search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'karsten/task-18460-2' into maint-0.2.8
[tor.git] / src / or / statefile.c
blob9594d9cec3597f3c1b45cc82ed73fa24c441d55d
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file statefile.c
9 *
10 * \brief Handles parsing and encoding the persistent 'state' file that carries
11 * miscellaneous persistent state between Tor invocations.
12 */
13
14 #define STATEFILE_PRIVATE
15 #include "or.h"
16 #include "circuitstats.h"
17 #include "config.h"
18 #include "confparse.h"
19 #include "connection.h"
20 #include "entrynodes.h"
21 #include "hibernate.h"
22 #include "rephist.h"
23 #include "router.h"
24 #include "sandbox.h"
25 #include "statefile.h"
26
27 /** A list of state-file "abbreviations," for compatibility. */
28 static config_abbrev_t state_abbrevs_[] = {
29 { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 },
30 { "HelperNode", "EntryGuard", 0, 0 },
31 { "HelperNodeDownSince", "EntryGuardDownSince", 0, 0 },
32 { "HelperNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
33 { "EntryNode", "EntryGuard", 0, 0 },
34 { "EntryNodeDownSince", "EntryGuardDownSince", 0, 0 },
35 { "EntryNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
36 { NULL, NULL, 0, 0},
37 };
38
39 /*XXXX these next two are duplicates or near-duplicates from config.c */
40 #define VAR(name,conftype,member,initvalue) \
41 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_state_t, member), \
42 initvalue }
43 /** As VAR, but the option name and member name are the same. */
44 #define V(member,conftype,initvalue) \
45 VAR(#member, conftype, member, initvalue)
46
47 /** Array of "state" variables saved to the ~/.tor/state file. */
48 static config_var_t state_vars_[] = {
49 /* Remember to document these in state-contents.txt ! */
50
51 V(AccountingBytesReadInInterval, MEMUNIT, NULL),
52 V(AccountingBytesWrittenInInterval, MEMUNIT, NULL),
53 V(AccountingExpectedUsage, MEMUNIT, NULL),
54 V(AccountingIntervalStart, ISOTIME, NULL),
55 V(AccountingSecondsActive, INTERVAL, NULL),
56 V(AccountingSecondsToReachSoftLimit,INTERVAL, NULL),
57 V(AccountingSoftLimitHitAt, ISOTIME, NULL),
58 V(AccountingBytesAtSoftLimit, MEMUNIT, NULL),
59
60 VAR("EntryGuard", LINELIST_S, EntryGuards, NULL),
61 VAR("EntryGuardDownSince", LINELIST_S, EntryGuards, NULL),
62 VAR("EntryGuardUnlistedSince", LINELIST_S, EntryGuards, NULL),
63 VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL),
64 VAR("EntryGuardPathBias", LINELIST_S, EntryGuards, NULL),
65 VAR("EntryGuardPathUseBias", LINELIST_S, EntryGuards, NULL),
66 V(EntryGuards, LINELIST_V, NULL),
67
68 VAR("TransportProxy", LINELIST_S, TransportProxies, NULL),
69 V(TransportProxies, LINELIST_V, NULL),
70
71 V(BWHistoryReadEnds, ISOTIME, NULL),
72 V(BWHistoryReadInterval, UINT, "900"),
73 V(BWHistoryReadValues, CSV, ""),
74 V(BWHistoryReadMaxima, CSV, ""),
75 V(BWHistoryWriteEnds, ISOTIME, NULL),
76 V(BWHistoryWriteInterval, UINT, "900"),
77 V(BWHistoryWriteValues, CSV, ""),
78 V(BWHistoryWriteMaxima, CSV, ""),
79 V(BWHistoryDirReadEnds, ISOTIME, NULL),
80 V(BWHistoryDirReadInterval, UINT, "900"),
81 V(BWHistoryDirReadValues, CSV, ""),
82 V(BWHistoryDirReadMaxima, CSV, ""),
83 V(BWHistoryDirWriteEnds, ISOTIME, NULL),
84 V(BWHistoryDirWriteInterval, UINT, "900"),
85 V(BWHistoryDirWriteValues, CSV, ""),
86 V(BWHistoryDirWriteMaxima, CSV, ""),
87
88 V(TorVersion, STRING, NULL),
89
90 V(LastRotatedOnionKey, ISOTIME, NULL),
91 V(LastWritten, ISOTIME, NULL),
92
93 V(TotalBuildTimes, UINT, NULL),
94 V(CircuitBuildAbandonedCount, UINT, "0"),
