| blob | 45b3838792e5b04e1b8361cca14af37ffd15aa48 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file routerlist.c
9 * \brief Code to
10 * maintain and access the global list of routerinfos for known
11 * servers.
12 *
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
19 *
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
22 * networkstatus.
23 *
24 * Right now, routerinfo_t objects are used in these ways:
25 * <ul>
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
34 * else wants them.
35 * </ul>
36 *
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
42 *
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
48 *
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
53 *
54 * <br>
55 *
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
60 *
61 * <br>
62 *
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
66 *
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
71 *
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
77 *
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
80 *
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
87 *
88 * TODO: Authority certificates should be a separate module.
89 *
90 * TODO: dir_server_t stuff should be in a separate module.
91 **/
93 #define ROUTERLIST_PRIVATE
125 // #define DEBUG_ROUTERLIST
127 /****************************************************************************/
129 /* Typed wrappers for different digestmap types; used to avoid type
130 * confusion. */
136 #define SDMAP_FOREACH(map, keyvar, valvar) \
137 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
138 valvar)
139 #define RIMAP_FOREACH(map, keyvar, valvar) \
140 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
141 #define EIMAP_FOREACH(map, keyvar, valvar) \
142 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
143 #define DSMAP_FOREACH(map, keyvar, valvar) \
144 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
145 valvar)
147 /* Forward declaration for cert_list_t */
150 /* static function prototypes */
152 bandwidth_weight_rule_t rule,
178 /****************************************************************************/
180 /** Global list of a dir_server_t object for each directory
181 * authority. */
183 /** Global list of dir_server_t objects for all directory authorities
184 * and all fallback directory servers. */
187 /** List of certificates for a single authority, and download status for
188 * latest certificate.
189 */
191 /*
192 * The keys of download status map are cert->signing_key_digest for pending
193 * downloads by (identity digest/signing key digest) pair; functions such
194 * as authority_cert_get_by_digest() already assume these are unique.
195 */
197 /* There is also a dlstatus for the download by identity key only */
198 download_status_t dl_status_by_id;
200 };
201 /** Map from v3 identity key digest to cert_list_t. */
203 /** True iff any key certificate in at least one member of
204 * <b>trusted_dir_certs</b> has changed since we last flushed the
205 * certificates to disk. */
208 /** Global list of all of the routers that we know about. */
211 /** List of strings for nicknames we've already warned about and that are
212 * still unknown / unavailable. */
215 /** The last time we tried to download any routerdesc, or 0 for "never". We
216 * use this to rate-limit download attempts when the number of routerdescs to
217 * download is low. */
220 /** Return the number of directory authorities whose type matches some bit set
221 * in <b>type</b> */
222 int
224 {
232 }
234 /** Initialise schedule, want_authority, and increment on in the download
235 * status dlstatus, then call download_status_reset() on it.
236 * It is safe to call this function or download_status_reset() multiple times
237 * on a new dlstatus. But it should *not* be called after a dlstatus has been
238 * used to count download attempts or failures. */
239 static void
241 {
249 /* Use the new schedule to set next_attempt_at */
251 }
253 /** Reset the download status of a specified element in a dsmap */
254 static void
256 {
262 /* Make sure we have a dsmap */
265 }
266 /* Look for a download_status_t in the map with this digest */
268 /* Got one? */
270 /* Insert before we reset */
274 }
276 /* Go ahead and reset it */
278 }
280 /**
281 * Return true if the download for this signing key digest in cl is ready
282 * to be re-attempted.
283 */
284 static int
288 {
295 /* Make sure we have a dsmap */
298 }
299 /* Look for a download_status_t in the map with this digest */
301 /* Got one? */
303 /* Use download_status_is_ready() */
306 /*
307 * If we don't know anything about it, return 1, since we haven't
308 * tried this one before. We need to create a new entry here,
309 * too.
310 */
315 }
318 }
320 /** Helper: Return the cert_list_t for an authority whose authority ID is
321 * <b>id_digest</b>, allocating a new list if necessary. */
324 {
335 }
337 }
339 /** Return a list of authority ID digests with potentially enumerable lists
340 * of download_status_t objects; used by controller GETINFO queries.
341 */
345 {
356 /*
357 * We always have at least dl_status_by_id to query, so no need to
358 * probe deeper than the existence of a cert_list_t.
359 */
364 }
365 }
366 /* else definitely no downlaods going since nothing even has a cert list */
369 }
371 /** Given an authority ID digest, return a pointer to the default download
372 * status, or NULL if there is no such entry in trusted_dir_certs */
376 {
384 }
385 }
388 }
390 /** Given an authority ID digest, return a smartlist of signing key digests
391 * for which download_status_t is potentially queryable, or NULL if no such
392 * authority ID digest is known. */
396 {
412 /* Pull the digest out and add it to the list */
417 }
418 }
419 }
420 }
423 }
425 /** Given an authority ID digest and a signing key digest, return the
426 * download_status_t or NULL if none exists. */
429 download_status_for_authority_id_and_sk,
431 {
439 }
440 }
443 }
445 /** Release all space held by a cert_list_t */
446 static void
448 {
457 }
459 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
460 static void
462 {
464 }
466 /** Reload the cached v3 key certificates from the cached-certs file in
467 * the data directory. Return 0 on success, -1 on failure. */
468 int
470 {
481 contents,
485 }
487 /** Helper: return true iff we already have loaded the exact cert
488 * <b>cert</b>. */
491 {
495 {
498 DIGEST_LEN))
500 });
502 }
504 /** Load a bunch of new key certificates from the string <b>contents</b>. If
505 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
506 * from the cache, and we don't need to flush them to disk. If we are a
507 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
508 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
509 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
510 * need to flush any changed certificates to disk now. Return 0 on success,
511 * -1 if any certs fail to parse.
512 *
513 * If source_dir is non-NULL, it's the identity digest for a directory that
514 * we've just successfully retrieved certificates from, so try it first to
515 * fetch any missing certificates.
516 */
517 int
520 {
533 }
540 /* we already have this one. continue. */
546 /*
547 * A duplicate on download should be treated as a failure, so we call
548 * authority_cert_dl_failed() to reset the download status to make sure
549 * we can't try again. Since we've implemented the fp-sk mechanism
550 * to download certs by signing key, this should be much rarer than it
551 * was and is perhaps cause for concern.
552 */
556 "Got a certificate for %s, but we already have it. "
561 "Got a certificate for %s, but we already have it. "
564 }
566 /*
567 * This is where we care about the source; authority_cert_dl_failed()
568 * needs to know whether the download was by fp or (fp,sk) pair to
569 * twiddle the right bit in the download map.
570 */
577 }
578 }
582 }
599 }
600 }
605 /* Check to see whether we should update our view of the authority's
606 * address. */
618 }
620 }
624 }
629 /* call this even if failure_code is <0, since some certs might have
630 * succeeded, but only pass source_dir if there were no failures,
631 * and at least one more authority certificate was added to the store.
632 * This avoids retrying a directory that's serving bad or entirely duplicate
633 * certificates. */
638 }
641 }
643 /** Save all v3 key certificates to the cached-certs file. */
644 void
646 {
656 {
661 });
667 }
673 }
675 static int
677 {
684 else
686 }
688 /** Remove all expired v3 authority certificates that have been superseded for
689 * more than 48 hours or, if not expired, that were published more than 7 days
690 * before being superseded. (If the most recent cert was published more than 48
691 * hours ago, then we aren't going to get any consensuses signed with older
692 * keys.) */
693 static void
695 {
697 #define DEAD_CERT_LIFETIME (2*24*60*60)
698 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
703 /* Sort the list from first-published to last-published */
708 /* This is the most recently published cert. Keep it. */
710 }
714 /* All later certs are published in the future. Keep everything
715 * we didn't discard. */
717 }
720 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
721 * Remove it. */
724 /* Certificate has been superseded for OLD_CERT_LIFETIME.
