1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2017, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "confparse.h"
12 #include "channeltls.h"
14 #include "connection.h"
15 #include "connection_or.h"
16 #include "conscache.h"
17 #include "consdiffmgr.h"
19 #include "directory.h"
22 #include "hibernate.h"
25 #include "microdesc.h"
26 #include "networkstatus.h"
32 #include "routerlist.h"
33 #include "routerparse.h"
34 #include "routerset.h"
39 * \brief Directory server core implementation. Manages directory
40 * contents and generates directories.
42 * This module implements most of directory cache functionality, and some of
43 * the directory authority functionality. The directory.c module delegates
44 * here in order to handle incoming requests from clients, via
45 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
46 * module is reponsible for spooling directory objects (in whole or in part)
47 * onto buf_t instances, and then closing the dir_connection_t once the
48 * objects are totally flushed.
50 * The directory.c module also delegates here for handling descriptor uploads
51 * via dirserv_add_multiple_descriptors().
53 * Additionally, this module handles some aspects of voting, including:
54 * deciding how to vote on individual flags (based on decisions reached in
55 * rephist.c), of formatting routerstatus lines, and deciding what relays to
56 * include in an authority's vote. (TODO: Those functions could profitably be
57 * split off. They only live in this file because historically they were
58 * shared among the v1, v2, and v3 directory code.)
61 /** How far in the future do we allow a router to get? (seconds) */
62 #define ROUTER_ALLOW_SKEW (60*60*12)
63 /** How many seconds do we wait before regenerating the directory? */
64 #define DIR_REGEN_SLACK_TIME 30
65 /** If we're a cache, keep this many networkstatuses around from non-trusted
66 * directory authorities. */
67 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
69 /** Total number of routers with measured bandwidth; this is set by
70 * dirserv_count_measured_bws() before the loop in
71 * dirserv_generate_networkstatus_vote_obj() and checked by
72 * dirserv_get_credible_bandwidth() and
73 * dirserv_compute_performance_thresholds() */
74 static int routers_with_measured_bw
= 0;
76 static void directory_remove_invalid(void);
77 static char *format_versions_list(config_line_t
*ln
);
78 struct authdir_config_t
;
80 dirserv_get_status_impl(const char *fp
, const char *nickname
,
81 uint32_t addr
, uint16_t or_port
,
82 const char *platform
, const char **msg
,
84 static void clear_cached_dir(cached_dir_t
*d
);
85 static const signed_descriptor_t
*get_signed_descriptor_by_fp(
88 static was_router_added_t
dirserv_add_extrainfo(extrainfo_t
*ei
,
90 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
);
91 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
);
93 static int spooled_resource_lookup_body(const spooled_resource_t
*spooled
,
94 int conn_is_encrypted
,
95 const uint8_t **body_out
,
97 time_t *published_out
);
98 static cached_dir_t
*spooled_resource_lookup_cached_dir(
99 const spooled_resource_t
*spooled
,
100 time_t *published_out
);
101 static cached_dir_t
*lookup_cached_dir_by_fp(const uint8_t *fp
);
103 /************** Fingerprint handling code ************/
105 /* 1 Historically used to indicate Named */
106 #define FP_INVALID 2 /**< Believed invalid. */
107 #define FP_REJECT 4 /**< We will not publish this router. */
108 /* 8 Historically used to avoid using this as a dir. */
109 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
110 /* 32 Historically used to indicade Unnamed */
112 /** Target of status_by_digest map. */
113 typedef uint32_t router_status_t
;
115 static void add_fingerprint_to_dir(const char *fp
,
116 struct authdir_config_t
*list
,
117 router_status_t add_status
);
119 /** List of nickname-\>identity fingerprint mappings for all the routers
120 * that we name. Used to prevent router impersonation. */
121 typedef struct authdir_config_t
{
122 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
123 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
126 /** Should be static; exposed for testing. */
127 static authdir_config_t
*fingerprint_list
= NULL
;
129 /** Allocate and return a new, empty, authdir_config_t. */
130 static authdir_config_t
*
131 authdir_config_new(void)
133 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
134 list
->fp_by_name
= strmap_new();
135 list
->status_by_digest
= digestmap_new();
139 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
140 * <b>list</b>, or-ing the currently set status flags with
144 add_fingerprint_to_dir(const char *fp
, authdir_config_t
*list
,
145 router_status_t add_status
)
149 router_status_t
*status
;
153 fingerprint
= tor_strdup(fp
);
154 tor_strstrip(fingerprint
, " ");
155 if (base16_decode(d
, DIGEST_LEN
,
156 fingerprint
, strlen(fingerprint
)) != DIGEST_LEN
) {
157 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
159 tor_free(fingerprint
);
163 status
= digestmap_get(list
->status_by_digest
, d
);
165 status
= tor_malloc_zero(sizeof(router_status_t
));
166 digestmap_set(list
->status_by_digest
, d
, status
);
169 tor_free(fingerprint
);
170 *status
|= add_status
;
174 /** Add the fingerprint for this OR to the global list of recognized
175 * identity key fingerprints. */
177 dirserv_add_own_fingerprint(crypto_pk_t
*pk
)
179 char fp
[FINGERPRINT_LEN
+1];
180 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
181 log_err(LD_BUG
, "Error computing fingerprint");
184 if (!fingerprint_list
)
185 fingerprint_list
= authdir_config_new();
186 add_fingerprint_to_dir(fp
, fingerprint_list
, 0);
190 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
191 * file. The file format is line-based, with each non-blank holding one
192 * nickname, some space, and a fingerprint for that nickname. On success,
193 * replace the current fingerprint list with the new list and return 0. On
194 * failure, leave the current fingerprint list untouched, and return -1. */
196 dirserv_load_fingerprint_file(void)
200 char *nickname
, *fingerprint
;
201 authdir_config_t
*fingerprint_list_new
;
203 config_line_t
*front
=NULL
, *list
;
205 fname
= get_datadir_fname("approved-routers");
207 "Reloading approved fingerprints from \"%s\"...", fname
);
209 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
211 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
217 result
= config_get_lines(cf
, &front
, 0);
220 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
224 fingerprint_list_new
= authdir_config_new();
226 for (list
=front
; list
; list
=list
->next
) {
227 char digest_tmp
[DIGEST_LEN
];
228 router_status_t add_status
= 0;
229 nickname
= list
->key
; fingerprint
= list
->value
;
230 tor_strstrip(fingerprint
, " "); /* remove spaces */
231 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
232 base16_decode(digest_tmp
, sizeof(digest_tmp
),
233 fingerprint
, HEX_DIGEST_LEN
) != sizeof(digest_tmp
)) {
234 log_notice(LD_CONFIG
,
235 "Invalid fingerprint (nickname '%s', "
236 "fingerprint %s). Skipping.",
237 nickname
, fingerprint
);
240 if (!strcasecmp(nickname
, "!reject")) {
241 add_status
= FP_REJECT
;
242 } else if (!strcasecmp(nickname
, "!badexit")) {
243 add_status
= FP_BADEXIT
;
244 } else if (!strcasecmp(nickname
, "!invalid")) {
245 add_status
= FP_INVALID
;
247 add_fingerprint_to_dir(fingerprint
, fingerprint_list_new
, add_status
);
250 config_free_lines(front
);
251 dirserv_free_fingerprint_list();
252 fingerprint_list
= fingerprint_list_new
;
253 /* Delete any routers whose fingerprints we no longer recognize */
254 directory_remove_invalid();
258 /* If this is set, then we don't allow routers that have advertised an Ed25519
259 * identity to stop doing so. This is going to be essential for good identity
260 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
261 * just sign fake descriptors missing the Ed25519 key. But we won't actually
262 * be able to prevent that kind of thing until we're confident that there
263 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
264 * to leave this #undef.
266 #undef DISABLE_DISABLING_ED25519
268 /** Check whether <b>router</b> has a nickname/identity key combination that
269 * we recognize from the fingerprint list, or an IP we automatically act on
270 * according to our configuration. Return the appropriate router status.
272 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
273 * *<b>msg</b> to an explanation of why. */
275 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
,
279 const int key_pinning
= get_options()->AuthDirPinKeys
;
281 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
282 log_warn(LD_BUG
,"Error computing fingerprint");
284 *msg
= "Bug: Error computing fingerprint";
288 /* Check for the more usual versions to reject a router first. */
289 const uint32_t r
= dirserv_get_status_impl(d
, router
->nickname
,
290 router
->addr
, router
->or_port
,
291 router
->platform
, msg
, severity
);
295 /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
296 * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
297 * But just in case a relay doesn't provide or lies about its version, or
298 * doesn't include an ntor key in its descriptor, check that it exists,
299 * and is non-zero (clients check that it's non-zero before using it). */
300 if (!routerinfo_has_curve25519_onion_key(router
)) {
301 log_fn(severity
, LD_DIR
,
302 "Descriptor from router %s is missing an ntor curve25519 onion "
303 "key.", router_describe(router
));
305 *msg
= "Missing ntor curve25519 onion key. Please upgrade!";
309 if (router
->cache_info
.signing_key_cert
) {
310 /* This has an ed25519 identity key. */
311 if (KEYPIN_MISMATCH
==
312 keypin_check((const uint8_t*)router
->cache_info
.identity_digest
,
313 router
->cache_info
.signing_key_cert
->signing_key
.pubkey
)) {
314 log_fn(severity
, LD_DIR
,
315 "Descriptor from router %s has an Ed25519 key, "
316 "but the <rsa,ed25519> keys don't match what they were before.",
317 router_describe(router
));
320 *msg
= "Ed25519 identity key or RSA identity key has changed.";
327 if (KEYPIN_MISMATCH
== keypin_check_lone_rsa(
328 (const uint8_t*)router
->cache_info
.identity_digest
)) {
329 log_fn(severity
, LD_DIR
,
330 "Descriptor from router %s has no Ed25519 key, "
331 "when we previously knew an Ed25519 for it. Ignoring for now, "
332 "since Ed25519 keys are fairly new.",
333 router_describe(router
));
334 #ifdef DISABLE_DISABLING_ED25519
337 *msg
= "Ed25519 identity key has disappeared.";
348 /** Return true if there is no point in downloading the router described by
349 * <b>rs</b> because this directory would reject it. */
351 dirserv_would_reject_router(const routerstatus_t
*rs
)
355 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
356 rs
->addr
, rs
->or_port
,
357 NULL
, NULL
, LOG_DEBUG
);
359 return (res
& FP_REJECT
) != 0;
362 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
363 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
364 * port and platform (logging only) as arguments.
366 * Log messages at 'severity'. (There's not much point in
367 * logging that we're rejecting servers we'll not download.)
370 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
371 uint32_t addr
, uint16_t or_port
,
372 const char *platform
, const char **msg
, int severity
)
375 router_status_t
*status_by_digest
;
377 if (!fingerprint_list
)
378 fingerprint_list
= authdir_config_new();
380 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
381 strmap_size(fingerprint_list
->fp_by_name
),
382 digestmap_size(fingerprint_list
->status_by_digest
));
385 tor_version_t ver_tmp
;
386 if (tor_version_parse_platform(platform
, &ver_tmp
, 1) < 0) {
388 *msg
= "Malformed platform string.";
394 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
395 * missing some important security fixes too. Disable them. */
396 if (platform
&& !tor_version_as_new_as(platform
,"0.2.4.18-rc")) {
398 *msg
= "Tor version is insecure or unsupported. Please upgrade!";
402 /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't
403 * keep their consensus up to date so they make bad guards.
404 * The simple fix is to just drop them from the network. */
406 tor_version_as_new_as(platform
,"0.2.9.0-alpha") &&
407 !tor_version_as_new_as(platform
,"0.2.9.5-alpha")) {
409 *msg
= "Tor version contains bug 20499. Please upgrade!";
413 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
415 if (status_by_digest
)
416 result
|= *status_by_digest
;
418 if (result
& FP_REJECT
) {
420 *msg
= "Fingerprint is marked rejected -- please contact us?";
422 } else if (result
& FP_INVALID
) {
424 *msg
= "Fingerprint is marked invalid";
427 if (authdir_policy_badexit_address(addr
, or_port
)) {
428 log_fn(severity
, LD_DIRSERV
,
429 "Marking '%s' as bad exit because of address '%s'",
430 nickname
, fmt_addr32(addr
));
431 result
|= FP_BADEXIT
;
434 if (!authdir_policy_permits_address(addr
, or_port
)) {
435 log_fn(severity
, LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
436 nickname
, fmt_addr32(addr
));
438 *msg
= "Suspicious relay address range -- please contact us?";
441 if (!authdir_policy_valid_address(addr
, or_port
)) {
442 log_fn(severity
, LD_DIRSERV
,
443 "Not marking '%s' valid because of address '%s'",
444 nickname
, fmt_addr32(addr
));
445 result
|= FP_INVALID
;
451 /** Clear the current fingerprint list. */
453 dirserv_free_fingerprint_list(void)
455 if (!fingerprint_list
)
458 strmap_free(fingerprint_list
->fp_by_name
, tor_free_
);
459 digestmap_free(fingerprint_list
->status_by_digest
, tor_free_
);
460 tor_free(fingerprint_list
);
467 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
468 * unless we're configured to not care. Return 0 if all ok. */
470 dirserv_router_has_valid_address(routerinfo_t
*ri
)
473 if (get_options()->DirAllowPrivateAddresses
)
474 return 0; /* whatever it is, we're fine with it */
475 tor_addr_from_ipv4h(&addr
, ri
->addr
);
477 if (tor_addr_is_internal(&addr
, 0)) {
479 "Router %s published internal IP address. Refusing.",
480 router_describe(ri
));
481 return -1; /* it's a private IP, we should reject it */
486 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
487 * set its is_valid,running fields and return 0. Otherwise, return -1.
489 * If the router is rejected, set *<b>msg</b> to an explanation of why.
491 * If <b>complain</b> then explain at log-level 'notice' why we refused
492 * a descriptor; else explain at log-level 'info'.
