search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add Coccinelle patch for replacing NULL/non-NULL tt_assert().
[tor.git] / src / or / dirserv.c
blobe5654e3b907fe1938c0652ff6ca15f614f64d20a
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2017, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define DIRSERV_PRIVATE
7 #include "or.h"
8 #include "buffers.h"
9 #include "config.h"
10 #include "confparse.h"
11 #include "channel.h"
12 #include "channeltls.h"
13 #include "command.h"
14 #include "connection.h"
15 #include "connection_or.h"
16 #include "conscache.h"
17 #include "consdiffmgr.h"
18 #include "control.h"
19 #include "directory.h"
20 #include "dirserv.h"
21 #include "dirvote.h"
22 #include "hibernate.h"
23 #include "keypin.h"
24 #include "main.h"
25 #include "microdesc.h"
26 #include "networkstatus.h"
27 #include "nodelist.h"
28 #include "policies.h"
29 #include "protover.h"
30 #include "rephist.h"
31 #include "router.h"
32 #include "routerlist.h"
33 #include "routerparse.h"
34 #include "routerset.h"
35 #include "torcert.h"
36
37 /**
38 * \file dirserv.c
39 * \brief Directory server core implementation. Manages directory
40 * contents and generates directories.
41 *
42 * This module implements most of directory cache functionality, and some of
43 * the directory authority functionality. The directory.c module delegates
44 * here in order to handle incoming requests from clients, via
45 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
46 * module is reponsible for spooling directory objects (in whole or in part)
47 * onto buf_t instances, and then closing the dir_connection_t once the
48 * objects are totally flushed.
49 *
50 * The directory.c module also delegates here for handling descriptor uploads
51 * via dirserv_add_multiple_descriptors().
52 *
53 * Additionally, this module handles some aspects of voting, including:
54 * deciding how to vote on individual flags (based on decisions reached in
55 * rephist.c), of formatting routerstatus lines, and deciding what relays to
56 * include in an authority's vote. (TODO: Those functions could profitably be
57 * split off. They only live in this file because historically they were
58 * shared among the v1, v2, and v3 directory code.)
59 */
60
61 /** How far in the future do we allow a router to get? (seconds) */
62 #define ROUTER_ALLOW_SKEW (60*60*12)
63 /** How many seconds do we wait before regenerating the directory? */
64 #define DIR_REGEN_SLACK_TIME 30
65 /** If we're a cache, keep this many networkstatuses around from non-trusted
66 * directory authorities. */
67 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
68
69 /** Total number of routers with measured bandwidth; this is set by
70 * dirserv_count_measured_bws() before the loop in
71 * dirserv_generate_networkstatus_vote_obj() and checked by
72 * dirserv_get_credible_bandwidth() and
73 * dirserv_compute_performance_thresholds() */
74 static int routers_with_measured_bw = 0;
75
76 static void directory_remove_invalid(void);
77 static char *format_versions_list(config_line_t *ln);
78 struct authdir_config_t;
79 static uint32_t
80 dirserv_get_status_impl(const char *fp, const char *nickname,
81 uint32_t addr, uint16_t or_port,
82 const char *platform, const char **msg,
83 int severity);
84 static void clear_cached_dir(cached_dir_t *d);
85 static const signed_descriptor_t *get_signed_descriptor_by_fp(
86 const uint8_t *fp,
87 int extrainfo);
88 static was_router_added_t dirserv_add_extrainfo(extrainfo_t *ei,
89 const char **msg);
90 static uint32_t dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri);
91 static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri);
92
93 static int spooled_resource_lookup_body(const spooled_resource_t *spooled,
94 int conn_is_encrypted,
95 const uint8_t **body_out,
96 size_t *size_out,
97 time_t *published_out);
98 static cached_dir_t *spooled_resource_lookup_cached_dir(
99 const spooled_resource_t *spooled,
100 time_t *published_out);
101 static cached_dir_t *lookup_cached_dir_by_fp(const uint8_t *fp);
102
103 /************** Fingerprint handling code ************/
104
105 /* 1 Historically used to indicate Named */
106 #define FP_INVALID 2 /**< Believed invalid. */
107 #define FP_REJECT 4 /**< We will not publish this router. */
108 /* 8 Historically used to avoid using this as a dir. */
109 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
110 /* 32 Historically used to indicade Unnamed */
111
112 /** Target of status_by_digest map. */
113 typedef uint32_t router_status_t;
114
115 static void add_fingerprint_to_dir(const char *fp,
116 struct authdir_config_t *list,
117 router_status_t add_status);
118
119 /** List of nickname-\>identity fingerprint mappings for all the routers
120 * that we name. Used to prevent router impersonation. */
121 typedef struct authdir_config_t {
122 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
123 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
124 } authdir_config_t;
125
126 /** Should be static; exposed for testing. */
127 static authdir_config_t *fingerprint_list = NULL;
128
129 /** Allocate and return a new, empty, authdir_config_t. */
130 static authdir_config_t *
131 authdir_config_new(void)
132 {
133 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
134 list->fp_by_name = strmap_new();
135 list->status_by_digest = digestmap_new();
136 return list;
137 }
138
139 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
140 * <b>list</b>, or-ing the currently set status flags with
141 * <b>add_status</b>.
142 */
143 /* static */ void
144 add_fingerprint_to_dir(const char *fp, authdir_config_t *list,
145 router_status_t add_status)
146 {
147 char *fingerprint;
148 char d[DIGEST_LEN];
149 router_status_t *status;
150 tor_assert(fp);
151 tor_assert(list);
152
153 fingerprint = tor_strdup(fp);
154 tor_strstrip(fingerprint, " ");
155 if (base16_decode(d, DIGEST_LEN,
156 fingerprint, strlen(fingerprint)) != DIGEST_LEN) {
157 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
158 escaped(fp));
159 tor_free(fingerprint);
160 return;
161 }
162
163 status = digestmap_get(list->status_by_digest, d);
164 if (!status) {
165 status = tor_malloc_zero(sizeof(router_status_t));
166 digestmap_set(list->status_by_digest, d, status);
167 }
168
169 tor_free(fingerprint);
170 *status |= add_status;
171 return;
172 }
173
174 /** Add the fingerprint for this OR to the global list of recognized
175 * identity key fingerprints. */
176 int
177 dirserv_add_own_fingerprint(crypto_pk_t *pk)
178 {
179 char fp[FINGERPRINT_LEN+1];
180 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
181 log_err(LD_BUG, "Error computing fingerprint");
182 return -1;
183 }
184 if (!fingerprint_list)
185 fingerprint_list = authdir_config_new();
186 add_fingerprint_to_dir(fp, fingerprint_list, 0);
187 return 0;
188 }
189
190 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
191 * file. The file format is line-based, with each non-blank holding one
192 * nickname, some space, and a fingerprint for that nickname. On success,
193 * replace the current fingerprint list with the new list and return 0. On
194 * failure, leave the current fingerprint list untouched, and return -1. */
195 int
196 dirserv_load_fingerprint_file(void)
197 {
198 char *fname;
199 char *cf;
200 char *nickname, *fingerprint;
201 authdir_config_t *fingerprint_list_new;
202 int result;
203 config_line_t *front=NULL, *list;
204
205 fname = get_datadir_fname("approved-routers");
206 log_info(LD_GENERAL,
207 "Reloading approved fingerprints from \"%s\"...", fname);
208
209 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
210 if (!cf) {
211 log_warn(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
212 tor_free(fname);
213 return 0;
214 }
215 tor_free(fname);
216
217 result = config_get_lines(cf, &front, 0);
218 tor_free(cf);
219 if (result < 0) {
220 log_warn(LD_CONFIG, "Error reading from fingerprint file");
221 return -1;
222 }
223
224 fingerprint_list_new = authdir_config_new();
225
226 for (list=front; list; list=list->next) {
227 char digest_tmp[DIGEST_LEN];
228 router_status_t add_status = 0;
229 nickname = list->key; fingerprint = list->value;
230 tor_strstrip(fingerprint, " "); /* remove spaces */
231 if (strlen(fingerprint) != HEX_DIGEST_LEN ||
232 base16_decode(digest_tmp, sizeof(digest_tmp),
233 fingerprint, HEX_DIGEST_LEN) != sizeof(digest_tmp)) {
234 log_notice(LD_CONFIG,
235 "Invalid fingerprint (nickname '%s', "
236 "fingerprint %s). Skipping.",
237 nickname, fingerprint);
238 continue;
239 }
240 if (!strcasecmp(nickname, "!reject")) {
241 add_status = FP_REJECT;
242 } else if (!strcasecmp(nickname, "!badexit")) {
243 add_status = FP_BADEXIT;
244 } else if (!strcasecmp(nickname, "!invalid")) {
245 add_status = FP_INVALID;
246 }
247 add_fingerprint_to_dir(fingerprint, fingerprint_list_new, add_status);
248 }
249
250 config_free_lines(front);
251 dirserv_free_fingerprint_list();
252 fingerprint_list = fingerprint_list_new;
253 /* Delete any routers whose fingerprints we no longer recognize */
254 directory_remove_invalid();
255 return 0;
256 }
257
258 /* If this is set, then we don't allow routers that have advertised an Ed25519
259 * identity to stop doing so. This is going to be essential for good identity
260 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
261 * just sign fake descriptors missing the Ed25519 key. But we won't actually
262 * be able to prevent that kind of thing until we're confident that there
263 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
264 * to leave this #undef.
265 */
266 #undef DISABLE_DISABLING_ED25519
267
268 /** Check whether <b>router</b> has a nickname/identity key combination that
269 * we recognize from the fingerprint list, or an IP we automatically act on
270 * according to our configuration. Return the appropriate router status.
271 *
272 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
273 * *<b>msg</b> to an explanation of why. */
274 uint32_t
275 dirserv_router_get_status(const routerinfo_t *router, const char **msg,
276 int severity)
277 {
278 char d[DIGEST_LEN];
279 const int key_pinning = get_options()->AuthDirPinKeys;
280
281 if (crypto_pk_get_digest(router->identity_pkey, d)) {
282 log_warn(LD_BUG,"Error computing fingerprint");
283 if (msg)
284 *msg = "Bug: Error computing fingerprint";
285 return FP_REJECT;
286 }
287
288 /* Check for the more usual versions to reject a router first. */
289 const uint32_t r = dirserv_get_status_impl(d, router->nickname,
290 router->addr, router->or_port,
291 router->platform, msg, severity);
292 if (r)
293 return r;
294
295 /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
296 * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
297 * But just in case a relay doesn't provide or lies about its version, or
298 * doesn't include an ntor key in its descriptor, check that it exists,
299 * and is non-zero (clients check that it's non-zero before using it). */
300 if (!routerinfo_has_curve25519_onion_key(router)) {
301 log_fn(severity, LD_DIR,
302 "Descriptor from router %s is missing an ntor curve25519 onion "
303 "key.", router_describe(router));
304 if (msg)
305 *msg = "Missing ntor curve25519 onion key. Please upgrade!";
306 return FP_REJECT;
307 }
308
309 if (router->cache_info.signing_key_cert) {
310 /* This has an ed25519 identity key. */
311 if (KEYPIN_MISMATCH ==
312 keypin_check((const uint8_t*)router->cache_info.identity_digest,
313 router->cache_info.signing_key_cert->signing_key.pubkey)) {
314 log_fn(severity, LD_DIR,
315 "Descriptor from router %s has an Ed25519 key, "
316 "but the <rsa,ed25519> keys don't match what they were before.",
317 router_describe(router));
318 if (key_pinning) {
319 if (msg) {
320 *msg = "Ed25519 identity key or RSA identity key has changed.";
321 }
322 return FP_REJECT;
323 }
324 }
325 } else {
326 /* No ed25519 key */
327 if (KEYPIN_MISMATCH == keypin_check_lone_rsa(
328 (const uint8_t*)router->cache_info.identity_digest)) {
329 log_fn(severity, LD_DIR,
330 "Descriptor from router %s has no Ed25519 key, "
331 "when we previously knew an Ed25519 for it. Ignoring for now, "
332 "since Ed25519 keys are fairly new.",
333 router_describe(router));
334 #ifdef DISABLE_DISABLING_ED25519
335 if (key_pinning) {
336 if (msg) {
337 *msg = "Ed25519 identity key has disappeared.";
338 }
339 return FP_REJECT;
340 }
341 #endif
342 }
343 }
344
345 return 0;
346 }
347
348 /** Return true if there is no point in downloading the router described by
349 * <b>rs</b> because this directory would reject it. */
350 int
351 dirserv_would_reject_router(const routerstatus_t *rs)
352 {
353 uint32_t res;
354
355 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
356 rs->addr, rs->or_port,
357 NULL, NULL, LOG_DEBUG);
358
359 return (res & FP_REJECT) != 0;
360 }
361
362 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
363 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
364 * port and platform (logging only) as arguments.
365 *
366 * Log messages at 'severity'. (There's not much point in
367 * logging that we're rejecting servers we'll not download.)
368 */
369 static uint32_t
370 dirserv_get_status_impl(const char *id_digest, const char *nickname,
371 uint32_t addr, uint16_t or_port,
372 const char *platform, const char **msg, int severity)
373 {
374 uint32_t result = 0;
375 router_status_t *status_by_digest;
376
377 if (!fingerprint_list)
378 fingerprint_list = authdir_config_new();
379
380 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
381 strmap_size(fingerprint_list->fp_by_name),
382 digestmap_size(fingerprint_list->status_by_digest));
383
384 if (platform) {
385 tor_version_t ver_tmp;
386 if (tor_version_parse_platform(platform, &ver_tmp, 1) < 0) {
387 if (msg) {
388 *msg = "Malformed platform string.";
389 }
390 return FP_REJECT;
391 }
392 }
393
394 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
395 * missing some important security fixes too. Disable them. */
396 if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) {
397 if (msg)
398 *msg = "Tor version is insecure or unsupported. Please upgrade!";
399 return FP_REJECT;
400 }
401
402 /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't
403 * keep their consensus up to date so they make bad guards.
404 * The simple fix is to just drop them from the network. */
405 if (platform &&
406 tor_version_as_new_as(platform,"0.2.9.0-alpha") &&
407 !tor_version_as_new_as(platform,"0.2.9.5-alpha")) {
408 if (msg)
409 *msg = "Tor version contains bug 20499. Please upgrade!";
410 return FP_REJECT;
411 }
412
413 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
414 id_digest);
415 if (status_by_digest)
416 result |= *status_by_digest;
417
418 if (result & FP_REJECT) {
419 if (msg)
420 *msg = "Fingerprint is marked rejected -- please contact us?";
421 return FP_REJECT;
422 } else if (result & FP_INVALID) {
423 if (msg)
424 *msg = "Fingerprint is marked invalid";
425 }
426
427 if (authdir_policy_badexit_address(addr, or_port)) {
428 log_fn(severity, LD_DIRSERV,
429 "Marking '%s' as bad exit because of address '%s'",
430 nickname, fmt_addr32(addr));
431 result |= FP_BADEXIT;
432 }
433
434 if (!authdir_policy_permits_address(addr, or_port)) {
435 log_fn(severity, LD_DIRSERV, "Rejecting '%s' because of address '%s'",
436 nickname, fmt_addr32(addr));
437 if (msg)
438 *msg = "Suspicious relay address range -- please contact us?";
439 return FP_REJECT;
440 }
441 if (!authdir_policy_valid_address(addr, or_port)) {
442 log_fn(severity, LD_DIRSERV,
443 "Not marking '%s' valid because of address '%s'",
444 nickname, fmt_addr32(addr));
445 result |= FP_INVALID;
446 }
447
448 return result;
449 }
450
451 /** Clear the current fingerprint list. */
452 void
453 dirserv_free_fingerprint_list(void)
454 {
455 if (!fingerprint_list)
456 return;
457
458 strmap_free(fingerprint_list->fp_by_name, tor_free_);
459 digestmap_free(fingerprint_list->status_by_digest, tor_free_);
460 tor_free(fingerprint_list);
461 }
462
463 /*
464 * Descriptor list
465 */
466
467 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
468 * unless we're configured to not care. Return 0 if all ok. */
469 static int
470 dirserv_router_has_valid_address(routerinfo_t *ri)
471 {
472 tor_addr_t addr;
473 if (get_options()->DirAllowPrivateAddresses)
474 return 0; /* whatever it is, we're fine with it */
475 tor_addr_from_ipv4h(&addr, ri->addr);
476
477 if (tor_addr_is_internal(&addr, 0)) {
478 log_info(LD_DIRSERV,
479 "Router %s published internal IP address. Refusing.",
480 router_describe(ri));
481 return -1; /* it's a private IP, we should reject it */
482 }
483 return 0;
484 }
485
486 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
487 * set its is_valid,running fields and return 0. Otherwise, return -1.
488 *
489 * If the router is rejected, set *<b>msg</b> to an explanation of why.
490 *
491 * If <b>complain</b> then explain at log-level 'notice' why we refused
492 * a descriptor; else explain at log-level 'info'.
