| blob | 51ad551c0d36b790e9dc91d5af0724cf655df44e |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file routerlist.c
9 * \brief Code to
10 * maintain and access the global list of routerinfos for known
11 * servers.
12 *
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
19 *
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
22 * networkstatus.
23 *
24 * Right now, routerinfo_t objects are used in these ways:
25 * <ul>
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
34 * else wants them.
35 * </ul>
36 *
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
42 *
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
48 *
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
53 *
54 * <br>
55 *
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
60 *
61 * <br>
62 *
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
66 *
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
71 *
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
77 *
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
80 *
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
87 *
88 * TODO: Authority certificates should be a separate module.
89 *
90 * TODO: dir_server_t stuff should be in a separate module.
91 **/
93 #define ROUTERLIST_PRIVATE
125 // #define DEBUG_ROUTERLIST
127 /****************************************************************************/
129 /* Typed wrappers for different digestmap types; used to avoid type
130 * confusion. */
136 #define SDMAP_FOREACH(map, keyvar, valvar) \
137 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
138 valvar)
139 #define RIMAP_FOREACH(map, keyvar, valvar) \
140 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
141 #define EIMAP_FOREACH(map, keyvar, valvar) \
142 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
143 #define DSMAP_FOREACH(map, keyvar, valvar) \
144 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
145 valvar)
147 /* Forward declaration for cert_list_t */
150 /* static function prototypes */
152 bandwidth_weight_rule_t rule,
179 /****************************************************************************/
181 /** Global list of a dir_server_t object for each directory
182 * authority. */
184 /** Global list of dir_server_t objects for all directory authorities
185 * and all fallback directory servers. */
188 /** List of certificates for a single authority, and download status for
189 * latest certificate.
190 */
192 /*
193 * The keys of download status map are cert->signing_key_digest for pending
194 * downloads by (identity digest/signing key digest) pair; functions such
195 * as authority_cert_get_by_digest() already assume these are unique.
196 */
198 /* There is also a dlstatus for the download by identity key only */
199 download_status_t dl_status_by_id;
201 };
202 /** Map from v3 identity key digest to cert_list_t. */
204 /** True iff any key certificate in at least one member of
205 * <b>trusted_dir_certs</b> has changed since we last flushed the
206 * certificates to disk. */
209 /** Global list of all of the routers that we know about. */
212 /** List of strings for nicknames we've already warned about and that are
213 * still unknown / unavailable. */
216 /** The last time we tried to download any routerdesc, or 0 for "never". We
217 * use this to rate-limit download attempts when the number of routerdescs to
218 * download is low. */
221 /** Return the number of directory authorities whose type matches some bit set
222 * in <b>type</b> */
223 int
225 {
233 }
235 /** Initialise schedule, want_authority, and increment on in the download
236 * status dlstatus, then call download_status_reset() on it.
237 * It is safe to call this function or download_status_reset() multiple times
238 * on a new dlstatus. But it should *not* be called after a dlstatus has been
239 * used to count download attempts or failures. */
240 static void
242 {
250 /* Use the new schedule to set next_attempt_at */
252 }
254 /** Reset the download status of a specified element in a dsmap */
255 static void
257 {
263 /* Make sure we have a dsmap */
266 }
267 /* Look for a download_status_t in the map with this digest */
269 /* Got one? */
271 /* Insert before we reset */
275 }
277 /* Go ahead and reset it */
279 }
281 /**
282 * Return true if the download for this signing key digest in cl is ready
283 * to be re-attempted.
284 */
285 static int
289 {
296 /* Make sure we have a dsmap */
299 }
300 /* Look for a download_status_t in the map with this digest */
302 /* Got one? */
304 /* Use download_status_is_ready() */
307 /*
308 * If we don't know anything about it, return 1, since we haven't
309 * tried this one before. We need to create a new entry here,
310 * too.
311 */
316 }
319 }
321 /** Helper: Return the cert_list_t for an authority whose authority ID is
322 * <b>id_digest</b>, allocating a new list if necessary. */
325 {
336 }
338 }
340 /** Return a list of authority ID digests with potentially enumerable lists
341 * of download_status_t objects; used by controller GETINFO queries.
342 */
346 {
357 /*
358 * We always have at least dl_status_by_id to query, so no need to
359 * probe deeper than the existence of a cert_list_t.
360 */
365 }
366 }
367 /* else definitely no downlaods going since nothing even has a cert list */
370 }
372 /** Given an authority ID digest, return a pointer to the default download
373 * status, or NULL if there is no such entry in trusted_dir_certs */
377 {
385 }
386 }
389 }
391 /** Given an authority ID digest, return a smartlist of signing key digests
392 * for which download_status_t is potentially queryable, or NULL if no such
393 * authority ID digest is known. */
397 {
413 /* Pull the digest out and add it to the list */
418 }
419 }
420 }
421 }
424 }
426 /** Given an authority ID digest and a signing key digest, return the
427 * download_status_t or NULL if none exists. */
432 {
440 }
441 }
444 }
446 /** Release all space held by a cert_list_t */
447 static void
449 {
458 }
460 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
461 static void
463 {
465 }
467 /** Reload the cached v3 key certificates from the cached-certs file in
468 * the data directory. Return 0 on success, -1 on failure. */
469 int
471 {
482 contents,
486 }
488 /** Helper: return true iff we already have loaded the exact cert
489 * <b>cert</b>. */
492 {
496 {
499 DIGEST_LEN))
501 });
503 }
505 /** Load a bunch of new key certificates from the string <b>contents</b>. If
506 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
507 * from the cache, and we don't need to flush them to disk. If we are a
508 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
509 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
510 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
511 * need to flush any changed certificates to disk now. Return 0 on success,
512 * -1 if any certs fail to parse.
513 *
514 * If source_dir is non-NULL, it's the identity digest for a directory that
515 * we've just successfully retrieved certificates from, so try it first to
516 * fetch any missing certificates.
517 */
518 int
521 {
534 }
541 /* we already have this one. continue. */
547 /*
548 * A duplicate on download should be treated as a failure, so we call
549 * authority_cert_dl_failed() to reset the download status to make sure
550 * we can't try again. Since we've implemented the fp-sk mechanism
551 * to download certs by signing key, this should be much rarer than it
552 * was and is perhaps cause for concern.
553 */
557 "Got a certificate for %s, but we already have it. "
562 "Got a certificate for %s, but we already have it. "
565 }
567 /*
568 * This is where we care about the source; authority_cert_dl_failed()
569 * needs to know whether the download was by fp or (fp,sk) pair to
570 * twiddle the right bit in the download map.
571 */
578 }
579 }
583 }
600 }
601 }
606 /* Check to see whether we should update our view of the authority's
607 * address. */
619 }
621 }
625 }
630 /* call this even if failure_code is <0, since some certs might have
631 * succeeded, but only pass source_dir if there were no failures,
632 * and at least one more authority certificate was added to the store.
633 * This avoids retrying a directory that's serving bad or entirely duplicate
634 * certificates. */
639 }
642 }
644 /** Save all v3 key certificates to the cached-certs file. */
645 void
647 {
657 {
662 });
668 }
674 }
676 static int
678 {
685 else
687 }
689 /** Remove all expired v3 authority certificates that have been superseded for
690 * more than 48 hours or, if not expired, that were published more than 7 days
691 * before being superseded. (If the most recent cert was published more than 48
692 * hours ago, then we aren't going to get any consensuses signed with older
693 * keys.) */
694 static void
696 {
698 #define DEAD_CERT_LIFETIME (2*24*60*60)
699 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
704 /* Sort the list from first-published to last-published */
709 /* This is the most recently published cert. Keep it. */
711 }
715 /* All later certs are published in the future. Keep everything
716 * we didn't discard. */
718 }
721 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
722 * Remove it. */
725 /* Certificate has been superseded for OLD_CERT_LIFETIME.