495 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
496 int complain
, int *valid_out
)
498 /* Okay. Now check whether the fingerprint is recognized. */
500 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
501 uint32_t status
= dirserv_router_get_status(ri
, msg
, severity
);
503 if (status
& FP_REJECT
)
504 return -1; /* msg is already set. */
506 /* Is there too much clock skew? */
508 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
509 log_fn(severity
, LD_DIRSERV
, "Publication time for %s is too "
510 "far (%d minutes) in the future; possible clock skew. Not adding "
513 (int)((ri
->cache_info
.published_on
-now
)/60),
514 esc_router_info(ri
));
515 *msg
= "Rejected: Your clock is set too far in the future, or your "
516 "timezone is not correct.";
519 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
520 log_fn(severity
, LD_DIRSERV
,
521 "Publication time for %s is too far "
522 "(%d minutes) in the past. Not adding (%s)",
524 (int)((now
-ri
->cache_info
.published_on
)/60),
525 esc_router_info(ri
));
526 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
527 " or your timezone is not correct.";
530 if (dirserv_router_has_valid_address(ri
) < 0) {
531 log_fn(severity
, LD_DIRSERV
,
532 "Router %s has invalid address. Not adding (%s).",
534 esc_router_info(ri
));
535 *msg
= "Rejected: Address is a private address.";
539 *valid_out
= ! (status
& FP_INVALID
);
544 /** Update the relevant flags of <b>node</b> based on our opinion as a
545 * directory authority in <b>authstatus</b>, as returned by
546 * dirserv_router_get_status or equivalent. */
548 dirserv_set_node_flags_from_authoritative_status(node_t
*node
,
551 node
->is_valid
= (authstatus
& FP_INVALID
) ? 0 : 1;
552 node
->is_bad_exit
= (authstatus
& FP_BADEXIT
) ? 1 : 0;
555 /** True iff <b>a</b> is more severe than <b>b</b>. */
557 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
562 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
563 * returns the most severe error that occurred for any one of them. */
565 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
569 was_router_added_t r
, r_tmp
;
574 time_t now
= time(NULL
);
575 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
576 char time_buf
[ISO_TIME_LEN
+1];
577 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
580 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
582 format_iso_time(time_buf
, now
);
583 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
586 "%s%s%s", time_buf
, escaped(source
),
587 !general
? "@purpose " : "",
588 !general
? router_purpose_to_string(purpose
) : "",
589 !general
? "\n" : "")<0) {
590 *msg
= "Couldn't format annotations";
591 /* XXX Not cool: we return -1 below, but (was_router_added_t)-1 is
592 * ROUTER_BAD_EI, which isn't what's gone wrong here. :( */
597 list
= smartlist_new();
598 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
599 annotation_buf
, NULL
)) {
600 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
602 tor_assert(ri
->purpose
== purpose
);
603 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
604 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
610 n_parsed
+= smartlist_len(list
);
611 smartlist_clear(list
);
614 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
616 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
619 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
620 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
626 n_parsed
+= smartlist_len(list
);
627 smartlist_free(list
);
631 *msg
= "No descriptors found in your POST.";
632 if (WRA_WAS_ADDED(r
))
633 r
= ROUTER_IS_ALREADY_KNOWN
;
635 *msg
= "(no message)";
642 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
643 * the list of server descriptors. Set *<b>msg</b> to a message that should be
644 * passed back to the origin of this descriptor, or NULL if there is no such
645 * message. Use <b>source</b> to produce better log messages.
647 * If <b>ri</b> is not added to the list of server descriptors, free it.
648 * That means the caller must not access <b>ri</b> after this function
649 * returns, since it might have been freed.
651 * Return the status of the operation.
653 * This function is only called when fresh descriptors are posted, not when
654 * we re-load the cache.
657 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
659 was_router_added_t r
;
660 routerinfo_t
*ri_old
;
661 char *desc
, *nickname
;
662 const size_t desclen
= ri
->cache_info
.signed_descriptor_len
+
663 ri
->cache_info
.annotations_len
;
664 const int key_pinning
= get_options()->AuthDirPinKeys
;
667 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
668 * network and it'll clog everything up. */
669 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
670 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
671 " (source: %s) with size %d. Either this is an attack, or the "
672 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
673 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
674 MAX_DESCRIPTOR_UPLOAD_SIZE
);
675 *msg
= "Router descriptor was too large.";
676 control_event_or_authdir_new_descriptor("REJECTED",
677 ri
->cache_info
.signed_descriptor_body
,
679 r
= ROUTER_AUTHDIR_REJECTS
;
683 /* Check whether this descriptor is semantically identical to the last one
684 * from this server. (We do this here and not in router_add_to_routerlist
685 * because we want to be able to accept the newest router descriptor that
686 * another authority has, so we all converge on the same one.) */
687 ri_old
= router_get_mutable_by_digest(ri
->cache_info
.identity_digest
);
688 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
689 && router_differences_are_cosmetic(ri_old
, ri
)
690 && !router_is_me(ri
)) {
692 "Not replacing descriptor from %s (source: %s); "
693 "differences are cosmetic.",
694 router_describe(ri
), source
);
695 *msg
= "Not replacing router descriptor; no information has changed since "
696 "the last one with this identity.";
697 control_event_or_authdir_new_descriptor("DROPPED",
698 ri
->cache_info
.signed_descriptor_body
,
700 r
= ROUTER_IS_ALREADY_KNOWN
;
704 /* Do keypinning again ... this time, to add the pin if appropriate */
706 if (ri
->cache_info
.signing_key_cert
) {
707 ed25519_public_key_t
*pkey
= &ri
->cache_info
.signing_key_cert
->signing_key
;
708 /* First let's validate this pubkey before pinning it */
709 if (ed25519_validate_pubkey(pkey
) < 0) {
710 log_warn(LD_DIRSERV
, "Received bad key from %s (source %s)",
711 router_describe(ri
), source
);
712 control_event_or_authdir_new_descriptor("REJECTED",
713 ri
->cache_info
.signed_descriptor_body
,
716 return ROUTER_AUTHDIR_REJECTS
;
720 keypin_status
= keypin_check_and_add(
721 (const uint8_t*)ri
->cache_info
.identity_digest
,
722 pkey
->pubkey
, ! key_pinning
);
724 keypin_status
= keypin_check_lone_rsa(
725 (const uint8_t*)ri
->cache_info
.identity_digest
);
726 #ifndef DISABLE_DISABLING_ED25519
727 if (keypin_status
== KEYPIN_MISMATCH
)
728 keypin_status
= KEYPIN_NOT_FOUND
;
731 if (keypin_status
== KEYPIN_MISMATCH
&& key_pinning
) {
732 log_info(LD_DIRSERV
, "Dropping descriptor from %s (source: %s) because "
733 "its key did not match an older RSA/Ed25519 keypair",
734 router_describe(ri
), source
);
735 *msg
= "Looks like your keypair does not match its older value.";
736 r
= ROUTER_AUTHDIR_REJECTS
;
740 /* Make a copy of desc, since router_add_to_routerlist might free
741 * ri and its associated signed_descriptor_t. */
742 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
743 nickname
= tor_strdup(ri
->nickname
);
745 /* Tell if we're about to need to launch a test if we add this. */
746 ri
->needs_retest_if_added
=
747 dirserv_should_launch_reachability_test(ri
, ri_old
);
749 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
750 if (!WRA_WAS_ADDED(r
)) {
751 /* unless the routerinfo was fine, just out-of-date */
752 if (WRA_WAS_REJECTED(r
))
753 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
755 "Did not add descriptor from '%s' (source: %s): %s.",
756 nickname
, source
, *msg
? *msg
: "(no message)");
758 smartlist_t
*changed
;
759 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
761 changed
= smartlist_new();
762 smartlist_add(changed
, ri
);
763 routerlist_descriptors_added(changed
, 0);
764 smartlist_free(changed
);
766 *msg
= "Descriptor accepted";
769 "Added descriptor from '%s' (source: %s): %s.",
770 nickname
, source
, *msg
);
777 const char *desc_digest
= ri
->cache_info
.signed_descriptor_digest
;
778 download_status_t
*dls
=
779 router_get_dl_status_by_descriptor_digest(desc_digest
);
781 log_info(LD_GENERAL
, "Marking router with descriptor %s as rejected, "
782 "and therefore undownloadable",
783 hex_str(desc_digest
, DIGEST_LEN
));
784 download_status_mark_impossible(dls
);
791 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
792 static was_router_added_t
793 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
797 was_router_added_t rv
;
801 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
802 * can mess with some of the flags in ri->cache_info. */
803 ri
= router_get_mutable_by_digest(ei
->cache_info
.identity_digest
);
805 *msg
= "No corresponding router descriptor for extra-info descriptor";
810 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
811 * network and it'll clog everything up. */
812 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
813 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
814 "with size %d. Either this is an attack, or the "
815 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
816 (int)ei
->cache_info
.signed_descriptor_len
,
817 MAX_EXTRAINFO_UPLOAD_SIZE
);
818 *msg
= "Extrainfo document was too large";
823 if ((r
= routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
,
824 &ri
->cache_info
, msg
))) {
827 return ROUTER_IS_ALREADY_KNOWN
;
832 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
833 return ROUTER_ADDED_SUCCESSFULLY
;
836 const char *d
= ei
->cache_info
.signed_descriptor_digest
;
837 signed_descriptor_t
*sd
= router_get_by_extrainfo_digest((char*)d
);
839 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
840 "rejected, and therefore undownloadable",
841 hex_str((char*)d
,DIGEST_LEN
));
842 download_status_mark_impossible(&sd
->ei_dl_status
);
849 /** Remove all descriptors whose nicknames or fingerprints no longer
850 * are allowed by our fingerprint list. (Descriptors that used to be
851 * good can become bad when we reload the fingerprint list.)
854 directory_remove_invalid(void)
856 routerlist_t
*rl
= router_get_routerlist();
857 smartlist_t
*nodes
= smartlist_new();
858 smartlist_add_all(nodes
, nodelist_get_list());
860 SMARTLIST_FOREACH_BEGIN(nodes
, node_t
*, node
) {
861 const char *msg
= NULL
;
862 routerinfo_t
*ent
= node
->ri
;
863 char description
[NODE_DESC_BUF_LEN
];
867 r
= dirserv_router_get_status(ent
, &msg
, LOG_INFO
);
868 router_get_description(description
, ent
);
870 log_info(LD_DIRSERV
, "Router %s is now rejected: %s",
871 description
, msg
?msg
:"");
872 routerlist_remove(rl
, ent
, 0, time(NULL
));
875 if (bool_neq((r
& FP_INVALID
), !node
->is_valid
)) {
876 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", description
,
877 (r
&FP_INVALID
) ? "in" : "");
878 node
->is_valid
= (r
&FP_INVALID
)?0:1;
880 if (bool_neq((r
& FP_BADEXIT
), node
->is_bad_exit
)) {
881 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", description
,
882 (r
& FP_BADEXIT
) ? "bad" : "good");
883 node
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
885 } SMARTLIST_FOREACH_END(node
);
887 routerlist_assert_ok(rl
);
888 smartlist_free(nodes
);
892 * Allocate and return a description of the status of the server <b>desc</b>,
893 * for use in a v1-style router-status line. The server is listed
894 * as running iff <b>is_live</b> is true.
896 * This is deprecated: it's only used for controllers that want outputs in
900 list_single_server_status(const routerinfo_t
*desc
, int is_live
)
902 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
912 node
= node_get_by_id(desc
->cache_info
.identity_digest
);
913 if (node
&& node
->is_valid
) {
914 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
919 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
921 return tor_strdup(buf
);
924 /* DOCDOC running_long_enough_to_decide_unreachable */
926 running_long_enough_to_decide_unreachable(void)
928 return time_of_process_start
929 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
932 /** Each server needs to have passed a reachability test no more
933 * than this number of seconds ago, or it is listed as down in
935 #define REACHABLE_TIMEOUT (45*60)
937 /** If we tested a router and found it reachable _at least this long_ after it
938 * declared itself hibernating, it is probably done hibernating and we just
939 * missed a descriptor from it. */
940 #define HIBERNATION_PUBLICATION_SKEW (60*60)
942 /** Treat a router as alive if
943 * - It's me, and I'm not hibernating.
944 * or - We've found it reachable recently. */
946 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
948 /*XXXX This function is a mess. Separate out the part that calculates
949 whether it's reachable and the part that tells rephist that the router was
953 const or_options_t
*options
= get_options();
954 node_t
*node
= node_get_mutable_by_id(router
->cache_info
.identity_digest
);
957 if (router_is_me(router
)) {
958 /* We always know if we are down ourselves. */
959 answer
= ! we_are_hibernating();
960 } else if (router
->is_hibernating
&&
961 (router
->cache_info
.published_on
+
962 HIBERNATION_PUBLICATION_SKEW
) > node
->last_reachable
) {
963 /* A hibernating router is down unless we (somehow) had contact with it
964 * since it declared itself to be hibernating. */
966 } else if (options
->AssumeReachable
) {
967 /* If AssumeReachable, everybody is up unless they say they are down! */
970 /* Otherwise, a router counts as up if we found all announced OR
971 ports reachable in the last REACHABLE_TIMEOUT seconds.
973 XXX prop186 For now there's always one IPv4 and at most one
976 If we're not on IPv6, don't consider reachability of potential
977 IPv6 OR port since that'd kill all dual stack relays until a
978 majority of the dir auths have IPv6 connectivity. */
979 answer
= (now
< node
->last_reachable
+ REACHABLE_TIMEOUT
&&
980 (options
->AuthDirHasIPv6Connectivity
!= 1 ||
981 tor_addr_is_null(&router
->ipv6_addr
) ||
982 now
< node
->last_reachable6
+ REACHABLE_TIMEOUT
));
985 if (!answer
&& running_long_enough_to_decide_unreachable()) {
986 /* Not considered reachable. tell rephist about that.
988 Because we launch a reachability test for each router every
989 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
990 been down since at least that time after we last successfully reached
996 if (node
->last_reachable
&&
997 node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
< now
)
998 when
= node
->last_reachable
+ REACHABILITY_TEST_CYCLE_PERIOD
;
999 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, when
);
1002 node
->is_running
= answer
;
1005 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
1006 * contents of a v1-style router-status line, and store it in
1007 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
1009 * If for_controller is true, include the routers with very old descriptors.
1011 * This is deprecated: it's only used for controllers that want outputs in
1015 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
1018 /* List of entries in a router-status style: An optional !, then an optional
1019 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
1020 smartlist_t
*rs_entries
;
1021 time_t now
= time(NULL
);
1022 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1023 const or_options_t
*options
= get_options();
1024 /* We include v2 dir auths here too, because they need to answer
1025 * controllers. Eventually we'll deprecate this whole function;
1026 * see also networkstatus_getinfo_by_purpose(). */
1027 int authdir
= authdir_mode_publishes_statuses(options
);
1028 tor_assert(router_status_out
);
1030 rs_entries
= smartlist_new();
1032 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
1033 const node_t
*node
= node_get_by_id(ri
->cache_info
.identity_digest
);
1036 /* Update router status in routerinfo_t. */
1037 dirserv_set_router_is_running(ri
, now
);
1039 if (for_controller
) {
1040 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
1041 char *cp
= name_buf
;
1042 if (!node
->is_running
)
1044 router_get_verbose_nickname(cp
, ri
);
1045 smartlist_add_strdup(rs_entries
, name_buf
);
1046 } else if (ri
->cache_info
.published_on
>= cutoff
) {
1047 smartlist_add(rs_entries
, list_single_server_status(ri
,
1050 } SMARTLIST_FOREACH_END(ri
);
1052 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
1054 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
1055 smartlist_free(rs_entries
);
1060 /** Given a (possibly empty) list of config_line_t, each line of which contains
1061 * a list of comma-separated version numbers surrounded by optional space,
1062 * allocate and return a new string containing the version numbers, in order,
1063 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1066 format_versions_list(config_line_t
*ln
)
1068 smartlist_t
*versions
;
1070 versions
= smartlist_new();
1071 for ( ; ln
; ln
= ln
->next
) {
1072 smartlist_split_string(versions
, ln
->value
, ",",
1073 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
1075 sort_version_list(versions
, 1);
1076 result
= smartlist_join_strings(versions
,",",0,NULL
);
1077 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
1078 smartlist_free(versions
);
1082 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1083 * not hibernating, having observed bw greater 0, and not too old. Else
1087 router_is_active(const routerinfo_t
*ri
, const node_t
*node
, time_t now
)
1089 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1090 if (ri
->cache_info
.published_on
< cutoff
) {
1093 if (!node
->is_running
|| !node
->is_valid
|| ri
->is_hibernating
) {
1096 /* Only require bandwith capacity in non-test networks, or
1097 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
1098 if (!ri
->bandwidthcapacity
) {
1099 if (get_options()->TestingTorNetwork
) {
1100 if (get_options()->TestingMinExitFlagThreshold
> 0) {
1101 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
1102 * then require bandwidthcapacity */
1106 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
1113 /********************************************************************/
1115 /* A set of functions to answer questions about how we'd like to behave
1116 * as a directory mirror/client. */
1118 /** Return 1 if we fetch our directory material directly from the
1119 * authorities, rather than from a mirror. */
1121 directory_fetches_from_authorities(const or_options_t
*options
)
1123 const routerinfo_t
*me
;
1126 if (options
->FetchDirInfoEarly
)
1128 if (options
->BridgeRelay
== 1)
1130 if (server_mode(options
) &&
1131 router_pick_published_address(options
, &addr
, 1) < 0)
1132 return 1; /* we don't know our IP address; ask an authority. */
1133 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1134 should_refuse_unknown_exits(options
);
1135 if (!dir_server_mode(options
) && !refuseunknown
)
1137 if (!server_mode(options
) || !advertised_server_mode())
1139 me
= router_get_my_routerinfo();
1140 if (!me
|| (!me
->supports_tunnelled_dir_requests
&& !refuseunknown
))
1141 return 0; /* if we don't service directory requests, return 0 too */
1145 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1146 * on the "mirror" schedule rather than the "client" schedule.
