search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
If the networkstatus consensus lists no recommended versions, don't
[tor.git] / src / or / networkstatus.c
blobd1069940ca9410bdd90f56cf7ad53041871ae1a2
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 /* $Id$ */
7 const char networkstatus_c_id[] =
8 "$Id$";
9
10 /**
11 * \file Functions and structures for handling network status documents as a
12 * client or cache.
13 */
14
15 #include "or.h"
16
17 /* For tracking v2 networkstatus documents. Only caches do this now. */
18
19 /** Map from descriptor digest of routers listed in the v2 networkstatus
20 * documents to download_status_t* */
21 static digestmap_t *v2_download_status_map = NULL;
22 /** Global list of all of the current v2 network_status documents that we know
23 * about. This list is kept sorted by published_on. */
24 static smartlist_t *networkstatus_v2_list = NULL;
25 /** True iff any member of networkstatus_v2_list has changed since the last
26 * time we called download_status_map_update_from_v2_networkstatus() */
27 static int networkstatus_v2_list_has_changed = 0;
28
29 /** Map from lowercase nickname to identity digest of named server, if any. */
30 static strmap_t *named_server_map = NULL;
31 /** Map from lowercase nickname to (void*)1 for all names that are listed
32 * as unnamed for some server in the consensus. */
33 static strmap_t *unnamed_server_map = NULL;
34
35 /** Most recently received and validated v3 consensus network status. */
36 static networkstatus_t *current_consensus = NULL;
37
38 /** A v3 consensus networkstatus that we've received, but which we don't
39 * have enough certificates to be happy about. */
40 static networkstatus_t *consensus_waiting_for_certs = NULL;
41 static char *consensus_waiting_for_certs_body = NULL;
42 static time_t consensus_waiting_for_certs_set_at = 0;
43 static int consensus_waiting_for_certs_dl_failed = 0;
44
45 /** The last time we tried to download a networkstatus, or 0 for "never". We
46 * use this to rate-limit download attempts for directory caches (including
47 * mirrors). Clients don't use this now. */
48 static time_t last_networkstatus_download_attempted = 0;
49
50 /** A time before which we shouldn't try to replace the current consensus:
51 * this will be at some point after the next consensus becomes valid, but
52 * before the current consensus becomes invalid. */
53 static time_t time_to_download_next_consensus = 0;
54 /** Download status for the current consensus networkstatus. */
55 static download_status_t consensus_dl_status = { 0, 0, DL_SCHED_CONSENSUS };
56
57 /** True iff we have logged a warning about this OR not being valid or
58 * not being named. */
59 static int have_warned_about_invalid_status = 0;
60 /** True iff we have logged a warning about this OR's version being older than
61 * listed by the authorities. */
62 static int have_warned_about_old_version = 0;
63 /** True iff we have logged a warning about this OR's version being newer than
64 * listed by the authorities. */
65 static int have_warned_about_new_version = 0;
66
67 static void download_status_map_update_from_v2_networkstatus(void);
68 static void routerstatus_list_update_named_server_map(void);
69
70 /** Forget that we've warned about anything networkstatus-related, so we will
71 * give fresh warnings if the same behavior happens again. */
72 void
73 networkstatus_reset_warnings(void)
74 {
75 if (current_consensus) {
76 SMARTLIST_FOREACH(current_consensus->routerstatus_list,
77 routerstatus_t *, rs,
78 rs->name_lookup_warned = 0);
79 }
80
81 have_warned_about_invalid_status = 0;
82 have_warned_about_old_version = 0;
83 have_warned_about_new_version = 0;
84 }
85
86 /** Reset the descriptor download failure count on all networkstatus docs, so
87 * that we can retry any long-failed documents immediately.
88 */
89 void
90 networkstatus_reset_download_failures(void)
91 {
92 const smartlist_t *networkstatus_v2_list = networkstatus_get_v2_list();
93 SMARTLIST_FOREACH(networkstatus_v2_list, networkstatus_v2_t *, ns,
94 SMARTLIST_FOREACH(ns->entries, routerstatus_t *, rs,
95 {
96 if (!router_get_by_descriptor_digest(rs->descriptor_digest))
97 rs->need_to_mirror = 1;
98 }));;
99
100 download_status_reset(&consensus_dl_status);
101 if (v2_download_status_map) {
102 digestmap_iter_t *iter;
103 digestmap_t *map = v2_download_status_map;
104 const char *key;
105 void *val;
106 download_status_t *dls;
107 for (iter = digestmap_iter_init(map); !digestmap_iter_done(iter);
108 iter = digestmap_iter_next(map, iter) ) {
109 digestmap_iter_get(iter, &key, &val);
110 dls = val;
111 download_status_reset(dls);
112 }
113 }
114 }
115
116 /** Repopulate our list of network_status_t objects from the list cached on
117 * disk. Return 0 on success, -1 on failure. */
118 int
119 router_reload_v2_networkstatus(void)
120 {
121 smartlist_t *entries;
122 struct stat st;
123 char *s;
124 char *filename = get_datadir_fname("cached-status");
125 int maybe_delete = !directory_caches_v2_dir_info(get_options());
126 time_t now = time(NULL);
127 if (!networkstatus_v2_list)
128 networkstatus_v2_list = smartlist_create();
129
130 entries = tor_listdir(filename);
131 if (!entries) { /* dir doesn't exist */
132 tor_free(filename);
133 return 0;
134 } else if (!smartlist_len(entries) && maybe_delete) {
135 rmdir(filename);
136 tor_free(filename);
137 return 0;
138 }
139 tor_free(filename);
140 SMARTLIST_FOREACH(entries, const char *, fn, {
141 char buf[DIGEST_LEN];
142 if (maybe_delete) {
143 filename = get_datadir_fname2("cached-status", fn);
144 remove_file_if_very_old(filename, now);
145 tor_free(filename);
146 continue;
147 }
148 if (strlen(fn) != HEX_DIGEST_LEN ||
149 base16_decode(buf, sizeof(buf), fn, strlen(fn))) {
150 log_info(LD_DIR,
151 "Skipping cached-status file with unexpected name \"%s\"",fn);
152 continue;
153 }
154 filename = get_datadir_fname2("cached-status", fn);
155 s = read_file_to_str(filename, 0, &st);
156 if (s) {
157 if (router_set_networkstatus_v2(s, st.st_mtime, NS_FROM_CACHE,
158 NULL)<0) {
159 log_warn(LD_FS, "Couldn't load networkstatus from \"%s\"",filename);
160 }
161 tor_free(s);
162 }
163 tor_free(filename);
164 });
165 SMARTLIST_FOREACH(entries, char *, fn, tor_free(fn));
166 smartlist_free(entries);
167 networkstatus_v2_list_clean(time(NULL));
168 routers_update_all_from_networkstatus(time(NULL), 2);
169 return 0;
170 }
171
172 /** Read the cached v3 consensus networkstatus from the disk. */
173 int
174 router_reload_consensus_networkstatus(void)
175 {
176 char *filename;
177 char *s;
178 struct stat st;
179 or_options_t *options = get_options();
180 const unsigned int flags = NSSET_FROM_CACHE | NSSET_DONT_DOWNLOAD_CERTS;
181
182 /* XXXX020 Suppress warnings if cached consensus is bad. */
183
184 filename = get_datadir_fname("cached-consensus");
185 s = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
186 if (s) {
187 if (networkstatus_set_current_consensus(s, flags)) {
188 log_warn(LD_FS, "Couldn't load consensus networkstatus from \"%s\"",
189 filename);
190 }
191 tor_free(s);
192 }
193 tor_free(filename);
194
195 filename = get_datadir_fname("unverified-consensus");
196 s = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
197 if (s) {
198 if (networkstatus_set_current_consensus(s,
199 flags|NSSET_WAS_WAITING_FOR_CERTS)) {
200 log_info(LD_FS, "Couldn't load consensus networkstatus from \"%s\"",
201 filename);
202 }
203 tor_free(s);
204 }
205 tor_free(filename);
206
207 if (!current_consensus ||
208 (stat(options->FallbackNetworkstatusFile, &st)==0 &&
209 st.st_mtime > current_consensus->valid_after)) {
210 s = read_file_to_str(options->FallbackNetworkstatusFile,
211 RFTS_IGNORE_MISSING, NULL);
212 if (s) {
213 if (networkstatus_set_current_consensus(s, flags)) {
214 log_info(LD_FS, "Couldn't load consensus networkstatus from \"%s\"",
215 options->FallbackNetworkstatusFile);
216 } else {
217 log_notice(LD_FS,
218 "Loaded fallback consensus networkstatus from \"%s\"",
219 options->FallbackNetworkstatusFile);
220 }
221 tor_free(s);
222 }
223 }
224
225 if (!current_consensus) {
226 if (!named_server_map)
227 named_server_map = strmap_new();
228 if (!unnamed_server_map)
229 unnamed_server_map = strmap_new();
230 }
231
232 update_certificate_downloads(time(NULL));
233
234 routers_update_all_from_networkstatus(time(NULL), 3);
235
236 return 0;
237 }
238
239 /** Free all storage held by the routerstatus object <b>rs</b>. */
240 void
241 routerstatus_free(routerstatus_t *rs)
242 {
243 tor_free(rs);
244 }
245
246 /** Free all storage held by the networkstatus object <b>ns</b>. */
247 void
248 networkstatus_v2_free(networkstatus_v2_t *ns)
249 {
250 tor_free(ns->source_address);
251 tor_free(ns->contact);
252 if (ns->signing_key)
253 crypto_free_pk_env(ns->signing_key);
254 tor_free(ns->client_versions);
255 tor_free(ns->server_versions);
256 if (ns->entries) {
257 SMARTLIST_FOREACH(ns->entries, routerstatus_t *, rs,
258 routerstatus_free(rs));
259 smartlist_free(ns->entries);
260 }