725 * Remove it.
726 */
728 }
733 }
737 #undef DEAD_CERT_LIFETIME
738 #undef OLD_CERT_LIFETIME
741 }
743 /** Return the newest v3 authority certificate whose v3 authority identity key
744 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
745 * or it has no certificate. */
746 authority_cert_t *
748 {
756 {
759 });
761 }
763 /** Return the newest v3 authority certificate whose directory signing key has
764 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
765 */
766 authority_cert_t *
768 {
782 {
785 });
788 }
790 /** Return the v3 authority certificate with signing key matching
791 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
792 * Return NULL if no such authority is known. */
793 authority_cert_t *
796 {
806 }
808 /** Add every known authority_cert_t to <b>certs_out</b>. */
809 void
811 {
820 }
822 /** Called when an attempt to download a certificate with the authority with
823 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
824 * fails with HTTP response code <b>status</b>: remember the failure, so we
825 * don't try again immediately. */
826 void
829 {
839 /*
840 * Are we noting a failed download of the latest cert for the id digest,
841 * or of a download by (id, signing key) digest pair?
842 */
844 /* Just by id digest */
847 /* Reset by (id, signing key) digest pair
848 *
849 * Look for a download_status_t in the map with this digest
850 */
852 /* Got one? */
856 /*
857 * Do this rather than hex_str(), since hex_str clobbers
858 * old results and we call twice in the param list.
859 */
865 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
868 }
869 }
870 }
883 NULL,
884 };
886 /** Return true iff <b>cert</b> authenticates some atuhority signing key
887 * which, because of the old openssl heartbleed vulnerability, should
888 * never be trusted. */
889 int
891 {
900 }
901 }
903 }
905 /** Return true iff when we've been getting enough failures when trying to
906 * download the certificate with ID digest <b>id_digest</b> that we're willing
907 * to start bugging the user about it. */
908 int
910 {
911 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
920 }
922 /* Fetch the authority certificates specified in resource.
923 * If we are a bridge client, and node is a configured bridge, fetch from node
924 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
925 * rs. Otherwise, fetch from a random directory mirror. */
926 static void
931 {
934 resource);
936 /* Make sure bridge clients never connect to anything but a bridge */
939 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
942 /* If we're using bridges, and there's no node, use a 3-hop path. */
944 }
945 }
950 /* If we've just downloaded a consensus from a bridge, re-use that
951 * bridge */
953 /* clients always make OR connections to bridges */
954 tor_addr_port_t or_ap;
955 /* we are willing to use a non-preferred address if we need to */
960 dir_hint,
961 DIR_PURPOSE_FETCH_CERTIFICATE,
963 indirection,
966 }
969 /* If we've just downloaded a consensus from a directory, re-use that
970 * directory */
972 DIR_PURPOSE_FETCH_CERTIFICATE,
976 }
978 /* Otherwise, we want certs from a random fallback or directory
979 * mirror, because they will almost always succeed. */
982 DL_WANT_ANY_DIRSERVER);
983 }
985 /** Try to download any v3 authority certificates that we may be missing. If
986 * <b>status</b> is provided, try to get all the ones that were used to sign
987 * <b>status</b>. Additionally, try to have a non-expired certificate for
988 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
989 * already have.
990 *
991 * If dir_hint is non-NULL, it's the identity digest for a directory that
992 * we've just successfully retrieved a consensus or certificates from, so try
993 * it first to fetch any missing certificates.
994 **/
995 void
998 {
999 /*
1000 * The pending_id digestmap tracks pending certificate downloads by
1001 * identity digest; the pending_cert digestmap tracks pending downloads
1002 * by (identity digest, signing key digest) pairs.
1003 */
1006 /*
1007 * The missing_id_digests smartlist will hold a list of id digests
1008 * we want to fetch the newest cert for; the missing_cert_digests
1009 * smartlist will hold a list of fp_pair_t with an identity and
1010 * signing key digest.
1011 */
1029 /*
1030 * First, we get the lists of already pending downloads so we don't
1031 * duplicate effort.
1032 */
1037 /*
1038 * Now, we download any trusted authority certs we don't have by
1039 * identity digest only. This gets the latest cert for that authority.
1040 */
1051 /* It's not expired, and we weren't looking for something to
1052 * verify a consensus with. Call it done. */
1054 /* No sense trying to download it specifically by signing key hash */
1058 }
1065 "No current certificate known for authority %s "
1069 }
1072 /*
1073 * Next, if we have a consensus, scan through it and look for anything
1074 * signed with a key from a cert we don't have. Those get downloaded
1075 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1076 * (identity digest), and it's one of the trusted dir server certs
1077 * we started off above or a pending download in pending_id, don't
1078 * try to get it yet. Most likely, the one we'll get for that will
1079 * have the right signing key too, and we'd just be downloading
1080 * redundantly.
1081 */
1084 voter) {
1087 * go looking for a cert with key digest 0000000000. */
1091 * authority.*/
1093 /*
1094 * If we don't know *any* cert for this authority, and a download by ID
1095 * is pending or we added it to missing_id_digests above, skip this
1096 * one for now to avoid duplicate downloads.
1097 */
1100 /* We have no certs at all for this one */
1102 /* Do we have a download of one pending? */
1106 /*
1107 * Are we about to launch a download of one due to the trusted
1108 * dir server check above?
1109 */
1113 }
1123 }
1130 /*
1131 * Do this rather than hex_str(), since hex_str clobbers
1132 * old results and we call twice in the param list.
1133 */
1141 "We're missing a certificate from authority %s "
1142 "(ID digest %s) with signing key %s: "
1147 "We're missing a certificate from authority ID digest "
1150 }
1152 /* Allocate a new fp_pair_t to append */
1158 }
1161 }
1163 /* Bridge clients look up the node for the dir_hint */
1165 /* All clients, including bridge clients, look up the routerstatus for the
1166 * dir_hint */
1169 /* If we still need certificates, try the directory that just successfully
1170 * served us a consensus or certificates.
1171 * As soon as the directory fails to provide additional certificates, we try
1172 * another, randomly selected directory. This avoids continual retries.
1173 * (We only ever have one outstanding request per certificate.)
1174 */
1177 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1178 * or something else fetched over tor, we won't find the node here, but
1179 * we will find the rs. */
1181 }
1183 /* All clients try the consensus routerstatus, then the fallback
1184 * routerstatus */
1187 /* This will also find authorities */
1189 dir_hint);
1192 }
1193 }
1200 }
1201 }
1203 /* Do downloads by identity digest */
1222 /* No need for tor_asprintf() in this case; first one gets no '+' */
1225 }
1232 /* node and rs are directories that just gave us a consensus or
1233 * certificates */
1236 }
1237 /* else we didn't add any: they were all pending */
1241 }
1243 /* Do downloads by identity digest/signing key pair */
1256 /* Construct string encodings of the digests */
1262 /* Now tor_asprintf() */
1266 /* First one in the list doesn't get a '+' */
1269 }
1271 /* Add it to the list of pairs to request */
1277 /* node and rs are directories that just gave us a consensus or
1278 * certificates */
1281 }
1282 /* else they were all pending */
1286 }
1293 }
1295 /* Router descriptor storage.
1296 *
1297 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1298 * routerdescs arrive, we append them to a journal file named
1299 * "cached-descriptors.new".
1300 *
1301 * From time to time, we replace "cached-descriptors" with a new file
1302 * containing only the live, non-superseded descriptors, and clear
1303 * cached-routers.new.