1149 directory_fetches_dir_info_early(const or_options_t
*options
)
1151 return directory_fetches_from_authorities(options
);
1154 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1155 * on a very passive schedule -- waiting long enough for ordinary clients
1156 * to probably have the info we want. These would include bridge users,
1157 * and maybe others in the future e.g. if a Tor client uses another Tor
1158 * client as a directory guard.
1161 directory_fetches_dir_info_later(const or_options_t
*options
)
1163 return options
->UseBridges
!= 0;
1166 /** Return true iff we want to serve certificates for authorities
1167 * that we don't acknowledge as authorities ourself.
1168 * Use we_want_to_fetch_unknown_auth_certs to check if we want to fetch
1169 * and keep these certificates.
1172 directory_caches_unknown_auth_certs(const or_options_t
*options
)
1174 return dir_server_mode(options
) || options
->BridgeRelay
;
1177 /** Return 1 if we want to fetch and serve descriptors, networkstatuses, etc
1179 * Check options->DirPort_set and directory_permits_begindir_requests()
1180 * to see if we are willing to serve these directory documents to others via
1181 * the DirPort and begindir-over-ORPort, respectively.
1183 * To check if we should fetch documents, use we_want_to_fetch_flavor and
1184 * we_want_to_fetch_unknown_auth_certs instead of this function.
1187 directory_caches_dir_info(const or_options_t
*options
)
1189 if (options
->BridgeRelay
|| dir_server_mode(options
))
1191 if (!server_mode(options
) || !advertised_server_mode())
1193 /* We need an up-to-date view of network info if we're going to try to
1194 * block exit attempts from unknown relays. */
1195 return ! router_my_exit_policy_is_reject_star() &&
1196 should_refuse_unknown_exits(options
);
1199 /** Return 1 if we want to allow remote clients to ask us directory
1200 * requests via the "begin_dir" interface, which doesn't require
1201 * having any separate port open. */
1203 directory_permits_begindir_requests(const or_options_t
*options
)
1205 return options
->BridgeRelay
!= 0 || dir_server_mode(options
);
1208 /** Return 1 if we have no need to fetch new descriptors. This generally
1209 * happens when we're not a dir cache and we haven't built any circuits
1213 directory_too_idle_to_fetch_descriptors(const or_options_t
*options
,
1216 return !directory_caches_dir_info(options
) &&
1217 !options
->FetchUselessDescriptors
&&
1218 rep_hist_circbuilding_dormant(now
);
1221 /********************************************************************/
1223 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1224 * currently serving. */
1225 static strmap_t
*cached_consensuses
= NULL
;
1227 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1228 * any references. */
1230 cached_dir_decref(cached_dir_t
*d
)
1232 if (!d
|| --d
->refcnt
> 0)
1234 clear_cached_dir(d
);
1238 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1239 * published at <b>published</b>. */
1241 new_cached_dir(char *s
, time_t published
)
1243 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1246 d
->dir_len
= strlen(s
);
1247 d
->published
= published
;
1248 if (tor_compress(&(d
->dir_compressed
), &(d
->dir_compressed_len
),
1249 d
->dir
, d
->dir_len
, ZLIB_METHOD
)) {
1250 log_warn(LD_BUG
, "Error compressing directory");
1255 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1257 clear_cached_dir(cached_dir_t
*d
)
1260 tor_free(d
->dir_compressed
);
1261 memset(d
, 0, sizeof(cached_dir_t
));
1264 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1266 free_cached_dir_(void *_d
)
1272 d
= (cached_dir_t
*)_d
;
1273 cached_dir_decref(d
);
1276 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1277 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1278 * validation is performed. */
1280 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1281 const char *flavor_name
,
1282 const common_digests_t
*digests
,
1283 const uint8_t *sha3_as_signed
,
1286 cached_dir_t
*new_networkstatus
;
1287 cached_dir_t
*old_networkstatus
;
1288 if (!cached_consensuses
)
1289 cached_consensuses
= strmap_new();
1291 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1292 memcpy(&new_networkstatus
->digests
, digests
, sizeof(common_digests_t
));
1293 memcpy(&new_networkstatus
->digest_sha3_as_signed
, sha3_as_signed
,
1295 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1297 if (old_networkstatus
)
1298 cached_dir_decref(old_networkstatus
);
1301 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1302 * optionally compressed format, suitable for sending to clients. */
1304 dirserv_get_consensus(const char *flavor_name
)
1306 if (!cached_consensuses
)
1308 return strmap_get(cached_consensuses
, flavor_name
);
1311 /** If a router's uptime is at least this value, then it is always
1312 * considered stable, regardless of the rest of the network. This
1313 * way we resist attacks where an attacker doubles the size of the
1314 * network using allegedly high-uptime nodes, displacing all the
1315 * current guards. */
1316 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1317 /** If a router's MTBF is at least this value, then it is always stable.
1318 * See above. (Corresponds to about 7 days for current decay rates.) */
1319 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1320 /** Similarly, every node with at least this much weighted time known can be
1321 * considered familiar enough to be a guard. Corresponds to about 20 days for
1322 * current decay rates.
1324 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1325 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1327 #define WFU_TO_GUARANTEE_GUARD (0.98)
1329 /* Thresholds for server performance: set by
1330 * dirserv_compute_performance_thresholds, and used by
1331 * generate_v2_networkstatus */
1333 /** Any router with an uptime of at least this value is stable. */
1334 static uint32_t stable_uptime
= 0; /* start at a safe value */
1335 /** Any router with an mtbf of at least this value is stable. */
1336 static double stable_mtbf
= 0.0;
1337 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1338 * than stable_uptime. */
1339 static int enough_mtbf_info
= 0;
1340 /** Any router with a weighted fractional uptime of at least this much might
1341 * be good as a guard. */
1342 static double guard_wfu
= 0.0;
1343 /** Don't call a router a guard unless we've known about it for at least this
1345 static long guard_tk
= 0;
1346 /** Any router with a bandwidth at least this high is "Fast" */
1347 static uint32_t fast_bandwidth_kb
= 0;
1348 /** If exits can be guards, then all guards must have a bandwidth this
1350 static uint32_t guard_bandwidth_including_exits_kb
= 0;
1351 /** If exits can't be guards, then all guards must have a bandwidth this
1353 static uint32_t guard_bandwidth_excluding_exits_kb
= 0;
1355 /** Helper: estimate the uptime of a router given its stated uptime and the
1356 * amount of time since it last stated its stated uptime. */
1358 real_uptime(const routerinfo_t
*router
, time_t now
)
1360 if (now
< router
->cache_info
.published_on
)
1361 return router
->uptime
;
1363 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1366 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1367 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1368 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1372 dirserv_thinks_router_is_unreliable(time_t now
,
1373 routerinfo_t
*router
,
1374 int need_uptime
, int need_capacity
)
1377 if (!enough_mtbf_info
) {
1378 /* XXXX We should change the rule from
1379 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1380 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1381 * hit a point where we need to reset a lot of authorities at once,
1382 * none of them would be in a position to declare Stable.
1384 long uptime
= real_uptime(router
, now
);
1385 if ((unsigned)uptime
< stable_uptime
&&
1386 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1390 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1391 if (mtbf
< stable_mtbf
&&
1392 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1396 if (need_capacity
) {
1397 uint32_t bw_kb
= dirserv_get_credible_bandwidth_kb(router
);
1398 if (bw_kb
< fast_bandwidth_kb
)
1404 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1406 * Right now this means it advertises support for it, it has a high uptime,
1407 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1408 * considered Running.
1410 * This function needs to be called after router-\>is_running has
1414 dirserv_thinks_router_is_hs_dir(const routerinfo_t
*router
,
1415 const node_t
*node
, time_t now
)
1420 /* If we haven't been running for at least
1421 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1422 * have accurate data telling us a relay has been up for at least
1423 * that long. We also want to allow a bit of slack: Reachability
1424 * tests aren't instant. If we haven't been running long enough,
1425 * trust the relay. */
1427 if (stats_n_seconds_working
>
1428 get_options()->MinUptimeHidServDirectoryV2
* 1.1)
1429 uptime
= MIN(rep_hist_get_uptime(router
->cache_info
.identity_digest
, now
),
1430 real_uptime(router
, now
));
1432 uptime
= real_uptime(router
, now
);
1434 return (router
->wants_to_be_hs_dir
&&
1435 router
->supports_tunnelled_dir_requests
&&
1436 node
->is_stable
&& node
->is_fast
&&
1437 uptime
>= get_options()->MinUptimeHidServDirectoryV2
&&
1438 router_is_active(router
, node
, now
));
1441 /** Don't consider routers with less bandwidth than this when computing
1443 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1445 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1446 * include a router in our calculations, and return true iff we should; the
1447 * require_mbw parameter is passed in by
1448 * dirserv_compute_performance_thresholds() and controls whether we ever
1449 * count routers with only advertised bandwidths */
1451 router_counts_toward_thresholds(const node_t
*node
, time_t now
,
1452 const digestmap_t
*omit_as_sybil
,
1455 /* Have measured bw? */
1457 dirserv_has_measured_bw(node
->identity
);
1458 uint64_t min_bw_kb
= ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB
;
1459 const or_options_t
*options
= get_options();
1461 if (options
->TestingTorNetwork
) {
1462 min_bw_kb
= (int64_t)options
->TestingMinExitFlagThreshold
/ 1000;
1465 return node
->ri
&& router_is_active(node
->ri
, node
, now
) &&
1466 !digestmap_get(omit_as_sybil
, node
->identity
) &&
1467 (dirserv_get_credible_bandwidth_kb(node
->ri
) >= min_bw_kb
) &&
1468 (have_mbw
|| !require_mbw
);
1471 /** Look through the routerlist, the Mean Time Between Failure history, and
1472 * the Weighted Fractional Uptime history, and use them to set thresholds for
1473 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1474 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1475 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1477 * Also, set the is_exit flag of each router appropriately. */
1479 dirserv_compute_performance_thresholds(digestmap_t
*omit_as_sybil
)
1481 int n_active
, n_active_nonexit
, n_familiar
;
1482 uint32_t *uptimes
, *bandwidths_kb
, *bandwidths_excluding_exits_kb
;
1484 double *mtbfs
, *wfus
;
1485 smartlist_t
*nodelist
;
1486 time_t now
= time(NULL
);
1487 const or_options_t
*options
= get_options();
1491 (routers_with_measured_bw
>
1492 options
->MinMeasuredBWsForAuthToIgnoreAdvertised
) ? 1 : 0;
1494 /* initialize these all here, in case there are no routers */
1497 fast_bandwidth_kb
= 0;
1498 guard_bandwidth_including_exits_kb
= 0;
1499 guard_bandwidth_excluding_exits_kb
= 0;
1503 nodelist_assert_ok();
1504 nodelist
= nodelist_get_list();
1506 /* Initialize arrays that will hold values for each router. We'll
1507 * sort them and use that to compute thresholds. */
1508 n_active
= n_active_nonexit
= 0;
1509 /* Uptime for every active router. */
1510 uptimes
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1511 /* Bandwidth for every active router. */
1512 bandwidths_kb
= tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1513 /* Bandwidth for every active non-exit router. */
1514 bandwidths_excluding_exits_kb
=
1515 tor_calloc(smartlist_len(nodelist
), sizeof(uint32_t));
1516 /* Weighted mean time between failure for each active router. */
1517 mtbfs
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1518 /* Time-known for each active router. */
1519 tks
= tor_calloc(smartlist_len(nodelist
), sizeof(long));
1520 /* Weighted fractional uptime for each active router. */
1521 wfus
= tor_calloc(smartlist_len(nodelist
), sizeof(double));
1523 /* Now, fill in the arrays. */
1524 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1525 if (options
->BridgeAuthoritativeDir
&&
1527 node
->ri
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
1529 if (router_counts_toward_thresholds(node
, now
, omit_as_sybil
,
1531 routerinfo_t
*ri
= node
->ri
;
1532 const char *id
= node
->identity
;
1534 /* resolve spurious clang shallow analysis null pointer errors */
1536 node
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1537 exit_policy_is_general_exit(ri
->exit_policy
));
1538 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1539 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1540 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1541 bandwidths_kb
[n_active
] = bw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
1542 if (!node
->is_exit
|| node
->is_bad_exit
) {
1543 bandwidths_excluding_exits_kb
[n_active_nonexit
] = bw_kb
;
1548 } SMARTLIST_FOREACH_END(node
);
1550 /* Now, compute thresholds. */
1552 /* The median uptime is stable. */
1553 stable_uptime
= median_uint32(uptimes
, n_active
);
1554 /* The median mtbf is stable, if we have enough mtbf info */
1555 stable_mtbf
= median_double(mtbfs
, n_active
);
1556 /* The 12.5th percentile bandwidth is fast. */
1557 fast_bandwidth_kb
= find_nth_uint32(bandwidths_kb
, n_active
, n_active
/8);
1558 /* (Now bandwidths is sorted.) */
1559 if (fast_bandwidth_kb
< RELAY_REQUIRED_MIN_BANDWIDTH
/(2 * 1000))
1560 fast_bandwidth_kb
= bandwidths_kb
[n_active
/4];
1561 guard_bandwidth_including_exits_kb
=
1562 third_quartile_uint32(bandwidths_kb
, n_active
);
1563 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1566 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1567 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1570 /* We can vote on a parameter for the minimum and maximum. */
1571 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1572 int32_t min_fast_kb
, max_fast_kb
, min_fast
, max_fast
;
1573 min_fast
= networkstatus_get_param(NULL
, "FastFlagMinThreshold",
1574 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1575 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
,
1577 if (options
->TestingTorNetwork
) {
1578 min_fast
= (int32_t)options
->TestingMinFastFlagThreshold
;
1580 max_fast
= networkstatus_get_param(NULL
, "FastFlagMaxThreshold",
1581 INT32_MAX
, min_fast
, INT32_MAX
);
1582 min_fast_kb
= min_fast
/ 1000;
1583 max_fast_kb
= max_fast
/ 1000;
1585 if (fast_bandwidth_kb
< (uint32_t)min_fast_kb
)
1586 fast_bandwidth_kb
= min_fast_kb
;
1587 if (fast_bandwidth_kb
> (uint32_t)max_fast_kb
)
1588 fast_bandwidth_kb
= max_fast_kb
;
1590 /* Protect sufficiently fast nodes from being pushed out of the set
1592 if (options
->AuthDirFastGuarantee
&&
1593 fast_bandwidth_kb
> options
->AuthDirFastGuarantee
/1000)
1594 fast_bandwidth_kb
= (uint32_t)options
->AuthDirFastGuarantee
/1000;
1596 /* Now that we have a time-known that 7/8 routers are known longer than,
1597 * fill wfus with the wfu of every such "familiar" router. */
1600 SMARTLIST_FOREACH_BEGIN(nodelist
, node_t
*, node
) {
1601 if (router_counts_toward_thresholds(node
, now
,
1602 omit_as_sybil
, require_mbw
)) {
1603 routerinfo_t
*ri
= node
->ri
;
1604 const char *id
= ri
->cache_info
.identity_digest
;
1605 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1608 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1610 } SMARTLIST_FOREACH_END(node
);
1612 guard_wfu
= median_double(wfus
, n_familiar
);
1613 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1614 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1616 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1618 if (n_active_nonexit
) {
1619 guard_bandwidth_excluding_exits_kb
=
1620 find_nth_uint32(bandwidths_excluding_exits_kb
,
1621 n_active_nonexit
, n_active_nonexit
*3/4);
1624 log_info(LD_DIRSERV
,
1625 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1626 "For Fast: %lu kilobytes/sec. "
1627 "For Guard: WFU %.03f%%, time-known %lu sec, "
1628 "and bandwidth %lu or %lu kilobytes/sec. "
1629 "We%s have enough stability data.",
1630 (unsigned long)stable_uptime
,
1631 (unsigned long)stable_mtbf
,
1632 (unsigned long)fast_bandwidth_kb
,
1634 (unsigned long)guard_tk
,
1635 (unsigned long)guard_bandwidth_including_exits_kb
,
1636 (unsigned long)guard_bandwidth_excluding_exits_kb
,
1637 enough_mtbf_info
? "" : " don't");
1641 tor_free(bandwidths_kb
);
1642 tor_free(bandwidths_excluding_exits_kb
);
1647 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1648 * for the status flags, specifically for bridges.
