| blob | bbff13fb9a25d172a3ca021d471f8cb4a468f373 |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2017, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
36 /**
37 * \file dirserv.c
38 * \brief Directory server core implementation. Manages directory
39 * contents and generates directories.
40 *
41 * This module implements most of directory cache functionality, and some of
42 * the directory authority functionality. The directory.c module delegates
43 * here in order to handle incoming requests from clients, via
44 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
45 * module is reponsible for spooling directory objects (in whole or in part)
46 * onto buf_t instances, and then closing the dir_connection_t once the
47 * objects are totally flushed.
48 *
49 * The directory.c module also delegates here for handling descriptor uploads
50 * via dirserv_add_multiple_descriptors().
51 *
52 * Additionally, this module handles some aspects of voting, including:
53 * deciding how to vote on individual flags (based on decisions reached in
54 * rephist.c), of formatting routerstatus lines, and deciding what relays to
55 * include in an authority's vote. (TODO: Those functions could profitably be
56 * split off. They only live in this file because historically they were
57 * shared among the v1, v2, and v3 directory code.)
58 */
60 /** How far in the future do we allow a router to get? (seconds) */
61 #define ROUTER_ALLOW_SKEW (60*60*12)
62 /** How many seconds do we wait before regenerating the directory? */
63 #define DIR_REGEN_SLACK_TIME 30
64 /** If we're a cache, keep this many networkstatuses around from non-trusted
65 * directory authorities. */
66 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
68 /** Total number of routers with measured bandwidth; this is set by
69 * dirserv_count_measured_bws() before the loop in
70 * dirserv_generate_networkstatus_vote_obj() and checked by
71 * dirserv_get_credible_bandwidth() and
72 * dirserv_compute_performance_thresholds() */
78 static uint32_t
102 /************** Fingerprint handling code ************/
104 /* 1 Historically used to indicate Named */
107 /* 8 Historically used to avoid using this as a dir. */
109 /* 32 Historically used to indicade Unnamed */
111 /** Target of status_by_digest map. */
116 router_status_t add_status);
118 /** List of nickname-\>identity fingerprint mappings for all the routers
119 * that we name. Used to prevent router impersonation. */
125 /** Should be static; exposed for testing. */
128 /** Allocate and return a new, empty, authdir_config_t. */
131 {
136 }
138 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
139 * <b>list</b>, or-ing the currently set status flags with
140 * <b>add_status</b>.
141 */
144 router_status_t add_status)
145 {
160 }
166 }
171 }
173 /** Add the fingerprint for this OR to the global list of recognized
174 * identity key fingerprints. */
175 int
177 {
182 }
187 }
189 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
190 * file. The file format is line-based, with each non-blank holding one
191 * nickname, some space, and a fingerprint for that nickname. On success,
192 * replace the current fingerprint list with the new list and return 0. On
193 * failure, leave the current fingerprint list untouched, and return -1. */
194 int
196 {
213 }
221 }
234 "Invalid fingerprint (nickname '%s', "
238 }
245 }
247 }
252 /* Delete any routers whose fingerprints we no longer recognize */
255 }
257 /* If this is set, then we don't allow routers that have advertised an Ed25519
258 * identity to stop doing so. This is going to be essential for good identity
259 * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
260 * just sign fake descriptors missing the Ed25519 key. But we won't actually
261 * be able to prevent that kind of thing until we're confident that there
262 * isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
263 * to leave this #undef.
264 */
265 #undef DISABLE_DISABLING_ED25519
267 /** Check whether <b>router</b> has a nickname/identity key combination that
268 * we recognize from the fingerprint list, or an IP we automatically act on
269 * according to our configuration. Return the appropriate router status.
270 *
271 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
272 * *<b>msg</b> to an explanation of why. */
273 uint32_t
276 {
285 }
287 /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
288 * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
289 * But just in case a relay doesn't provide or lies about its version, or
290 * doesn't include an ntor key in its descriptor, check that it exists,
291 * and is non-zero (clients check that it's non-zero before using it). */
294 "Descriptor from router %s is missing an ntor curve25519 onion "
299 }
302 /* This has an ed25519 identity key. */
307 "Descriptor from router %s has an Ed25519 key, "
313 }
315 }
316 }
318 /* No ed25519 key */
322 "Descriptor from router %s has no Ed25519 key, "
323 "when we previously knew an Ed25519 for it. Ignoring for now, "
326 #ifdef DISABLE_DISABLING_ED25519
330 }
332 }
333 #endif
334 }
335 }
340 }
342 /** Return true if there is no point in downloading the router described by
343 * <b>rs</b> because this directory would reject it. */
344 int
346 {
354 }
356 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
357 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
358 * port and platform (logging only) as arguments.
359 *
360 * Log messages at 'severity'. (There's not much point in
361 * logging that we're rejecting servers we'll not download.)
362 */
363 static uint32_t
367 {
379 tor_version_t ver_tmp;
383 }
385 }
386 }
388 /* Versions before Tor 0.2.4.18-rc are too old to support, and are
389 * missing some important security fixes too. Disable them. */
394 }
397 id_digest);
408 }
415 }
423 }
429 }
432 }
434 /** Clear the current fingerprint list. */
435 void
437 {
444 }
446 /*
447 * Descriptor list
448 */
450 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
451 * unless we're configured to not care. Return 0 if all ok. */
452 static int
454 {
455 tor_addr_t addr;
465 }
467 }
469 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
470 * set its is_valid,running fields and return 0. Otherwise, return -1.
471 *
472 * If the router is rejected, set *<b>msg</b> to an explanation of why.
473 *
474 * If <b>complain</b> then explain at log-level 'notice' why we refused
475 * a descriptor; else explain at log-level 'info'.