1304 *
1305 * On startup, we read both files.
1306 */
1308 /** Helper: return 1 iff the router log is so big we want to rebuild the
1309 * store. */
1310 static int
1312 {
1316 else
1318 }
1320 /** Return the desc_store_t in <b>rl</b> that should be used to store
1321 * <b>sd</b>. */
1324 {
1327 else
1329 }
1331 /** Add the signed_descriptor_t in <b>desc</b> to the router
1332 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1333 * offset appropriately. */
1334 static int
1337 {
1346 }
1354 }
1356 /** Sorting helper: return <0, 0, or >0 depending on whether the
1357 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1358 * the signed_descriptor_t* in *<b>b</b>. */
1359 static int
1361 {
1364 }
1366 #define RRS_FORCE 1
1367 #define RRS_DONT_REMOVE_OLD 2
1369 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1370 * <b>flags</b>, then atomically replace the saved router store with the
1371 * routers currently in our routerlist, and clear the journal. Unless
1372 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1373 * rebuilding the store. Return 0 on success, -1 on failure.
1374 */
1375 static int
1377 {
1391 }
1395 }
1399 else
1403 /* Don't save deadweight. */
1414 /* We sort the routers by age to enhance locality on disk. */
1425 }
1431 }
1435 /* Now, add the appropriate members to chunk_list */
1442 }
1446 }
1457 }
1459 /* Our mmap is now invalid. */
1465 }
1466 }
1471 }
1477 /* empty store.*/
1483 "okay if we're just starting up after a long time. "
1485 }
1488 }
1489 }
1501 }
1514 done:
1521 }
1524 }
1526 /** Helper: Reload a cache file and its associated journal, setting metadata
1527 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1528 * else reload the router descriptor store. */
1529 static int
1531 {
1540 /* get rid of it first */
1547 }
1548 }
1557 else
1561 }
1565 /* don't load empty files - we wouldn't get any data, even if we tried */
1572 else
1577 }
1582 /* Always clear the journal on startup.*/
1585 /* Don't cache expired routers. (This is in an else because
1586 * router_rebuild_store() also calls remove_old_routers().) */
1588 }
1591 }
1593 /** Load all cached router descriptors and extra-info documents from the
1594 * store. Return 0 on success and -1 on failure.
1595 */
1596 int
1598 {
1605 }
1607 /** Return a smartlist containing a list of dir_server_t * for all
1608 * known trusted dirservers. Callers must not modify the list or its
1609 * contents.
1610 */
1613 {
1618 }
1622 {
1627 }
1629 /** Try to find a running dirserver that supports operations of <b>type</b>.
1630 *
1631 * If there are no running dirservers in our routerlist and the
1632 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1633 * (including authorities) as running again, and pick one.
1634 *
1635 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1636 * dirservers that we can't reach.
1637 *
1638 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1639 * (if we're a dirserver).
1640 *
1641 * Don't pick a fallback directory mirror if any non-fallback is viable;
1642 * (the fallback directory mirrors include the authorities)
1643 * try to avoid using servers that have returned 503 recently.
1644 */
1647 {
1659 /* If the reason that we got no server is that servers are "busy",
1660 * we must be excluding good servers because we already have serverdesc
1661 * fetches with them. Do not mark down servers up because of this. */
1663 PDS_NO_EXISTING_MICRODESC_FETCH)));
1665 }
1668 "No reachable router entries for dirservers. "
1670 /* mark all fallback directory mirrors as up again */
1672 /* try again */
1675 }
1677 /** Return the dir_server_t for the directory authority whose identity
1678 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1679 */
1680 dir_server_t *
1682 {
1687 {
1690 });
1693 }
1695 /** Return the dir_server_t for the fallback dirserver whose identity
1696 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1697 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1698 * and UseDefaultFallbackDirs torrc options.)
1699 * The list of fallback directories includes the list of authorities.
1700 */
1701 dir_server_t *
1703 {
1711 {
1714 });
1717 }
1719 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1720 * or 0 if no such fallback is in the list of fallback_dir_servers.
1721 * (fallback_dir_servers is affected by the FallbackDir and
1722 * UseDefaultFallbackDirs torrc options.)
1723 * The list of fallback directories includes the list of authorities.
1724 */
1725 int
1727 {
1729 }
1731 /** Return the dir_server_t for the directory authority whose
1732 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1733 * is known.
1734 */
1737 {
1742 {
1746 });
1749 }
1751 /** Try to find a running directory authority. Flags are as for
1752 * router_pick_directory_server.
1753 */
1756 {
1758 }
1760 /** Try to find a running fallback directory. Flags are as for
1761 * router_pick_directory_server.
1762 */
1765 {
1767 }
1769 /** Try to find a running fallback directory. Flags are as for
1770 * router_pick_directory_server.
1771 */
1775 {
1783 /* If the reason that we got no server is that servers are "busy",
1784 * we must be excluding good servers because we already have serverdesc
1785 * fetches with them. Do not mark down servers up because of this. */
1787 PDS_NO_EXISTING_MICRODESC_FETCH)));
1789 }
1795 }
1797 /* Check if we already have a directory fetch from ap, for serverdesc
1798 * (including extrainfo) or microdesc documents.
1799 * If so, return 1, if not, return 0.
1800 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1801 */
1802 STATIC int
1805 {
1808 }
1810 /* XX/teor - we're not checking tunnel connections here, see #17848
1811 */
1818 }
1824 }
1827 }
1829 /* Check if we already have a directory fetch from the ipv4 or ipv6
1830 * router, for serverdesc (including extrainfo) or microdesc documents.
1831 * If so, return 1, if not, return 0.
1832 */
1833 static int
1839 {
1842 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1850 }
1852 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1853 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1854 #endif
1856 /* Log a message if rs is not found or not a preferred address */
1857 static void
1859 {
1864 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1865 /* Don't log early in the bootstrap process, it's normal to pick from a
1866 * small pool of nodes. Of course, this won't help if we're trying to
1867 * diagnose bootstrap issues. */
1871 }
1872 #endif
1874 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1875 * Sometimes this is normal, sometimes it can be a reachability issue. */
1877 /* This happens a lot, so it's at debug level */
1879 "we couldn't find a directory that fit our criteria. "
1883 ) {
1884 /* This is rare, and might be interesting to users trying to diagnose
1885 * connection issues on dual-stack machines. */
1887 "addresses for launching an outgoing connection: "
1893 }
1894 }
1896 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1898 /** How long do we avoid using a directory server after it's given us a 503? */
1899 #define DIR_503_TIMEOUT (60*60)
1901 /* Common retry code for router_pick_directory_server_impl and
1902 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1903 * Must be called before RETRY_WITHOUT_EXCLUDE().
1904 *
1905 * If we got no result, and we are applying IP preferences, and we are a
1906 * client that could use an alternate IP version, try again with the
1907 * opposite preferences. */
1908 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1909 STMT_BEGIN \
1910 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1911 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1912 && !n_busy) { \
1913 n_excluded = 0; \
1914 n_busy = 0; \
1915 try_ip_pref = 0; \
1916 goto retry_label; \
1917 } \
1918 STMT_END \
1920 /* Common retry code for router_pick_directory_server_impl and
1921 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1922 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1923 *
1924 * If we got no result, and we are excluding nodes, and StrictNodes is
1925 * not set, try again without excluding nodes. */
1926 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1927 STMT_BEGIN \
1928 if (result == NULL && try_excluding && !options->StrictNodes \
1929 && n_excluded && !n_busy) { \
1930 try_excluding = 0; \
1931 n_excluded = 0; \
1932 n_busy = 0; \
1933 try_ip_pref = 1; \
1934 goto retry_label; \
1935 } \
1936 STMT_END
1938 /* Common code used in the loop within router_pick_directory_server_impl and
1939 * router_pick_trusteddirserver_impl.