493 */
494 int
495 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
496 int complain, int *valid_out)
497 {
498 /* Okay. Now check whether the fingerprint is recognized. */
499 time_t now;
500 int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
501 uint32_t status = dirserv_router_get_status(ri, msg, severity);
502 tor_assert(msg);
503 if (status & FP_REJECT)
504 return -1; /* msg is already set. */
505
506 /* Is there too much clock skew? */
507 now = time(NULL);
508 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
509 log_fn(severity, LD_DIRSERV, "Publication time for %s is too "
510 "far (%d minutes) in the future; possible clock skew. Not adding "
511 "(%s)",
512 router_describe(ri),
513 (int)((ri->cache_info.published_on-now)/60),
514 esc_router_info(ri));
515 *msg = "Rejected: Your clock is set too far in the future, or your "
516 "timezone is not correct.";
517 return -1;
518 }
519 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
520 log_fn(severity, LD_DIRSERV,
521 "Publication time for %s is too far "
522 "(%d minutes) in the past. Not adding (%s)",
523 router_describe(ri),
524 (int)((now-ri->cache_info.published_on)/60),
525 esc_router_info(ri));
526 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
527 " or your timezone is not correct.";
528 return -1;
529 }
530 if (dirserv_router_has_valid_address(ri) < 0) {
531 log_fn(severity, LD_DIRSERV,
532 "Router %s has invalid address. Not adding (%s).",
533 router_describe(ri),
534 esc_router_info(ri));
535 *msg = "Rejected: Address is a private address.";
536 return -1;
537 }
538
539 *valid_out = ! (status & FP_INVALID);
540
541 return 0;
542 }
543
544 /** Update the relevant flags of <b>node</b> based on our opinion as a
545 * directory authority in <b>authstatus</b>, as returned by
546 * dirserv_router_get_status or equivalent. */
547 void
548 dirserv_set_node_flags_from_authoritative_status(node_t *node,
549 uint32_t authstatus)
550 {
551 node->is_valid = (authstatus & FP_INVALID) ? 0 : 1;
552 node->is_bad_exit = (authstatus & FP_BADEXIT) ? 1 : 0;
553 }
554
555 /** True iff <b>a</b> is more severe than <b>b</b>. */
556 static int
557 WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
558 {
559 return a < b;
560 }
561
562 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
563 * returns the most severe error that occurred for any one of them. */
564 was_router_added_t
565 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
566 const char *source,
567 const char **msg)
568 {
569 was_router_added_t r, r_tmp;
570 const char *msg_out;
571 smartlist_t *list;
572 const char *s;
573 int n_parsed = 0;
574 time_t now = time(NULL);
575 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
576 char time_buf[ISO_TIME_LEN+1];
577 int general = purpose == ROUTER_PURPOSE_GENERAL;
578 tor_assert(msg);
579
580 r=ROUTER_ADDED_SUCCESSFULLY; /*Least severe return value. */
581
582 format_iso_time(time_buf, now);
583 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
584 "@uploaded-at %s\n"
585 "@source %s\n"
586 "%s%s%s", time_buf, escaped(source),
587 !general ? "@purpose " : "",
588 !general ? router_purpose_to_string(purpose) : "",
589 !general ? "\n" : "")<0) {
590 *msg = "Couldn't format annotations";
591 /* XXX Not cool: we return -1 below, but (was_router_added_t)-1 is
592 * ROUTER_BAD_EI, which isn't what's gone wrong here. :( */
593 return -1;
594 }
595
596 s = desc;
597 list = smartlist_new();
598 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
599 annotation_buf, NULL)) {
600 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
601 msg_out = NULL;
602 tor_assert(ri->purpose == purpose);
603 r_tmp = dirserv_add_descriptor(ri, &msg_out, source);
604 if (WRA_MORE_SEVERE(r_tmp, r)) {
605 r = r_tmp;
606 *msg = msg_out;
607 }
608 });
609 }
610 n_parsed += smartlist_len(list);
611 smartlist_clear(list);
612
613 s = desc;
614 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
615 NULL, NULL)) {
616 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
617 msg_out = NULL;
618
619 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
620 if (WRA_MORE_SEVERE(r_tmp, r)) {
621 r = r_tmp;
622 *msg = msg_out;
623 }
624 });
625 }
626 n_parsed += smartlist_len(list);
627 smartlist_free(list);
628
629 if (! *msg) {
630 if (!n_parsed) {
631 *msg = "No descriptors found in your POST.";
632 if (WRA_WAS_ADDED(r))
633 r = ROUTER_IS_ALREADY_KNOWN;
634 } else {
635 *msg = "(no message)";
636 }
637 }
638
639 return r;
640 }
641
642 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
643 * the list of server descriptors. Set *<b>msg</b> to a message that should be
644 * passed back to the origin of this descriptor, or NULL if there is no such
645 * message. Use <b>source</b> to produce better log messages.
646 *
647 * If <b>ri</b> is not added to the list of server descriptors, free it.
648 * That means the caller must not access <b>ri</b> after this function
649 * returns, since it might have been freed.
650 *
651 * Return the status of the operation.
652 *
653 * This function is only called when fresh descriptors are posted, not when
654 * we re-load the cache.
655 */
656 was_router_added_t
657 dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
658 {
659 was_router_added_t r;
660 routerinfo_t *ri_old;
661 char *desc, *nickname;
662 const size_t desclen = ri->cache_info.signed_descriptor_len +
663 ri->cache_info.annotations_len;
664 const int key_pinning = get_options()->AuthDirPinKeys;
665 *msg = NULL;
666
667 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
668 * network and it'll clog everything up. */
669 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
670 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor '%s'"
671 " (source: %s) with size %d. Either this is an attack, or the "
672 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
673 ri->nickname, source, (int)ri->cache_info.signed_descriptor_len,
674 MAX_DESCRIPTOR_UPLOAD_SIZE);
675 *msg = "Router descriptor was too large.";
676 control_event_or_authdir_new_descriptor("REJECTED",
677 ri->cache_info.signed_descriptor_body,
678 desclen, *msg);
679 r = ROUTER_AUTHDIR_REJECTS;
680 goto fail;
681 }
682
683 /* Check whether this descriptor is semantically identical to the last one
684 * from this server. (We do this here and not in router_add_to_routerlist
685 * because we want to be able to accept the newest router descriptor that
686 * another authority has, so we all converge on the same one.) */
687 ri_old = router_get_mutable_by_digest(ri->cache_info.identity_digest);
688 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
689 && router_differences_are_cosmetic(ri_old, ri)
690 && !router_is_me(ri)) {
691 log_info(LD_DIRSERV,
692 "Not replacing descriptor from %s (source: %s); "
693 "differences are cosmetic.",
694 router_describe(ri), source);
695 *msg = "Not replacing router descriptor; no information has changed since "
696 "the last one with this identity.";
697 control_event_or_authdir_new_descriptor("DROPPED",
698 ri->cache_info.signed_descriptor_body,
699 desclen, *msg);
700 r = ROUTER_IS_ALREADY_KNOWN;
701 goto fail;
702 }
703
704 /* Do keypinning again ... this time, to add the pin if appropriate */
705 int keypin_status;
706 if (ri->cache_info.signing_key_cert) {
707 ed25519_public_key_t *pkey = &ri->cache_info.signing_key_cert->signing_key;
708 /* First let's validate this pubkey before pinning it */
709 if (ed25519_validate_pubkey(pkey) < 0) {
710 log_warn(LD_DIRSERV, "Received bad key from %s (source %s)",
711 router_describe(ri), source);
712 control_event_or_authdir_new_descriptor("REJECTED",
713 ri->cache_info.signed_descriptor_body,
714 desclen, *msg);
715 routerinfo_free(ri);
716 return ROUTER_AUTHDIR_REJECTS;
717 }
718
719 /* Now pin it! */
720 keypin_status = keypin_check_and_add(
721 (const uint8_t*)ri->cache_info.identity_digest,
722 pkey->pubkey, ! key_pinning);
723 } else {
724 keypin_status = keypin_check_lone_rsa(
725 (const uint8_t*)ri->cache_info.identity_digest);
726 #ifndef DISABLE_DISABLING_ED25519
727 if (keypin_status == KEYPIN_MISMATCH)
728 keypin_status = KEYPIN_NOT_FOUND;
729 #endif
730 }
731 if (keypin_status == KEYPIN_MISMATCH && key_pinning) {
732 log_info(LD_DIRSERV, "Dropping descriptor from %s (source: %s) because "
733 "its key did not match an older RSA/Ed25519 keypair",
734 router_describe(ri), source);
735 *msg = "Looks like your keypair does not match its older value.";
736 r = ROUTER_AUTHDIR_REJECTS;
737 goto fail;
738 }
739
740 /* Make a copy of desc, since router_add_to_routerlist might free
741 * ri and its associated signed_descriptor_t. */
742 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
743 nickname = tor_strdup(ri->nickname);
744
745 /* Tell if we're about to need to launch a test if we add this. */
746 ri->needs_retest_if_added =
747 dirserv_should_launch_reachability_test(ri, ri_old);
748
749 r = router_add_to_routerlist(ri, msg, 0, 0);
750 if (!WRA_WAS_ADDED(r)) {
751 /* unless the routerinfo was fine, just out-of-date */
752 if (WRA_WAS_REJECTED(r))
753 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
754 log_info(LD_DIRSERV,
755 "Did not add descriptor from '%s' (source: %s): %s.",
756 nickname, source, *msg ? *msg : "(no message)");
757 } else {
758 smartlist_t *changed;
759 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
760
761 changed = smartlist_new();
762 smartlist_add(changed, ri);
763 routerlist_descriptors_added(changed, 0);
764 smartlist_free(changed);
765 if (!*msg) {
766 *msg = "Descriptor accepted";
767 }
768 log_info(LD_DIRSERV,
769 "Added descriptor from '%s' (source: %s): %s.",
770 nickname, source, *msg);
771 }
772 tor_free(desc);
773 tor_free(nickname);
774 return r;
775 fail:
776 {
777 const char *desc_digest = ri->cache_info.signed_descriptor_digest;
778 download_status_t *dls =
779 router_get_dl_status_by_descriptor_digest(desc_digest);
780 if (dls) {
781 log_info(LD_GENERAL, "Marking router with descriptor %s as rejected, "
782 "and therefore undownloadable",
783 hex_str(desc_digest, DIGEST_LEN));
784 download_status_mark_impossible(dls);
785 }
786 routerinfo_free(ri);
787 }
788 return r;
789 }
790
791 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
792 static was_router_added_t
793 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
794 {
795 routerinfo_t *ri;
796 int r;
797 was_router_added_t rv;
798 tor_assert(msg);
799 *msg = NULL;
800
801 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
802 * can mess with some of the flags in ri->cache_info. */
803 ri = router_get_mutable_by_digest(ei->cache_info.identity_digest);
804 if (!ri) {
805 *msg = "No corresponding router descriptor for extra-info descriptor";
806 rv = ROUTER_BAD_EI;
807 goto fail;
808 }
809
810 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
811 * network and it'll clog everything up. */
812 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
813 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
814 "with size %d. Either this is an attack, or the "
815 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
816 (int)ei->cache_info.signed_descriptor_len,
817 MAX_EXTRAINFO_UPLOAD_SIZE);
818 *msg = "Extrainfo document was too large";
819 rv = ROUTER_BAD_EI;
820 goto fail;
821 }
822
823 if ((r = routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei,
824 &ri->cache_info, msg))) {
825 if (r<0) {
826 extrainfo_free(ei);
827 return ROUTER_IS_ALREADY_KNOWN;
828 }
829 rv = ROUTER_BAD_EI;
830 goto fail;
831 }
832 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
833 return ROUTER_ADDED_SUCCESSFULLY;
834 fail:
835 {
836 const char *d = ei->cache_info.signed_descriptor_digest;
837 signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d);
838 if (sd) {
839 log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
840 "rejected, and therefore undownloadable",
841 hex_str((char*)d,DIGEST_LEN));
842 download_status_mark_impossible(&sd->ei_dl_status);
843 }
844 extrainfo_free(ei);
845 }
846 return rv;
847 }
848
849 /** Remove all descriptors whose nicknames or fingerprints no longer
850 * are allowed by our fingerprint list. (Descriptors that used to be
851 * good can become bad when we reload the fingerprint list.)
852 */
853 static void
854 directory_remove_invalid(void)
855 {
856 routerlist_t *rl = router_get_routerlist();
857 smartlist_t *nodes = smartlist_new();
858 smartlist_add_all(nodes, nodelist_get_list());
859
860 SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
861 const char *msg = NULL;
862 routerinfo_t *ent = node->ri;
863 char description[NODE_DESC_BUF_LEN];
864 uint32_t r;
865 if (!ent)
866 continue;
867 r = dirserv_router_get_status(ent, &msg, LOG_INFO);
868 router_get_description(description, ent);
869 if (r & FP_REJECT) {
870 log_info(LD_DIRSERV, "Router %s is now rejected: %s",
871 description, msg?msg:"");
872 routerlist_remove(rl, ent, 0, time(NULL));
873 continue;
874 }
875 if (bool_neq((r & FP_INVALID), !node->is_valid)) {
876 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", description,
877 (r&FP_INVALID) ? "in" : "");
878 node->is_valid = (r&FP_INVALID)?0:1;
879 }
880 if (bool_neq((r & FP_BADEXIT), node->is_bad_exit)) {
881 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
882 (r & FP_BADEXIT) ? "bad" : "good");
883 node->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
884 }
885 } SMARTLIST_FOREACH_END(node);
886
887 routerlist_assert_ok(rl);
888 smartlist_free(nodes);
889 }
890
891 /**
892 * Allocate and return a description of the status of the server <b>desc</b>,
893 * for use in a v1-style router-status line. The server is listed
894 * as running iff <b>is_live</b> is true.
895 *
896 * This is deprecated: it's only used for controllers that want outputs in
897 * the old format.
898 */
899 static char *
900 list_single_server_status(const routerinfo_t *desc, int is_live)
901 {
902 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
903 char *cp;
904 const node_t *node;
905
906 tor_assert(desc);
907
908 cp = buf;
909 if (!is_live) {
910 *cp++ = '!';
911 }
912 node = node_get_by_id(desc->cache_info.identity_digest);
913 if (node && node->is_valid) {
914 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
915 cp += strlen(cp);
916 *cp++ = '=';
917 }
918 *cp++ = '$';
919 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
920 DIGEST_LEN);
921 return tor_strdup(buf);
922 }
923
924 /* DOCDOC running_long_enough_to_decide_unreachable */
925 static inline int
926 running_long_enough_to_decide_unreachable(void)
927 {
928 return time_of_process_start
929 + get_options()->TestingAuthDirTimeToLearnReachability < approx_time();
930 }
931
932 /** Each server needs to have passed a reachability test no more
933 * than this number of seconds ago, or it is listed as down in
934 * the directory. */
935 #define REACHABLE_TIMEOUT (45*60)
936
937 /** If we tested a router and found it reachable _at least this long_ after it
938 * declared itself hibernating, it is probably done hibernating and we just
939 * missed a descriptor from it. */
940 #define HIBERNATION_PUBLICATION_SKEW (60*60)
941
942 /** Treat a router as alive if
943 * - It's me, and I'm not hibernating.
944 * or - We've found it reachable recently. */
945 void
946 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
947 {
948 /*XXXX This function is a mess. Separate out the part that calculates
949 whether it's reachable and the part that tells rephist that the router was
950 unreachable.
951 */
952 int answer;
953 const or_options_t *options = get_options();
954 node_t *node = node_get_mutable_by_id(router->cache_info.identity_digest);
955 tor_assert(node);
956
957 if (router_is_me(router)) {
958 /* We always know if we are down ourselves. */
959 answer = ! we_are_hibernating();
960 } else if (router->is_hibernating &&
961 (router->cache_info.published_on +
962 HIBERNATION_PUBLICATION_SKEW) > node->last_reachable) {
963 /* A hibernating router is down unless we (somehow) had contact with it
964 * since it declared itself to be hibernating. */
965 answer = 0;
966 } else if (options->AssumeReachable) {
967 /* If AssumeReachable, everybody is up unless they say they are down! */
968 answer = 1;
969 } else {
970 /* Otherwise, a router counts as up if we found all announced OR
971 ports reachable in the last REACHABLE_TIMEOUT seconds.
972
973 XXX prop186 For now there's always one IPv4 and at most one
974 IPv6 OR port.
975
976 If we're not on IPv6, don't consider reachability of potential
977 IPv6 OR port since that'd kill all dual stack relays until a
978 majority of the dir auths have IPv6 connectivity. */
979 answer = (now < node->last_reachable + REACHABLE_TIMEOUT &&
980 (options->AuthDirHasIPv6Connectivity != 1 ||
981 tor_addr_is_null(&router->ipv6_addr) ||
982 now < node->last_reachable6 + REACHABLE_TIMEOUT));
983 }
984
985 if (!answer && running_long_enough_to_decide_unreachable()) {
986 /* Not considered reachable. tell rephist about that.
987
988 Because we launch a reachability test for each router every
989 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
990 been down since at least that time after we last successfully reached
991 it.
992
993 XXX ipv6
994 */
995 time_t when = now;
996 if (node->last_reachable &&
997 node->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD < now)
998 when = node->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD;
999 rep_hist_note_router_unreachable(router->cache_info.identity_digest, when);
1000 }
1001
1002 node->is_running = answer;
1003 }
1004
1005 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
1006 * contents of a v1-style router-status line, and store it in
1007 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
1008 *
1009 * If for_controller is true, include the routers with very old descriptors.
1010 *
1011 * This is deprecated: it's only used for controllers that want outputs in
1012 * the old format.
1013 */
1014 int
1015 list_server_status_v1(smartlist_t *routers, char **router_status_out,
1016 int for_controller)
1017 {
1018 /* List of entries in a router-status style: An optional !, then an optional
1019 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
1020 smartlist_t *rs_entries;
1021 time_t now = time(NULL);
1022 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1023 const or_options_t *options = get_options();
1024 /* We include v2 dir auths here too, because they need to answer
1025 * controllers. Eventually we'll deprecate this whole function;
1026 * see also networkstatus_getinfo_by_purpose(). */
1027 int authdir = authdir_mode_publishes_statuses(options);
1028 tor_assert(router_status_out);
1029
1030 rs_entries = smartlist_new();
1031
1032 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
1033 const node_t *node = node_get_by_id(ri->cache_info.identity_digest);
1034 tor_assert(node);
1035 if (authdir) {
1036 /* Update router status in routerinfo_t. */
1037 dirserv_set_router_is_running(ri, now);
1038 }
1039 if (for_controller) {
1040 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
1041 char *cp = name_buf;
1042 if (!node->is_running)
1043 *cp++ = '!';
1044 router_get_verbose_nickname(cp, ri);
1045 smartlist_add_strdup(rs_entries, name_buf);
1046 } else if (ri->cache_info.published_on >= cutoff) {
1047 smartlist_add(rs_entries, list_single_server_status(ri,
1048 node->is_running));
1049 }
1050 } SMARTLIST_FOREACH_END(ri);
1051
1052 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
1053
1054 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
1055 smartlist_free(rs_entries);
1056
1057 return 0;
1058 }
1059
1060 /** Given a (possibly empty) list of config_line_t, each line of which contains
1061 * a list of comma-separated version numbers surrounded by optional space,
1062 * allocate and return a new string containing the version numbers, in order,
1063 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1064 */
1065 static char *
1066 format_versions_list(config_line_t *ln)
1067 {
1068 smartlist_t *versions;
1069 char *result;
1070 versions = smartlist_new();
1071 for ( ; ln; ln = ln->next) {
1072 smartlist_split_string(versions, ln->value, ",",
1073 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1074 }
1075 sort_version_list(versions, 1);
1076 result = smartlist_join_strings(versions,",",0,NULL);
1077 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1078 smartlist_free(versions);
1079 return result;
1080 }
1081
1082 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1083 * not hibernating, having observed bw greater 0, and not too old. Else
1084 * return 0.
