1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
10 * maintain and access the global list of routerinfos for known
13 * A "routerinfo_t" object represents a single self-signed router
14 * descriptor, as generated by a Tor relay in order to tell the rest of
15 * the world about its keys, address, and capabilities. An
16 * "extrainfo_t" object represents an adjunct "extra-info" object,
17 * certified by a corresponding router descriptor, reporting more
18 * information about the relay that nearly all users will not need.
20 * Most users will not use router descriptors for most relays. Instead,
21 * they use the information in microdescriptors and in the consensus
24 * Right now, routerinfo_t objects are used in these ways:
26 * <li>By clients, in order to learn about bridge keys and capabilities.
27 * (Bridges aren't listed in the consensus networkstatus, so they
28 * can't have microdescriptors.)
29 * <li>By relays, since relays want more information about other relays
30 * than they can learn from microdescriptors. (TODO: Is this still true?)
31 * <li>By authorities, which receive them and use them to generate the
32 * consensus and the microdescriptors.
33 * <li>By all directory caches, which download them in case somebody
37 * Routerinfos are mostly created by parsing them from a string, in
38 * routerparse.c. We store them to disk on receiving them, and
39 * periodically discard the ones we don't need. On restarting, we
40 * re-read them from disk. (This also applies to extrainfo documents, if
41 * we are configured to fetch them.)
43 * In order to keep our list of routerinfos up-to-date, we periodically
44 * check whether there are any listed in the latest consensus (or in the
45 * votes from other authorities, if we are an authority) that we don't
46 * have. (This also applies to extrainfo documents, if we are
47 * configured to fetch them.)
49 * Almost nothing in Tor should use a routerinfo_t to refer directly to
50 * a relay; instead, almost everything should use node_t (implemented in
51 * nodelist.c), which provides a common interface to routerinfo_t,
52 * routerstatus_t, and microdescriptor_t.
56 * This module also has some of the functions used for choosing random
57 * nodes according to different rules and weights. Historically, they
58 * were all in this module. Now, they are spread across this module,
59 * nodelist.c, and networkstatus.c. (TODO: Fix that.)
63 * (For historical reasons) this module also contains code for handling
64 * the list of fallback directories, the list of directory authorities,
65 * and the list of authority certificates.
67 * For the directory authorities, we have a list containing the public
68 * identity key, and contact points, for each authority. The
69 * authorities receive descriptors from relays, and publish consensuses,
70 * descriptors, and microdescriptors. This list is pre-configured.
72 * Fallback directories are well-known, stable, but untrusted directory
73 * caches that clients which have not yet bootstrapped can use to get
74 * their first networkstatus consensus, in order to find out where the
75 * Tor network really is. This list is pre-configured in
76 * fallback_dirs.inc. Every authority also serves as a fallback.
78 * Both fallback directories and directory authorities are are
79 * represented by a dir_server_t.
81 * Authority certificates are signed with authority identity keys; they
82 * are used to authenticate shorter-term authority signing keys. We
83 * fetch them when we find a consensus or a vote that has been signed
84 * with a signing key we don't recognize. We cache them on disk and
85 * load them on startup. Authority operators generate them with the
86 * "tor-gencert" utility.
88 * TODO: Authority certificates should be a separate module.
90 * TODO: dir_server_t stuff should be in a separate module.
93 #define ROUTERLIST_PRIVATE
95 #include "backtrace.h"
97 #include "crypto_ed25519.h"
98 #include "circuitstats.h"
100 #include "connection.h"
102 #include "directory.h"
105 #include "entrynodes.h"
108 #include "hibernate.h"
110 #include "microdesc.h"
111 #include "networkstatus.h"
112 #include "nodelist.h"
113 #include "policies.h"
115 #include "rendcommon.h"
116 #include "rendservice.h"
119 #include "routerlist.h"
120 #include "routerparse.h"
121 #include "routerset.h"
125 // #define DEBUG_ROUTERLIST
127 /****************************************************************************/
129 /* Typed wrappers for different digestmap types; used to avoid type
132 DECLARE_TYPED_DIGESTMAP_FNS(sdmap_
, digest_sd_map_t
, signed_descriptor_t
)
133 DECLARE_TYPED_DIGESTMAP_FNS(rimap_
, digest_ri_map_t
, routerinfo_t
)
134 DECLARE_TYPED_DIGESTMAP_FNS(eimap_
, digest_ei_map_t
, extrainfo_t
)
135 DECLARE_TYPED_DIGESTMAP_FNS(dsmap_
, digest_ds_map_t
, download_status_t
)
136 #define SDMAP_FOREACH(map, keyvar, valvar) \
137 DIGESTMAP_FOREACH(sdmap_to_digestmap(map), keyvar, signed_descriptor_t *, \
139 #define RIMAP_FOREACH(map, keyvar, valvar) \
140 DIGESTMAP_FOREACH(rimap_to_digestmap(map), keyvar, routerinfo_t *, valvar)
141 #define EIMAP_FOREACH(map, keyvar, valvar) \
142 DIGESTMAP_FOREACH(eimap_to_digestmap(map), keyvar, extrainfo_t *, valvar)
143 #define DSMAP_FOREACH(map, keyvar, valvar) \
144 DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
147 /* Forward declaration for cert_list_t */
148 typedef struct cert_list_t cert_list_t
;
150 /* static function prototypes */
151 static int compute_weighted_bandwidths(const smartlist_t
*sl
,
152 bandwidth_weight_rule_t rule
,
153 double **bandwidths_out
,
154 double *total_bandwidth_out
);
155 static const routerstatus_t
*router_pick_trusteddirserver_impl(
156 const smartlist_t
*sourcelist
, dirinfo_type_t auth
,
157 int flags
, int *n_busy_out
);
158 static const routerstatus_t
*router_pick_dirserver_generic(
159 smartlist_t
*sourcelist
,
160 dirinfo_type_t type
, int flags
);
161 static void mark_all_dirservers_up(smartlist_t
*server_list
);
162 static void dir_server_free(dir_server_t
*ds
);
163 static int signed_desc_digest_is_recognized(signed_descriptor_t
*desc
);
164 static const char *signed_descriptor_get_body_impl(
165 const signed_descriptor_t
*desc
,
166 int with_annotations
);
167 static void list_pending_downloads(digestmap_t
*result
,
168 digest256map_t
*result256
,
169 int purpose
, const char *prefix
);
170 static void list_pending_fpsk_downloads(fp_pair_map_t
*result
);
171 static void launch_dummy_descriptor_download_as_needed(time_t now
,
172 const or_options_t
*options
);
173 static void download_status_reset_by_sk_in_cl(cert_list_t
*cl
,
175 static int download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
177 time_t now
, int max_failures
);
179 /****************************************************************************/
181 /** Global list of a dir_server_t object for each directory
183 static smartlist_t
*trusted_dir_servers
= NULL
;
184 /** Global list of dir_server_t objects for all directory authorities
185 * and all fallback directory servers. */
186 static smartlist_t
*fallback_dir_servers
= NULL
;
188 /** List of certificates for a single authority, and download status for
189 * latest certificate.
193 * The keys of download status map are cert->signing_key_digest for pending
194 * downloads by (identity digest/signing key digest) pair; functions such
195 * as authority_cert_get_by_digest() already assume these are unique.
197 struct digest_ds_map_t
*dl_status_map
;
198 /* There is also a dlstatus for the download by identity key only */
199 download_status_t dl_status_by_id
;
202 /** Map from v3 identity key digest to cert_list_t. */
203 static digestmap_t
*trusted_dir_certs
= NULL
;
204 /** True iff any key certificate in at least one member of
205 * <b>trusted_dir_certs</b> has changed since we last flushed the
206 * certificates to disk. */
207 static int trusted_dir_servers_certs_changed
= 0;
209 /** Global list of all of the routers that we know about. */
210 static routerlist_t
*routerlist
= NULL
;
212 /** List of strings for nicknames we've already warned about and that are
213 * still unknown / unavailable. */
214 static smartlist_t
*warned_nicknames
= NULL
;
216 /** The last time we tried to download any routerdesc, or 0 for "never". We
217 * use this to rate-limit download attempts when the number of routerdescs to
218 * download is low. */
219 static time_t last_descriptor_download_attempted
= 0;
221 /** Return the number of directory authorities whose type matches some bit set
224 get_n_authorities(dirinfo_type_t type
)
227 if (!trusted_dir_servers
)
229 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
235 /** Initialise schedule, want_authority, and increment on in the download
236 * status dlstatus, then call download_status_reset() on it.
237 * It is safe to call this function or download_status_reset() multiple times
238 * on a new dlstatus. But it should *not* be called after a dlstatus has been
239 * used to count download attempts or failures. */
241 download_status_cert_init(download_status_t
*dlstatus
)
243 dlstatus
->schedule
= DL_SCHED_CONSENSUS
;
244 dlstatus
->want_authority
= DL_WANT_ANY_DIRSERVER
;
245 dlstatus
->increment_on
= DL_SCHED_INCREMENT_FAILURE
;
246 dlstatus
->backoff
= DL_SCHED_RANDOM_EXPONENTIAL
;
247 dlstatus
->last_backoff_position
= 0;
248 dlstatus
->last_delay_used
= 0;
250 /* Use the new schedule to set next_attempt_at */
251 download_status_reset(dlstatus
);
254 /** Reset the download status of a specified element in a dsmap */
256 download_status_reset_by_sk_in_cl(cert_list_t
*cl
, const char *digest
)
258 download_status_t
*dlstatus
= NULL
;
263 /* Make sure we have a dsmap */
264 if (!(cl
->dl_status_map
)) {
265 cl
->dl_status_map
= dsmap_new();
267 /* Look for a download_status_t in the map with this digest */
268 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
271 /* Insert before we reset */
272 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
273 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
274 download_status_cert_init(dlstatus
);
276 tor_assert(dlstatus
);
277 /* Go ahead and reset it */
278 download_status_reset(dlstatus
);
282 * Return true if the download for this signing key digest in cl is ready
283 * to be re-attempted.
286 download_status_is_ready_by_sk_in_cl(cert_list_t
*cl
,
288 time_t now
, int max_failures
)
291 download_status_t
*dlstatus
= NULL
;
296 /* Make sure we have a dsmap */
297 if (!(cl
->dl_status_map
)) {
298 cl
->dl_status_map
= dsmap_new();
300 /* Look for a download_status_t in the map with this digest */
301 dlstatus
= dsmap_get(cl
->dl_status_map
, digest
);
304 /* Use download_status_is_ready() */
305 rv
= download_status_is_ready(dlstatus
, now
, max_failures
);
308 * If we don't know anything about it, return 1, since we haven't
309 * tried this one before. We need to create a new entry here,
312 dlstatus
= tor_malloc_zero(sizeof(*dlstatus
));
313 download_status_cert_init(dlstatus
);
314 dsmap_set(cl
->dl_status_map
, digest
, dlstatus
);
321 /** Helper: Return the cert_list_t for an authority whose authority ID is
322 * <b>id_digest</b>, allocating a new list if necessary. */
324 get_cert_list(const char *id_digest
)
327 if (!trusted_dir_certs
)
328 trusted_dir_certs
= digestmap_new();
329 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
331 cl
= tor_malloc_zero(sizeof(cert_list_t
));
332 download_status_cert_init(&cl
->dl_status_by_id
);
333 cl
->certs
= smartlist_new();
334 cl
->dl_status_map
= dsmap_new();
335 digestmap_set(trusted_dir_certs
, id_digest
, cl
);
340 /** Return a list of authority ID digests with potentially enumerable lists
341 * of download_status_t objects; used by controller GETINFO queries.
344 MOCK_IMPL(smartlist_t
*,
345 list_authority_ids_with_downloads
, (void))
347 smartlist_t
*ids
= smartlist_new();
353 if (trusted_dir_certs
) {
354 for (i
= digestmap_iter_init(trusted_dir_certs
);
355 !(digestmap_iter_done(i
));
356 i
= digestmap_iter_next(trusted_dir_certs
, i
)) {
358 * We always have at least dl_status_by_id to query, so no need to
359 * probe deeper than the existence of a cert_list_t.
361 digestmap_iter_get(i
, &digest
, &cl
);
362 tmp
= tor_malloc(DIGEST_LEN
);
363 memcpy(tmp
, digest
, DIGEST_LEN
);
364 smartlist_add(ids
, tmp
);
367 /* else definitely no downlaods going since nothing even has a cert list */
372 /** Given an authority ID digest, return a pointer to the default download
373 * status, or NULL if there is no such entry in trusted_dir_certs */
375 MOCK_IMPL(download_status_t
*,
376 id_only_download_status_for_authority_id
, (const char *digest
))
378 download_status_t
*dl
= NULL
;
381 if (trusted_dir_certs
) {
382 cl
= digestmap_get(trusted_dir_certs
, digest
);
384 dl
= &(cl
->dl_status_by_id
);
391 /** Given an authority ID digest, return a smartlist of signing key digests
392 * for which download_status_t is potentially queryable, or NULL if no such
393 * authority ID digest is known. */
395 MOCK_IMPL(smartlist_t
*,
396 list_sk_digests_for_authority_id
, (const char *digest
))
398 smartlist_t
*sks
= NULL
;
401 const char *sk_digest
;
403 download_status_t
*dl
;
405 if (trusted_dir_certs
) {
406 cl
= digestmap_get(trusted_dir_certs
, digest
);
408 sks
= smartlist_new();
409 if (cl
->dl_status_map
) {
410 for (i
= dsmap_iter_init(cl
->dl_status_map
);
411 !(dsmap_iter_done(i
));
412 i
= dsmap_iter_next(cl
->dl_status_map
, i
)) {
413 /* Pull the digest out and add it to the list */
414 dsmap_iter_get(i
, &sk_digest
, &dl
);
415 tmp
= tor_malloc(DIGEST_LEN
);
416 memcpy(tmp
, sk_digest
, DIGEST_LEN
);
417 smartlist_add(sks
, tmp
);
426 /** Given an authority ID digest and a signing key digest, return the
427 * download_status_t or NULL if none exists. */
429 MOCK_IMPL(download_status_t
*,
430 download_status_for_authority_id_and_sk
,(const char *id_digest
,
431 const char *sk_digest
))
433 download_status_t
*dl
= NULL
;
434 cert_list_t
*cl
= NULL
;
436 if (trusted_dir_certs
) {
437 cl
= digestmap_get(trusted_dir_certs
, id_digest
);
438 if (cl
&& cl
->dl_status_map
) {
439 dl
= dsmap_get(cl
->dl_status_map
, sk_digest
);
446 /** Release all space held by a cert_list_t */
448 cert_list_free(cert_list_t
*cl
)
453 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
454 authority_cert_free(cert
));
455 smartlist_free(cl
->certs
);
456 dsmap_free(cl
->dl_status_map
, tor_free_
);
460 /** Wrapper for cert_list_free so we can pass it to digestmap_free */
462 cert_list_free_(void *cl
)
467 /** Reload the cached v3 key certificates from the cached-certs file in
468 * the data directory. Return 0 on success, -1 on failure. */
470 trusted_dirs_reload_certs(void)
476 filename
= get_datadir_fname("cached-certs");
477 contents
= read_file_to_str(filename
, RFTS_IGNORE_MISSING
, NULL
);
481 r
= trusted_dirs_load_certs_from_string(
483 TRUSTED_DIRS_CERTS_SRC_FROM_STORE
, 1, NULL
);
488 /** Helper: return true iff we already have loaded the exact cert
491 already_have_cert(authority_cert_t
*cert
)
493 cert_list_t
*cl
= get_cert_list(cert
->cache_info
.identity_digest
);
495 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
497 if (tor_memeq(c
->cache_info
.signed_descriptor_digest
,
498 cert
->cache_info
.signed_descriptor_digest
,
505 /** Load a bunch of new key certificates from the string <b>contents</b>. If
506 * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
507 * from the cache, and we don't need to flush them to disk. If we are a
508 * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
509 * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
510 * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
511 * need to flush any changed certificates to disk now. Return 0 on success,
512 * -1 if any certs fail to parse.
514 * If source_dir is non-NULL, it's the identity digest for a directory that
515 * we've just successfully retrieved certificates from, so try it first to
516 * fetch any missing certificates.
519 trusted_dirs_load_certs_from_string(const char *contents
, int source
,
520 int flush
, const char *source_dir
)
524 int failure_code
= 0;
525 int from_store
= (source
== TRUSTED_DIRS_CERTS_SRC_FROM_STORE
);
526 int added_trusted_cert
= 0;
528 for (s
= contents
; *s
; s
= eos
) {
529 authority_cert_t
*cert
= authority_cert_parse_from_string(s
, &eos
);
535 ds
= trusteddirserver_get_by_v3_auth_digest(
536 cert
->cache_info
.identity_digest
);
537 log_debug(LD_DIR
, "Parsed certificate for %s",
538 ds
? ds
->nickname
: "unknown authority");
540 if (already_have_cert(cert
)) {
541 /* we already have this one. continue. */
542 log_info(LD_DIR
, "Skipping %s certificate for %s that we "
544 from_store
? "cached" : "downloaded",
545 ds
? ds
->nickname
: "an old or new authority");
548 * A duplicate on download should be treated as a failure, so we call
549 * authority_cert_dl_failed() to reset the download status to make sure
550 * we can't try again. Since we've implemented the fp-sk mechanism
551 * to download certs by signing key, this should be much rarer than it
552 * was and is perhaps cause for concern.
555 if (authdir_mode(get_options())) {
557 "Got a certificate for %s, but we already have it. "
558 "Maybe they haven't updated it. Waiting for a while.",
559 ds
? ds
->nickname
: "an old or new authority");
562 "Got a certificate for %s, but we already have it. "
563 "Maybe they haven't updated it. Waiting for a while.",
564 ds
? ds
->nickname
: "an old or new authority");
568 * This is where we care about the source; authority_cert_dl_failed()
569 * needs to know whether the download was by fp or (fp,sk) pair to
570 * twiddle the right bit in the download map.
572 if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
) {
573 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
575 } else if (source
== TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST
) {
576 authority_cert_dl_failed(cert
->cache_info
.identity_digest
,
577 cert
->signing_key_digest
, 404);
581 authority_cert_free(cert
);
586 added_trusted_cert
= 1;
587 log_info(LD_DIR
, "Adding %s certificate for directory authority %s with "
588 "signing key %s", from_store
? "cached" : "downloaded",
589 ds
->nickname
, hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
591 int adding
= we_want_to_fetch_unknown_auth_certs(get_options());
592 log_info(LD_DIR
, "%s %s certificate for unrecognized directory "
593 "authority with signing key %s",
594 adding
? "Adding" : "Not adding",
595 from_store
? "cached" : "downloaded",
596 hex_str(cert
->signing_key_digest
,DIGEST_LEN
));
598 authority_cert_free(cert
);
603 cl
= get_cert_list(cert
->cache_info
.identity_digest
);
604 smartlist_add(cl
->certs
, cert
);
605 if (ds
&& cert
->cache_info
.published_on
> ds
->addr_current_at
) {
606 /* Check to see whether we should update our view of the authority's
608 if (cert
->addr
&& cert
->dir_port
&&
609 (ds
->addr
!= cert
->addr
||
610 ds
->dir_port
!= cert
->dir_port
)) {
611 char *a
= tor_dup_ip(cert
->addr
);
612 log_notice(LD_DIR
, "Updating address for directory authority %s "
613 "from %s:%d to %s:%d based on certificate.",
614 ds
->nickname
, ds
->address
, (int)ds
->dir_port
,
617 ds
->addr
= cert
->addr
;
618 ds
->dir_port
= cert
->dir_port
;
620 ds
->addr_current_at
= cert
->cache_info
.published_on
;
624 trusted_dir_servers_certs_changed
= 1;
628 trusted_dirs_flush_certs_to_disk();
630 /* call this even if failure_code is <0, since some certs might have
631 * succeeded, but only pass source_dir if there were no failures,
632 * and at least one more authority certificate was added to the store.
