 }
413 new_state = NULL;
414 if (!contents) {
415 global_state->next_write = 0;
416 or_state_save(time(NULL));
417 }
418 r = 0;
419
420 done:
421 tor_free(fname);
422 tor_free(contents);
423 if (new_state)
424 config_free(&state_format, new_state);
425
426 return r;
427 }
428
429 /** Did the last time we tried to write the state file fail? If so, we
430 * should consider disabling such features as preemptive circuit generation
431 * to compute circuit-build-time. */
432 static int last_state_file_write_failed = 0;
433
434 /** Return whether the state file failed to write last time we tried. */
435 int
436 did_last_state_file_write_fail(void)
437 {
438 return last_state_file_write_failed;
439 }
440
441 /** If writing the state to disk fails, try again after this many seconds. */
442 #define STATE_WRITE_RETRY_INTERVAL 3600
443
444 /** If we're a relay, how often should we checkpoint our state file even
445 * if nothing else dirties it? This will checkpoint ongoing stats like
446 * bandwidth used, per-country user stats, etc. */
447 #define STATE_RELAY_CHECKPOINT_INTERVAL (12*60*60)
448
449 /** Write the persistent state to disk. Return 0 for success, <0 on failure. */
450 int
451 or_state_save(time_t now)
452 {
453 char *state, *contents;
454 char tbuf[ISO_TIME_LEN+1];
455 char *fname;
456
457 tor_assert(global_state);
458
459 if (global_state->next_write > now)
460 return 0;
461
462 /* Call everything else that might dirty the state even more, in order
463 * to avoid redundant writes. */
464 entry_guards_update_state(global_state);
465 rep_hist_update_state(global_state);
466 circuit_build_times_update_state(get_circuit_build_times(), global_state);
467 if (accounting_is_enabled(get_options()))
468 accounting_run_housekeeping(now);
469
470 global_state->LastWritten = now;
471
472 tor_free(global_state->TorVersion);
473 tor_asprintf(&global_state->TorVersion, "Tor %s", get_version());
474
475 state = config_dump(&state_format, NULL, global_state, 1, 0);
476 format_local_iso_time(tbuf, now);
477 tor_asprintf(&contents,
478 "# Tor state file last generated on %s local time\n"
479 "# Other times below are in UTC\n"
480 "# You *do not* need to edit this file.\n\n%s",
481 tbuf, state);
482 tor_free(state);
483 fname = get_datadir_fname("state");
484 if (write_str_to_file(fname, contents, 0)<0) {
485 log_warn(LD_FS, "Unable to write state to file \"%s\"; "
486 "will try again later", fname);
487 last_state_file_write_failed = 1;
488 tor_free(fname);
489 tor_free(contents);
490 /* Try again after STATE_WRITE_RETRY_INTERVAL (or sooner, if the state
491 * changes sooner). */
492 global_state->next_write = now + STATE_WRITE_RETRY_INTERVAL;
493 return -1;
494 }
495
496 last_state_file_write_failed = 0;
497 log_info(LD_GENERAL, "Saved state to \"%s\"", fname);
498 tor_free(fname);
499 tor_free(contents);
500
501 if (server_mode(get_options()))
502 global_state->next_write = now + STATE_RELAY_CHECKPOINT_INTERVAL;
503 else
504 global_state->next_write = TIME_MAX;
505
506 return 0;
507 }
508
509 /** Return the config line for transport <b>transport</b> in the current state.
510 * Return NULL if there is no config line for <b>transport</b>. */
511 STATIC config_line_t *
512 get_transport_in_state_by_name(const char *transport)
513 {
514 or_state_t *or_state = get_or_state();
515 config_line_t *line;
516 config_line_t *ret = NULL;
517 smartlist_t *items = NULL;
518
519 for (line = or_state->TransportProxies ; line ; line = line->next) {
520 tor_assert(!strcmp(line->key, "TransportProxy"));
521
522 items = smartlist_new();
523 smartlist_split_string(items, line->value, NULL,
524 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
525 if (smartlist_len(items) != 2) /* broken state */
526 goto done;
527
528 if (!strcmp(smartlist_get(items, 0), transport)) {
529 ret = line;
530 goto done;
531 }
532
533 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
534 smartlist_free(items);
535 items = NULL;
536 }
537
538 done:
539 if (items) {
540 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
541 smartlist_free(items);
542 }
543 return ret;
544 }
545
546 /** Return string containing the address:port part of the
547 * TransportProxy <b>line</b> for transport <b>transport</b>.