1085 */
1086 static int
1087 router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
1088 {
1089 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1090 if (ri->cache_info.published_on < cutoff) {
1091 return 0;
1092 }
1093 if (!node->is_running || !node->is_valid || ri->is_hibernating) {
1094 return 0;
1095 }
1096 /* Only require bandwith capacity in non-test networks, or
1097 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
1098 if (!ri->bandwidthcapacity) {
1099 if (get_options()->TestingTorNetwork) {
1100 if (get_options()->TestingMinExitFlagThreshold > 0) {
1101 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
1102 * then require bandwidthcapacity */
1103 return 0;
1104 }
1105 } else {
1106 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
1107 return 0;
1108 }
1109 }
1110 return 1;
1111 }
1112
1113 /********************************************************************/
1114
1115 /* A set of functions to answer questions about how we'd like to behave
1116 * as a directory mirror/client. */
1117
1118 /** Return 1 if we fetch our directory material directly from the
1119 * authorities, rather than from a mirror. */
1120 int
1121 directory_fetches_from_authorities(const or_options_t *options)
1122 {
1123 const routerinfo_t *me;
1124 uint32_t addr;
1125 int refuseunknown;
1126 if (options->FetchDirInfoEarly)
1127 return 1;
1128 if (options->BridgeRelay == 1)
1129 return 0;
1130 if (server_mode(options) &&
1131 router_pick_published_address(options, &addr, 1) < 0)
1132 return 1; /* we don't know our IP address; ask an authority. */
1133 refuseunknown = ! router_my_exit_policy_is_reject_star() &&
1134 should_refuse_unknown_exits(options);
1135 if (!dir_server_mode(options) && !refuseunknown)
1136 return 0;
1137 if (!server_mode(options) || !advertised_server_mode())
1138 return 0;
1139 me = router_get_my_routerinfo();
1140 if (!me || (!me->supports_tunnelled_dir_requests && !refuseunknown))
1141 return 0; /* if we don't service directory requests, return 0 too */
1142 return 1;
1143 }
1144
1145 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1146 * on the "mirror" schedule rather than the "client" schedule.
1147 */
1148 int
1149 directory_fetches_dir_info_early(const or_options_t *options)
1150 {
1151 return directory_fetches_from_authorities(options);
1152 }
1153
1154 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1155 * on a very passive schedule -- waiting long enough for ordinary clients
1156 * to probably have the info we want. These would include bridge users,
1157 * and maybe others in the future e.g. if a Tor client uses another Tor
1158 * client as a directory guard.
1159 */
1160 int
1161 directory_fetches_dir_info_later(const or_options_t *options)
1162 {
1163 return options->UseBridges != 0;
1164 }
1165
1166 /** Return true iff we want to serve certificates for authorities
1167 * that we don't acknowledge as authorities ourself.
1168 * Use we_want_to_fetch_unknown_auth_certs to check if we want to fetch
1169 * and keep these certificates.
1170 */
1171 int
1172 directory_caches_unknown_auth_certs(const or_options_t *options)
1173 {
1174 return dir_server_mode(options) || options->BridgeRelay;
1175 }
1176
1177 /** Return 1 if we want to fetch and serve descriptors, networkstatuses, etc
1178 * Else return 0.
1179 * Check options->DirPort_set and directory_permits_begindir_requests()
1180 * to see if we are willing to serve these directory documents to others via
1181 * the DirPort and begindir-over-ORPort, respectively.
1182 *
1183 * To check if we should fetch documents, use we_want_to_fetch_flavor and
1184 * we_want_to_fetch_unknown_auth_certs instead of this function.
1185 */
1186 int
1187 directory_caches_dir_info(const or_options_t *options)
1188 {
1189 if (options->BridgeRelay || dir_server_mode(options))
1190 return 1;
1191 if (!server_mode(options) || !advertised_server_mode())
1192 return 0;
1193 /* We need an up-to-date view of network info if we're going to try to
1194 * block exit attempts from unknown relays. */
1195 return ! router_my_exit_policy_is_reject_star() &&
1196 should_refuse_unknown_exits(options);
1197 }
1198
1199 /** Return 1 if we want to allow remote clients to ask us directory
1200 * requests via the "begin_dir" interface, which doesn't require
1201 * having any separate port open. */
1202 int
1203 directory_permits_begindir_requests(const or_options_t *options)
1204 {
1205 return options->BridgeRelay != 0 || dir_server_mode(options);
1206 }
1207
1208 /** Return 1 if we have no need to fetch new descriptors. This generally
1209 * happens when we're not a dir cache and we haven't built any circuits
1210 * lately.
1211 */
1212 int
1213 directory_too_idle_to_fetch_descriptors(const or_options_t *options,
1214 time_t now)
1215 {
1216 return !directory_caches_dir_info(options) &&
1217 !options->FetchUselessDescriptors &&
1218 rep_hist_circbuilding_dormant(now);
1219 }
1220
1221 /********************************************************************/
1222
1223 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1224 * currently serving. */
1225 static strmap_t *cached_consensuses = NULL;
1226
1227 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1228 * any references. */
1229 void
1230 cached_dir_decref(cached_dir_t *d)
1231 {
1232 if (!d || --d->refcnt > 0)
1233 return;
1234 clear_cached_dir(d);
1235 tor_free(d);
1236 }
1237
1238 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1239 * published at <b>published</b>. */
1240 cached_dir_t *
1241 new_cached_dir(char *s, time_t published)
1242 {
1243 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1244 d->refcnt = 1;
1245 d->dir = s;
1246 d->dir_len = strlen(s);
1247 d->published = published;
1248 if (tor_compress(&(d->dir_compressed), &(d->dir_compressed_len),
1249 d->dir, d->dir_len, ZLIB_METHOD)) {
1250 log_warn(LD_BUG, "Error compressing directory");
1251 }
1252 return d;
1253 }
1254
1255 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1256 static void
1257 clear_cached_dir(cached_dir_t *d)
1258 {
1259 tor_free(d->dir);
1260 tor_free(d->dir_compressed);
1261 memset(d, 0, sizeof(cached_dir_t));
1262 }
1263
1264 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1265 static void
1266 free_cached_dir_(void *_d)
1267 {
1268 cached_dir_t *d;
1269 if (!_d)
1270 return;
1271
1272 d = (cached_dir_t *)_d;
1273 cached_dir_decref(d);
1274 }
1275
1276 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1277 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1278 * validation is performed. */
1279 void
1280 dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
1281 const char *flavor_name,
1282 const common_digests_t *digests,
1283 const uint8_t *sha3_as_signed,
1284 time_t published)
1285 {
1286 cached_dir_t *new_networkstatus;
1287 cached_dir_t *old_networkstatus;
1288 if (!cached_consensuses)
1289 cached_consensuses = strmap_new();
1290
1291 new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
1292 memcpy(&new_networkstatus->digests, digests, sizeof(common_digests_t));
1293 memcpy(&new_networkstatus->digest_sha3_as_signed, sha3_as_signed,
1294 DIGEST256_LEN);
1295 old_networkstatus = strmap_set(cached_consensuses, flavor_name,
1296 new_networkstatus);
1297 if (old_networkstatus)
1298 cached_dir_decref(old_networkstatus);
1299 }
1300
1301 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1302 * optionally compressed format, suitable for sending to clients. */
1303 cached_dir_t *
1304 dirserv_get_consensus(const char *flavor_name)
1305 {
1306 if (!cached_consensuses)
1307 return NULL;
1308 return strmap_get(cached_consensuses, flavor_name);
1309 }
1310
1311 /** If a router's uptime is at least this value, then it is always
1312 * considered stable, regardless of the rest of the network. This
1313 * way we resist attacks where an attacker doubles the size of the
1314 * network using allegedly high-uptime nodes, displacing all the
1315 * current guards. */
1316 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1317 /** If a router's MTBF is at least this value, then it is always stable.
1318 * See above. (Corresponds to about 7 days for current decay rates.) */
1319 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1320 /** Similarly, every node with at least this much weighted time known can be
1321 * considered familiar enough to be a guard. Corresponds to about 20 days for
1322 * current decay rates.
1323 */
1324 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1325 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1326 */
1327 #define WFU_TO_GUARANTEE_GUARD (0.98)
1328
1329 /* Thresholds for server performance: set by
1330 * dirserv_compute_performance_thresholds, and used by
1331 * generate_v2_networkstatus */
1332
1333 /** Any router with an uptime of at least this value is stable. */
1334 static uint32_t stable_uptime = 0; /* start at a safe value */
1335 /** Any router with an mtbf of at least this value is stable. */
1336 static double stable_mtbf = 0.0;
1337 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1338 * than stable_uptime. */
1339 static int enough_mtbf_info = 0;
1340 /** Any router with a weighted fractional uptime of at least this much might
1341 * be good as a guard. */
1342 static double guard_wfu = 0.0;
1343 /** Don't call a router a guard unless we've known about it for at least this
1344 * many seconds. */
1345 static long guard_tk = 0;
1346 /** Any router with a bandwidth at least this high is "Fast" */
1347 static uint32_t fast_bandwidth_kb = 0;
1348 /** If exits can be guards, then all guards must have a bandwidth this
1349 * high. */
1350 static uint32_t guard_bandwidth_including_exits_kb = 0;
1351 /** If exits can't be guards, then all guards must have a bandwidth this
1352 * high. */
1353 static uint32_t guard_bandwidth_excluding_exits_kb = 0;
1354
1355 /** Helper: estimate the uptime of a router given its stated uptime and the
1356 * amount of time since it last stated its stated uptime. */
1357 static inline long
1358 real_uptime(const routerinfo_t *router, time_t now)
1359 {
1360 if (now < router->cache_info.published_on)
1361 return router->uptime;
1362 else
1363 return router->uptime + (now - router->cache_info.published_on);
1364 }
1365
1366 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1367 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1368 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1369 * bandwidth.
1370 */
1371 static int
1372 dirserv_thinks_router_is_unreliable(time_t now,
1373 routerinfo_t *router,
1374 int need_uptime, int need_capacity)
1375 {
1376 if (need_uptime) {
1377 if (!enough_mtbf_info) {
1378 /* XXXX We should change the rule from
1379 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1380 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1381 * hit a point where we need to reset a lot of authorities at once,
1382 * none of them would be in a position to declare Stable.
1383 */
1384 long uptime = real_uptime(router, now);
1385 if ((unsigned)uptime < stable_uptime &&
1386 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1387 return 1;
1388 } else {
1389 double mtbf =
1390 rep_hist_get_stability(router->cache_info.identity_digest, now);
1391 if (mtbf < stable_mtbf &&
1392 mtbf < MTBF_TO_GUARANTEE_STABLE)
1393 return 1;
1394 }
1395 }
1396 if (need_capacity) {
1397 uint32_t bw_kb = dirserv_get_credible_bandwidth_kb(router);
1398 if (bw_kb < fast_bandwidth_kb)
1399 return 1;
1400 }
1401 return 0;
1402 }
1403
1404 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1405 *
1406 * Right now this means it advertises support for it, it has a high uptime,
1407 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1408 * considered Running.
1409 *
1410 * This function needs to be called after router-\>is_running has
1411 * been set.
1412 */
1413 static int
1414 dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
1415 const node_t *node, time_t now)
1416 {
1417
1418 long uptime;
1419
1420 /* If we haven't been running for at least
1421 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1422 * have accurate data telling us a relay has been up for at least
1423 * that long. We also want to allow a bit of slack: Reachability
1424 * tests aren't instant. If we haven't been running long enough,
1425 * trust the relay. */
1426
1427 if (stats_n_seconds_working >
1428 get_options()->MinUptimeHidServDirectoryV2 * 1.1)
1429 uptime = MIN(rep_hist_get_uptime(router->cache_info.identity_digest, now),
1430 real_uptime(router, now));
1431 else
1432 uptime = real_uptime(router, now);
1433
1434 return (router->wants_to_be_hs_dir &&
1435 router->supports_tunnelled_dir_requests &&
1436 node->is_stable && node->is_fast &&
1437 uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
1438 router_is_active(router, node, now));
1439 }
1440
1441 /** Don't consider routers with less bandwidth than this when computing
1442 * thresholds. */
1443 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1444
1445 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1446 * include a router in our calculations, and return true iff we should; the
1447 * require_mbw parameter is passed in by
1448 * dirserv_compute_performance_thresholds() and controls whether we ever
1449 * count routers with only advertised bandwidths */
1450 static int
1451 router_counts_toward_thresholds(const node_t *node, time_t now,
1452 const digestmap_t *omit_as_sybil,
1453 int require_mbw)
1454 {
1455 /* Have measured bw? */
1456 int have_mbw =
1457 dirserv_has_measured_bw(node->identity);
1458 uint64_t min_bw_kb = ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB;
1459 const or_options_t *options = get_options();
1460
1461 if (options->TestingTorNetwork) {
1462 min_bw_kb = (int64_t)options->TestingMinExitFlagThreshold / 1000;
1463 }
1464
1465 return node->ri && router_is_active(node->ri, node, now) &&
1466 !digestmap_get(omit_as_sybil, node->identity) &&
1467 (dirserv_get_credible_bandwidth_kb(node->ri) >= min_bw_kb) &&
1468 (have_mbw || !require_mbw);
1469 }
1470
1471 /** Look through the routerlist, the Mean Time Between Failure history, and
1472 * the Weighted Fractional Uptime history, and use them to set thresholds for
1473 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1474 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1475 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1476 *
1477 * Also, set the is_exit flag of each router appropriately. */
1478 static void
1479 dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
1480 {
1481 int n_active, n_active_nonexit, n_familiar;
1482 uint32_t *uptimes, *bandwidths_kb, *bandwidths_excluding_exits_kb;
1483 long *tks;
1484 double *mtbfs, *wfus;
1485 smartlist_t *nodelist;
1486 time_t now = time(NULL);
1487 const or_options_t *options = get_options();
1488
1489 /* Require mbw? */
1490 int require_mbw =
1491 (routers_with_measured_bw >
1492 options->MinMeasuredBWsForAuthToIgnoreAdvertised) ? 1 : 0;
1493
1494 /* initialize these all here, in case there are no routers */
1495 stable_uptime = 0;
1496 stable_mtbf = 0;
1497 fast_bandwidth_kb = 0;
1498 guard_bandwidth_including_exits_kb = 0;
1499 guard_bandwidth_excluding_exits_kb = 0;
1500 guard_tk = 0;
1501 guard_wfu = 0;
1502
1503 nodelist_assert_ok();
1504 nodelist = nodelist_get_list();
1505
1506 /* Initialize arrays that will hold values for each router. We'll
1507 * sort them and use that to compute thresholds. */
1508 n_active = n_active_nonexit = 0;
1509 /* Uptime for every active router. */
1510 uptimes = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
1511 /* Bandwidth for every active router. */
1512 bandwidths_kb = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
1513 /* Bandwidth for every active non-exit router. */
1514 bandwidths_excluding_exits_kb =
1515 tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
1516 /* Weighted mean time between failure for each active router. */
1517 mtbfs = tor_calloc(smartlist_len(nodelist), sizeof(double));
1518 /* Time-known for each active router. */
1519 tks = tor_calloc(smartlist_len(nodelist), sizeof(long));
1520 /* Weighted fractional uptime for each active router. */
1521 wfus = tor_calloc(smartlist_len(nodelist), sizeof(double));
1522
1523 /* Now, fill in the arrays. */
1524 SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
1525 if (options->BridgeAuthoritativeDir &&
1526 node->ri &&
1527 node->ri->purpose != ROUTER_PURPOSE_BRIDGE)
1528 continue;
1529 if (router_counts_toward_thresholds(node, now, omit_as_sybil,
1530 require_mbw)) {
1531 routerinfo_t *ri = node->ri;
1532 const char *id = node->identity;
1533 uint32_t bw_kb;
1534 /* resolve spurious clang shallow analysis null pointer errors */
1535 tor_assert(ri);
1536 node->is_exit = (!router_exit_policy_rejects_all(ri) &&
1537 exit_policy_is_general_exit(ri->exit_policy));
1538 uptimes[n_active] = (uint32_t)real_uptime(ri, now);
1539 mtbfs[n_active] = rep_hist_get_stability(id, now);
1540 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1541 bandwidths_kb[n_active] = bw_kb = dirserv_get_credible_bandwidth_kb(ri);
1542 if (!node->is_exit || node->is_bad_exit) {
1543 bandwidths_excluding_exits_kb[n_active_nonexit] = bw_kb;
1544 ++n_active_nonexit;
1545 }
1546 ++n_active;
1547 }
1548 } SMARTLIST_FOREACH_END(node);
1549
1550 /* Now, compute thresholds. */
1551 if (n_active) {
1552 /* The median uptime is stable. */
1553 stable_uptime = median_uint32(uptimes, n_active);
1554 /* The median mtbf is stable, if we have enough mtbf info */
1555 stable_mtbf = median_double(mtbfs, n_active);
1556 /* The 12.5th percentile bandwidth is fast. */
1557 fast_bandwidth_kb = find_nth_uint32(bandwidths_kb, n_active, n_active/8);
1558 /* (Now bandwidths is sorted.) */
1559 if (fast_bandwidth_kb < RELAY_REQUIRED_MIN_BANDWIDTH/(2 * 1000))
1560 fast_bandwidth_kb = bandwidths_kb[n_active/4];
1561 guard_bandwidth_including_exits_kb =
1562 third_quartile_uint32(bandwidths_kb, n_active);
1563 guard_tk = find_nth_long(tks, n_active, n_active/8);
1564 }
1565
1566 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1567 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1568
1569 {
1570 /* We can vote on a parameter for the minimum and maximum. */
1571 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1572 int32_t min_fast_kb, max_fast_kb, min_fast, max_fast;
1573 min_fast = networkstatus_get_param(NULL, "FastFlagMinThreshold",
1574 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
1575 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
1576 INT32_MAX);
1577 if (options->TestingTorNetwork) {
1578 min_fast = (int32_t)options->TestingMinFastFlagThreshold;
1579 }
1580 max_fast = networkstatus_get_param(NULL, "FastFlagMaxThreshold",
1581 INT32_MAX, min_fast, INT32_MAX);
1582 min_fast_kb = min_fast / 1000;
1583 max_fast_kb = max_fast / 1000;
1584
1585 if (fast_bandwidth_kb < (uint32_t)min_fast_kb)
1586 fast_bandwidth_kb = min_fast_kb;
1587 if (fast_bandwidth_kb > (uint32_t)max_fast_kb)
1588 fast_bandwidth_kb = max_fast_kb;
1589 }
1590 /* Protect sufficiently fast nodes from being pushed out of the set
1591 * of Fast nodes. */
1592 if (options->AuthDirFastGuarantee &&
1593 fast_bandwidth_kb > options->AuthDirFastGuarantee/1000)
1594 fast_bandwidth_kb = (uint32_t)options->AuthDirFastGuarantee/1000;
1595
1596 /* Now that we have a time-known that 7/8 routers are known longer than,
1597 * fill wfus with the wfu of every such "familiar" router. */
1598 n_familiar = 0;
1599
1600 SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
1601 if (router_counts_toward_thresholds(node, now,
1602 omit_as_sybil, require_mbw)) {
1603 routerinfo_t *ri = node->ri;
1604 const char *id = ri->cache_info.identity_digest;
1605 long tk = rep_hist_get_weighted_time_known(id, now);
1606 if (tk < guard_tk)
1607 continue;
1608 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1609 }
1610 } SMARTLIST_FOREACH_END(node);
1611 if (n_familiar)
1612 guard_wfu = median_double(wfus, n_familiar);
1613 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1614 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1615
1616 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1617
1618 if (n_active_nonexit) {
1619 guard_bandwidth_excluding_exits_kb =
1620 find_nth_uint32(bandwidths_excluding_exits_kb,
1621 n_active_nonexit, n_active_nonexit*3/4);
1622 }
1623
1624 log_info(LD_DIRSERV,
1625 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1626 "For Fast: %lu kilobytes/sec. "
1627 "For Guard: WFU %.03f%%, time-known %lu sec, "
1628 "and bandwidth %lu or %lu kilobytes/sec. "
1629 "We%s have enough stability data.",
1630 (unsigned long)stable_uptime,
1631 (unsigned long)stable_mtbf,
1632 (unsigned long)fast_bandwidth_kb,
1633 guard_wfu*100,
1634 (unsigned long)guard_tk,
1635 (unsigned long)guard_bandwidth_including_exits_kb,
1636 (unsigned long)guard_bandwidth_excluding_exits_kb,
1637 enough_mtbf_info ? "" : " don't");
1638
1639 tor_free(uptimes);
1640 tor_free(mtbfs);
1641 tor_free(bandwidths_kb);
1642 tor_free(bandwidths_excluding_exits_kb);
1643 tor_free(tks);
1644 tor_free(wfus);
1645 }
1646
1647 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1648 * for the status flags, specifically for bridges.