726 * Remove it.
727 */
729 }
734 }
738 #undef DEAD_CERT_LIFETIME
739 #undef OLD_CERT_LIFETIME
742 }
744 /** Return the newest v3 authority certificate whose v3 authority identity key
745 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
746 * or it has no certificate. */
747 authority_cert_t *
749 {
757 {
760 });
762 }
764 /** Return the newest v3 authority certificate whose directory signing key has
765 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
766 */
767 authority_cert_t *
769 {
783 {
786 });
789 }
791 /** Return the v3 authority certificate with signing key matching
792 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
793 * Return NULL if no such authority is known. */
794 authority_cert_t *
797 {
807 }
809 /** Add every known authority_cert_t to <b>certs_out</b>. */
810 void
812 {
821 }
823 /** Called when an attempt to download a certificate with the authority with
824 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
825 * fails with HTTP response code <b>status</b>: remember the failure, so we
826 * don't try again immediately. */
827 void
830 {
840 /*
841 * Are we noting a failed download of the latest cert for the id digest,
842 * or of a download by (id, signing key) digest pair?
843 */
845 /* Just by id digest */
848 /* Reset by (id, signing key) digest pair
849 *
850 * Look for a download_status_t in the map with this digest
851 */
853 /* Got one? */
857 /*
858 * Do this rather than hex_str(), since hex_str clobbers
859 * old results and we call twice in the param list.
860 */
866 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
869 }
870 }
871 }
884 NULL,
885 };
887 /** Return true iff <b>cert</b> authenticates some atuhority signing key
888 * which, because of the old openssl heartbleed vulnerability, should
889 * never be trusted. */
890 int
892 {
901 }
902 }
904 }
906 /** Return true iff when we've been getting enough failures when trying to
907 * download the certificate with ID digest <b>id_digest</b> that we're willing
908 * to start bugging the user about it. */
909 int
911 {
912 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
921 }
923 /* Fetch the authority certificates specified in resource.
924 * If we are a bridge client, and node is a configured bridge, fetch from node
925 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
926 * rs. Otherwise, fetch from a random directory mirror. */
927 static void
932 {
935 resource);
937 /* Make sure bridge clients never connect to anything but a bridge */
940 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
943 /* If we're using bridges, and there's no node, use a 3-hop path. */
945 }
946 }
952 /* If we've just downloaded a consensus from a bridge, re-use that
953 * bridge */
955 /* clients always make OR connections to bridges */
956 tor_addr_port_t or_ap;
957 /* we are willing to use a non-preferred address if we need to */
966 /* And if we've just downloaded a consensus from a directory, re-use that
967 * directory */
970 }
973 /* We've set up a request object -- fill in the other request fields, and
974 * send the request. */
980 }
982 /* Otherwise, we want certs from a random fallback or directory
983 * mirror, because they will almost always succeed. */
986 DL_WANT_ANY_DIRSERVER);
987 }
989 /** Try to download any v3 authority certificates that we may be missing. If
990 * <b>status</b> is provided, try to get all the ones that were used to sign
991 * <b>status</b>. Additionally, try to have a non-expired certificate for
992 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
993 * already have.
994 *
995 * If dir_hint is non-NULL, it's the identity digest for a directory that
996 * we've just successfully retrieved a consensus or certificates from, so try
997 * it first to fetch any missing certificates.
998 **/
999 void
1002 {
1003 /*
1004 * The pending_id digestmap tracks pending certificate downloads by
1005 * identity digest; the pending_cert digestmap tracks pending downloads
1006 * by (identity digest, signing key digest) pairs.
1007 */
1010 /*
1011 * The missing_id_digests smartlist will hold a list of id digests
1012 * we want to fetch the newest cert for; the missing_cert_digests
1013 * smartlist will hold a list of fp_pair_t with an identity and
1014 * signing key digest.
1015 */
1033 /*
1034 * First, we get the lists of already pending downloads so we don't
1035 * duplicate effort.
1036 */
1041 /*
1042 * Now, we download any trusted authority certs we don't have by
1043 * identity digest only. This gets the latest cert for that authority.
1044 */
1055 /* It's not expired, and we weren't looking for something to
1056 * verify a consensus with. Call it done. */
1058 /* No sense trying to download it specifically by signing key hash */
1062 }
1069 "No current certificate known for authority %s "
1073 }
1076 /*
1077 * Next, if we have a consensus, scan through it and look for anything
1078 * signed with a key from a cert we don't have. Those get downloaded
1079 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1080 * (identity digest), and it's one of the trusted dir server certs
1081 * we started off above or a pending download in pending_id, don't
1082 * try to get it yet. Most likely, the one we'll get for that will
1083 * have the right signing key too, and we'd just be downloading
1084 * redundantly.
1085 */
1088 voter) {
1091 * go looking for a cert with key digest 0000000000. */
1095 * authority.*/
1097 /*
1098 * If we don't know *any* cert for this authority, and a download by ID
1099 * is pending or we added it to missing_id_digests above, skip this
1100 * one for now to avoid duplicate downloads.
1101 */
1104 /* We have no certs at all for this one */
1106 /* Do we have a download of one pending? */
1110 /*
1111 * Are we about to launch a download of one due to the trusted
1112 * dir server check above?
1113 */
1117 }
1127 }
1134 /*
1135 * Do this rather than hex_str(), since hex_str clobbers
1136 * old results and we call twice in the param list.
1137 */
1145 "We're missing a certificate from authority %s "
1146 "(ID digest %s) with signing key %s: "
1151 "We're missing a certificate from authority ID digest "
1154 }
1156 /* Allocate a new fp_pair_t to append */
1162 }
1165 }
1167 /* Bridge clients look up the node for the dir_hint */
1169 /* All clients, including bridge clients, look up the routerstatus for the
1170 * dir_hint */
1173 /* If we still need certificates, try the directory that just successfully
1174 * served us a consensus or certificates.
1175 * As soon as the directory fails to provide additional certificates, we try
1176 * another, randomly selected directory. This avoids continual retries.
1177 * (We only ever have one outstanding request per certificate.)
1178 */
1181 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1182 * or something else fetched over tor, we won't find the node here, but
1183 * we will find the rs. */
1185 }
1187 /* All clients try the consensus routerstatus, then the fallback
1188 * routerstatus */
1191 /* This will also find authorities */
1193 dir_hint);
1196 }
1197 }
1204 }
1205 }
1207 /* Do downloads by identity digest */
1226 /* No need for tor_asprintf() in this case; first one gets no '+' */
1229 }
1236 /* node and rs are directories that just gave us a consensus or
1237 * certificates */
1240 }
1241 /* else we didn't add any: they were all pending */
1245 }
1247 /* Do downloads by identity digest/signing key pair */
1260 /* Construct string encodings of the digests */
1266 /* Now tor_asprintf() */
1270 /* First one in the list doesn't get a '+' */
1273 }
1275 /* Add it to the list of pairs to request */
1281 /* node and rs are directories that just gave us a consensus or
1282 * certificates */
1285 }
1286 /* else they were all pending */
1290 }
1297 }
1299 /* Router descriptor storage.
1300 *
1301 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1302 * routerdescs arrive, we append them to a journal file named
1303 * "cached-descriptors.new".
1304 *
1305 * From time to time, we replace "cached-descriptors" with a new file
1306 * containing only the live, non-superseded descriptors, and clear
1307 * cached-routers.new.
1308 *
1309 * On startup, we read both files.