261 tor_free(ns);
262 }
263
264 /** Clear all storage held in <b>ns</b>. */
265 void
266 networkstatus_vote_free(networkstatus_t *ns)
267 {
268 if (!ns)
269 return;
270
271 tor_free(ns->client_versions);
272 tor_free(ns->server_versions);
273 if (ns->known_flags) {
274 SMARTLIST_FOREACH(ns->known_flags, char *, c, tor_free(c));
275 smartlist_free(ns->known_flags);
276 }
277 if (ns->supported_methods) {
278 SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
279 smartlist_free(ns->supported_methods);
280 }
281 if (ns->voters) {
282 SMARTLIST_FOREACH(ns->voters, networkstatus_voter_info_t *, voter,
283 {
284 tor_free(voter->nickname);
285 tor_free(voter->address);
286 tor_free(voter->contact);
287 tor_free(voter->signature);
288 tor_free(voter);
289 });
290 smartlist_free(ns->voters);
291 }
292 if (ns->cert)
293 authority_cert_free(ns->cert);
294
295 if (ns->routerstatus_list) {
296 if (ns->is_vote) {
297 SMARTLIST_FOREACH(ns->routerstatus_list, vote_routerstatus_t *, rs,
298 {
299 tor_free(rs->version);
300 tor_free(rs);
301 });
302 } else {
303 SMARTLIST_FOREACH(ns->routerstatus_list, routerstatus_t *, rs,
304 tor_free(rs));
305 }
306
307 smartlist_free(ns->routerstatus_list);
308 }
309 if (ns->desc_digest_map)
310 digestmap_free(ns->desc_digest_map, NULL);
311
312 memset(ns, 11, sizeof(*ns));
313 tor_free(ns);
314 }
315
316 /** Return the voter info from <b>vote</b> for the voter whose identity digest
317 * is <b>identity</b>, or NULL if no such voter is associated with
318 * <b>vote</b>. */
319 networkstatus_voter_info_t *
320 networkstatus_get_voter_by_id(networkstatus_t *vote,
321 const char *identity)
322 {
323 if (!vote || !vote->voters)
324 return NULL;
325 SMARTLIST_FOREACH(vote->voters, networkstatus_voter_info_t *, voter,
326 if (!memcmp(voter->identity_digest, identity, DIGEST_LEN))
327 return voter);
328 return NULL;
329 }
330
331 /** Check whether the signature on <b>voter</b> is correctly signed by
332 * the signing key of <b>cert</b>. Return -1 if <b>cert</b> doesn't match the
333 * signing key; otherwise set the good_signature or bad_signature flag on
334 * <b>voter</b>, and return 0. */
335 /* (private; exposed for testing.) */
336 int
337 networkstatus_check_voter_signature(networkstatus_t *consensus,
338 networkstatus_voter_info_t *voter,
339 authority_cert_t *cert)
340 {
341 char d[DIGEST_LEN];
342 char *signed_digest;
343 size_t signed_digest_len;
344 if (crypto_pk_get_digest(cert->signing_key, d)<0)
345 return -1;
346 if (memcmp(voter->signing_key_digest, d, DIGEST_LEN))
347 return -1;
348 signed_digest_len = crypto_pk_keysize(cert->signing_key);
349 signed_digest = tor_malloc(signed_digest_len);
350 if (crypto_pk_public_checksig(cert->signing_key,
351 signed_digest,
352 voter->signature,
353 voter->signature_len) != DIGEST_LEN ||
354 memcmp(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) {
355 log_warn(LD_DIR, "Got a bad signature on a networkstatus vote");
356 voter->bad_signature = 1;
357 } else {
358 voter->good_signature = 1;
359 }
360 tor_free(signed_digest);
361 return 0;
362 }
363
364 /** Given a v3 networkstatus consensus in <b>consensus</b>, check every
365 * as-yet-unchecked signature on <b>consensus</b>. Return 1 if there is a
366 * signature from every recognized authority on it, 0 if there are
367 * enough good signatures from recognized authorities on it, -1 if we might
368 * get enough good signatures by fetching missing certificates, and -2
369 * otherwise. Log messages at INFO or WARN: if <b>warn</b> is over 1, warn
370 * about every problem; if warn is at least 1, warn only if we can't get
371 * enough signatures; if warn is negative, log nothing at all. */
372 int
373 networkstatus_check_consensus_signature(networkstatus_t *consensus,
374 int warn)
375 {
376 int n_good = 0;
377 int n_missing_key = 0;
378 int n_bad = 0;
379 int n_unknown = 0;
380 int n_no_signature = 0;
381 int n_v3_authorities = get_n_authorities(V3_AUTHORITY);
382 int n_required = n_v3_authorities/2 + 1;
383 smartlist_t *need_certs_from = smartlist_create();
384 smartlist_t *unrecognized = smartlist_create();
385 smartlist_t *missing_authorities = smartlist_create();
386 int severity;
387
388 tor_assert(! consensus->is_vote);
389
390 SMARTLIST_FOREACH(consensus->voters, networkstatus_voter_info_t *, voter,
391 {
392 if (!voter->good_signature && !voter->bad_signature && voter->signature) {
393 /* we can try to check the signature. */
394 authority_cert_t *cert =
395 authority_cert_get_by_digests(voter->identity_digest,
396 voter->signing_key_digest);
397 if (! cert) {
398 if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest)) {
399 smartlist_add(unrecognized, voter);
400 ++n_unknown;
401 } else {
402 smartlist_add(need_certs_from, voter);
403 ++n_missing_key;
404 }
405 continue;
406 }
407 if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) {
408 smartlist_add(need_certs_from, voter);
409 ++n_missing_key;
410 continue;
411 }
412 }
413 if (voter->good_signature)
414 ++n_good;
415 else if (voter->bad_signature)
416 ++n_bad;
417 else
418 ++n_no_signature;
419 });
420
421 /* Now see whether we're missing any voters entirely. */
422 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
423 trusted_dir_server_t *, ds,
424 {
425 if ((ds->type & V3_AUTHORITY) &&
426 !networkstatus_get_voter_by_id(consensus, ds->v3_identity_digest))
427 smartlist_add(missing_authorities, ds);
428 });
429
430 if (warn > 1 || (warn >= 0 && n_good < n_required))
431 severity = LOG_WARN;
432 else
433 severity = LOG_INFO;
434
435 if (warn >= 0) {
436 SMARTLIST_FOREACH(unrecognized, networkstatus_voter_info_t *, voter,
437 {
438 log_info(LD_DIR, "Consensus includes unrecognized authority '%s' "
439 "at %s:%d (contact %s; identity %s)",
440 voter->nickname, voter->address, (int)voter->dir_port,
441 voter->contact?voter->contact:"n/a",
442 hex_str(voter->identity_digest, DIGEST_LEN));
443 });
444 SMARTLIST_FOREACH(need_certs_from, networkstatus_voter_info_t *, voter,
445 {
446 log_info(LD_DIR, "Looks like we need to download a new certificate "
447 "from authority '%s' at %s:%d (contact %s; identity %s)",
448 voter->nickname, voter->address, (int)voter->dir_port,
449 voter->contact?voter->contact:"n/a",
450 hex_str(voter->identity_digest, DIGEST_LEN));
451 });
452 SMARTLIST_FOREACH(missing_authorities, trusted_dir_server_t *, ds,
453 {
454 log(severity, LD_DIR, "Consensus does not include configured "
455 "authority '%s' at %s:%d (identity %s)",
456 ds->nickname, ds->address, (int)ds->dir_port,
457 hex_str(ds->v3_identity_digest, DIGEST_LEN));
458 });
459 log(severity, LD_DIR,
460 "%d unknown, %d missing key, %d good, %d bad, %d no signature, "
461 "%d required", n_unknown, n_missing_key, n_good, n_bad,
462 n_no_signature, n_required);
463 }
464
465 smartlist_free(unrecognized);
466 smartlist_free(need_certs_from);
467 smartlist_free(missing_authorities);
468
469 if (n_good == n_v3_authorities)
470 return 1;
471 else if (n_good >= n_required)
472 return 0;
473 else if (n_good + n_missing_key >= n_required)
474 return -1;
475 else
476 return -2;
477 }
478
479 /** Helper: return a newly allocated string containing the name of the filename
480 * where we plan to cache the network status with the given identity digest. */
481 char *
482 networkstatus_get_cache_filename(const char *identity_digest)
483 {
484 char fp[HEX_DIGEST_LEN+1];
485 base16_encode(fp, HEX_DIGEST_LEN+1, identity_digest, DIGEST_LEN);
486 return get_datadir_fname2("cached-status", fp);
487 }
488
489 /** Helper for smartlist_sort: Compare two networkstatus objects by
490 * publication date. */
491 static int
492 _compare_networkstatus_v2_published_on(const void **_a, const void **_b)
493 {
494 const networkstatus_v2_t *a = *_a, *b = *_b;
495 if (a->published_on < b->published_on)
496 return -1;
497 else if (a->published_on > b->published_on)
498 return 1;
499 else
500 return 0;
501 }
502
503 /** Add the parsed v2 networkstatus in <b>ns</b> (with original document in
504 * <b>s</b>) to the disk cache (and the in-memory directory server cache) as
505 * appropriate. */
506 static int
507 add_networkstatus_to_cache(const char *s,
508 networkstatus_source_t source,
509 networkstatus_v2_t *ns)
510 {
511 if (source != NS_FROM_CACHE) {
512 char *fn = networkstatus_get_cache_filename(ns->identity_digest);
513 if (write_str_to_file(fn, s, 0)<0) {
514 log_notice(LD_FS, "Couldn't write cached network status to \"%s\"", fn);
515 }
516 tor_free(fn);
517 }
518
519 if (directory_caches_v2_dir_info(get_options()))
520 dirserv_set_cached_networkstatus_v2(s,
521 ns->identity_digest,
522 ns->published_on);
523
524 return 0;
525 }
526
527 /** How far in the future do we allow a network-status to get before removing
528 * it? (seconds) */
529 #define NETWORKSTATUS_ALLOW_SKEW (24*60*60)
530
531 /** Given a string <b>s</b> containing a network status that we received at
532 * <b>arrived_at</b> from <b>source</b>, try to parse it, see if we want to
533 * store it, and put it into our cache as necessary.