1650 * This is only called by a Bridge Authority from
1651 * networkstatus_getinfo_by_purpose().
1654 dirserv_compute_bridge_flag_thresholds(void)
1656 digestmap_t
*omit_as_sybil
= digestmap_new();
1657 dirserv_compute_performance_thresholds(omit_as_sybil
);
1658 digestmap_free(omit_as_sybil
, NULL
);
1661 /** Measured bandwidth cache entry */
1662 typedef struct mbw_cache_entry_s
{
1665 } mbw_cache_entry_t
;
1667 /** Measured bandwidth cache - keys are identity_digests, values are
1668 * mbw_cache_entry_t *. */
1669 static digestmap_t
*mbw_cache
= NULL
;
1671 /** Store a measured bandwidth cache entry when reading the measured
1672 * bandwidths file. */
1674 dirserv_cache_measured_bw(const measured_bw_line_t
*parsed_line
,
1677 mbw_cache_entry_t
*e
= NULL
;
1679 tor_assert(parsed_line
);
1681 /* Allocate a cache if we need */
1682 if (!mbw_cache
) mbw_cache
= digestmap_new();
1684 /* Check if we have an existing entry */
1685 e
= digestmap_get(mbw_cache
, parsed_line
->node_id
);
1686 /* If we do, we can re-use it */
1688 /* Check that we really are newer, and update */
1689 if (as_of
> e
->as_of
) {
1690 e
->mbw_kb
= parsed_line
->bw_kb
;
1694 /* We'll have to insert a new entry */
1695 e
= tor_malloc(sizeof(*e
));
1696 e
->mbw_kb
= parsed_line
->bw_kb
;
1698 digestmap_set(mbw_cache
, parsed_line
->node_id
, e
);
1702 /** Clear and free the measured bandwidth cache */
1704 dirserv_clear_measured_bw_cache(void)
1707 /* Free the map and all entries */
1708 digestmap_free(mbw_cache
, tor_free_
);
1713 /** Scan the measured bandwidth cache and remove expired entries */
1715 dirserv_expire_measured_bw_cache(time_t now
)
1719 /* Iterate through the cache and check each entry */
1720 DIGESTMAP_FOREACH_MODIFY(mbw_cache
, k
, mbw_cache_entry_t
*, e
) {
1721 if (now
> e
->as_of
+ MAX_MEASUREMENT_AGE
) {
1725 } DIGESTMAP_FOREACH_END
;
1727 /* Check if we cleared the whole thing and free if so */
1728 if (digestmap_size(mbw_cache
) == 0) {
1729 digestmap_free(mbw_cache
, tor_free_
);
1735 /** Get the current size of the measured bandwidth cache */
1737 dirserv_get_measured_bw_cache_size(void)
1739 if (mbw_cache
) return digestmap_size(mbw_cache
);
1743 /** Query the cache by identity digest, return value indicates whether
1744 * we found it. The bw_out and as_of_out pointers receive the cached
1745 * bandwidth value and the time it was cached if not NULL. */
1747 dirserv_query_measured_bw_cache_kb(const char *node_id
, long *bw_kb_out
,
1750 mbw_cache_entry_t
*v
= NULL
;
1753 if (mbw_cache
&& node_id
) {
1754 v
= digestmap_get(mbw_cache
, node_id
);
1756 /* Found something */
1758 if (bw_kb_out
) *bw_kb_out
= v
->mbw_kb
;
1759 if (as_of_out
) *as_of_out
= v
->as_of
;
1766 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1768 dirserv_has_measured_bw(const char *node_id
)
1770 return dirserv_query_measured_bw_cache_kb(node_id
, NULL
, NULL
);
1773 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1774 * preferring measured to advertised values if available. */
1777 dirserv_get_bandwidth_for_router_kb(const routerinfo_t
*ri
)
1781 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1782 * signed) longs and the ones router_get_advertised_bandwidth() returns
1789 * * First try to see if we have a measured bandwidth; don't bother with
1790 * as_of_out here, on the theory that a stale measured bandwidth is still
1791 * better to trust than an advertised one.
1793 if (dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1796 bw_kb
= (uint32_t)mbw_kb
;
1798 /* If not, fall back to advertised */
1799 bw_kb
= router_get_advertised_bandwidth(ri
) / 1000;
1806 /** Look through the routerlist, and using the measured bandwidth cache count
1807 * how many measured bandwidths we know. This is used to decide whether we
1808 * ever trust advertised bandwidths for purposes of assigning flags. */
1810 dirserv_count_measured_bws(const smartlist_t
*routers
)
1812 /* Initialize this first */
1813 routers_with_measured_bw
= 0;
1815 /* Iterate over the routerlist and count measured bandwidths */
1816 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
1817 /* Check if we know a measured bandwidth for this one */
1818 if (dirserv_has_measured_bw(ri
->cache_info
.identity_digest
)) {
1819 ++routers_with_measured_bw
;
1821 } SMARTLIST_FOREACH_END(ri
);
1824 /** Return the bandwidth we believe for assigning flags; prefer measured
1825 * over advertised, and if we have above a threshold quantity of measured
1826 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1829 dirserv_get_credible_bandwidth_kb(const routerinfo_t
*ri
)
1836 /* Check if we have a measured bandwidth, and check the threshold if not */
1837 if (!(dirserv_query_measured_bw_cache_kb(ri
->cache_info
.identity_digest
,
1839 threshold
= get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1840 if (routers_with_measured_bw
> threshold
) {
1841 /* Return zero for unmeasured bandwidth if we are above threshold */
1844 /* Return an advertised bandwidth otherwise */
1845 bw_kb
= router_get_advertised_bandwidth_capped(ri
) / 1000;
1848 /* We have the measured bandwidth in mbw */
1849 bw_kb
= (uint32_t)mbw_kb
;
1855 /** Give a statement of our current performance thresholds for inclusion
1856 * in a vote document. */
1858 dirserv_get_flag_thresholds_line(void)
1861 const int measured_threshold
=
1862 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised
;
1863 const int enough_measured_bw
= routers_with_measured_bw
> measured_threshold
;
1865 tor_asprintf(&result
,
1866 "stable-uptime=%lu stable-mtbf=%lu "
1868 "guard-wfu=%.03f%% guard-tk=%lu "
1869 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1870 "enough-mtbf=%d ignoring-advertised-bws=%d",
1871 (unsigned long)stable_uptime
,
1872 (unsigned long)stable_mtbf
,
1873 (unsigned long)fast_bandwidth_kb
*1000,
1875 (unsigned long)guard_tk
,
1876 (unsigned long)guard_bandwidth_including_exits_kb
*1000,
1877 (unsigned long)guard_bandwidth_excluding_exits_kb
*1000,
1878 enough_mtbf_info
? 1 : 0,
1879 enough_measured_bw
? 1 : 0);
1884 /** Given a platform string as in a routerinfo_t (possibly null), return a
1885 * newly allocated version string for a networkstatus document, or NULL if the
1886 * platform doesn't give a Tor version. */
1888 version_from_platform(const char *platform
)
1890 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1891 const char *eos
= find_whitespace(platform
+4);
1892 if (eos
&& !strcmpstart(eos
, " (r")) {
1893 /* XXXX Unify this logic with the other version extraction
1894 * logic in routerparse.c. */
1895 eos
= find_whitespace(eos
+1);
1898 return tor_strndup(platform
, eos
-platform
);
1904 /** Helper: write the router-status information in <b>rs</b> into a newly
1905 * allocated character buffer. Use the same format as in network-status
1906 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1907 * Return 0 on success, -1 on failure.
1909 * The format argument has one of the following values:
1910 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1911 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1912 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1914 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1915 * it contains additional information for the vote.
1916 * NS_CONTROL_PORT - Output a NS document for the control port
1919 routerstatus_format_entry(const routerstatus_t
*rs
, const char *version
,
1920 const char *protocols
,
1921 routerstatus_format_type_t format
,
1922 const vote_routerstatus_t
*vrs
)
1925 char *result
= NULL
;
1927 char published
[ISO_TIME_LEN
+1];
1928 char identity64
[BASE64_DIGEST_LEN
+1];
1929 char digest64
[BASE64_DIGEST_LEN
+1];
1930 smartlist_t
*chunks
= smartlist_new();
1932 format_iso_time(published
, rs
->published_on
);
1933 digest_to_base64(identity64
, rs
->identity_digest
);
1934 digest_to_base64(digest64
, rs
->descriptor_digest
);
1936 smartlist_add_asprintf(chunks
,
1937 "r %s %s %s%s%s %s %d %d\n",
1940 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
1941 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
1943 fmt_addr32(rs
->addr
),
1947 /* TODO: Maybe we want to pass in what we need to build the rest of
1948 * this here, instead of in the caller. Then we could use the
1949 * networkstatus_type_t values, with an additional control port value
1952 /* V3 microdesc consensuses don't have "a" lines. */
1953 if (format
== NS_V3_CONSENSUS_MICRODESC
)
1956 /* Possible "a" line. At most one for now. */
1957 if (!tor_addr_is_null(&rs
->ipv6_addr
)) {
1958 smartlist_add_asprintf(chunks
, "a %s\n",
1959 fmt_addrport(&rs
->ipv6_addr
, rs
->ipv6_orport
));
1962 if (format
== NS_V3_CONSENSUS
)
1965 smartlist_add_asprintf(chunks
,
1966 "s%s%s%s%s%s%s%s%s%s%s\n",
1967 /* These must stay in alphabetical order. */
1968 rs
->is_authority
?" Authority":"",
1969 rs
->is_bad_exit
?" BadExit":"",
1970 rs
->is_exit
?" Exit":"",
1971 rs
->is_fast
?" Fast":"",
1972 rs
->is_possible_guard
?" Guard":"",
1973 rs
->is_hs_dir
?" HSDir":"",
1974 rs
->is_flagged_running
?" Running":"",
1975 rs
->is_stable
?" Stable":"",
1976 rs
->is_v2_dir
?" V2Dir":"",
1977 rs
->is_valid
?" Valid":"");
1979 /* length of "opt v \n" */
1980 #define V_LINE_OVERHEAD 7
1981 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
1982 smartlist_add_asprintf(chunks
, "v %s\n", version
);
1985 smartlist_add_asprintf(chunks
, "pr %s\n", protocols
);
1988 if (format
!= NS_V2
) {
1989 const routerinfo_t
* desc
= router_get_by_id_digest(rs
->identity_digest
);
1992 if (format
!= NS_CONTROL_PORT
) {
1993 /* Blow up more or less nicely if we didn't get anything or not the
1994 * thing we expected.
1997 char id
[HEX_DIGEST_LEN
+1];
1998 char dd
[HEX_DIGEST_LEN
+1];
2000 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2001 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
2002 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
2003 "(wanted descriptor %s).",
2008 /* This assert could fire for the control port, because
2009 * it can request NS documents before all descriptors
2010 * have been fetched. Therefore, we only do this test when
2011 * format != NS_CONTROL_PORT. */
2012 if (tor_memneq(desc
->cache_info
.signed_descriptor_digest
,
2013 rs
->descriptor_digest
,
2015 char rl_d
[HEX_DIGEST_LEN
+1];
2016 char rs_d
[HEX_DIGEST_LEN
+1];
2017 char id
[HEX_DIGEST_LEN
+1];
2019 base16_encode(rl_d
, sizeof(rl_d
),
2020 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
2021 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
2022 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2023 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
2024 "the one in routerstatus: %s vs %s "
2028 tor_assert(tor_memeq(desc
->cache_info
.signed_descriptor_digest
,
2029 rs
->descriptor_digest
,
2034 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
2035 bw_kb
= rs
->bandwidth_kb
;
2038 bw_kb
= router_get_advertised_bandwidth_capped(desc
) / 1000;
2040 smartlist_add_asprintf(chunks
,
2041 "w Bandwidth=%d", bw_kb
);
2043 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->has_measured_bw
) {
2044 smartlist_add_asprintf(chunks
,
2045 " Measured=%d", vrs
->measured_bw_kb
);
2047 /* Write down guardfraction information if we have it. */
2048 if (format
== NS_V3_VOTE
&& vrs
&& vrs
->status
.has_guardfraction
) {
2049 smartlist_add_asprintf(chunks
,
2050 " GuardFraction=%d",
2051 vrs
->status
.guardfraction_percentage
);
2054 smartlist_add_strdup(chunks
, "\n");
2057 summary
= policy_summarize(desc
->exit_policy
, AF_INET
);
2058 smartlist_add_asprintf(chunks
, "p %s\n", summary
);
2062 if (format
== NS_V3_VOTE
&& vrs
) {
2063 if (tor_mem_is_zero((char*)vrs
->ed25519_id
, ED25519_PUBKEY_LEN
)) {
2064 smartlist_add_strdup(chunks
, "id ed25519 none\n");
2066 char ed_b64
[BASE64_DIGEST256_LEN
+1];
2067 digest256_to_base64(ed_b64
, (const char*)vrs
->ed25519_id
);
2068 smartlist_add_asprintf(chunks
, "id ed25519 %s\n", ed_b64
);
2074 result
= smartlist_join_strings(chunks
, "", 0, NULL
);
2077 SMARTLIST_FOREACH(chunks
, char *, cp
, tor_free(cp
));
2078 smartlist_free(chunks
);
2083 /** Helper for sorting: compares two routerinfos first by address, and then by
2084 * descending order of "usefulness". (An authority is more useful than a
2085 * non-authority; a running router is more useful than a non-running router;
2086 * and a router with more bandwidth is more useful than one with less.)