1310 */
1312 /** Helper: return 1 iff the router log is so big we want to rebuild the
1313 * store. */
1314 static int
1316 {
1320 else
1322 }
1324 /** Return the desc_store_t in <b>rl</b> that should be used to store
1325 * <b>sd</b>. */
1328 {
1331 else
1333 }
1335 /** Add the signed_descriptor_t in <b>desc</b> to the router
1336 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1337 * offset appropriately. */
1338 static int
1341 {
1350 }
1358 }
1360 /** Sorting helper: return <0, 0, or >0 depending on whether the
1361 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1362 * the signed_descriptor_t* in *<b>b</b>. */
1363 static int
1365 {
1368 }
1370 #define RRS_FORCE 1
1371 #define RRS_DONT_REMOVE_OLD 2
1373 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1374 * <b>flags</b>, then atomically replace the saved router store with the
1375 * routers currently in our routerlist, and clear the journal. Unless
1376 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1377 * rebuilding the store. Return 0 on success, -1 on failure.
1378 */
1379 static int
1381 {
1395 }
1399 }
1403 else
1407 /* Don't save deadweight. */
1418 /* We sort the routers by age to enhance locality on disk. */
1429 }
1435 }
1439 /* Now, add the appropriate members to chunk_list */
1446 }
1450 }
1461 }
1463 /* Our mmap is now invalid. */
1469 }
1470 }
1475 }
1481 /* empty store.*/
1487 "okay if we're just starting up after a long time. "
1489 }
1492 }
1493 }
1505 }
1518 done:
1525 }
1528 }
1530 /** Helper: Reload a cache file and its associated journal, setting metadata
1531 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1532 * else reload the router descriptor store. */
1533 static int
1535 {
1544 /* get rid of it first */
1551 }
1552 }
1561 else
1565 }
1569 /* don't load empty files - we wouldn't get any data, even if we tried */
1576 else
1581 }
1586 /* Always clear the journal on startup.*/
1589 /* Don't cache expired routers. (This is in an else because
1590 * router_rebuild_store() also calls remove_old_routers().) */
1592 }
1595 }
1597 /** Load all cached router descriptors and extra-info documents from the
1598 * store. Return 0 on success and -1 on failure.
1599 */
1600 int
1602 {
1609 }
1611 /** Return a smartlist containing a list of dir_server_t * for all
1612 * known trusted dirservers. Callers must not modify the list or its
1613 * contents.
1614 */
1617 {
1622 }
1626 {
1631 }
1633 /** Try to find a running dirserver that supports operations of <b>type</b>.
1634 *
1635 * If there are no running dirservers in our routerlist and the
1636 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1637 * (including authorities) as running again, and pick one.
1638 *
1639 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1640 * dirservers that we can't reach.
1641 *
1642 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1643 * (if we're a dirserver).
1644 *
1645 * Don't pick a fallback directory mirror if any non-fallback is viable;
1646 * (the fallback directory mirrors include the authorities)
1647 * try to avoid using servers that have returned 503 recently.
1648 */
1651 {
1663 /* If the reason that we got no server is that servers are "busy",
1664 * we must be excluding good servers because we already have serverdesc
1665 * fetches with them. Do not mark down servers up because of this. */
1667 PDS_NO_EXISTING_MICRODESC_FETCH)));
1669 }
1672 "No reachable router entries for dirservers. "
1674 /* mark all fallback directory mirrors as up again */
1676 /* try again */
1679 }
1681 /** Return the dir_server_t for the directory authority whose identity
1682 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1683 */
1684 dir_server_t *
1686 {
1691 {
1694 });
1697 }
1699 /** Return the dir_server_t for the fallback dirserver whose identity
1700 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1701 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1702 * and UseDefaultFallbackDirs torrc options.)
1703 * The list of fallback directories includes the list of authorities.
1704 */
1705 dir_server_t *
1707 {
1715 {
1718 });
1721 }
1723 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1724 * or 0 if no such fallback is in the list of fallback_dir_servers.
1725 * (fallback_dir_servers is affected by the FallbackDir and
1726 * UseDefaultFallbackDirs torrc options.)
1727 * The list of fallback directories includes the list of authorities.
1728 */
1729 int
1731 {
1733 }
1735 /** Return the dir_server_t for the directory authority whose
1736 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1737 * is known.
1738 */
1741 {
1746 {
1750 });
1753 }
1755 /** Try to find a running directory authority. Flags are as for
1756 * router_pick_directory_server.
1757 */
1760 {
1762 }
1764 /** Try to find a running fallback directory. Flags are as for
1765 * router_pick_directory_server.
1766 */
1769 {
1771 }
1773 /** Try to find a running fallback directory. Flags are as for
1774 * router_pick_directory_server.
1775 */
1779 {
1787 /* If the reason that we got no server is that servers are "busy",
1788 * we must be excluding good servers because we already have serverdesc
1789 * fetches with them. Do not mark down servers up because of this. */
1791 PDS_NO_EXISTING_MICRODESC_FETCH)));
1793 }
1799 }
1801 /* Check if we already have a directory fetch from ap, for serverdesc
1802 * (including extrainfo) or microdesc documents.
1803 * If so, return 1, if not, return 0.
1804 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1805 */
1806 STATIC int
1809 {
1812 }
1814 /* XX/teor - we're not checking tunnel connections here, see #17848
1815 */
1822 }
1828 }
1831 }
1833 /* Check if we already have a directory fetch from the ipv4 or ipv6
1834 * router, for serverdesc (including extrainfo) or microdesc documents.
1835 * If so, return 1, if not, return 0.
1836 */
1837 static int
1843 {
1846 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1854 }
1856 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1857 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1858 #endif
1860 /* Log a message if rs is not found or not a preferred address */
1861 static void
1863 {
1868 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1869 /* Don't log early in the bootstrap process, it's normal to pick from a
1870 * small pool of nodes. Of course, this won't help if we're trying to
1871 * diagnose bootstrap issues. */
1875 }
1878 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1879 * Sometimes this is normal, sometimes it can be a reachability issue. */
1881 /* This happens a lot, so it's at debug level */
1883 "we couldn't find a directory that fit our criteria. "
1887 ) {
1888 /* This is rare, and might be interesting to users trying to diagnose
1889 * connection issues on dual-stack machines. */
1891 "addresses for launching an outgoing connection: "
1897 }
1898 }
1900 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1902 /** How long do we avoid using a directory server after it's given us a 503? */
1903 #define DIR_503_TIMEOUT (60*60)
1905 /* Common retry code for router_pick_directory_server_impl and
1906 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1907 * Must be called before RETRY_WITHOUT_EXCLUDE().
1908 *
1909 * If we got no result, and we are applying IP preferences, and we are a
1910 * client that could use an alternate IP version, try again with the
1911 * opposite preferences. */
1912 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1913 STMT_BEGIN \
1914 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1915 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1916 && !n_busy) { \
1917 n_excluded = 0; \
1918 n_busy = 0; \
1919 try_ip_pref = 0; \
1920 goto retry_label; \
1921 } \
1922 STMT_END \
1924 /* Common retry code for router_pick_directory_server_impl and
1925 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1926 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1927 *
1928 * If we got no result, and we are excluding nodes, and StrictNodes is
1929 * not set, try again without excluding nodes. */
1930 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1931 STMT_BEGIN \
1932 if (result == NULL && try_excluding && !options->StrictNodes \
1933 && n_excluded && !n_busy) { \
1934 try_excluding = 0; \
1935 n_excluded = 0; \
1936 n_busy = 0; \
1937 try_ip_pref = 1; \
1938 goto retry_label; \
1939 } \
1940 STMT_END
1942 /* Common code used in the loop within router_pick_directory_server_impl and
1943 * router_pick_trusteddirserver_impl.