534 *
535 * If <b>source</b> is NS_FROM_DIR or NS_FROM_CACHE, do not replace our
536 * own networkstatus_t (if we're an authoritative directory server).
537 *
538 * If <b>source</b> is NS_FROM_CACHE, do not write our networkstatus_t to the
539 * cache.
540 *
541 * If <b>requested_fingerprints</b> is provided, it must contain a list of
542 * uppercased identity fingerprints. Do not update any networkstatus whose
543 * fingerprint is not on the list; after updating a networkstatus, remove its
544 * fingerprint from the list.
545 *
546 * Return 0 on success, -1 on failure.
547 *
548 * Callers should make sure that routers_update_all_from_networkstatus() is
549 * invoked after this function succeeds.
550 */
551 int
552 router_set_networkstatus_v2(const char *s, time_t arrived_at,
553 networkstatus_source_t source, smartlist_t *requested_fingerprints)
554 {
555 networkstatus_v2_t *ns;
556 int i, found;
557 time_t now;
558 int skewed = 0;
559 trusted_dir_server_t *trusted_dir = NULL;
560 const char *source_desc = NULL;
561 char fp[HEX_DIGEST_LEN+1];
562 char published[ISO_TIME_LEN+1];
563
564 if (!directory_caches_v2_dir_info(get_options()))
565 return 0; /* Don't bother storing it. */
566
567 ns = networkstatus_v2_parse_from_string(s);
568 if (!ns) {
569 log_warn(LD_DIR, "Couldn't parse network status.");
570 return -1;
571 }
572 base16_encode(fp, HEX_DIGEST_LEN+1, ns->identity_digest, DIGEST_LEN);
573 if (!(trusted_dir =
574 router_get_trusteddirserver_by_digest(ns->identity_digest)) ||
575 !(trusted_dir->type & V2_AUTHORITY)) {
576 log_info(LD_DIR, "Network status was signed, but not by an authoritative "
577 "directory we recognize.");
578 source_desc = fp;
579 } else {
580 source_desc = trusted_dir->description;
581 }
582 now = time(NULL);
583 if (arrived_at > now)
584 arrived_at = now;
585
586 ns->received_on = arrived_at;
587
588 format_iso_time(published, ns->published_on);
589
590 if (ns->published_on > now + NETWORKSTATUS_ALLOW_SKEW) {
591 char dbuf[64];
592 long delta = now - ns->published_on;
593 format_time_interval(dbuf, sizeof(dbuf), delta);
594 log_warn(LD_GENERAL, "Network status from %s was published %s in the "
595 "future (%s GMT). Check your time and date settings! "
596 "Not caching.",
597 source_desc, dbuf, published);
598 control_event_general_status(LOG_WARN,
599 "CLOCK_SKEW MIN_SKEW=%ld SOURCE=NETWORKSTATUS:%s:%d",
600 delta, ns->source_address, ns->source_dirport);
601 skewed = 1;
602 }
603
604 if (!networkstatus_v2_list)
605 networkstatus_v2_list = smartlist_create();
606
607 if ( (source == NS_FROM_DIR_BY_FP || source == NS_FROM_DIR_ALL) &&
608 router_digest_is_me(ns->identity_digest)) {
609 /* Don't replace our own networkstatus when we get it from somebody else.*/
610 networkstatus_v2_free(ns);
611 return 0;
612 }
613
614 if (requested_fingerprints) {
615 if (smartlist_string_isin(requested_fingerprints, fp)) {
616 smartlist_string_remove(requested_fingerprints, fp);
617 } else {
618 if (source != NS_FROM_DIR_ALL) {
619 char *requested =
620 smartlist_join_strings(requested_fingerprints," ",0,NULL);
621 log_warn(LD_DIR,
622 "We received a network status with a fingerprint (%s) that we "
623 "never requested. (We asked for: %s.) Dropping.",
624 fp, requested);
625 tor_free(requested);
626 return 0;
627 }
628 }
629 }
630
631 if (!trusted_dir) {
632 if (!skewed) {
633 /* We got a non-trusted networkstatus, and we're a directory cache.
634 * This means that we asked an authority, and it told us about another
635 * authority we didn't recognize. */
636 log_info(LD_DIR,
637 "We do not recognize authority (%s) but we are willing "
638 "to cache it.", fp);
639 add_networkstatus_to_cache(s, source, ns);
640 networkstatus_v2_free(ns);
641 }
642 return 0;
643 }
644
645 found = 0;
646 for (i=0; i < smartlist_len(networkstatus_v2_list); ++i) {
647 networkstatus_v2_t *old_ns = smartlist_get(networkstatus_v2_list, i);
648
649 if (!memcmp(old_ns->identity_digest, ns->identity_digest, DIGEST_LEN)) {
650 if (!memcmp(old_ns->networkstatus_digest,
651 ns->networkstatus_digest, DIGEST_LEN)) {
652 /* Same one we had before. */
653 networkstatus_v2_free(ns);
654 tor_assert(trusted_dir);
655 log_info(LD_DIR,
656 "Not replacing network-status from %s (published %s); "
657 "we already have it.",
658 trusted_dir->description, published);
659 if (old_ns->received_on < arrived_at) {
660 if (source != NS_FROM_CACHE) {
661 char *fn;
662 fn = networkstatus_get_cache_filename(old_ns->identity_digest);
663 /* We use mtime to tell when it arrived, so update that. */
664 touch_file(fn);
665 tor_free(fn);
666 }
667 old_ns->received_on = arrived_at;
668 }
669 download_status_failed(&trusted_dir->v2_ns_dl_status, 0);
670 return 0;
671 } else if (old_ns->published_on >= ns->published_on) {
672 char old_published[ISO_TIME_LEN+1];
673 format_iso_time(old_published, old_ns->published_on);
674 tor_assert(trusted_dir);
675 log_info(LD_DIR,
676 "Not replacing network-status from %s (published %s);"
677 " we have a newer one (published %s) for this authority.",
678 trusted_dir->description, published,
679 old_published);
680 networkstatus_v2_free(ns);
681 download_status_failed(&trusted_dir->v2_ns_dl_status, 0);
682 return 0;
683 } else {
684 networkstatus_v2_free(old_ns);
685 smartlist_set(networkstatus_v2_list, i, ns);
686 found = 1;
687 break;
688 }
689 }
690 }
691
692 if (source != NS_FROM_CACHE && trusted_dir) {
693 download_status_reset(&trusted_dir->v2_ns_dl_status);
694 }
695
696 if (!found)
697 smartlist_add(networkstatus_v2_list, ns);
698
699 SMARTLIST_FOREACH(ns->entries, routerstatus_t *, rs,
700 {
701 if (!router_get_by_descriptor_digest(rs->descriptor_digest))
702 rs->need_to_mirror = 1;
703 });
704
705 log_info(LD_DIR, "Setting networkstatus %s %s (published %s)",
706 source == NS_FROM_CACHE?"cached from":
707 ((source == NS_FROM_DIR_BY_FP || source == NS_FROM_DIR_ALL) ?