1649 *
1650 * This is only called by a Bridge Authority from
1651 * networkstatus_getinfo_by_purpose().
1652 */
1653 void
1654 dirserv_compute_bridge_flag_thresholds(void)
1655 {
1656 digestmap_t *omit_as_sybil = digestmap_new();
1657 dirserv_compute_performance_thresholds(omit_as_sybil);
1658 digestmap_free(omit_as_sybil, NULL);
1659 }
1660
1661 /** Measured bandwidth cache entry */
1662 typedef struct mbw_cache_entry_s {
1663 long mbw_kb;
1664 time_t as_of;
1665 } mbw_cache_entry_t;
1666
1667 /** Measured bandwidth cache - keys are identity_digests, values are
1668 * mbw_cache_entry_t *. */
1669 static digestmap_t *mbw_cache = NULL;
1670
1671 /** Store a measured bandwidth cache entry when reading the measured
1672 * bandwidths file. */
1673 STATIC void
1674 dirserv_cache_measured_bw(const measured_bw_line_t *parsed_line,
1675 time_t as_of)
1676 {
1677 mbw_cache_entry_t *e = NULL;
1678
1679 tor_assert(parsed_line);
1680
1681 /* Allocate a cache if we need */
1682 if (!mbw_cache) mbw_cache = digestmap_new();
1683
1684 /* Check if we have an existing entry */
1685 e = digestmap_get(mbw_cache, parsed_line->node_id);
1686 /* If we do, we can re-use it */
1687 if (e) {
1688 /* Check that we really are newer, and update */
1689 if (as_of > e->as_of) {
1690 e->mbw_kb = parsed_line->bw_kb;
1691 e->as_of = as_of;
1692 }
1693 } else {
1694 /* We'll have to insert a new entry */
1695 e = tor_malloc(sizeof(*e));
1696 e->mbw_kb = parsed_line->bw_kb;
1697 e->as_of = as_of;
1698 digestmap_set(mbw_cache, parsed_line->node_id, e);
1699 }
1700 }
1701
1702 /** Clear and free the measured bandwidth cache */
1703 STATIC void
1704 dirserv_clear_measured_bw_cache(void)
1705 {
1706 if (mbw_cache) {
1707 /* Free the map and all entries */
1708 digestmap_free(mbw_cache, tor_free_);
1709 mbw_cache = NULL;
1710 }
1711 }
1712
1713 /** Scan the measured bandwidth cache and remove expired entries */
1714 STATIC void
1715 dirserv_expire_measured_bw_cache(time_t now)
1716 {
1717
1718 if (mbw_cache) {
1719 /* Iterate through the cache and check each entry */
1720 DIGESTMAP_FOREACH_MODIFY(mbw_cache, k, mbw_cache_entry_t *, e) {
1721 if (now > e->as_of + MAX_MEASUREMENT_AGE) {
1722 tor_free(e);
1723 MAP_DEL_CURRENT(k);
1724 }
1725 } DIGESTMAP_FOREACH_END;
1726
1727 /* Check if we cleared the whole thing and free if so */
1728 if (digestmap_size(mbw_cache) == 0) {
1729 digestmap_free(mbw_cache, tor_free_);
1730 mbw_cache = 0;
1731 }
1732 }
1733 }
1734
1735 /** Get the current size of the measured bandwidth cache */
1736 STATIC int
1737 dirserv_get_measured_bw_cache_size(void)
1738 {
1739 if (mbw_cache) return digestmap_size(mbw_cache);
1740 else return 0;
1741 }
1742
1743 /** Query the cache by identity digest, return value indicates whether
1744 * we found it. The bw_out and as_of_out pointers receive the cached
1745 * bandwidth value and the time it was cached if not NULL. */
1746 STATIC int
1747 dirserv_query_measured_bw_cache_kb(const char *node_id, long *bw_kb_out,
1748 time_t *as_of_out)
1749 {
1750 mbw_cache_entry_t *v = NULL;
1751 int rv = 0;
1752
1753 if (mbw_cache && node_id) {
1754 v = digestmap_get(mbw_cache, node_id);
1755 if (v) {
1756 /* Found something */
1757 rv = 1;
1758 if (bw_kb_out) *bw_kb_out = v->mbw_kb;
1759 if (as_of_out) *as_of_out = v->as_of;
1760 }
1761 }
1762
1763 return rv;
1764 }
1765
1766 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1767 STATIC int
1768 dirserv_has_measured_bw(const char *node_id)
1769 {
1770 return dirserv_query_measured_bw_cache_kb(node_id, NULL, NULL);
1771 }
1772
1773 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1774 * preferring measured to advertised values if available. */
1775
1776 static uint32_t
1777 dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri)
1778 {
1779 uint32_t bw_kb = 0;
1780 /*
1781 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1782 * signed) longs and the ones router_get_advertised_bandwidth() returns
1783 * are uint32_t.
1784 */
1785 long mbw_kb = 0;
1786
1787 if (ri) {
1788 /*
1789 * * First try to see if we have a measured bandwidth; don't bother with
1790 * as_of_out here, on the theory that a stale measured bandwidth is still
1791 * better to trust than an advertised one.
1792 */
1793 if (dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest,
1794 &mbw_kb, NULL)) {
1795 /* Got one! */
1796 bw_kb = (uint32_t)mbw_kb;
1797 } else {
1798 /* If not, fall back to advertised */
1799 bw_kb = router_get_advertised_bandwidth(ri) / 1000;
1800 }
1801 }
1802
1803 return bw_kb;
1804 }
1805
1806 /** Look through the routerlist, and using the measured bandwidth cache count
1807 * how many measured bandwidths we know. This is used to decide whether we
1808 * ever trust advertised bandwidths for purposes of assigning flags. */
1809 static void
1810 dirserv_count_measured_bws(const smartlist_t *routers)
1811 {
1812 /* Initialize this first */
1813 routers_with_measured_bw = 0;
1814
1815 /* Iterate over the routerlist and count measured bandwidths */
1816 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
1817 /* Check if we know a measured bandwidth for this one */
1818 if (dirserv_has_measured_bw(ri->cache_info.identity_digest)) {
1819 ++routers_with_measured_bw;
1820 }
1821 } SMARTLIST_FOREACH_END(ri);
1822 }
1823
1824 /** Return the bandwidth we believe for assigning flags; prefer measured
1825 * over advertised, and if we have above a threshold quantity of measured
1826 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1827 * return 0. */
1828 static uint32_t
1829 dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri)
1830 {
1831 int threshold;
1832 uint32_t bw_kb = 0;
1833 long mbw_kb;
1834
1835 tor_assert(ri);
1836 /* Check if we have a measured bandwidth, and check the threshold if not */
1837 if (!(dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest,
1838 &mbw_kb, NULL))) {
1839 threshold = get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised;
1840 if (routers_with_measured_bw > threshold) {
1841 /* Return zero for unmeasured bandwidth if we are above threshold */
1842 bw_kb = 0;
1843 } else {
1844 /* Return an advertised bandwidth otherwise */
1845 bw_kb = router_get_advertised_bandwidth_capped(ri) / 1000;
1846 }
1847 } else {
1848 /* We have the measured bandwidth in mbw */
1849 bw_kb = (uint32_t)mbw_kb;
1850 }
1851
1852 return bw_kb;
1853 }
1854
1855 /** Give a statement of our current performance thresholds for inclusion
1856 * in a vote document. */
1857 char *
1858 dirserv_get_flag_thresholds_line(void)
1859 {
1860 char *result=NULL;
1861 const int measured_threshold =
1862 get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised;
1863 const int enough_measured_bw = routers_with_measured_bw > measured_threshold;
1864
1865 tor_asprintf(&result,
1866 "stable-uptime=%lu stable-mtbf=%lu "
1867 "fast-speed=%lu "
1868 "guard-wfu=%.03f%% guard-tk=%lu "
1869 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1870 "enough-mtbf=%d ignoring-advertised-bws=%d",
1871 (unsigned long)stable_uptime,
1872 (unsigned long)stable_mtbf,
1873 (unsigned long)fast_bandwidth_kb*1000,
1874 guard_wfu*100,
1875 (unsigned long)guard_tk,
1876 (unsigned long)guard_bandwidth_including_exits_kb*1000,
1877 (unsigned long)guard_bandwidth_excluding_exits_kb*1000,
1878 enough_mtbf_info ? 1 : 0,
1879 enough_measured_bw ? 1 : 0);
1880
1881 return result;
1882 }
1883
1884 /** Given a platform string as in a routerinfo_t (possibly null), return a
1885 * newly allocated version string for a networkstatus document, or NULL if the
1886 * platform doesn't give a Tor version. */
1887 static char *
1888 version_from_platform(const char *platform)
1889 {
1890 if (platform && !strcmpstart(platform, "Tor ")) {
1891 const char *eos = find_whitespace(platform+4);
1892 if (eos && !strcmpstart(eos, " (r")) {
1893 /* XXXX Unify this logic with the other version extraction
1894 * logic in routerparse.c. */
1895 eos = find_whitespace(eos+1);
1896 }
1897 if (eos) {
1898 return tor_strndup(platform, eos-platform);
1899 }
1900 }
1901 return NULL;
1902 }
1903
1904 /** Helper: write the router-status information in <b>rs</b> into a newly
1905 * allocated character buffer. Use the same format as in network-status
1906 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1907 * Return 0 on success, -1 on failure.
1908 *
1909 * The format argument has one of the following values:
1910 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1911 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1912 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1913 * consensus entry.
1914 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1915 * it contains additional information for the vote.
1916 * NS_CONTROL_PORT - Output a NS document for the control port
1917 */
1918 char *
1919 routerstatus_format_entry(const routerstatus_t *rs, const char *version,
1920 const char *protocols,
1921 routerstatus_format_type_t format,
1922 const vote_routerstatus_t *vrs)
1923 {
1924 char *summary;
1925 char *result = NULL;
1926
1927 char published[ISO_TIME_LEN+1];
1928 char identity64[BASE64_DIGEST_LEN+1];
1929 char digest64[BASE64_DIGEST_LEN+1];
1930 smartlist_t *chunks = smartlist_new();
1931
1932 format_iso_time(published, rs->published_on);
1933 digest_to_base64(identity64, rs->identity_digest);
1934 digest_to_base64(digest64, rs->descriptor_digest);
1935
1936 smartlist_add_asprintf(chunks,
1937 "r %s %s %s%s%s %s %d %d\n",
1938 rs->nickname,
1939 identity64,
1940 (format==NS_V3_CONSENSUS_MICRODESC)?"":digest64,
1941 (format==NS_V3_CONSENSUS_MICRODESC)?"":" ",
1942 published,
1943 fmt_addr32(rs->addr),
1944 (int)rs->or_port,
1945 (int)rs->dir_port);
1946
1947 /* TODO: Maybe we want to pass in what we need to build the rest of
1948 * this here, instead of in the caller. Then we could use the
1949 * networkstatus_type_t values, with an additional control port value
1950 * added -MP */
1951
1952 /* V3 microdesc consensuses don't have "a" lines. */
1953 if (format == NS_V3_CONSENSUS_MICRODESC)
1954 goto done;
1955
1956 /* Possible "a" line. At most one for now. */
1957 if (!tor_addr_is_null(&rs->ipv6_addr)) {
1958 smartlist_add_asprintf(chunks, "a %s\n",
1959 fmt_addrport(&rs->ipv6_addr, rs->ipv6_orport));
1960 }
1961
1962 if (format == NS_V3_CONSENSUS)
1963 goto done;
1964
1965 smartlist_add_asprintf(chunks,
1966 "s%s%s%s%s%s%s%s%s%s%s\n",
1967 /* These must stay in alphabetical order. */
1968 rs->is_authority?" Authority":"",
1969 rs->is_bad_exit?" BadExit":"",
1970 rs->is_exit?" Exit":"",
1971 rs->is_fast?" Fast":"",
1972 rs->is_possible_guard?" Guard":"",
1973 rs->is_hs_dir?" HSDir":"",
1974 rs->is_flagged_running?" Running":"",
1975 rs->is_stable?" Stable":"",
1976 rs->is_v2_dir?" V2Dir":"",
1977 rs->is_valid?" Valid":"");
1978
1979 /* length of "opt v \n" */
1980 #define V_LINE_OVERHEAD 7
1981 if (version && strlen(version) < MAX_V_LINE_LEN - V_LINE_OVERHEAD) {
1982 smartlist_add_asprintf(chunks, "v %s\n", version);
1983 }
1984 if (protocols) {
1985 smartlist_add_asprintf(chunks, "pr %s\n", protocols);
1986 }
1987
1988 if (format != NS_V2) {
1989 const routerinfo_t* desc = router_get_by_id_digest(rs->identity_digest);
1990 uint32_t bw_kb;
1991
1992 if (format != NS_CONTROL_PORT) {
1993 /* Blow up more or less nicely if we didn't get anything or not the
1994 * thing we expected.
1995 */
1996 if (!desc) {
1997 char id[HEX_DIGEST_LEN+1];
1998 char dd[HEX_DIGEST_LEN+1];
1999
2000 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2001 base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
2002 log_warn(LD_BUG, "Cannot get any descriptor for %s "
2003 "(wanted descriptor %s).",
2004 id, dd);
2005 goto err;
2006 }
2007
2008 /* This assert could fire for the control port, because
2009 * it can request NS documents before all descriptors
2010 * have been fetched. Therefore, we only do this test when
2011 * format != NS_CONTROL_PORT. */
2012 if (tor_memneq(desc->cache_info.signed_descriptor_digest,
2013 rs->descriptor_digest,
2014 DIGEST_LEN)) {
2015 char rl_d[HEX_DIGEST_LEN+1];
2016 char rs_d[HEX_DIGEST_LEN+1];
2017 char id[HEX_DIGEST_LEN+1];
2018
2019 base16_encode(rl_d, sizeof(rl_d),
2020 desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
2021 base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
2022 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2023 log_err(LD_BUG, "descriptor digest in routerlist does not match "
2024 "the one in routerstatus: %s vs %s "
2025 "(router %s)\n",
2026 rl_d, rs_d, id);
2027
2028 tor_assert(tor_memeq(desc->cache_info.signed_descriptor_digest,
2029 rs->descriptor_digest,
2030 DIGEST_LEN));
2031 }
2032 }
2033
2034 if (format == NS_CONTROL_PORT && rs->has_bandwidth) {
2035 bw_kb = rs->bandwidth_kb;
2036 } else {
2037 tor_assert(desc);
2038 bw_kb = router_get_advertised_bandwidth_capped(desc) / 1000;
2039 }
2040 smartlist_add_asprintf(chunks,
2041 "w Bandwidth=%d", bw_kb);
2042
2043 if (format == NS_V3_VOTE && vrs && vrs->has_measured_bw) {
2044 smartlist_add_asprintf(chunks,
2045 " Measured=%d", vrs->measured_bw_kb);
2046 }
2047 /* Write down guardfraction information if we have it. */
2048 if (format == NS_V3_VOTE && vrs && vrs->status.has_guardfraction) {
2049 smartlist_add_asprintf(chunks,
2050 " GuardFraction=%d",
2051 vrs->status.guardfraction_percentage);
2052 }
2053
2054 smartlist_add_strdup(chunks, "\n");
2055
2056 if (desc) {
2057 summary = policy_summarize(desc->exit_policy, AF_INET);
2058 smartlist_add_asprintf(chunks, "p %s\n", summary);
2059 tor_free(summary);
2060 }
2061
2062 if (format == NS_V3_VOTE && vrs) {
2063 if (tor_mem_is_zero((char*)vrs->ed25519_id, ED25519_PUBKEY_LEN)) {
2064 smartlist_add_strdup(chunks, "id ed25519 none\n");
2065 } else {
2066 char ed_b64[BASE64_DIGEST256_LEN+1];
2067 digest256_to_base64(ed_b64, (const char*)vrs->ed25519_id);
2068 smartlist_add_asprintf(chunks, "id ed25519 %s\n", ed_b64);
2069 }
2070 }
2071 }
2072
2073 done:
2074 result = smartlist_join_strings(chunks, "", 0, NULL);
2075
2076 err:
2077 SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
2078 smartlist_free(chunks);
2079
2080 return result;
2081 }
2082
2083 /** Helper for sorting: compares two routerinfos first by address, and then by
2084 * descending order of "usefulness". (An authority is more useful than a
2085 * non-authority; a running router is more useful than a non-running router;
2086 * and a router with more bandwidth is more useful than one with less.)