633 * This avoids retrying a directory that's serving bad or entirely duplicate
635 if (failure_code
== 0 && added_trusted_cert
) {
636 networkstatus_note_certs_arrived(source_dir
);
638 networkstatus_note_certs_arrived(NULL
);
644 /** Save all v3 key certificates to the cached-certs file. */
646 trusted_dirs_flush_certs_to_disk(void)
651 if (!trusted_dir_servers_certs_changed
|| !trusted_dir_certs
)
654 chunks
= smartlist_new();
655 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
656 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
658 sized_chunk_t
*c
= tor_malloc(sizeof(sized_chunk_t
));
659 c
->bytes
= cert
->cache_info
.signed_descriptor_body
;
660 c
->len
= cert
->cache_info
.signed_descriptor_len
;
661 smartlist_add(chunks
, c
);
663 } DIGESTMAP_FOREACH_END
;
665 filename
= get_datadir_fname("cached-certs");
666 if (write_chunks_to_file(filename
, chunks
, 0, 0)) {
667 log_warn(LD_FS
, "Error writing certificates to disk.");
670 SMARTLIST_FOREACH(chunks
, sized_chunk_t
*, c
, tor_free(c
));
671 smartlist_free(chunks
);
673 trusted_dir_servers_certs_changed
= 0;
677 compare_certs_by_pubdates(const void **_a
, const void **_b
)
679 const authority_cert_t
*cert1
= *_a
, *cert2
=*_b
;
681 if (cert1
->cache_info
.published_on
< cert2
->cache_info
.published_on
)
683 else if (cert1
->cache_info
.published_on
> cert2
->cache_info
.published_on
)
689 /** Remove all expired v3 authority certificates that have been superseded for
690 * more than 48 hours or, if not expired, that were published more than 7 days
691 * before being superseded. (If the most recent cert was published more than 48
692 * hours ago, then we aren't going to get any consensuses signed with older
695 trusted_dirs_remove_old_certs(void)
697 time_t now
= time(NULL
);
698 #define DEAD_CERT_LIFETIME (2*24*60*60)
699 #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
700 if (!trusted_dir_certs
)
703 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
704 /* Sort the list from first-published to last-published */
705 smartlist_sort(cl
->certs
, compare_certs_by_pubdates
);
707 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
708 if (cert_sl_idx
== smartlist_len(cl
->certs
) - 1) {
709 /* This is the most recently published cert. Keep it. */
712 authority_cert_t
*next_cert
= smartlist_get(cl
->certs
, cert_sl_idx
+1);
713 const time_t next_cert_published
= next_cert
->cache_info
.published_on
;
714 if (next_cert_published
> now
) {
715 /* All later certs are published in the future. Keep everything
716 * we didn't discard. */
719 int should_remove
= 0;
720 if (cert
->expires
+ DEAD_CERT_LIFETIME
< now
) {
721 /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
724 } else if (next_cert_published
+ SUPERSEDED_CERT_LIFETIME
< now
) {
725 /* Certificate has been superseded for OLD_CERT_LIFETIME.
731 SMARTLIST_DEL_CURRENT_KEEPORDER(cl
->certs
, cert
);
732 authority_cert_free(cert
);
733 trusted_dir_servers_certs_changed
= 1;
735 } SMARTLIST_FOREACH_END(cert
);
737 } DIGESTMAP_FOREACH_END
;
738 #undef DEAD_CERT_LIFETIME
739 #undef OLD_CERT_LIFETIME
741 trusted_dirs_flush_certs_to_disk();
744 /** Return the newest v3 authority certificate whose v3 authority identity key
745 * has digest <b>id_digest</b>. Return NULL if no such authority is known,
746 * or it has no certificate. */
748 authority_cert_get_newest_by_id(const char *id_digest
)
751 authority_cert_t
*best
= NULL
;
752 if (!trusted_dir_certs
||
753 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
756 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
758 if (!best
|| cert
->cache_info
.published_on
> best
->cache_info
.published_on
)
764 /** Return the newest v3 authority certificate whose directory signing key has
765 * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
768 authority_cert_get_by_sk_digest(const char *sk_digest
)
771 if (!trusted_dir_certs
)
774 if ((c
= get_my_v3_authority_cert()) &&
775 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
777 if ((c
= get_my_v3_legacy_cert()) &&
778 tor_memeq(c
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
781 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
782 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
784 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
787 } DIGESTMAP_FOREACH_END
;
791 /** Return the v3 authority certificate with signing key matching
792 * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
793 * Return NULL if no such authority is known. */
795 authority_cert_get_by_digests(const char *id_digest
,
796 const char *sk_digest
)
799 if (!trusted_dir_certs
||
800 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
802 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, cert
,
803 if (tor_memeq(cert
->signing_key_digest
, sk_digest
, DIGEST_LEN
))
809 /** Add every known authority_cert_t to <b>certs_out</b>. */
811 authority_cert_get_all(smartlist_t
*certs_out
)
813 tor_assert(certs_out
);
814 if (!trusted_dir_certs
)
817 DIGESTMAP_FOREACH(trusted_dir_certs
, key
, cert_list_t
*, cl
) {
818 SMARTLIST_FOREACH(cl
->certs
, authority_cert_t
*, c
,
819 smartlist_add(certs_out
, c
));
820 } DIGESTMAP_FOREACH_END
;
823 /** Called when an attempt to download a certificate with the authority with
824 * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
825 * fails with HTTP response code <b>status</b>: remember the failure, so we
826 * don't try again immediately. */
828 authority_cert_dl_failed(const char *id_digest
,
829 const char *signing_key_digest
, int status
)
832 download_status_t
*dlstatus
= NULL
;
833 char id_digest_str
[2*DIGEST_LEN
+1];
834 char sk_digest_str
[2*DIGEST_LEN
+1];
836 if (!trusted_dir_certs
||
837 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
841 * Are we noting a failed download of the latest cert for the id digest,
842 * or of a download by (id, signing key) digest pair?
844 if (!signing_key_digest
) {
845 /* Just by id digest */
846 download_status_failed(&cl
->dl_status_by_id
, status
);
848 /* Reset by (id, signing key) digest pair
850 * Look for a download_status_t in the map with this digest
852 dlstatus
= dsmap_get(cl
->dl_status_map
, signing_key_digest
);
855 download_status_failed(dlstatus
, status
);
858 * Do this rather than hex_str(), since hex_str clobbers
859 * old results and we call twice in the param list.
861 base16_encode(id_digest_str
, sizeof(id_digest_str
),
862 id_digest
, DIGEST_LEN
);
863 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
864 signing_key_digest
, DIGEST_LEN
);
866 "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
867 "status %d, but knew nothing about the download.",
868 id_digest_str
, sk_digest_str
, status
);
873 static const char *BAD_SIGNING_KEYS
[] = {
874 "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
875 "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
876 "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
877 "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
878 "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
879 "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
880 "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
881 "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
882 "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
883 "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
887 /** Return true iff <b>cert</b> authenticates some atuhority signing key
888 * which, because of the old openssl heartbleed vulnerability, should
889 * never be trusted. */
891 authority_cert_is_blacklisted(const authority_cert_t
*cert
)
893 char hex_digest
[HEX_DIGEST_LEN
+1];
895 base16_encode(hex_digest
, sizeof(hex_digest
),
896 cert
->signing_key_digest
, sizeof(cert
->signing_key_digest
));
898 for (i
= 0; BAD_SIGNING_KEYS
[i
]; ++i
) {
899 if (!strcasecmp(hex_digest
, BAD_SIGNING_KEYS
[i
])) {
906 /** Return true iff when we've been getting enough failures when trying to
907 * download the certificate with ID digest <b>id_digest</b> that we're willing
908 * to start bugging the user about it. */
910 authority_cert_dl_looks_uncertain(const char *id_digest
)
912 #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
915 if (!trusted_dir_certs
||
916 !(cl
= digestmap_get(trusted_dir_certs
, id_digest
)))
919 n_failures
= download_status_get_n_failures(&cl
->dl_status_by_id
);
920 return n_failures
>= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER
;
923 /* Fetch the authority certificates specified in resource.
924 * If we are a bridge client, and node is a configured bridge, fetch from node
925 * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
926 * rs. Otherwise, fetch from a random directory mirror. */
928 authority_certs_fetch_resource_impl(const char *resource
,
929 const char *dir_hint
,
931 const routerstatus_t
*rs
)
933 const or_options_t
*options
= get_options();
934 int get_via_tor
= purpose_needs_anonymity(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
937 /* Make sure bridge clients never connect to anything but a bridge */
938 if (options
->UseBridges
) {
939 if (node
&& !node_is_a_configured_bridge(node
)) {
940 /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
943 /* If we're using bridges, and there's no node, use a 3-hop path. */
948 const dir_indirection_t indirection
= get_via_tor
? DIRIND_ANONYMOUS
951 directory_request_t
*req
= NULL
;
952 /* If we've just downloaded a consensus from a bridge, re-use that
954 if (options
->UseBridges
&& node
&& node
->ri
&& !get_via_tor
) {
955 /* clients always make OR connections to bridges */
956 tor_addr_port_t or_ap
;
957 /* we are willing to use a non-preferred address if we need to */
958 fascist_firewall_choose_address_node(node
, FIREWALL_OR_CONNECTION
, 0,
961 req
= directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE
);
962 directory_request_set_or_addr_port(req
, &or_ap
);
964 directory_request_set_directory_id_digest(req
, dir_hint
);
966 /* And if we've just downloaded a consensus from a directory, re-use that
968 req
= directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE
);
969 directory_request_set_routerstatus(req
, rs
);
973 /* We've set up a request object -- fill in the other request fields, and
974 * send the request. */
975 directory_request_set_indirection(req
, indirection
);
976 directory_request_set_resource(req
, resource
);
977 directory_initiate_request(req
);
978 directory_request_free(req
);
982 /* Otherwise, we want certs from a random fallback or directory
983 * mirror, because they will almost always succeed. */
984 directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE
, 0,
985 resource
, PDS_RETRY_IF_NO_SERVERS
,
986 DL_WANT_ANY_DIRSERVER
);
989 /** Try to download any v3 authority certificates that we may be missing. If
990 * <b>status</b> is provided, try to get all the ones that were used to sign
991 * <b>status</b>. Additionally, try to have a non-expired certificate for
992 * every V3 authority in trusted_dir_servers. Don't fetch certificates we
995 * If dir_hint is non-NULL, it's the identity digest for a directory that
996 * we've just successfully retrieved a consensus or certificates from, so try
997 * it first to fetch any missing certificates.
1000 authority_certs_fetch_missing(networkstatus_t
*status
, time_t now
,
1001 const char *dir_hint
)
1004 * The pending_id digestmap tracks pending certificate downloads by
1005 * identity digest; the pending_cert digestmap tracks pending downloads
1006 * by (identity digest, signing key digest) pairs.
1008 digestmap_t
*pending_id
;
1009 fp_pair_map_t
*pending_cert
;
1011 * The missing_id_digests smartlist will hold a list of id digests
1012 * we want to fetch the newest cert for; the missing_cert_digests
1013 * smartlist will hold a list of fp_pair_t with an identity and
1014 * signing key digest.
1016 smartlist_t
*missing_cert_digests
, *missing_id_digests
;
1017 char *resource
= NULL
;
1019 const or_options_t
*options
= get_options();
1020 const int keep_unknown
= we_want_to_fetch_unknown_auth_certs(options
);
1021 fp_pair_t
*fp_tmp
= NULL
;
1022 char id_digest_str
[2*DIGEST_LEN
+1];
1023 char sk_digest_str
[2*DIGEST_LEN
+1];
1025 if (should_delay_dir_fetches(options
, NULL
))
1028 pending_cert
= fp_pair_map_new();
1029 pending_id
= digestmap_new();
1030 missing_cert_digests
= smartlist_new();
1031 missing_id_digests
= smartlist_new();
1034 * First, we get the lists of already pending downloads so we don't
1037 list_pending_downloads(pending_id
, NULL
,
1038 DIR_PURPOSE_FETCH_CERTIFICATE
, "fp/");
1039 list_pending_fpsk_downloads(pending_cert
);
1042 * Now, we download any trusted authority certs we don't have by
1043 * identity digest only. This gets the latest cert for that authority.
1045 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers
, dir_server_t
*, ds
) {
1047 if (!(ds
->type
& V3_DIRINFO
))
1049 if (smartlist_contains_digest(missing_id_digests
,
1050 ds
->v3_identity_digest
))
1052 cl
= get_cert_list(ds
->v3_identity_digest
);
1053 SMARTLIST_FOREACH_BEGIN(cl
->certs
, authority_cert_t
*, cert
) {
1054 if (now
< cert
->expires
) {
1055 /* It's not expired, and we weren't looking for something to
1056 * verify a consensus with. Call it done. */
1057 download_status_reset(&(cl
->dl_status_by_id
));
1058 /* No sense trying to download it specifically by signing key hash */
1059 download_status_reset_by_sk_in_cl(cl
, cert
->signing_key_digest
);
1063 } SMARTLIST_FOREACH_END(cert
);
1065 download_status_is_ready(&(cl
->dl_status_by_id
), now
,
1066 options
->TestingCertMaxDownloadTries
) &&
1067 !digestmap_get(pending_id
, ds
->v3_identity_digest
)) {
1069 "No current certificate known for authority %s "
1070 "(ID digest %s); launching request.",
1071 ds
->nickname
, hex_str(ds
->v3_identity_digest
, DIGEST_LEN
));
1072 smartlist_add(missing_id_digests
, ds
->v3_identity_digest
);
1074 } SMARTLIST_FOREACH_END(ds
);
1077 * Next, if we have a consensus, scan through it and look for anything
1078 * signed with a key from a cert we don't have. Those get downloaded
1079 * by (fp,sk) pair, but if we don't know any certs at all for the fp
1080 * (identity digest), and it's one of the trusted dir server certs
1081 * we started off above or a pending download in pending_id, don't
1082 * try to get it yet. Most likely, the one we'll get for that will
1083 * have the right signing key too, and we'd just be downloading
1087 SMARTLIST_FOREACH_BEGIN(status
->voters
, networkstatus_voter_info_t
*,
1089 if (!smartlist_len(voter
->sigs
))
1090 continue; /* This authority never signed this consensus, so don't
1091 * go looking for a cert with key digest 0000000000. */
1092 if (!keep_unknown
&&
1093 !trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
))
1094 continue; /* We don't want unknown certs, and we don't know this
1098 * If we don't know *any* cert for this authority, and a download by ID
1099 * is pending or we added it to missing_id_digests above, skip this
1100 * one for now to avoid duplicate downloads.
1102 cl
= get_cert_list(voter
->identity_digest
);
1103 if (smartlist_len(cl
->certs
) == 0) {
1104 /* We have no certs at all for this one */
1106 /* Do we have a download of one pending? */
1107 if (digestmap_get(pending_id
, voter
->identity_digest
))
1111 * Are we about to launch a download of one due to the trusted
1112 * dir server check above?
1114 if (smartlist_contains_digest(missing_id_digests
,
1115 voter
->identity_digest
))
1119 SMARTLIST_FOREACH_BEGIN(voter
->sigs
, document_signature_t
*, sig
) {
1120 authority_cert_t
*cert
=
1121 authority_cert_get_by_digests(voter
->identity_digest
,
1122 sig
->signing_key_digest
);
1124 if (now
< cert
->expires
)
1125 download_status_reset_by_sk_in_cl(cl
, sig
->signing_key_digest
);
1128 if (download_status_is_ready_by_sk_in_cl(
1129 cl
, sig
->signing_key_digest
,
1130 now
, options
->TestingCertMaxDownloadTries
) &&
1131 !fp_pair_map_get_by_digests(pending_cert
,
1132 voter
->identity_digest
,
1133 sig
->signing_key_digest
)) {
1135 * Do this rather than hex_str(), since hex_str clobbers
1136 * old results and we call twice in the param list.
1138 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1139 voter
->identity_digest
, DIGEST_LEN
);
1140 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1141 sig
->signing_key_digest
, DIGEST_LEN
);
1143 if (voter
->nickname
) {
1145 "We're missing a certificate from authority %s "
1146 "(ID digest %s) with signing key %s: "
1147 "launching request.",
1148 voter
->nickname
, id_digest_str
, sk_digest_str
);
1151 "We're missing a certificate from authority ID digest "
1152 "%s with signing key %s: launching request.",
1153 id_digest_str
, sk_digest_str
);
1156 /* Allocate a new fp_pair_t to append */
1157 fp_tmp
= tor_malloc(sizeof(*fp_tmp
));
1158 memcpy(fp_tmp
->first
, voter
->identity_digest
, sizeof(fp_tmp
->first
));
1159 memcpy(fp_tmp
->second
, sig
->signing_key_digest
,
1160 sizeof(fp_tmp
->second
));
1161 smartlist_add(missing_cert_digests
, fp_tmp
);
1163 } SMARTLIST_FOREACH_END(sig
);
1164 } SMARTLIST_FOREACH_END(voter
);
1167 /* Bridge clients look up the node for the dir_hint */
1168 const node_t
*node
= NULL
;
1169 /* All clients, including bridge clients, look up the routerstatus for the
1171 const routerstatus_t
*rs
= NULL
;
1173 /* If we still need certificates, try the directory that just successfully
1174 * served us a consensus or certificates.
1175 * As soon as the directory fails to provide additional certificates, we try
1176 * another, randomly selected directory. This avoids continual retries.
1177 * (We only ever have one outstanding request per certificate.)