95 VAR("CircuitBuildTimeBin", LINELIST_S, BuildtimeHistogram, NULL),
96 VAR("BuildtimeHistogram", LINELIST_V, BuildtimeHistogram, NULL),
97 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
98 };
99
100 #undef VAR
101 #undef V
102
103 static int or_state_validate(or_state_t *state, char **msg);
104
105 static int or_state_validate_cb(void *old_options, void *options,
106 void *default_options,
107 int from_setconf, char **msg);
108
109 /** Magic value for or_state_t. */
110 #define OR_STATE_MAGIC 0x57A73f57
111
112 /** "Extra" variable in the state that receives lines we can't parse. This
113 * lets us preserve options from versions of Tor newer than us. */
114 static config_var_t state_extra_var = {
115 "__extra", CONFIG_TYPE_LINELIST, STRUCT_OFFSET(or_state_t, ExtraLines), NULL
116 };
117
118 /** Configuration format for or_state_t. */
119 static const config_format_t state_format = {
120 sizeof(or_state_t),
121 OR_STATE_MAGIC,
122 STRUCT_OFFSET(or_state_t, magic_),
123 state_abbrevs_,
124 state_vars_,
125 or_state_validate_cb,
126 &state_extra_var,
127 };
128
129 /** Persistent serialized state. */
130 static or_state_t *global_state = NULL;
131
132 /** Return the persistent state struct for this Tor. */
133 MOCK_IMPL(or_state_t *,
134 get_or_state, (void))
135 {
136 tor_assert(global_state);
137 return global_state;
138 }
139
140 /** Return true iff we have loaded the global state for this Tor */
141 int
142 or_state_loaded(void)
143 {
144 return global_state != NULL;
145 }
146
147 /** Return true if <b>line</b> is a valid state TransportProxy line.
148 * Return false otherwise. */
149 static int
150 state_transport_line_is_valid(const char *line)
151 {
152 smartlist_t *items = NULL;
153 char *addrport=NULL;
154 tor_addr_t addr;
155 uint16_t port = 0;
156 int r;
157
158 items = smartlist_new();
159 smartlist_split_string(items, line, NULL,
160 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
161
162 if (smartlist_len(items) != 2) {
163 log_warn(LD_CONFIG, "state: Not enough arguments in TransportProxy line.");
164 goto err;
165 }
166
167 addrport = smartlist_get(items, 1);
168 if (tor_addr_port_lookup(addrport, &addr, &port) < 0) {
169 log_warn(LD_CONFIG, "state: Could not parse addrport.");
170 goto err;
171 }
172
173 if (!port) {
174 log_warn(LD_CONFIG, "state: Transport line did not contain port.");
175 goto err;
176 }
177
178 r = 1;
179 goto done;
180
181 err:
182 r = 0;
183
184 done:
185 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
186 smartlist_free(items);
187 return r;
188 }
189
190 /** Return 0 if all TransportProxy lines in <b>state</b> are well
191 * formed. Otherwise, return -1. */
192 static int
193 validate_transports_in_state(or_state_t *state)
194 {
195 int broken = 0;
196 config_line_t *line;
197
198 for (line = state->TransportProxies ; line ; line = line->next) {
199 tor_assert(!strcmp(line->key, "TransportProxy"));
200 if (!state_transport_line_is_valid(line->value))
201 broken = 1;
202 }
203
204 if (broken)
205 log_warn(LD_CONFIG, "state: State file seems to be broken.");
206
207 return 0;
208 }
209
210 static int
211 or_state_validate_cb(void *old_state, void *state, void *default_state,
212 int from_setconf, char **msg)
213 {
214 /* We don't use these; only options do. Still, we need to match that
215 * signature. */
216 (void) from_setconf;
217 (void) default_state;
218 (void) old_state;
219
220 return or_state_validate(state, msg);
221 }
222
223 /** Return 0 if every setting in <b>state</b> is reasonable, and a
224 * permissible transition from <b>old_state</b>. Else warn and return -1.