476 */
477 int
480 {
481 /* Okay. Now check whether the fingerprint is recognized. */
489 /* Is there too much clock skew? */
493 "far (%d minutes) in the future; possible clock skew. Not adding "
501 }
504 "Publication time for %s is too far "
512 }
520 }
525 }
527 /** Update the relevant flags of <b>node</b> based on our opinion as a
528 * directory authority in <b>authstatus</b>, as returned by
529 * dirserv_router_get_status or equivalent. */
530 void
533 {
536 }
538 /** True iff <b>a</b> is more severe than <b>b</b>. */
539 static int
541 {
543 }
545 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
546 * returns the most severe error that occurred for any one of them. */
547 was_router_added_t
551 {
574 /* XXX Not cool: we return -1 below, but (was_router_added_t)-1 is
575 * ROUTER_BAD_EI, which isn't what's gone wrong here. :( */
577 }
590 }
591 });
592 }
606 }
607 });
608 }
619 }
620 }
623 }
625 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
626 * the list of server descriptors. Set *<b>msg</b> to a message that should be
627 * passed back to the origin of this descriptor, or NULL if there is no such
628 * message. Use <b>source</b> to produce better log messages.
629 *
630 * Return the status of the operation
631 *
632 * This function is only called when fresh descriptors are posted, not when
633 * we re-load the cache.
634 */
635 was_router_added_t
637 {
638 was_router_added_t r;
646 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
647 * network and it'll clog everything up. */
650 " (source: %s) with size %d. Either this is an attack, or the "
653 MAX_DESCRIPTOR_UPLOAD_SIZE);
660 }
662 /* Check whether this descriptor is semantically identical to the last one
663 * from this server. (We do this here and not in router_add_to_routerlist
664 * because we want to be able to accept the newest router descriptor that
665 * another authority has, so we all converge on the same one.) */
671 "Not replacing descriptor from %s (source: %s); "
681 }
683 /* Do keypinning again ... this time, to add the pin if appropriate */
693 #ifndef DISABLE_DISABLING_ED25519
696 #endif
697 }
704 }
706 /* Make a copy of desc, since router_add_to_routerlist might free
707 * ri and its associated signed_descriptor_t. */
711 /* Tell if we're about to need to launch a test if we add this. */
717 /* unless the routerinfo was fine, just out-of-date */
733 }
737 }
741 }
743 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
744 static was_router_added_t
746 {
752 /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
753 * can mess with some of the flags in ri->cache_info. */
759 }
761 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
762 * network and it'll clog everything up. */
765 "with size %d. Either this is an attack, or the "
768 MAX_EXTRAINFO_UPLOAD_SIZE);
772 }
778 }
781 }
783 /** Remove all descriptors whose nicknames or fingerprints no longer
784 * are allowed by our fingerprint list. (Descriptors that used to be
785 * good can become bad when we reload the fingerprint list.)
786 */
787 static void
789 {
808 }
813 }
818 }
823 }
825 /**
826 * Allocate and return a description of the status of the server <b>desc</b>,
827 * for use in a v1-style router-status line. The server is listed
828 * as running iff <b>is_live</b> is true.
829 *
830 * This is deprecated: it's only used for controllers that want outputs in
831 * the old format.
832 */
835 {
845 }
851 }
854 DIGEST_LEN);
856 }
858 /* DOCDOC running_long_enough_to_decide_unreachable */
861 {
862 return time_of_process_start
864 }
866 /** Each server needs to have passed a reachability test no more
867 * than this number of seconds ago, or it is listed as down in
868 * the directory. */
869 #define REACHABLE_TIMEOUT (45*60)
871 /** If we tested a router and found it reachable _at least this long_ after it
872 * declared itself hibernating, it is probably done hibernating and we just
873 * missed a descriptor from it. */
874 #define HIBERNATION_PUBLICATION_SKEW (60*60)
876 /** Treat a router as alive if
877 * - It's me, and I'm not hibernating.
878 * or - We've found it reachable recently. */
879 void
881 {
882 /*XXXX This function is a mess. Separate out the part that calculates
883 whether it's reachable and the part that tells rephist that the router was
884 unreachable.
885 */
892 /* We always know if we are down ourselves. */
897 /* A hibernating router is down unless we (somehow) had contact with it
898 * since it declared itself to be hibernating. */
901 /* If AssumeReachable, everybody is up unless they say they are down! */
904 /* Otherwise, a router counts as up if we found all announced OR
905 ports reachable in the last REACHABLE_TIMEOUT seconds.
907 XXX prop186 For now there's always one IPv4 and at most one
908 IPv6 OR port.
910 If we're not on IPv6, don't consider reachability of potential
911 IPv6 OR port since that'd kill all dual stack relays until a
912 majority of the dir auths have IPv6 connectivity. */
917 }
920 /* Not considered reachable. tell rephist about that.
922 Because we launch a reachability test for each router every
923 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
924 been down since at least that time after we last successfully reached
925 it.
927 XXX ipv6
928 */
934 }
937 }
939 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
940 * contents of a v1-style router-status line, and store it in
941 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
942 *
943 * If for_controller is true, include the routers with very old descriptors.
944 *
945 * This is deprecated: it's only used for controllers that want outputs in
946 * the old format.
947 */
948 int
951 {
952 /* List of entries in a router-status style: An optional !, then an optional
953 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
958 /* We include v2 dir auths here too, because they need to answer
959 * controllers. Eventually we'll deprecate this whole function;
960 * see also networkstatus_getinfo_by_purpose(). */
970 /* Update router status in routerinfo_t. */
972 }
983 }
992 }
994 /** Given a (possibly empty) list of config_line_t, each line of which contains
995 * a list of comma-separated version numbers surrounded by optional space,
996 * allocate and return a new string containing the version numbers, in order,
997 * separated by commas. Used to generate Recommended(Client|Server)?Versions
998 */
1001 {
1008 }
1014 }
1016 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1017 * not hibernating, having observed bw greater 0, and not too old. Else
1018 * return 0.