1944 *
1945 * Check if the given <b>identity</b> supports extrainfo. If not, skip further
1946 * checks.
1947 */
1948 #define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \
1949 STMT_BEGIN \
1950 int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \
1951 (identity), EXTRAINFO_DIRINFO); \
1952 if (((type) & EXTRAINFO_DIRINFO) && \
1953 !router_supports_extrainfo((identity), is_trusted_extrainfo)) \
1954 continue; \
1955 STMT_END
1957 /* When iterating through the routerlist, can OR address/port preference
1958 * and reachability checks be skipped?
1959 */
1960 int
1962 {
1963 /* Servers always have and prefer IPv4.
1964 * And if clients are checking against the firewall for reachability only,
1965 * but there's no firewall, don't bother checking */
1967 }
1969 /* When iterating through the routerlist, can Dir address/port preference
1970 * and reachability checks be skipped?
1971 */
1972 static int
1974 {
1975 /* Servers always have and prefer IPv4.
1976 * And if clients are checking against the firewall for reachability only,
1977 * but there's no firewall, don't bother checking */
1979 }
1981 /** Pick a random running valid directory server/mirror from our
1982 * routerlist. Arguments are as for router_pick_directory_server(), except:
1983 *
1984 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1985 * directories that we excluded for no other reason than
1986 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1987 */
1991 {
2009 retry_search:
2022 /* Find all the running dirservers we know about. */
2040 country)) {
2043 }
2048 no_serverdesc_fetching,
2049 no_microdesc_fetching)) {
2052 }
2057 /* Clients use IPv6 addresses if the server has one and the client
2058 * prefers IPv6.
2059 * Add the router if its preferred address and port are reachable.
2060 * If we don't get any routers, we'll try again with the non-preferred
2061 * address for each router (if any). (To ensure correct load-balancing
2062 * we try routers that only have one address both times.)
2063 */
2066 try_ip_pref))
2071 try_ip_pref)))
2080 WEIGHT_FOR_DIR);
2082 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2083 * yet. Maybe one day we should. */
2084 /* FFFF We also don't load balance over authorities yet. I think this
2085 * is a feature, but it could easily be a bug. -RD */
2091 WEIGHT_FOR_DIR);
2094 }
2112 }
2114 /** Pick a random element from a list of dir_server_t, weighting by their
2115 * <b>weight</b> field. */
2118 {
2132 }
2139 }
2141 /** Choose randomly from among the dir_server_ts in sourcelist that
2142 * are up. Flags are as for router_pick_directory_server_impl().
2143 */
2148 {
2169 retry_search:
2181 {
2197 }
2202 no_serverdesc_fetching,
2203 no_microdesc_fetching)) {
2206 }
2208 /* Clients use IPv6 addresses if the server has one and the client
2209 * prefers IPv6.
2210 * Add the router if its preferred address and port are reachable.
2211 * If we don't get any routers, we'll try again with the non-preferred
2212 * address for each router (if any). (To ensure correct load-balancing
2213 * we try routers that only have one address both times.)
2214 */
2217 try_ip_pref))
2221 try_ip_pref)))
2223 }
2234 }
2236 {
2242 }
2258 }
2260 /** Mark as running every dir_server_t in <b>server_list</b>. */
2261 static void
2263 {
2276 }
2278 }
2280 }
2282 /** Return true iff r1 and r2 have the same address and OR port. */
2283 int
2285 {
2289 }
2291 /** Reset all internal variables used to count failed downloads of network
2292 * status objects. */
2293 void
2295 {
2297 }
2299 /** Given a <b>router</b>, add every node_t in its family (including the
2300 * node itself!) to <b>sl</b>.
2301 *
2302 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2303 * to the smartlist!
2304 */
2305 static void
2307 {
2308 /* XXXX MOVE ? */
2309 node_t fake_node;
2316 }
2318 }
2320 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2321 * we can pick a node for a circuit.
2322 */
2323 void
2328 {
2330 pref_addr);
2331 /* XXXX MOVE */
2341 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2344 /* Don't choose nodes if we are certain they can't do ntor. */
2347 /* Choose a node with an OR address that matches the firewall rules */
2350 FIREWALL_OR_CONNECTION,
2351 pref_addr))
2356 }
2358 /** Look through the routerlist until we find a router that has my key.
2359 Return it. */
2362 {
2367 {
2370 });
2372 }
2374 /** Return the smaller of the router's configured BandwidthRate
2375 * and its advertised capacity. */
2376 uint32_t
2378 {
2382 }
2384 /** Do not weight any declared bandwidth more than this much when picking
2385 * routers by bandwidth. */
2388 /** Return the smaller of the router's configured BandwidthRate
2389 * and its advertised capacity, capped by max-believe-bw. */
2390 uint32_t
2392 {
2399 }
2401 /** Given an array of double/uint64_t unions that are currently being used as
2402 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2403 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2404 * the sum of all elements in the array _before_ scaling. */
2405 STATIC void
2409 {
2420 }
2427 }
2429 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2430 * choosing each element with a probability proportional to its (uint64_t)
2431 * value, and return the index of that element. If all elements are 0, choose
2432 * an index at random. Return -1 on error.
2433 */
2434 STATIC int
2436 {
2456 }
2458 /** When weighting bridges, enforce these values as lower and upper
2459 * bound for believable bandwidth, because there is no way for us
2460 * to verify a bridge's bandwidth currently. */
2464 /** Return the smaller of the router's configured BandwidthRate
2465 * and its advertised capacity, making sure to stay within the
2466 * interval between bridge-min-believe-bw and
2467 * bridge-max-believe-bw. */
2468 static uint32_t
2470 {
2479 }
2481 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2482 * INT32_MAX. */
2485 {
2487 }
2489 /** Helper function:
2490 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2491 * the advertised bandwidth of each element using the consensus
2492 * bandwidth weights.
2493 *
2494 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2495 * nodes' bandwidth equally regardless of their Exit status, since there may
2496 * be some in the list because they exit to obscure ports. If
2497 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2498 * exit-node's bandwidth less depending on the smallness of the fraction of
2499 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2500 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2501 * guards proportionally less.
2502 */
2505 bandwidth_weight_rule_t rule)
2506 {
2517 {
2523 }
2524 }
2526 /** Given a list of routers and a weighting rule as in
2527 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2528 * values for each node and store them in a freshly allocated
2529 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2530 * as doubles. If <b>total_bandwidth_out</b> is non-NULL, set it to the total
2531 * of all the bandwidths.
2532 * Return 0 on success, -1 on failure. */
2533 static int
2535 bandwidth_weight_rule_t rule,
2538 {
2542 guardfraction_bandwidth_t guardfraction_bw;
2549 /* Can't choose exit and guard at same time */
2560 }
2564 "Empty routerlist passed in to consensus weight node "
2568 }
2593 // Guards CAN be exits if they have weird exit policies
2594 // They are d then I guess...
2614 }
2619 "Got negative bandwidth weights. Defaulting to naive selection"
2623 }
2637 // Cycle through smartlist and total the bandwidth.