708 "downloaded from":"generated for"),
709 trusted_dir->description, published);
710 networkstatus_v2_list_has_changed = 1;
711 router_dir_info_changed();
712
713 smartlist_sort(networkstatus_v2_list,
714 _compare_networkstatus_v2_published_on);
715
716 if (!skewed)
717 add_networkstatus_to_cache(s, source, ns);
718
719 return 0;
720 }
721
722 /** Remove all very-old network_status_t objects from memory and from the
723 * disk cache. */
724 void
725 networkstatus_v2_list_clean(time_t now)
726 {
727 int i;
728 if (!networkstatus_v2_list)
729 return;
730
731 for (i = 0; i < smartlist_len(networkstatus_v2_list); ++i) {
732 networkstatus_v2_t *ns = smartlist_get(networkstatus_v2_list, i);
733 char *fname = NULL;
734 if (ns->published_on + MAX_NETWORKSTATUS_AGE > now)
735 continue;
736 /* Okay, this one is too old. Remove it from the list, and delete it
737 * from the cache. */
738 smartlist_del(networkstatus_v2_list, i--);
739 fname = networkstatus_get_cache_filename(ns->identity_digest);
740 if (file_status(fname) == FN_FILE) {
741 log_info(LD_DIR, "Removing too-old networkstatus in %s", fname);
742 unlink(fname);
743 }
744 tor_free(fname);
745 if (directory_caches_v2_dir_info(get_options())) {
746 dirserv_set_cached_networkstatus_v2(NULL, ns->identity_digest, 0);
747 }
748 networkstatus_v2_free(ns);
749 router_dir_info_changed();
750 }
751
752 /* And now go through the directory cache for any cached untrusted
753 * networkstatuses and other network info. */
754 dirserv_clear_old_networkstatuses(now - MAX_NETWORKSTATUS_AGE);
755 dirserv_clear_old_v1_info(now);
756 }
757
758 /** Helper for bsearching a list of routerstatus_t pointers: compare a
759 * digest in the key to the identity digest of a routerstatus_t. */
760 static int
761 _compare_digest_to_routerstatus_entry(const void *_key, const void **_member)
762 {
763 const char *key = _key;
764 const routerstatus_t *rs = *_member;
765 return memcmp(key, rs->identity_digest, DIGEST_LEN);
766 }
767
768 /** Return the entry in <b>ns</b> for the identity digest <b>digest</b>, or
769 * NULL if none was found. */
770 routerstatus_t *
771 networkstatus_v2_find_entry(networkstatus_v2_t *ns, const char *digest)
772 {
773 return smartlist_bsearch(ns->entries, digest,
774 _compare_digest_to_routerstatus_entry);
775 }
776
777 /** Return the entry in <b>ns</b> for the identity digest <b>digest</b>, or
778 * NULL if none was found. */
779 routerstatus_t *
780 networkstatus_vote_find_entry(networkstatus_t *ns, const char *digest)
781 {
782 return smartlist_bsearch(ns->routerstatus_list, digest,
783 _compare_digest_to_routerstatus_entry);
784 }
785
786 /*XXXX make this static once functions are moved into this file. */
787 /** DOCDOC */
788 int
789 networkstatus_vote_find_entry_idx(networkstatus_t *ns,
790 const char *digest, int *found_out)
791 {
792 return smartlist_bsearch_idx(ns->routerstatus_list, digest,
793 _compare_digest_to_routerstatus_entry,
794 found_out);
795 }
796
797 /** Return a list of the v2 networkstatus documents. */
798 const smartlist_t *
799 networkstatus_get_v2_list(void)
800 {
801 if (!networkstatus_v2_list)
802 networkstatus_v2_list = smartlist_create();
803 return networkstatus_v2_list;
804 }
805
806 /** Return the consensus view of the status of the router whose current
807 * <i>descriptor</i> digest is <b>digest</b>, or NULL if no such router is
808 * known. */
809 routerstatus_t *
810 router_get_consensus_status_by_descriptor_digest(const char *digest)
811 {
812 if (!current_consensus) return NULL;
813 if (!current_consensus->desc_digest_map) {
814 digestmap_t * m = current_consensus->desc_digest_map = digestmap_new();
815 SMARTLIST_FOREACH(current_consensus->routerstatus_list,
816 routerstatus_t *, rs,
817 {
818 digestmap_set(m, rs->descriptor_digest, rs);
819 });
820 }
821 return digestmap_get(current_consensus->desc_digest_map, digest);
822 }
823
824 /** Given the digest of a router descriptor, return its current download
825 * status, or NULL if the digest is unrecognized. */
826 download_status_t *
827 router_get_dl_status_by_descriptor_digest(const char *d)
828 {
829 routerstatus_t *rs;
830 if ((rs = router_get_consensus_status_by_descriptor_digest(d)))
831 return &rs->dl_status;
832 if (v2_download_status_map)
833 return digestmap_get(v2_download_status_map, d);
834
835 return NULL;
836 }
837
838 /** Return the consensus view of the status of the router whose identity
839 * digest is <b>digest</b>, or NULL if we don't know about any such router. */
840 routerstatus_t *
841 router_get_consensus_status_by_id(const char *digest)
842 {
843 if (!current_consensus)
844 return NULL;
845 return smartlist_bsearch(current_consensus->routerstatus_list, digest,
846 _compare_digest_to_routerstatus_entry);
847 }
848
849 /** Given a nickname (possibly verbose, possibly a hexadecimal digest), return
850 * the corresponding routerstatus_t, or NULL if none exists. Warn the
851 * user if <b>warn_if_unnamed</b> is set, and they have specified a router by
852 * nickname, but the Named flag isn't set for that router. */
853 routerstatus_t *
854 router_get_consensus_status_by_nickname(const char *nickname,
855 int warn_if_unnamed)
856 {
857 char digest[DIGEST_LEN];
858 routerstatus_t *best=NULL;
859 smartlist_t *matches=NULL;
860 const char *named_id=NULL;
861
862 if (!current_consensus || !nickname)
863 return NULL;
864
865 if (nickname[0] == '$') {
866 if (base16_decode(digest, DIGEST_LEN, nickname+1, strlen(nickname+1))<0)
867 return NULL;
868 return networkstatus_vote_find_entry(current_consensus, digest);
869 } else if (strlen(nickname) == HEX_DIGEST_LEN &&
870 (base16_decode(digest, DIGEST_LEN, nickname, strlen(nickname))==0)) {
871 return networkstatus_vote_find_entry(current_consensus, digest);
872 }
873
874 if (named_server_map)
875 named_id = strmap_get_lc(named_server_map, nickname);
876 if (named_id)
877 return networkstatus_vote_find_entry(current_consensus, named_id);
878
879 if (unnamed_server_map &&
880 strmap_get_lc(unnamed_server_map, nickname))
881 return NULL; /* XXXX020 should we warn? */
882
883 /*XXXX020 is this behavior really what we want? */
884 matches = smartlist_create();
885 SMARTLIST_FOREACH(current_consensus->routerstatus_list,
886 routerstatus_t *, lrs,
887 {
888 if (!strcasecmp(lrs->nickname, nickname)) {
889 if (lrs->is_named) {
890 tor_fragile_assert() /* This should never happen. */
891 smartlist_free(matches);
892 return lrs;
893 } else {
894 if (lrs->is_unnamed) {
895 tor_fragile_assert(); /* nor should this. */
896 smartlist_clear(matches);
897 best=NULL;
898 break;
899 }
900 smartlist_add(matches, lrs);
901 best = lrs;
902 }
903 }
904 });
905
906 if (smartlist_len(matches)>1 && warn_if_unnamed) {
907 int any_unwarned=0;
908 SMARTLIST_FOREACH(matches, routerstatus_t *, lrs,
909 {
910 if (! lrs->name_lookup_warned) {
911 lrs->name_lookup_warned=1;
912 any_unwarned=1;
913 }
914 });
915 if (any_unwarned) {
916 log_warn(LD_CONFIG,"There are multiple matches for the nickname \"%s\","
917 " but none is listed as named by the directory authorites. "
918 "Choosing one arbitrarily.", nickname);
919 }
920 } else if (warn_if_unnamed && best && !best->name_lookup_warned) {
921 char fp[HEX_DIGEST_LEN+1];
922 base16_encode(fp, sizeof(fp),
923 best->identity_digest, DIGEST_LEN);
924 log_warn(LD_CONFIG,
925 "When looking up a status, you specified a server \"%s\" by name, "
926 "but the directory authorities do not have any key registered for "
927 "this nickname -- so it could be used by any server, "
928 "not just the one you meant. "
929 "To make sure you get the same server in the future, refer to "
930 "it by key, as \"$%s\".", nickname, fp);
931 best->name_lookup_warned = 1;
932 }
933 smartlist_free(matches);
934 return best;
935 }
936
937 /** Return the identity digest that's mapped to officially by
938 * <b>nickname</b>. */
939 const char *
940 networkstatus_get_router_digest_by_nickname(const char *nickname)
941 {
942 if (!named_server_map)
943 return NULL;
944 return strmap_get_lc(named_server_map, nickname);
945 }
946
947 /** DOCDOC */
948 int
949 networkstatus_nickname_is_unnamed(const char *nickname)
950 {
951 if (!unnamed_server_map)
952 return 0;
953 return strmap_get_lc(unnamed_server_map, nickname) != NULL;
954 }
955
956 /** How frequently do directory authorities re-download fresh networkstatus
957 * documents? */
958 #define AUTHORITY_NS_CACHE_INTERVAL (10*60)
959
960 /** How frequently do non-authority directory caches re-download fresh
961 * networkstatus documents? */
962 #define NONAUTHORITY_NS_CACHE_INTERVAL (60*60)
963
964 /** We are a directory server, and so cache network_status documents.
965 * Initiate downloads as needed to update them. For v2 authorities,
966 * this means asking each trusted directory for its network-status.
967 * For caches, this means asking a random v2 authority for all
968 * network-statuses.
969 */
970 static void
971 update_v2_networkstatus_cache_downloads(time_t now)
972 {
973 int authority = authdir_mode_v2(get_options());
974 int interval =
975 authority ? AUTHORITY_NS_CACHE_INTERVAL : NONAUTHORITY_NS_CACHE_INTERVAL;
976 const smartlist_t *trusted_dir_servers = router_get_trusted_dir_servers();
977
978 if (last_networkstatus_download_attempted + interval >= now)
979 return;
980
981 last_networkstatus_download_attempted = now;
982
983 if (authority) {
984 /* An authority launches a separate connection for everybody. */
985 SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ds,
986 {
987 char resource[HEX_DIGEST_LEN+6]; /* fp/hexdigit.z\0 */
988 if (!(ds->type & V2_AUTHORITY))
989 continue;
990 if (router_digest_is_me(ds->digest))
991 continue;
992 if (connection_get_by_type_addr_port_purpose(
993 CONN_TYPE_DIR, ds->addr, ds->dir_port,
994 DIR_PURPOSE_FETCH_NETWORKSTATUS)) {
995 /* XXX020 the above dir_port won't be accurate if we're
996 * doing a tunneled conn. In that case it should be or_port.