1019 */
1020 static int
1022 {
1026 }
1029 }
1030 /* Only require bandwith capacity in non-test networks, or
1031 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
1035 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
1036 * then require bandwidthcapacity */
1038 }
1040 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
1042 }
1043 }
1045 }
1047 /********************************************************************/
1049 /* A set of functions to answer questions about how we'd like to behave
1050 * as a directory mirror/client. */
1052 /** Return 1 if we fetch our directory material directly from the
1053 * authorities, rather than from a mirror. */
1054 int
1056 {
1077 }
1079 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1080 * on the "mirror" schedule rather than the "client" schedule.
1081 */
1082 int
1084 {
1086 }
1088 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1089 * on a very passive schedule -- waiting long enough for ordinary clients
1090 * to probably have the info we want. These would include bridge users,
1091 * and maybe others in the future e.g. if a Tor client uses another Tor
1092 * client as a directory guard.
1093 */
1094 int
1096 {
1098 }
1100 /** Return true iff we want to serve certificates for authorities
1101 * that we don't acknowledge as authorities ourself.
1102 * Use we_want_to_fetch_unknown_auth_certs to check if we want to fetch
1103 * and keep these certificates.
1104 */
1105 int
1107 {
1109 }
1111 /** Return 1 if we want to fetch and serve descriptors, networkstatuses, etc
1112 * Else return 0.
1113 * Check options->DirPort_set and directory_permits_begindir_requests()
1114 * to see if we are willing to serve these directory documents to others via
1115 * the DirPort and begindir-over-ORPort, respectively.
1116 *
1117 * To check if we should fetch documents, use we_want_to_fetch_flavor and
1118 * we_want_to_fetch_unknown_auth_certs instead of this function.
1119 */
1120 int
1122 {
1127 /* We need an up-to-date view of network info if we're going to try to
1128 * block exit attempts from unknown relays. */
1131 }
1133 /** Return 1 if we want to allow remote clients to ask us directory
1134 * requests via the "begin_dir" interface, which doesn't require
1135 * having any separate port open. */
1136 int
1138 {
1140 }
1142 /** Return 1 if we have no need to fetch new descriptors. This generally
1143 * happens when we're not a dir cache and we haven't built any circuits
1144 * lately.
1145 */
1146 int
1149 {
1153 }
1155 /********************************************************************/
1157 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
1158 * currently serving. */
1161 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1162 * any references. */
1163 void
1165 {
1170 }
1172 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1173 * published at <b>published</b>. */
1174 cached_dir_t *
1176 {
1185 }
1187 }
1189 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1190 static void
1192 {
1196 }
1198 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1199 static void
1201 {
1208 }
1210 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1211 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1212 * validation is performed. */
1213 void
1219 {
1228 DIGEST256_LEN);
1230 new_networkstatus);
1233 }
1235 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1236 * optionally compressed format, suitable for sending to clients. */
1237 cached_dir_t *
1239 {
1243 }
1245 /** If a router's uptime is at least this value, then it is always
1246 * considered stable, regardless of the rest of the network. This
1247 * way we resist attacks where an attacker doubles the size of the
1248 * network using allegedly high-uptime nodes, displacing all the
1249 * current guards. */
1250 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1251 /** If a router's MTBF is at least this value, then it is always stable.
1252 * See above. (Corresponds to about 7 days for current decay rates.) */
1253 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1254 /** Similarly, every node with at least this much weighted time known can be
1255 * considered familiar enough to be a guard. Corresponds to about 20 days for
1256 * current decay rates.
1257 */
1258 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1259 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1260 */
1261 #define WFU_TO_GUARANTEE_GUARD (0.98)
1263 /* Thresholds for server performance: set by
1264 * dirserv_compute_performance_thresholds, and used by
1265 * generate_v2_networkstatus */
1267 /** Any router with an uptime of at least this value is stable. */
1269 /** Any router with an mtbf of at least this value is stable. */
1271 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1272 * than stable_uptime. */
1274 /** Any router with a weighted fractional uptime of at least this much might
1275 * be good as a guard. */
1277 /** Don't call a router a guard unless we've known about it for at least this
1278 * many seconds. */
1280 /** Any router with a bandwidth at least this high is "Fast" */
1282 /** If exits can be guards, then all guards must have a bandwidth this
1283 * high. */
1285 /** If exits can't be guards, then all guards must have a bandwidth this
1286 * high. */
1289 /** Helper: estimate the uptime of a router given its stated uptime and the
1290 * amount of time since it last stated its stated uptime. */
1293 {
1296 else
1298 }
1300 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1301 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1302 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1303 * bandwidth.
1304 */
1305 static int
1309 {
1312 /* XXXX We should change the rule from
1313 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1314 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
1315 * hit a point where we need to reset a lot of authorities at once,
1316 * none of them would be in a position to declare Stable.
1317 */
1328 }
1329 }
1334 }
1336 }
1338 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1339 *
1340 * Right now this means it advertises support for it, it has a high uptime,
1341 * it's a directory cache, it has the Stable and Fast flags, and it's currently
1342 * considered Running.
1343 *
1344 * This function needs to be called after router-\>is_running has
1345 * been set.