2649 /* This should never happen, unless all the authorites downgrade
2650 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2653 "Consensus is missing some bandwidths. Using a naive "
2656 }
2660 }
2662 /* bridge or other descriptor not in our consensus */
2665 /* We can't use this one. */
2667 }
2679 }
2680 /* These should be impossible; but overflows here would be bad, so let's
2681 * make sure. */
2689 /* If guardfraction information is available in the consensus, we
2690 * want to calculate this router's bandwidth according to its
2691 * guardfraction. Quoting from proposal236:
2692 *
2693 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2694 * client would apply to N for position p if it had the guard
2695 * flag, Wpn the weight if it did not have the guard flag, and B the
2696 * measured bandwidth of N in the consensus. Then instead of choosing
2697 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2698 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2699 */
2701 /* XXX The assert should actually check for is_guard. However,
2702 * that crashes dirauths because of #13297. This should be
2703 * equivalent: */
2707 this_bw,
2710 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2711 final_weight =
2720 }
2727 "on weights "
2736 }
2739 }
2741 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2742 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2743 * descriptors. */
2744 double
2746 bandwidth_weight_rule_t rule)
2747 {
2759 n_with_descs++;
2760 });
2762 }
2773 }
2775 /** Choose a random element of status list <b>sl</b>, weighted by
2776 * the advertised bandwidth of each node */
2779 bandwidth_weight_rule_t rule)
2782 }
2784 /** Return a random running node from the nodelist. Never
2785 * pick a node that is in
2786 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2787 * even if they are the only nodes available.
2788 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2789 * a minimum uptime, return one of those.
2790 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2791 * advertised capacity of each router.
2792 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2793 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2794 * picking an exit node, otherwise we weight bandwidths for picking a relay
2795 * node (that is, possibly discounting exit nodes).
2796 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2797 * have a routerinfo or microdescriptor -- that is, enough info to be
2798 * used to build a circuit.
2799 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2800 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2801 * (regardless of this flag, we exclude nodes that aren't allowed by the
2802 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2803 */
2807 router_crn_flags_t flags)
2822 bandwidth_weight_rule_t rule;
2830 /* Exclude relays that allow single hop exit circuits. This is an
2831 * obsolete option since 0.2.9.2-alpha and done by default in
2832 * 0.3.1.0-alpha. */
2836 /* Exclude relays that do not support to rendezvous for a hidden service
2837 * version 3. */
2839 }
2847 direct_conn);
2864 }
2870 }
2872 // Always weight by bandwidth
2877 /* try once more -- recurse but with fewer restrictions. */
2879 "We couldn't find any live%s%s%s routers; falling back "
2885 CRN_PREF_ADDR);
2888 }
2893 }
2895 }
2897 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2898 * Return 0 on success, -1 on failure. Store the result into the
2899 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2900 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2901 * at <b>nickname_out</b>.
2902 *
2903 * The recognized format is:
2904 * HexName = Dollar? HexDigest NamePart?
2905 * Dollar = '?'
2906 * HexDigest = HexChar*20
2907 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2908 * NamePart = QualChar Name
2909 * QualChar = '=' | '~'
2910 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2911 * NameChar = Any ASCII alphanumeric character
2912 */
2913 int
2918 {
2934 ;
2937 }
2943 }
2945 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2946 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2947 * (which is optionally prefixed with a single dollar sign). Return false if
2948 * <b>hexdigest</b> is malformed, or it doesn't match. */
2949 int
2952 {
2962 }
2969 }
2972 }
2974 /** Return true iff <b>digest</b> is the digest of the identity key of a
2975 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2976 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2977 int
2979 {
2987 });
2989 }
2991 /** If hexdigest is correctly formed, base16_decode it into
2992 * digest, which must have DIGEST_LEN space in it.
2993 * Return 0 on success, -1 on failure.
2994 */
2995 int
2997 {
3004 }
3006 /** As router_get_by_id_digest,but return a pointer that you're allowed to
3007 * modify */
3008 routerinfo_t *
3010 {
3015 // routerlist_assert_ok(routerlist);
3018 }
3020 /** Return the router in our routerlist whose 20-byte key digest
3021 * is <b>digest</b>. Return NULL if no such router is known. */
3024 {
3026 }
3028 /** Return the router in our routerlist whose 20-byte descriptor
3029 * is <b>digest</b>. Return NULL if no such router is known. */
3030 signed_descriptor_t *
3032 {
3038 }
3040 /** Return the signed descriptor for the router in our routerlist whose
3041 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3042 * is known. */
3045 {
3051 }
3053 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3054 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3055 * document is known. */
3058 {
3064 }
3066 /** Return a pointer to the signed textual representation of a descriptor.
3067 * The returned string is not guaranteed to be NUL-terminated: the string's
3068 * length will be in desc-\>signed_descriptor_len.
3069 *
3070 * If <b>with_annotations</b> is set, the returned string will include
3071 * the annotations
3072 * (if any) preceding the descriptor. This will increase the length of the
3073 * string by desc-\>annotations_len.
3074 *
3075 * The caller must not free the string returned.
3076 */
3080 {
3086 else
3097 "mmaped in our cache. Is another process running in our data "
3100 }
3101 }
3114 }
3115 }
3118 }
3120 /** Return a pointer to the signed textual representation of a descriptor.
3121 * The returned string is not guaranteed to be NUL-terminated: the string's
3122 * length will be in desc-\>signed_descriptor_len.
3123 *
3124 * The caller must not free the string returned.
3125 */
3128 {
3130 }
3132 /** As signed_descriptor_get_body(), but points to the beginning of the
3133 * annotations section rather than the beginning of the descriptor. */
3136 {
3138 }
3140 /** Return the current list of all known routers. */
3141 routerlist_t *
3143 {
3161 }
3163 }
3165 /** Free all storage held by <b>router</b>. */
3166 void
3168 {
3186 }
3193 }
3195 /** Release all storage held by <b>extrainfo</b> */
3196 void
3198 {
3207 }
3209 /** Release storage held by <b>sd</b>. */
3210 static void
3212 {
3221 }
3223 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3224 * memory inside the object and by zeroing its content. */
3225 static void
3227 {
3232 }
3234 /** Copy src into dest, and steal all references inside src so that when
3235 * we free src, we don't mess up dest. */
3236 static void
3239 {
3241 /* Cleanup destination object before overwriting it.*/
3247 }
3249 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3250 * routerinfo.
3251 */
3254 {
3261 }
3263 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3264 static void
3266 {
3268 }
3270 /** Free all storage held by a routerlist <b>rl</b>. */
3271 void
3273 {
3290 }
3291 }
3296 }
3297 }
3301 }
3303 /** Log information about how much memory is being used for routerlist,
3304 * at log level <b>severity</b>. */
3305 void
3307 {
3322 }
3324 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3325 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3326 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3327 * is not in <b>sl</b>. */
3330 {
3337 });
3341 };
3343 }
3345 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3346 * as needed. There must be no previous member of <b>rl</b> with the same
3347 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3348 * instead.
3349 */
3350 static void
3352 {
3355 {
3358 }
3374 }
3378 }
3387 #ifdef DEBUG_ROUTERLIST
3389 #endif
3390 }
3392 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3393 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3394 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3397 {
3398 was_router_added_t r;
3407 {
3410 }
3413 /* This router is unknown; we can't even verify the signature. Give up.*/
3416 }
3418 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3425 }
3429 /* The sd we got from the map doesn't match the digest we used to look
3430 * it up. This makes no sense. */
3435 }
3446 "router info incompatible with extra info (ri id: %s, ei id %s, "
3450 }
3452 /* Okay, if we make it here, we definitely have a router corresponding to
3453 * this extrainfo. */
3457 ei);
3463 }
3465 done:
3469 #ifdef DEBUG_ROUTERLIST
3471 #endif
3473 }
3475 #define should_cache_old_descriptors() \
3476 directory_caches_dir_info(get_options())
3478 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3479 * a copy of router <b>ri</b> yet, add it to the list of old (not
3480 * recommended but still served) descriptors. Else free it. */
3481 static void
3483 {
3484 {
3487 }
3502 }
3503 #ifdef DEBUG_ROUTERLIST
3505 #endif
3506 }
3508 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3509 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl->routers,
3510 * idx) == ri, we don't need to do a linear search over the list to decide
3511 * which to remove. We fill the gap in rl->routers with a later element in
3512 * the list, if any exists. <b>ri</b> is freed.