1940 *
1941 * Check if the given <b>identity</b> supports extrainfo. If not, skip further
1942 * checks.
1943 */
1944 #define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \
1945 STMT_BEGIN \
1946 int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \
1947 (identity), EXTRAINFO_DIRINFO); \
1948 if (((type) & EXTRAINFO_DIRINFO) && \
1949 !router_supports_extrainfo((identity), is_trusted_extrainfo)) \
1950 continue; \
1951 STMT_END
1953 /* When iterating through the routerlist, can OR address/port preference
1954 * and reachability checks be skipped?
1955 */
1956 int
1958 {
1959 /* Servers always have and prefer IPv4.
1960 * And if clients are checking against the firewall for reachability only,
1961 * but there's no firewall, don't bother checking */
1963 }
1965 /* When iterating through the routerlist, can Dir address/port preference
1966 * and reachability checks be skipped?
1967 */
1968 static int
1970 {
1971 /* Servers always have and prefer IPv4.
1972 * And if clients are checking against the firewall for reachability only,
1973 * but there's no firewall, don't bother checking */
1975 }
1977 /** Pick a random running valid directory server/mirror from our
1978 * routerlist. Arguments are as for router_pick_directory_server(), except:
1979 *
1980 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1981 * directories that we excluded for no other reason than
1982 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1983 */
1987 {
2005 retry_search:
2018 /* Find all the running dirservers we know about. */
2036 country)) {
2039 }
2044 no_serverdesc_fetching,
2045 no_microdesc_fetching)) {
2048 }
2053 /* Clients use IPv6 addresses if the server has one and the client
2054 * prefers IPv6.
2055 * Add the router if its preferred address and port are reachable.
2056 * If we don't get any routers, we'll try again with the non-preferred
2057 * address for each router (if any). (To ensure correct load-balancing
2058 * we try routers that only have one address both times.)
2059 */
2062 try_ip_pref))
2067 try_ip_pref)))
2076 WEIGHT_FOR_DIR);
2078 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2079 * yet. Maybe one day we should. */
2080 /* FFFF We also don't load balance over authorities yet. I think this
2081 * is a feature, but it could easily be a bug. -RD */
2087 WEIGHT_FOR_DIR);
2090 }
2108 }
2110 /** Pick a random element from a list of dir_server_t, weighting by their
2111 * <b>weight</b> field. */
2114 {
2128 }
2135 }
2137 /** Choose randomly from among the dir_server_ts in sourcelist that
2138 * are up. Flags are as for router_pick_directory_server_impl().
2139 */
2144 {
2165 retry_search:
2177 {
2193 }
2198 no_serverdesc_fetching,
2199 no_microdesc_fetching)) {
2202 }
2204 /* Clients use IPv6 addresses if the server has one and the client
2205 * prefers IPv6.
2206 * Add the router if its preferred address and port are reachable.
2207 * If we don't get any routers, we'll try again with the non-preferred
2208 * address for each router (if any). (To ensure correct load-balancing
2209 * we try routers that only have one address both times.)
2210 */
2213 try_ip_pref))
2217 try_ip_pref)))
2219 }
2230 }
2232 {
2238 }
2254 }
2256 /** Mark as running every dir_server_t in <b>server_list</b>. */
2257 static void
2259 {
2272 }
2274 }
2276 }
2278 /** Return true iff r1 and r2 have the same address and OR port. */
2279 int
2281 {
2285 }
2287 /** Reset all internal variables used to count failed downloads of network
2288 * status objects. */
2289 void
2291 {
2293 }
2295 /** Given a <b>router</b>, add every node_t in its family (including the
2296 * node itself!) to <b>sl</b>.
2297 *
2298 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2299 * to the smartlist!
2300 */
2301 static void
2303 {
2304 /* XXXX MOVE ? */
2305 node_t fake_node;
2312 }
2314 }
2316 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2317 * we can pick a node for a circuit.
2318 */
2319 void
2324 {
2326 pref_addr);
2327 /* XXXX MOVE */
2338 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2341 /* Don't choose nodes if we are certain they can't do ntor. */
2344 /* Choose a node with an OR address that matches the firewall rules */
2347 FIREWALL_OR_CONNECTION,
2348 pref_addr))
2353 }
2355 /** Look through the routerlist until we find a router that has my key.
2356 Return it. */
2359 {
2364 {
2367 });
2369 }
2371 /** Return the smaller of the router's configured BandwidthRate
2372 * and its advertised capacity. */
2373 uint32_t
2375 {
2379 }
2381 /** Do not weight any declared bandwidth more than this much when picking
2382 * routers by bandwidth. */
2385 /** Return the smaller of the router's configured BandwidthRate
2386 * and its advertised capacity, capped by max-believe-bw. */
2387 uint32_t
2389 {
2396 }
2398 /** Given an array of double/uint64_t unions that are currently being used as
2399 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2400 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2401 * the sum of all elements in the array _before_ scaling. */
2402 STATIC void
2406 {
2417 }
2424 }
2426 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2427 * choosing each element with a probability proportional to its (uint64_t)
2428 * value, and return the index of that element. If all elements are 0, choose
2429 * an index at random. Return -1 on error.
2430 */
2431 STATIC int
2433 {
2453 }
2455 /** When weighting bridges, enforce these values as lower and upper
2456 * bound for believable bandwidth, because there is no way for us
2457 * to verify a bridge's bandwidth currently. */
2461 /** Return the smaller of the router's configured BandwidthRate
2462 * and its advertised capacity, making sure to stay within the
2463 * interval between bridge-min-believe-bw and
2464 * bridge-max-believe-bw. */
2465 static uint32_t
2467 {
2476 }
2478 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2479 * INT32_MAX. */
2482 {
2484 }
2486 /** Helper function:
2487 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2488 * the advertised bandwidth of each element using the consensus
2489 * bandwidth weights.
2490 *
2491 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2492 * nodes' bandwidth equally regardless of their Exit status, since there may
2493 * be some in the list because they exit to obscure ports. If
2494 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2495 * exit-node's bandwidth less depending on the smallness of the fraction of
2496 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2497 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2498 * guards proportionally less.
2499 */
2502 bandwidth_weight_rule_t rule)
2503 {
2514 {
2520 }
2521 }
2523 /** Given a list of routers and a weighting rule as in
2524 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2525 * values for each node and store them in a freshly allocated
2526 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2527 * as doubles. Return 0 on success, -1 on failure. */
2528 static int
2530 bandwidth_weight_rule_t rule,
2532 {
2537 guardfraction_bandwidth_t guardfraction_bw;
2540 /* Can't choose exit and guard at same time */
2549 "Empty routerlist passed in to consensus weight node "
2553 }
2578 // Guards CAN be exits if they have weird exit policies
2579 // They are d then I guess...
2599 }
2604 "Got negative bandwidth weights. Defaulting to naive selection"
2608 }
2622 // Cycle through smartlist and total the bandwidth.