225 * Should have no side effects, except for normalizing the contents of
226 * <b>state</b>.
227 */
228 static int
229 or_state_validate(or_state_t *state, char **msg)
230 {
231 if (entry_guards_parse_state(state, 0, msg)<0)
232 return -1;
233
234 if (validate_transports_in_state(state)<0)
235 return -1;
236
237 return 0;
238 }
239
240 /** Replace the current persistent state with <b>new_state</b> */
241 static int
242 or_state_set(or_state_t *new_state)
243 {
244 char *err = NULL;
245 int ret = 0;
246 tor_assert(new_state);
247 config_free(&state_format, global_state);
248 global_state = new_state;
249 if (entry_guards_parse_state(global_state, 1, &err)<0) {
250 log_warn(LD_GENERAL,"%s",err);
251 tor_free(err);
252 ret = -1;
253 }
254 if (rep_hist_load_state(global_state, &err)<0) {
255 log_warn(LD_GENERAL,"Unparseable bandwidth history state: %s",err);
256 tor_free(err);
257 ret = -1;
258 }
259 if (circuit_build_times_parse_state(
260 get_circuit_build_times_mutable(),global_state) < 0) {
261 ret = -1;
262 }
263 return ret;
264 }
265
266 /**
267 * Save a broken state file to a backup location.
268 */
269 static void
270 or_state_save_broken(char *fname)
271 {
272 int i, res;
273 file_status_t status;
274 char *fname2 = NULL;
275 for (i = 0; i < 100; ++i) {
276 tor_asprintf(&fname2, "%s.%d", fname, i);
277 status = file_status(fname2);
278 if (status == FN_NOENT)
279 break;
280 tor_free(fname2);
281 }
282 if (i == 100) {
283 log_warn(LD_BUG, "Unable to parse state in \"%s\"; too many saved bad "
284 "state files to move aside. Discarding the old state file.",
285 fname);
286 res = unlink(fname);
287 if (res != 0) {
288 log_warn(LD_FS,
289 "Also couldn't discard old state file \"%s\" because "
290 "unlink() failed: %s",
291 fname, strerror(errno));
292 }
293 } else {
294 log_warn(LD_BUG, "Unable to parse state in \"%s\". Moving it aside "
295 "to \"%s\". This could be a bug in Tor; please tell "
296 "the developers.", fname, fname2);
297 if (tor_rename(fname, fname2) < 0) {//XXXX sandbox prohibits
298 log_warn(LD_BUG, "Weirdly, I couldn't even move the state aside. The "
299 "OS gave an error of %s", strerror(errno));
300 }
301 }
302 tor_free(fname2);
303 }
304
305 STATIC or_state_t *
306 or_state_new(void)
307 {
308 or_state_t *new_state = tor_malloc_zero(sizeof(or_state_t));
309 new_state->magic_ = OR_STATE_MAGIC;
310 config_init(&state_format, new_state);
311
312 return new_state;
313 }
314
315 /** Reload the persistent state from disk, generating a new state as needed.
316 * Return 0 on success, less than 0 on failure.