1346 */
1347 static int
1350 {
1354 /* If we haven't been running for at least
1355 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1356 * have accurate data telling us a relay has been up for at least
1357 * that long. We also want to allow a bit of slack: Reachability
1358 * tests aren't instant. If we haven't been running long enough,
1359 * trust the relay. */
1365 else
1373 }
1375 /** Don't consider routers with less bandwidth than this when computing
1376 * thresholds. */
1377 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
1379 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
1380 * include a router in our calculations, and return true iff we should; the
1381 * require_mbw parameter is passed in by
1382 * dirserv_compute_performance_thresholds() and controls whether we ever
1383 * count routers with only advertised bandwidths */
1384 static int
1388 {
1389 /* Have measured bw? */
1397 }
1403 }
1405 /** Look through the routerlist, the Mean Time Between Failure history, and
1406 * the Weighted Fractional Uptime history, and use them to set thresholds for
1407 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1408 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1409 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
1410 *
1411 * Also, set the is_exit flag of each router appropriately. */
1412 static void
1414 {
1423 /* Require mbw? */
1428 /* initialize these all here, in case there are no routers */
1440 /* Initialize arrays that will hold values for each router. We'll
1441 * sort them and use that to compute thresholds. */
1443 /* Uptime for every active router. */
1445 /* Bandwidth for every active router. */
1447 /* Bandwidth for every active non-exit router. */
1448 bandwidths_excluding_exits_kb =
1450 /* Weighted mean time between failure for each active router. */
1452 /* Time-known for each active router. */
1454 /* Weighted fractional uptime for each active router. */
1457 /* Now, fill in the arrays. */
1464 require_mbw)) {
1468 /* resolve spurious clang shallow analysis null pointer errors */
1479 }
1481 }
1484 /* Now, compute thresholds. */
1486 /* The median uptime is stable. */
1488 /* The median mtbf is stable, if we have enough mtbf info */
1490 /* The 12.5th percentile bandwidth is fast. */
1492 /* (Now bandwidths is sorted.) */
1495 guard_bandwidth_including_exits_kb =
1498 }
1503 {
1504 /* We can vote on a parameter for the minimum and maximum. */
1505 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
1508 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
1509 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
1510 INT32_MAX);
1513 }
1523 }
1524 /* Protect sufficiently fast nodes from being pushed out of the set
1525 * of Fast nodes. */
1530 /* Now that we have a time-known that 7/8 routers are known longer than,
1531 * fill wfus with the wfu of every such "familiar" router. */
1543 }
1553 guard_bandwidth_excluding_exits_kb =
1556 }
1559 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1560 "For Fast: %lu kilobytes/sec. "
1561 "For Guard: WFU %.03f%%, time-known %lu sec, "
1562 "and bandwidth %lu or %lu kilobytes/sec. "
1579 }
1581 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
1582 * for the status flags, specifically for bridges.
1583 *
1584 * This is only called by a Bridge Authority from
1585 * networkstatus_getinfo_by_purpose().
1586 */
1587 void
1589 {
1593 }
1595 /** Measured bandwidth cache entry */
1601 /** Measured bandwidth cache - keys are identity_digests, values are
1602 * mbw_cache_entry_t *. */
1605 /** Store a measured bandwidth cache entry when reading the measured
1606 * bandwidths file. */
1607 STATIC void
1610 {
1615 /* Allocate a cache if we need */
1618 /* Check if we have an existing entry */
1620 /* If we do, we can re-use it */
1622 /* Check that we really are newer, and update */
1626 }
1628 /* We'll have to insert a new entry */
1633 }
1634 }
1636 /** Clear and free the measured bandwidth cache */
1637 STATIC void
1639 {
1641 /* Free the map and all entries */
1644 }
1645 }
1647 /** Scan the measured bandwidth cache and remove expired entries */
1648 STATIC void
1650 {
1653 /* Iterate through the cache and check each entry */
1658 }
1661 /* Check if we cleared the whole thing and free if so */
1665 }
1666 }
1667 }
1669 /** Get the current size of the measured bandwidth cache */
1670 STATIC int
1672 {
1675 }
1677 /** Query the cache by identity digest, return value indicates whether
1678 * we found it. The bw_out and as_of_out pointers receive the cached
1679 * bandwidth value and the time it was cached if not NULL. */
1680 STATIC int
1683 {
1690 /* Found something */
1694 }
1695 }
1698 }
1700 /** Predicate wrapper for dirserv_query_measured_bw_cache() */
1701 STATIC int
1703 {
1705 }
1707 /** Get the best estimate of a router's bandwidth for dirauth purposes,
1708 * preferring measured to advertised values if available. */
1710 static uint32_t
1712 {
1714 /*
1715 * Yeah, measured bandwidths in measured_bw_line_t are (implicitly
1716 * signed) longs and the ones router_get_advertised_bandwidth() returns
1717 * are uint32_t.
1718 */
1722 /*
1723 * * First try to see if we have a measured bandwidth; don't bother with
1724 * as_of_out here, on the theory that a stale measured bandwidth is still
1725 * better to trust than an advertised one.