2089 compare_routerinfo_by_ip_and_bw_(const void **a
, const void **b
)
2091 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2092 int first_is_auth
, second_is_auth
;
2093 uint32_t bw_kb_first
, bw_kb_second
;
2094 const node_t
*node_first
, *node_second
;
2095 int first_is_running
, second_is_running
;
2097 /* we return -1 if first should appear before second... that is,
2098 * if first is a better router. */
2099 if (first
->addr
< second
->addr
)
2101 else if (first
->addr
> second
->addr
)
2104 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2105 * reality, we will almost never get here, since addresses will usually be
2109 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2111 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2113 if (first_is_auth
&& !second_is_auth
)
2115 else if (!first_is_auth
&& second_is_auth
)
2118 node_first
= node_get_by_id(first
->cache_info
.identity_digest
);
2119 node_second
= node_get_by_id(second
->cache_info
.identity_digest
);
2120 first_is_running
= node_first
&& node_first
->is_running
;
2121 second_is_running
= node_second
&& node_second
->is_running
;
2123 if (first_is_running
&& !second_is_running
)
2125 else if (!first_is_running
&& second_is_running
)
2128 bw_kb_first
= dirserv_get_bandwidth_for_router_kb(first
);
2129 bw_kb_second
= dirserv_get_bandwidth_for_router_kb(second
);
2131 if (bw_kb_first
> bw_kb_second
)
2133 else if (bw_kb_first
< bw_kb_second
)
2136 /* They're equal! Compare by identity digest, so there's a
2137 * deterministic order and we avoid flapping. */
2138 return fast_memcmp(first
->cache_info
.identity_digest
,
2139 second
->cache_info
.identity_digest
,
2143 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2144 * whose keys are the identity digests of those routers that we're going to
2145 * exclude for Sybil-like appearance. */
2146 static digestmap_t
*
2147 get_possible_sybil_list(const smartlist_t
*routers
)
2149 const or_options_t
*options
= get_options();
2150 digestmap_t
*omit_as_sybil
;
2151 smartlist_t
*routers_by_ip
= smartlist_new();
2154 /* Allow at most this number of Tor servers on a single IP address, ... */
2155 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2156 if (max_with_same_addr
<= 0)
2157 max_with_same_addr
= INT_MAX
;
2159 smartlist_add_all(routers_by_ip
, routers
);
2160 smartlist_sort(routers_by_ip
, compare_routerinfo_by_ip_and_bw_
);
2161 omit_as_sybil
= digestmap_new();
2165 SMARTLIST_FOREACH_BEGIN(routers_by_ip
, routerinfo_t
*, ri
) {
2166 if (last_addr
!= ri
->addr
) {
2167 last_addr
= ri
->addr
;
2169 } else if (++addr_count
> max_with_same_addr
) {
2170 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2172 } SMARTLIST_FOREACH_END(ri
);
2174 smartlist_free(routers_by_ip
);
2175 return omit_as_sybil
;
2178 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2179 * remove the older one. If they are exactly the same age, remove the one
2180 * with the greater descriptor digest. May alter the order of the list. */
2182 routers_make_ed_keys_unique(smartlist_t
*routers
)
2185 digest256map_t
*by_ed_key
= digest256map_new();
2187 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2188 ri
->omit_from_vote
= 0;
2189 if (ri
->cache_info
.signing_key_cert
== NULL
)
2190 continue; /* No ed key */
2191 const uint8_t *pk
= ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
;
2192 if ((ri2
= digest256map_get(by_ed_key
, pk
))) {
2193 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2194 * one has the earlier published_on. */
2195 const time_t ri_pub
= ri
->cache_info
.published_on
;
2196 const time_t ri2_pub
= ri2
->cache_info
.published_on
;
2197 if (ri2_pub
< ri_pub
||
2198 (ri2_pub
== ri_pub
&&
2199 fast_memcmp(ri
->cache_info
.signed_descriptor_digest
,
2200 ri2
->cache_info
.signed_descriptor_digest
,DIGEST_LEN
)<0)) {
2201 digest256map_set(by_ed_key
, pk
, ri
);
2202 ri2
->omit_from_vote
= 1;
2204 ri
->omit_from_vote
= 1;
2208 digest256map_set(by_ed_key
, pk
, ri
);
2210 } SMARTLIST_FOREACH_END(ri
);
2212 digest256map_free(by_ed_key
, NULL
);
2214 /* Now remove every router where the omit_from_vote flag got set. */
2215 SMARTLIST_FOREACH_BEGIN(routers
, const routerinfo_t
*, ri
) {
2216 if (ri
->omit_from_vote
) {
2217 SMARTLIST_DEL_CURRENT(routers
, ri
);
2219 } SMARTLIST_FOREACH_END(ri
);
2222 /** Extract status information from <b>ri</b> and from other authority
2223 * functions and store it in <b>rs</b>>.
2225 * We assume that ri-\>is_running has already been set, e.g. by
2226 * dirserv_set_router_is_running(ri, now);
2229 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2235 const or_options_t
*options
= get_options();
2236 uint32_t routerbw_kb
= dirserv_get_credible_bandwidth_kb(ri
);
2238 memset(rs
, 0, sizeof(routerstatus_t
));
2241 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2243 /* Already set by compute_performance_thresholds. */
2244 rs
->is_exit
= node
->is_exit
;
2245 rs
->is_stable
= node
->is_stable
=
2246 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0);
2247 rs
->is_fast
= node
->is_fast
=
2248 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2249 rs
->is_flagged_running
= node
->is_running
; /* computed above */
2251 rs
->is_valid
= node
->is_valid
;
2253 if (node
->is_fast
&& node
->is_stable
&&
2254 ((options
->AuthDirGuardBWGuarantee
&&
2255 routerbw_kb
>= options
->AuthDirGuardBWGuarantee
/1000) ||
2256 routerbw_kb
>= MIN(guard_bandwidth_including_exits_kb
,
2257 guard_bandwidth_excluding_exits_kb
))) {
2258 long tk
= rep_hist_get_weighted_time_known(
2259 node
->identity
, now
);
2260 double wfu
= rep_hist_get_weighted_fractional_uptime(
2261 node
->identity
, now
);
2262 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2264 rs
->is_possible_guard
= 0;
2267 rs
->is_bad_exit
= listbadexits
&& node
->is_bad_exit
;
2268 rs
->is_hs_dir
= node
->is_hs_dir
=
2269 dirserv_thinks_router_is_hs_dir(ri
, node
, now
);
2271 rs
->is_named
= rs
->is_unnamed
= 0;
2273 rs
->published_on
= ri
->cache_info
.published_on
;
2274 memcpy(rs
->identity_digest
, node
->identity
, DIGEST_LEN
);
2275 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2277 rs
->addr
= ri
->addr
;
2278 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2279 rs
->or_port
= ri
->or_port
;
2280 rs
->dir_port
= ri
->dir_port
;
2281 rs
->is_v2_dir
= ri
->supports_tunnelled_dir_requests
;
2282 if (options
->AuthDirHasIPv6Connectivity
== 1 &&
2283 !tor_addr_is_null(&ri
->ipv6_addr
) &&
2284 node
->last_reachable6
>= now
- REACHABLE_TIMEOUT
) {
2285 /* We're configured as having IPv6 connectivity. There's an IPv6
2286 OR port and it's reachable so copy it to the routerstatus. */
2287 tor_addr_copy(&rs
->ipv6_addr
, &ri
->ipv6_addr
);
2288 rs
->ipv6_orport
= ri
->ipv6_orport
;
2291 if (options
->TestingTorNetwork
) {
2292 dirserv_set_routerstatus_testing(rs
);
2296 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2297 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2298 * respectively. But don't set the corresponding node flags.
2299 * Should only be called if TestingTorNetwork is set. */
2301 dirserv_set_routerstatus_testing(routerstatus_t
*rs
)
2303 const or_options_t
*options
= get_options();
2305 tor_assert(options
->TestingTorNetwork
);
2307 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteExit
,
2310 } else if (options
->TestingDirAuthVoteExitIsStrict
) {
2314 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteGuard
,
2316 rs
->is_possible_guard
= 1;
2317 } else if (options
->TestingDirAuthVoteGuardIsStrict
) {
2318 rs
->is_possible_guard
= 0;
2321 if (routerset_contains_routerstatus(options
->TestingDirAuthVoteHSDir
,
2324 } else if (options
->TestingDirAuthVoteHSDirIsStrict
) {
2329 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2330 * too narrow an IP-space. Clear out its flags since we don't want it be used
2331 * because of its Sybil-like appearance.
2333 * Leave its BadExit flag alone though, since if we think it's a bad exit,
2334 * we want to vote that way in case all the other authorities are voting
2338 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2340 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2341 rs
->is_flagged_running
= rs
->is_named
= rs
->is_valid
=
2342 rs
->is_hs_dir
= rs
->is_v2_dir
= rs
->is_possible_guard
= 0;
2343 /* FFFF we might want some mechanism to check later on if we
2344 * missed zeroing any flags: it's easy to add a new flag but
2345 * forget to add it to this clause. */
2348 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2349 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2350 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2351 * information to it.
2353 * Return 1 if we applied the information and 0 if we couldn't find a
2356 * Requires that <b>vote_routerstatuses</b> be sorted.
2359 guardfraction_line_apply(const char *guard_id
,
2360 uint32_t guardfraction_percentage
,
2361 smartlist_t
*vote_routerstatuses
)
2363 vote_routerstatus_t
*vrs
= NULL
;
2365 tor_assert(vote_routerstatuses
);
2367 vrs
= smartlist_bsearch(vote_routerstatuses
, guard_id
,
2368 compare_digest_to_vote_routerstatus_entry
);
2374 vrs
->status
.has_guardfraction
= 1;
2375 vrs
->status
.guardfraction_percentage
= guardfraction_percentage
;
2380 /* Given a guard line from a guardfraction file, parse it and register
2381 * its information to <b>vote_routerstatuses</b>.
2384 * * 1 if the line was proper and its information got registered.
2385 * * 0 if the line was proper but no currently active guard was found
2386 * to register the guardfraction information to.
2387 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2388 newly allocated string containing the error message.
2391 guardfraction_file_parse_guard_line(const char *guard_line
,
2392 smartlist_t
*vote_routerstatuses
,
2395 char guard_id
[DIGEST_LEN
];
2396 uint32_t guardfraction
;
2397 char *inputs_tmp
= NULL
;
2400 smartlist_t
*sl
= smartlist_new();
2403 tor_assert(err_msg
);
2405 /* guard_line should contain something like this:
2406 <hex digest> <guardfraction> <appearances> */
2407 smartlist_split_string(sl
, guard_line
, " ",
2408 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2409 if (smartlist_len(sl
) < 3) {
2410 tor_asprintf(err_msg
, "bad line '%s'", guard_line
);
2414 inputs_tmp
= smartlist_get(sl
, 0);
2415 if (strlen(inputs_tmp
) != HEX_DIGEST_LEN
||
2416 base16_decode(guard_id
, DIGEST_LEN
,
2417 inputs_tmp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2418 tor_asprintf(err_msg
, "bad digest '%s'", inputs_tmp
);
2422 inputs_tmp
= smartlist_get(sl
, 1);
2423 /* Guardfraction is an integer in [0, 100]. */
2425 (uint32_t) tor_parse_long(inputs_tmp
, 10, 0, 100, &num_ok
, NULL
);
2427 tor_asprintf(err_msg
, "wrong percentage '%s'", inputs_tmp
);
2431 /* If routerstatuses were provided, apply this info to actual routers. */
2432 if (vote_routerstatuses
) {
2433 retval
= guardfraction_line_apply(guard_id
, guardfraction
,
2434 vote_routerstatuses
);
2436 retval
= 0; /* If we got this far, line was correctly formatted. */
2441 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2447 /** Given an inputs line from a guardfraction file, parse it and
2448 * register its information to <b>total_consensuses</b> and
2449 * <b>total_days</b>.
2451 * Return 0 if it parsed well. Return -1 if there was an error, and
2452 * set <b>err_msg</b> to a newly allocated string containing the
2456 guardfraction_file_parse_inputs_line(const char *inputs_line
,
2457 int *total_consensuses
,
2462 char *inputs_tmp
= NULL
;
2464 smartlist_t
*sl
= smartlist_new();
2466 tor_assert(err_msg
);
2468 /* Second line is inputs information:
2469 * n-inputs <total_consensuses> <total_days>. */
2470 smartlist_split_string(sl
, inputs_line
, " ",
2471 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 3);
2472 if (smartlist_len(sl
) < 2) {
2473 tor_asprintf(err_msg
, "incomplete line '%s'", inputs_line
);
2477 inputs_tmp
= smartlist_get(sl
, 0);
2478 *total_consensuses
=
2479 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2481 tor_asprintf(err_msg
, "unparseable consensus '%s'", inputs_tmp
);
2485 inputs_tmp
= smartlist_get(sl
, 1);
2487 (int) tor_parse_long(inputs_tmp
, 10, 0, INT_MAX
, &num_ok
, NULL
);
2489 tor_asprintf(err_msg
, "unparseable days '%s'", inputs_tmp
);
2496 SMARTLIST_FOREACH(sl
, char *, cp
, tor_free(cp
));
2502 /* Maximum age of a guardfraction file that we are willing to accept. */
2503 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2505 /** Static strings of guardfraction files. */
2506 #define GUARDFRACTION_DATE_STR "written-at"
2507 #define GUARDFRACTION_INPUTS "n-inputs"
2508 #define GUARDFRACTION_GUARD "guard-seen"
2509 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2511 /** Given a guardfraction file in a string, parse it and register the
2512 * guardfraction information to the provided vote routerstatuses.