1180 if (options
->UseBridges
) {
1181 /* Bridge clients try the nodelist. If the dir_hint is from an authority,
1182 * or something else fetched over tor, we won't find the node here, but
1183 * we will find the rs. */
1184 node
= node_get_by_id(dir_hint
);
1187 /* All clients try the consensus routerstatus, then the fallback
1189 rs
= router_get_consensus_status_by_id(dir_hint
);
1191 /* This will also find authorities */
1192 const dir_server_t
*ds
= router_get_fallback_dirserver_by_digest(
1195 rs
= &ds
->fake_status
;
1200 log_warn(LD_BUG
, "Directory %s delivered a consensus, but %s"
1201 "no routerstatus could be found for it.",
1202 options
->UseBridges
? "no node and " : "",
1203 hex_str(dir_hint
, DIGEST_LEN
));
1207 /* Do downloads by identity digest */
1208 if (smartlist_len(missing_id_digests
) > 0) {
1210 smartlist_t
*fps
= smartlist_new();
1212 smartlist_add_strdup(fps
, "fp/");
1214 SMARTLIST_FOREACH_BEGIN(missing_id_digests
, const char *, d
) {
1217 if (digestmap_get(pending_id
, d
))
1220 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1224 tor_asprintf(&fp
, "+%s", id_digest_str
);
1226 /* No need for tor_asprintf() in this case; first one gets no '+' */
1227 fp
= tor_strdup(id_digest_str
);
1231 smartlist_add(fps
, fp
);
1232 } SMARTLIST_FOREACH_END(d
);
1234 if (smartlist_len(fps
) > 1) {
1235 resource
= smartlist_join_strings(fps
, "", 0, NULL
);
1236 /* node and rs are directories that just gave us a consensus or
1238 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1241 /* else we didn't add any: they were all pending */
1243 SMARTLIST_FOREACH(fps
, char *, cp
, tor_free(cp
));
1244 smartlist_free(fps
);
1247 /* Do downloads by identity digest/signing key pair */
1248 if (smartlist_len(missing_cert_digests
) > 0) {
1250 smartlist_t
*fp_pairs
= smartlist_new();
1252 smartlist_add_strdup(fp_pairs
, "fp-sk/");
1254 SMARTLIST_FOREACH_BEGIN(missing_cert_digests
, const fp_pair_t
*, d
) {
1255 char *fp_pair
= NULL
;
1257 if (fp_pair_map_get(pending_cert
, d
))
1260 /* Construct string encodings of the digests */
1261 base16_encode(id_digest_str
, sizeof(id_digest_str
),
1262 d
->first
, DIGEST_LEN
);
1263 base16_encode(sk_digest_str
, sizeof(sk_digest_str
),
1264 d
->second
, DIGEST_LEN
);
1266 /* Now tor_asprintf() */
1268 tor_asprintf(&fp_pair
, "+%s-%s", id_digest_str
, sk_digest_str
);
1270 /* First one in the list doesn't get a '+' */
1271 tor_asprintf(&fp_pair
, "%s-%s", id_digest_str
, sk_digest_str
);
1275 /* Add it to the list of pairs to request */
1276 smartlist_add(fp_pairs
, fp_pair
);
1277 } SMARTLIST_FOREACH_END(d
);
1279 if (smartlist_len(fp_pairs
) > 1) {
1280 resource
= smartlist_join_strings(fp_pairs
, "", 0, NULL
);
1281 /* node and rs are directories that just gave us a consensus or
1283 authority_certs_fetch_resource_impl(resource
, dir_hint
, node
, rs
);
1286 /* else they were all pending */
1288 SMARTLIST_FOREACH(fp_pairs
, char *, p
, tor_free(p
));
1289 smartlist_free(fp_pairs
);
1292 smartlist_free(missing_id_digests
);
1293 SMARTLIST_FOREACH(missing_cert_digests
, fp_pair_t
*, p
, tor_free(p
));
1294 smartlist_free(missing_cert_digests
);
1295 digestmap_free(pending_id
, NULL
);
1296 fp_pair_map_free(pending_cert
, NULL
);
1299 /* Router descriptor storage.
1301 * Routerdescs are stored in a big file, named "cached-descriptors". As new
1302 * routerdescs arrive, we append them to a journal file named
1303 * "cached-descriptors.new".
1305 * From time to time, we replace "cached-descriptors" with a new file
1306 * containing only the live, non-superseded descriptors, and clear
1307 * cached-routers.new.
1309 * On startup, we read both files.
1312 /** Helper: return 1 iff the router log is so big we want to rebuild the
1315 router_should_rebuild_store(desc_store_t
*store
)
1317 if (store
->store_len
> (1<<16))
1318 return (store
->journal_len
> store
->store_len
/ 2 ||
1319 store
->bytes_dropped
> store
->store_len
/ 2);
1321 return store
->journal_len
> (1<<15);
1324 /** Return the desc_store_t in <b>rl</b> that should be used to store
1326 static inline desc_store_t
*
1327 desc_get_store(routerlist_t
*rl
, const signed_descriptor_t
*sd
)
1329 if (sd
->is_extrainfo
)
1330 return &rl
->extrainfo_store
;
1332 return &rl
->desc_store
;
1335 /** Add the signed_descriptor_t in <b>desc</b> to the router
1336 * journal; change its saved_location to SAVED_IN_JOURNAL and set its
1337 * offset appropriately. */
1339 signed_desc_append_to_journal(signed_descriptor_t
*desc
,
1340 desc_store_t
*store
)
1342 char *fname
= get_datadir_fname_suffix(store
->fname_base
, ".new");
1343 const char *body
= signed_descriptor_get_body_impl(desc
,1);
1344 size_t len
= desc
->signed_descriptor_len
+ desc
->annotations_len
;
1346 if (append_bytes_to_file(fname
, body
, len
, 1)) {
1347 log_warn(LD_FS
, "Unable to store router descriptor");
1351 desc
->saved_location
= SAVED_IN_JOURNAL
;
1354 desc
->saved_offset
= store
->journal_len
;
1355 store
->journal_len
+= len
;
1360 /** Sorting helper: return <0, 0, or >0 depending on whether the
1361 * signed_descriptor_t* in *<b>a</b> is older, the same age as, or newer than
1362 * the signed_descriptor_t* in *<b>b</b>. */
1364 compare_signed_descriptors_by_age_(const void **_a
, const void **_b
)
1366 const signed_descriptor_t
*r1
= *_a
, *r2
= *_b
;
1367 return (int)(r1
->published_on
- r2
->published_on
);
1371 #define RRS_DONT_REMOVE_OLD 2
1373 /** If the journal of <b>store</b> is too long, or if RRS_FORCE is set in
1374 * <b>flags</b>, then atomically replace the saved router store with the
1375 * routers currently in our routerlist, and clear the journal. Unless
1376 * RRS_DONT_REMOVE_OLD is set in <b>flags</b>, delete expired routers before
1377 * rebuilding the store. Return 0 on success, -1 on failure.
1380 router_rebuild_store(int flags
, desc_store_t
*store
)
1382 smartlist_t
*chunk_list
= NULL
;
1383 char *fname
= NULL
, *fname_tmp
= NULL
;
1386 smartlist_t
*signed_descriptors
= NULL
;
1388 size_t total_expected_len
= 0;
1390 int force
= flags
& RRS_FORCE
;
1392 if (!force
&& !router_should_rebuild_store(store
)) {
1401 if (store
->type
== EXTRAINFO_STORE
)
1402 had_any
= !eimap_isempty(routerlist
->extra_info_map
);
1404 had_any
= (smartlist_len(routerlist
->routers
)+
1405 smartlist_len(routerlist
->old_routers
))>0;
1407 /* Don't save deadweight. */
1408 if (!(flags
& RRS_DONT_REMOVE_OLD
))
1409 routerlist_remove_old_routers();
1411 log_info(LD_DIR
, "Rebuilding %s cache", store
->description
);
1413 fname
= get_datadir_fname(store
->fname_base
);
1414 fname_tmp
= get_datadir_fname_suffix(store
->fname_base
, ".tmp");
1416 chunk_list
= smartlist_new();
1418 /* We sort the routers by age to enhance locality on disk. */
1419 signed_descriptors
= smartlist_new();
1420 if (store
->type
== EXTRAINFO_STORE
) {
1422 for (iter
= eimap_iter_init(routerlist
->extra_info_map
);
1423 !eimap_iter_done(iter
);
1424 iter
= eimap_iter_next(routerlist
->extra_info_map
, iter
)) {
1427 eimap_iter_get(iter
, &key
, &ei
);
1428 smartlist_add(signed_descriptors
, &ei
->cache_info
);
1431 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
1432 smartlist_add(signed_descriptors
, sd
));
1433 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, ri
,
1434 smartlist_add(signed_descriptors
, &ri
->cache_info
));
1437 smartlist_sort(signed_descriptors
, compare_signed_descriptors_by_age_
);
1439 /* Now, add the appropriate members to chunk_list */
1440 SMARTLIST_FOREACH_BEGIN(signed_descriptors
, signed_descriptor_t
*, sd
) {
1442 const char *body
= signed_descriptor_get_body_impl(sd
, 1);
1444 log_warn(LD_BUG
, "No descriptor available for router.");
1447 if (sd
->do_not_cache
) {
1451 c
= tor_malloc(sizeof(sized_chunk_t
));
1453 c
->len
= sd
->signed_descriptor_len
+ sd
->annotations_len
;
1454 total_expected_len
+= c
->len
;
1455 smartlist_add(chunk_list
, c
);
1456 } SMARTLIST_FOREACH_END(sd
);
1458 if (write_chunks_to_file(fname_tmp
, chunk_list
, 1, 1)<0) {
1459 log_warn(LD_FS
, "Error writing router store to disk.");
1463 /* Our mmap is now invalid. */
1465 int res
= tor_munmap_file(store
->mmap
);
1468 log_warn(LD_FS
, "Unable to munmap route store in %s", fname
);
1472 if (replace_file(fname_tmp
, fname
)<0) {
1473 log_warn(LD_FS
, "Error replacing old router store: %s", strerror(errno
));
1478 store
->mmap
= tor_mmap_file(fname
);
1479 if (! store
->mmap
) {
1480 if (errno
== ERANGE
) {
1482 if (total_expected_len
) {
1483 log_warn(LD_FS
, "We wrote some bytes to a new descriptor file at '%s',"
1484 " but when we went to mmap it, it was empty!", fname
);
1485 } else if (had_any
) {
1486 log_info(LD_FS
, "We just removed every descriptor in '%s'. This is "
1487 "okay if we're just starting up after a long time. "
1488 "Otherwise, it's a bug.", fname
);
1491 log_warn(LD_FS
, "Unable to mmap new descriptor file at '%s'.",fname
);
1495 log_info(LD_DIR
, "Reconstructing pointers into cache");
1498 SMARTLIST_FOREACH_BEGIN(signed_descriptors
, signed_descriptor_t
*, sd
) {
1499 if (sd
->do_not_cache
)
1501 sd
->saved_location
= SAVED_IN_CACHE
;
1503 tor_free(sd
->signed_descriptor_body
); // sets it to null
1504 sd
->saved_offset
= offset
;
1506 offset
+= sd
->signed_descriptor_len
+ sd
->annotations_len
;
1507 signed_descriptor_get_body(sd
); /* reconstruct and assert */
1508 } SMARTLIST_FOREACH_END(sd
);
1511 fname
= get_datadir_fname_suffix(store
->fname_base
, ".new");
1512 write_str_to_file(fname
, "", 1);
1515 store
->store_len
= (size_t) offset
;
1516 store
->journal_len
= 0;
1517 store
->bytes_dropped
= 0;
1519 smartlist_free(signed_descriptors
);
1521 tor_free(fname_tmp
);
1523 SMARTLIST_FOREACH(chunk_list
, sized_chunk_t
*, c
, tor_free(c
));
1524 smartlist_free(chunk_list
);
1530 /** Helper: Reload a cache file and its associated journal, setting metadata
1531 * appropriately. If <b>extrainfo</b> is true, reload the extrainfo store;
1532 * else reload the router descriptor store. */
1534 router_reload_router_list_impl(desc_store_t
*store
)
1536 char *fname
= NULL
, *contents
= NULL
;
1538 int extrainfo
= (store
->type
== EXTRAINFO_STORE
);
1539 store
->journal_len
= store
->store_len
= 0;
1541 fname
= get_datadir_fname(store
->fname_base
);
1544 /* get rid of it first */
1545 int res
= tor_munmap_file(store
->mmap
);
1548 log_warn(LD_FS
, "Failed to munmap %s", fname
);
1554 store
->mmap
= tor_mmap_file(fname
);
1556 store
->store_len
= store
->mmap
->size
;
1558 router_load_extrainfo_from_string(store
->mmap
->data
,
1559 store
->mmap
->data
+store
->mmap
->size
,
1560 SAVED_IN_CACHE
, NULL
, 0);
1562 router_load_routers_from_string(store
->mmap
->data
,
1563 store
->mmap
->data
+store
->mmap
->size
,
1564 SAVED_IN_CACHE
, NULL
, 0, NULL
);
1568 fname
= get_datadir_fname_suffix(store
->fname_base
, ".new");
1569 /* don't load empty files - we wouldn't get any data, even if we tried */
1570 if (file_status(fname
) == FN_FILE
)
1571 contents
= read_file_to_str(fname
, RFTS_BIN
|RFTS_IGNORE_MISSING
, &st
);
1574 router_load_extrainfo_from_string(contents
, NULL
,SAVED_IN_JOURNAL
,
1577 router_load_routers_from_string(contents
, NULL
, SAVED_IN_JOURNAL
,
1579 store
->journal_len
= (size_t) st
.st_size
;
1585 if (store
->journal_len
) {
1586 /* Always clear the journal on startup.*/
1587 router_rebuild_store(RRS_FORCE
, store
);
1588 } else if (!extrainfo
) {
1589 /* Don't cache expired routers. (This is in an else because
1590 * router_rebuild_store() also calls remove_old_routers().) */
1591 routerlist_remove_old_routers();
1597 /** Load all cached router descriptors and extra-info documents from the
1598 * store. Return 0 on success and -1 on failure.
1601 router_reload_router_list(void)
1603 routerlist_t
*rl
= router_get_routerlist();
1604 if (router_reload_router_list_impl(&rl
->desc_store
))
1606 if (router_reload_router_list_impl(&rl
->extrainfo_store
))
1611 /** Return a smartlist containing a list of dir_server_t * for all
1612 * known trusted dirservers. Callers must not modify the list or its
1616 router_get_trusted_dir_servers(void)
1618 if (!trusted_dir_servers
)
1619 trusted_dir_servers
= smartlist_new();
1621 return trusted_dir_servers
;
1625 router_get_fallback_dir_servers(void)
1627 if (!fallback_dir_servers
)
1628 fallback_dir_servers
= smartlist_new();
1630 return fallback_dir_servers
;
1633 /** Try to find a running dirserver that supports operations of <b>type</b>.
1635 * If there are no running dirservers in our routerlist and the
1636 * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
1637 * (including authorities) as running again, and pick one.
1639 * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
1640 * dirservers that we can't reach.
1642 * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
1643 * (if we're a dirserver).
1645 * Don't pick a fallback directory mirror if any non-fallback is viable;
1646 * (the fallback directory mirrors include the authorities)
1647 * try to avoid using servers that have returned 503 recently.
1649 const routerstatus_t
*
1650 router_pick_directory_server(dirinfo_type_t type
, int flags
)
1653 const routerstatus_t
*choice
;
1658 choice
= router_pick_directory_server_impl(type
, flags
, &busy
);
1659 if (choice
|| !(flags
& PDS_RETRY_IF_NO_SERVERS
))
1663 /* If the reason that we got no server is that servers are "busy",
1664 * we must be excluding good servers because we already have serverdesc
1665 * fetches with them. Do not mark down servers up because of this. */
1666 tor_assert((flags
& (PDS_NO_EXISTING_SERVERDESC_FETCH
|
1667 PDS_NO_EXISTING_MICRODESC_FETCH
)));
1672 "No reachable router entries for dirservers. "
1673 "Trying them all again.");
1674 /* mark all fallback directory mirrors as up again */
1675 mark_all_dirservers_up(fallback_dir_servers
);
1677 choice
= router_pick_directory_server_impl(type
, flags
, NULL
);
1681 /** Return the dir_server_t for the directory authority whose identity
1682 * key hashes to <b>digest</b>, or NULL if no such authority is known.
1685 router_get_trusteddirserver_by_digest(const char *digest
)
1687 if (!trusted_dir_servers
)
1690 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
1692 if (tor_memeq(ds
->digest
, digest
, DIGEST_LEN
))
1699 /** Return the dir_server_t for the fallback dirserver whose identity
1700 * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
1701 * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
1702 * and UseDefaultFallbackDirs torrc options.)
1703 * The list of fallback directories includes the list of authorities.
1706 router_get_fallback_dirserver_by_digest(const char *digest
)
1708 if (!fallback_dir_servers
)
1714 SMARTLIST_FOREACH(fallback_dir_servers
, dir_server_t
*, ds
,
1716 if (tor_memeq(ds
->digest
, digest
, DIGEST_LEN
))
1723 /** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
1724 * or 0 if no such fallback is in the list of fallback_dir_servers.
1725 * (fallback_dir_servers is affected by the FallbackDir and
1726 * UseDefaultFallbackDirs torrc options.)
1727 * The list of fallback directories includes the list of authorities.
1730 router_digest_is_fallback_dir(const char *digest
)
1732 return (router_get_fallback_dirserver_by_digest(digest
) != NULL
);
1735 /** Return the dir_server_t for the directory authority whose
1736 * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
1739 MOCK_IMPL(dir_server_t
*,
1740 trusteddirserver_get_by_v3_auth_digest
, (const char *digest
))
1742 if (!trusted_dir_servers
)
1745 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ds
,
1747 if (tor_memeq(ds
->v3_identity_digest
, digest
, DIGEST_LEN
) &&
1748 (ds
->type
& V3_DIRINFO
))
1755 /** Try to find a running directory authority. Flags are as for
1756 * router_pick_directory_server.
1758 const routerstatus_t
*
1759 router_pick_trusteddirserver(dirinfo_type_t type
, int flags
)
1761 return router_pick_dirserver_generic(trusted_dir_servers
, type
, flags
);
1764 /** Try to find a running fallback directory. Flags are as for
1765 * router_pick_directory_server.
1767 const routerstatus_t
*
1768 router_pick_fallback_dirserver(dirinfo_type_t type
, int flags
)
1770 return router_pick_dirserver_generic(fallback_dir_servers
, type
, flags
);
1773 /** Try to find a running fallback directory. Flags are as for
1774 * router_pick_directory_server.
1776 static const routerstatus_t
*
1777 router_pick_dirserver_generic(smartlist_t
*sourcelist
,
1778 dirinfo_type_t type
, int flags
)
1780 const routerstatus_t
*choice
;
1783 choice
= router_pick_trusteddirserver_impl(sourcelist
, type
, flags
, &busy
);
1784 if (choice
|| !(flags
& PDS_RETRY_IF_NO_SERVERS
))
1787 /* If the reason that we got no server is that servers are "busy",
1788 * we must be excluding good servers because we already have serverdesc
1789 * fetches with them. Do not mark down servers up because of this. */
1790 tor_assert((flags
& (PDS_NO_EXISTING_SERVERDESC_FETCH
|
1791 PDS_NO_EXISTING_MICRODESC_FETCH
)));
1796 "No dirservers are reachable. Trying them all again.");
1797 mark_all_dirservers_up(sourcelist
);
1798 return router_pick_trusteddirserver_impl(sourcelist
, type
, flags
, NULL
);
1801 /* Check if we already have a directory fetch from ap, for serverdesc
1802 * (including extrainfo) or microdesc documents.
1803 * If so, return 1, if not, return 0.
1804 * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
1807 router_is_already_dir_fetching(const tor_addr_port_t
*ap
, int serverdesc
,
1810 if (!ap
|| tor_addr_is_null(&ap
->addr
) || !ap
->port
) {
1814 /* XX/teor - we're not checking tunnel connections here, see #17848
1817 connection_get_by_type_addr_port_purpose(
1818 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_SERVERDESC
)
1819 || connection_get_by_type_addr_port_purpose(
1820 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_EXTRAINFO
))) {
1825 connection_get_by_type_addr_port_purpose(
1826 CONN_TYPE_DIR
, &ap
->addr
, ap
->port
, DIR_PURPOSE_FETCH_MICRODESC
))) {
1833 /* Check if we already have a directory fetch from the ipv4 or ipv6
1834 * router, for serverdesc (including extrainfo) or microdesc documents.