2634 /* This should never happen, unless all the authorites downgrade
2635 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2638 "Consensus is missing some bandwidths. Using a naive "
2641 }
2645 }
2647 /* bridge or other descriptor not in our consensus */
2650 /* We can't use this one. */
2652 }
2664 }
2665 /* These should be impossible; but overflows here would be bad, so let's
2666 * make sure. */
2674 /* If guardfraction information is available in the consensus, we
2675 * want to calculate this router's bandwidth according to its
2676 * guardfraction. Quoting from proposal236:
2677 *
2678 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2679 * client would apply to N for position p if it had the guard
2680 * flag, Wpn the weight if it did not have the guard flag, and B the
2681 * measured bandwidth of N in the consensus. Then instead of choosing
2682 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2683 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2684 */
2686 /* XXX The assert should actually check for is_guard. However,
2687 * that crashes dirauths because of #13297. This should be
2688 * equivalent: */
2692 this_bw,
2695 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2696 final_weight =
2705 }
2711 "on weights "
2719 }
2721 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2722 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2723 * descriptors. */
2724 double
2726 bandwidth_weight_rule_t rule)
2727 {
2738 n_with_descs++;
2739 });
2741 }
2757 }
2759 /** Choose a random element of status list <b>sl</b>, weighted by
2760 * the advertised bandwidth of each node */
2763 bandwidth_weight_rule_t rule)
2766 }
2768 /** Return a random running node from the nodelist. Never
2769 * pick a node that is in
2770 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2771 * even if they are the only nodes available.
2772 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2773 * a minimum uptime, return one of those.
2774 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2775 * advertised capacity of each router.
2776 * If <b>CRN_ALLOW_INVALID</b> is not set in flags, consider only Valid
2777 * routers.
2778 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2779 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2780 * picking an exit node, otherwise we weight bandwidths for picking a relay
2781 * node (that is, possibly discounting exit nodes).
2782 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2783 * have a routerinfo or microdescriptor -- that is, enough info to be
2784 * used to build a circuit.
2785 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2786 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2787 * (regardless of this flag, we exclude nodes that aren't allowed by the
2788 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2789 */
2793 router_crn_flags_t flags)
2808 bandwidth_weight_rule_t rule;
2814 /* Exclude relays that allow single hop exit circuits, if the user
2815 * wants to (such relays might be risky) */
2820 });
2821 }
2829 direct_conn);
2846 }
2852 }
2854 // Always weight by bandwidth
2859 /* try once more -- recurse but with fewer restrictions. */
2861 "We couldn't find any live%s%s%s routers; falling back "
2867 CRN_PREF_ADDR);
2870 }
2875 }
2877 }
2879 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2880 * Return 0 on success, -1 on failure. Store the result into the
2881 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2882 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2883 * at <b>nickname_out</b>.
2884 *
2885 * The recognized format is:
2886 * HexName = Dollar? HexDigest NamePart?
2887 * Dollar = '?'
2888 * HexDigest = HexChar*20
2889 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2890 * NamePart = QualChar Name
2891 * QualChar = '=' | '~'
2892 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2893 * NameChar = Any ASCII alphanumeric character
2894 */
2895 int
2900 {
2916 ;
2919 }
2925 }
2927 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2928 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2929 * (which is optionally prefixed with a single dollar sign). Return false if
2930 * <b>hexdigest</b> is malformed, or it doesn't match. */
2931 int
2934 {
2949 }
2952 }
2954 /** Return true iff <b>router</b> is listed as named in the current
2955 * consensus. */
2956 int
2958 {
2964 }
2966 /** Return true iff <b>digest</b> is the digest of the identity key of a
2967 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2968 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2969 int
2971 {
2979 });
2981 }
2983 /** If hexdigest is correctly formed, base16_decode it into
2984 * digest, which must have DIGEST_LEN space in it.
2985 * Return 0 on success, -1 on failure.
2986 */
2987 int
2989 {
2996 }
2998 /** As router_get_by_id_digest,but return a pointer that you're allowed to
2999 * modify */
3000 routerinfo_t *
3002 {
3007 // routerlist_assert_ok(routerlist);
3010 }
3012 /** Return the router in our routerlist whose 20-byte key digest
3013 * is <b>digest</b>. Return NULL if no such router is known. */
3016 {
3018 }
3020 /** Return the router in our routerlist whose 20-byte descriptor
3021 * is <b>digest</b>. Return NULL if no such router is known. */
3022 signed_descriptor_t *
3024 {
3030 }
3032 /** Return the signed descriptor for the router in our routerlist whose
3033 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3034 * is known. */
3037 {
3043 }
3045 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3046 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3047 * document is known. */
3048 signed_descriptor_t *
3050 {
3056 }
3058 /** Return a pointer to the signed textual representation of a descriptor.
3059 * The returned string is not guaranteed to be NUL-terminated: the string's
3060 * length will be in desc-\>signed_descriptor_len.
3061 *
3062 * If <b>with_annotations</b> is set, the returned string will include
3063 * the annotations
3064 * (if any) preceding the descriptor. This will increase the length of the
3065 * string by desc-\>annotations_len.
3066 *
3067 * The caller must not free the string returned.
3068 */
3072 {
3078 else
3089 "mmaped in our cache. Is another process running in our data "
3092 }
3093 }
3106 }
3107 }
3110 }
3112 /** Return a pointer to the signed textual representation of a descriptor.
3113 * The returned string is not guaranteed to be NUL-terminated: the string's
3114 * length will be in desc-\>signed_descriptor_len.
3115 *
3116 * The caller must not free the string returned.
3117 */
3120 {
3122 }
3124 /** As signed_descriptor_get_body(), but points to the beginning of the
3125 * annotations section rather than the beginning of the descriptor. */
3128 {
3130 }
3132 /** Return the current list of all known routers. */
3133 routerlist_t *
3135 {
3153 }
3155 }
3157 /** Free all storage held by <b>router</b>. */
3158 void
3160 {
3178 }
3185 }
3187 /** Release all storage held by <b>extrainfo</b> */
3188 void
3190 {
3199 }
3201 /** Release storage held by <b>sd</b>. */
3202 static void
3204 {
3213 }
3215 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3216 * memory inside the object and by zeroing its content. */
3217 static void
3219 {
3224 }
3226 /** Copy src into dest, and steal all references inside src so that when
3227 * we free src, we don't mess up dest. */
3228 static void
3231 {
3233 /* Cleanup destination object before overwriting it.*/
3239 }
3241 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3242 * routerinfo.
3243 */
3246 {
3253 }
3255 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3256 static void
3258 {
3260 }
3262 /** Free all storage held by a routerlist <b>rl</b>. */
3263 void
3265 {
3282 }
3283 }
3288 }
3289 }
3293 }
3295 /** Log information about how much memory is being used for routerlist,
3296 * at log level <b>severity</b>. */
3297 void
3299 {
3314 }
3316 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3317 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3318 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3319 * is not in <b>sl</b>. */
3322 {
3329 });
3333 };
3335 }
3337 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3338 * as needed. There must be no previous member of <b>rl</b> with the same
3339 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3340 * instead.
3341 */
3342 static void
3344 {
3347 {
3350 }
3366 }
3370 }
3379 #ifdef DEBUG_ROUTERLIST
3381 #endif
3382 }
3384 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3385 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3386 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3389 {
3390 was_router_added_t r;
3399 {
3402 }
3405 /* This router is unknown; we can't even verify the signature. Give up.*/
3408 }
3410 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3417 }
3421 /* The sd we got from the map doesn't match the digest we used to look
3422 * it up. This makes no sense. */
3427 }
3438 "router info incompatible with extra info (ri id: %s, ei id %s, "
3442 }
3444 /* Okay, if we make it here, we definitely have a router corresponding to
3445 * this extrainfo. */
3449 ei);
3455 }
3457 done:
3461 #ifdef DEBUG_ROUTERLIST
3463 #endif
3465 }
3467 #define should_cache_old_descriptors() \
3468 directory_caches_dir_info(get_options())
3470 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3471 * a copy of router <b>ri</b> yet, add it to the list of old (not
3472 * recommended but still served) descriptors. Else free it. */
3473 static void
3475 {
3476 {
3479 }
3494 }
3495 #ifdef DEBUG_ROUTERLIST
3497 #endif
3498 }
3500 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3501 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl->routers,
3502 * idx) == ri, we don't need to do a linear search over the list to decide
3503 * which to remove. We fill the gap in rl->routers with a later element in
3504 * the list, if any exists. <b>ri</b> is freed.