317 */
318 int
319 or_state_load(void)
320 {
321 or_state_t *new_state = NULL;
322 char *contents = NULL, *fname;
323 char *errmsg = NULL;
324 int r = -1, badstate = 0;
325
326 fname = get_datadir_fname("state");
327 switch (file_status(fname)) {
328 case FN_FILE:
329 if (!(contents = read_file_to_str(fname, 0, NULL))) {
330 log_warn(LD_FS, "Unable to read state file \"%s\"", fname);
331 goto done;
332 }
333 break;
334 /* treat empty state files as if the file doesn't exist, and generate
335 * a new state file, overwriting the empty file in or_state_save() */
336 case FN_NOENT:
337 case FN_EMPTY:
338 break;
339 case FN_ERROR:
340 case FN_DIR:
341 default:
342 log_warn(LD_GENERAL,"State file \"%s\" is not a file? Failing.", fname);
343 goto done;
344 }
345 new_state = or_state_new();
346 if (contents) {
347 config_line_t *lines=NULL;
348 int assign_retval;
349 if (config_get_lines(contents, &lines, 0)<0)
350 goto done;
351 assign_retval = config_assign(&state_format, new_state,
352 lines, 0, 0, &errmsg);
353 config_free_lines(lines);
354 if (assign_retval<0)
355 badstate = 1;
356 if (errmsg) {
357 log_warn(LD_GENERAL, "%s", errmsg);
358 tor_free(errmsg);
359 }
360 }
361
362 if (!badstate && or_state_validate(new_state, &errmsg) < 0)
363 badstate = 1;
364
365 if (errmsg) {
366 log_warn(LD_GENERAL, "%s", errmsg);
367 tor_free(errmsg);
368 }
369
370 if (badstate && !contents) {
371 log_warn(LD_BUG, "Uh oh. We couldn't even validate our own default state."
372 " This is a bug in Tor.");
373 goto done;
374 } else if (badstate && contents) {
375 or_state_save_broken(fname);
376
377 tor_free(contents);
378 config_free(&state_format, new_state);
379
380 new_state = or_state_new();
381 } else if (contents) {
382 log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
383 /* Warn the user if their clock has been set backwards,
384 * they could be tricked into using old consensuses */
385 time_t apparent_skew = new_state->LastWritten - time(NULL);
386 if (apparent_skew > 0)
387 clock_skew_warning(NULL, (long)apparent_skew, 1, LD_GENERAL,
388 "local state file", fname);
389 } else {
390 log_info(LD_GENERAL, "Initialized state");
391 }
392 if (or_state_set(new_state) == -1) {
393 or_state_save_broken(fname);
394 }
395 new_state = NULL;
396 if (!contents) {
397 global_state->next_write = 0;
398 or_state_save(time(NULL));
399 }
400 r = 0;
401
402 done:
403 tor_free(fname);
404 tor_free(contents);
405 if (new_state)
406 config_free(&state_format, new_state);
407
408 return r;
409 }
410
411 /** Did the last time we tried to write the state file fail? If so, we
412 * should consider disabling such features as preemptive circuit generation
413 * to compute circuit-build-time. */
414 static int last_state_file_write_failed = 0;
415
416 /** Return whether the state file failed to write last time we tried. */
417 int
418 did_last_state_file_write_fail(void)
419 {
420 return last_state_file_write_failed;
421 }
422
423 /** If writing the state to disk fails, try again after this many seconds. */
424 #define STATE_WRITE_RETRY_INTERVAL 3600
425
426 /** If we're a relay, how often should we checkpoint our state file even
427 * if nothing else dirties it? This will checkpoint ongoing stats like
428 * bandwidth used, per-country user stats, etc. */
429 #define STATE_RELAY_CHECKPOINT_INTERVAL (12*60*60)
430
431 /** Write the persistent state to disk. Return 0 for success, <0 on failure. */