3513 *
3514 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3515 * it to rl->old_routers. */
3516 void
3518 {
3527 /* make sure the rephist module knows that it's not running */
3535 }
3562 }
3566 }
3567 #ifdef DEBUG_ROUTERLIST
3569 #endif
3570 }
3572 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3573 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3574 * <b>sd</b>. */
3575 static void
3577 {
3583 }
3585 /* XXXX edmanm's bridge relay triggered the following assert while
3586 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3587 * can get a backtrace. */
3596 }
3610 }
3615 #ifdef DEBUG_ROUTERLIST
3617 #endif
3618 }
3620 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3621 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3622 * smartlist_get(rl->routers, idx) == ri, we don't need to do a linear
3623 * search over the list to decide which to remove. We put ri_new in the same
3624 * index as ri_old, if possible. ri is freed as appropriate.
3625 *
3626 * If should_cache_descriptors() is true, instead of deleting the router,
3627 * we add it to rl->old_routers. */
3628 static void
3631 {
3637 {
3640 }
3648 {
3652 }
3659 /* Check that ri_old is not in rl->routers anymore: */
3665 }
3668 /* digests don't match; digestmap_set won't replace */
3670 }
3681 }
3685 DIGEST_LEN);
3690 /* ri_old is going to become a signed_descriptor_t and go into
3691 * old_routers */
3699 /* We're dropping ri_old. */
3701 /* digests don't match; The sdmap_set above didn't replace */
3713 }
3714 }
3719 }
3720 }
3723 }
3724 #ifdef DEBUG_ROUTERLIST
3726 #endif
3727 }
3729 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3730 * it as a fresh routerinfo_t. */
3733 {
3749 }
3751 /** Free all memory held by the routerlist module.
3752 * Note: Calling routerlist_free_all() should always be paired with
3753 * a call to nodelist_free_all(). These should only be called during
3754 * cleanup.
3755 */
3756 void
3758 {
3765 }
3773 }
3774 }
3776 /** Forget that we have issued any router-related warnings, so that we'll
3777 * warn again if we see the same errors. */
3778 void
3780 {
3787 }
3789 /** Return 1 if the signed descriptor of this router is older than
3790 * <b>seconds</b> seconds. Otherwise return 0. */
3793 {
3795 }
3797 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3798 * older entries (if any) with the same key. Note: Callers should not hold
3799 * their pointers to <b>router</b> if this function fails; <b>router</b>
3800 * will either be inserted into the routerlist or freed. Similarly, even
3801 * if this call succeeds, they should not hold their pointers to
3802 * <b>router</b> after subsequent calls with other routerinfo's -- they
3803 * might cause the original routerinfo to get freed.
3804 *
3805 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3806 * the poster of the router to know something.
3807 *
3808 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3809 * <b>from_fetch</b>, we received it in response to a request we made.
3810 * (If both are false, that means it was uploaded to us as an auth dir
3811 * server or via the controller.)
3812 *
3813 * This function should be called *after*
3814 * routers_update_status_from_consensus_networkstatus; subsequently, you
3815 * should call router_rebuild_store and routerlist_descriptors_added.
3816 */
3817 was_router_added_t
3820 {
3839 /* Make sure that it isn't expired. */
3844 }
3846 /* Make sure that we haven't already got this exact descriptor. */
3849 /* If we have this descriptor already and the new descriptor is a bridge
3850 * descriptor, replace it. If we had a bridge descriptor before and the
3851 * new one is not a bridge descriptor, don't replace it. */
3853 /* Only members of routerlist->identity_map can be bridges; we don't
3854 * put bridges in old_routers. */
3871 }
3872 }
3881 }
3883 /* Only check the descriptor digest against the network statuses when
3884 * we are receiving in response to a fetch. */
3888 /* We asked for it, so some networkstatus must have listed it when we
3889 * did. Save it if we're a cache in case somebody else asks for it. */
3895 /* Only journal this desc if we want to keep old descriptors */
3901 }
3902 }
3904 /* We no longer need a router with this descriptor digest. */
3910 DIGEST_LEN)) {
3912 }
3913 }
3917 /* If it's a general router not listed in the consensus, then don't
3918 * consider replacing the latest router with it. */
3925 }
3927 /* If we're reading a bridge descriptor from our cache, and we don't
3928 * recognize it as one of our currently configured bridges, drop the
3929 * descriptor. Otherwise we could end up using it as one of our entry
3930 * guards even if it isn't in our Bridge config lines. */
3940 }
3942 /* If we have a router with the same identity key, choose the newer one. */
3946 /* Same key, but old. This one is not listed in the consensus. */
3949 /* Only journal this desc if we'll be serving it. */
3957 /* Same key, and either new, or listed in the consensus. */
3964 }
3969 }
3970 }
3977 }
3979 /* We haven't seen a router with this identity before. Add it to the end of
3980 * the list. */
3985 }
3987 }
3989 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
3990 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
3991 * we actually inserted it, ROUTER_BAD_EI otherwise.
3992 */
3993 was_router_added_t
3996 {
3997 was_router_added_t inserted;
4000 /*XXXX Do something with msg */
4009 }
4011 /** Sorting helper: return <0, 0, or >0 depending on whether the
4012 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4013 * to, or later than that of *<b>b</b>. */
4014 static int
4016 {
4022 }
4024 /** Internal type used to represent how long an old descriptor was valid,
4025 * where it appeared in the list of old descriptors, and whether it's extra
4026 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4031 };
4033 /** Sorting helper: compare two duration_idx_t by their duration. */
4034 static int
4036 {
4040 }
4042 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4043 * must contain routerinfo_t with the same identity and with publication time
4044 * in ascending order. Remove members from this range until there are no more
4045 * than max_descriptors_per_router() remaining. Start by removing the oldest
4046 * members from before <b>cutoff</b>, then remove members which were current
4047 * for the lowest amount of time. The order of members of old_routers at
4048 * indices <b>lo</b> or higher may be changed.
4049 */
4050 static void
4054 {
4060 #if 1
4068 }
4070 /* Check whether we need to do anything at all. */
4071 {
4076 }
4081 /* Set lifespans to contain the lifespan and index of each server. */
4082 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4090 }
4098 }
4103 }
4104 }
4107 /**
4108 * We aren't removing enough servers for being old. Sort lifespans by
4109 * the duration of liveness, and remove the ones we're not already going to
4110 * remove based on how long they were alive.
4111 **/
4117 }
4118 }
4119 }
4129 }
4131 /** Deactivate any routers from the routerlist that are more than
4132 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4133 * remove old routers from the list of cached routers if we have too many.
4134 */
4135 void
4137 {
4152 // routerlist_assert_ok(routerlist);
4154 /* We need to guess how many router descriptors we will wind up wanting to
4155 retain, so that we can be sure to allocate a large enough Bloom filter
4156 to hold the digest set. Overestimating is fine; underestimating is bad.
4157 */
4158 {
4159 /* We'll probably retain everything in the consensus. */
4162 }
4165 /* Retain anything listed in the consensus. */
4170 }
4172 /* If we have a consensus, we should consider pruning current routers that
4173 * are too old and that nobody recommends. (If we don't have a consensus,
4174 * then we should get one before we decide to kill routers.) */
4178 /* Remove too-old unrecommended members of routerlist->routers. */
4185 /* Too old: remove it. (If we're a cache, just move it into
4186 * old_routers.) */
4191 i--;
4192 }
4193 }
4194 }
4196 //routerlist_assert_ok(routerlist);
4198 /* Remove far-too-old members of routerlist->old_routers. */
4205 /* Too old. Remove it. */
4207 }
4208 }
4210 //routerlist_assert_ok(routerlist);
4216 /* Now we might have to look at routerlist->old_routers for extraneous
4217 * members. (We'd keep all the members if we could, but we need to save
4218 * space.) First, check whether we have too many router descriptors, total.