1835 * If so, return 1, if not, return 0.
1838 router_is_already_dir_fetching_(uint32_t ipv4_addr
,
1839 const tor_addr_t
*ipv6_addr
,
1844 tor_addr_port_t ipv4_dir_ap
, ipv6_dir_ap
;
1846 /* Assume IPv6 DirPort is the same as IPv4 DirPort */
1847 tor_addr_from_ipv4h(&ipv4_dir_ap
.addr
, ipv4_addr
);
1848 ipv4_dir_ap
.port
= dir_port
;
1849 tor_addr_copy(&ipv6_dir_ap
.addr
, ipv6_addr
);
1850 ipv6_dir_ap
.port
= dir_port
;
1852 return (router_is_already_dir_fetching(&ipv4_dir_ap
, serverdesc
, microdesc
)
1853 || router_is_already_dir_fetching(&ipv6_dir_ap
, serverdesc
, microdesc
));
1856 #ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1857 #define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
1860 /* Log a message if rs is not found or not a preferred address */
1862 router_picked_poor_directory_log(const routerstatus_t
*rs
)
1864 const networkstatus_t
*usable_consensus
;
1865 usable_consensus
= networkstatus_get_reasonably_live_consensus(time(NULL
),
1866 usable_consensus_flavor());
1868 #if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1869 /* Don't log early in the bootstrap process, it's normal to pick from a
1870 * small pool of nodes. Of course, this won't help if we're trying to
1871 * diagnose bootstrap issues. */
1872 if (!smartlist_len(nodelist_get_list()) || !usable_consensus
1873 || !router_have_minimum_dir_info()) {
1876 #endif /* !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP */
1878 /* We couldn't find a node, or the one we have doesn't fit our preferences.
1879 * Sometimes this is normal, sometimes it can be a reachability issue. */
1881 /* This happens a lot, so it's at debug level */
1882 log_debug(LD_DIR
, "Wanted to make an outgoing directory connection, but "
1883 "we couldn't find a directory that fit our criteria. "
1884 "Perhaps we will succeed next time with less strict criteria.");
1885 } else if (!fascist_firewall_allows_rs(rs
, FIREWALL_OR_CONNECTION
, 1)
1886 && !fascist_firewall_allows_rs(rs
, FIREWALL_DIR_CONNECTION
, 1)
1888 /* This is rare, and might be interesting to users trying to diagnose
1889 * connection issues on dual-stack machines. */
1890 log_info(LD_DIR
, "Selected a directory %s with non-preferred OR and Dir "
1891 "addresses for launching an outgoing connection: "
1892 "IPv4 %s OR %d Dir %d IPv6 %s OR %d Dir %d",
1893 routerstatus_describe(rs
),
1894 fmt_addr32(rs
->addr
), rs
->or_port
,
1895 rs
->dir_port
, fmt_addr(&rs
->ipv6_addr
),
1896 rs
->ipv6_orport
, rs
->dir_port
);
1900 #undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
1902 /** How long do we avoid using a directory server after it's given us a 503? */
1903 #define DIR_503_TIMEOUT (60*60)
1905 /* Common retry code for router_pick_directory_server_impl and
1906 * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
1907 * Must be called before RETRY_WITHOUT_EXCLUDE().
1909 * If we got no result, and we are applying IP preferences, and we are a
1910 * client that could use an alternate IP version, try again with the
1911 * opposite preferences. */
1912 #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
1914 if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
1915 && fascist_firewall_use_ipv6(options) && !server_mode(options) \
1924 /* Common retry code for router_pick_directory_server_impl and
1925 * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
1926 * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
1928 * If we got no result, and we are excluding nodes, and StrictNodes is
1929 * not set, try again without excluding nodes. */
1930 #define RETRY_WITHOUT_EXCLUDE(retry_label) \
1932 if (result == NULL && try_excluding && !options->StrictNodes \
1933 && n_excluded && !n_busy) { \
1934 try_excluding = 0; \
1942 /* Common code used in the loop within router_pick_directory_server_impl and
1943 * router_pick_trusteddirserver_impl.
1945 * Check if the given <b>identity</b> supports extrainfo. If not, skip further
1948 #define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \
1950 int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \
1951 (identity), EXTRAINFO_DIRINFO); \
1952 if (((type) & EXTRAINFO_DIRINFO) && \
1953 !router_supports_extrainfo((identity), is_trusted_extrainfo)) \
1957 /* When iterating through the routerlist, can OR address/port preference
1958 * and reachability checks be skipped?
1961 router_skip_or_reachability(const or_options_t
*options
, int try_ip_pref
)
1963 /* Servers always have and prefer IPv4.
1964 * And if clients are checking against the firewall for reachability only,
1965 * but there's no firewall, don't bother checking */
1966 return server_mode(options
) || (!try_ip_pref
&& !firewall_is_fascist_or());
1969 /* When iterating through the routerlist, can Dir address/port preference
1970 * and reachability checks be skipped?
1973 router_skip_dir_reachability(const or_options_t
*options
, int try_ip_pref
)
1975 /* Servers always have and prefer IPv4.
1976 * And if clients are checking against the firewall for reachability only,
1977 * but there's no firewall, don't bother checking */
1978 return server_mode(options
) || (!try_ip_pref
&& !firewall_is_fascist_dir());
1981 /** Pick a random running valid directory server/mirror from our
1982 * routerlist. Arguments are as for router_pick_directory_server(), except:
1984 * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
1985 * directories that we excluded for no other reason than
1986 * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
1988 STATIC
const routerstatus_t
*
1989 router_pick_directory_server_impl(dirinfo_type_t type
, int flags
,
1992 const or_options_t
*options
= get_options();
1993 const node_t
*result
;
1994 smartlist_t
*direct
, *tunnel
;
1995 smartlist_t
*trusted_direct
, *trusted_tunnel
;
1996 smartlist_t
*overloaded_direct
, *overloaded_tunnel
;
1997 time_t now
= time(NULL
);
1998 const networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
1999 const int requireother
= ! (flags
& PDS_ALLOW_SELF
);
2000 const int fascistfirewall
= ! (flags
& PDS_IGNORE_FASCISTFIREWALL
);
2001 const int no_serverdesc_fetching
=(flags
& PDS_NO_EXISTING_SERVERDESC_FETCH
);
2002 const int no_microdesc_fetching
= (flags
& PDS_NO_EXISTING_MICRODESC_FETCH
);
2003 int try_excluding
= 1, n_excluded
= 0, n_busy
= 0;
2004 int try_ip_pref
= 1;
2011 direct
= smartlist_new();
2012 tunnel
= smartlist_new();
2013 trusted_direct
= smartlist_new();
2014 trusted_tunnel
= smartlist_new();
2015 overloaded_direct
= smartlist_new();
2016 overloaded_tunnel
= smartlist_new();
2018 const int skip_or_fw
= router_skip_or_reachability(options
, try_ip_pref
);
2019 const int skip_dir_fw
= router_skip_dir_reachability(options
, try_ip_pref
);
2020 const int must_have_or
= directory_must_use_begindir(options
);
2022 /* Find all the running dirservers we know about. */
2023 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t
*, node
) {
2026 const routerstatus_t
*status
= node
->rs
;
2027 const country_t country
= node
->country
;
2031 if (!node
->is_running
|| !node_is_dir(node
) || !node
->is_valid
)
2033 if (requireother
&& router_digest_is_me(node
->identity
))
2036 SKIP_MISSING_TRUSTED_EXTRAINFO(type
, node
->identity
);
2038 if (try_excluding
&&
2039 routerset_contains_routerstatus(options
->ExcludeNodes
, status
,
2045 if (router_is_already_dir_fetching_(status
->addr
,
2048 no_serverdesc_fetching
,
2049 no_microdesc_fetching
)) {
2054 is_overloaded
= status
->last_dir_503_at
+ DIR_503_TIMEOUT
> now
;
2055 is_trusted
= router_digest_is_trusted_dir(node
->identity
);
2057 /* Clients use IPv6 addresses if the server has one and the client
2059 * Add the router if its preferred address and port are reachable.
2060 * If we don't get any routers, we'll try again with the non-preferred
2061 * address for each router (if any). (To ensure correct load-balancing
2062 * we try routers that only have one address both times.)
2064 if (!fascistfirewall
|| skip_or_fw
||
2065 fascist_firewall_allows_node(node
, FIREWALL_OR_CONNECTION
,
2067 smartlist_add(is_trusted
? trusted_tunnel
:
2068 is_overloaded
? overloaded_tunnel
: tunnel
, (void*)node
);
2069 else if (!must_have_or
&& (skip_dir_fw
||
2070 fascist_firewall_allows_node(node
, FIREWALL_DIR_CONNECTION
,
2072 smartlist_add(is_trusted
? trusted_direct
:
2073 is_overloaded
? overloaded_direct
: direct
, (void*)node
);
2074 } SMARTLIST_FOREACH_END(node
);
2076 if (smartlist_len(tunnel
)) {
2077 result
= node_sl_choose_by_bandwidth(tunnel
, WEIGHT_FOR_DIR
);
2078 } else if (smartlist_len(overloaded_tunnel
)) {
2079 result
= node_sl_choose_by_bandwidth(overloaded_tunnel
,
2081 } else if (smartlist_len(trusted_tunnel
)) {
2082 /* FFFF We don't distinguish between trusteds and overloaded trusteds
2083 * yet. Maybe one day we should. */
2084 /* FFFF We also don't load balance over authorities yet. I think this
2085 * is a feature, but it could easily be a bug. -RD */
2086 result
= smartlist_choose(trusted_tunnel
);
2087 } else if (smartlist_len(direct
)) {
2088 result
= node_sl_choose_by_bandwidth(direct
, WEIGHT_FOR_DIR
);
2089 } else if (smartlist_len(overloaded_direct
)) {
2090 result
= node_sl_choose_by_bandwidth(overloaded_direct
,
2093 result
= smartlist_choose(trusted_direct
);
2095 smartlist_free(direct
);
2096 smartlist_free(tunnel
);
2097 smartlist_free(trusted_direct
);
2098 smartlist_free(trusted_tunnel
);
2099 smartlist_free(overloaded_direct
);
2100 smartlist_free(overloaded_tunnel
);
2102 RETRY_ALTERNATE_IP_VERSION(retry_search
);
2104 RETRY_WITHOUT_EXCLUDE(retry_search
);
2107 *n_busy_out
= n_busy
;
2109 router_picked_poor_directory_log(result
? result
->rs
: NULL
);
2111 return result
? result
->rs
: NULL
;
2114 /** Pick a random element from a list of dir_server_t, weighting by their
2115 * <b>weight</b> field. */
2116 static const dir_server_t
*
2117 dirserver_choose_by_weight(const smartlist_t
*servers
, double authority_weight
)
2119 int n
= smartlist_len(servers
);
2121 double *weights_dbl
;
2122 uint64_t *weights_u64
;
2123 const dir_server_t
*ds
;
2125 weights_dbl
= tor_calloc(n
, sizeof(double));
2126 weights_u64
= tor_calloc(n
, sizeof(uint64_t));
2127 for (i
= 0; i
< n
; ++i
) {
2128 ds
= smartlist_get(servers
, i
);
2129 weights_dbl
[i
] = ds
->weight
;
2130 if (ds
->is_authority
)
2131 weights_dbl
[i
] *= authority_weight
;
2134 scale_array_elements_to_u64(weights_u64
, weights_dbl
, n
, NULL
);
2135 i
= choose_array_element_by_weight(weights_u64
, n
);
2136 tor_free(weights_dbl
);
2137 tor_free(weights_u64
);
2138 return (i
< 0) ? NULL
: smartlist_get(servers
, i
);
2141 /** Choose randomly from among the dir_server_ts in sourcelist that
2142 * are up. Flags are as for router_pick_directory_server_impl().
2144 static const routerstatus_t
*
2145 router_pick_trusteddirserver_impl(const smartlist_t
*sourcelist
,
2146 dirinfo_type_t type
, int flags
,
2149 const or_options_t
*options
= get_options();
2150 smartlist_t
*direct
, *tunnel
;
2151 smartlist_t
*overloaded_direct
, *overloaded_tunnel
;
2152 const routerinfo_t
*me
= router_get_my_routerinfo();
2153 const routerstatus_t
*result
= NULL
;
2154 time_t now
= time(NULL
);
2155 const int requireother
= ! (flags
& PDS_ALLOW_SELF
);
2156 const int fascistfirewall
= ! (flags
& PDS_IGNORE_FASCISTFIREWALL
);
2157 const int no_serverdesc_fetching
=(flags
& PDS_NO_EXISTING_SERVERDESC_FETCH
);
2158 const int no_microdesc_fetching
=(flags
& PDS_NO_EXISTING_MICRODESC_FETCH
);
2159 const double auth_weight
= (sourcelist
== fallback_dir_servers
) ?
2160 options
->DirAuthorityFallbackRate
: 1.0;
2161 smartlist_t
*pick_from
;
2163 int try_excluding
= 1, n_excluded
= 0;
2164 int try_ip_pref
= 1;
2171 direct
= smartlist_new();
2172 tunnel
= smartlist_new();
2173 overloaded_direct
= smartlist_new();
2174 overloaded_tunnel
= smartlist_new();
2176 const int skip_or_fw
= router_skip_or_reachability(options
, try_ip_pref
);
2177 const int skip_dir_fw
= router_skip_dir_reachability(options
, try_ip_pref
);
2178 const int must_have_or
= directory_must_use_begindir(options
);
2180 SMARTLIST_FOREACH_BEGIN(sourcelist
, const dir_server_t
*, d
)
2183 d
->fake_status
.last_dir_503_at
+ DIR_503_TIMEOUT
> now
;
2184 if (!d
->is_running
) continue;
2185 if ((type
& d
->type
) == 0)
2188 SKIP_MISSING_TRUSTED_EXTRAINFO(type
, d
->digest
);
2190 if (requireother
&& me
&& router_digest_is_me(d
->digest
))
2192 if (try_excluding
&&
2193 routerset_contains_routerstatus(options
->ExcludeNodes
,
2194 &d
->fake_status
, -1)) {
2199 if (router_is_already_dir_fetching_(d
->addr
,
2202 no_serverdesc_fetching
,
2203 no_microdesc_fetching
)) {
2208 /* Clients use IPv6 addresses if the server has one and the client
2210 * Add the router if its preferred address and port are reachable.
2211 * If we don't get any routers, we'll try again with the non-preferred
2212 * address for each router (if any). (To ensure correct load-balancing
2213 * we try routers that only have one address both times.)
2215 if (!fascistfirewall
|| skip_or_fw
||
2216 fascist_firewall_allows_dir_server(d
, FIREWALL_OR_CONNECTION
,
2218 smartlist_add(is_overloaded
? overloaded_tunnel
: tunnel
, (void*)d
);
2219 else if (!must_have_or
&& (skip_dir_fw
||
2220 fascist_firewall_allows_dir_server(d
, FIREWALL_DIR_CONNECTION
,
2222 smartlist_add(is_overloaded
? overloaded_direct
: direct
, (void*)d
);
2224 SMARTLIST_FOREACH_END(d
);
2226 if (smartlist_len(tunnel
)) {
2228 } else if (smartlist_len(overloaded_tunnel
)) {
2229 pick_from
= overloaded_tunnel
;
2230 } else if (smartlist_len(direct
)) {
2233 pick_from
= overloaded_direct
;
2237 const dir_server_t
*selection
=
2238 dirserver_choose_by_weight(pick_from
, auth_weight
);
2241 result
= &selection
->fake_status
;
2244 smartlist_free(direct
);
2245 smartlist_free(tunnel
);
2246 smartlist_free(overloaded_direct
);
2247 smartlist_free(overloaded_tunnel
);
2249 RETRY_ALTERNATE_IP_VERSION(retry_search
);
2251 RETRY_WITHOUT_EXCLUDE(retry_search
);
2253 router_picked_poor_directory_log(result
);
2256 *n_busy_out
= n_busy
;
2260 /** Mark as running every dir_server_t in <b>server_list</b>. */
2262 mark_all_dirservers_up(smartlist_t
*server_list
)
2265 SMARTLIST_FOREACH_BEGIN(server_list
, dir_server_t
*, dir
) {
2268 dir
->is_running
= 1;
2269 node
= node_get_mutable_by_id(dir
->digest
);
2271 node
->is_running
= 1;
2272 rs
= router_get_mutable_consensus_status_by_id(dir
->digest
);
2274 rs
->last_dir_503_at
= 0;
2275 control_event_networkstatus_changed_single(rs
);
2277 } SMARTLIST_FOREACH_END(dir
);
2279 router_dir_info_changed();
2282 /** Return true iff r1 and r2 have the same address and OR port. */
2284 routers_have_same_or_addrs(const routerinfo_t
*r1
, const routerinfo_t
*r2
)
2286 return r1
->addr
== r2
->addr
&& r1
->or_port
== r2
->or_port
&&
2287 tor_addr_eq(&r1
->ipv6_addr
, &r2
->ipv6_addr
) &&
2288 r1
->ipv6_orport
== r2
->ipv6_orport
;
2291 /** Reset all internal variables used to count failed downloads of network
2292 * status objects. */
2294 router_reset_status_download_failures(void)
2296 mark_all_dirservers_up(fallback_dir_servers
);
2299 /** Given a <b>router</b>, add every node_t in its family (including the
2300 * node itself!) to <b>sl</b>.
2302 * Note the type mismatch: This function takes a routerinfo, but adds nodes
2306 routerlist_add_node_and_family(smartlist_t
*sl
, const routerinfo_t
*router
)
2310 const node_t
*node
= node_get_by_id(router
->cache_info
.identity_digest
);
2312 memset(&fake_node
, 0, sizeof(fake_node
));
2313 fake_node
.ri
= (routerinfo_t
*)router
;
2314 memcpy(fake_node
.identity
, router
->cache_info
.identity_digest
, DIGEST_LEN
);
2317 nodelist_add_node_and_family(sl
, node
);
2320 /** Add every suitable node from our nodelist to <b>sl</b>, so that
2321 * we can pick a node for a circuit.
2324 router_add_running_nodes_to_smartlist(smartlist_t
*sl
, int need_uptime
,
2325 int need_capacity
, int need_guard
,
2326 int need_desc
, int pref_addr
,
2329 const int check_reach
= !router_skip_or_reachability(get_options(),
2332 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t
*, node
) {
2333 if (!node
->is_running
|| !node
->is_valid
)
2335 if (need_desc
&& !(node
->ri
|| (node
->rs
&& node
->md
)))
2337 if (node
->ri
&& node
->ri
->purpose
!= ROUTER_PURPOSE_GENERAL
)
2339 if (node_is_unreliable(node
, need_uptime
, need_capacity
, need_guard
))
2341 /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
2342 if (node
->rs
&& !routerstatus_version_supports_extend2_cells(node
->rs
, 1))
2344 /* Don't choose nodes if we are certain they can't do ntor. */
2345 if ((node
->ri
|| node
->md
) && !node_has_curve25519_onion_key(node
))
2347 /* Choose a node with an OR address that matches the firewall rules */
2348 if (direct_conn
&& check_reach
&&
2349 !fascist_firewall_allows_node(node
,
2350 FIREWALL_OR_CONNECTION
,
2354 smartlist_add(sl
, (void *)node
);
2355 } SMARTLIST_FOREACH_END(node
);
2358 /** Look through the routerlist until we find a router that has my key.