432 int
433 or_state_save(time_t now)
434 {
435 char *state, *contents;
436 char tbuf[ISO_TIME_LEN+1];
437 char *fname;
438
439 tor_assert(global_state);
440
441 if (global_state->next_write > now)
442 return 0;
443
444 /* Call everything else that might dirty the state even more, in order
445 * to avoid redundant writes. */
446 entry_guards_update_state(global_state);
447 rep_hist_update_state(global_state);
448 circuit_build_times_update_state(get_circuit_build_times(), global_state);
449 if (accounting_is_enabled(get_options()))
450 accounting_run_housekeeping(now);
451
452 global_state->LastWritten = now;
453
454 tor_free(global_state->TorVersion);
455 tor_asprintf(&global_state->TorVersion, "Tor %s", get_version());
456
457 state = config_dump(&state_format, NULL, global_state, 1, 0);
458 format_local_iso_time(tbuf, now);
459 tor_asprintf(&contents,
460 "# Tor state file last generated on %s local time\n"
461 "# Other times below are in UTC\n"
462 "# You *do not* need to edit this file.\n\n%s",
463 tbuf, state);
464 tor_free(state);
465 fname = get_datadir_fname("state");
466 if (write_str_to_file(fname, contents, 0)<0) {
467 log_warn(LD_FS, "Unable to write state to file \"%s\"; "
468 "will try again later", fname);
469 last_state_file_write_failed = 1;
470 tor_free(fname);
471 tor_free(contents);
472 /* Try again after STATE_WRITE_RETRY_INTERVAL (or sooner, if the state
473 * changes sooner). */
474 global_state->next_write = now + STATE_WRITE_RETRY_INTERVAL;
475 return -1;
476 }
477
478 last_state_file_write_failed = 0;
479 log_info(LD_GENERAL, "Saved state to \"%s\"", fname);
480 tor_free(fname);
481 tor_free(contents);
482
483 if (server_mode(get_options()))
484 global_state->next_write = now + STATE_RELAY_CHECKPOINT_INTERVAL;
485 else
486 global_state->next_write = TIME_MAX;
487
488 return 0;
489 }
490
491 /** Return the config line for transport <b>transport</b> in the current state.
492 * Return NULL if there is no config line for <b>transport</b>. */
493 STATIC config_line_t *
494 get_transport_in_state_by_name(const char *transport)
495 {
496 or_state_t *or_state = get_or_state();
497 config_line_t *line;
498 config_line_t *ret = NULL;
499 smartlist_t *items = NULL;
500
501 for (line = or_state->TransportProxies ; line ; line = line->next) {
502 tor_assert(!strcmp(line->key, "TransportProxy"));
503
504 items = smartlist_new();
505 smartlist_split_string(items, line->value, NULL,
506 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
507 if (smartlist_len(items) != 2) /* broken state */
508 goto done;
509
510 if (!strcmp(smartlist_get(items, 0), transport)) {
511 ret = line;
512 goto done;
513 }
514
515 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
516 smartlist_free(items);
517 items = NULL;
518 }
519
520 done:
521 if (items) {
522 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
523 smartlist_free(items);
524 }
525 return ret;
526 }
527
528 /** Return string containing the address:port part of the
529 * TransportProxy <b>line</b> for transport <b>transport</b>.
530 * If the line is corrupted, return NULL. */
531 static const char *
532 get_transport_bindaddr(const char *line, const char *transport)
533 {
534 char *line_tmp = NULL;
535
536 if (strlen(line) < strlen(transport) + 2) {
537 goto broken_state;
538 } else {
539 /* line should start with the name of the transport and a space.