2087 **/
2088 static int
2089 compare_routerinfo_by_ip_and_bw_(const void **a, const void **b)
2090 {
2091 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
2092 int first_is_auth, second_is_auth;
2093 uint32_t bw_kb_first, bw_kb_second;
2094 const node_t *node_first, *node_second;
2095 int first_is_running, second_is_running;
2096
2097 /* we return -1 if first should appear before second... that is,
2098 * if first is a better router. */
2099 if (first->addr < second->addr)
2100 return -1;
2101 else if (first->addr > second->addr)
2102 return 1;
2103
2104 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2105 * reality, we will almost never get here, since addresses will usually be
2106 * different. */
2107
2108 first_is_auth =
2109 router_digest_is_trusted_dir(first->cache_info.identity_digest);
2110 second_is_auth =
2111 router_digest_is_trusted_dir(second->cache_info.identity_digest);
2112
2113 if (first_is_auth && !second_is_auth)
2114 return -1;
2115 else if (!first_is_auth && second_is_auth)
2116 return 1;
2117
2118 node_first = node_get_by_id(first->cache_info.identity_digest);
2119 node_second = node_get_by_id(second->cache_info.identity_digest);
2120 first_is_running = node_first && node_first->is_running;
2121 second_is_running = node_second && node_second->is_running;
2122
2123 if (first_is_running && !second_is_running)
2124 return -1;
2125 else if (!first_is_running && second_is_running)
2126 return 1;
2127
2128 bw_kb_first = dirserv_get_bandwidth_for_router_kb(first);
2129 bw_kb_second = dirserv_get_bandwidth_for_router_kb(second);
2130
2131 if (bw_kb_first > bw_kb_second)
2132 return -1;
2133 else if (bw_kb_first < bw_kb_second)
2134 return 1;
2135
2136 /* They're equal! Compare by identity digest, so there's a
2137 * deterministic order and we avoid flapping. */
2138 return fast_memcmp(first->cache_info.identity_digest,
2139 second->cache_info.identity_digest,
2140 DIGEST_LEN);
2141 }
2142
2143 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2144 * whose keys are the identity digests of those routers that we're going to
2145 * exclude for Sybil-like appearance. */
2146 static digestmap_t *
2147 get_possible_sybil_list(const smartlist_t *routers)
2148 {
2149 const or_options_t *options = get_options();
2150 digestmap_t *omit_as_sybil;
2151 smartlist_t *routers_by_ip = smartlist_new();
2152 uint32_t last_addr;
2153 int addr_count;
2154 /* Allow at most this number of Tor servers on a single IP address, ... */
2155 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
2156 if (max_with_same_addr <= 0)
2157 max_with_same_addr = INT_MAX;
2158
2159 smartlist_add_all(routers_by_ip, routers);
2160 smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_);
2161 omit_as_sybil = digestmap_new();
2162
2163 last_addr = 0;
2164 addr_count = 0;
2165 SMARTLIST_FOREACH_BEGIN(routers_by_ip, routerinfo_t *, ri) {
2166 if (last_addr != ri->addr) {
2167 last_addr = ri->addr;
2168 addr_count = 1;
2169 } else if (++addr_count > max_with_same_addr) {
2170 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2171 }
2172 } SMARTLIST_FOREACH_END(ri);
2173
2174 smartlist_free(routers_by_ip);
2175 return omit_as_sybil;
2176 }
2177
2178 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2179 * remove the older one. If they are exactly the same age, remove the one
2180 * with the greater descriptor digest. May alter the order of the list. */
2181 static void
2182 routers_make_ed_keys_unique(smartlist_t *routers)
2183 {
2184 routerinfo_t *ri2;
2185 digest256map_t *by_ed_key = digest256map_new();
2186
2187 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
2188 ri->omit_from_vote = 0;
2189 if (ri->cache_info.signing_key_cert == NULL)
2190 continue; /* No ed key */
2191 const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
2192 if ((ri2 = digest256map_get(by_ed_key, pk))) {
2193 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2194 * one has the earlier published_on. */
2195 const time_t ri_pub = ri->cache_info.published_on;
2196 const time_t ri2_pub = ri2->cache_info.published_on;
2197 if (ri2_pub < ri_pub ||
2198 (ri2_pub == ri_pub &&
2199 fast_memcmp(ri->cache_info.signed_descriptor_digest,
2200 ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
2201 digest256map_set(by_ed_key, pk, ri);
2202 ri2->omit_from_vote = 1;
2203 } else {
2204 ri->omit_from_vote = 1;
2205 }
2206 } else {
2207 /* Add to map */
2208 digest256map_set(by_ed_key, pk, ri);
2209 }
2210 } SMARTLIST_FOREACH_END(ri);
2211
2212 digest256map_free(by_ed_key, NULL);
2213
2214 /* Now remove every router where the omit_from_vote flag got set. */
2215 SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
2216 if (ri->omit_from_vote) {
2217 SMARTLIST_DEL_CURRENT(routers, ri);
2218 }
2219 } SMARTLIST_FOREACH_END(ri);
2220 }
2221
2222 /** Extract status information from <b>ri</b> and from other authority
2223 * functions and store it in <b>rs</b>>.
2224 *
2225 * We assume that ri-\>is_running has already been set, e.g. by
2226 * dirserv_set_router_is_running(ri, now);
2227 */
2228 void
2229 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2230 node_t *node,
2231 routerinfo_t *ri,
2232 time_t now,
2233 int listbadexits)
2234 {
2235 const or_options_t *options = get_options();
2236 uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri);
2237
2238 memset(rs, 0, sizeof(routerstatus_t));
2239
2240 rs->is_authority =
2241 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2242
2243 /* Already set by compute_performance_thresholds. */
2244 rs->is_exit = node->is_exit;
2245 rs->is_stable = node->is_stable =
2246 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0);
2247 rs->is_fast = node->is_fast =
2248 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2249 rs->is_flagged_running = node->is_running; /* computed above */
2250
2251 rs->is_valid = node->is_valid;
2252
2253 if (node->is_fast && node->is_stable &&
2254 ((options->AuthDirGuardBWGuarantee &&
2255 routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) ||
2256 routerbw_kb >= MIN(guard_bandwidth_including_exits_kb,
2257 guard_bandwidth_excluding_exits_kb))) {
2258 long tk = rep_hist_get_weighted_time_known(
2259 node->identity, now);
2260 double wfu = rep_hist_get_weighted_fractional_uptime(
2261 node->identity, now);
2262 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2263 } else {
2264 rs->is_possible_guard = 0;
2265 }
2266
2267 rs->is_bad_exit = listbadexits && node->is_bad_exit;
2268 rs->is_hs_dir = node->is_hs_dir =
2269 dirserv_thinks_router_is_hs_dir(ri, node, now);
2270
2271 rs->is_named = rs->is_unnamed = 0;
2272
2273 rs->published_on = ri->cache_info.published_on;
2274 memcpy(rs->identity_digest, node->identity, DIGEST_LEN);
2275 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2276 DIGEST_LEN);
2277 rs->addr = ri->addr;
2278 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2279 rs->or_port = ri->or_port;
2280 rs->dir_port = ri->dir_port;
2281 rs->is_v2_dir = ri->supports_tunnelled_dir_requests;
2282 if (options->AuthDirHasIPv6Connectivity == 1 &&
2283 !tor_addr_is_null(&ri->ipv6_addr) &&
2284 node->last_reachable6 >= now - REACHABLE_TIMEOUT) {
2285 /* We're configured as having IPv6 connectivity. There's an IPv6
2286 OR port and it's reachable so copy it to the routerstatus. */
2287 tor_addr_copy(&rs->ipv6_addr, &ri->ipv6_addr);
2288 rs->ipv6_orport = ri->ipv6_orport;
2289 }
2290
2291 if (options->TestingTorNetwork) {
2292 dirserv_set_routerstatus_testing(rs);
2293 }
2294 }
2295
2296 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2297 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2298 * respectively. But don't set the corresponding node flags.
2299 * Should only be called if TestingTorNetwork is set. */
2300 STATIC void
2301 dirserv_set_routerstatus_testing(routerstatus_t *rs)
2302 {
2303 const or_options_t *options = get_options();
2304
2305 tor_assert(options->TestingTorNetwork);
2306
2307 if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit,
2308 rs, 0)) {
2309 rs->is_exit = 1;
2310 } else if (options->TestingDirAuthVoteExitIsStrict) {
2311 rs->is_exit = 0;
2312 }
2313
2314 if (routerset_contains_routerstatus(options->TestingDirAuthVoteGuard,
2315 rs, 0)) {
2316 rs->is_possible_guard = 1;
2317 } else if (options->TestingDirAuthVoteGuardIsStrict) {
2318 rs->is_possible_guard = 0;
2319 }
2320
2321 if (routerset_contains_routerstatus(options->TestingDirAuthVoteHSDir,
2322 rs, 0)) {
2323 rs->is_hs_dir = 1;
2324 } else if (options->TestingDirAuthVoteHSDirIsStrict) {
2325 rs->is_hs_dir = 0;
2326 }
2327 }
2328
2329 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2330 * too narrow an IP-space. Clear out its flags since we don't want it be used
2331 * because of its Sybil-like appearance.
2332 *
2333 * Leave its BadExit flag alone though, since if we think it's a bad exit,
2334 * we want to vote that way in case all the other authorities are voting
2335 * Running and Exit.
2336 */
2337 static void
2338 clear_status_flags_on_sybil(routerstatus_t *rs)
2339 {
2340 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2341 rs->is_flagged_running = rs->is_named = rs->is_valid =
2342 rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
2343 /* FFFF we might want some mechanism to check later on if we
2344 * missed zeroing any flags: it's easy to add a new flag but
2345 * forget to add it to this clause. */
2346 }
2347
2348 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2349 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2350 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2351 * information to it.
2352 *
2353 * Return 1 if we applied the information and 0 if we couldn't find a
2354 * matching guard.
2355 *
2356 * Requires that <b>vote_routerstatuses</b> be sorted.
2357 */
2358 static int
2359 guardfraction_line_apply(const char *guard_id,
2360 uint32_t guardfraction_percentage,
2361 smartlist_t *vote_routerstatuses)
2362 {
2363 vote_routerstatus_t *vrs = NULL;
2364
2365 tor_assert(vote_routerstatuses);
2366
2367 vrs = smartlist_bsearch(vote_routerstatuses, guard_id,
2368 compare_digest_to_vote_routerstatus_entry);
2369
2370 if (!vrs) {
2371 return 0;
2372 }
2373
2374 vrs->status.has_guardfraction = 1;
2375 vrs->status.guardfraction_percentage = guardfraction_percentage;
2376
2377 return 1;
2378 }
2379
2380 /* Given a guard line from a guardfraction file, parse it and register
2381 * its information to <b>vote_routerstatuses</b>.
2382 *
2383 * Return:
2384 * * 1 if the line was proper and its information got registered.
2385 * * 0 if the line was proper but no currently active guard was found
2386 * to register the guardfraction information to.
2387 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2388 newly allocated string containing the error message.
2389 */
2390 static int
2391 guardfraction_file_parse_guard_line(const char *guard_line,
2392 smartlist_t *vote_routerstatuses,
2393 char **err_msg)
2394 {
2395 char guard_id[DIGEST_LEN];
2396 uint32_t guardfraction;
2397 char *inputs_tmp = NULL;
2398 int num_ok = 1;
2399
2400 smartlist_t *sl = smartlist_new();
2401 int retval = -1;
2402
2403 tor_assert(err_msg);
2404
2405 /* guard_line should contain something like this:
2406 <hex digest> <guardfraction> <appearances> */
2407 smartlist_split_string(sl, guard_line, " ",
2408 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
2409 if (smartlist_len(sl) < 3) {
2410 tor_asprintf(err_msg, "bad line '%s'", guard_line);
2411 goto done;
2412 }
2413
2414 inputs_tmp = smartlist_get(sl, 0);
2415 if (strlen(inputs_tmp) != HEX_DIGEST_LEN ||
2416 base16_decode(guard_id, DIGEST_LEN,
2417 inputs_tmp, HEX_DIGEST_LEN) != DIGEST_LEN) {
2418 tor_asprintf(err_msg, "bad digest '%s'", inputs_tmp);
2419 goto done;
2420 }
2421
2422 inputs_tmp = smartlist_get(sl, 1);
2423 /* Guardfraction is an integer in [0, 100]. */
2424 guardfraction =
2425 (uint32_t) tor_parse_long(inputs_tmp, 10, 0, 100, &num_ok, NULL);
2426 if (!num_ok) {
2427 tor_asprintf(err_msg, "wrong percentage '%s'", inputs_tmp);
2428 goto done;
2429 }
2430
2431 /* If routerstatuses were provided, apply this info to actual routers. */
2432 if (vote_routerstatuses) {
2433 retval = guardfraction_line_apply(guard_id, guardfraction,
2434 vote_routerstatuses);
2435 } else {
2436 retval = 0; /* If we got this far, line was correctly formatted. */
2437 }
2438
2439 done:
2440
2441 SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
2442 smartlist_free(sl);
2443
2444 return retval;
2445 }
2446
2447 /** Given an inputs line from a guardfraction file, parse it and
2448 * register its information to <b>total_consensuses</b> and
2449 * <b>total_days</b>.
2450 *
2451 * Return 0 if it parsed well. Return -1 if there was an error, and
2452 * set <b>err_msg</b> to a newly allocated string containing the
2453 * error message.
2454 */
2455 static int
2456 guardfraction_file_parse_inputs_line(const char *inputs_line,
2457 int *total_consensuses,
2458 int *total_days,
2459 char **err_msg)
2460 {
2461 int retval = -1;
2462 char *inputs_tmp = NULL;
2463 int num_ok = 1;
2464 smartlist_t *sl = smartlist_new();
2465
2466 tor_assert(err_msg);
2467
2468 /* Second line is inputs information:
2469 * n-inputs <total_consensuses> <total_days>. */
2470 smartlist_split_string(sl, inputs_line, " ",
2471 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
2472 if (smartlist_len(sl) < 2) {
2473 tor_asprintf(err_msg, "incomplete line '%s'", inputs_line);
2474 goto done;
2475 }
2476
2477 inputs_tmp = smartlist_get(sl, 0);
2478 *total_consensuses =
2479 (int) tor_parse_long(inputs_tmp, 10, 0, INT_MAX, &num_ok, NULL);
2480 if (!num_ok) {
2481 tor_asprintf(err_msg, "unparseable consensus '%s'", inputs_tmp);
2482 goto done;
2483 }
2484
2485 inputs_tmp = smartlist_get(sl, 1);
2486 *total_days =
2487 (int) tor_parse_long(inputs_tmp, 10, 0, INT_MAX, &num_ok, NULL);
2488 if (!num_ok) {
2489 tor_asprintf(err_msg, "unparseable days '%s'", inputs_tmp);
2490 goto done;
2491 }
2492
2493 retval = 0;
2494
2495 done:
2496 SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
2497 smartlist_free(sl);
2498
2499 return retval;
2500 }
2501
2502 /* Maximum age of a guardfraction file that we are willing to accept. */
2503 #define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
2504
2505 /** Static strings of guardfraction files. */
2506 #define GUARDFRACTION_DATE_STR "written-at"
2507 #define GUARDFRACTION_INPUTS "n-inputs"
2508 #define GUARDFRACTION_GUARD "guard-seen"
2509 #define GUARDFRACTION_VERSION "guardfraction-file-version"
2510
2511 /** Given a guardfraction file in a string, parse it and register the
2512 * guardfraction information to the provided vote routerstatuses.
2513 *
2514 * This is the rough format of the guardfraction file:
2515 *
2516 * guardfraction-file-version 1
2517 * written-at <date and time>
2518 * n-inputs <number of consesuses parsed> <number of days considered>
2519 *
2520 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2521 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2522 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2523 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2524 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2525 * ...
2526 *
2527 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2528 * should tolerate errors in all lines but the written-at header.