3505 *
3506 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3507 * it to rl->old_routers. */
3508 void
3510 {
3519 /* make sure the rephist module knows that it's not running */
3527 }
3554 }
3558 }
3559 #ifdef DEBUG_ROUTERLIST
3561 #endif
3562 }
3564 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3565 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3566 * <b>sd</b>. */
3567 static void
3569 {
3575 }
3577 /* XXXX edmanm's bridge relay triggered the following assert while
3578 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3579 * can get a backtrace. */
3588 }
3602 }
3607 #ifdef DEBUG_ROUTERLIST
3609 #endif
3610 }
3612 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3613 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3614 * smartlist_get(rl->routers, idx) == ri, we don't need to do a linear
3615 * search over the list to decide which to remove. We put ri_new in the same
3616 * index as ri_old, if possible. ri is freed as appropriate.
3617 *
3618 * If should_cache_descriptors() is true, instead of deleting the router,
3619 * we add it to rl->old_routers. */
3620 static void
3623 {
3629 {
3632 }
3640 {
3644 }
3651 /* Check that ri_old is not in rl->routers anymore: */
3657 }
3660 /* digests don't match; digestmap_set won't replace */
3662 }
3673 }
3677 DIGEST_LEN);
3682 /* ri_old is going to become a signed_descriptor_t and go into
3683 * old_routers */
3691 /* We're dropping ri_old. */
3693 /* digests don't match; The sdmap_set above didn't replace */
3705 }
3706 }
3711 }
3712 }
3715 }
3716 #ifdef DEBUG_ROUTERLIST
3718 #endif
3719 }
3721 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3722 * it as a fresh routerinfo_t. */
3725 {
3741 }
3743 /** Free all memory held by the routerlist module.
3744 * Note: Calling routerlist_free_all() should always be paired with
3745 * a call to nodelist_free_all(). These should only be called during
3746 * cleanup.
3747 */
3748 void
3750 {
3757 }
3765 }
3766 }
3768 /** Forget that we have issued any router-related warnings, so that we'll
3769 * warn again if we see the same errors. */
3770 void
3772 {
3779 }
3781 /** Return 1 if the signed descriptor of this router is older than
3782 * <b>seconds</b> seconds. Otherwise return 0. */
3785 {
3787 }
3789 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3790 * older entries (if any) with the same key. Note: Callers should not hold
3791 * their pointers to <b>router</b> if this function fails; <b>router</b>
3792 * will either be inserted into the routerlist or freed. Similarly, even
3793 * if this call succeeds, they should not hold their pointers to
3794 * <b>router</b> after subsequent calls with other routerinfo's -- they
3795 * might cause the original routerinfo to get freed.
3796 *
3797 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3798 * the poster of the router to know something.
3799 *
3800 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3801 * <b>from_fetch</b>, we received it in response to a request we made.
3802 * (If both are false, that means it was uploaded to us as an auth dir
3803 * server or via the controller.)
3804 *
3805 * This function should be called *after*
3806 * routers_update_status_from_consensus_networkstatus; subsequently, you
3807 * should call router_rebuild_store and routerlist_descriptors_added.
3808 */
3809 was_router_added_t
3812 {
3831 /* Make sure that it isn't expired. */
3836 }
3838 /* Make sure that we haven't already got this exact descriptor. */
3841 /* If we have this descriptor already and the new descriptor is a bridge
3842 * descriptor, replace it. If we had a bridge descriptor before and the
3843 * new one is not a bridge descriptor, don't replace it. */
3845 /* Only members of routerlist->identity_map can be bridges; we don't
3846 * put bridges in old_routers. */
3863 }
3864 }
3873 }
3875 /* Only check the descriptor digest against the network statuses when
3876 * we are receiving in response to a fetch. */
3880 /* We asked for it, so some networkstatus must have listed it when we
3881 * did. Save it if we're a cache in case somebody else asks for it. */
3887 /* Only journal this desc if we want to keep old descriptors */
3893 }
3894 }
3896 /* We no longer need a router with this descriptor digest. */
3902 DIGEST_LEN)) {
3904 }
3905 }
3909 /* If it's a general router not listed in the consensus, then don't
3910 * consider replacing the latest router with it. */
3917 }
3919 /* If we're reading a bridge descriptor from our cache, and we don't
3920 * recognize it as one of our currently configured bridges, drop the
3921 * descriptor. Otherwise we could end up using it as one of our entry
3922 * guards even if it isn't in our Bridge config lines. */
3932 }
3934 /* If we have a router with the same identity key, choose the newer one. */
3938 /* Same key, but old. This one is not listed in the consensus. */
3941 /* Only journal this desc if we'll be serving it. */
3949 /* Same key, and either new, or listed in the consensus. */
3956 }
3961 }
3962 }
3969 }
3971 /* We haven't seen a router with this identity before. Add it to the end of
3972 * the list. */
3977 }
3979 }
3981 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
3982 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
3983 * we actually inserted it, ROUTER_BAD_EI otherwise.
3984 */
3985 was_router_added_t
3988 {
3989 was_router_added_t inserted;
3992 /*XXXX Do something with msg */
4001 }
4003 /** Sorting helper: return <0, 0, or >0 depending on whether the
4004 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4005 * to, or later than that of *<b>b</b>. */
4006 static int
4008 {
4014 }
4016 /** Internal type used to represent how long an old descriptor was valid,
4017 * where it appeared in the list of old descriptors, and whether it's extra
4018 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4023 };
4025 /** Sorting helper: compare two duration_idx_t by their duration. */
4026 static int
4028 {
4032 }
4034 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4035 * must contain routerinfo_t with the same identity and with publication time
4036 * in ascending order. Remove members from this range until there are no more
4037 * than max_descriptors_per_router() remaining. Start by removing the oldest
4038 * members from before <b>cutoff</b>, then remove members which were current
4039 * for the lowest amount of time. The order of members of old_routers at
4040 * indices <b>lo</b> or higher may be changed.
4041 */
4042 static void
4046 {
4052 #if 1
4060 }
4061 #endif
4062 /* Check whether we need to do anything at all. */
4063 {
4068 }
4073 /* Set lifespans to contain the lifespan and index of each server. */
4074 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4082 }
4090 }
4095 }
4096 }
4099 /**
4100 * We aren't removing enough servers for being old. Sort lifespans by
4101 * the duration of liveness, and remove the ones we're not already going to
4102 * remove based on how long they were alive.
4103 **/
4109 }
4110 }
4111 }
4121 }
4123 /** Deactivate any routers from the routerlist that are more than
4124 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4125 * remove old routers from the list of cached routers if we have too many.
4126 */
4127 void
4129 {
4144 // routerlist_assert_ok(routerlist);
4146 /* We need to guess how many router descriptors we will wind up wanting to
4147 retain, so that we can be sure to allocate a large enough Bloom filter
4148 to hold the digest set. Overestimating is fine; underestimating is bad.