1726 */
1729 /* Got one! */
1732 /* If not, fall back to advertised */
1734 }
1735 }
1738 }
1740 /** Look through the routerlist, and using the measured bandwidth cache count
1741 * how many measured bandwidths we know. This is used to decide whether we
1742 * ever trust advertised bandwidths for purposes of assigning flags. */
1743 static void
1745 {
1746 /* Initialize this first */
1749 /* Iterate over the routerlist and count measured bandwidths */
1751 /* Check if we know a measured bandwidth for this one */
1754 }
1756 }
1758 /** Return the bandwidth we believe for assigning flags; prefer measured
1759 * over advertised, and if we have above a threshold quantity of measured
1760 * bandwidths, we don't want to ever give flags to unmeasured routers, so
1761 * return 0. */
1762 static uint32_t
1764 {
1770 /* Check if we have a measured bandwidth, and check the threshold if not */
1775 /* Return zero for unmeasured bandwidth if we are above threshold */
1778 /* Return an advertised bandwidth otherwise */
1780 }
1782 /* We have the measured bandwidth in mbw */
1784 }
1787 }
1789 /** Give a statement of our current performance thresholds for inclusion
1790 * in a vote document. */
1793 {
1800 "stable-uptime=%lu stable-mtbf=%lu "
1801 "fast-speed=%lu "
1802 "guard-wfu=%.03f%% guard-tk=%lu "
1803 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
1816 }
1818 /** Given a platform string as in a routerinfo_t (possibly null), return a
1819 * newly allocated version string for a networkstatus document, or NULL if the
1820 * platform doesn't give a Tor version. */
1823 {
1827 /* XXXX Unify this logic with the other version extraction
1828 * logic in routerparse.c. */
1830 }
1833 }
1834 }
1836 }
1838 /** Helper: write the router-status information in <b>rs</b> into a newly
1839 * allocated character buffer. Use the same format as in network-status
1840 * documents. If <b>version</b> is non-NULL, add a "v" line for the platform.
1841 * Return 0 on success, -1 on failure.
1842 *
1843 * The format argument has one of the following values:
1844 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1845 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1846 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1847 * consensus entry.
1848 * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
1849 * it contains additional information for the vote.
1850 * NS_CONTROL_PORT - Output a NS document for the control port
1851 */
1855 routerstatus_format_type_t format,
1857 {
1873 identity64,
1876 published,
1881 /* TODO: Maybe we want to pass in what we need to build the rest of
1882 * this here, instead of in the caller. Then we could use the
1883 * networkstatus_type_t values, with an additional control port value
1884 * added -MP */
1886 /* V3 microdesc consensuses don't have "a" lines. */
1890 /* Possible "a" line. At most one for now. */
1894 }
1901 /* These must stay in alphabetical order. */
1913 /* length of "opt v \n" */
1914 #define V_LINE_OVERHEAD 7
1917 }
1920 }
1927 /* Blow up more or less nicely if we didn't get anything or not the
1928 * thing we expected.
1929 */
1940 }
1942 /* This assert could fire for the control port, because
1943 * it can request NS documents before all descriptors
1944 * have been fetched. Therefore, we only do this test when
1945 * format != NS_CONTROL_PORT. */
1948 DIGEST_LEN)) {
1958 "the one in routerstatus: %s vs %s "
1964 DIGEST_LEN));
1965 }
1966 }
1973 }
1980 }
1981 /* Write down guardfraction information if we have it. */
1986 }
1994 }
2003 }
2004 }
2005 }
2007 done:
2010 err:
2015 }
2017 /** Helper for sorting: compares two routerinfos first by address, and then by
2018 * descending order of "usefulness". (An authority is more useful than a
2019 * non-authority; a running router is more useful than a non-running router;
2020 * and a router with more bandwidth is more useful than one with less.)
2021 **/
2022 static int
2024 {
2031 /* we return -1 if first should appear before second... that is,
2032 * if first is a better router. */
2038 /* Potentially, this next bit could cause k n lg n memeq calls. But in
2039 * reality, we will almost never get here, since addresses will usually be
2040 * different. */
2042 first_is_auth =
2044 second_is_auth =
2070 /* They're equal! Compare by identity digest, so there's a
2071 * deterministic order and we avoid flapping. */
2074 DIGEST_LEN);
2075 }
2077 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2078 * whose keys are the identity digests of those routers that we're going to
2079 * exclude for Sybil-like appearance. */
2082 {
2088 /* Allow at most this number of Tor servers on a single IP address, ... */
2105 }
2110 }
2112 /** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
2113 * remove the older one. If they are exactly the same age, remove the one
2114 * with the greater descriptor digest. May alter the order of the list. */
2115 static void
2117 {
2127 /* Duplicate; must omit one. Set the omit_from_vote flag in whichever
2128 * one has the earlier published_on. */
2139 }
2141 /* Add to map */
2143 }
2148 /* Now remove every router where the omit_from_vote flag got set. */
2152 }
2154 }
2156 /** Extract status information from <b>ri</b> and from other authority
2157 * functions and store it in <b>rs</b>>.
2158 *
2159 * We assume that ri-\>is_running has already been set, e.g. by
2160 * dirserv_set_router_is_running(ri, now);
2161 */
2162 void
2168 {
2177 /* Already set by compute_performance_thresholds. */
2191 guard_bandwidth_excluding_exits_kb))) {
2199 }
2210 DIGEST_LEN);
2219 /* We're configured as having IPv6 connectivity. There's an IPv6
2220 OR port and it's reachable so copy it to the routerstatus. */
2223 }
2227 }
2228 }
2230 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
2231 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
2232 * respectively. But don't set the corresponding node flags.
2233 * Should only be called if TestingTorNetwork is set. */
2234 STATIC void
2236 {
2246 }
2253 }
2260 }
2261 }
2263 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2264 * too narrow an IP-space. Clear out its flags since we don't want it be used
2265 * because of its Sybil-like appearance.
2266 *
2267 * Leave its BadExit flag alone though, since if we think it's a bad exit,
2268 * we want to vote that way in case all the other authorities are voting
2269 * Running and Exit.
2270 */
2271 static void
2273 {
2277 /* FFFF we might want some mechanism to check later on if we
2278 * missed zeroing any flags: it's easy to add a new flag but
2279 * forget to add it to this clause. */
2280 }
2282 /** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
2283 * is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
2284 * this guard in <b>vote_routerstatuses</b>, and if we do, register the
2285 * information to it.