2529 */
2530 STATIC int
2531 dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str,
2532 smartlist_t *vote_routerstatuses)
2533 {
2534 config_line_t *front=NULL, *line;
2535 int ret_tmp;
2536 int retval = -1;
2537 int current_line_n = 0; /* line counter for better log messages */
2538
2539 /* Guardfraction info to be parsed */
2540 int total_consensuses = 0;
2541 int total_days = 0;
2542
2543 /* Stats */
2544 int guards_read_n = 0;
2545 int guards_applied_n = 0;
2546
2547 /* Parse file and split it in lines */
2548 ret_tmp = config_get_lines(guardfraction_file_str, &front, 0);
2549 if (ret_tmp < 0) {
2550 log_warn(LD_CONFIG, "Error reading from guardfraction file");
2551 goto done;
2552 }
2553
2554 /* Sort routerstatuses (needed later when applying guardfraction info) */
2555 if (vote_routerstatuses)
2556 smartlist_sort(vote_routerstatuses, compare_vote_routerstatus_entries);
2557
2558 for (line = front; line; line=line->next) {
2559 current_line_n++;
2560
2561 if (!strcmp(line->key, GUARDFRACTION_VERSION)) {
2562 int num_ok = 1;
2563 unsigned int version;
2564
2565 version =
2566 (unsigned int) tor_parse_long(line->value,
2567 10, 0, INT_MAX, &num_ok, NULL);
2568
2569 if (!num_ok || version != 1) {
2570 log_warn(LD_GENERAL, "Got unknown guardfraction version %d.", version);
2571 goto done;
2572 }
2573 } else if (!strcmp(line->key, GUARDFRACTION_DATE_STR)) {
2574 time_t file_written_at;
2575 time_t now = time(NULL);
2576
2577 /* First line is 'written-at <date>' */
2578 if (parse_iso_time(line->value, &file_written_at) < 0) {
2579 log_warn(LD_CONFIG, "Guardfraction:%d: Bad date '%s'. Ignoring",
2580 current_line_n, line->value);
2581 goto done; /* don't tolerate failure here. */
2582 }
2583 if (file_written_at < now - MAX_GUARDFRACTION_FILE_AGE) {
2584 log_warn(LD_CONFIG, "Guardfraction:%d: was written very long ago '%s'",
2585 current_line_n, line->value);
2586 goto done; /* don't tolerate failure here. */
2587 }
2588 } else if (!strcmp(line->key, GUARDFRACTION_INPUTS)) {
2589 char *err_msg = NULL;
2590
2591 if (guardfraction_file_parse_inputs_line(line->value,
2592 &total_consensuses,
2593 &total_days,
2594 &err_msg) < 0) {
2595 log_warn(LD_CONFIG, "Guardfraction:%d: %s",
2596 current_line_n, err_msg);
2597 tor_free(err_msg);
2598 continue;
2599 }
2600
2601 } else if (!strcmp(line->key, GUARDFRACTION_GUARD)) {
2602 char *err_msg = NULL;
2603
2604 ret_tmp = guardfraction_file_parse_guard_line(line->value,
2605 vote_routerstatuses,
2606 &err_msg);
2607 if (ret_tmp < 0) { /* failed while parsing the guard line */
2608 log_warn(LD_CONFIG, "Guardfraction:%d: %s",
2609 current_line_n, err_msg);
2610 tor_free(err_msg);
2611 continue;
2612 }
2613
2614 /* Successfully parsed guard line. Check if it was applied properly. */
2615 guards_read_n++;
2616 if (ret_tmp > 0) {
2617 guards_applied_n++;
2618 }
2619 } else {
2620 log_warn(LD_CONFIG, "Unknown guardfraction line %d (%s %s)",
2621 current_line_n, line->key, line->value);
2622 }
2623 }
2624
2625 retval = 0;
2626
2627 log_info(LD_CONFIG,
2628 "Successfully parsed guardfraction file with %d consensuses over "
2629 "%d days. Parsed %d nodes and applied %d of them%s.",
2630 total_consensuses, total_days, guards_read_n, guards_applied_n,
2631 vote_routerstatuses ? "" : " (no routerstatus provided)" );
2632
2633 done:
2634 config_free_lines(front);
2635
2636 if (retval < 0) {
2637 return retval;
2638 } else {
2639 return guards_read_n;
2640 }
2641 }
2642
2643 /** Read a guardfraction file at <b>fname</b> and load all its
2644 * information to <b>vote_routerstatuses</b>. */
2645 int
2646 dirserv_read_guardfraction_file(const char *fname,
2647 smartlist_t *vote_routerstatuses)
2648 {
2649 char *guardfraction_file_str;
2650
2651 /* Read file to a string */
2652 guardfraction_file_str = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
2653 if (!guardfraction_file_str) {
2654 log_warn(LD_FS, "Cannot open guardfraction file '%s'. Failing.", fname);
2655 return -1;
2656 }
2657
2658 return dirserv_read_guardfraction_file_from_str(guardfraction_file_str,
2659 vote_routerstatuses);
2660 }
2661
2662 /**
2663 * Helper function to parse out a line in the measured bandwidth file
2664 * into a measured_bw_line_t output structure. Returns -1 on failure
2665 * or 0 on success.
2666 */
2667 STATIC int
2668 measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line)
2669 {
2670 char *line = tor_strdup(orig_line);
2671 char *cp = line;
2672 int got_bw = 0;
2673 int got_node_id = 0;
2674 char *strtok_state; /* lame sauce d'jour */
2675 cp = tor_strtok_r(cp, " \t", &strtok_state);
2676
2677 if (!cp) {
2678 log_warn(LD_DIRSERV, "Invalid line in bandwidth file: %s",
2679 escaped(orig_line));
2680 tor_free(line);
2681 return -1;
2682 }
2683
2684 if (orig_line[strlen(orig_line)-1] != '\n') {
2685 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2686 escaped(orig_line));
2687 tor_free(line);
2688 return -1;
2689 }
2690
2691 do {
2692 if (strcmpstart(cp, "bw=") == 0) {
2693 int parse_ok = 0;
2694 char *endptr;
2695 if (got_bw) {
2696 log_warn(LD_DIRSERV, "Double bw= in bandwidth file line: %s",
2697 escaped(orig_line));
2698 tor_free(line);
2699 return -1;
2700 }
2701 cp+=strlen("bw=");
2702
2703 out->bw_kb = tor_parse_long(cp, 0, 0, LONG_MAX, &parse_ok, &endptr);
2704 if (!parse_ok || (*endptr && !TOR_ISSPACE(*endptr))) {
2705 log_warn(LD_DIRSERV, "Invalid bandwidth in bandwidth file line: %s",
2706 escaped(orig_line));
2707 tor_free(line);
2708 return -1;
2709 }
2710 got_bw=1;
2711 } else if (strcmpstart(cp, "node_id=$") == 0) {
2712 if (got_node_id) {
2713 log_warn(LD_DIRSERV, "Double node_id= in bandwidth file line: %s",
2714 escaped(orig_line));
2715 tor_free(line);
2716 return -1;
2717 }
2718 cp+=strlen("node_id=$");
2719
2720 if (strlen(cp) != HEX_DIGEST_LEN ||
2721 base16_decode(out->node_id, DIGEST_LEN,
2722 cp, HEX_DIGEST_LEN) != DIGEST_LEN) {
2723 log_warn(LD_DIRSERV, "Invalid node_id in bandwidth file line: %s",
2724 escaped(orig_line));
2725 tor_free(line);
2726 return -1;
2727 }
2728 strlcpy(out->node_hex, cp, sizeof(out->node_hex));
2729 got_node_id=1;
2730 }
2731 } while ((cp = tor_strtok_r(NULL, " \t", &strtok_state)));
2732
2733 if (got_bw && got_node_id) {
2734 tor_free(line);
2735 return 0;
2736 } else {
2737 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2738 escaped(orig_line));
2739 tor_free(line);
2740 return -1;
2741 }
2742 }
2743
2744 /**
2745 * Helper function to apply a parsed measurement line to a list
2746 * of bandwidth statuses. Returns true if a line is found,
2747 * false otherwise.
2748 */
2749 STATIC int
2750 measured_bw_line_apply(measured_bw_line_t *parsed_line,
2751 smartlist_t *routerstatuses)
2752 {
2753 vote_routerstatus_t *rs = NULL;
2754 if (!routerstatuses)
2755 return 0;
2756
2757 rs = smartlist_bsearch(routerstatuses, parsed_line->node_id,
2758 compare_digest_to_vote_routerstatus_entry);
2759
2760 if (rs) {
2761 rs->has_measured_bw = 1;
2762 rs->measured_bw_kb = (uint32_t)parsed_line->bw_kb;
2763 } else {
2764 log_info(LD_DIRSERV, "Node ID %s not found in routerstatus list",
2765 parsed_line->node_hex);
2766 }
2767
2768 return rs != NULL;
2769 }
2770
2771 /**
2772 * Read the measured bandwidth file and apply it to the list of
2773 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2774 */
2775 int
2776 dirserv_read_measured_bandwidths(const char *from_file,
2777 smartlist_t *routerstatuses)
2778 {
2779 char line[512];
2780 FILE *fp = tor_fopen_cloexec(from_file, "r");
2781 int applied_lines = 0;
2782 time_t file_time, now;
2783 int ok;
2784
2785 if (fp == NULL) {
2786 log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
2787 from_file);
2788 return -1;
2789 }
2790
2791 if (!fgets(line, sizeof(line), fp)
2792 || !strlen(line) || line[strlen(line)-1] != '\n') {
2793 log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
2794 escaped(line));
2795 fclose(fp);
2796 return -1;
2797 }
2798
2799 line[strlen(line)-1] = '\0';
2800 file_time = (time_t)tor_parse_ulong(line, 10, 0, ULONG_MAX, &ok, NULL);
2801 if (!ok) {
2802 log_warn(LD_DIRSERV, "Non-integer time in bandwidth file: %s",
2803 escaped(line));
2804 fclose(fp);
2805 return -1;
2806 }
2807
2808 now = time(NULL);
2809 if ((now - file_time) > MAX_MEASUREMENT_AGE) {
2810 log_warn(LD_DIRSERV, "Bandwidth measurement file stale. Age: %u",
2811 (unsigned)(time(NULL) - file_time));
2812 fclose(fp);
2813 return -1;
2814 }
2815
2816 if (routerstatuses)
2817 smartlist_sort(routerstatuses, compare_vote_routerstatus_entries);
2818
2819 while (!feof(fp)) {
2820 measured_bw_line_t parsed_line;
2821 if (fgets(line, sizeof(line), fp) && strlen(line)) {
2822 if (measured_bw_line_parse(&parsed_line, line) != -1) {
2823 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2824 dirserv_cache_measured_bw(&parsed_line, file_time);
2825 if (measured_bw_line_apply(&parsed_line, routerstatuses) > 0)
2826 applied_lines++;
2827 }
2828 }
2829 }
2830
2831 /* Now would be a nice time to clean the cache, too */
2832 dirserv_expire_measured_bw_cache(now);
2833
2834 fclose(fp);
2835 log_info(LD_DIRSERV,
2836 "Bandwidth measurement file successfully read. "
2837 "Applied %d measurements.", applied_lines);
2838 return 0;
2839 }
2840
2841 /** Return a new networkstatus_t* containing our current opinion. (For v3
2842 * authorities) */
2843 networkstatus_t *
2844 dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
2845 authority_cert_t *cert)
2846 {
2847 const or_options_t *options = get_options();
2848 networkstatus_t *v3_out = NULL;
2849 uint32_t addr;
2850 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2851 const char *contact;
2852 smartlist_t *routers, *routerstatuses;
2853 char identity_digest[DIGEST_LEN];
2854 char signing_key_digest[DIGEST_LEN];
2855 int listbadexits = options->AuthDirListBadExits;
2856 routerlist_t *rl = router_get_routerlist();
2857 time_t now = time(NULL);
2858 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2859 networkstatus_voter_info_t *voter = NULL;
2860 vote_timing_t timing;
2861 digestmap_t *omit_as_sybil = NULL;
2862 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
2863 smartlist_t *microdescriptors = NULL;
2864
2865 tor_assert(private_key);
2866 tor_assert(cert);
2867
2868 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2869 log_err(LD_BUG, "Error computing signing key digest");
2870 return NULL;
2871 }
2872 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2873 log_err(LD_BUG, "Error computing identity key digest");
2874 return NULL;
2875 }
2876 if (resolve_my_address(LOG_WARN, options, &addr, NULL, &hostname)<0) {
2877 log_warn(LD_NET, "Couldn't resolve my hostname");
2878 return NULL;
2879 }
2880 if (!hostname || !strchr(hostname, '.')) {
2881 tor_free(hostname);
2882 hostname = tor_dup_ip(addr);
2883 }
2884
2885 if (options->VersioningAuthoritativeDir) {
2886 client_versions = format_versions_list(options->RecommendedClientVersions);
2887 server_versions = format_versions_list(options->RecommendedServerVersions);
2888 }
2889
2890 contact = get_options()->ContactInfo;
2891 if (!contact)
2892 contact = "(none)";
2893
2894 /*
2895 * Do this so dirserv_compute_performance_thresholds() and
2896 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2897 */
2898 if (options->V3BandwidthsFile) {
2899 dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
2900 } else {
2901 /*
2902 * No bandwidths file; clear the measured bandwidth cache in case we had
2903 * one last time around.
2904 */
2905 if (dirserv_get_measured_bw_cache_size() > 0) {
2906 dirserv_clear_measured_bw_cache();
2907 }
2908 }
2909
2910 /* precompute this part, since we need it to decide what "stable"
2911 * means. */
2912 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2913 dirserv_set_router_is_running(ri, now);
2914 });
2915
2916 routers = smartlist_new();
2917 smartlist_add_all(routers, rl->routers);
2918 routers_make_ed_keys_unique(routers);
2919 /* After this point, don't use rl->routers; use 'routers' instead. */
2920 routers_sort_by_identity(routers);
2921 omit_as_sybil = get_possible_sybil_list(routers);
2922
2923 DIGESTMAP_FOREACH(omit_as_sybil, sybil_id, void *, ignore) {
2924 (void) ignore;
2925 rep_hist_make_router_pessimal(sybil_id, now);
2926 } DIGESTMAP_FOREACH_END;
2927
2928 /* Count how many have measured bandwidths so we know how to assign flags;
2929 * this must come before dirserv_compute_performance_thresholds() */
2930 dirserv_count_measured_bws(routers);
2931
2932 dirserv_compute_performance_thresholds(omit_as_sybil);
2933
2934 routerstatuses = smartlist_new();
2935 microdescriptors = smartlist_new();
2936
2937 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
2938 if (ri->cache_info.published_on >= cutoff) {
2939 routerstatus_t *rs;
2940 vote_routerstatus_t *vrs;
2941 node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
2942 if (!node)
2943 continue;
2944
2945 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2946 rs = &vrs->status;
2947 set_routerstatus_from_routerinfo(rs, node, ri, now,
2948 listbadexits);
2949
2950 if (ri->cache_info.signing_key_cert) {
2951 memcpy(vrs->ed25519_id,
2952 ri->cache_info.signing_key_cert->signing_key.pubkey,
2953 ED25519_PUBKEY_LEN);
2954 }
2955
2956 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2957 clear_status_flags_on_sybil(rs);
2958
2959 if (!vote_on_reachability)
2960 rs->is_flagged_running = 0;
2961
2962 vrs->version = version_from_platform(ri->platform);
2963 if (ri->protocol_list) {
2964 vrs->protocols = tor_strdup(ri->protocol_list);
2965 } else {
2966 vrs->protocols = tor_strdup(
2967 protover_compute_for_old_tor(vrs->version));
2968 }
2969 vrs->microdesc = dirvote_format_all_microdesc_vote_lines(ri, now,
2970 microdescriptors);
2971
2972 smartlist_add(routerstatuses, vrs);
2973 }
2974 } SMARTLIST_FOREACH_END(ri);
2975
2976 {
2977 smartlist_t *added =
2978 microdescs_add_list_to_cache(get_microdesc_cache(),
2979 microdescriptors, SAVED_NOWHERE, 0);
2980 smartlist_free(added);
2981 smartlist_free(microdescriptors);
2982 }
2983
2984 smartlist_free(routers);
2985 digestmap_free(omit_as_sybil, NULL);
2986
2987 /* Apply guardfraction information to routerstatuses. */
2988 if (options->GuardfractionFile) {
2989 dirserv_read_guardfraction_file(options->GuardfractionFile,
2990 routerstatuses);
2991 }
2992
2993 /* This pass through applies the measured bw lines to the routerstatuses */
2994 if (options->V3BandwidthsFile) {
2995 dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
2996 routerstatuses);
2997 } else {
2998 /*
2999 * No bandwidths file; clear the measured bandwidth cache in case we had
3000 * one last time around.
3001 */
3002 if (dirserv_get_measured_bw_cache_size() > 0) {
3003 dirserv_clear_measured_bw_cache();
3004 }
3005 }
3006
3007 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
3008
3009 v3_out->type = NS_TYPE_VOTE;
3010 dirvote_get_preferred_voting_intervals(&timing);
3011 v3_out->published = now;
3012 {
3013 char tbuf[ISO_TIME_LEN+1];
3014 networkstatus_t *current_consensus =
3015 networkstatus_get_live_consensus(now);
3016 long last_consensus_interval; /* only used to pick a valid_after */
3017 if (current_consensus)
3018 last_consensus_interval = current_consensus->fresh_until -
3019 current_consensus->valid_after;
3020 else
3021 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
3022 v3_out->valid_after =
3023 dirvote_get_start_of_next_interval(now, (int)last_consensus_interval,
3024 options->TestingV3AuthVotingStartOffset);
3025 format_iso_time(tbuf, v3_out->valid_after);
3026 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
3027 "consensus_set=%d, last_interval=%d",
3028 tbuf, current_consensus?1:0, (int)last_consensus_interval);
3029 }
3030 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
3031 v3_out->valid_until = v3_out->valid_after +
3032 (timing.vote_interval * timing.n_intervals_valid);
3033 v3_out->vote_seconds = timing.vote_delay;
3034 v3_out->dist_seconds = timing.dist_delay;
3035 tor_assert(v3_out->vote_seconds > 0);
3036 tor_assert(v3_out->dist_seconds > 0);
3037 tor_assert(timing.n_intervals_valid > 0);
3038
3039 v3_out->client_versions = client_versions;
3040 v3_out->server_versions = server_versions;
3041
3042 /* These are hardwired, to avoid disaster. */
3043 v3_out->recommended_relay_protocols =
3044 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3045 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3046 v3_out->recommended_client_protocols =
3047 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3048 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3049 v3_out->required_client_protocols =
3050 tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3051 "Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
3052 v3_out->required_relay_protocols =
3053 tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
3054 "Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
3055
3056 /* We are not allowed to vote to require anything we don't have. */
3057 tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
3058 tor_assert(protover_all_supported(v3_out->required_client_protocols, NULL));
3059
3060 /* We should not recommend anything we don't have. */
3061 tor_assert_nonfatal(protover_all_supported(
3062 v3_out->recommended_relay_protocols, NULL));
3063 tor_assert_nonfatal(protover_all_supported(
3064 v3_out->recommended_client_protocols, NULL));
3065
3066 v3_out->package_lines = smartlist_new();
3067 {
3068 config_line_t *cl;
3069 for (cl = get_options()->RecommendedPackages; cl; cl = cl->next) {
3070 if (validate_recommended_package_line(cl->value))
3071 smartlist_add_strdup(v3_out->package_lines, cl->value);
3072 }
3073 }
3074
3075 v3_out->known_flags = smartlist_new();
3076 smartlist_split_string(v3_out->known_flags,
3077 "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
3078 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
3079 if (vote_on_reachability)
3080 smartlist_add_strdup(v3_out->known_flags, "Running");
3081 if (listbadexits)
3082 smartlist_add_strdup(v3_out->known_flags, "BadExit");
3083 smartlist_sort_strings(v3_out->known_flags);
3084
3085 if (options->ConsensusParams) {
3086 v3_out->net_params = smartlist_new();
3087 smartlist_split_string(v3_out->net_params,
3088 options->ConsensusParams, NULL, 0, 0);
3089 smartlist_sort_strings(v3_out->net_params);
3090 }
3091
3092 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
3093 voter->nickname = tor_strdup(options->Nickname);
3094 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
3095 voter->sigs = smartlist_new();
3096 voter->address = hostname;
3097 voter->addr = addr;
3098 voter->dir_port = router_get_advertised_dir_port(options, 0);
3099 voter->or_port = router_get_advertised_or_port(options);
3100 voter->contact = tor_strdup(contact);
3101 if (options->V3AuthUseLegacyKey) {
3102 authority_cert_t *c = get_my_v3_legacy_cert();
3103 if (c) {
3104 if (crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest)) {
3105 log_warn(LD_BUG, "Unable to compute digest of legacy v3 identity key");
3106 memset(voter->legacy_id_digest, 0, DIGEST_LEN);
3107 }
3108 }
3109 }
3110
3111 v3_out->voters = smartlist_new();
3112 smartlist_add(v3_out->voters, voter);
3113 v3_out->cert = authority_cert_dup(cert);
3114 v3_out->routerstatus_list = routerstatuses;
3115 /* Note: networkstatus_digest is unset; it won't get set until we actually
3116 * format the vote. */
3117
3118 return v3_out;
3119 }
3120
3121 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3122 * pointers, adds copies of digests to fps_out, and doesn't use the
3123 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3124 * requests, adds identity digests.