4149 */
4150 {
4151 /* We'll probably retain everything in the consensus. */
4154 }
4157 /* Retain anything listed in the consensus. */
4162 }
4164 /* If we have a consensus, we should consider pruning current routers that
4165 * are too old and that nobody recommends. (If we don't have a consensus,
4166 * then we should get one before we decide to kill routers.) */
4170 /* Remove too-old unrecommended members of routerlist->routers. */
4177 /* Too old: remove it. (If we're a cache, just move it into
4178 * old_routers.) */
4183 i--;
4184 }
4185 }
4186 }
4188 //routerlist_assert_ok(routerlist);
4190 /* Remove far-too-old members of routerlist->old_routers. */
4197 /* Too old. Remove it. */
4199 }
4200 }
4202 //routerlist_assert_ok(routerlist);
4208 /* Now we might have to look at routerlist->old_routers for extraneous
4209 * members. (We'd keep all the members if we could, but we need to save
4210 * space.) First, check whether we have too many router descriptors, total.
4211 * We're okay with having too many for some given router, so long as the
4212 * total number doesn't approach max_descriptors_per_router()*len(router).
4213 */
4218 /* Sort by identity, then fix indices. */
4220 /* Fix indices. */
4224 }
4226 /* Iterate through the list from back to front, so when we remove descriptors
4227 * we don't mess up groups we haven't gotten to. */
4233 }
4239 }
4240 }
4243 //routerlist_assert_ok(routerlist);
4245 done:
4249 }
4251 /** We just added a new set of descriptors. Take whatever extra steps
4252 * we need. */
4253 void
4255 {
4264 }
4266 }
4268 /**
4269 * Code to parse a single router descriptor and insert it into the
4270 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4271 * descriptor was well-formed but could not be added; and 1 if the
4272 * descriptor was added.
4273 *
4274 * If we don't add it and <b>msg</b> is not NULL, then assign to
4275 * *<b>msg</b> a static string describing the reason for refusing the
4276 * descriptor.
4277 *
4278 * This is used only by the controller.
4279 */
4280 int
4283 {
4285 was_router_added_t r;
4300 }
4307 }
4318 /* we've already assigned to *msg now, and ri is already freed */
4329 }
4330 }
4332 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4333 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4334 * are in response to a query to the network: cache them by adding them to
4335 * the journal.
4336 *
4337 * Return the number of routers actually added.
4338 *
4339 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4340 * uppercased fingerprints. Do not update any router whose
4341 * fingerprint is not on the list; after updating a router, remove its
4342 * fingerprint from the list.
4343 *
4344 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4345 * are descriptor digests. Otherwise they are identity digests.
4346 */
4347 int
4349 saved_location_t saved_location,
4353 {
4364 invalid_digests);
4371 was_router_added_t r;
4377 DIGEST_LEN);
4384 "We received a router descriptor with a fingerprint (%s) "
4390 }
4391 }
4396 any_changed++;
4407 }
4408 }
4412 /* This digest is never going to be parseable. */
4416 /* But we didn't ask for it, so we should assume shennanegans. */
4418 }
4420 }
4427 }
4441 }
4443 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4444 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4445 * router_load_routers_from_string(). */
4446 void
4448 saved_location_t saved_location,
4451 {
4465 was_router_added_t added =
4472 DIGEST_LEN);
4474 /* We silently let relays stuff us with extrainfos we didn't ask for,
4475 * so long as we would have wanted them anyway. Since we always fetch
4476 * all the extrainfos we want, and we never actually act on them
4477 * inside Tor, this should be harmless. */
4485 }
4486 }
4490 /* This digest is never going to be parseable. */
4495 /* But we didn't ask for it, so we should assume shennanegans. */
4497 }
4499 }
4506 }
4515 }
4517 /** Return true iff the latest ns-flavored consensus includes a descriptor
4518 * whose digest is that of <b>desc</b>. */
4519 static int
4521 {
4524 FLAV_NS);
4531 }
4533 }
4535 /** Update downloads for router descriptors and/or microdescriptors as
4536 * appropriate. */
4537 void
4539 {
4545 }
4547 /** Clear all our timeouts for fetching v3 directory stuff, and then
4548 * give it all a try again. */
4549 void
4551 {
4560 }
4562 /** Return true iff <b>router</b> does not permit exit streams.
4563 */
4564 int
4566 {
4568 }
4570 /** Create a directory server at <b>address</b>:<b>port</b>, with OR identity
4571 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4572 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4573 * the new directory server entry on success or NULL on failure. */
4582 dirinfo_type_t type,
4584 {
4596 else
4601 else
4621 }
4624 }
4633 else
4643 else
4650 }
4652 /** Create an authoritative directory server at
4653 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4654 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4655 * server entry on success or NULL if we couldn't add it. */
4656 dir_server_t *
4662 {
4664 tor_addr_t addr;
4672 "Couldn't find a suitable address when adding ourself as a "
4675 }
4682 address);
4684 }
4686 }
4691 ipv6_addrport,
4692 digest,
4696 }
4698 /** Return a new dir_server_t for a fallback directory server at
4699 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4700 * <b>id_digest</b> */
4701 dir_server_t *
4706 {
4708 addrport_ipv6,
4709 id_digest,
4711 }
4713 /** Add a directory server to the global list(s). */
4714 void
4716 {
4727 }
4729 /** Free storage held in <b>cert</b>. */
4730 void
4732 {
4741 }
4743 /** Free storage held in <b>ds</b>. */
4744 static void
4746 {
4754 }
4756 /** Remove all members from the list of dir servers. */
4757 void
4759 {
4766 }
4771 }
4773 }
4775 /** For every current directory connection whose purpose is <b>purpose</b>,
4776 * and where the resource being downloaded begins with <b>prefix</b>, split
4777 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4778 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4779 * corresponding elements of <b>result</b> to a nonzero value.
4780 */
4781 static void
4784 {
4802 }
4807 {
4810 });
4813 {
4816 });
4817 }
4819 }
4821 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4822 * true) we are currently downloading by descriptor digest, set result[d] to
4823 * (void*)1. */
4824 static void
4826 {
4830 }
4832 /** For every microdescriptor we are currently downloading by descriptor
4833 * digest, set result[d] to (void*)1.
4834 */
4835 void
4837 {
4839 }
4841 /** For every certificate we are currently downloading by (identity digest,
4842 * signing key digest) pair, set result[fp_pair] to (void *1).
4843 */
4844 static void
4846 {
4864 tmp);
4865 }
4874 }
4876 /** Launch downloads for all the descriptors whose digests or digests256
4877 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4878 * range.) If <b>source</b> is given, download from <b>source</b>;
4879 * otherwise, download from an appropriate random directory server.
4880 */
4884 {
4892 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4893 * 256-bit digests. */
4903 }
4921 digest_len);
4922 }
4924 }
4934 /* We know which authority or directory mirror we want. */
4936 ROUTER_PURPOSE_GENERAL,
4937 DIRIND_ONEHOP,
4942 }
4944 }
4946 /** Return the max number of hashes to put in a URL for a given request.
4947 */
4948 static int
4950 {
4951 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4952 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4953 * /tor/server/d/.z) == 4026
4954 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4955 * So use 96 because it's a nice number.
4956 *
4957 * For microdescriptors, the calculation is
4958 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4959 * /tor/micro/d/.z) == 4027
4960 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4961 * So use 90 because it's a nice number.
4962 */
4966 }
4967 /* If we're going to tunnel our connections, we can ask for a lot more
4968 * in a request. */
4971 }
4973 }
4975 /** Don't split our requests so finely that we are requesting fewer than
4976 * this number per server. */
4977 #define MIN_DL_PER_REQUEST 4
4978 /** To prevent a single screwy cache from confusing us by selective reply,
4979 * try to split our requests into at least this many requests. */
4980 #define MIN_REQUESTS 3
4981 /** If we want fewer than this many descriptors, wait until we
4982 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
4983 #define MAX_DL_TO_DELAY 16
4985 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
4986 * router descriptor digests or microdescriptor digest256s in
4987 * <b>downloadable</b>, decide whether to delay fetching until we have more.