2286 *
2287 * Return 1 if we applied the information and 0 if we couldn't find a
2288 * matching guard.
2289 *
2290 * Requires that <b>vote_routerstatuses</b> be sorted.
2291 */
2292 static int
2296 {
2302 compare_digest_to_vote_routerstatus_entry);
2306 }
2312 }
2314 /* Given a guard line from a guardfraction file, parse it and register
2315 * its information to <b>vote_routerstatuses</b>.
2316 *
2317 * Return:
2318 * * 1 if the line was proper and its information got registered.
2319 * * 0 if the line was proper but no currently active guard was found
2320 * to register the guardfraction information to.
2321 * * -1 if the line could not be parsed and set <b>err_msg</b> to a
2322 newly allocated string containing the error message.
2323 */
2324 static int
2328 {
2339 /* guard_line should contain something like this:
2340 <hex digest> <guardfraction> <appearances> */
2346 }
2354 }
2357 /* Guardfraction is an integer in [0, 100]. */
2358 guardfraction =
2363 }
2365 /* If routerstatuses were provided, apply this info to actual routers. */
2368 vote_routerstatuses);
2371 }
2373 done:
2379 }
2381 /** Given an inputs line from a guardfraction file, parse it and
2382 * register its information to <b>total_consensuses</b> and
2383 * <b>total_days</b>.
2384 *
2385 * Return 0 if it parsed well. Return -1 if there was an error, and
2386 * set <b>err_msg</b> to a newly allocated string containing the
2387 * error message.
2388 */
2389 static int
2394 {
2402 /* Second line is inputs information:
2403 * n-inputs <total_consensuses> <total_days>. */
2409 }
2417 }
2425 }
2429 done:
2434 }
2436 /* Maximum age of a guardfraction file that we are willing to accept. */
2439 /** Static strings of guardfraction files. */
2445 /** Given a guardfraction file in a string, parse it and register the
2446 * guardfraction information to the provided vote routerstatuses.
2447 *
2448 * This is the rough format of the guardfraction file:
2449 *
2450 * guardfraction-file-version 1
2451 * written-at <date and time>
2452 * n-inputs <number of consesuses parsed> <number of days considered>
2453 *
2454 * guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
2455 * guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
2456 * guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
2457 * guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
2458 * guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
2459 * ...
2460 *
2461 * Return -1 if the parsing failed and 0 if it went smoothly. Parsing
2462 * should tolerate errors in all lines but the written-at header.
2463 */
2464 STATIC int
2467 {
2473 /* Guardfraction info to be parsed */
2477 /* Stats */
2481 /* Parse file and split it in lines */
2486 }
2488 /* Sort routerstatuses (needed later when applying guardfraction info) */
2493 current_line_n++;
2499 version =
2506 }
2511 /* First line is 'written-at <date>' */
2516 }
2521 }
2533 }
2539 vote_routerstatuses,
2546 }
2548 /* Successfully parsed guard line. Check if it was applied properly. */
2549 guards_read_n++;
2551 guards_applied_n++;
2552 }
2556 }
2557 }
2562 "Successfully parsed guardfraction file with %d consensuses over "
2567 done:
2574 }
2575 }
2577 /** Read a guardfraction file at <b>fname</b> and load all its
2578 * information to <b>vote_routerstatuses</b>. */
2579 int
2582 {
2585 /* Read file to a string */
2590 }
2593 vote_routerstatuses);
2594 }
2596 /**
2597 * Helper function to parse out a line in the measured bandwidth file
2598 * into a measured_bw_line_t output structure. Returns -1 on failure
2599 * or 0 on success.
2600 */
2601 STATIC int
2603 {
2616 }
2623 }
2634 }
2643 }
2651 }
2661 }
2664 }
2675 }
2676 }
2678 /**
2679 * Helper function to apply a parsed measurement line to a list
2680 * of bandwidth statuses. Returns true if a line is found,
2681 * false otherwise.
2682 */
2683 STATIC int
2686 {
2692 compare_digest_to_vote_routerstatus_entry);
2700 }
2703 }
2705 /**
2706 * Read the measured bandwidth file and apply it to the list of
2707 * vote_routerstatus_t. Returns -1 on error, 0 otherwise.
2708 */
2709 int
2712 {
2721 from_file);
2723 }
2731 }
2740 }
2748 }
2754 measured_bw_line_t parsed_line;
2757 /* Also cache the line for dirserv_get_bandwidth_for_router() */
2760 applied_lines++;
2761 }
2762 }
2763 }
2765 /* Now would be a nice time to clean the cache, too */
2770 "Bandwidth measurement file successfully read. "
2773 }
2775 /** Return a new networkstatus_t* containing our current opinion. (For v3
2776 * authorities) */
2777 networkstatus_t *
2780 {
2794 vote_timing_t timing;
2805 }
2809 }
2813 }
2817 }
2822 }
2828 /*
2829 * Do this so dirserv_compute_performance_thresholds() and
2830 * set_routerstatus_from_routerinfo() see up-to-date bandwidth info.
2831 */
2835 /*
2836 * No bandwidths file; clear the measured bandwidth cache in case we had
2837 * one last time around.
2838 */
2841 }
2842 }
2844 /* precompute this part, since we need it to decide what "stable"
2845 * means. */
2848 });
2853 /* After this point, don't use rl->routers; use 'routers' instead. */
2862 /* Count how many have measured bandwidths so we know how to assign flags;
2863 * this must come before dirserv_compute_performance_thresholds() */
2882 listbadexits);
2887 ED25519_PUBKEY_LEN);
2888 }
2902 }
2904 microdescriptors);
2907 }
2910 {
2916 }
2921 /* Apply guardfraction information to routerstatuses. */
2924 routerstatuses);
2925 }
2927 /* This pass through applies the measured bw lines to the routerstatuses */
2930 routerstatuses);
2932 /*
2933 * No bandwidths file; clear the measured bandwidth cache in case we had
2934 * one last time around.