3125 */
3126 int
3127 dirserv_get_routerdesc_spool(smartlist_t *spool_out,
3128 const char *key,
3129 dir_spool_source_t source,
3130 int conn_is_encrypted,
3131 const char **msg_out)
3132 {
3133 *msg_out = NULL;
3134
3135 if (!strcmp(key, "all")) {
3136 const routerlist_t *rl = router_get_routerlist();
3137 SMARTLIST_FOREACH_BEGIN(rl->routers, const routerinfo_t *, r) {
3138 spooled_resource_t *spooled;
3139 spooled = spooled_resource_new(source,
3140 (const uint8_t *)r->cache_info.identity_digest,
3141 DIGEST_LEN);
3142 /* Treat "all" requests as if they were unencrypted */
3143 conn_is_encrypted = 0;
3144 smartlist_add(spool_out, spooled);
3145 } SMARTLIST_FOREACH_END(r);
3146 } else if (!strcmp(key, "authority")) {
3147 const routerinfo_t *ri = router_get_my_routerinfo();
3148 if (ri)
3149 smartlist_add(spool_out,
3150 spooled_resource_new(source,
3151 (const uint8_t *)ri->cache_info.identity_digest,
3152 DIGEST_LEN));
3153 } else if (!strcmpstart(key, "d/")) {
3154 key += strlen("d/");
3155 dir_split_resource_into_spoolable(key, source, spool_out, NULL,
3156 DSR_HEX|DSR_SORT_UNIQ);
3157 } else if (!strcmpstart(key, "fp/")) {
3158 key += strlen("fp/");
3159 dir_split_resource_into_spoolable(key, source, spool_out, NULL,
3160 DSR_HEX|DSR_SORT_UNIQ);
3161 } else {
3162 *msg_out = "Not found";
3163 return -1;
3164 }
3165
3166 if (! conn_is_encrypted) {
3167 /* Remove anything that insists it not be sent unencrypted. */
3168 SMARTLIST_FOREACH_BEGIN(spool_out, spooled_resource_t *, spooled) {
3169 const uint8_t *body = NULL;
3170 size_t bodylen = 0;
3171 int r = spooled_resource_lookup_body(spooled, conn_is_encrypted,
3172 &body, &bodylen, NULL);
3173 if (r < 0 || body == NULL || bodylen == 0) {
3174 SMARTLIST_DEL_CURRENT(spool_out, spooled);
3175 spooled_resource_free(spooled);
3176 }
3177 } SMARTLIST_FOREACH_END(spooled);
3178 }
3179
3180 if (!smartlist_len(spool_out)) {
3181 *msg_out = "Servers unavailable";
3182 return -1;
3183 }
3184 return 0;
3185 }
3186
3187 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3188 * <b>key</b>. The key should be either
3189 * - "/tor/server/authority" for our own routerinfo;
3190 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3191 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3192 * hex identity digests; or
3193 * - "/tor/server/d/D" where D is a plus-separated sequence
3194 * of server descriptor digests, in hex.
3195 *
3196 * Return 0 if we found some matching descriptors, or -1 if we do not
3197 * have any descriptors, no matching descriptors, or if we did not
3198 * recognize the key (URL).
3199 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3200 * message.
3201 *
3202 * XXXX rename this function. It's only called from the controller.
3203 * XXXX in fact, refactor this function, merging as much as possible.
3204 */
3205 int
3206 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
3207 const char **msg)
3208 {
3209 *msg = NULL;
3210
3211 if (!strcmp(key, "/tor/server/all")) {
3212 routerlist_t *rl = router_get_routerlist();
3213 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3214 smartlist_add(descs_out, &(r->cache_info)));
3215 } else if (!strcmp(key, "/tor/server/authority")) {
3216 const routerinfo_t *ri = router_get_my_routerinfo();
3217 if (ri)
3218 smartlist_add(descs_out, (void*) &(ri->cache_info));
3219 } else if (!strcmpstart(key, "/tor/server/d/")) {
3220 smartlist_t *digests = smartlist_new();
3221 key += strlen("/tor/server/d/");
3222 dir_split_resource_into_fingerprints(key, digests, NULL,
3223 DSR_HEX|DSR_SORT_UNIQ);
3224 SMARTLIST_FOREACH(digests, const char *, d,
3225 {
3226 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
3227 if (sd)
3228 smartlist_add(descs_out,sd);
3229 });
3230 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3231 smartlist_free(digests);
3232 } else if (!strcmpstart(key, "/tor/server/fp/")) {
3233 smartlist_t *digests = smartlist_new();
3234 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
3235 key += strlen("/tor/server/fp/");
3236 dir_split_resource_into_fingerprints(key, digests, NULL,
3237 DSR_HEX|DSR_SORT_UNIQ);
3238 SMARTLIST_FOREACH_BEGIN(digests, const char *, d) {
3239 if (router_digest_is_me(d)) {
3240 /* calling router_get_my_routerinfo() to make sure it exists */
3241 const routerinfo_t *ri = router_get_my_routerinfo();
3242 if (ri)
3243 smartlist_add(descs_out, (void*) &(ri->cache_info));
3244 } else {
3245 const routerinfo_t *ri = router_get_by_id_digest(d);
3246 /* Don't actually serve a descriptor that everyone will think is
3247 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3248 * Tors from downloading descriptors that they will throw away.
3249 */
3250 if (ri && ri->cache_info.published_on > cutoff)
3251 smartlist_add(descs_out, (void*) &(ri->cache_info));
3252 }
3253 } SMARTLIST_FOREACH_END(d);
3254 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3255 smartlist_free(digests);
3256 } else {
3257 *msg = "Key not recognized";
3258 return -1;
3259 }
3260
3261 if (!smartlist_len(descs_out)) {
3262 *msg = "Servers unavailable";
3263 return -1;
3264 }
3265 return 0;
3266 }
3267
3268 /** Called when a TLS handshake has completed successfully with a
3269 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3270 * a certificate with digest <b>digest_rcvd</b>.
3271 *
3272 * Inform the reachability checker that we could get to this relay.
3273 */
3274 void
3275 dirserv_orconn_tls_done(const tor_addr_t *addr,
3276 uint16_t or_port,
3277 const char *digest_rcvd,
3278 const ed25519_public_key_t *ed_id_rcvd)
3279 {
3280 node_t *node = NULL;
3281 tor_addr_port_t orport;
3282 routerinfo_t *ri = NULL;
3283 time_t now = time(NULL);
3284 tor_assert(addr);
3285 tor_assert(digest_rcvd);
3286
3287 node = node_get_mutable_by_id(digest_rcvd);
3288 if (node == NULL || node->ri == NULL)
3289 return;
3290
3291 ri = node->ri;
3292
3293 if (get_options()->AuthDirTestEd25519LinkKeys &&
3294 node_supports_ed25519_link_authentication(node) &&
3295 ri->cache_info.signing_key_cert) {
3296 /* We allow the node to have an ed25519 key if we haven't been told one in
3297 * the routerinfo, but if we *HAVE* been told one in the routerinfo, it
3298 * needs to match. */
3299 const ed25519_public_key_t *expected_id =
3300 &ri->cache_info.signing_key_cert->signing_key;
3301 tor_assert(!ed25519_public_key_is_zero(expected_id));
3302 if (! ed_id_rcvd || ! ed25519_pubkey_eq(ed_id_rcvd, expected_id)) {
3303 log_info(LD_DIRSERV, "Router at %s:%d with RSA ID %s "
3304 "did not present expected Ed25519 ID.",
3305 fmt_addr(addr), or_port, hex_str(digest_rcvd, DIGEST_LEN));
3306 return; /* Don't mark it as reachable. */
3307 }
3308 }
3309
3310 tor_addr_copy(&orport.addr, addr);
3311 orport.port = or_port;
3312 if (router_has_orport(ri, &orport)) {
3313 /* Found the right router. */
3314 if (!authdir_mode_bridge(get_options()) ||
3315 ri->purpose == ROUTER_PURPOSE_BRIDGE) {
3316 char addrstr[TOR_ADDR_BUF_LEN];
3317 /* This is a bridge or we're not a bridge authority --
3318 mark it as reachable. */
3319 log_info(LD_DIRSERV, "Found router %s to be reachable at %s:%d. Yay.",
3320 router_describe(ri),
3321 tor_addr_to_str(addrstr, addr, sizeof(addrstr), 1),
3322 ri->or_port);
3323 if (tor_addr_family(addr) == AF_INET) {
3324 rep_hist_note_router_reachable(digest_rcvd, addr, or_port, now);
3325 node->last_reachable = now;
3326 } else if (tor_addr_family(addr) == AF_INET6) {
3327 /* No rephist for IPv6. */
3328 node->last_reachable6 = now;
3329 }
3330 }
3331 }
3332 }
3333
3334 /** Called when we, as an authority, receive a new router descriptor either as
3335 * an upload or a download. Used to decide whether to relaunch reachability
3336 * testing for the server. */
3337 int
3338 dirserv_should_launch_reachability_test(const routerinfo_t *ri,
3339 const routerinfo_t *ri_old)
3340 {
3341 if (!authdir_mode_handles_descs(get_options(), ri->purpose))
3342 return 0;
3343 if (!ri_old) {
3344 /* New router: Launch an immediate reachability test, so we will have an
3345 * opinion soon in case we're generating a consensus soon */
3346 return 1;
3347 }
3348 if (ri_old->is_hibernating && !ri->is_hibernating) {
3349 /* It just came out of hibernation; launch a reachability test */
3350 return 1;
3351 }
3352 if (! routers_have_same_or_addrs(ri, ri_old)) {
3353 /* Address or port changed; launch a reachability test */
3354 return 1;
3355 }
3356 return 0;
3357 }
3358
3359 /** Helper function for dirserv_test_reachability(). Start a TLS
3360 * connection to <b>router</b>, and annotate it with when we started
3361 * the test. */
3362 void
3363 dirserv_single_reachability_test(time_t now, routerinfo_t *router)
3364 {
3365 const or_options_t *options = get_options();
3366 channel_t *chan = NULL;
3367 const node_t *node = NULL;
3368 tor_addr_t router_addr;
3369 const ed25519_public_key_t *ed_id_key;
3370 (void) now;
3371
3372 tor_assert(router);
3373 node = node_get_by_id(router->cache_info.identity_digest);
3374 tor_assert(node);
3375
3376 if (options->AuthDirTestEd25519LinkKeys &&
3377 node_supports_ed25519_link_authentication(node)) {
3378 ed_id_key = &router->cache_info.signing_key_cert->signing_key;
3379 } else {
3380 ed_id_key = NULL;
3381 }
3382
3383 /* IPv4. */
3384 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
3385 router->nickname, fmt_addr32(router->addr), router->or_port);
3386 tor_addr_from_ipv4h(&router_addr, router->addr);
3387 chan = channel_tls_connect(&router_addr, router->or_port,
3388 router->cache_info.identity_digest,
3389 ed_id_key);
3390 if (chan) command_setup_channel(chan);
3391
3392 /* Possible IPv6. */
3393 if (get_options()->AuthDirHasIPv6Connectivity == 1 &&
3394 !tor_addr_is_null(&router->ipv6_addr)) {
3395 char addrstr[TOR_ADDR_BUF_LEN];
3396 log_debug(LD_OR, "Testing reachability of %s at %s:%u.",
3397 router->nickname,
3398 tor_addr_to_str(addrstr, &router->ipv6_addr, sizeof(addrstr), 1),
3399 router->ipv6_orport);
3400 chan = channel_tls_connect(&router->ipv6_addr, router->ipv6_orport,
3401 router->cache_info.identity_digest,
3402 ed_id_key);
3403 if (chan) command_setup_channel(chan);
3404 }
3405 }
3406
3407 /** Auth dir server only: load balance such that we only
3408 * try a few connections per call.
3409 *
3410 * The load balancing is such that if we get called once every ten
3411 * seconds, we will cycle through all the tests in
3412 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3413 */
3414 void
3415 dirserv_test_reachability(time_t now)
3416 {
3417 /* XXX decide what to do here; see or-talk thread "purging old router
3418 * information, revocation." -NM
3419 * We can't afford to mess with this in 0.1.2.x. The reason is that
3420 * if we stop doing reachability tests on some of routerlist, then
3421 * we'll for-sure think they're down, which may have unexpected
3422 * effects in other parts of the code. It doesn't hurt much to do
3423 * the testing, and directory authorities are easy to upgrade. Let's
3424 * wait til 0.2.0. -RD */
3425 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3426 routerlist_t *rl = router_get_routerlist();
3427 static char ctr = 0;
3428 int bridge_auth = authdir_mode_bridge(get_options());
3429
3430 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, router) {
3431 const char *id_digest = router->cache_info.identity_digest;
3432 if (router_is_me(router))
3433 continue;
3434 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
3435 continue; /* bridge authorities only test reachability on bridges */
3436 // if (router->cache_info.published_on > cutoff)
3437 // continue;
3438 if ((((uint8_t)id_digest[0]) % REACHABILITY_MODULO_PER_TEST) == ctr) {
3439 dirserv_single_reachability_test(now, router);
3440 }
3441 } SMARTLIST_FOREACH_END(router);
3442 ctr = (ctr + 1) % REACHABILITY_MODULO_PER_TEST; /* increment ctr */
3443 }
3444
3445 /* ==========
3446 * Spooling code.
3447 * ========== */
3448
3449 spooled_resource_t *
3450 spooled_resource_new(dir_spool_source_t source,
3451 const uint8_t *digest, size_t digestlen)
3452 {
3453 spooled_resource_t *spooled = tor_malloc_zero(sizeof(spooled_resource_t));
3454 spooled->spool_source = source;
3455 switch (source) {
3456 case DIR_SPOOL_NETWORKSTATUS:
3457 spooled->spool_eagerly = 0;
3458 break;
3459 case DIR_SPOOL_SERVER_BY_DIGEST:
3460 case DIR_SPOOL_SERVER_BY_FP:
3461 case DIR_SPOOL_EXTRA_BY_DIGEST:
3462 case DIR_SPOOL_EXTRA_BY_FP:
3463 case DIR_SPOOL_MICRODESC:
3464 default:
3465 spooled->spool_eagerly = 1;
3466 break;
3467 case DIR_SPOOL_CONSENSUS_CACHE_ENTRY:
3468 tor_assert_unreached();
3469 break;
3470 }
3471 tor_assert(digestlen <= sizeof(spooled->digest));
3472 if (digest)
3473 memcpy(spooled->digest, digest, digestlen);
3474 return spooled;
3475 }
3476
3477 /**
3478 * Create a new spooled_resource_t to spool the contents of <b>entry</b> to
3479 * the user. Return the spooled object on success, or NULL on failure (which
3480 * is probably caused by a failure to map the body of the item from disk).
3481 *
3482 * Adds a reference to entry's reference counter.
3483 */
3484 spooled_resource_t *
3485 spooled_resource_new_from_cache_entry(consensus_cache_entry_t *entry)
3486 {
3487 spooled_resource_t *spooled = tor_malloc_zero(sizeof(spooled_resource_t));
3488 spooled->spool_source = DIR_SPOOL_CONSENSUS_CACHE_ENTRY;
3489 spooled->spool_eagerly = 0;
3490 consensus_cache_entry_incref(entry);
3491 spooled->consensus_cache_entry = entry;
3492
3493 int r = consensus_cache_entry_get_body(entry,
3494 &spooled->cce_body,
3495 &spooled->cce_len);
3496 if (r == 0) {
3497 return spooled;
3498 } else {
3499 spooled_resource_free(spooled);
3500 return NULL;
3501 }
3502 }
3503
3504 /** Release all storage held by <b>spooled</b>. */
3505 void
3506 spooled_resource_free(spooled_resource_t *spooled)
3507 {
3508 if (spooled == NULL)
3509 return;
3510
3511 if (spooled->cached_dir_ref) {
3512 cached_dir_decref(spooled->cached_dir_ref);
3513 }
3514
3515 if (spooled->consensus_cache_entry) {
3516 consensus_cache_entry_decref(spooled->consensus_cache_entry);
3517 }
3518
3519 tor_free(spooled);
3520 }
3521
3522 /** When spooling data from a cached_dir_t object, we always add
3523 * at least this much. */
3524 #define DIRSERV_CACHED_DIR_CHUNK_SIZE 8192
3525
3526 /** Return an compression ratio for compressing objects from <b>source</b>.