540 (for example, "obfs2 127.0.0.1:47245") */
541 tor_asprintf(&line_tmp, "%s ", transport);
542 if (strcmpstart(line, line_tmp))
543 goto broken_state;
544
545 tor_free(line_tmp);
546 return (line+strlen(transport)+1);
547 }
548
549 broken_state:
550 tor_free(line_tmp);
551 return NULL;
552 }
553
554 /** Return a string containing the address:port that a proxy transport
555 * should bind on. The string is stored on the heap and must be freed
556 * by the caller of this function. */
557 char *
558 get_stored_bindaddr_for_server_transport(const char *transport)
559 {
560 char *default_addrport = NULL;
561 const char *stored_bindaddr = NULL;
562 config_line_t *line = NULL;
563
564 {
565 /* See if the user explicitly asked for a specific listening
566 address for this transport. */
567 char *conf_bindaddr = get_transport_bindaddr_from_config(transport);
568 if (conf_bindaddr)
569 return conf_bindaddr;
570 }
571
572 line = get_transport_in_state_by_name(transport);
573 if (!line) /* Found no references in state for this transport. */
574 goto no_bindaddr_found;
575
576 stored_bindaddr = get_transport_bindaddr(line->value, transport);
577 if (stored_bindaddr) /* found stored bindaddr in state file. */
578 return tor_strdup(stored_bindaddr);
579
580 no_bindaddr_found:
581 /** If we didn't find references for this pluggable transport in the
582 state file, we should instruct the pluggable transport proxy to
583 listen on INADDR_ANY on a random ephemeral port. */
584 tor_asprintf(&default_addrport, "%s:%s", fmt_addr32(INADDR_ANY), "0");
585 return default_addrport;
586 }
587
588 /** Save <b>transport</b> listening on <b>addr</b>:<b>port</b> to
589 state */
590 void
591 save_transport_to_state(const char *transport,
592 const tor_addr_t *addr, uint16_t port)
593 {
594 or_state_t *state = get_or_state();
595
596 char *transport_addrport=NULL;
597
598 /** find where to write on the state */
599 config_line_t **next, *line;
600
601 /* see if this transport is already stored in state */
602 config_line_t *transport_line =
603 get_transport_in_state_by_name(transport);
604
605 if (transport_line) { /* if transport already exists in state... */
606 const char *prev_bindaddr = /* get its addrport... */
607 get_transport_bindaddr(transport_line->value, transport);
608 transport_addrport = tor_strdup(fmt_addrport(addr, port));
609
610 /* if transport in state has the same address as this one, life is good */
611 if (!strcmp(prev_bindaddr, transport_addrport)) {
612 log_info(LD_CONFIG, "Transport seems to have spawned on its usual "
613 "address:port.");
614 goto done;
615 } else { /* if addrport in state is different than the one we got */
616 log_info(LD_CONFIG, "Transport seems to have spawned on different "
617 "address:port. Let's update the state file with the new "
618 "address:port");
619 tor_free(transport_line->value); /* free the old line */
620 /* replace old addrport line with new line */
621 tor_asprintf(&transport_line->value, "%s %s", transport,
622 fmt_addrport(addr, port));
623 }
624 } else { /* never seen this one before; save it in state for next time */
625 log_info(LD_CONFIG, "It's the first time we see this transport. "
626 "Let's save its address:port");
627 next = &state->TransportProxies;
628 /* find the last TransportProxy line in the state and point 'next'
629 right after it */
630 line = state->TransportProxies;
631 while (line) {
632 next = &(line->next);
633 line = line->next;
634 }
635
636 /* allocate space for the new line and fill it in */
637 *next = line = tor_malloc_zero(sizeof(config_line_t));
638 line->key = tor_strdup("TransportProxy");
639 tor_asprintf(&line->value, "%s %s", transport, fmt_addrport(addr, port));
640
641 next = &(line->next);
642 }
643
644 if (!get_options()->AvoidDiskWrites)
645 or_state_mark_dirty(state, 0);
646
647 done:
648 tor_free(transport_addrport);
649 }
650
651 STATIC void
652 or_state_free(or_state_t *state)
653 {
654 if (!state)
655 return;
656
657 config_free(&state_format, state);
658 }
659
660 void
661 or_state_free_all(void)
662 {
663 or_state_free(global_state);
664 global_state = NULL;
665 }
666
The Onion Router