2514 * This is the rough format of the guardfraction file:
2516 * guardfraction-file-version 1
2517 * written-at <date and time>
2518 * n-inputs <number of consesuses parsed> <number of days considered>
2520 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2521 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2522 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2523 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2524 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2527 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2528 * should tolerate errors in all lines but the written-at header.
2531 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str
,
2532 smartlist_t
*vote_routerstatuses
)
2534 config_line_t
*front
=NULL
, *line
;
2537 int current_line_n
= 0; /* line counter for better log messages */
2539 /* Guardfraction info to be parsed */
2540 int total_consensuses
= 0;
2544 int guards_read_n
= 0;
2545 int guards_applied_n
= 0;
2547 /* Parse file and split it in lines */
2548 ret_tmp
= config_get_lines(guardfraction_file_str
, &front
, 0);
2550 log_warn(LD_CONFIG
, "Error reading from guardfraction file");
2554 /* Sort routerstatuses (needed later when applying guardfraction info) */
2555 if (vote_routerstatuses
)
2556 smartlist_sort(vote_routerstatuses
, compare_vote_routerstatus_entries
);
2558 for (line
= front
; line
; line
=line
->next
) {
2561 if (!strcmp(line
->key
, GUARDFRACTION_VERSION
)) {
2563 unsigned int version
;
2566 (unsigned int) tor_parse_long(line
->value
,
2567 10, 0, INT_MAX
, &num_ok
, NULL
);
2569 if (!num_ok
|| version
!= 1) {
2570 log_warn(LD_GENERAL
, "Got unknown guardfraction version %d.", version
);
2573 } else if (!strcmp(line
->key
, GUARDFRACTION_DATE_STR
)) {
2574 time_t file_written_at
;
2575 time_t now
= time(NULL
);
2577 /* First line is 'written-at <date>' */
2578 if (parse_iso_time(line
->value
, &file_written_at
) < 0) {
2579 log_warn(LD_CONFIG
, "Guardfraction:%d: Bad date '%s'. Ignoring",
2580 current_line_n
, line
->value
);
2581 goto done
; /* don't tolerate failure here. */
2583 if (file_written_at
< now
- MAX_GUARDFRACTION_FILE_AGE
) {
2584 log_warn(LD_CONFIG
, "Guardfraction:%d: was written very long ago '%s'",
2585 current_line_n
, line
->value
);
2586 goto done
; /* don't tolerate failure here. */
2588 } else if (!strcmp(line
->key
, GUARDFRACTION_INPUTS
)) {
2589 char *err_msg
= NULL
;
2591 if (guardfraction_file_parse_inputs_line(line
->value
,
2595 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2596 current_line_n
, err_msg
);
2601 } else if (!strcmp(line
->key
, GUARDFRACTION_GUARD
)) {
2602 char *err_msg
= NULL
;
2604 ret_tmp
= guardfraction_file_parse_guard_line(line
->value
,
2605 vote_routerstatuses
,
2607 if (ret_tmp
< 0) { /* failed while parsing the guard line */
2608 log_warn(LD_CONFIG
, "Guardfraction:%d: %s",
2609 current_line_n
, err_msg
);
2614 /* Successfully parsed guard line. Check if it was applied properly. */
2620 log_warn(LD_CONFIG
, "Unknown guardfraction line %d (%s %s)",
2621 current_line_n
, line
->key
, line
->value
);
2628 "Successfully parsed guardfraction file with %d consensuses over "
2629 "%d days. Parsed %d nodes and applied %d of them%s.",
2630 total_consensuses
, total_days
, guards_read_n
, guards_applied_n
,
2631 vote_routerstatuses
? "" : " (no routerstatus provided)" );
2634 config_free_lines(front
);
2639 return guards_read_n
;
2643 /** Read a guardfraction file at <b>fname</b> and load all its
2644 * information to <b>vote_routerstatuses</b>. */
2646 dirserv_read_guardfraction_file(const char *fname
,
2647 smartlist_t
*vote_routerstatuses
)
2649 char *guardfraction_file_str
;
2651 /* Read file to a string */
2652 guardfraction_file_str
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
2653 if (!guardfraction_file_str
) {
2654 log_warn(LD_FS
, "Cannot open guardfraction file '%s'. Failing.", fname
);
2658 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str
,
2659 vote_routerstatuses
);
2663 * Helper function to parse out a line in the measured bandwidth file
2664 * into a measured_bw_line_t output structure. Returns -1 on failure
2668 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2670 char *line
= tor_strdup(orig_line
);
2673 int got_node_id
= 0;
2674 char *strtok_state
; /* lame sauce d'jour */
2675 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2678 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2679 escaped(orig_line
));
2684 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2685 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2686 escaped(orig_line
));
2692 if (strcmpstart(cp
, "bw=") == 0) {
2696 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2697 escaped(orig_line
));
2703 out
->bw_kb
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2704 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2705 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2706 escaped(orig_line
));
2711 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2713 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2714 escaped(orig_line
));
2718 cp
+=strlen("node_id=$");
2720 if (strlen(cp
) != HEX_DIGEST_LEN
||
2721 base16_decode(out
->node_id
, DIGEST_LEN
,
2722 cp
, HEX_DIGEST_LEN
) != DIGEST_LEN
) {
2723 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2724 escaped(orig_line
));
2728 strlcpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2731 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2733 if (got_bw
&& got_node_id
) {
2737 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2738 escaped(orig_line
));
2745 * Helper function to apply a parsed measurement line to a list
2746 * of bandwidth statuses. Returns true if a line is found,
2750 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2751 smartlist_t
*routerstatuses
)
2753 vote_routerstatus_t
*rs
= NULL
;
2754 if (!routerstatuses
)
2757 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2758 compare_digest_to_vote_routerstatus_entry
);
2761 rs
->has_measured_bw
= 1;
2762 rs
->measured_bw_kb
= (uint32_t)parsed_line
->bw_kb
;
2764 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2765 parsed_line
->node_hex
);
2772 * Read the measured bandwidth file and apply it to the list of
2773 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2776 dirserv_read_measured_bandwidths(const char *from_file
,
2777 smartlist_t
*routerstatuses
)
2780 FILE *fp
= tor_fopen_cloexec(from_file
, "r");
2781 int applied_lines
= 0;
2782 time_t file_time
, now
;
2786 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2791 if (!fgets(line
, sizeof(line
), fp
)
2792 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2793 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2799 line
[strlen(line
)-1] = '\0';
2800 file_time
= (time_t)tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2802 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2809 if ((now
- file_time
) > MAX_MEASUREMENT_AGE
) {
2810 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2811 (unsigned)(time(NULL
) - file_time
));
2817 smartlist_sort(routerstatuses
, compare_vote_routerstatus_entries
);
2820 measured_bw_line_t parsed_line
;
2821 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2822 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2823 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2824 dirserv_cache_measured_bw(&parsed_line
, file_time
);
2825 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2831 /* Now would be a nice time to clean the cache, too */
2832 dirserv_expire_measured_bw_cache(now
);
2835 log_info(LD_DIRSERV
,
2836 "Bandwidth measurement file successfully read. "
2837 "Applied %d measurements.", applied_lines
);
2841 /** Return a new networkstatus_t* containing our current opinion. (For v3
2844 dirserv_generate_networkstatus_vote_obj(crypto_pk_t
*private_key
,
2845 authority_cert_t
*cert
)
2847 const or_options_t
*options
= get_options();
2848 networkstatus_t
*v3_out
= NULL
;
2850 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2851 const char *contact
;
2852 smartlist_t
*routers
, *routerstatuses
;
2853 char identity_digest
[DIGEST_LEN
];
2854 char signing_key_digest
[DIGEST_LEN
];
2855 int listbadexits
= options
->AuthDirListBadExits
;
2856 routerlist_t
*rl
= router_get_routerlist();
2857 time_t now
= time(NULL
);
2858 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2859 networkstatus_voter_info_t
*voter
= NULL
;
2860 vote_timing_t timing
;
2861 digestmap_t
*omit_as_sybil
= NULL
;
2862 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2863 smartlist_t
*microdescriptors
= NULL
;
2865 tor_assert(private_key
);
2868 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2869 log_err(LD_BUG
, "Error computing signing key digest");
2872 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2873 log_err(LD_BUG
, "Error computing identity key digest");
2876 if (resolve_my_address(LOG_WARN
, options
, &addr
, NULL
, &hostname
)<0) {
2877 log_warn(LD_NET
, "Couldn't resolve my hostname");
2880 if (!hostname
|| !strchr(hostname
, '.')) {
2882 hostname
= tor_dup_ip(addr
);
2885 if (options
->VersioningAuthoritativeDir
) {
2886 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2887 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2890 contact
= get_options()->ContactInfo
;
2895 * Do this so dirserv_compute_performance_thresholds() and
2896 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2898 if (options
->V3BandwidthsFile
) {
2899 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
, NULL
);
2902 * No bandwidths file; clear the measured bandwidth cache in case we had
2903 * one last time around.
2905 if (dirserv_get_measured_bw_cache_size() > 0) {
2906 dirserv_clear_measured_bw_cache();
2910 /* precompute this part, since we need it to decide what "stable"
2912 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2913 dirserv_set_router_is_running(ri
, now
);
2916 routers
= smartlist_new();
2917 smartlist_add_all(routers
, rl
->routers
);
2918 routers_make_ed_keys_unique(routers
);
2919 /* After this point, don't use rl->routers; use 'routers' instead. */
2920 routers_sort_by_identity(routers
);
2921 omit_as_sybil
= get_possible_sybil_list(routers
);
2923 DIGESTMAP_FOREACH(omit_as_sybil
, sybil_id
, void *, ignore
) {
2925 rep_hist_make_router_pessimal(sybil_id
, now
);
2926 } DIGESTMAP_FOREACH_END
;
2928 /* Count how many have measured bandwidths so we know how to assign flags;
2929 * this must come before dirserv_compute_performance_thresholds() */
2930 dirserv_count_measured_bws(routers
);
2932 dirserv_compute_performance_thresholds(omit_as_sybil
);
2934 routerstatuses
= smartlist_new();
2935 microdescriptors
= smartlist_new();
2937 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2938 if (ri
->cache_info
.published_on
>= cutoff
) {
2940 vote_routerstatus_t
*vrs
;
2941 node_t
*node
= node_get_mutable_by_id(ri
->cache_info
.identity_digest
);
2945 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2947 set_routerstatus_from_routerinfo(rs
, node
, ri
, now
,
2950 if (ri
->cache_info
.signing_key_cert
) {
2951 memcpy(vrs
->ed25519_id
,
2952 ri
->cache_info
.signing_key_cert
->signing_key
.pubkey
,
2953 ED25519_PUBKEY_LEN
);
2956 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2957 clear_status_flags_on_sybil(rs
);
2959 if (!vote_on_reachability
)
2960 rs
->is_flagged_running
= 0;
2962 vrs
->version
= version_from_platform(ri
->platform
);
2963 if (ri
->protocol_list
) {
2964 vrs
->protocols
= tor_strdup(ri
->protocol_list
);
2966 vrs
->protocols
= tor_strdup(
2967 protover_compute_for_old_tor(vrs
->version
));
2969 vrs
->microdesc
= dirvote_format_all_microdesc_vote_lines(ri
, now
,
2972 smartlist_add(routerstatuses
, vrs
);
2974 } SMARTLIST_FOREACH_END(ri
);
2977 smartlist_t
*added
=
2978 microdescs_add_list_to_cache(get_microdesc_cache(),
2979 microdescriptors
, SAVED_NOWHERE
, 0);
2980 smartlist_free(added
);
2981 smartlist_free(microdescriptors
);
2984 smartlist_free(routers
);
2985 digestmap_free(omit_as_sybil
, NULL
);
2987 /* Apply guardfraction information to routerstatuses. */
2988 if (options
->GuardfractionFile
) {
2989 dirserv_read_guardfraction_file(options
->GuardfractionFile
,
2993 /* This pass through applies the measured bw lines to the routerstatuses */
2994 if (options
->V3BandwidthsFile
) {
2995 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2999 * No bandwidths file; clear the measured bandwidth cache in case we had
3000 * one last time around.
3002 if (dirserv_get_measured_bw_cache_size() > 0) {
3003 dirserv_clear_measured_bw_cache();
3007 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
3009 v3_out
->type
= NS_TYPE_VOTE
;
3010 dirvote_get_preferred_voting_intervals(&timing
);
3011 v3_out
->published
= now
;
3013 char tbuf
[ISO_TIME_LEN
+1];
3014 networkstatus_t
*current_consensus
=
3015 networkstatus_get_live_consensus(now
);
3016 long last_consensus_interval
; /* only used to pick a valid_after */
3017 if (current_consensus
)
3018 last_consensus_interval
= current_consensus
->fresh_until
-
3019 current_consensus
->valid_after
;
3021 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
3022 v3_out
->valid_after
=
3023 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
,
3024 options
->TestingV3AuthVotingStartOffset
);
3025 format_iso_time(tbuf
, v3_out
->valid_after
);
3026 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
3027 "consensus_set=%d, last_interval=%d",
3028 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
3030 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
3031 v3_out
->valid_until
= v3_out
->valid_after
+
3032 (timing
.vote_interval
* timing
.n_intervals_valid
);
3033 v3_out
->vote_seconds
= timing
.vote_delay
;
3034 v3_out
->dist_seconds
= timing
.dist_delay
;
3035 tor_assert(v3_out
->vote_seconds
> 0);
3036 tor_assert(v3_out
->dist_seconds
> 0);
3037 tor_assert(timing
.n_intervals_valid
> 0);
3039 v3_out
->client_versions
= client_versions
;
3040 v3_out
->server_versions
= server_versions
;
3042 /* These are hardwired, to avoid disaster. */
3043 v3_out
->recommended_relay_protocols
=
3044 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3045 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3046 v3_out
->recommended_client_protocols
=
3047 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3048 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3049 v3_out
->required_client_protocols
=
3050 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3051 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3052 v3_out
->required_relay_protocols
=
3053 tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3054 "Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
3056 /* We are not allowed to vote to require anything we don't have. */
3057 tor_assert(protover_all_supported(v3_out
->required_relay_protocols
, NULL
));
3058 tor_assert(protover_all_supported(v3_out
->required_client_protocols
, NULL
));
3060 /* We should not recommend anything we don't have. */
3061 tor_assert_nonfatal(protover_all_supported(
3062 v3_out
->recommended_relay_protocols
, NULL
));
3063 tor_assert_nonfatal(protover_all_supported(
3064 v3_out
->recommended_client_protocols
, NULL
));
3066 v3_out
->package_lines
= smartlist_new();
3069 for (cl
= get_options()->RecommendedPackages
; cl
; cl
= cl
->next
) {
3070 if (validate_recommended_package_line(cl
->value
))
3071 smartlist_add_strdup(v3_out
->package_lines
, cl
->value
);
3075 v3_out
->known_flags
= smartlist_new();
3076 smartlist_split_string(v3_out
->known_flags
,
3077 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
3078 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
3079 if (vote_on_reachability
)
3080 smartlist_add_strdup(v3_out
->known_flags
, "Running");
3082 smartlist_add_strdup(v3_out
->known_flags
, "BadExit");
3083 smartlist_sort_strings(v3_out
->known_flags
);
3085 if (options
->ConsensusParams
) {
3086 v3_out
->net_params
= smartlist_new();
3087 smartlist_split_string(v3_out
->net_params
,
3088 options
->ConsensusParams
, NULL
, 0, 0);
3089 smartlist_sort_strings(v3_out
->net_params
);
3092 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
3093 voter
->nickname
= tor_strdup(options
->Nickname
);
3094 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
3095 voter
->sigs
= smartlist_new();
3096 voter
->address
= hostname
;
3098 voter
->dir_port
= router_get_advertised_dir_port(options
, 0);
3099 voter
->or_port
= router_get_advertised_or_port(options
);
3100 voter
->contact
= tor_strdup(contact
);
3101 if (options
->V3AuthUseLegacyKey
) {
3102 authority_cert_t
*c
= get_my_v3_legacy_cert();
3104 if (crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
)) {
3105 log_warn(LD_BUG
, "Unable to compute digest of legacy v3 identity key");
3106 memset(voter
->legacy_id_digest
, 0, DIGEST_LEN
);
3111 v3_out
->voters
= smartlist_new();
3112 smartlist_add(v3_out
->voters
, voter
);
3113 v3_out
->cert
= authority_cert_dup(cert
);
3114 v3_out
->routerstatus_list
= routerstatuses
;
3115 /* Note: networkstatus_digest is unset; it won't get set until we actually
3116 * format the vote. */
3121 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3122 * pointers, adds copies of digests to fps_out, and doesn't use the
3123 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3124 * requests, adds identity digests.