2360 const routerinfo_t
*
2361 routerlist_find_my_routerinfo(void)
2366 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, router
,
2368 if (router_is_me(router
))
2374 /** Return the smaller of the router's configured BandwidthRate
2375 * and its advertised capacity. */
2377 router_get_advertised_bandwidth(const routerinfo_t
*router
)
2379 if (router
->bandwidthcapacity
< router
->bandwidthrate
)
2380 return router
->bandwidthcapacity
;
2381 return router
->bandwidthrate
;
2384 /** Do not weight any declared bandwidth more than this much when picking
2385 * routers by bandwidth. */
2386 #define DEFAULT_MAX_BELIEVABLE_BANDWIDTH 10000000 /* 10 MB/sec */
2388 /** Return the smaller of the router's configured BandwidthRate
2389 * and its advertised capacity, capped by max-believe-bw. */
2391 router_get_advertised_bandwidth_capped(const routerinfo_t
*router
)
2393 uint32_t result
= router
->bandwidthcapacity
;
2394 if (result
> router
->bandwidthrate
)
2395 result
= router
->bandwidthrate
;
2396 if (result
> DEFAULT_MAX_BELIEVABLE_BANDWIDTH
)
2397 result
= DEFAULT_MAX_BELIEVABLE_BANDWIDTH
;
2401 /** Given an array of double/uint64_t unions that are currently being used as
2402 * doubles, convert them to uint64_t, and try to scale them linearly so as to
2403 * much of the range of uint64_t. If <b>total_out</b> is provided, set it to
2404 * the sum of all elements in the array _before_ scaling. */
2406 scale_array_elements_to_u64(uint64_t *entries_out
, const double *entries_in
,
2408 uint64_t *total_out
)
2411 double scale_factor
= 0.0;
2414 for (i
= 0; i
< n_entries
; ++i
)
2415 total
+= entries_in
[i
];
2418 scale_factor
= ((double)INT64_MAX
) / total
;
2419 scale_factor
/= 4.0; /* make sure we're very far away from overflowing */
2422 for (i
= 0; i
< n_entries
; ++i
)
2423 entries_out
[i
] = tor_llround(entries_in
[i
] * scale_factor
);
2426 *total_out
= (uint64_t) total
;
2429 /** Pick a random element of <b>n_entries</b>-element array <b>entries</b>,
2430 * choosing each element with a probability proportional to its (uint64_t)
2431 * value, and return the index of that element. If all elements are 0, choose
2432 * an index at random. Return -1 on error.
2435 choose_array_element_by_weight(const uint64_t *entries
, int n_entries
)
2441 for (i
= 0; i
< n_entries
; ++i
)
2442 total
+= entries
[i
];
2448 return crypto_rand_int(n_entries
);
2450 tor_assert(total
< INT64_MAX
);
2452 rand_val
= crypto_rand_uint64(total
);
2454 return select_array_member_cumulative_timei(
2455 entries
, n_entries
, total
, rand_val
);
2458 /** When weighting bridges, enforce these values as lower and upper
2459 * bound for believable bandwidth, because there is no way for us
2460 * to verify a bridge's bandwidth currently. */
2461 #define BRIDGE_MIN_BELIEVABLE_BANDWIDTH 20000 /* 20 kB/sec */
2462 #define BRIDGE_MAX_BELIEVABLE_BANDWIDTH 100000 /* 100 kB/sec */
2464 /** Return the smaller of the router's configured BandwidthRate
2465 * and its advertised capacity, making sure to stay within the
2466 * interval between bridge-min-believe-bw and
2467 * bridge-max-believe-bw. */
2469 bridge_get_advertised_bandwidth_bounded(routerinfo_t
*router
)
2471 uint32_t result
= router
->bandwidthcapacity
;
2472 if (result
> router
->bandwidthrate
)
2473 result
= router
->bandwidthrate
;
2474 if (result
> BRIDGE_MAX_BELIEVABLE_BANDWIDTH
)
2475 result
= BRIDGE_MAX_BELIEVABLE_BANDWIDTH
;
2476 else if (result
< BRIDGE_MIN_BELIEVABLE_BANDWIDTH
)
2477 result
= BRIDGE_MIN_BELIEVABLE_BANDWIDTH
;
2481 /** Return bw*1000, unless bw*1000 would overflow, in which case return
2483 static inline int32_t
2484 kb_to_bytes(uint32_t bw
)
2486 return (bw
> (INT32_MAX
/1000)) ? INT32_MAX
: bw
*1000;
2489 /** Helper function:
2490 * choose a random element of smartlist <b>sl</b> of nodes, weighted by
2491 * the advertised bandwidth of each element using the consensus
2492 * bandwidth weights.
2494 * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
2495 * nodes' bandwidth equally regardless of their Exit status, since there may
2496 * be some in the list because they exit to obscure ports. If
2497 * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
2498 * exit-node's bandwidth less depending on the smallness of the fraction of
2499 * Exit-to-total bandwidth. If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
2500 * guard node: consider all guard's bandwidth equally. Otherwise, weight
2501 * guards proportionally less.
2503 static const node_t
*
2504 smartlist_choose_node_by_bandwidth_weights(const smartlist_t
*sl
,
2505 bandwidth_weight_rule_t rule
)
2507 double *bandwidths_dbl
=NULL
;
2508 uint64_t *bandwidths_u64
=NULL
;
2510 if (compute_weighted_bandwidths(sl
, rule
, &bandwidths_dbl
, NULL
) < 0)
2513 bandwidths_u64
= tor_calloc(smartlist_len(sl
), sizeof(uint64_t));
2514 scale_array_elements_to_u64(bandwidths_u64
, bandwidths_dbl
,
2515 smartlist_len(sl
), NULL
);
2518 int idx
= choose_array_element_by_weight(bandwidths_u64
,
2520 tor_free(bandwidths_dbl
);
2521 tor_free(bandwidths_u64
);
2522 return idx
< 0 ? NULL
: smartlist_get(sl
, idx
);
2526 /** Given a list of routers and a weighting rule as in
2527 * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth
2528 * values for each node and store them in a freshly allocated
2529 * *<b>bandwidths_out</b> of the same length as <b>sl</b>, and holding results
2530 * as doubles. If <b>total_bandwidth_out</b> is non-NULL, set it to the total
2531 * of all the bandwidths.
2532 * Return 0 on success, -1 on failure. */
2534 compute_weighted_bandwidths(const smartlist_t
*sl
,
2535 bandwidth_weight_rule_t rule
,
2536 double **bandwidths_out
,
2537 double *total_bandwidth_out
)
2539 int64_t weight_scale
;
2540 double Wg
= -1, Wm
= -1, We
= -1, Wd
= -1;
2541 double Wgb
= -1, Wmb
= -1, Web
= -1, Wdb
= -1;
2542 guardfraction_bandwidth_t guardfraction_bw
;
2543 double *bandwidths
= NULL
;
2544 double total_bandwidth
= 0.0;
2547 tor_assert(bandwidths_out
);
2549 /* Can't choose exit and guard at same time */
2550 tor_assert(rule
== NO_WEIGHTING
||
2551 rule
== WEIGHT_FOR_EXIT
||
2552 rule
== WEIGHT_FOR_GUARD
||
2553 rule
== WEIGHT_FOR_MID
||
2554 rule
== WEIGHT_FOR_DIR
);
2556 *bandwidths_out
= NULL
;
2558 if (total_bandwidth_out
) {
2559 *total_bandwidth_out
= 0.0;
2562 if (smartlist_len(sl
) == 0) {
2564 "Empty routerlist passed in to consensus weight node "
2565 "selection for rule %s",
2566 bandwidth_weight_rule_to_string(rule
));
2570 weight_scale
= networkstatus_get_weight_scale_param(NULL
);
2572 if (rule
== WEIGHT_FOR_GUARD
) {
2573 Wg
= networkstatus_get_bw_weight(NULL
, "Wgg", -1);
2574 Wm
= networkstatus_get_bw_weight(NULL
, "Wgm", -1); /* Bridges */
2576 Wd
= networkstatus_get_bw_weight(NULL
, "Wgd", -1);
2578 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2579 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2580 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2581 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2582 } else if (rule
== WEIGHT_FOR_MID
) {
2583 Wg
= networkstatus_get_bw_weight(NULL
, "Wmg", -1);
2584 Wm
= networkstatus_get_bw_weight(NULL
, "Wmm", -1);
2585 We
= networkstatus_get_bw_weight(NULL
, "Wme", -1);
2586 Wd
= networkstatus_get_bw_weight(NULL
, "Wmd", -1);
2588 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2589 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2590 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2591 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2592 } else if (rule
== WEIGHT_FOR_EXIT
) {
2593 // Guards CAN be exits if they have weird exit policies
2594 // They are d then I guess...
2595 We
= networkstatus_get_bw_weight(NULL
, "Wee", -1);
2596 Wm
= networkstatus_get_bw_weight(NULL
, "Wem", -1); /* Odd exit policies */
2597 Wd
= networkstatus_get_bw_weight(NULL
, "Wed", -1);
2598 Wg
= networkstatus_get_bw_weight(NULL
, "Weg", -1); /* Odd exit policies */
2600 Wgb
= networkstatus_get_bw_weight(NULL
, "Wgb", -1);
2601 Wmb
= networkstatus_get_bw_weight(NULL
, "Wmb", -1);
2602 Web
= networkstatus_get_bw_weight(NULL
, "Web", -1);
2603 Wdb
= networkstatus_get_bw_weight(NULL
, "Wdb", -1);
2604 } else if (rule
== WEIGHT_FOR_DIR
) {
2605 We
= networkstatus_get_bw_weight(NULL
, "Wbe", -1);
2606 Wm
= networkstatus_get_bw_weight(NULL
, "Wbm", -1);
2607 Wd
= networkstatus_get_bw_weight(NULL
, "Wbd", -1);
2608 Wg
= networkstatus_get_bw_weight(NULL
, "Wbg", -1);
2610 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2611 } else if (rule
== NO_WEIGHTING
) {
2612 Wg
= Wm
= We
= Wd
= weight_scale
;
2613 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2616 if (Wg
< 0 || Wm
< 0 || We
< 0 || Wd
< 0 || Wgb
< 0 || Wmb
< 0 || Wdb
< 0
2619 "Got negative bandwidth weights. Defaulting to naive selection"
2621 Wg
= Wm
= We
= Wd
= weight_scale
;
2622 Wgb
= Wmb
= Web
= Wdb
= weight_scale
;
2630 Wgb
/= weight_scale
;
2631 Wmb
/= weight_scale
;
2632 Web
/= weight_scale
;
2633 Wdb
/= weight_scale
;
2635 bandwidths
= tor_calloc(smartlist_len(sl
), sizeof(double));
2637 // Cycle through smartlist and total the bandwidth.
2638 static int warned_missing_bw
= 0;
2639 SMARTLIST_FOREACH_BEGIN(sl
, const node_t
*, node
) {
2640 int is_exit
= 0, is_guard
= 0, is_dir
= 0, this_bw
= 0;
2642 double weight_without_guard_flag
= 0; /* Used for guardfraction */
2643 double final_weight
= 0;
2644 is_exit
= node
->is_exit
&& ! node
->is_bad_exit
;
2645 is_guard
= node
->is_possible_guard
;
2646 is_dir
= node_is_dir(node
);
2648 if (!node
->rs
->has_bandwidth
) {
2649 /* This should never happen, unless all the authorites downgrade
2650 * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
2651 if (! warned_missing_bw
) {
2653 "Consensus is missing some bandwidths. Using a naive "
2654 "router selection algorithm");
2655 warned_missing_bw
= 1;
2657 this_bw
= 30000; /* Chosen arbitrarily */
2659 this_bw
= kb_to_bytes(node
->rs
->bandwidth_kb
);
2661 } else if (node
->ri
) {
2662 /* bridge or other descriptor not in our consensus */
2663 this_bw
= bridge_get_advertised_bandwidth_bounded(node
->ri
);
2665 /* We can't use this one. */
2669 if (is_guard
&& is_exit
) {
2670 weight
= (is_dir
? Wdb
*Wd
: Wd
);
2671 weight_without_guard_flag
= (is_dir
? Web
*We
: We
);
2672 } else if (is_guard
) {
2673 weight
= (is_dir
? Wgb
*Wg
: Wg
);
2674 weight_without_guard_flag
= (is_dir
? Wmb
*Wm
: Wm
);
2675 } else if (is_exit
) {
2676 weight
= (is_dir
? Web
*We
: We
);
2678 weight
= (is_dir
? Wmb
*Wm
: Wm
);
2680 /* These should be impossible; but overflows here would be bad, so let's
2686 if (weight_without_guard_flag
< 0.0)
2687 weight_without_guard_flag
= 0.0;
2689 /* If guardfraction information is available in the consensus, we
2690 * want to calculate this router's bandwidth according to its
2691 * guardfraction. Quoting from proposal236:
2693 * Let Wpf denote the weight from the 'bandwidth-weights' line a
2694 * client would apply to N for position p if it had the guard
2695 * flag, Wpn the weight if it did not have the guard flag, and B the
2696 * measured bandwidth of N in the consensus. Then instead of choosing
2697 * N for position p proportionally to Wpf*B or Wpn*B, clients should
2698 * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
2700 if (node
->rs
&& node
->rs
->has_guardfraction
&& rule
!= WEIGHT_FOR_GUARD
) {
2701 /* XXX The assert should actually check for is_guard. However,
2702 * that crashes dirauths because of #13297. This should be
2704 tor_assert(node
->rs
->is_possible_guard
);
2706 guard_get_guardfraction_bandwidth(&guardfraction_bw
,
2708 node
->rs
->guardfraction_percentage
);
2710 /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
2712 guardfraction_bw
.guard_bw
* weight
+
2713 guardfraction_bw
.non_guard_bw
* weight_without_guard_flag
;
2715 log_debug(LD_GENERAL
, "%s: Guardfraction weight %f instead of %f (%s)",
2716 node
->rs
->nickname
, final_weight
, weight
*this_bw
,
2717 bandwidth_weight_rule_to_string(rule
));
2718 } else { /* no guardfraction information. calculate the weight normally. */
2719 final_weight
= weight
*this_bw
;
2722 bandwidths
[node_sl_idx
] = final_weight
;
2723 total_bandwidth
+= final_weight
;
2724 } SMARTLIST_FOREACH_END(node
);
2726 log_debug(LD_CIRC
, "Generated weighted bandwidths for rule %s based "
2728 "Wg=%f Wm=%f We=%f Wd=%f with total bw %f",
2729 bandwidth_weight_rule_to_string(rule
),
2730 Wg
, Wm
, We
, Wd
, total_bandwidth
);
2732 *bandwidths_out
= bandwidths
;
2734 if (total_bandwidth_out
) {
2735 *total_bandwidth_out
= total_bandwidth
;
2741 /** For all nodes in <b>sl</b>, return the fraction of those nodes, weighted
2742 * by their weighted bandwidths with rule <b>rule</b>, for which we have
2745 frac_nodes_with_descriptors(const smartlist_t
*sl
,
2746 bandwidth_weight_rule_t rule
)
2748 double *bandwidths
= NULL
;
2749 double total
, present
;
2751 if (smartlist_len(sl
) == 0)
2754 if (compute_weighted_bandwidths(sl
, rule
, &bandwidths
, &total
) < 0 ||
2756 int n_with_descs
= 0;
2757 SMARTLIST_FOREACH(sl
, const node_t
*, node
, {
2758 if (node_has_descriptor(node
))
2761 return ((double)n_with_descs
) / (double)smartlist_len(sl
);
2765 SMARTLIST_FOREACH_BEGIN(sl
, const node_t
*, node
) {
2766 if (node_has_descriptor(node
))
2767 present
+= bandwidths
[node_sl_idx
];
2768 } SMARTLIST_FOREACH_END(node
);
2770 tor_free(bandwidths
);
2772 return present
/ total
;
2775 /** Choose a random element of status list <b>sl</b>, weighted by
2776 * the advertised bandwidth of each node */
2778 node_sl_choose_by_bandwidth(const smartlist_t
*sl
,
2779 bandwidth_weight_rule_t rule
)
2781 return smartlist_choose_node_by_bandwidth_weights(sl
, rule
);
2784 /** Return a random running node from the nodelist. Never
2785 * pick a node that is in
2786 * <b>excludedsmartlist</b>, or which matches <b>excludedset</b>,
2787 * even if they are the only nodes available.
2788 * If <b>CRN_NEED_UPTIME</b> is set in flags and any router has more than
2789 * a minimum uptime, return one of those.
2790 * If <b>CRN_NEED_CAPACITY</b> is set in flags, weight your choice by the
2791 * advertised capacity of each router.
2792 * If <b>CRN_NEED_GUARD</b> is set in flags, consider only Guard routers.
2793 * If <b>CRN_WEIGHT_AS_EXIT</b> is set in flags, we weight bandwidths as if
2794 * picking an exit node, otherwise we weight bandwidths for picking a relay
2795 * node (that is, possibly discounting exit nodes).
2796 * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
2797 * have a routerinfo or microdescriptor -- that is, enough info to be
2798 * used to build a circuit.