997 * How to guess from here? Maybe make the function less general
998 * and have it know that it's looking for dir conns. -RD */
999 /* We are already fetching this one. */
1000 continue;
1001 }
1002 strlcpy(resource, "fp/", sizeof(resource));
1003 base16_encode(resource+3, sizeof(resource)-3, ds->digest, DIGEST_LEN);
1004 strlcat(resource, ".z", sizeof(resource));
1005 directory_initiate_command_routerstatus(
1006 &ds->fake_status, DIR_PURPOSE_FETCH_NETWORKSTATUS,
1007 ROUTER_PURPOSE_GENERAL,
1008 0, /* Not private */
1009 resource,
1010 NULL, 0 /* No payload. */,
1011 0 /* No I-M-S. */);
1012 });
1013 } else {
1014 /* A non-authority cache launches one connection to a random authority. */
1015 /* (Check whether we're currently fetching network-status objects.) */
1016 if (!connection_get_by_type_purpose(CONN_TYPE_DIR,
1017 DIR_PURPOSE_FETCH_NETWORKSTATUS))
1018 directory_get_from_dirserver(DIR_PURPOSE_FETCH_NETWORKSTATUS,
1019 ROUTER_PURPOSE_GENERAL, "all.z",1);
1020 }
1021 }
1022
1023 /**DOCDOC*/
1024 #define CONSENSUS_NETWORKSTATUS_MAX_DL_TRIES 8
1025 /**DOCDOC*/
1026 #define DELAY_WHILE_FETCHING_CERTS (20*60)
1027
1028 /** If we want to download a fresh consensus, launch a new download as
1029 * appropriate. */
1030 static void
1031 update_consensus_networkstatus_downloads(time_t now)
1032 {
1033 or_options_t *options = get_options();
1034 if (!networkstatus_get_live_consensus(now))
1035 time_to_download_next_consensus = now; /* No live consensus? Get one now!*/
1036 if (time_to_download_next_consensus > now)
1037 return; /* Wait until the current consensus is older. */
1038 if (authdir_mode_v3(options))
1039 return; /* Authorities never fetch a consensus */
1040 if (!download_status_is_ready(&consensus_dl_status, now,
1041 CONSENSUS_NETWORKSTATUS_MAX_DL_TRIES))
1042 return; /* We failed downloading a consensus too recently. */
1043 if (connection_get_by_type_purpose(CONN_TYPE_DIR,
1044 DIR_PURPOSE_FETCH_CONSENSUS))
1045 return; /* There's an in-progress download.*/
1046
1047 if (consensus_waiting_for_certs) {
1048 if (consensus_waiting_for_certs_set_at + DELAY_WHILE_FETCHING_CERTS > now)
1049 return; /* We're still getting certs for this one. */
1050 else {
1051 if (!consensus_waiting_for_certs_dl_failed) {
1052 download_status_failed(&consensus_dl_status, 0);
1053 consensus_waiting_for_certs_dl_failed=1;
1054 }
1055 }
1056 }
1057
1058 log_info(LD_DIR, "Launching networkstatus consensus download.");
1059 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CONSENSUS,
1060 ROUTER_PURPOSE_GENERAL, NULL, 1);
1061 }
1062
1063 /** Called when an attempt to download a consensus fails: note that the
1064 * failure occurred, and possibly retry. */
1065 void
1066 networkstatus_consensus_download_failed(int status_code)
1067 {
1068 download_status_failed(&consensus_dl_status, status_code);
1069 /* Retry immediately, if appropriate. */
1070 update_consensus_networkstatus_downloads(time(NULL));
1071 }
1072
1073 /**DOCDOC*/
1074 #define CONSENSUS_MIN_SECONDS_BEFORE_CACHING 120
1075
1076 /** Update the time at which we'll consider replacing the current
1077 * consensus. */
1078 void
1079 update_consensus_networkstatus_fetch_time(time_t now)
1080 {
1081 or_options_t *options = get_options();
1082 networkstatus_t *c = networkstatus_get_live_consensus(now);
1083 if (c) {
1084 long dl_interval;
1085 long interval = c->fresh_until - c->valid_after;
1086 time_t start;
1087 if (directory_fetches_dir_info_early(options)) {
1088 /* We want to cache the next one at some point after this one
1089 * is no longer fresh... */
1090 start = c->fresh_until + CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
1091 /* But only in the first half-interval after that. */
1092 dl_interval = interval/2;
1093 } else {
1094 /* We're an ordinary client or a bridge. Give all the caches enough
1095 * time to download the consensus. */
1096 start = c->fresh_until + (interval*3)/4;
1097 /* But download the next one well before this one is expired. */
1098 dl_interval = ((c->valid_until - start) * 7 )/ 8;
1099
1100 /* If we're a bridge user, make use of the numbers we just computed
1101 * to choose the rest of the interval *after* them. */
1102 if (directory_fetches_dir_info_later(options)) {
1103 /* Give all the *clients* enough time to download the consensus. */
1104 start = start + dl_interval + CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
1105 /* But try to get it before ours actually expires. */
1106 dl_interval = (c->valid_until - start) -
1107 CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
1108 }
1109 }
1110 if (dl_interval < 1)
1111 dl_interval = 1;
1112 /* We must not try to replace c while it's still the most valid: */
1113 tor_assert(c->fresh_until < start);
1114 /* We must download the next one before c is invalid: */
1115 tor_assert(start+dl_interval < c->valid_until);
1116 time_to_download_next_consensus = start + crypto_rand_int(dl_interval);
1117 {
1118 char tbuf1[ISO_TIME_LEN+1];
1119 char tbuf2[ISO_TIME_LEN+1];
1120 char tbuf3[ISO_TIME_LEN+1];
1121 format_local_iso_time(tbuf1, c->fresh_until);
1122 format_local_iso_time(tbuf2, c->valid_until);
1123 format_local_iso_time(tbuf3, time_to_download_next_consensus);
1124 log_info(LD_DIR, "Live consensus %s the most recent until %s and will "
1125 "expire at %s; fetching the next one at %s.",
1126 (c->fresh_until > now) ? "will be" : "was",
1127 tbuf1, tbuf2, tbuf3);
1128 }
1129 } else {
1130 time_to_download_next_consensus = now;
1131 log_info(LD_DIR, "No live consensus; we should fetch one immediately.");
1132 }
1133
1134 }
1135
1136 /** Return 1 if there's a reason we shouldn't try any directory
1137 * fetches yet (e.g. we demand bridges and none are yet known).
1138 * Else return 0. */
1139 int
1140 should_delay_dir_fetches(or_options_t *options)
1141 {
1142 if (options->UseBridges && !any_bridge_descriptors_known()) {
1143 log_info(LD_DIR, "delaying dir fetches (no running bridges known)");
1144 return 1;
1145 }
1146 return 0;
1147 }
1148
1149 /** Launch requests for networkstatus documents and authority certificates as
1150 * appropriate. */
1151 void
1152 update_networkstatus_downloads(time_t now)
1153 {
1154 or_options_t *options = get_options();
1155 if (should_delay_dir_fetches(options))
1156 return;
1157 if (directory_fetches_dir_info_early(options))
1158 update_v2_networkstatus_cache_downloads(now);
1159 update_consensus_networkstatus_downloads(now);
1160 update_certificate_downloads(now);
1161 }
1162
1163 /**DOCDOC */
1164 void
1165 update_certificate_downloads(time_t now)
1166 {
1167 if (consensus_waiting_for_certs)
1168 authority_certs_fetch_missing(consensus_waiting_for_certs, now);
1169 else
1170 authority_certs_fetch_missing(current_consensus, now);
1171 }
1172
1173 /** Return the network status with a given identity digest. */
1174 networkstatus_v2_t *
1175 networkstatus_v2_get_by_digest(const char *digest)
1176 {
1177 SMARTLIST_FOREACH(networkstatus_v2_list, networkstatus_v2_t *, ns,
1178 {
1179 if (!memcmp(ns->identity_digest, digest, DIGEST_LEN))
1180 return ns;
1181 });
1182 return NULL;
1183 }
1184
1185 /** Return the most recent consensus that we have downloaded, or NULL if we
1186 * don't have one. */
1187 networkstatus_t *
1188 networkstatus_get_latest_consensus(void)
1189 {
1190 return current_consensus;
1191 }
1192
1193 /** Return the most recent consensus that we have downloaded, or NULL if it is
1194 * no longer live. */
1195 networkstatus_t *
1196 networkstatus_get_live_consensus(time_t now)
1197 {
1198 if (current_consensus &&
1199 current_consensus->valid_after <= now &&
1200 now <= current_consensus->valid_until)
1201 return current_consensus;
1202 else
1203 return NULL;
1204 }
1205
1206 /* XXXX020 remove this in favor of get_live_consensus. But actually,
1207 * leave something like it for bridge users, who need to not totally
1208 * lose if they spend a while fetching a new consensus. */
1209 networkstatus_t *
1210 networkstatus_get_reasonably_live_consensus(time_t now)
1211 {
1212 #define REASONABLY_LIVE_TIME (24*60*60)
1213 if (current_consensus &&
1214 current_consensus->valid_after <= now &&
1215 now <= current_consensus->valid_until+REASONABLY_LIVE_TIME)
1216 return current_consensus;
1217 else
1218 return NULL;
1219 }
1220
1221 /** Given two router status entries for the same router identity, return 1 if
1222 * if the contents have changed between them. Otherwise, return 0. */
1223 static int
1224 routerstatus_has_changed(const routerstatus_t *a, const routerstatus_t *b)
1225 {
1226 tor_assert(!memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN));
1227
1228 return strcmp(a->nickname, b->nickname) ||
1229 memcmp(a->descriptor_digest, b->descriptor_digest, DIGEST_LEN) ||
1230 a->addr != b->addr ||
1231 a->or_port != b->or_port ||
1232 a->dir_port != b->dir_port ||
1233 a->is_authority != b->is_authority ||
1234 a->is_exit != b->is_exit ||
1235 a->is_stable != b->is_stable ||
1236 a->is_fast != b->is_fast ||
1237 a->is_running != b->is_running ||
1238 a->is_named != b->is_named ||
1239 a->is_unnamed != b->is_unnamed ||
1240 a->is_valid != b->is_valid ||
1241 a->is_v2_dir != b->is_v2_dir ||
1242 a->is_possible_guard != b->is_possible_guard ||
1243 a->is_bad_exit != b->is_bad_exit ||
1244 a->is_bad_directory != b->is_bad_directory ||
1245 a->is_hs_dir != b->is_hs_dir ||
1246 a->version_known != b->version_known ||
1247 a->version_supports_begindir != b->version_supports_begindir ||
1248 a->version_supports_extrainfo_upload !=
1249 b->version_supports_extrainfo_upload ||