2935 */
2938 }
2939 }
2946 {
2954 else
2963 }
2976 /* These are hardwired, to avoid disaster. */
2990 /* We are not allowed to vote to require anything we don't have. */
2994 /* We should not recommend anything we don't have. */
3001 {
3006 }
3007 }
3024 }
3041 }
3042 }
3043 }
3049 /* Note: networkstatus_digest is unset; it won't get set until we actually
3050 * format the vote. */
3053 }
3055 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
3056 * pointers, adds copies of digests to fps_out, and doesn't use the
3057 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
3058 * requests, adds identity digests.
3059 */
3060 int
3063 dir_spool_source_t source,
3066 {
3075 DIGEST_LEN);
3076 /* Treat "all" requests as if they were unencrypted */
3086 DIGEST_LEN));
3098 }
3101 /* Remove anything that insists it not be sent unencrypted. */
3110 }
3112 }
3117 }
3119 }
3121 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3122 * <b>key</b>. The key should be either
3123 * - "/tor/server/authority" for our own routerinfo;
3124 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3125 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3126 * hex identity digests; or
3127 * - "/tor/server/d/D" where D is a plus-separated sequence
3128 * of server descriptor digests, in hex.
3129 *
3130 * Return 0 if we found some matching descriptors, or -1 if we do not
3131 * have any descriptors, no matching descriptors, or if we did not
3132 * recognize the key (URL).
3133 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3134 * message.
3135 *
3136 * XXXX rename this function. It's only called from the controller.
3137 * XXXX in fact, refactor this function, merging as much as possible.
3138 */
3139 int
3142 {
3159 {
3163 });
3174 /* calling router_get_my_routerinfo() to make sure it exists */
3180 /* Don't actually serve a descriptor that everyone will think is
3181 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3182 * Tors from downloading descriptors that they will throw away.
3183 */
3186 }
3193 }
3198 }
3200 }
3202 /** Called when a TLS handshake has completed successfully with a
3203 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3204 * a certificate with digest <b>digest_rcvd</b>.
3205 *
3206 * Inform the reachability checker that we could get to this relay.
3207 */
3208 void
3213 {
3215 tor_addr_port_t orport;
3230 /* We allow the node to have an ed25519 key if we haven't been told one in
3231 * the routerinfo, but if we *HAVE* been told one in the routerinfo, it
3232 * needs to match. */
3241 }
3242 }
3247 /* Found the right router. */
3251 /* This is a bridge or we're not a bridge authority --
3252 mark it as reachable. */
3261 /* No rephist for IPv6. */
3263 }
3264 }
3265 }
3266 }
3268 /** Called when we, as an authority, receive a new router descriptor either as
3269 * an upload or a download. Used to decide whether to relaunch reachability
3270 * testing for the server. */
3271 int
3274 {
3278 /* New router: Launch an immediate reachability test, so we will have an
3279 * opinion soon in case we're generating a consensus soon */
3281 }
3283 /* It just came out of hibernation; launch a reachability test */
3285 }
3287 /* Address or port changed; launch a reachability test */
3289 }
3291 }
3293 /** Helper function for dirserv_test_reachability(). Start a TLS
3294 * connection to <b>router</b>, and annotate it with when we started
3295 * the test. */
3296 void
3298 {
3302 tor_addr_t router_addr;
3315 }
3317 /* IPv4. */
3323 ed_id_key);
3326 /* Possible IPv6. */
3336 ed_id_key);
3338 }
3339 }
3341 /** Auth dir server only: load balance such that we only
3342 * try a few connections per call.
3343 *
3344 * The load balancing is such that if we get called once every ten
3345 * seconds, we will cycle through all the tests in
3346 * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
3347 */
3348 void
3350 {
3351 /* XXX decide what to do here; see or-talk thread "purging old router
3352 * information, revocation." -NM
3353 * We can't afford to mess with this in 0.1.2.x. The reason is that
3354 * if we stop doing reachability tests on some of routerlist, then
3355 * we'll for-sure think they're down, which may have unexpected
3356 * effects in other parts of the code. It doesn't hurt much to do
3357 * the testing, and directory authorities are easy to upgrade. Let's
3358 * wait til 0.2.0. -RD */
3359 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3370 // if (router->cache_info.published_on > cutoff)
3371 // continue;
3374 }
3377 }
3379 /* ==========
3380 * Spooling code.
3381 * ========== */
3383 spooled_resource_t *
3386 {
3404 }
3409 }
3411 /**
3412 * Create a new spooled_resource_t to spool the contents of <b>entry</b> to
3413 * the user. Return the spooled object on success, or NULL on failure (which
3414 * is probably caused by a failure to map the body of the item from disk).
3415 *
3416 * Adds a reference to entry's reference counter.
3417 */
3418 spooled_resource_t *
3420 {
3435 }
3436 }
3438 /** Release all storage held by <b>spooled</b>. */
3439 void
3441 {
3447 }
3451 }
3454 }
3456 /** When spooling data from a cached_dir_t object, we always add
3457 * at least this much. */
3458 #define DIRSERV_CACHED_DIR_CHUNK_SIZE 8192
3460 /** Return an compression ratio for compressing objects from <b>source</b>.
3461 */
3462 static double
3464 {
3465 /* We should put in better estimates here, depending on the number of
3466 objects and their type */
3469 }
3471 /** Return an estimated number of bytes needed for transmitting the
3472 * resource in <b>spooled</b> on <b>conn</b>
3473 *
3474 * As a convenient side-effect, set *<b>published_out</b> to the resource's
3475 * publication time.