2799 * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
2800 * have an address that is preferred by the ClientPreferIPv6ORPort setting
2801 * (regardless of this flag, we exclude nodes that aren't allowed by the
2802 * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
2805 router_choose_random_node(smartlist_t
*excludedsmartlist
,
2806 routerset_t
*excludedset
,
2807 router_crn_flags_t flags
)
2809 const int need_uptime
= (flags
& CRN_NEED_UPTIME
) != 0;
2810 const int need_capacity
= (flags
& CRN_NEED_CAPACITY
) != 0;
2811 const int need_guard
= (flags
& CRN_NEED_GUARD
) != 0;
2812 const int weight_for_exit
= (flags
& CRN_WEIGHT_AS_EXIT
) != 0;
2813 const int need_desc
= (flags
& CRN_NEED_DESC
) != 0;
2814 const int pref_addr
= (flags
& CRN_PREF_ADDR
) != 0;
2815 const int direct_conn
= (flags
& CRN_DIRECT_CONN
) != 0;
2816 const int rendezvous_v3
= (flags
& CRN_RENDEZVOUS_V3
) != 0;
2818 smartlist_t
*sl
=smartlist_new(),
2819 *excludednodes
=smartlist_new();
2820 const node_t
*choice
= NULL
;
2821 const routerinfo_t
*r
;
2822 bandwidth_weight_rule_t rule
;
2824 tor_assert(!(weight_for_exit
&& need_guard
));
2825 rule
= weight_for_exit
? WEIGHT_FOR_EXIT
:
2826 (need_guard
? WEIGHT_FOR_GUARD
: WEIGHT_FOR_MID
);
2828 SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t
*, node
) {
2829 if (node_allows_single_hop_exits(node
)) {
2830 /* Exclude relays that allow single hop exit circuits. This is an
2831 * obsolete option since 0.2.9.2-alpha and done by default in
2833 smartlist_add(excludednodes
, node
);
2834 } else if (rendezvous_v3
&&
2835 !node_supports_v3_rendezvous_point(node
)) {
2836 /* Exclude relays that do not support to rendezvous for a hidden service
2838 smartlist_add(excludednodes
, node
);
2840 } SMARTLIST_FOREACH_END(node
);
2842 if ((r
= routerlist_find_my_routerinfo()))
2843 routerlist_add_node_and_family(excludednodes
, r
);
2845 router_add_running_nodes_to_smartlist(sl
, need_uptime
, need_capacity
,
2846 need_guard
, need_desc
, pref_addr
,
2849 "We found %d running nodes.",
2852 smartlist_subtract(sl
,excludednodes
);
2854 "We removed %d excludednodes, leaving %d nodes.",
2855 smartlist_len(excludednodes
),
2858 if (excludedsmartlist
) {
2859 smartlist_subtract(sl
,excludedsmartlist
);
2861 "We removed %d excludedsmartlist, leaving %d nodes.",
2862 smartlist_len(excludedsmartlist
),
2866 routerset_subtract_nodes(sl
,excludedset
);
2868 "We removed excludedset, leaving %d nodes.",
2872 // Always weight by bandwidth
2873 choice
= node_sl_choose_by_bandwidth(sl
, rule
);
2876 if (!choice
&& (need_uptime
|| need_capacity
|| need_guard
|| pref_addr
)) {
2877 /* try once more -- recurse but with fewer restrictions. */
2879 "We couldn't find any live%s%s%s routers; falling back "
2880 "to list of all routers.",
2881 need_capacity
?", fast":"",
2882 need_uptime
?", stable":"",
2883 need_guard
?", guard":"");
2884 flags
&= ~ (CRN_NEED_UPTIME
|CRN_NEED_CAPACITY
|CRN_NEED_GUARD
|
2886 choice
= router_choose_random_node(
2887 excludedsmartlist
, excludedset
, flags
);
2889 smartlist_free(excludednodes
);
2892 "No available nodes when trying to choose node. Failing.");
2897 /** Helper: given an extended nickname in <b>hexdigest</b> try to decode it.
2898 * Return 0 on success, -1 on failure. Store the result into the
2899 * DIGEST_LEN-byte buffer at <b>digest_out</b>, the single character at
2900 * <b>nickname_qualifier_char_out</b>, and the MAXNICKNAME_LEN+1-byte buffer
2901 * at <b>nickname_out</b>.
2903 * The recognized format is:
2904 * HexName = Dollar? HexDigest NamePart?
2906 * HexDigest = HexChar*20
2907 * HexChar = 'a'..'f' | 'A'..'F' | '0'..'9'
2908 * NamePart = QualChar Name
2909 * QualChar = '=' | '~'
2910 * Name = NameChar*(1..MAX_NICKNAME_LEN)
2911 * NameChar = Any ASCII alphanumeric character
2914 hex_digest_nickname_decode(const char *hexdigest
,
2916 char *nickname_qualifier_char_out
,
2921 tor_assert(hexdigest
);
2922 if (hexdigest
[0] == '$')
2925 len
= strlen(hexdigest
);
2926 if (len
< HEX_DIGEST_LEN
) {
2928 } else if (len
> HEX_DIGEST_LEN
&& (hexdigest
[HEX_DIGEST_LEN
] == '=' ||
2929 hexdigest
[HEX_DIGEST_LEN
] == '~') &&
2930 len
<= HEX_DIGEST_LEN
+1+MAX_NICKNAME_LEN
) {
2931 *nickname_qualifier_char_out
= hexdigest
[HEX_DIGEST_LEN
];
2932 strlcpy(nickname_out
, hexdigest
+HEX_DIGEST_LEN
+1 , MAX_NICKNAME_LEN
+1);
2933 } else if (len
== HEX_DIGEST_LEN
) {
2939 if (base16_decode(digest_out
, DIGEST_LEN
,
2940 hexdigest
, HEX_DIGEST_LEN
) != DIGEST_LEN
)
2945 /** Helper: Return true iff the <b>identity_digest</b> and <b>nickname</b>
2946 * combination of a router, encoded in hexadecimal, matches <b>hexdigest</b>
2947 * (which is optionally prefixed with a single dollar sign). Return false if
2948 * <b>hexdigest</b> is malformed, or it doesn't match. */
2950 hex_digest_nickname_matches(const char *hexdigest
, const char *identity_digest
,
2951 const char *nickname
)
2953 char digest
[DIGEST_LEN
];
2955 char nn_buf
[MAX_NICKNAME_LEN
+1];
2957 if (hex_digest_nickname_decode(hexdigest
, digest
, &nn_char
, nn_buf
) == -1)
2960 if (nn_char
== '=') {
2964 if (nn_char
== '~') {
2965 if (!nickname
) // XXX This seems wrong. -NM
2967 if (strcasecmp(nn_buf
, nickname
))
2971 return tor_memeq(digest
, identity_digest
, DIGEST_LEN
);
2974 /** Return true iff <b>digest</b> is the digest of the identity key of a
2975 * trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
2976 * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
2978 router_digest_is_trusted_dir_type(const char *digest
, dirinfo_type_t type
)
2980 if (!trusted_dir_servers
)
2982 if (authdir_mode(get_options()) && router_digest_is_me(digest
))
2984 SMARTLIST_FOREACH(trusted_dir_servers
, dir_server_t
*, ent
,
2985 if (tor_memeq(digest
, ent
->digest
, DIGEST_LEN
)) {
2986 return (!type
) || ((type
& ent
->type
) != 0);
2991 /** If hexdigest is correctly formed, base16_decode it into
2992 * digest, which must have DIGEST_LEN space in it.
2993 * Return 0 on success, -1 on failure.
2996 hexdigest_to_digest(const char *hexdigest
, char *digest
)
2998 if (hexdigest
[0]=='$')
3000 if (strlen(hexdigest
) < HEX_DIGEST_LEN
||
3001 base16_decode(digest
,DIGEST_LEN
,hexdigest
,HEX_DIGEST_LEN
) != DIGEST_LEN
)
3006 /** As router_get_by_id_digest,but return a pointer that you're allowed to
3009 router_get_mutable_by_digest(const char *digest
)
3013 if (!routerlist
) return NULL
;
3015 // routerlist_assert_ok(routerlist);
3017 return rimap_get(routerlist
->identity_map
, digest
);
3020 /** Return the router in our routerlist whose 20-byte key digest
3021 * is <b>digest</b>. Return NULL if no such router is known. */
3022 const routerinfo_t
*
3023 router_get_by_id_digest(const char *digest
)
3025 return router_get_mutable_by_digest(digest
);
3028 /** Return the router in our routerlist whose 20-byte descriptor
3029 * is <b>digest</b>. Return NULL if no such router is known. */
3030 signed_descriptor_t
*
3031 router_get_by_descriptor_digest(const char *digest
)
3035 if (!routerlist
) return NULL
;
3037 return sdmap_get(routerlist
->desc_digest_map
, digest
);
3040 /** Return the signed descriptor for the router in our routerlist whose
3041 * 20-byte extra-info digest is <b>digest</b>. Return NULL if no such router
3043 MOCK_IMPL(signed_descriptor_t
*,
3044 router_get_by_extrainfo_digest
,(const char *digest
))
3048 if (!routerlist
) return NULL
;
3050 return sdmap_get(routerlist
->desc_by_eid_map
, digest
);
3053 /** Return the signed descriptor for the extrainfo_t in our routerlist whose
3054 * extra-info-digest is <b>digest</b>. Return NULL if no such extra-info
3055 * document is known. */
3056 MOCK_IMPL(signed_descriptor_t
*,
3057 extrainfo_get_by_descriptor_digest
,(const char *digest
))
3061 if (!routerlist
) return NULL
;
3062 ei
= eimap_get(routerlist
->extra_info_map
, digest
);
3063 return ei
? &ei
->cache_info
: NULL
;
3066 /** Return a pointer to the signed textual representation of a descriptor.
3067 * The returned string is not guaranteed to be NUL-terminated: the string's
3068 * length will be in desc-\>signed_descriptor_len.
3070 * If <b>with_annotations</b> is set, the returned string will include
3072 * (if any) preceding the descriptor. This will increase the length of the
3073 * string by desc-\>annotations_len.
3075 * The caller must not free the string returned.
3078 signed_descriptor_get_body_impl(const signed_descriptor_t
*desc
,
3079 int with_annotations
)
3081 const char *r
= NULL
;
3082 size_t len
= desc
->signed_descriptor_len
;
3083 off_t offset
= desc
->saved_offset
;
3084 if (with_annotations
)
3085 len
+= desc
->annotations_len
;
3087 offset
+= desc
->annotations_len
;
3089 tor_assert(len
> 32);
3090 if (desc
->saved_location
== SAVED_IN_CACHE
&& routerlist
) {
3091 desc_store_t
*store
= desc_get_store(router_get_routerlist(), desc
);
3092 if (store
&& store
->mmap
) {
3093 tor_assert(desc
->saved_offset
+ len
<= store
->mmap
->size
);
3094 r
= store
->mmap
->data
+ offset
;
3096 log_err(LD_DIR
, "We couldn't read a descriptor that is supposedly "
3097 "mmaped in our cache. Is another process running in our data "
3098 "directory? Exiting.");
3102 if (!r
) /* no mmap, or not in cache. */
3103 r
= desc
->signed_descriptor_body
+
3104 (with_annotations
? 0 : desc
->annotations_len
);
3107 if (!with_annotations
) {
3108 if (fast_memcmp("router ", r
, 7) && fast_memcmp("extra-info ", r
, 11)) {
3109 char *cp
= tor_strndup(r
, 64);
3110 log_err(LD_DIR
, "descriptor at %p begins with unexpected string %s. "
3111 "Is another process running in our data directory? Exiting.",
3120 /** Return a pointer to the signed textual representation of a descriptor.
3121 * The returned string is not guaranteed to be NUL-terminated: the string's
3122 * length will be in desc-\>signed_descriptor_len.
3124 * The caller must not free the string returned.
3127 signed_descriptor_get_body(const signed_descriptor_t
*desc
)
3129 return signed_descriptor_get_body_impl(desc
, 0);
3132 /** As signed_descriptor_get_body(), but points to the beginning of the
3133 * annotations section rather than the beginning of the descriptor. */
3135 signed_descriptor_get_annotations(const signed_descriptor_t
*desc
)
3137 return signed_descriptor_get_body_impl(desc
, 1);
3140 /** Return the current list of all known routers. */
3142 router_get_routerlist(void)
3144 if (PREDICT_UNLIKELY(!routerlist
)) {
3145 routerlist
= tor_malloc_zero(sizeof(routerlist_t
));
3146 routerlist
->routers
= smartlist_new();
3147 routerlist
->old_routers
= smartlist_new();
3148 routerlist
->identity_map
= rimap_new();
3149 routerlist
->desc_digest_map
= sdmap_new();
3150 routerlist
->desc_by_eid_map
= sdmap_new();
3151 routerlist
->extra_info_map
= eimap_new();
3153 routerlist
->desc_store
.fname_base
= "cached-descriptors";
3154 routerlist
->extrainfo_store
.fname_base
= "cached-extrainfo";
3156 routerlist
->desc_store
.type
= ROUTER_STORE
;
3157 routerlist
->extrainfo_store
.type
= EXTRAINFO_STORE
;
3159 routerlist
->desc_store
.description
= "router descriptors";
3160 routerlist
->extrainfo_store
.description
= "extra-info documents";
3165 /** Free all storage held by <b>router</b>. */
3167 routerinfo_free(routerinfo_t
*router
)
3172 tor_free(router
->cache_info
.signed_descriptor_body
);
3173 tor_free(router
->nickname
);
3174 tor_free(router
->platform
);
3175 tor_free(router
->protocol_list
);
3176 tor_free(router
->contact_info
);
3177 if (router
->onion_pkey
)
3178 crypto_pk_free(router
->onion_pkey
);
3179 tor_free(router
->onion_curve25519_pkey
);
3180 if (router
->identity_pkey
)
3181 crypto_pk_free(router
->identity_pkey
);
3182 tor_cert_free(router
->cache_info
.signing_key_cert
);
3183 if (router
->declared_family
) {
3184 SMARTLIST_FOREACH(router
->declared_family
, char *, s
, tor_free(s
));
3185 smartlist_free(router
->declared_family
);
3187 addr_policy_list_free(router
->exit_policy
);
3188 short_policy_free(router
->ipv6_exit_policy
);
3190 memset(router
, 77, sizeof(routerinfo_t
));
3195 /** Release all storage held by <b>extrainfo</b> */
3197 extrainfo_free(extrainfo_t
*extrainfo
)
3201 tor_cert_free(extrainfo
->cache_info
.signing_key_cert
);
3202 tor_free(extrainfo
->cache_info
.signed_descriptor_body
);
3203 tor_free(extrainfo
->pending_sig
);
3205 memset(extrainfo
, 88, sizeof(extrainfo_t
)); /* debug bad memory usage */
3206 tor_free(extrainfo
);
3209 /** Release storage held by <b>sd</b>. */
3211 signed_descriptor_free(signed_descriptor_t
*sd
)
3216 tor_free(sd
->signed_descriptor_body
);
3217 tor_cert_free(sd
->signing_key_cert
);
3219 memset(sd
, 99, sizeof(signed_descriptor_t
)); /* Debug bad mem usage */
3223 /** Reset the given signed descriptor <b>sd</b> by freeing the allocated
3224 * memory inside the object and by zeroing its content. */
3226 signed_descriptor_reset(signed_descriptor_t
*sd
)
3229 tor_free(sd
->signed_descriptor_body
);
3230 tor_cert_free(sd
->signing_key_cert
);
3231 memset(sd
, 0, sizeof(*sd
));
3234 /** Copy src into dest, and steal all references inside src so that when
3235 * we free src, we don't mess up dest. */
3237 signed_descriptor_move(signed_descriptor_t
*dest
,
3238 signed_descriptor_t
*src
)
3240 tor_assert(dest
!= src
);
3241 /* Cleanup destination object before overwriting it.*/
3242 signed_descriptor_reset(dest
);
3243 memcpy(dest
, src
, sizeof(signed_descriptor_t
));
3244 src
->signed_descriptor_body
= NULL
;
3245 src
->signing_key_cert
= NULL
;
3246 dest
->routerlist_index
= -1;
3249 /** Extract a signed_descriptor_t from a general routerinfo, and free the
3252 static signed_descriptor_t
*
3253 signed_descriptor_from_routerinfo(routerinfo_t
*ri
)
3255 signed_descriptor_t
*sd
;
3256 tor_assert(ri
->purpose
== ROUTER_PURPOSE_GENERAL
);
3257 sd
= tor_malloc_zero(sizeof(signed_descriptor_t
));
3258 signed_descriptor_move(sd
, &ri
->cache_info
);
3259 routerinfo_free(ri
);
3263 /** Helper: free the storage held by the extrainfo_t in <b>e</b>. */
3265 extrainfo_free_(void *e
)
3270 /** Free all storage held by a routerlist <b>rl</b>. */
3272 routerlist_free(routerlist_t
*rl
)
3276 rimap_free(rl
->identity_map
, NULL
);
3277 sdmap_free(rl
->desc_digest_map
, NULL
);
3278 sdmap_free(rl
->desc_by_eid_map
, NULL
);
3279 eimap_free(rl
->extra_info_map
, extrainfo_free_
);
3280 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3281 routerinfo_free(r
));
3282 SMARTLIST_FOREACH(rl
->old_routers
, signed_descriptor_t
*, sd
,
3283 signed_descriptor_free(sd
));
3284 smartlist_free(rl
->routers
);
3285 smartlist_free(rl
->old_routers
);
3286 if (rl
->desc_store
.mmap
) {
3287 int res
= tor_munmap_file(routerlist
->desc_store
.mmap
);
3289 log_warn(LD_FS
, "Failed to munmap routerlist->desc_store.mmap");
3292 if (rl
->extrainfo_store
.mmap
) {
3293 int res
= tor_munmap_file(routerlist
->extrainfo_store
.mmap
);
3295 log_warn(LD_FS
, "Failed to munmap routerlist->extrainfo_store.mmap");
3300 router_dir_info_changed();
3303 /** Log information about how much memory is being used for routerlist,
3304 * at log level <b>severity</b>. */
3306 dump_routerlist_mem_usage(int severity
)
3308 uint64_t livedescs
= 0;
3309 uint64_t olddescs
= 0;
3312 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, r
,
3313 livedescs
+= r
->cache_info
.signed_descriptor_len
);
3314 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
3315 olddescs
+= sd
->signed_descriptor_len
);
3317 tor_log(severity
, LD_DIR
,
3318 "In %d live descriptors: "U64_FORMAT
" bytes. "
3319 "In %d old descriptors: "U64_FORMAT
" bytes.",
3320 smartlist_len(routerlist
->routers
), U64_PRINTF_ARG(livedescs
),
3321 smartlist_len(routerlist
->old_routers
), U64_PRINTF_ARG(olddescs
));
3324 /** Debugging helper: If <b>idx</b> is nonnegative, assert that <b>ri</b> is
3325 * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
3326 * <b>ri</b>. Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
3327 * is not in <b>sl</b>. */
3329 routerlist_find_elt_(smartlist_t
*sl
, void *ri
, int idx
)
3333 SMARTLIST_FOREACH(sl
, routerinfo_t
*, r
,
3339 tor_assert(idx
< smartlist_len(sl
));
3340 tor_assert(smartlist_get(sl
, idx
) == ri
);
3345 /** Insert an item <b>ri</b> into the routerlist <b>rl</b>, updating indices
3346 * as needed. There must be no previous member of <b>rl</b> with the same
3347 * identity digest as <b>ri</b>: If there is, call routerlist_replace
3351 routerlist_insert(routerlist_t
*rl
, routerinfo_t
*ri
)
3353 routerinfo_t
*ri_old
;
3354 signed_descriptor_t
*sd_old
;
3356 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3357 tor_assert(ri_generated
!= ri
);
3359 tor_assert(ri
->cache_info
.routerlist_index
== -1);
3361 ri_old
= rimap_set(rl
->identity_map
, ri
->cache_info
.identity_digest
, ri
);
3362 tor_assert(!ri_old
);
3364 sd_old
= sdmap_set(rl
->desc_digest_map
,
3365 ri
->cache_info
.signed_descriptor_digest
,
3368 int idx
= sd_old
->routerlist_index
;
3369 sd_old
->routerlist_index
= -1;
3370 smartlist_del(rl
->old_routers
, idx
);
3371 if (idx
< smartlist_len(rl
->old_routers
)) {
3372 signed_descriptor_t
*d
= smartlist_get(rl
->old_routers
, idx
);
3373 d
->routerlist_index
= idx
;
3375 rl
->desc_store
.bytes_dropped
+= sd_old
->signed_descriptor_len
;
3376 sdmap_remove(rl
->desc_by_eid_map
, sd_old
->extra_info_digest
);
3377 signed_descriptor_free(sd_old
);
3380 if (!tor_digest_is_zero(ri
->cache_info
.extra_info_digest
))
3381 sdmap_set(rl
->desc_by_eid_map
, ri
->cache_info
.extra_info_digest
,
3383 smartlist_add(rl
->routers
, ri
);
3384 ri
->cache_info
.routerlist_index
= smartlist_len(rl
->routers
) - 1;
3385 nodelist_set_routerinfo(ri
, NULL
);
3386 router_dir_info_changed();
3387 #ifdef DEBUG_ROUTERLIST
3388 routerlist_assert_ok(rl
);
3392 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
3393 * corresponding router in rl-\>routers or rl-\>old_routers. Return the status
3394 * of inserting <b>ei</b>. Free <b>ei</b> if it isn't inserted. */
3395 MOCK_IMPL(STATIC was_router_added_t
,
3396 extrainfo_insert
,(routerlist_t
*rl
, extrainfo_t
*ei
, int warn_if_incompatible
))
3398 was_router_added_t r
;
3399 const char *compatibility_error_msg
;
3400 routerinfo_t
*ri
= rimap_get(rl
->identity_map
,
3401 ei
->cache_info
.identity_digest
);
3402 signed_descriptor_t
*sd
=
3403 sdmap_get(rl
->desc_by_eid_map
, ei
->cache_info
.signed_descriptor_digest
);
3404 extrainfo_t
*ei_tmp
;
3405 const int severity
= warn_if_incompatible
? LOG_WARN
: LOG_INFO
;
3408 extrainfo_t
*ei_generated
= router_get_my_extrainfo();
3409 tor_assert(ei_generated
!= ei
);
3413 /* This router is unknown; we can't even verify the signature. Give up.*/
3414 r
= ROUTER_NOT_IN_CONSENSUS
;
3418 /* The extrainfo router doesn't have a known routerdesc to attach it to.