3127 dirserv_get_routerdesc_spool(smartlist_t
*spool_out
,
3129 dir_spool_source_t source
,
3130 int conn_is_encrypted
,
3131 const char **msg_out
)
3135 if (!strcmp(key
, "all")) {
3136 const routerlist_t
*rl
= router_get_routerlist();
3137 SMARTLIST_FOREACH_BEGIN(rl
->routers
, const routerinfo_t
*, r
) {
3138 spooled_resource_t
*spooled
;
3139 spooled
= spooled_resource_new(source
,
3140 (const uint8_t *)r
->cache_info
.identity_digest
,
3142 /* Treat "all" requests as if they were unencrypted */
3143 conn_is_encrypted
= 0;
3144 smartlist_add(spool_out
, spooled
);
3145 } SMARTLIST_FOREACH_END(r
);
3146 } else if (!strcmp(key
, "authority")) {
3147 const routerinfo_t
*ri
= router_get_my_routerinfo();
3149 smartlist_add(spool_out
,
3150 spooled_resource_new(source
,
3151 (const uint8_t *)ri
->cache_info
.identity_digest
,
3153 } else if (!strcmpstart(key
, "d/")) {
3154 key
+= strlen("d/");
3155 dir_split_resource_into_spoolable(key
, source
, spool_out
, NULL
,
3156 DSR_HEX
|DSR_SORT_UNIQ
);
3157 } else if (!strcmpstart(key
, "fp/")) {
3158 key
+= strlen("fp/");
3159 dir_split_resource_into_spoolable(key
, source
, spool_out
, NULL
,
3160 DSR_HEX
|DSR_SORT_UNIQ
);
3162 *msg_out
= "Not found";
3166 if (! conn_is_encrypted
) {
3167 /* Remove anything that insists it not be sent unencrypted. */
3168 SMARTLIST_FOREACH_BEGIN(spool_out
, spooled_resource_t
*, spooled
) {
3169 const uint8_t *body
= NULL
;
3171 int r
= spooled_resource_lookup_body(spooled
, conn_is_encrypted
,
3172 &body
, &bodylen
, NULL
);
3173 if (r
< 0 || body
== NULL
|| bodylen
== 0) {
3174 SMARTLIST_DEL_CURRENT(spool_out
, spooled
);
3175 spooled_resource_free(spooled
);
3177 } SMARTLIST_FOREACH_END(spooled
);
3180 if (!smartlist_len(spool_out
)) {
3181 *msg_out
= "Servers unavailable";
3187 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3188 * <b>key</b>. The key should be either
3189 * - "/tor/server/authority" for our own routerinfo;
3190 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3191 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3192 * hex identity digests; or
3193 * - "/tor/server/d/D" where D is a plus-separated sequence
3194 * of server descriptor digests, in hex.
3196 * Return 0 if we found some matching descriptors, or -1 if we do not
3197 * have any descriptors, no matching descriptors, or if we did not
3198 * recognize the key (URL).
3199 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3202 * XXXX rename this function. It's only called from the controller.
3203 * XXXX in fact, refactor this function, merging as much as possible.
3206 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3211 if (!strcmp(key
, "/tor/server/all")) {
3212 routerlist_t
*rl
= router_get_routerlist();
3213 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3214 smartlist_add(descs_out
, &(r
->cache_info
)));
3215 } else if (!strcmp(key
, "/tor/server/authority")) {
3216 const routerinfo_t
*ri
= router_get_my_routerinfo();
3218 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3219 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3220 smartlist_t
*digests
= smartlist_new();
3221 key
+= strlen("/tor/server/d/");
3222 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3223 DSR_HEX
|DSR_SORT_UNIQ
);
3224 SMARTLIST_FOREACH(digests
, const char *, d
,
3226 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3228 smartlist_add(descs_out
,sd
);
3230 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3231 smartlist_free(digests
);
3232 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3233 smartlist_t
*digests
= smartlist_new();
3234 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3235 key
+= strlen("/tor/server/fp/");
3236 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3237 DSR_HEX
|DSR_SORT_UNIQ
);
3238 SMARTLIST_FOREACH_BEGIN(digests
, const char *, d
) {
3239 if (router_digest_is_me(d
)) {
3240 /* calling router_get_my_routerinfo() to make sure it exists */
3241 const routerinfo_t
*ri
= router_get_my_routerinfo();
3243 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3245 const routerinfo_t
*ri
= router_get_by_id_digest(d
);
3246 /* Don't actually serve a descriptor that everyone will think is
3247 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3248 * Tors from downloading descriptors that they will throw away.
3250 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3251 smartlist_add(descs_out
, (void*) &(ri
->cache_info
));
3253 } SMARTLIST_FOREACH_END(d
);
3254 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3255 smartlist_free(digests
);
3257 *msg
= "Key not recognized";
3261 if (!smartlist_len(descs_out
)) {
3262 *msg
= "Servers unavailable";
3268 /** Called when a TLS handshake has completed successfully with a
3269 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3270 * a certificate with digest <b>digest_rcvd</b>.
3272 * Inform the reachability checker that we could get to this relay.
3275 dirserv_orconn_tls_done(const tor_addr_t
*addr
,
3277 const char *digest_rcvd
,
3278 const ed25519_public_key_t
*ed_id_rcvd
)
3280 node_t
*node
= NULL
;
3281 tor_addr_port_t orport
;
3282 routerinfo_t
*ri
= NULL
;
3283 time_t now
= time(NULL
);
3285 tor_assert(digest_rcvd
);
3287 node
= node_get_mutable_by_id(digest_rcvd
);
3288 if (node
== NULL
|| node
->ri
== NULL
)
3293 if (get_options()->AuthDirTestEd25519LinkKeys
&&
3294 node_supports_ed25519_link_authentication(node
) &&
3295 ri
->cache_info
.signing_key_cert
) {
3296 /* We allow the node to have an ed25519 key if we haven't been told one in
3297 * the routerinfo, but if we *HAVE* been told one in the routerinfo, it
3298 * needs to match. */
3299 const ed25519_public_key_t
*expected_id
=
3300 &ri
->cache_info
.signing_key_cert
->signing_key
;
3301 tor_assert(!ed25519_public_key_is_zero(expected_id
));
3302 if (! ed_id_rcvd
|| ! ed25519_pubkey_eq(ed_id_rcvd
, expected_id
)) {
3303 log_info(LD_DIRSERV
, "Router at %s:%d with RSA ID %s "
3304 "did not present expected Ed25519 ID.",
3305 fmt_addr(addr
), or_port
, hex_str(digest_rcvd
, DIGEST_LEN
));
3306 return; /* Don't mark it as reachable. */
3310 tor_addr_copy(&orport
.addr
, addr
);
3311 orport
.port
= or_port
;
3312 if (router_has_orport(ri
, &orport
)) {
3313 /* Found the right router. */
3314 if (!authdir_mode_bridge(get_options()) ||
3315 ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3316 char addrstr
[TOR_ADDR_BUF_LEN
];
3317 /* This is a bridge or we're not a bridge authority --
3318 mark it as reachable. */
3319 log_info(LD_DIRSERV
, "Found router %s to be reachable at %s:%d. Yay.",
3320 router_describe(ri
),
3321 tor_addr_to_str(addrstr
, addr
, sizeof(addrstr
), 1),
3323 if (tor_addr_family(addr
) == AF_INET
) {
3324 rep_hist_note_router_reachable(digest_rcvd
, addr
, or_port
, now
);
3325 node
->last_reachable
= now
;
3326 } else if (tor_addr_family(addr
) == AF_INET6
) {
3327 /* No rephist for IPv6. */
3328 node
->last_reachable6
= now
;
3334 /** Called when we, as an authority, receive a new router descriptor either as
3335 * an upload or a download. Used to decide whether to relaunch reachability
3336 * testing for the server. */
3338 dirserv_should_launch_reachability_test(const routerinfo_t
*ri
,
3339 const routerinfo_t
*ri_old
)
3341 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3344 /* New router: Launch an immediate reachability test, so we will have an
3345 * opinion soon in case we're generating a consensus soon */
3348 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3349 /* It just came out of hibernation; launch a reachability test */
3352 if (! routers_have_same_or_addrs(ri
, ri_old
)) {
3353 /* Address or port changed; launch a reachability test */
3359 /** Helper function for dirserv_test_reachability(). Start a TLS
3360 * connection to <b>router</b>, and annotate it with when we started
3363 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3365 const or_options_t
*options
= get_options();
3366 channel_t
*chan
= NULL
;
3367 const node_t
*node
= NULL
;
3368 tor_addr_t router_addr
;
3369 const ed25519_public_key_t
*ed_id_key
;
3373 node
= node_get_by_id(router
->cache_info
.identity_digest
);
3376 if (options
->AuthDirTestEd25519LinkKeys
&&
3377 node_supports_ed25519_link_authentication(node
)) {
3378 ed_id_key
= &router
->cache_info
.signing_key_cert
->signing_key
;
3384 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3385 router
->nickname
, fmt_addr32(router
->addr
), router
->or_port
);
3386 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3387 chan
= channel_tls_connect(&router_addr
, router
->or_port
,
3388 router
->cache_info
.identity_digest
,
3390 if (chan
) command_setup_channel(chan
);
3392 /* Possible IPv6. */
3393 if (get_options()->AuthDirHasIPv6Connectivity
== 1 &&
3394 !tor_addr_is_null(&router
->ipv6_addr
)) {
3395 char addrstr
[TOR_ADDR_BUF_LEN
];
3396 log_debug(LD_OR
, "Testing reachability of %s at %s:%u.",
3398 tor_addr_to_str(addrstr
, &router
->ipv6_addr
, sizeof(addrstr
), 1),
3399 router
->ipv6_orport
);
3400 chan
= channel_tls_connect(&router
->ipv6_addr
, router
->ipv6_orport
,
3401 router
->cache_info
.identity_digest
,
3403 if (chan
) command_setup_channel(chan
);
3407 /** Auth dir server only: load balance such that we only
3408 * try a few connections per call.
3410 * The load balancing is such that if we get called once every ten
3411 * seconds, we will cycle through all the tests in
3412 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3415 dirserv_test_reachability(time_t now
)
3417 /* XXX decide what to do here; see or-talk thread "purging old router
3418 * information, revocation." -NM
3419 * We can't afford to mess with this in 0.1.2.x. The reason is that
3420 * if we stop doing reachability tests on some of routerlist, then
3421 * we'll for-sure think they're down, which may have unexpected
3422 * effects in other parts of the code. It doesn't hurt much to do
3423 * the testing, and directory authorities are easy to upgrade. Let's
3424 * wait til 0.2.0. -RD */
3425 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3426 routerlist_t
*rl
= router_get_routerlist();
3427 static char ctr
= 0;
3428 int bridge_auth
= authdir_mode_bridge(get_options());
3430 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3431 const char *id_digest
= router
->cache_info
.identity_digest
;
3432 if (router_is_me(router
))
3434 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3435 continue; /* bridge authorities only test reachability on bridges */
3436 // if (router->cache_info.published_on > cutoff)
3438 if ((((uint8_t)id_digest
[0]) % REACHABILITY_MODULO_PER_TEST
) == ctr
) {
3439 dirserv_single_reachability_test(now
, router
);
3441 } SMARTLIST_FOREACH_END(router
);
3442 ctr
= (ctr
+ 1) % REACHABILITY_MODULO_PER_TEST
; /* increment ctr */
3449 spooled_resource_t
*
3450 spooled_resource_new(dir_spool_source_t source
,
3451 const uint8_t *digest
, size_t digestlen
)
3453 spooled_resource_t
*spooled
= tor_malloc_zero(sizeof(spooled_resource_t
));
3454 spooled
->spool_source
= source
;
3456 case DIR_SPOOL_NETWORKSTATUS
:
3457 spooled
->spool_eagerly
= 0;
3459 case DIR_SPOOL_SERVER_BY_DIGEST
:
3460 case DIR_SPOOL_SERVER_BY_FP
:
3461 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3462 case DIR_SPOOL_EXTRA_BY_FP
:
3463 case DIR_SPOOL_MICRODESC
:
3465 spooled
->spool_eagerly
= 1;
3467 case DIR_SPOOL_CONSENSUS_CACHE_ENTRY
:
3468 tor_assert_unreached();
3471 tor_assert(digestlen
<= sizeof(spooled
->digest
));
3473 memcpy(spooled
->digest
, digest
, digestlen
);
3478 * Create a new spooled_resource_t to spool the contents of <b>entry</b> to
3479 * the user. Return the spooled object on success, or NULL on failure (which
3480 * is probably caused by a failure to map the body of the item from disk).
3482 * Adds a reference to entry's reference counter.
3484 spooled_resource_t
*
3485 spooled_resource_new_from_cache_entry(consensus_cache_entry_t
*entry
)
3487 spooled_resource_t
*spooled
= tor_malloc_zero(sizeof(spooled_resource_t
));
3488 spooled
->spool_source
= DIR_SPOOL_CONSENSUS_CACHE_ENTRY
;
3489 spooled
->spool_eagerly
= 0;
3490 consensus_cache_entry_incref(entry
);
3491 spooled
->consensus_cache_entry
= entry
;
3493 int r
= consensus_cache_entry_get_body(entry
,
3499 spooled_resource_free(spooled
);
3504 /** Release all storage held by <b>spooled</b>. */
3506 spooled_resource_free(spooled_resource_t
*spooled
)
3508 if (spooled
== NULL
)
3511 if (spooled
->cached_dir_ref
) {
3512 cached_dir_decref(spooled
->cached_dir_ref
);
3515 if (spooled
->consensus_cache_entry
) {
3516 consensus_cache_entry_decref(spooled
->consensus_cache_entry
);
3522 /** When spooling data from a cached_dir_t object, we always add
3523 * at least this much. */
3524 #define DIRSERV_CACHED_DIR_CHUNK_SIZE 8192
3526 /** Return an compression ratio for compressing objects from <b>source</b>.