1250 a->version_supports_v3_dir != b->version_supports_v3_dir;
1251 }
1252
1253 /** Notify controllers of any router status entries that changed between
1254 * <b>old_c</b> and <b>new_c</b>. */
1255 static void
1256 notify_control_networkstatus_changed(const networkstatus_t *old_c,
1257 const networkstatus_t *new_c)
1258 {
1259 int idx = 0;
1260 int old_remain = old_c && smartlist_len(old_c->routerstatus_list);
1261 const routerstatus_t *rs_old = NULL;
1262 smartlist_t *changed;
1263 if (old_c == new_c)
1264 return;
1265 changed = smartlist_create();
1266 if (old_remain)
1267 rs_old = smartlist_get(old_c->routerstatus_list, idx);
1268
1269 SMARTLIST_FOREACH(new_c->routerstatus_list, routerstatus_t *, rs_new,
1270 {
1271 if (!old_remain) {
1272 smartlist_add(changed, rs_new);
1273 } else {
1274 int r;
1275 while ((r = memcmp(rs_old->identity_digest, rs_new->identity_digest,
1276 DIGEST_LEN)) < 0) {
1277 if (++idx == smartlist_len(old_c->routerstatus_list)) {
1278 old_remain = 0;
1279 break;
1280 }
1281 rs_old = smartlist_get(old_c->routerstatus_list, idx);
1282 }
1283 if (r || (!r && routerstatus_has_changed(rs_old, rs_new)))
1284 smartlist_add(changed, rs_new);
1285 }
1286 });
1287
1288 control_event_networkstatus_changed(changed);
1289 smartlist_free(changed);
1290 }
1291
1292 /** Copy all the ancillary information (like router download status and so on)
1293 * from <b>old_c</b> to <b>new_c</b>. */
1294 static void
1295 networkstatus_copy_old_consensus_info(networkstatus_t *new_c,
1296 const networkstatus_t *old_c)
1297 {
1298 int idx = 0;
1299 const routerstatus_t *rs_old;
1300 if (old_c == new_c)
1301 return;
1302 if (!smartlist_len(old_c->routerstatus_list))
1303 return;
1304
1305 rs_old = smartlist_get(old_c->routerstatus_list, idx);
1306 SMARTLIST_FOREACH(new_c->routerstatus_list, routerstatus_t *, rs_new,
1307 {
1308 int r;
1309 while ((r = memcmp(rs_old->identity_digest, rs_new->identity_digest,
1310 DIGEST_LEN))<0) {
1311 if (++idx == smartlist_len(old_c->routerstatus_list))
1312 goto done;
1313 rs_old = smartlist_get(old_c->routerstatus_list, idx);
1314 }
1315 if (r>0)
1316 continue;
1317 tor_assert(r==0);
1318
1319 /* Okay, so we're looking at the same identity. */
1320 rs_new->name_lookup_warned = rs_old->name_lookup_warned;
1321 rs_new->last_dir_503_at = rs_old->last_dir_503_at;
1322
1323 if (!memcmp(rs_old->descriptor_digest, rs_new->descriptor_digest,
1324 DIGEST_LEN)) {
1325 /* And the same descriptor too! */
1326 memcpy(&rs_new->dl_status, &rs_old->dl_status,sizeof(download_status_t));
1327 }
1328 });
1329
1330 done:
1331 return;
1332 }
1333
1334 /** Try to replace the current cached v3 networkstatus with the one in
1335 * <b>consensus</b>. If we don't have enough certificates to validate it,
1336 * store it in consensus_waiting_for_certs and launch a certificate fetch.
1337 *
1338 * Return 0 on success, <0 on failure. On failure, caller should increment
1339 * the failure count as appropriate.
1340 *
1341 * We return -1 for mild failures that don't need to be reported to the
1342 * user, and -2 for more serious problems.
1343 */
1344 int
1345 networkstatus_set_current_consensus(const char *consensus, unsigned flags)
1346 {
1347 networkstatus_t *c;
1348 int r, result = -1;
1349 time_t now = time(NULL);
1350 char *unverified_fname = NULL, *consensus_fname = NULL;
1351 const unsigned from_cache = flags & NSSET_FROM_CACHE;
1352 const unsigned was_waiting_for_certs = flags & NSSET_WAS_WAITING_FOR_CERTS;
1353 const unsigned dl_certs = !(flags & NSSET_DONT_DOWNLOAD_CERTS);
1354
1355 /* Make sure it's parseable. */
1356 c = networkstatus_parse_vote_from_string(consensus, NULL, 0);
1357 if (!c) {
1358 log_warn(LD_DIR, "Unable to parse networkstatus consensus");
1359 result = -2;
1360 goto done;
1361 }
1362
1363 if (current_consensus &&
1364 !memcmp(c->networkstatus_digest, current_consensus->networkstatus_digest,
1365 DIGEST_LEN)) {
1366 /* We already have this one. That's a failure. */
1367 log_info(LD_DIR, "Got a consensus we already have");
1368 goto done;
1369 }
1370
1371 if (current_consensus && c->valid_after <= current_consensus->valid_after) {
1372 /* We have a newer one. There's no point in accepting this one,
1373 * even if it's great. */
1374 log_info(LD_DIR, "Got a consensus at least as old as the one we have");
1375 goto done;
1376 }
1377
1378 consensus_fname = get_datadir_fname("cached-consensus");
1379 unverified_fname = get_datadir_fname("unverified-consensus");
1380
1381 /* Make sure it's signed enough. */
1382 if ((r=networkstatus_check_consensus_signature(c, 1))<0) {
1383 if (r == -1) {
1384 /* Okay, so it _might_ be signed enough if we get more certificates. */
1385 if (!was_waiting_for_certs) {
1386 /* XXX020 eventually downgrade this log severity, or make it so
1387 * users know why they're being told. */
1388 log_notice(LD_DIR, "Not enough certificates to check networkstatus "
1389 "consensus");
1390 }
1391 if (!current_consensus ||
1392 c->valid_after > current_consensus->valid_after) {
1393 if (consensus_waiting_for_certs)
1394 networkstatus_vote_free(consensus_waiting_for_certs);
1395 tor_free(consensus_waiting_for_certs_body);
1396 consensus_waiting_for_certs = c;
1397 c = NULL; /* Prevent free. */
1398 consensus_waiting_for_certs_body = tor_strdup(consensus);
1399 consensus_waiting_for_certs_set_at = now;
1400 consensus_waiting_for_certs_dl_failed = 0;
1401 if (!from_cache) {
1402 write_str_to_file(unverified_fname, consensus, 0);
1403 }
1404 if (dl_certs)
1405 authority_certs_fetch_missing(c, now);
1406 /* This case is not a success or a failure until we get the certs
1407 * or fail to get the certs. */
1408 result = 0;
1409 } else {
1410 /* Even if we had enough signatures, we'd never use this as the
1411 * latest consensus. */
1412 if (was_waiting_for_certs && from_cache)
1413 unlink(unverified_fname);
1414 }
1415 goto done;
1416 } else {
1417 /* This can never be signed enough: Kill it. */
1418 if (!was_waiting_for_certs) {
1419 log_warn(LD_DIR, "Not enough good signatures on networkstatus "
1420 "consensus");
1421 result = -2;
1422 }
1423 if (was_waiting_for_certs && (r < -1) && from_cache)
1424 unlink(unverified_fname);
1425 goto done;
1426 }
1427 }
1428
1429 /* Are we missing any certificates at all? */
1430 if (r != 1 && dl_certs)
1431 authority_certs_fetch_missing(c, now);
1432
1433 if (control_event_is_interesting(EVENT_NS))
1434 notify_control_networkstatus_changed(current_consensus, c);
1435
1436 if (current_consensus) {
1437 networkstatus_copy_old_consensus_info(c, current_consensus);
1438 networkstatus_vote_free(current_consensus);
1439 }
1440
1441 if (consensus_waiting_for_certs &&
1442 consensus_waiting_for_certs->valid_after <= c->valid_after) {
1443 networkstatus_vote_free(consensus_waiting_for_certs);
1444 consensus_waiting_for_certs = NULL;
1445 if (consensus != consensus_waiting_for_certs_body)
1446 tor_free(consensus_waiting_for_certs_body);
1447 else
1448 consensus_waiting_for_certs_body = NULL;
1449 consensus_waiting_for_certs_set_at = 0;
1450 consensus_waiting_for_certs_dl_failed = 0;
1451 unlink(unverified_fname);
1452 }
1453
1454 /* Reset the failure count only if this consensus is actually valid. */
1455 if (c->valid_after <= now && now <= c->valid_until) {
1456 download_status_reset(&consensus_dl_status);
1457 } else {
1458 if (!from_cache)
1459 download_status_failed(&consensus_dl_status, 0);
1460 }
1461
1462 current_consensus = c;
1463 c = NULL; /* Prevent free. */
1464
1465 update_consensus_networkstatus_fetch_time(now);
1466 dirvote_recalculate_timing(get_options(), now);
1467 routerstatus_list_update_named_server_map();
1468
1469 if (!from_cache) {
1470 write_str_to_file(consensus_fname, consensus, 0);
1471 }
1472
1473 if (directory_caches_dir_info(get_options()))
1474 dirserv_set_cached_networkstatus_v3(consensus,
1475 current_consensus->valid_after);
1476
1477 if (ftime_definitely_before(now, current_consensus->valid_after)) {
1478 char tbuf[ISO_TIME_LEN+1];
1479 char dbuf[64];
1480 long delta = now - current_consensus->valid_after;
1481 format_iso_time(tbuf, current_consensus->valid_after);
1482 format_time_interval(dbuf, sizeof(dbuf), delta);
1483 log_warn(LD_GENERAL, "Our clock is %s behind the time published in the "
1484 "consensus network status document (%s GMT). Tor needs an "
1485 "accurate clock to work correctly. Please check your time and "
1486 "date settings!", dbuf, tbuf);
1487 control_event_general_status(LOG_WARN,
1488 "CLOCK_SKEW MIN_SKEW=%ld SOURCE=CONSENSUS", delta);
1489 }
1490
1491 router_dir_info_changed();
1492
1493 result = 0;
1494 done:
1495 if (c)
1496 networkstatus_vote_free(c);
1497 tor_free(consensus_fname);
1498 tor_free(unverified_fname);
1499 return result;
1500 }
1501
1502 /** Called when we have gotten more certificates: see whether we can
1503 * now verify a pending consensus. */
1504 void
1505 networkstatus_note_certs_arrived(void)
1506 {
1507 if (consensus_waiting_for_certs) {
1508 if (networkstatus_check_consensus_signature(
1509 consensus_waiting_for_certs, 0)>=0) {
1510 if (!networkstatus_set_current_consensus(
1511 consensus_waiting_for_certs_body,
1512 NSSET_WAS_WAITING_FOR_CERTS)) {
1513 tor_free(consensus_waiting_for_certs_body);
1514 }
1515 }
1516 }
1517 }
1518
1519 /** If the network-status list has changed since the last time we called this
1520 * function, update the status of every routerinfo from the network-status
1521 * list. If <b>dir_version</b> is 2, it's a v2 networkstatus that changed.