3419 * This just won't work. */;
3420 static ratelim_t no_sd_ratelim
= RATELIM_INIT(1800);
3422 log_fn_ratelim(&no_sd_ratelim
, severity
, LD_BUG
,
3423 "No entry found in extrainfo map.");
3426 if (tor_memneq(ei
->cache_info
.signed_descriptor_digest
,
3427 sd
->extra_info_digest
, DIGEST_LEN
)) {
3428 static ratelim_t digest_mismatch_ratelim
= RATELIM_INIT(1800);
3429 /* The sd we got from the map doesn't match the digest we used to look
3430 * it up. This makes no sense. */
3432 log_fn_ratelim(&digest_mismatch_ratelim
, severity
, LD_BUG
,
3433 "Mismatch in digest in extrainfo map.");
3436 if (routerinfo_incompatible_with_extrainfo(ri
->identity_pkey
, ei
, sd
,
3437 &compatibility_error_msg
)) {
3438 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
3439 r
= (ri
->cache_info
.extrainfo_is_bogus
) ?
3440 ROUTER_BAD_EI
: ROUTER_NOT_IN_CONSENSUS
;
3442 base16_encode(d1
, sizeof(d1
), ri
->cache_info
.identity_digest
, DIGEST_LEN
);
3443 base16_encode(d2
, sizeof(d2
), ei
->cache_info
.identity_digest
, DIGEST_LEN
);
3445 log_fn(severity
,LD_DIR
,
3446 "router info incompatible with extra info (ri id: %s, ei id %s, "
3447 "reason: %s)", d1
, d2
, compatibility_error_msg
);
3452 /* Okay, if we make it here, we definitely have a router corresponding to
3453 * this extrainfo. */
3455 ei_tmp
= eimap_set(rl
->extra_info_map
,
3456 ei
->cache_info
.signed_descriptor_digest
,
3458 r
= ROUTER_ADDED_SUCCESSFULLY
;
3460 rl
->extrainfo_store
.bytes_dropped
+=
3461 ei_tmp
->cache_info
.signed_descriptor_len
;
3462 extrainfo_free(ei_tmp
);
3466 if (r
!= ROUTER_ADDED_SUCCESSFULLY
)
3469 #ifdef DEBUG_ROUTERLIST
3470 routerlist_assert_ok(rl
);
3475 #define should_cache_old_descriptors() \
3476 directory_caches_dir_info(get_options())
3478 /** If we're a directory cache and routerlist <b>rl</b> doesn't have
3479 * a copy of router <b>ri</b> yet, add it to the list of old (not
3480 * recommended but still served) descriptors. Else free it. */
3482 routerlist_insert_old(routerlist_t
*rl
, routerinfo_t
*ri
)
3485 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3486 tor_assert(ri_generated
!= ri
);
3488 tor_assert(ri
->cache_info
.routerlist_index
== -1);
3490 if (should_cache_old_descriptors() &&
3491 ri
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3492 !sdmap_get(rl
->desc_digest_map
,
3493 ri
->cache_info
.signed_descriptor_digest
)) {
3494 signed_descriptor_t
*sd
= signed_descriptor_from_routerinfo(ri
);
3495 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3496 smartlist_add(rl
->old_routers
, sd
);
3497 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3498 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3499 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3501 routerinfo_free(ri
);
3503 #ifdef DEBUG_ROUTERLIST
3504 routerlist_assert_ok(rl
);
3508 /** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
3509 * as needed. If <b>idx</b> is nonnegative and smartlist_get(rl->routers,
3510 * idx) == ri, we don't need to do a linear search over the list to decide
3511 * which to remove. We fill the gap in rl->routers with a later element in
3512 * the list, if any exists. <b>ri</b> is freed.
3514 * If <b>make_old</b> is true, instead of deleting the router, we try adding
3515 * it to rl->old_routers. */
3517 routerlist_remove(routerlist_t
*rl
, routerinfo_t
*ri
, int make_old
, time_t now
)
3519 routerinfo_t
*ri_tmp
;
3520 extrainfo_t
*ei_tmp
;
3521 int idx
= ri
->cache_info
.routerlist_index
;
3522 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->routers
));
3523 tor_assert(smartlist_get(rl
->routers
, idx
) == ri
);
3525 nodelist_remove_routerinfo(ri
);
3527 /* make sure the rephist module knows that it's not running */
3528 rep_hist_note_router_unreachable(ri
->cache_info
.identity_digest
, now
);
3530 ri
->cache_info
.routerlist_index
= -1;
3531 smartlist_del(rl
->routers
, idx
);
3532 if (idx
< smartlist_len(rl
->routers
)) {
3533 routerinfo_t
*r
= smartlist_get(rl
->routers
, idx
);
3534 r
->cache_info
.routerlist_index
= idx
;
3537 ri_tmp
= rimap_remove(rl
->identity_map
, ri
->cache_info
.identity_digest
);
3538 router_dir_info_changed();
3539 tor_assert(ri_tmp
== ri
);
3541 if (make_old
&& should_cache_old_descriptors() &&
3542 ri
->purpose
== ROUTER_PURPOSE_GENERAL
) {
3543 signed_descriptor_t
*sd
;
3544 sd
= signed_descriptor_from_routerinfo(ri
);
3545 smartlist_add(rl
->old_routers
, sd
);
3546 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3547 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3548 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3549 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3551 signed_descriptor_t
*sd_tmp
;
3552 sd_tmp
= sdmap_remove(rl
->desc_digest_map
,
3553 ri
->cache_info
.signed_descriptor_digest
);
3554 tor_assert(sd_tmp
== &(ri
->cache_info
));
3555 rl
->desc_store
.bytes_dropped
+= ri
->cache_info
.signed_descriptor_len
;
3556 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3557 ri
->cache_info
.extra_info_digest
);
3559 rl
->extrainfo_store
.bytes_dropped
+=
3560 ei_tmp
->cache_info
.signed_descriptor_len
;
3561 extrainfo_free(ei_tmp
);
3563 if (!tor_digest_is_zero(ri
->cache_info
.extra_info_digest
))
3564 sdmap_remove(rl
->desc_by_eid_map
, ri
->cache_info
.extra_info_digest
);
3565 routerinfo_free(ri
);
3567 #ifdef DEBUG_ROUTERLIST
3568 routerlist_assert_ok(rl
);
3572 /** Remove a signed_descriptor_t <b>sd</b> from <b>rl</b>-\>old_routers, and
3573 * adjust <b>rl</b> as appropriate. <b>idx</b> is -1, or the index of
3576 routerlist_remove_old(routerlist_t
*rl
, signed_descriptor_t
*sd
, int idx
)
3578 signed_descriptor_t
*sd_tmp
;
3579 extrainfo_t
*ei_tmp
;
3580 desc_store_t
*store
;
3582 idx
= sd
->routerlist_index
;
3584 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->old_routers
));
3585 /* XXXX edmanm's bridge relay triggered the following assert while
3586 * running 0.2.0.12-alpha. If anybody triggers this again, see if we
3587 * can get a backtrace. */
3588 tor_assert(smartlist_get(rl
->old_routers
, idx
) == sd
);
3589 tor_assert(idx
== sd
->routerlist_index
);
3591 sd
->routerlist_index
= -1;
3592 smartlist_del(rl
->old_routers
, idx
);
3593 if (idx
< smartlist_len(rl
->old_routers
)) {
3594 signed_descriptor_t
*d
= smartlist_get(rl
->old_routers
, idx
);
3595 d
->routerlist_index
= idx
;
3597 sd_tmp
= sdmap_remove(rl
->desc_digest_map
,
3598 sd
->signed_descriptor_digest
);
3599 tor_assert(sd_tmp
== sd
);
3600 store
= desc_get_store(rl
, sd
);
3602 store
->bytes_dropped
+= sd
->signed_descriptor_len
;
3604 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3605 sd
->extra_info_digest
);
3607 rl
->extrainfo_store
.bytes_dropped
+=
3608 ei_tmp
->cache_info
.signed_descriptor_len
;
3609 extrainfo_free(ei_tmp
);
3611 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3612 sdmap_remove(rl
->desc_by_eid_map
, sd
->extra_info_digest
);
3614 signed_descriptor_free(sd
);
3615 #ifdef DEBUG_ROUTERLIST
3616 routerlist_assert_ok(rl
);
3620 /** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
3621 * <b>ri_new</b>, updating all index info. If <b>idx</b> is nonnegative and
3622 * smartlist_get(rl->routers, idx) == ri, we don't need to do a linear
3623 * search over the list to decide which to remove. We put ri_new in the same
3624 * index as ri_old, if possible. ri is freed as appropriate.
3626 * If should_cache_descriptors() is true, instead of deleting the router,
3627 * we add it to rl->old_routers. */
3629 routerlist_replace(routerlist_t
*rl
, routerinfo_t
*ri_old
,
3630 routerinfo_t
*ri_new
)
3633 int same_descriptors
;
3635 routerinfo_t
*ri_tmp
;
3636 extrainfo_t
*ei_tmp
;
3638 const routerinfo_t
*ri_generated
= router_get_my_routerinfo();
3639 tor_assert(ri_generated
!= ri_new
);
3641 tor_assert(ri_old
!= ri_new
);
3642 tor_assert(ri_new
->cache_info
.routerlist_index
== -1);
3644 idx
= ri_old
->cache_info
.routerlist_index
;
3645 tor_assert(0 <= idx
&& idx
< smartlist_len(rl
->routers
));
3646 tor_assert(smartlist_get(rl
->routers
, idx
) == ri_old
);
3649 routerinfo_t
*ri_old_tmp
=NULL
;
3650 nodelist_set_routerinfo(ri_new
, &ri_old_tmp
);
3651 tor_assert(ri_old
== ri_old_tmp
);
3654 router_dir_info_changed();
3656 smartlist_set(rl
->routers
, idx
, ri_new
);
3657 ri_old
->cache_info
.routerlist_index
= -1;
3658 ri_new
->cache_info
.routerlist_index
= idx
;
3659 /* Check that ri_old is not in rl->routers anymore: */
3660 tor_assert( routerlist_find_elt_(rl
->routers
, ri_old
, -1) == -1 );
3662 log_warn(LD_BUG
, "Appending entry from routerlist_replace.");
3663 routerlist_insert(rl
, ri_new
);
3666 if (tor_memneq(ri_old
->cache_info
.identity_digest
,
3667 ri_new
->cache_info
.identity_digest
, DIGEST_LEN
)) {
3668 /* digests don't match; digestmap_set won't replace */
3669 rimap_remove(rl
->identity_map
, ri_old
->cache_info
.identity_digest
);
3671 ri_tmp
= rimap_set(rl
->identity_map
,
3672 ri_new
->cache_info
.identity_digest
, ri_new
);
3673 tor_assert(!ri_tmp
|| ri_tmp
== ri_old
);
3674 sdmap_set(rl
->desc_digest_map
,
3675 ri_new
->cache_info
.signed_descriptor_digest
,
3676 &(ri_new
->cache_info
));
3678 if (!tor_digest_is_zero(ri_new
->cache_info
.extra_info_digest
)) {
3679 sdmap_set(rl
->desc_by_eid_map
, ri_new
->cache_info
.extra_info_digest
,
3680 &ri_new
->cache_info
);
3683 same_descriptors
= tor_memeq(ri_old
->cache_info
.signed_descriptor_digest
,
3684 ri_new
->cache_info
.signed_descriptor_digest
,
3687 if (should_cache_old_descriptors() &&
3688 ri_old
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3689 !same_descriptors
) {
3690 /* ri_old is going to become a signed_descriptor_t and go into
3692 signed_descriptor_t
*sd
= signed_descriptor_from_routerinfo(ri_old
);
3693 smartlist_add(rl
->old_routers
, sd
);
3694 sd
->routerlist_index
= smartlist_len(rl
->old_routers
)-1;
3695 sdmap_set(rl
->desc_digest_map
, sd
->signed_descriptor_digest
, sd
);
3696 if (!tor_digest_is_zero(sd
->extra_info_digest
))
3697 sdmap_set(rl
->desc_by_eid_map
, sd
->extra_info_digest
, sd
);
3699 /* We're dropping ri_old. */
3700 if (!same_descriptors
) {
3701 /* digests don't match; The sdmap_set above didn't replace */
3702 sdmap_remove(rl
->desc_digest_map
,
3703 ri_old
->cache_info
.signed_descriptor_digest
);
3705 if (tor_memneq(ri_old
->cache_info
.extra_info_digest
,
3706 ri_new
->cache_info
.extra_info_digest
, DIGEST_LEN
)) {
3707 ei_tmp
= eimap_remove(rl
->extra_info_map
,
3708 ri_old
->cache_info
.extra_info_digest
);
3710 rl
->extrainfo_store
.bytes_dropped
+=
3711 ei_tmp
->cache_info
.signed_descriptor_len
;
3712 extrainfo_free(ei_tmp
);
3716 if (!tor_digest_is_zero(ri_old
->cache_info
.extra_info_digest
)) {
3717 sdmap_remove(rl
->desc_by_eid_map
,
3718 ri_old
->cache_info
.extra_info_digest
);
3721 rl
->desc_store
.bytes_dropped
+= ri_old
->cache_info
.signed_descriptor_len
;
3722 routerinfo_free(ri_old
);
3724 #ifdef DEBUG_ROUTERLIST
3725 routerlist_assert_ok(rl
);
3729 /** Extract the descriptor <b>sd</b> from old_routerlist, and re-parse
3730 * it as a fresh routerinfo_t. */
3731 static routerinfo_t
*
3732 routerlist_reparse_old(routerlist_t
*rl
, signed_descriptor_t
*sd
)
3737 body
= signed_descriptor_get_annotations(sd
);
3739 ri
= router_parse_entry_from_string(body
,
3740 body
+sd
->signed_descriptor_len
+sd
->annotations_len
,
3744 signed_descriptor_move(&ri
->cache_info
, sd
);
3746 routerlist_remove_old(rl
, sd
, -1);
3751 /** Free all memory held by the routerlist module.
3752 * Note: Calling routerlist_free_all() should always be paired with
3753 * a call to nodelist_free_all(). These should only be called during
3757 routerlist_free_all(void)
3759 routerlist_free(routerlist
);
3761 if (warned_nicknames
) {
3762 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
3763 smartlist_free(warned_nicknames
);
3764 warned_nicknames
= NULL
;
3766 clear_dir_servers();
3767 smartlist_free(trusted_dir_servers
);
3768 smartlist_free(fallback_dir_servers
);
3769 trusted_dir_servers
= fallback_dir_servers
= NULL
;
3770 if (trusted_dir_certs
) {
3771 digestmap_free(trusted_dir_certs
, cert_list_free_
);
3772 trusted_dir_certs
= NULL
;
3776 /** Forget that we have issued any router-related warnings, so that we'll
3777 * warn again if we see the same errors. */
3779 routerlist_reset_warnings(void)
3781 if (!warned_nicknames
)
3782 warned_nicknames
= smartlist_new();
3783 SMARTLIST_FOREACH(warned_nicknames
, char *, cp
, tor_free(cp
));
3784 smartlist_clear(warned_nicknames
); /* now the list is empty. */
3786 networkstatus_reset_warnings();
3789 /** Return 1 if the signed descriptor of this router is older than
3790 * <b>seconds</b> seconds. Otherwise return 0. */
3792 router_descriptor_is_older_than
,(const routerinfo_t
*router
, int seconds
))
3794 return router
->cache_info
.published_on
< approx_time() - seconds
;
3797 /** Add <b>router</b> to the routerlist, if we don't already have it. Replace
3798 * older entries (if any) with the same key. Note: Callers should not hold
3799 * their pointers to <b>router</b> if this function fails; <b>router</b>
3800 * will either be inserted into the routerlist or freed. Similarly, even
3801 * if this call succeeds, they should not hold their pointers to
3802 * <b>router</b> after subsequent calls with other routerinfo's -- they
3803 * might cause the original routerinfo to get freed.
3805 * Returns the status for the operation. Might set *<b>msg</b> if it wants
3806 * the poster of the router to know something.
3808 * If <b>from_cache</b>, this descriptor came from our disk cache. If
3809 * <b>from_fetch</b>, we received it in response to a request we made.
3810 * (If both are false, that means it was uploaded to us as an auth dir
3811 * server or via the controller.)
3813 * This function should be called *after*
3814 * routers_update_status_from_consensus_networkstatus; subsequently, you
3815 * should call router_rebuild_store and routerlist_descriptors_added.