3529 estimate_compression_ratio(dir_spool_source_t source
)
3531 /* We should put in better estimates here, depending on the number of
3532 objects and their type */
3537 /** Return an estimated number of bytes needed for transmitting the
3538 * resource in <b>spooled</b> on <b>conn</b>
3540 * As a convenient side-effect, set *<b>published_out</b> to the resource's
3544 spooled_resource_estimate_size(const spooled_resource_t
*spooled
,
3545 dir_connection_t
*conn
,
3547 time_t *published_out
)
3549 if (spooled
->spool_eagerly
) {
3550 const uint8_t *body
= NULL
;
3552 int r
= spooled_resource_lookup_body(spooled
,
3553 connection_dir_is_encrypted(conn
),
3556 if (r
== -1 || body
== NULL
|| bodylen
== 0)
3559 double ratio
= estimate_compression_ratio(spooled
->spool_source
);
3560 bodylen
= (size_t)(bodylen
* ratio
);
3564 cached_dir_t
*cached
;
3565 if (spooled
->consensus_cache_entry
) {
3566 if (published_out
) {
3567 consensus_cache_entry_get_valid_after(
3568 spooled
->consensus_cache_entry
, published_out
);
3571 return spooled
->cce_len
;
3573 if (spooled
->cached_dir_ref
) {
3574 cached
= spooled
->cached_dir_ref
;
3576 cached
= spooled_resource_lookup_cached_dir(spooled
,
3579 if (cached
== NULL
) {
3582 size_t result
= compressed
? cached
->dir_compressed_len
: cached
->dir_len
;
3587 /** Return code for spooled_resource_flush_some */
3592 } spooled_resource_flush_status_t
;
3594 /** Flush some or all of the bytes from <b>spooled</b> onto <b>conn</b>.
3595 * Return SRFS_ERR on error, SRFS_MORE if there are more bytes to flush from
3596 * this spooled resource, or SRFS_DONE if we are done flushing this spooled
3599 static spooled_resource_flush_status_t
3600 spooled_resource_flush_some(spooled_resource_t
*spooled
,
3601 dir_connection_t
*conn
)
3603 if (spooled
->spool_eagerly
) {
3604 /* Spool_eagerly resources are sent all-at-once. */
3605 const uint8_t *body
= NULL
;
3607 int r
= spooled_resource_lookup_body(spooled
,
3608 connection_dir_is_encrypted(conn
),
3609 &body
, &bodylen
, NULL
);
3610 if (r
== -1 || body
== NULL
|| bodylen
== 0) {
3611 /* Absent objects count as "done". */
3614 if (conn
->compress_state
) {
3615 connection_write_to_buf_compress((const char*)body
, bodylen
, conn
, 0);
3617 connection_write_to_buf((const char*)body
, bodylen
, TO_CONN(conn
));
3621 cached_dir_t
*cached
= spooled
->cached_dir_ref
;
3622 consensus_cache_entry_t
*cce
= spooled
->consensus_cache_entry
;
3623 if (cached
== NULL
&& cce
== NULL
) {
3624 /* The cached_dir_t hasn't been materialized yet. So let's look it up. */
3625 cached
= spooled
->cached_dir_ref
=
3626 spooled_resource_lookup_cached_dir(spooled
, NULL
);
3628 /* Absent objects count as done. */
3632 tor_assert_nonfatal(spooled
->cached_dir_offset
== 0);
3635 if (BUG(!cached
&& !cce
))
3641 total_len
= cached
->dir_compressed_len
;
3642 ptr
= cached
->dir_compressed
;
3644 total_len
= spooled
->cce_len
;
3645 ptr
= (const char *)spooled
->cce_body
;
3647 /* How many bytes left to flush? */
3649 remaining
= total_len
- spooled
->cached_dir_offset
;
3650 if (BUG(remaining
< 0))
3652 ssize_t bytes
= (ssize_t
) MIN(DIRSERV_CACHED_DIR_CHUNK_SIZE
, remaining
);
3653 if (conn
->compress_state
) {
3654 connection_write_to_buf_compress(
3655 ptr
+ spooled
->cached_dir_offset
,
3658 connection_write_to_buf(ptr
+ spooled
->cached_dir_offset
,
3659 bytes
, TO_CONN(conn
));
3661 spooled
->cached_dir_offset
+= bytes
;
3662 if (spooled
->cached_dir_offset
>= (off_t
)total_len
) {
3670 /** Helper: find the cached_dir_t for a spooled_resource_t, for
3671 * sending it to <b>conn</b>. Set *<b>published_out</b>, if provided,
3672 * to the published time of the cached_dir_t.
3674 * DOES NOT increase the reference count on the result. Callers must do that
3675 * themselves if they mean to hang on to it.
3677 static cached_dir_t
*
3678 spooled_resource_lookup_cached_dir(const spooled_resource_t
*spooled
,
3679 time_t *published_out
)
3681 tor_assert(spooled
->spool_eagerly
== 0);
3682 cached_dir_t
*d
= lookup_cached_dir_by_fp(spooled
->digest
);
3685 *published_out
= d
->published
;
3690 /** Helper: Look up the body for an eagerly-served spooled_resource. If
3691 * <b>conn_is_encrypted</b> is false, don't look up any resource that
3692 * shouldn't be sent over an unencrypted connection. On success, set
3693 * <b>body_out</b>, <b>size_out</b>, and <b>published_out</b> to refer
3694 * to the resource's body, size, and publication date, and return 0.
3695 * On failure return -1. */
3697 spooled_resource_lookup_body(const spooled_resource_t
*spooled
,
3698 int conn_is_encrypted
,
3699 const uint8_t **body_out
,
3701 time_t *published_out
)
3703 tor_assert(spooled
->spool_eagerly
== 1);
3705 const signed_descriptor_t
*sd
= NULL
;
3707 switch (spooled
->spool_source
) {
3708 case DIR_SPOOL_EXTRA_BY_FP
: {
3709 sd
= get_signed_descriptor_by_fp(spooled
->digest
, 1);
3712 case DIR_SPOOL_SERVER_BY_FP
: {
3713 sd
= get_signed_descriptor_by_fp(spooled
->digest
, 0);
3716 case DIR_SPOOL_SERVER_BY_DIGEST
: {
3717 sd
= router_get_by_descriptor_digest((const char *)spooled
->digest
);
3720 case DIR_SPOOL_EXTRA_BY_DIGEST
: {
3721 sd
= extrainfo_get_by_descriptor_digest((const char *)spooled
->digest
);
3724 case DIR_SPOOL_MICRODESC
: {
3725 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(
3726 get_microdesc_cache(),
3727 (const char *)spooled
->digest
);
3728 if (! md
|| ! md
->body
) {
3731 *body_out
= (const uint8_t *)md
->body
;
3732 *size_out
= md
->bodylen
;
3734 *published_out
= TIME_MAX
;
3737 case DIR_SPOOL_NETWORKSTATUS
:
3738 case DIR_SPOOL_CONSENSUS_CACHE_ENTRY
:
3740 /* LCOV_EXCL_START */
3741 tor_assert_nonfatal_unreached();
3743 /* LCOV_EXCL_STOP */
3746 /* If we get here, then we tried to set "sd" to a signed_descriptor_t. */
3751 if (sd
->send_unencrypted
== 0 && ! conn_is_encrypted
) {
3752 /* we did this check once before (so we could have an accurate size
3753 * estimate and maybe send a 404 if somebody asked for only bridges on
3754 * a connection), but we need to do it again in case a previously
3755 * unknown bridge descriptor has shown up between then and now. */
3758 *body_out
= (const uint8_t *) signed_descriptor_get_body(sd
);
3759 *size_out
= sd
->signed_descriptor_len
;
3761 *published_out
= sd
->published_on
;
3765 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3766 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3767 * flavor name if we want a flavored v3 status, return a pointer to the
3768 * appropriate cached dir object, or NULL if there isn't one available. */
3769 static cached_dir_t
*
3770 lookup_cached_dir_by_fp(const uint8_t *fp
)
3772 cached_dir_t
*d
= NULL
;
3773 if (tor_digest_is_zero((const char *)fp
) && cached_consensuses
) {
3774 d
= strmap_get(cached_consensuses
, "ns");
3775 } else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
) {
3776 /* this here interface is a nasty hack: we're shoving a flavor into
3777 * a digest field. */
3778 d
= strmap_get(cached_consensuses
, (const char *)fp
);
3783 /** Try to guess the number of bytes that will be needed to send the
3784 * spooled objects for <b>conn</b>'s outgoing spool. In the process,
3785 * remove every element of the spool that refers to an absent object, or
3786 * which was published earlier than <b>cutoff</b>. Set *<b>size_out</b>
3787 * to the number of bytes, and *<b>n_expired_out</b> to the number of
3788 * objects removed for being too old. */
3790 dirserv_spool_remove_missing_and_guess_size(dir_connection_t
*conn
,
3799 smartlist_t
*spool
= conn
->spool
;
3809 SMARTLIST_FOREACH_BEGIN(spool
, spooled_resource_t
*, spooled
) {
3810 time_t published
= TIME_MAX
;
3811 size_t sz
= spooled_resource_estimate_size(spooled
, conn
,
3812 compression
, &published
);
3813 if (published
< cutoff
) {
3815 SMARTLIST_DEL_CURRENT(spool
, spooled
);
3816 spooled_resource_free(spooled
);
3817 } else if (sz
== 0) {
3818 SMARTLIST_DEL_CURRENT(spool
, spooled
);
3819 spooled_resource_free(spooled
);
3823 } SMARTLIST_FOREACH_END(spooled
);
3826 *size_out
= (total
> SIZE_MAX
) ? SIZE_MAX
: (size_t)total
;
3829 *n_expired_out
= n_expired
;
3832 /** Helper: used to sort a connection's spool. */
3834 dirserv_spool_sort_comparison_(const void **a_
, const void **b_
)
3836 const spooled_resource_t
*a
= *a_
;
3837 const spooled_resource_t
*b
= *b_
;
3838 return fast_memcmp(a
->digest
, b
->digest
, sizeof(a
->digest
));
3841 /** Sort all the entries in <b>conn</b> by digest. */
3843 dirserv_spool_sort(dir_connection_t
*conn
)
3845 if (conn
->spool
== NULL
)
3847 smartlist_sort(conn
->spool
, dirserv_spool_sort_comparison_
);
3850 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3851 * its extra-info document if <b>extrainfo</b> is true. Return
3852 * NULL if not found or if the descriptor is older than
3853 * <b>publish_cutoff</b>. */
3854 static const signed_descriptor_t
*
3855 get_signed_descriptor_by_fp(const uint8_t *fp
, int extrainfo
)
3857 if (router_digest_is_me((const char *)fp
)) {
3859 return &(router_get_my_extrainfo()->cache_info
);
3861 return &(router_get_my_routerinfo()->cache_info
);
3863 const routerinfo_t
*ri
= router_get_by_id_digest((const char *)fp
);
3866 return extrainfo_get_by_descriptor_digest(
3867 ri
->cache_info
.extra_info_digest
);
3869 return &ri
->cache_info
;
3875 /** When we're spooling data onto our outbuf, add more whenever we dip
3876 * below this threshold. */
3877 #define DIRSERV_BUFFER_MIN 16384
3880 * Called whenever we have flushed some directory data in state
3881 * SERVER_WRITING, or whenever we want to fill the buffer with initial
3882 * directory data (so that subsequent writes will occur, and trigger this
3885 * Return 0 on success, and -1 on failure.
3888 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3890 tor_assert(conn
->base_
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3891 if (conn
->spool
== NULL
)
3894 while (connection_get_outbuf_len(TO_CONN(conn
)) < DIRSERV_BUFFER_MIN
&&
3895 smartlist_len(conn
->spool
)) {
3896 spooled_resource_t
*spooled
=
3897 smartlist_get(conn
->spool
, smartlist_len(conn
->spool
)-1);
3898 spooled_resource_flush_status_t status
;
3899 status
= spooled_resource_flush_some(spooled
, conn
);
3900 if (status
== SRFS_ERR
) {
3902 } else if (status
== SRFS_MORE
) {
3905 tor_assert(status
== SRFS_DONE
);
3907 /* If we're here, we're done flushing this resource. */
3908 tor_assert(smartlist_pop_last(conn
->spool
) == spooled
);
3909 spooled_resource_free(spooled
);
3912 if (smartlist_len(conn
->spool
) > 0) {
3913 /* We're still spooling something. */
3917 /* If we get here, we're done. */
3918 smartlist_free(conn
->spool
);
3920 if (conn
->compress_state
) {
3921 /* Flush the compression state: there could be more bytes pending in there,
3922 * and we don't want to omit bytes. */
3923 connection_write_to_buf_compress("", 0, conn
, 1);
3924 tor_compress_free(conn
->compress_state
);
3925 conn
->compress_state
= NULL
;
3930 /** Remove every element from <b>conn</b>'s outgoing spool, and delete
3933 dir_conn_clear_spool(dir_connection_t
*conn
)
3935 if (!conn
|| ! conn
->spool
)
3937 SMARTLIST_FOREACH(conn
->spool
, spooled_resource_t
*, s
,
3938 spooled_resource_free(s
));
3939 smartlist_free(conn
->spool
);
3943 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3948 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3950 PACKAGENAME = NONSPACE
3953 DIGESTS = DIGEST | DIGESTS SP DIGEST
3954 DIGEST = DIGESTTYPE "=" DIGESTVAL
3956 NONSPACE = one or more non-space printing characters
3958 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3965 validate_recommended_package_line(const char *line
)
3967 const char *cp
= line
;
3973 cp = strchr(cp, ' '); \
3978 WORD(); /* skip packagename */
3980 WORD(); /* skip version */
3982 WORD(); /* Skip URL */
3985 /* Skip digesttype=digestval + */
3988 const char *start_of_word
= cp
;
3989 const char *end_of_word
= strchr(cp
, ' ');
3991 end_of_word
= cp
+ strlen(cp
);
3993 if (start_of_word
== end_of_word
)
3996 const char *eq
= memchr(start_of_word
, '=', end_of_word
- start_of_word
);
4000 if (eq
== start_of_word
)
4002 if (eq
== end_of_word
- 1)
4004 if (memchr(eq
+1, '=', end_of_word
- (eq
+1)))
4008 if (0 == *end_of_word
)
4011 cp
= end_of_word
+ 1;
4014 /* If we reach this point, we have at least 1 entry. */
4015 tor_assert(n_entries
> 0);
4019 /** Release all storage used by the directory server. */
4021 dirserv_free_all(void)
4023 dirserv_free_fingerprint_list();
4025 strmap_free(cached_consensuses
, free_cached_dir_
);
4026 cached_consensuses
= NULL
;
4028 dirserv_clear_measured_bw_cache();