1522 * If <b>dir_version</b> is 3, it's a v3 consensus that changed.
1523 */
1524 void
1525 routers_update_all_from_networkstatus(time_t now, int dir_version)
1526 {
1527 routerinfo_t *me;
1528 routerlist_t *rl = router_get_routerlist();
1529 networkstatus_t *consensus = networkstatus_get_live_consensus(now);
1530 or_options_t *options = get_options();
1531
1532 if (networkstatus_v2_list_has_changed)
1533 download_status_map_update_from_v2_networkstatus();
1534
1535 if (!consensus || dir_version < 3) /* nothing more we should do */
1536 return;
1537
1538 /* More routers may be up or down now: we need to recalc whether there's
1539 * enough directory info. */
1540 router_dir_info_changed();
1541
1542 routers_update_status_from_consensus_networkstatus(rl->routers, 0);
1543 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri,
1544 ri->cache_info.routerlist_index = ri_sl_idx);
1545 if (rl->old_routers)
1546 signed_descs_update_status_from_consensus_networkstatus(rl->old_routers);
1547
1548 /* XXX020 these warnings don't help anymore; we should disable them -RD */
1549 me = router_get_my_routerinfo();
1550 if (me && !have_warned_about_invalid_status) {
1551 routerstatus_t *rs = networkstatus_vote_find_entry(consensus,
1552 me->cache_info.identity_digest);
1553
1554 if (!rs) {
1555 log_info(LD_GENERAL, "The latest consensus does not list us."
1556 "Are you misconfigured?");
1557 have_warned_about_invalid_status = 1;
1558 } else if (rs->is_unnamed) {
1559 /* Maybe upgrade this to notice? XXXX020 */
1560 log_info(LD_GENERAL, "The directory have assigned the nickname "
1561 "you're using (%s) to a different identity; you may want to "
1562 "choose a different nickname.", options->Nickname);
1563 have_warned_about_invalid_status = 1;
1564 } else if (!rs->is_named) {
1565 log_debug(LD_GENERAL, "The directory authorities do not currently "
1566 "recognize your nickname.");
1567 have_warned_about_invalid_status = 1;
1568 }
1569 }
1570
1571 if (!have_warned_about_old_version) {
1572 int is_server = server_mode(get_options());
1573 version_status_t status;
1574 const char *recommended = is_server ?
1575 consensus->server_versions : consensus->client_versions;
1576 status = tor_version_is_obsolete(VERSION, recommended);
1577
1578 if (status == VS_RECOMMENDED) {
1579 log_info(LD_GENERAL, "The directory authorities say my version is ok.");
1580 } else if (status == VS_EMPTY) {
1581 log_info(LD_GENERAL,
1582 "The directory authorities don't recommend any versions.");
1583 } else if (status == VS_NEW || status == VS_NEW_IN_SERIES) {
1584 if (!have_warned_about_new_version) {
1585 log_notice(LD_GENERAL, "This version of Tor (%s) is newer than any "
1586 "recommended version%s, according to the directory "
1587 "authorities. Recommended versions are: %s",
1588 VERSION,
1589 status == VS_NEW_IN_SERIES ? " in its series" : "",
1590 recommended);
1591 have_warned_about_new_version = 1;
1592 control_event_general_status(LOG_WARN, "DANGEROUS_VERSION "
1593 "CURRENT=%s REASON=%s RECOMMENDED=\"%s\"",
1594 VERSION, "NEW", recommended);
1595 }
1596 } else {
1597 log_warn(LD_GENERAL, "Please upgrade! "
1598 "This version of Tor (%s) is %s, according to the directory "
1599 "authorities. Recommended versions are: %s",
1600 VERSION,
1601 status == VS_OLD ? "obsolete" : "not recommended",
1602 recommended);
1603 have_warned_about_old_version = 1;
1604 control_event_general_status(LOG_WARN, "DANGEROUS_VERSION "
1605 "CURRENT=%s REASON=%s RECOMMENDED=\"%s\"",
1606 VERSION, status == VS_OLD ? "OBSOLETE" : "UNRECOMMENDED",
1607 recommended);
1608 }
1609 }
1610 }
1611
1612 /** Update v2_download_status_map to contain an entry for every router
1613 * descriptor listed in the v2 networkstatuses. */
1614 static void
1615 download_status_map_update_from_v2_networkstatus(void)
1616 {
1617 digestmap_t *dl_status;
1618 if (!networkstatus_v2_list)
1619 return;
1620 if (!v2_download_status_map)
1621 v2_download_status_map = digestmap_new();
1622
1623 dl_status = digestmap_new();
1624 SMARTLIST_FOREACH(networkstatus_v2_list, networkstatus_v2_t *, ns,
1625 {
1626 SMARTLIST_FOREACH(ns->entries, routerstatus_t *, rs,
1627 {
1628 const char *d = rs->descriptor_digest;
1629 download_status_t *s;
1630 if (digestmap_get(dl_status, d))
1631 continue;
1632 if (!(s = digestmap_remove(v2_download_status_map, d))) {
1633 s = tor_malloc_zero(sizeof(download_status_t));
1634 }
1635 digestmap_set(dl_status, d, s);
1636 });
1637 });
1638 digestmap_free(v2_download_status_map, _tor_free);
1639 v2_download_status_map = dl_status;
1640 networkstatus_v2_list_has_changed = 0;
1641 }
1642
1643 /** Update our view of the list of named servers from the most recently
1644 * retrieved networkstatus consensus. */
1645 static void
1646 routerstatus_list_update_named_server_map(void)
1647 {
1648 if (!current_consensus)
1649 return;
1650
1651 if (named_server_map)
1652 strmap_free(named_server_map, _tor_free);
1653 named_server_map = strmap_new();
1654 if (unnamed_server_map)
1655 strmap_free(unnamed_server_map, NULL);
1656 unnamed_server_map = strmap_new();
1657 SMARTLIST_FOREACH(current_consensus->routerstatus_list, routerstatus_t *, rs,
1658 {
1659 if (rs->is_named) {
1660 strmap_set_lc(named_server_map, rs->nickname,
1661 tor_memdup(rs->identity_digest, DIGEST_LEN));
1662 }
1663 if (rs->is_unnamed) {
1664 strmap_set_lc(unnamed_server_map, rs->nickname, (void*)1);
1665 }
1666 });
1667 }
1668
1669 /** Given a list <b>routers</b> of routerinfo_t *, update each status field
1670 * according to our current consensus networkstatus. May re-order
1671 * <b>routers</b>. */
1672 void
1673 routers_update_status_from_consensus_networkstatus(smartlist_t *routers,
1674 int reset_failures)
1675 {
1676 trusted_dir_server_t *ds;
1677 routerstatus_t *rs;
1678 or_options_t *options = get_options();
1679 int authdir = authdir_mode_v2(options) || authdir_mode_v3(options);
1680 int namingdir = authdir && options->NamingAuthoritativeDir;
1681 networkstatus_t *ns = current_consensus;
1682 int idx;
1683 if (!ns || !smartlist_len(ns->routerstatus_list))
1684 return;
1685
1686 routers_sort_by_identity(routers);
1687 /* Now routers and ns->routerstatus_list are both in ascending order
1688 * of identity digest. */
1689 idx = 0;
1690 rs = smartlist_get(ns->routerstatus_list, idx);
1691
1692 SMARTLIST_FOREACH(routers, routerinfo_t *, router,
1693 {
1694 const char *digest = router->cache_info.identity_digest;
1695 int r;
1696 while ((r = memcmp(rs->identity_digest, digest, DIGEST_LEN))<0) {
1697 if (++idx == smartlist_len(ns->routerstatus_list)) {
1698 /* We're out of routerstatuses. Bail. */
1699 goto done;
1700 }
1701 rs = smartlist_get(ns->routerstatus_list, idx);
1702 }
1703 if (r>0) {
1704 /* We have no routerstatus for this router. Clear flags and skip it. */
1705 if (!namingdir)
1706 router->is_named = 0;
1707 if (!authdir) {
1708 if (router->purpose == ROUTER_PURPOSE_GENERAL)
1709 router_clear_status_flags(router);
1710 }
1711 continue;
1712 }
1713 tor_assert(r==0);
1714
1715 ds = router_get_trusteddirserver_by_digest(digest);
1716
1717 if (!namingdir) {
1718 if (rs->is_named && !strcasecmp(router->nickname, rs->nickname))