548 * If the line is corrupted, return NULL. */
549 static const char *
550 get_transport_bindaddr(const char *line, const char *transport)
551 {
552 char *line_tmp = NULL;
553
554 if (strlen(line) < strlen(transport) + 2) {
555 goto broken_state;
556 } else {
557 /* line should start with the name of the transport and a space.
558 (for example, "obfs2 127.0.0.1:47245") */
559 tor_asprintf(&line_tmp, "%s ", transport);
560 if (strcmpstart(line, line_tmp))
561 goto broken_state;
562
563 tor_free(line_tmp);
564 return (line+strlen(transport)+1);
565 }
566
567 broken_state:
568 tor_free(line_tmp);
569 return NULL;
570 }
571
572 /** Return a string containing the address:port that a proxy transport
573 * should bind on. The string is stored on the heap and must be freed
574 * by the caller of this function. */
575 char *
576 get_stored_bindaddr_for_server_transport(const char *transport)
577 {
578 char *default_addrport = NULL;
579 const char *stored_bindaddr = NULL;
580 config_line_t *line = NULL;
581
582 {
583 /* See if the user explicitly asked for a specific listening
584 address for this transport. */
585 char *conf_bindaddr = get_transport_bindaddr_from_config(transport);
586 if (conf_bindaddr)
587 return conf_bindaddr;
588 }
589
590 line = get_transport_in_state_by_name(transport);
591 if (!line) /* Found no references in state for this transport. */
592 goto no_bindaddr_found;
593
594 stored_bindaddr = get_transport_bindaddr(line->value, transport);
595 if (stored_bindaddr) /* found stored bindaddr in state file. */
596 return tor_strdup(stored_bindaddr);
597
598 no_bindaddr_found:
599 /** If we didn't find references for this pluggable transport in the
600 state file, we should instruct the pluggable transport proxy to
601 listen on INADDR_ANY on a random ephemeral port. */
602 tor_asprintf(&default_addrport, "%s:%s", fmt_addr32(INADDR_ANY), "0");
603 return default_addrport;
604 }
605
606 /** Save <b>transport</b> listening on <b>addr</b>:<b>port</b> to
607 state */
608 void
609 save_transport_to_state(const char *transport,
610 const tor_addr_t *addr, uint16_t port)
611 {
612 or_state_t *state = get_or_state();
613
614 char *transport_addrport=NULL;
615
616 /** find where to write on the state */
617 config_line_t **next, *line;
618
619 /* see if this transport is already stored in state */
620 config_line_t *transport_line =
621 get_transport_in_state_by_name(transport);
622
623 if (transport_line) { /* if transport already exists in state... */
624 const char *prev_bindaddr = /* get its addrport... */
625 get_transport_bindaddr(transport_line->value, transport);
626 transport_addrport = tor_strdup(fmt_addrport(addr, port));
627
628 /* if transport in state has the same address as this one, life is good */
629 if (!strcmp(prev_bindaddr, transport_addrport)) {
630 log_info(LD_CONFIG, "Transport seems to have spawned on its usual "
631 "address:port.");
632 goto done;
633 } else { /* if addrport in state is different than the one we got */
634 log_info(LD_CONFIG, "Transport seems to have spawned on different "
635 "address:port. Let's update the state file with the new "
636 "address:port");
637 tor_free(transport_line->value); /* free the old line */
638 /* replace old addrport line with new line */
639 tor_asprintf(&transport_line->value, "%s %s", transport,
640 fmt_addrport(addr, port));
641 }
642 } else { /* never seen this one before; save it in state for next time */
643 log_info(LD_CONFIG, "It's the first time we see this transport. "
644 "Let's save its address:port");
645 next = &state->TransportProxies;
646 /* find the last TransportProxy line in the state and point 'next'
647 right after it */
648 line = state->TransportProxies;
649 while (line) {
650 next = &(line->next);
651 line = line->next;
652 }
653
654 /* allocate space for the new line and fill it in */
655 *next = line = tor_malloc_zero(sizeof(config_line_t));
656 line->key = tor_strdup("TransportProxy");
657 tor_asprintf(&line->value, "%s %s", transport, fmt_addrport(addr, port));
658
659 next = &(line->next);
660 }
661
662 if (!get_options()->AvoidDiskWrites)
663 or_state_mark_dirty(state, 0);
664
665 done:
666 tor_free(transport_addrport);
667 }
668
669 STATIC void
670 or_state_free(or_state_t *state)
671 {
672 if (!state)
673 return;
674
675 config_free(&state_format, state);
676 }
677
678 void
679 or_state_free_all(void)
680 {
681 or_state_free(global_state);
682 global_state = NULL;
683 }
684
The Onion Router