4219 * We're okay with having too many for some given router, so long as the
4220 * total number doesn't approach max_descriptors_per_router()*len(router).
4221 */
4226 /* Sort by identity, then fix indices. */
4228 /* Fix indices. */
4232 }
4234 /* Iterate through the list from back to front, so when we remove descriptors
4235 * we don't mess up groups we haven't gotten to. */
4241 }
4247 }
4248 }
4251 //routerlist_assert_ok(routerlist);
4253 done:
4257 }
4259 /** We just added a new set of descriptors. Take whatever extra steps
4260 * we need. */
4261 void
4263 {
4272 }
4274 }
4276 /**
4277 * Code to parse a single router descriptor and insert it into the
4278 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4279 * descriptor was well-formed but could not be added; and 1 if the
4280 * descriptor was added.
4281 *
4282 * If we don't add it and <b>msg</b> is not NULL, then assign to
4283 * *<b>msg</b> a static string describing the reason for refusing the
4284 * descriptor.
4285 *
4286 * This is used only by the controller.
4287 */
4288 int
4291 {
4293 was_router_added_t r;
4308 }
4315 }
4326 /* we've already assigned to *msg now, and ri is already freed */
4337 }
4338 }
4340 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4341 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4342 * are in response to a query to the network: cache them by adding them to
4343 * the journal.
4344 *
4345 * Return the number of routers actually added.
4346 *
4347 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4348 * uppercased fingerprints. Do not update any router whose
4349 * fingerprint is not on the list; after updating a router, remove its
4350 * fingerprint from the list.
4351 *
4352 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4353 * are descriptor digests. Otherwise they are identity digests.
4354 */
4355 int
4357 saved_location_t saved_location,
4361 {
4372 invalid_digests);
4379 was_router_added_t r;
4385 DIGEST_LEN);
4392 "We received a router descriptor with a fingerprint (%s) "
4398 }
4399 }
4404 any_changed++;
4415 }
4416 }
4420 /* This digest is never going to be parseable. */
4424 /* But we didn't ask for it, so we should assume shennanegans. */
4426 }
4428 }
4435 }
4449 }
4451 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4452 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4453 * router_load_routers_from_string(). */
4454 void
4456 saved_location_t saved_location,
4459 {
4473 was_router_added_t added =
4480 DIGEST_LEN);
4482 /* We silently let relays stuff us with extrainfos we didn't ask for,
4483 * so long as we would have wanted them anyway. Since we always fetch
4484 * all the extrainfos we want, and we never actually act on them
4485 * inside Tor, this should be harmless. */
4493 }
4494 }
4498 /* This digest is never going to be parseable. */
4503 /* But we didn't ask for it, so we should assume shennanegans. */
4505 }
4507 }
4514 }
4523 }
4525 /** Return true iff the latest ns-flavored consensus includes a descriptor
4526 * whose digest is that of <b>desc</b>. */
4527 static int
4529 {
4532 FLAV_NS);
4539 }
4541 }
4543 /** Update downloads for router descriptors and/or microdescriptors as
4544 * appropriate. */
4545 void
4547 {
4553 }
4555 /** Clear all our timeouts for fetching v3 directory stuff, and then
4556 * give it all a try again. */
4557 void
4559 {
4568 }
4570 /** Return true iff <b>router</b> does not permit exit streams.
4571 */
4572 int
4574 {
4576 }
4578 /** Create a directory server at <b>address</b>:<b>port</b>, with OR identity
4579 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4580 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4581 * the new directory server entry on success or NULL on failure. */
4590 dirinfo_type_t type,
4592 {
4604 else
4609 else
4629 }
4632 }
4641 else
4651 else
4658 }
4660 /** Create an authoritative directory server at
4661 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4662 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4663 * server entry on success or NULL if we couldn't add it. */
4664 dir_server_t *
4670 {
4672 tor_addr_t addr;
4680 "Couldn't find a suitable address when adding ourself as a "
4683 }
4690 address);
4692 }
4694 }
4699 ipv6_addrport,
4700 digest,
4704 }
4706 /** Return a new dir_server_t for a fallback directory server at
4707 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4708 * <b>id_digest</b> */
4709 dir_server_t *
4714 {
4716 addrport_ipv6,
4717 id_digest,
4719 }
4721 /** Add a directory server to the global list(s). */
4722 void
4724 {
4735 }
4737 /** Free storage held in <b>cert</b>. */
4738 void
4740 {
4749 }
4751 /** Free storage held in <b>ds</b>. */
4752 static void
4754 {
4762 }
4764 /** Remove all members from the list of dir servers. */
4765 void
4767 {
4774 }
4779 }
4781 }
4783 /** For every current directory connection whose purpose is <b>purpose</b>,
4784 * and where the resource being downloaded begins with <b>prefix</b>, split
4785 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4786 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4787 * corresponding elements of <b>result</b> to a nonzero value.
4788 */
4789 static void
4792 {
4810 }
4815 {
4818 });
4821 {
4824 });
4825 }
4827 }
4829 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4830 * true) we are currently downloading by descriptor digest, set result[d] to
4831 * (void*)1. */
4832 static void
4834 {
4838 }
4840 /** For every microdescriptor we are currently downloading by descriptor
4841 * digest, set result[d] to (void*)1.
4842 */
4843 void
4845 {
4847 }
4849 /** For every certificate we are currently downloading by (identity digest,
4850 * signing key digest) pair, set result[fp_pair] to (void *1).
4851 */
4852 static void
4854 {
4872 tmp);
4873 }
4882 }
4884 /** Launch downloads for all the descriptors whose digests or digests256
4885 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4886 * range.) If <b>source</b> is given, download from <b>source</b>;
4887 * otherwise, download from an appropriate random directory server.
4888 */
4893 {
4901 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4902 * 256-bit digests. */
4912 }
4930 digest_len);
4931 }
4933 }
4943 /* We know which authority or directory mirror we want. */
4952 }
4954 }
4956 /** Return the max number of hashes to put in a URL for a given request.
4957 */
4958 static int
4960 {
4961 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4962 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4963 * /tor/server/d/.z) == 4026
4964 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4965 * So use 96 because it's a nice number.
4966 *
4967 * For microdescriptors, the calculation is
4968 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4969 * /tor/micro/d/.z) == 4027
4970 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4971 * So use 90 because it's a nice number.
4972 */
4976 }
4977 /* If we're going to tunnel our connections, we can ask for a lot more
4978 * in a request. */
4981 }
4983 }
4985 /** Don't split our requests so finely that we are requesting fewer than
4986 * this number per server. (Grouping more than this at once leads to
4987 * diminishing returns.) */
4988 #define MIN_DL_PER_REQUEST 32
4989 /** To prevent a single screwy cache from confusing us by selective reply,
4990 * try to split our requests into at least this many requests. */
4991 #define MIN_REQUESTS 3
4992 /** If we want fewer than this many descriptors, wait until we
4993 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
4994 #define MAX_DL_TO_DELAY 16
4996 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
4997 * router descriptor digests or microdescriptor digest256s in
4998 * <b>downloadable</b>, decide whether to delay fetching until we have more.
4999 * If we don't want to delay, launch one or more requests to the appropriate
5000 * directory authorities.