3476 */
3477 static size_t
3482 {
3489 published_out);
3495 }
3501 }
3506 published_out);
3507 }
3510 }
3513 }
3514 }
3516 /** Return code for spooled_resource_flush_some */
3520 SRFS_DONE
3523 /** Flush some or all of the bytes from <b>spooled</b> onto <b>conn</b>.
3524 * Return SRFS_ERR on error, SRFS_MORE if there are more bytes to flush from
3525 * this spooled resource, or SRFS_DONE if we are done flushing this spooled
3526 * resource.
3527 */
3528 static spooled_resource_flush_status_t
3531 {
3533 /* Spool_eagerly resources are sent all-at-once. */
3540 /* Absent objects count as "done". */
3542 }
3547 }
3553 /* The cached_dir_t hasn't been materialized yet. So let's look it up. */
3557 /* Absent objects count as done. */
3559 }
3562 }
3575 }
3576 /* How many bytes left to flush? */
3589 }
3595 }
3596 }
3597 }
3599 /** Helper: find the cached_dir_t for a spooled_resource_t, for
3600 * sending it to <b>conn</b>. Set *<b>published_out</b>, if provided,
3601 * to the published time of the cached_dir_t.
3602 *
3603 * DOES NOT increase the reference count on the result. Callers must do that
3604 * themselves if they mean to hang on to it.
3605 */
3609 {
3615 }
3617 }
3619 /** Helper: Look up the body for an eagerly-served spooled_resource. If
3620 * <b>conn_is_encrypted</b> is false, don't look up any resource that
3621 * shouldn't be sent over an unencrypted connection. On success, set
3622 * <b>body_out</b>, <b>size_out</b>, and <b>published_out</b> to refer
3623 * to the resource's body, size, and publication date, and return 0.
3624 * On failure return -1. */
3625 static int
3631 {
3640 }
3644 }
3648 }
3652 }
3659 }
3665 }
3669 /* LCOV_EXCL_START */
3672 /* LCOV_EXCL_STOP */
3673 }
3675 /* If we get here, then we tried to set "sd" to a signed_descriptor_t. */
3679 }
3681 /* we did this check once before (so we could have an accurate size
3682 * estimate and maybe send a 404 if somebody asked for only bridges on
3683 * a connection), but we need to do it again in case a previously
3684 * unknown bridge descriptor has shown up between then and now. */
3686 }
3692 }
3694 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3695 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3696 * flavor name if we want a flavored v3 status, return a pointer to the
3697 * appropriate cached dir object, or NULL if there isn't one available. */
3700 {
3705 /* this here interface is a nasty hack: we're shoving a flavor into
3706 * a digest field. */
3708 }
3710 }
3712 /** Try to guess the number of bytes that will be needed to send the
3713 * spooled objects for <b>conn</b>'s outgoing spool. In the process,
3714 * remove every element of the spool that refers to an absent object, or
3715 * which was published earlier than <b>cutoff</b>. Set *<b>size_out</b>
3716 * to the number of bytes, and *<b>n_expired_out</b> to the number of
3717 * objects removed for being too old. */
3718 void
3724 {
3735 }
3751 }
3756 }
3759 }
3761 /** Helper: used to sort a connection's spool. */
3762 static int
3764 {
3768 }
3770 /** Sort all the entries in <b>conn</b> by digest. */
3771 void
3773 {
3777 }
3779 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3780 * its extra-info document if <b>extrainfo</b> is true. Return
3781 * NULL if not found or if the descriptor is older than
3782 * <b>publish_cutoff</b>. */
3785 {
3789 else
3797 else
3799 }
3800 }
3802 }
3804 /** When we're spooling data onto our outbuf, add more whenever we dip
3805 * below this threshold. */
3806 #define DIRSERV_BUFFER_MIN 16384
3808 /**
3809 * Called whenever we have flushed some directory data in state
3810 * SERVER_WRITING, or whenever we want to fill the buffer with initial
3811 * directory data (so that subsequent writes will occur, and trigger this
3812 * function again.)
3813 *
3814 * Return 0 on success, and -1 on failure.
3815 */
3816 int
3818 {
3827 spooled_resource_flush_status_t status;
3833 }
3836 /* If we're here, we're done flushing this resource. */
3839 }
3842 /* We're still spooling something. */
3844 }
3846 /* If we get here, we're done. */
3850 /* Flush the compression state: there could be more bytes pending in there,
3851 * and we don't want to omit bytes. */
3855 }
3857 }
3859 /** Remove every element from <b>conn</b>'s outgoing spool, and delete
3860 * the spool. */
3861 void
3863 {
3870 }
3872 /** Return true iff <b>line</b> is a valid RecommendedPackages line.
3873 */
3874 /*
3875 The grammar is:
3877 "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
3879 PACKAGENAME = NONSPACE
3880 VERSION = NONSPACE
3881 URL = NONSPACE
3882 DIGESTS = DIGEST | DIGESTS SP DIGEST
3883 DIGEST = DIGESTTYPE "=" DIGESTVAL
3885 NONSPACE = one or more non-space printing characters
3887 DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
3889 SP = " "
3890 NL = a newline
3892 */
3893 int
3895 {
3898 #define WORD() \
3899 do { \
3901 return 0; \
3903 if (!cp) \
3904 return 0; \
3905 } while (0)
3914 /* Skip digesttype=digestval + */
3941 }
3943 /* If we reach this point, we have at least 1 entry. */
3946 }
3948 /** Release all storage used by the directory server. */
3949 void
3951 {
3958 }