1719 router->is_named = 1;
1720 else
1721 router->is_named = 0;
1722 }
1723 if (!memcmp(router->cache_info.signed_descriptor_digest,
1724 rs->descriptor_digest, DIGEST_LEN)) {
1725 if (ns->valid_until > router->cache_info.last_listed_as_valid_until)
1726 router->cache_info.last_listed_as_valid_until = ns->valid_until;
1727 }
1728
1729 if (!authdir) {
1730 /* If we're not an authdir, believe others. */
1731 router->is_valid = rs->is_valid;
1732 router->is_running = rs->is_running;
1733 router->is_fast = rs->is_fast;
1734 router->is_stable = rs->is_stable;
1735 router->is_possible_guard = rs->is_possible_guard;
1736 router->is_exit = rs->is_exit;
1737 router->is_bad_directory = rs->is_bad_directory;
1738 router->is_bad_exit = rs->is_bad_exit;
1739 router->is_hs_dir = rs->is_hs_dir;
1740 }
1741 if (router->is_running && ds) {
1742 download_status_reset(&ds->v2_ns_dl_status);
1743 }
1744 if (reset_failures) {
1745 download_status_reset(&rs->dl_status);
1746 }
1747 });
1748
1749 done:
1750 router_dir_info_changed();
1751 }
1752
1753 /**DOCDOC*/
1754 void
1755 signed_descs_update_status_from_consensus_networkstatus(smartlist_t *descs)
1756 {
1757 networkstatus_t *ns = current_consensus;
1758 if (!ns)
1759 return;
1760
1761 if (!ns->desc_digest_map) {
1762 char dummy[DIGEST_LEN];
1763 /* instantiates the digest map. */
1764 memset(dummy, 0, sizeof(dummy));
1765 router_get_consensus_status_by_descriptor_digest(dummy);
1766 }
1767 SMARTLIST_FOREACH(descs, signed_descriptor_t *, d,
1768 {
1769 routerstatus_t *rs = digestmap_get(ns->desc_digest_map,
1770 d->signed_descriptor_digest);
1771 if (rs) {
1772 if (ns->valid_until > d->last_listed_as_valid_until)
1773 d->last_listed_as_valid_until = ns->valid_until;
1774 }
1775 });
1776 }
1777
1778 /** Generate networkstatus lines for a single routerstatus_t object, and
1779 * return the result in a newly allocated string. Used only by controller
1780 * interface (for now.) */
1781 char *
1782 networkstatus_getinfo_helper_single(routerstatus_t *rs)
1783 {
1784 char buf[256];
1785 /* XXX020 that 256 above sounds a lot like RS_ENTRY_LEN in dirvote.c */
1786 routerstatus_format_entry(buf, sizeof(buf), rs, NULL, 0);
1787 return tor_strdup(buf);
1788 }
1789
1790 /** Alloc and return a string describing routerstatuses for the most
1791 * recent info of each router we know about that is of purpose
1792 * <b>purpose_string</b>. Return NULL if unrecognized purpose.
1793 *
1794 * Right now this function is oriented toward listing bridges (you
1795 * shouldn't use this for general-purpose routers, since those
1796 * should be listed from the consensus, not from the routers list). */
1797 char *
1798 networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now)
1799 {
1800 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1801 char *answer;
1802 routerlist_t *rl = router_get_routerlist();
1803 smartlist_t *statuses;
1804 uint8_t purpose = router_purpose_from_string(purpose_string);
1805 routerstatus_t rs;
1806 int bridge_auth = authdir_mode_bridge(get_options());
1807
1808 if (purpose == ROUTER_PURPOSE_UNKNOWN) {
1809 log_info(LD_DIR, "Unrecognized purpose '%s' when listing router statuses.",
1810 purpose_string);
1811 return NULL;
1812 }
1813
1814 statuses = smartlist_create();
1815 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1816 if (ri->cache_info.published_on < cutoff)
1817 continue;
1818 if (ri->purpose != purpose)
1819 continue;
1820 if (bridge_auth && ri->purpose == ROUTER_PURPOSE_BRIDGE)
1821 dirserv_set_router_is_running(ri, now);
1822 /* then generate and write out status lines for each of them */
1823 set_routerstatus_from_routerinfo(&rs, ri, now, 0, 0, 0, 0);
1824 smartlist_add(statuses, networkstatus_getinfo_helper_single(&rs));
1825 });
1826
1827 answer = smartlist_join_strings(statuses, "", 0, NULL);
1828 SMARTLIST_FOREACH(statuses, char *, cp, tor_free(cp));
1829 smartlist_free(statuses);
1830 return answer;
1831 }
1832
1833 /** Write out router status entries for all our bridge descriptors. */
1834 void
1835 networkstatus_dump_bridge_status_to_file(time_t now)
1836 {
1837 char *status = networkstatus_getinfo_by_purpose("bridge", now);
1838 or_options_t *options = get_options();
1839 size_t len = strlen(options->DataDirectory) + 32;
1840 char *fname = tor_malloc(len);
1841 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"networkstatus-bridges",
1842 options->DataDirectory);
1843 write_str_to_file(fname,status,0);
1844 tor_free(fname);
1845 tor_free(status);
1846 }
1847
1848 /** If <b>question</b> is a string beginning with "ns/" in a format the
1849 * control interface expects for a GETINFO question, set *<b>answer</b> to a
1850 * newly-allocated string containing networkstatus lines for the appropriate
1851 * ORs. Return 0 on success, -1 on unrecognized question format. */
1852 int
1853 getinfo_helper_networkstatus(control_connection_t *conn,
1854 const char *question, char **answer)
1855 {
1856 routerstatus_t *status;
1857 (void) conn;
1858
1859 if (!current_consensus) {
1860 *answer = tor_strdup("");
1861 return 0;
1862 }
1863
1864 if (!strcmp(question, "ns/all")) {
1865 smartlist_t *statuses = smartlist_create();
1866 SMARTLIST_FOREACH(current_consensus->routerstatus_list,
1867 routerstatus_t *, rs,
1868 {
1869 smartlist_add(statuses, networkstatus_getinfo_helper_single(rs));
1870 });
1871 *answer = smartlist_join_strings(statuses, "", 0, NULL);
1872 SMARTLIST_FOREACH(statuses, char *, cp, tor_free(cp));
1873 smartlist_free(statuses);
1874 return 0;
1875 } else if (!strcmpstart(question, "ns/id/")) {
1876 char d[DIGEST_LEN];
1877
1878 if (base16_decode(d, DIGEST_LEN, question+6, strlen(question+6)))
1879 return -1;
1880 status = router_get_consensus_status_by_id(d);
1881 } else if (!strcmpstart(question, "ns/name/")) {
1882 status = router_get_consensus_status_by_nickname(question+8, 0);
1883 } else if (!strcmpstart(question, "ns/purpose/")) {
1884 *answer = networkstatus_getinfo_by_purpose(question+11, time(NULL));
1885 return *answer ? 0 : -1;
1886 } else {
1887 return -1;
1888 }
1889
1890 if (status)
1891 *answer = networkstatus_getinfo_helper_single(status);
1892 return 0;
1893 }
1894
1895 /** Free all storage held locally in this module. */
1896 void
1897 networkstatus_free_all(void)
1898 {
1899 if (networkstatus_v2_list) {
1900 SMARTLIST_FOREACH(networkstatus_v2_list, networkstatus_v2_t *, ns,
1901 networkstatus_v2_free(ns));
1902 smartlist_free(networkstatus_v2_list);
1903 networkstatus_v2_list = NULL;
1904 }
1905 if (v2_download_status_map) {
1906 digestmap_free(v2_download_status_map, _tor_free);
1907 v2_download_status_map = NULL;
1908 }
1909 if (current_consensus) {
1910 networkstatus_vote_free(current_consensus);
1911 current_consensus = NULL;
1912 }
1913 if (consensus_waiting_for_certs) {
1914 networkstatus_vote_free(consensus_waiting_for_certs);
1915 consensus_waiting_for_certs = NULL;
1916 }
1917 tor_free(consensus_waiting_for_certs_body);
1918 if (named_server_map) {
1919 strmap_free(named_server_map, _tor_free);
1920 }
1921 if (unnamed_server_map) {
1922 strmap_free(unnamed_server_map, NULL);
1923 }
1924 }
1925
The Onion Router