5001 */
5002 void
5006 {
5026 descname);
5029 /* should delay */
5036 "There are not many downloadable %ss, but we've "
5038 descname,
5042 "There are not many downloadable %ss, but we haven't "
5044 descname);
5045 }
5046 }
5047 }
5050 /* If we wind up going to the authorities, we want to only open one
5051 * connection to each authority at a time, so that we don't overload
5052 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5053 * regardless of whether we're a cache or not.
5054 *
5055 * Setting this flag can make initiate_descriptor_downloads() ignore
5056 * requests. We need to make sure that we do in fact call
5057 * update_router_descriptor_downloads() later on, once the connections
5058 * have succeeded or failed.
5059 */
5061 PDS_NO_EXISTING_MICRODESC_FETCH :
5062 PDS_NO_EXISTING_SERVERDESC_FETCH;
5063 }
5073 }
5088 pds_flags);
5089 }
5091 }
5093 /** For any descriptor that we want that's currently listed in
5094 * <b>consensus</b>, download it as appropriate. */
5095 void
5098 {
5114 /* where's it from, so we know whom to ask for descriptors */
5121 else
5123 }
5137 /* We have a descriptor with this digest, but either there is no
5138 * entry in routerlist with the same ID (!ri), or there is one,
5139 * but the identity digest differs (memneq).
5140 */
5143 }
5145 }
5149 }
5154 }
5158 }
5163 }
5174 time_bufnew,
5177 }
5189 was_router_added_t r;
5194 }
5199 }
5202 }
5205 "%d router descriptors downloadable. %d delayed; %d present "
5206 "(%d of those were in old_routers); %d would_reject; "
5215 done:
5218 }
5220 /** How often should we launch a server/authority request to be sure of getting
5221 * a guess for our IP? */
5222 /*XXXX+ this info should come from netinfo cells or something, or we should
5223 * do this only when we aren't seeing incoming data. see bug 652. */
5224 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5226 /** As needed, launch a dummy router descriptor fetch to see if our
5227 * address has changed. */
5228 static void
5231 {
5233 /* XXXX+ we could be smarter here; see notes on bug 652. */
5234 /* If we're a server that doesn't have a configured address, we rely on
5235 * directory fetches to learn when our address changes. So if we haven't
5236 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5242 /* XX/teor - do we want an authority here, because they are less likely
5243 * to give us the wrong address? (See #17782)
5244 * I'm leaving the previous behaviour intact, because I don't like
5245 * the idea of some relays contacting an authority every 20 minutes. */
5248 PDS_RETRY_IF_NO_SERVERS,
5249 DL_WANT_ANY_DIRSERVER);
5250 }
5251 }
5253 /** Launch downloads for router status as needed. */
5254 void
5256 {
5265 }
5267 /** Launch extrainfo downloads as needed. */
5268 void
5270 {
5295 else
5307 }
5311 }
5316 }
5320 }
5333 "router_get_by_extrainfo_digest() value. This has ID %s "
5334 "but the entry in the map has ID %s. This has EI digest "
5344 "router_get_by_extrainfo_digest() value. This has ID %s "
5348 }
5351 }
5353 }
5354 }
5358 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5370 }
5373 }
5375 /** Reset the descriptor download failure count on all routers, so that we
5376 * can retry any long-failed routers immediately.
5377 */
5378 void
5380 {
5389 {
5391 });
5393 {
5395 });
5396 }
5398 /** Any changes in a router descriptor's publication time larger than this are
5399 * automatically non-cosmetic. */
5400 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5402 /** We allow uptime to vary from how much it ought to be by this much. */
5403 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5405 /** Return true iff the only differences between r1 and r2 are such that
5406 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5407 */
5408 int
5410 {
5415 /* r1 should be the one that was published first. */
5420 }
5422 /* If any key fields differ, they're different. */
5453 }
5454 }
5456 /* Did bandwidth change a lot? */
5461 /* Did the bandwidthrate or bandwidthburst change? */
5466 /* Did more than 12 hours pass? */
5471 /* Did uptime fail to increase by approximately the amount we would think,
5472 * give or take some slop? */
5481 /* Otherwise, the difference is cosmetic. */
5483 }
5485 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5486 * extrainfo document <b>ei</b>.
5487 *
5488 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5489 * for the router. We use it to check the signature of the extrainfo document,
5490 * if it has not already been checked.
5491 *
5492 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5493 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5494 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5495 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5496 * incompatibility (if any).
5497 *
5498 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5499 * but the extrainfo was nonetheless incompatible.
5500 **/
5501 int
5506 {
5515 }
5519 /* Set digest256_matches to 1 if the digest is correct, or if no
5520 * digest256 was in the ri. */
5523 digest256_matches |=
5526 /* The identity must match exactly to have been generated at the same time
5527 * by the same router. */
5530 DIGEST_LEN)) {
5533 }
5539 }
5547 DIGEST_LEN)) {
5552 }
5556 }
5565 }
5571 }
5576 }
5581 }
5584 err:
5586 /* This signature was okay, and the digest was right: This is indeed the
5587 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5588 * that lists it. Don't try to fetch this one again. */
5590 }
5593 }
5595 /* Does ri have a valid ntor onion key?
5596 * Valid ntor onion keys exist and have at least one non-zero byte. */
5597 int
5599 {
5602 }
5606 }
5609 CURVE25519_PUBKEY_LEN)) {
5611 }
5614 }
5616 /* Is rs running a tor version known to support EXTEND2 cells?
5617 * If allow_unknown_versions is true, return true if we can't tell
5618 * (from a versions line or a protocols line) whether it supports extend2
5619 * cells.
5620 * Otherwise, return false if the version is unknown. */
5621 int
5624 {
5627 }
5631 }
5634 }
5636 /** Assert that the internal representation of <b>rl</b> is
5637 * self-consistent. */
5638 void
5640 {
5652 /* XXXX
5653 *
5654 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5655 * commenting this out is just a band-aid.
5656 *
5657 * The problem is that, although well-behaved router descriptors
5658 * should never have the same value for their extra_info_digest, it's
5659 * possible for ill-behaved routers to claim whatever they like there.
5660 *
5661 * The real answer is to trash desc_by_eid_map and instead have
5662 * something that indicates for a given extra-info digest we want,
5663 * what its download status is. We'll do that as a part of routerlist
5664 * refactoring once consensus directories are in. For now,
5665 * this rep violation is probably harmless: an adversary can make us
5666 * reset our retry count for an extrainfo, but that's not the end
5667 * of the world. Changing the representation in 0.2.0.x would just
5668 * destabilize the codebase.
5669 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5670 signed_descriptor_t *sd3 =
5671 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5672 tor_assert(sd3 == &(r->cache_info));
5673 }
5674 */
5682 /* XXXX see above.
5683 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5684 signed_descriptor_t *sd3 =
5685 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5686 tor_assert(sd3 == sd);
5687 }
5688 */
5708 // tor_assert(sd); // XXXX see above
5712 }
5714 }
5716 /** Allocate and return a new string representing the contact info
5717 * and platform string for <b>router</b>,
5718 * surrounded by quotes and using standard C escapes.
5719 *
5720 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5721 * thread. Also, each call invalidates the last-returned value, so don't
5722 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5723 *
5724 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5725 */
5728 {
5744 }
5746 /** Helper for sorting: compare two routerinfos by their identity
5747 * digest. */
5748 static int
5750 {
5754 DIGEST_LEN);
5755 }
5757 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5758 void
5760 {
5762 }
5764 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5765 * recompute all country info in all configuration node sets and in the
5766 * routerlist. */
5767 void
5769 {
5784 }