3527 */
3528 static double
3529 estimate_compression_ratio(dir_spool_source_t source)
3530 {
3531 /* We should put in better estimates here, depending on the number of
3532 objects and their type */
3533 (void) source;
3534 return 0.5;
3535 }
3536
3537 /** Return an estimated number of bytes needed for transmitting the
3538 * resource in <b>spooled</b> on <b>conn</b>
3539 *
3540 * As a convenient side-effect, set *<b>published_out</b> to the resource's
3541 * publication time.
3542 */
3543 static size_t
3544 spooled_resource_estimate_size(const spooled_resource_t *spooled,
3545 dir_connection_t *conn,
3546 int compressed,
3547 time_t *published_out)
3548 {
3549 if (spooled->spool_eagerly) {
3550 const uint8_t *body = NULL;
3551 size_t bodylen = 0;
3552 int r = spooled_resource_lookup_body(spooled,
3553 connection_dir_is_encrypted(conn),
3554 &body, &bodylen,
3555 published_out);
3556 if (r == -1 || body == NULL || bodylen == 0)
3557 return 0;
3558 if (compressed) {
3559 double ratio = estimate_compression_ratio(spooled->spool_source);
3560 bodylen = (size_t)(bodylen * ratio);
3561 }
3562 return bodylen;
3563 } else {
3564 cached_dir_t *cached;
3565 if (spooled->consensus_cache_entry) {
3566 if (published_out) {
3567 consensus_cache_entry_get_valid_after(
3568 spooled->consensus_cache_entry, published_out);
3569 }
3570
3571 return spooled->cce_len;
3572 }
3573 if (spooled->cached_dir_ref) {
3574 cached = spooled->cached_dir_ref;
3575 } else {
3576 cached = spooled_resource_lookup_cached_dir(spooled,
3577 published_out);
3578 }
3579 if (cached == NULL) {
3580 return 0;
3581 }
3582 size_t result = compressed ? cached->dir_compressed_len : cached->dir_len;
3583 return result;
3584 }
3585 }
3586
3587 /** Return code for spooled_resource_flush_some */
3588 typedef enum {
3589 SRFS_ERR = -1,
3590 SRFS_MORE = 0,
3591 SRFS_DONE
3592 } spooled_resource_flush_status_t;
3593
3594 /** Flush some or all of the bytes from <b>spooled</b> onto <b>conn</b>.
3595 * Return SRFS_ERR on error, SRFS_MORE if there are more bytes to flush from
3596 * this spooled resource, or SRFS_DONE if we are done flushing this spooled
3597 * resource.
3598 */
3599 static spooled_resource_flush_status_t
3600 spooled_resource_flush_some(spooled_resource_t *spooled,
3601 dir_connection_t *conn)
3602 {
3603 if (spooled->spool_eagerly) {
3604 /* Spool_eagerly resources are sent all-at-once. */
3605 const uint8_t *body = NULL;
3606 size_t bodylen = 0;
3607 int r = spooled_resource_lookup_body(spooled,
3608 connection_dir_is_encrypted(conn),
3609 &body, &bodylen, NULL);
3610 if (r == -1 || body == NULL || bodylen == 0) {
3611 /* Absent objects count as "done". */
3612 return SRFS_DONE;
3613 }
3614 if (conn->compress_state) {
3615 connection_write_to_buf_compress((const char*)body, bodylen, conn, 0);
3616 } else {
3617 connection_write_to_buf((const char*)body, bodylen, TO_CONN(conn));
3618 }
3619 return SRFS_DONE;
3620 } else {
3621 cached_dir_t *cached = spooled->cached_dir_ref;
3622 consensus_cache_entry_t *cce = spooled->consensus_cache_entry;
3623 if (cached == NULL && cce == NULL) {
3624 /* The cached_dir_t hasn't been materialized yet. So let's look it up. */
3625 cached = spooled->cached_dir_ref =
3626 spooled_resource_lookup_cached_dir(spooled, NULL);
3627 if (!cached) {
3628 /* Absent objects count as done. */
3629 return SRFS_DONE;
3630 }
3631 ++cached->refcnt;
3632 tor_assert_nonfatal(spooled->cached_dir_offset == 0);
3633 }
3634
3635 if (BUG(!cached && !cce))
3636 return SRFS_DONE;
3637
3638 int64_t total_len;
3639 const char *ptr;
3640 if (cached) {
3641 total_len = cached->dir_compressed_len;
3642 ptr = cached->dir_compressed;
3643 } else {
3644 total_len = spooled->cce_len;
3645 ptr = (const char *)spooled->cce_body;
3646 }
3647 /* How many bytes left to flush? */
3648 int64_t remaining;
3649 remaining = total_len - spooled->cached_dir_offset;
3650 if (BUG(remaining < 0))
3651 return SRFS_ERR;
3652 ssize_t bytes = (ssize_t) MIN(DIRSERV_CACHED_DIR_CHUNK_SIZE, remaining);
3653 if (conn->compress_state) {
3654 connection_write_to_buf_compress(
3655 ptr + spooled->cached_dir_offset,
3656 bytes, conn, 0);
3657 } else {
3658 connection_write_to_buf(ptr + spooled->cached_dir_offset,
3659 bytes, TO_CONN(conn));
3660 }
3661 spooled->cached_dir_offset += bytes;
3662 if (spooled->cached_dir_offset >= (off_t)total_len) {
3663 return SRFS_DONE;
3664 } else {
3665 return SRFS_MORE;
3666 }
3667 }
3668 }
3669
3670 /** Helper: find the cached_dir_t for a spooled_resource_t, for
3671 * sending it to <b>conn</b>. Set *<b>published_out</b>, if provided,
3672 * to the published time of the cached_dir_t.
3673 *
3674 * DOES NOT increase the reference count on the result. Callers must do that
3675 * themselves if they mean to hang on to it.
3676 */
3677 static cached_dir_t *
3678 spooled_resource_lookup_cached_dir(const spooled_resource_t *spooled,
3679 time_t *published_out)
3680 {
3681 tor_assert(spooled->spool_eagerly == 0);
3682 cached_dir_t *d = lookup_cached_dir_by_fp(spooled->digest);
3683 if (d != NULL) {
3684 if (published_out)
3685 *published_out = d->published;
3686 }
3687 return d;
3688 }
3689
3690 /** Helper: Look up the body for an eagerly-served spooled_resource. If
3691 * <b>conn_is_encrypted</b> is false, don't look up any resource that
3692 * shouldn't be sent over an unencrypted connection. On success, set
3693 * <b>body_out</b>, <b>size_out</b>, and <b>published_out</b> to refer
3694 * to the resource's body, size, and publication date, and return 0.
3695 * On failure return -1. */
3696 static int
3697 spooled_resource_lookup_body(const spooled_resource_t *spooled,
3698 int conn_is_encrypted,
3699 const uint8_t **body_out,
3700 size_t *size_out,
3701 time_t *published_out)
3702 {
3703 tor_assert(spooled->spool_eagerly == 1);
3704
3705 const signed_descriptor_t *sd = NULL;
3706
3707 switch (spooled->spool_source) {
3708 case DIR_SPOOL_EXTRA_BY_FP: {
3709 sd = get_signed_descriptor_by_fp(spooled->digest, 1);
3710 break;
3711 }
3712 case DIR_SPOOL_SERVER_BY_FP: {
3713 sd = get_signed_descriptor_by_fp(spooled->digest, 0);
3714 break;
3715 }
3716 case DIR_SPOOL_SERVER_BY_DIGEST: {
3717 sd = router_get_by_descriptor_digest((const char *)spooled->digest);
3718 break;
3719 }
3720 case DIR_SPOOL_EXTRA_BY_DIGEST: {
3721 sd = extrainfo_get_by_descriptor_digest((const char *)spooled->digest);
3722 break;
3723 }
3724 case DIR_SPOOL_MICRODESC: {
3725 microdesc_t *md = microdesc_cache_lookup_by_digest256(
3726 get_microdesc_cache(),
3727 (const char *)spooled->digest);
3728 if (! md || ! md->body) {
3729 return -1;
3730 }
3731 *body_out = (const uint8_t *)md->body;
3732 *size_out = md->bodylen;
3733 if (published_out)
3734 *published_out = TIME_MAX;
3735 return 0;
3736 }
3737 case DIR_SPOOL_NETWORKSTATUS:
3738 case DIR_SPOOL_CONSENSUS_CACHE_ENTRY:
3739 default:
3740 /* LCOV_EXCL_START */
3741 tor_assert_nonfatal_unreached();
3742 return -1;
3743 /* LCOV_EXCL_STOP */
3744 }
3745
3746 /* If we get here, then we tried to set "sd" to a signed_descriptor_t. */
3747
3748 if (sd == NULL) {
3749 return -1;
3750 }
3751 if (sd->send_unencrypted == 0 && ! conn_is_encrypted) {
3752 /* we did this check once before (so we could have an accurate size
3753 * estimate and maybe send a 404 if somebody asked for only bridges on
3754 * a connection), but we need to do it again in case a previously
3755 * unknown bridge descriptor has shown up between then and now. */
3756 return -1;
3757 }
3758 *body_out = (const uint8_t *) signed_descriptor_get_body(sd);
3759 *size_out = sd->signed_descriptor_len;
3760 if (published_out)
3761 *published_out = sd->published_on;
3762 return 0;
3763 }
3764
3765 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3766 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3767 * flavor name if we want a flavored v3 status, return a pointer to the
3768 * appropriate cached dir object, or NULL if there isn't one available. */
3769 static cached_dir_t *
3770 lookup_cached_dir_by_fp(const uint8_t *fp)
3771 {
3772 cached_dir_t *d = NULL;
3773 if (tor_digest_is_zero((const char *)fp) && cached_consensuses) {
3774 d = strmap_get(cached_consensuses, "ns");
3775 } else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses) {
3776 /* this here interface is a nasty hack: we're shoving a flavor into
3777 * a digest field. */
3778 d = strmap_get(cached_consensuses, (const char *)fp);
3779 }
3780 return d;
3781 }
3782
3783 /** Try to guess the number of bytes that will be needed to send the
3784 * spooled objects for <b>conn</b>'s outgoing spool. In the process,
3785 * remove every element of the spool that refers to an absent object, or
3786 * which was published earlier than <b>cutoff</b>. Set *<b>size_out</b>
3787 * to the number of bytes, and *<b>n_expired_out</b> to the number of
3788 * objects removed for being too old. */
3789 void
3790 dirserv_spool_remove_missing_and_guess_size(dir_connection_t *conn,
3791 time_t cutoff,
3792 int compression,
3793 size_t *size_out,
3794 int *n_expired_out)
3795 {
3796 if (BUG(!conn))
3797 return;
3798
3799 smartlist_t *spool = conn->spool;
3800 if (!spool) {
3801 if (size_out)
3802 *size_out = 0;
3803 if (n_expired_out)
3804 *n_expired_out = 0;
3805 return;
3806 }
3807 int n_expired = 0;
3808 uint64_t total = 0;
3809 SMARTLIST_FOREACH_BEGIN(spool, spooled_resource_t *, spooled) {
3810 time_t published = TIME_MAX;
3811 size_t sz = spooled_resource_estimate_size(spooled, conn,
3812 compression, &published);
3813 if (published < cutoff) {
3814 ++n_expired;
3815 SMARTLIST_DEL_CURRENT(spool, spooled);
3816 spooled_resource_free(spooled);
3817 } else if (sz == 0) {
3818 SMARTLIST_DEL_CURRENT(spool, spooled);
3819 spooled_resource_free(spooled);
3820 } else {
3821 total += sz;
3822 }
3823 } SMARTLIST_FOREACH_END(spooled);
3824
3825 if (size_out) {
3826 *size_out = (total > SIZE_MAX) ? SIZE_MAX : (size_t)total;
3827 }
3828 if (n_expired_out)
3829 *n_expired_out = n_expired;
3830 }
3831
3832 /** Helper: used to sort a connection's spool. */
3833 static int
3834 dirserv_spool_sort_comparison_(const void **a_, const void **b_)
3835 {
3836 const spooled_resource_t *a = *a_;
3837 const spooled_resource_t *b = *b_;
3838 return fast_memcmp(a->digest, b->digest, sizeof(a->digest));
3839 }
3840
3841 /** Sort all the entries in <b>conn</b> by digest. */
3842 void
3843 dirserv_spool_sort(dir_connection_t *conn)
3844 {
3845 if (conn->spool == NULL)
3846 return;
3847 smartlist_sort(conn->spool, dirserv_spool_sort_comparison_);
3848 }
3849
3850 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3851 * its extra-info document if <b>extrainfo</b> is true. Return
3852 * NULL if not found or if the descriptor is older than
3853 * <b>publish_cutoff</b>. */
3854 static const signed_descriptor_t *
3855 get_signed_descriptor_by_fp(const uint8_t *fp, int extrainfo)
3856 {
3857 if (router_digest_is_me((const char *)fp)) {
3858 if (extrainfo)
3859 return &(router_get_my_extrainfo()->cache_info);
3860 else
3861 return &(router_get_my_routerinfo()->cache_info);
3862 } else {
3863 const routerinfo_t *ri = router_get_by_id_digest((const char *)fp);
3864 if (ri) {
3865 if (extrainfo)
3866 return extrainfo_get_by_descriptor_digest(
3867 ri->cache_info.extra_info_digest);
3868 else
3869 return &ri->cache_info;
3870 }
3871 }
3872 return NULL;
3873 }
3874
3875 /** When we're spooling data onto our outbuf, add more whenever we dip
3876 * below this threshold. */
3877 #define DIRSERV_BUFFER_MIN 16384
3878
3879 /**
3880 * Called whenever we have flushed some directory data in state
3881 * SERVER_WRITING, or whenever we want to fill the buffer with initial
3882 * directory data (so that subsequent writes will occur, and trigger this
3883 * function again.)
3884 *
3885 * Return 0 on success, and -1 on failure.
3886 */
3887 int
3888 connection_dirserv_flushed_some(dir_connection_t *conn)
3889 {
3890 tor_assert(conn->base_.state == DIR_CONN_STATE_SERVER_WRITING);
3891 if (conn->spool == NULL)
3892 return 0;
3893
3894 while (connection_get_outbuf_len(TO_CONN(conn)) < DIRSERV_BUFFER_MIN &&
3895 smartlist_len(conn->spool)) {
3896 spooled_resource_t *spooled =
3897 smartlist_get(conn->spool, smartlist_len(conn->spool)-1);
3898 spooled_resource_flush_status_t status;
3899 status = spooled_resource_flush_some(spooled, conn);
3900 if (status == SRFS_ERR) {
3901 return -1;
3902 } else if (status == SRFS_MORE) {
3903 return 0;
3904 }
3905 tor_assert(status == SRFS_DONE);
3906
3907 /* If we're here, we're done flushing this resource. */
3908 tor_assert(smartlist_pop_last(conn->spool) == spooled);
3909 spooled_resource_free(spooled);
3910 }
3911
3912 if (smartlist_len(conn->spool) > 0) {
3913 /* We're still spooling something. */
3914 return 0;
3915 }
3916
3917 /* If we get here, we're done. */
3918 smartlist_free(conn->spool);
3919 conn->spool = NULL;
3920 if (conn->compress_state) {
3921 /* Flush the compression state: there could be more bytes pending in there,
3922 * and we don't want to omit bytes. */
3923 connection_write_to_buf_compress("", 0, conn, 1);
3924 tor_compress_free(conn->compress_state);
3925 conn->compress_state = NULL;
3926 }
3927 return 0;
3928 }
3929
3930 /** Remove every element from <b>conn</b>'s outgoing spool, and delete
3931 * the spool. */
3932 void
3933 dir_conn_clear_spool(dir_connection_t *conn)
3934 {
3935 if (!conn || ! conn->spool)
3936 return;
3937 SMARTLIST_FOREACH(conn->spool, spooled_resource_t *, s,
3938 spooled_resource_free(s));
3939 smartlist_free(conn->spool);
3940 conn->spool = NULL;
3941 }
3942
3943 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3944 */
3945 /*
3946 The grammar is:
3947
3948 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3949
3950 PACKAGENAME = NONSPACE
3951 VERSION = NONSPACE
3952 URL = NONSPACE
3953 DIGESTS = DIGEST | DIGESTS SP DIGEST
3954 DIGEST = DIGESTTYPE "=" DIGESTVAL
3955
3956 NONSPACE = one or more non-space printing characters
3957
3958 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3959
3960 SP = " "
3961 NL = a newline
3962
3963 */
3964 int
3965 validate_recommended_package_line(const char *line)
3966 {
3967 const char *cp = line;
3968
3969 #define WORD() \
3970 do { \
3971 if (*cp == ' ') \
3972 return 0; \
3973 cp = strchr(cp, ' '); \
3974 if (!cp) \
3975 return 0; \
3976 } while (0)
3977
3978 WORD(); /* skip packagename */
3979 ++cp;
3980 WORD(); /* skip version */
3981 ++cp;
3982 WORD(); /* Skip URL */
3983 ++cp;
3984
3985 /* Skip digesttype=digestval + */
3986 int n_entries = 0;
3987 while (1) {
3988 const char *start_of_word = cp;
3989 const char *end_of_word = strchr(cp, ' ');
3990 if (! end_of_word)
3991 end_of_word = cp + strlen(cp);
3992
3993 if (start_of_word == end_of_word)
3994 return 0;
3995
3996 const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
3997
3998 if (!eq)
3999 return 0;
4000 if (eq == start_of_word)
4001 return 0;
4002 if (eq == end_of_word - 1)
4003 return 0;
4004 if (memchr(eq+1, '=', end_of_word - (eq+1)))
4005 return 0;
4006
4007 ++n_entries;
4008 if (0 == *end_of_word)
4009 break;
4010
4011 cp = end_of_word + 1;
4012 }
4013
4014 /* If we reach this point, we have at least 1 entry. */
4015 tor_assert(n_entries > 0);
4016 return 1;
4017 }
4018
4019 /** Release all storage used by the directory server. */
4020 void
4021 dirserv_free_all(void)
4022 {
4023 dirserv_free_fingerprint_list();
4024
4025 strmap_free(cached_consensuses, free_cached_dir_);
4026 cached_consensuses = NULL;
4027
4028 dirserv_clear_measured_bw_cache();
4029 }
4030
The Onion Router