4988 * If we don't want to delay, launch one or more requests to the appropriate
4989 * directory authorities.
4990 */
4991 void
4995 {
5015 descname);
5018 /* should delay */
5025 "There are not many downloadable %ss, but we've "
5027 descname,
5031 "There are not many downloadable %ss, but we haven't "
5033 descname);
5034 }
5035 }
5036 }
5039 /* If we wind up going to the authorities, we want to only open one
5040 * connection to each authority at a time, so that we don't overload
5041 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5042 * regardless of whether we're a cache or not.
5043 *
5044 * Setting this flag can make initiate_descriptor_downloads() ignore
5045 * requests. We need to make sure that we do in fact call
5046 * update_router_descriptor_downloads() later on, once the connections
5047 * have succeeded or failed.
5048 */
5050 PDS_NO_EXISTING_MICRODESC_FETCH :
5051 PDS_NO_EXISTING_SERVERDESC_FETCH;
5052 }
5076 pds_flags);
5077 }
5079 }
5081 /** For any descriptor that we want that's currently listed in
5082 * <b>consensus</b>, download it as appropriate. */
5083 void
5086 {
5102 /* where's it from, so we know whom to ask for descriptors */
5109 else
5111 }
5125 /* We have a descriptor with this digest, but either there is no
5126 * entry in routerlist with the same ID (!ri), or there is one,
5127 * but the identity digest differs (memneq).
5128 */
5131 }
5133 }
5137 }
5142 }
5146 }
5151 }
5162 time_bufnew,
5165 }
5177 was_router_added_t r;
5182 }
5187 }
5190 }
5193 "%d router descriptors downloadable. %d delayed; %d present "
5194 "(%d of those were in old_routers); %d would_reject; "
5203 done:
5206 }
5208 /** How often should we launch a server/authority request to be sure of getting
5209 * a guess for our IP? */
5210 /*XXXX+ this info should come from netinfo cells or something, or we should
5211 * do this only when we aren't seeing incoming data. see bug 652. */
5212 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5214 /** As needed, launch a dummy router descriptor fetch to see if our
5215 * address has changed. */
5216 static void
5219 {
5221 /* XXXX+ we could be smarter here; see notes on bug 652. */
5222 /* If we're a server that doesn't have a configured address, we rely on
5223 * directory fetches to learn when our address changes. So if we haven't
5224 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5230 /* XX/teor - do we want an authority here, because they are less likely
5231 * to give us the wrong address? (See #17782)
5232 * I'm leaving the previous behaviour intact, because I don't like
5233 * the idea of some relays contacting an authority every 20 minutes. */
5236 PDS_RETRY_IF_NO_SERVERS,
5237 DL_WANT_ANY_DIRSERVER);
5238 }
5239 }
5241 /** Launch downloads for router status as needed. */
5242 void
5244 {
5253 }
5255 /** Launch extrainfo downloads as needed. */
5256 void
5258 {
5283 else
5295 }
5299 }
5304 }
5308 }
5321 "router_get_by_extrainfo_digest() value. This has ID %s "
5322 "but the entry in the map has ID %s. This has EI digest "
5332 "router_get_by_extrainfo_digest() value. This has ID %s "
5336 }
5339 }
5341 }
5342 }
5346 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5358 }
5361 }
5363 /** Reset the descriptor download failure count on all routers, so that we
5364 * can retry any long-failed routers immediately.
5365 */
5366 void
5368 {
5377 {
5379 });
5381 {
5383 });
5384 }
5386 /** Any changes in a router descriptor's publication time larger than this are
5387 * automatically non-cosmetic. */
5388 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5390 /** We allow uptime to vary from how much it ought to be by this much. */
5391 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5393 /** Return true iff the only differences between r1 and r2 are such that
5394 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5395 */
5396 int
5398 {
5403 /* r1 should be the one that was published first. */
5408 }
5410 /* If any key fields differ, they're different. */
5441 }
5442 }
5444 /* Did bandwidth change a lot? */
5449 /* Did the bandwidthrate or bandwidthburst change? */
5454 /* Did more than 12 hours pass? */
5459 /* Did uptime fail to increase by approximately the amount we would think,
5460 * give or take some slop? */
5469 /* Otherwise, the difference is cosmetic. */
5471 }
5473 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5474 * extrainfo document <b>ei</b>.
5475 *
5476 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5477 * for the router. We use it to check the signature of the extrainfo document,
5478 * if it has not already been checked.
5479 *
5480 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5481 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5482 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5483 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5484 * incompatibility (if any).
5485 *
5486 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5487 * but the extrainfo was nonetheless incompatible.
5488 **/
5489 int
5494 {
5503 }
5507 /* Set digest256_matches to 1 if the digest is correct, or if no
5508 * digest256 was in the ri. */
5511 digest256_matches |=
5514 /* The identity must match exactly to have been generated at the same time
5515 * by the same router. */
5518 DIGEST_LEN)) {
5521 }
5527 }
5535 DIGEST_LEN)) {
5540 }
5544 }
5553 }
5559 }
5564 }
5569 }
5572 err:
5574 /* This signature was okay, and the digest was right: This is indeed the
5575 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5576 * that lists it. Don't try to fetch this one again. */
5578 }
5581 }
5583 /* Does ri have a valid ntor onion key?
5584 * Valid ntor onion keys exist and have at least one non-zero byte. */
5585 int
5587 {
5590 }
5594 }
5597 CURVE25519_PUBKEY_LEN)) {
5599 }
5602 }
5604 /* Is rs running a tor version known to support EXTEND2 cells?
5605 * If allow_unknown_versions is true, return true if we can't tell
5606 * (from a versions line or a protocols line) whether it supports extend2
5607 * cells.
5608 * Otherwise, return false if the version is unknown. */
5609 int
5612 {
5615 }
5619 }
5622 }
5624 /** Assert that the internal representation of <b>rl</b> is
5625 * self-consistent. */
5626 void
5628 {
5640 /* XXXX
5641 *
5642 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5643 * commenting this out is just a band-aid.
5644 *
5645 * The problem is that, although well-behaved router descriptors
5646 * should never have the same value for their extra_info_digest, it's
5647 * possible for ill-behaved routers to claim whatever they like there.
5648 *
5649 * The real answer is to trash desc_by_eid_map and instead have
5650 * something that indicates for a given extra-info digest we want,
5651 * what its download status is. We'll do that as a part of routerlist
5652 * refactoring once consensus directories are in. For now,
5653 * this rep violation is probably harmless: an adversary can make us
5654 * reset our retry count for an extrainfo, but that's not the end
5655 * of the world. Changing the representation in 0.2.0.x would just
5656 * destabilize the codebase.
5657 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5658 signed_descriptor_t *sd3 =
5659 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5660 tor_assert(sd3 == &(r->cache_info));
5661 }
5662 */
5670 /* XXXX see above.
5671 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5672 signed_descriptor_t *sd3 =
5673 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5674 tor_assert(sd3 == sd);
5675 }
5676 */
5696 // tor_assert(sd); // XXXX see above
5700 }
5702 }
5704 /** Allocate and return a new string representing the contact info
5705 * and platform string for <b>router</b>,
5706 * surrounded by quotes and using standard C escapes.
5707 *
5708 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5709 * thread. Also, each call invalidates the last-returned value, so don't
5710 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5711 *
5712 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5713 */
5716 {
5732 }
5734 /** Helper for sorting: compare two routerinfos by their identity
5735 * digest. */
5736 static int
5738 {
5742 DIGEST_LEN);
5743 }
5745 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5746 void
5748 {
5750 }
5752 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5753 * recompute all country info in all configuration node sets and in the
5754 * routerlist. */
5755 void
5757 {
5772 }