3818 router_add_to_routerlist(routerinfo_t
*router
, const char **msg
,
3819 int from_cache
, int from_fetch
)
3821 const char *id_digest
;
3822 const or_options_t
*options
= get_options();
3823 int authdir
= authdir_mode_handles_descs(options
, router
->purpose
);
3824 int authdir_believes_valid
= 0;
3825 routerinfo_t
*old_router
;
3826 networkstatus_t
*consensus
=
3827 networkstatus_get_latest_consensus_by_flavor(FLAV_NS
);
3828 int in_consensus
= 0;
3833 router_get_routerlist();
3835 id_digest
= router
->cache_info
.identity_digest
;
3837 old_router
= router_get_mutable_by_digest(id_digest
);
3839 /* Make sure that it isn't expired. */
3840 if (router
->cert_expiration_time
< approx_time()) {
3841 routerinfo_free(router
);
3842 *msg
= "Some certs on this router are expired.";
3843 return ROUTER_CERTS_EXPIRED
;
3846 /* Make sure that we haven't already got this exact descriptor. */
3847 if (sdmap_get(routerlist
->desc_digest_map
,
3848 router
->cache_info
.signed_descriptor_digest
)) {
3849 /* If we have this descriptor already and the new descriptor is a bridge
3850 * descriptor, replace it. If we had a bridge descriptor before and the
3851 * new one is not a bridge descriptor, don't replace it. */
3853 /* Only members of routerlist->identity_map can be bridges; we don't
3854 * put bridges in old_routers. */
3855 const int was_bridge
= old_router
&&
3856 old_router
->purpose
== ROUTER_PURPOSE_BRIDGE
;
3858 if (routerinfo_is_a_configured_bridge(router
) &&
3859 router
->purpose
== ROUTER_PURPOSE_BRIDGE
&&
3861 log_info(LD_DIR
, "Replacing non-bridge descriptor with bridge "
3862 "descriptor for router %s",
3863 router_describe(router
));
3866 "Dropping descriptor that we already have for router %s",
3867 router_describe(router
));
3868 *msg
= "Router descriptor was not new.";
3869 routerinfo_free(router
);
3870 return ROUTER_IS_ALREADY_KNOWN
;
3875 if (authdir_wants_to_reject_router(router
, msg
,
3876 !from_cache
&& !from_fetch
,
3877 &authdir_believes_valid
)) {
3879 routerinfo_free(router
);
3880 return ROUTER_AUTHDIR_REJECTS
;
3882 } else if (from_fetch
) {
3883 /* Only check the descriptor digest against the network statuses when
3884 * we are receiving in response to a fetch. */
3886 if (!signed_desc_digest_is_recognized(&router
->cache_info
) &&
3887 !routerinfo_is_a_configured_bridge(router
)) {
3888 /* We asked for it, so some networkstatus must have listed it when we
3889 * did. Save it if we're a cache in case somebody else asks for it. */
3891 "Received a no-longer-recognized descriptor for router %s",
3892 router_describe(router
));
3893 *msg
= "Router descriptor is not referenced by any network-status.";
3895 /* Only journal this desc if we want to keep old descriptors */
3896 if (!from_cache
&& should_cache_old_descriptors())
3897 signed_desc_append_to_journal(&router
->cache_info
,
3898 &routerlist
->desc_store
);
3899 routerlist_insert_old(routerlist
, router
);
3900 return ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS
;
3904 /* We no longer need a router with this descriptor digest. */
3906 routerstatus_t
*rs
= networkstatus_vote_find_mutable_entry(
3907 consensus
, id_digest
);
3908 if (rs
&& tor_memeq(rs
->descriptor_digest
,
3909 router
->cache_info
.signed_descriptor_digest
,
3915 if (router
->purpose
== ROUTER_PURPOSE_GENERAL
&&
3916 consensus
&& !in_consensus
&& !authdir
) {
3917 /* If it's a general router not listed in the consensus, then don't
3918 * consider replacing the latest router with it. */
3919 if (!from_cache
&& should_cache_old_descriptors())
3920 signed_desc_append_to_journal(&router
->cache_info
,
3921 &routerlist
->desc_store
);
3922 routerlist_insert_old(routerlist
, router
);
3923 *msg
= "Skipping router descriptor: not in consensus.";
3924 return ROUTER_NOT_IN_CONSENSUS
;
3927 /* If we're reading a bridge descriptor from our cache, and we don't
3928 * recognize it as one of our currently configured bridges, drop the
3929 * descriptor. Otherwise we could end up using it as one of our entry
3930 * guards even if it isn't in our Bridge config lines. */
3931 if (router
->purpose
== ROUTER_PURPOSE_BRIDGE
&& from_cache
&&
3932 !authdir_mode_bridge(options
) &&
3933 !routerinfo_is_a_configured_bridge(router
)) {
3934 log_info(LD_DIR
, "Dropping bridge descriptor for %s because we have "
3935 "no bridge configured at that address.",
3936 safe_str_client(router_describe(router
)));
3937 *msg
= "Router descriptor was not a configured bridge.";
3938 routerinfo_free(router
);
3939 return ROUTER_WAS_NOT_WANTED
;
3942 /* If we have a router with the same identity key, choose the newer one. */
3944 if (!in_consensus
&& (router
->cache_info
.published_on
<=
3945 old_router
->cache_info
.published_on
)) {
3946 /* Same key, but old. This one is not listed in the consensus. */
3947 log_debug(LD_DIR
, "Not-new descriptor for router %s",
3948 router_describe(router
));
3949 /* Only journal this desc if we'll be serving it. */
3950 if (!from_cache
&& should_cache_old_descriptors())
3951 signed_desc_append_to_journal(&router
->cache_info
,
3952 &routerlist
->desc_store
);
3953 routerlist_insert_old(routerlist
, router
);
3954 *msg
= "Router descriptor was not new.";
3955 return ROUTER_IS_ALREADY_KNOWN
;
3957 /* Same key, and either new, or listed in the consensus. */
3958 log_debug(LD_DIR
, "Replacing entry for router %s",
3959 router_describe(router
));
3960 routerlist_replace(routerlist
, old_router
, router
);
3962 signed_desc_append_to_journal(&router
->cache_info
,
3963 &routerlist
->desc_store
);
3965 *msg
= authdir_believes_valid
? "Valid server updated" :
3966 ("Invalid server updated. (This dirserver is marking your "
3967 "server as unapproved.)");
3968 return ROUTER_ADDED_SUCCESSFULLY
;
3972 if (!in_consensus
&& from_cache
&&
3973 router_descriptor_is_older_than(router
, OLD_ROUTER_DESC_MAX_AGE
)) {
3974 *msg
= "Router descriptor was really old.";
3975 routerinfo_free(router
);
3976 return ROUTER_WAS_TOO_OLD
;
3979 /* We haven't seen a router with this identity before. Add it to the end of
3981 routerlist_insert(routerlist
, router
);
3983 signed_desc_append_to_journal(&router
->cache_info
,
3984 &routerlist
->desc_store
);
3986 return ROUTER_ADDED_SUCCESSFULLY
;
3989 /** Insert <b>ei</b> into the routerlist, or free it. Other arguments are
3990 * as for router_add_to_routerlist(). Return ROUTER_ADDED_SUCCESSFULLY iff
3991 * we actually inserted it, ROUTER_BAD_EI otherwise.
3994 router_add_extrainfo_to_routerlist(extrainfo_t
*ei
, const char **msg
,
3995 int from_cache
, int from_fetch
)
3997 was_router_added_t inserted
;
3999 if (msg
) *msg
= NULL
;
4000 /*XXXX Do something with msg */
4002 inserted
= extrainfo_insert(router_get_routerlist(), ei
, !from_cache
);
4004 if (WRA_WAS_ADDED(inserted
) && !from_cache
)
4005 signed_desc_append_to_journal(&ei
->cache_info
,
4006 &routerlist
->extrainfo_store
);
4011 /** Sorting helper: return <0, 0, or >0 depending on whether the
4012 * signed_descriptor_t* in *<b>a</b> has an identity digest preceding, equal
4013 * to, or later than that of *<b>b</b>. */
4015 compare_old_routers_by_identity_(const void **_a
, const void **_b
)
4018 const signed_descriptor_t
*r1
= *_a
, *r2
= *_b
;
4019 if ((i
= fast_memcmp(r1
->identity_digest
, r2
->identity_digest
, DIGEST_LEN
)))
4021 return (int)(r1
->published_on
- r2
->published_on
);
4024 /** Internal type used to represent how long an old descriptor was valid,
4025 * where it appeared in the list of old descriptors, and whether it's extra
4026 * old. Used only by routerlist_remove_old_cached_routers_with_id(). */
4027 struct duration_idx_t
{
4033 /** Sorting helper: compare two duration_idx_t by their duration. */
4035 compare_duration_idx_(const void *_d1
, const void *_d2
)
4037 const struct duration_idx_t
*d1
= _d1
;
4038 const struct duration_idx_t
*d2
= _d2
;
4039 return d1
->duration
- d2
->duration
;
4042 /** The range <b>lo</b> through <b>hi</b> inclusive of routerlist->old_routers
4043 * must contain routerinfo_t with the same identity and with publication time
4044 * in ascending order. Remove members from this range until there are no more
4045 * than max_descriptors_per_router() remaining. Start by removing the oldest
4046 * members from before <b>cutoff</b>, then remove members which were current
4047 * for the lowest amount of time. The order of members of old_routers at
4048 * indices <b>lo</b> or higher may be changed.
4051 routerlist_remove_old_cached_routers_with_id(time_t now
,
4052 time_t cutoff
, int lo
, int hi
,
4053 digestset_t
*retain
)
4056 unsigned n_extra
, n_rmv
= 0;
4057 struct duration_idx_t
*lifespans
;
4058 uint8_t *rmv
, *must_keep
;
4059 smartlist_t
*lst
= routerlist
->old_routers
;
4062 tor_assert(hi
< smartlist_len(lst
));
4063 tor_assert(lo
<= hi
);
4064 ident
= ((signed_descriptor_t
*)smartlist_get(lst
, lo
))->identity_digest
;
4065 for (i
= lo
+1; i
<= hi
; ++i
) {
4066 signed_descriptor_t
*r
= smartlist_get(lst
, i
);
4067 tor_assert(tor_memeq(ident
, r
->identity_digest
, DIGEST_LEN
));
4070 /* Check whether we need to do anything at all. */
4072 int mdpr
= directory_caches_dir_info(get_options()) ? 2 : 1;
4078 lifespans
= tor_calloc(n
, sizeof(struct duration_idx_t
));
4079 rmv
= tor_calloc(n
, sizeof(uint8_t));
4080 must_keep
= tor_calloc(n
, sizeof(uint8_t));
4081 /* Set lifespans to contain the lifespan and index of each server. */
4082 /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
4083 for (i
= lo
; i
<= hi
; ++i
) {
4084 signed_descriptor_t
*r
= smartlist_get(lst
, i
);
4085 signed_descriptor_t
*r_next
;
4086 lifespans
[i
-lo
].idx
= i
;
4087 if (r
->last_listed_as_valid_until
>= now
||
4088 (retain
&& digestset_contains(retain
, r
->signed_descriptor_digest
))) {
4089 must_keep
[i
-lo
] = 1;
4092 r_next
= smartlist_get(lst
, i
+1);
4093 tor_assert(r
->published_on
<= r_next
->published_on
);
4094 lifespans
[i
-lo
].duration
= (int)(r_next
->published_on
- r
->published_on
);
4097 lifespans
[i
-lo
].duration
= INT_MAX
;
4099 if (!must_keep
[i
-lo
] && r
->published_on
< cutoff
&& n_rmv
< n_extra
) {
4101 lifespans
[i
-lo
].old
= 1;
4106 if (n_rmv
< n_extra
) {
4108 * We aren't removing enough servers for being old. Sort lifespans by
4109 * the duration of liveness, and remove the ones we're not already going to
4110 * remove based on how long they were alive.
4112 qsort(lifespans
, n
, sizeof(struct duration_idx_t
), compare_duration_idx_
);
4113 for (i
= 0; i
< n
&& n_rmv
< n_extra
; ++i
) {
4114 if (!must_keep
[lifespans
[i
].idx
-lo
] && !lifespans
[i
].old
) {
4115 rmv
[lifespans
[i
].idx
-lo
] = 1;
4124 routerlist_remove_old(routerlist
, smartlist_get(lst
, i
), i
);
4125 } while (--i
>= lo
);
4126 tor_free(must_keep
);
4128 tor_free(lifespans
);
4131 /** Deactivate any routers from the routerlist that are more than
4132 * ROUTER_MAX_AGE seconds old and not recommended by any networkstatuses;
4133 * remove old routers from the list of cached routers if we have too many.
4136 routerlist_remove_old_routers(void)
4139 const char *cur_id
= NULL
;
4140 time_t now
= time(NULL
);
4142 routerinfo_t
*router
;
4143 signed_descriptor_t
*sd
;
4144 digestset_t
*retain
;
4145 const networkstatus_t
*consensus
= networkstatus_get_latest_consensus();
4147 trusted_dirs_remove_old_certs();
4149 if (!routerlist
|| !consensus
)
4152 // routerlist_assert_ok(routerlist);
4154 /* We need to guess how many router descriptors we will wind up wanting to
4155 retain, so that we can be sure to allocate a large enough Bloom filter
4156 to hold the digest set. Overestimating is fine; underestimating is bad.
4159 /* We'll probably retain everything in the consensus. */
4160 int n_max_retain
= smartlist_len(consensus
->routerstatus_list
);
4161 retain
= digestset_new(n_max_retain
);
4164 cutoff
= now
- OLD_ROUTER_DESC_MAX_AGE
;
4165 /* Retain anything listed in the consensus. */
4167 SMARTLIST_FOREACH(consensus
->routerstatus_list
, routerstatus_t
*, rs
,
4168 if (rs
->published_on
>= cutoff
)
4169 digestset_add(retain
, rs
->descriptor_digest
));
4172 /* If we have a consensus, we should consider pruning current routers that
4173 * are too old and that nobody recommends. (If we don't have a consensus,
4174 * then we should get one before we decide to kill routers.) */
4177 cutoff
= now
- ROUTER_MAX_AGE
;
4178 /* Remove too-old unrecommended members of routerlist->routers. */
4179 for (i
= 0; i
< smartlist_len(routerlist
->routers
); ++i
) {
4180 router
= smartlist_get(routerlist
->routers
, i
);
4181 if (router
->cache_info
.published_on
<= cutoff
&&
4182 router
->cache_info
.last_listed_as_valid_until
< now
&&
4183 !digestset_contains(retain
,
4184 router
->cache_info
.signed_descriptor_digest
)) {
4185 /* Too old: remove it. (If we're a cache, just move it into
4188 "Forgetting obsolete (too old) routerinfo for router %s",
4189 router_describe(router
));
4190 routerlist_remove(routerlist
, router
, 1, now
);
4196 //routerlist_assert_ok(routerlist);
4198 /* Remove far-too-old members of routerlist->old_routers. */
4199 cutoff
= now
- OLD_ROUTER_DESC_MAX_AGE
;
4200 for (i
= 0; i
< smartlist_len(routerlist
->old_routers
); ++i
) {
4201 sd
= smartlist_get(routerlist
->old_routers
, i
);
4202 if (sd
->published_on
<= cutoff
&&
4203 sd
->last_listed_as_valid_until
< now
&&
4204 !digestset_contains(retain
, sd
->signed_descriptor_digest
)) {
4205 /* Too old. Remove it. */
4206 routerlist_remove_old(routerlist
, sd
, i
--);
4210 //routerlist_assert_ok(routerlist);
4212 log_info(LD_DIR
, "We have %d live routers and %d old router descriptors.",
4213 smartlist_len(routerlist
->routers
),
4214 smartlist_len(routerlist
->old_routers
));
4216 /* Now we might have to look at routerlist->old_routers for extraneous
4217 * members. (We'd keep all the members if we could, but we need to save
4218 * space.) First, check whether we have too many router descriptors, total.
4219 * We're okay with having too many for some given router, so long as the
4220 * total number doesn't approach max_descriptors_per_router()*len(router).
4222 if (smartlist_len(routerlist
->old_routers
) <
4223 smartlist_len(routerlist
->routers
))
4226 /* Sort by identity, then fix indices. */
4227 smartlist_sort(routerlist
->old_routers
, compare_old_routers_by_identity_
);
4229 for (i
= 0; i
< smartlist_len(routerlist
->old_routers
); ++i
) {
4230 signed_descriptor_t
*r
= smartlist_get(routerlist
->old_routers
, i
);
4231 r
->routerlist_index
= i
;
4234 /* Iterate through the list from back to front, so when we remove descriptors
4235 * we don't mess up groups we haven't gotten to. */
4236 for (i
= smartlist_len(routerlist
->old_routers
)-1; i
>= 0; --i
) {
4237 signed_descriptor_t
*r
= smartlist_get(routerlist
->old_routers
, i
);
4239 cur_id
= r
->identity_digest
;
4242 if (tor_memneq(cur_id
, r
->identity_digest
, DIGEST_LEN
)) {
4243 routerlist_remove_old_cached_routers_with_id(now
,
4244 cutoff
, i
+1, hi
, retain
);
4245 cur_id
= r
->identity_digest
;
4250 routerlist_remove_old_cached_routers_with_id(now
, cutoff
, 0, hi
, retain
);
4251 //routerlist_assert_ok(routerlist);
4254 digestset_free(retain
);
4255 router_rebuild_store(RRS_DONT_REMOVE_OLD
, &routerlist
->desc_store
);
4256 router_rebuild_store(RRS_DONT_REMOVE_OLD
,&routerlist
->extrainfo_store
);
4259 /** We just added a new set of descriptors. Take whatever extra steps
4262 routerlist_descriptors_added(smartlist_t
*sl
, int from_cache
)
4265 control_event_descriptors_changed(sl
);
4266 SMARTLIST_FOREACH_BEGIN(sl
, routerinfo_t
*, ri
) {
4267 if (ri
->purpose
== ROUTER_PURPOSE_BRIDGE
)
4268 learned_bridge_descriptor(ri
, from_cache
);
4269 if (ri
->needs_retest_if_added
) {
4270 ri
->needs_retest_if_added
= 0;
4271 dirserv_single_reachability_test(approx_time(), ri
);
4273 } SMARTLIST_FOREACH_END(ri
);
4277 * Code to parse a single router descriptor and insert it into the
4278 * routerlist. Return -1 if the descriptor was ill-formed; 0 if the
4279 * descriptor was well-formed but could not be added; and 1 if the
4280 * descriptor was added.
4282 * If we don't add it and <b>msg</b> is not NULL, then assign to
4283 * *<b>msg</b> a static string describing the reason for refusing the
4286 * This is used only by the controller.
4289 router_load_single_router(const char *s
, uint8_t purpose
, int cache
,
4293 was_router_added_t r
;
4295 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
4299 tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
4300 "@source controller\n"
4301 "@purpose %s\n", router_purpose_to_string(purpose
));
4303 if (!(ri
= router_parse_entry_from_string(s
, NULL
, 1, 0,
4304 annotation_buf
, NULL
))) {
4305 log_warn(LD_DIR
, "Error parsing router descriptor; dropping.");
4306 *msg
= "Couldn't parse router descriptor.";
4309 tor_assert(ri
->purpose
== purpose
);
4310 if (router_is_me(ri
)) {
4311 log_warn(LD_DIR
, "Router's identity key matches mine; dropping.");
4312 *msg
= "Router's identity key matches mine.";
4313 routerinfo_free(ri
);
4317 if (!cache
) /* obey the preference of the controller */
4318 ri
->cache_info
.do_not_cache
= 1;
4320 lst
= smartlist_new();
4321 smartlist_add(lst
, ri
);
4322 routers_update_status_from_consensus_networkstatus(lst
, 0);
4324 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
4325 if (!WRA_WAS_ADDED(r
)) {
4326 /* we've already assigned to *msg now, and ri is already freed */
4328 if (r
== ROUTER_AUTHDIR_REJECTS
)
4329 log_warn(LD_DIR
, "Couldn't add router to list: %s Dropping.", *msg
);
4330 smartlist_free(lst
);
4333 routerlist_descriptors_added(lst
, 0);
4334 smartlist_free(lst
);
4335 log_debug(LD_DIR
, "Added router to list");
4340 /** Given a string <b>s</b> containing some routerdescs, parse it and put the
4341 * routers into our directory. If saved_location is SAVED_NOWHERE, the routers
4342 * are in response to a query to the network: cache them by adding them to
4345 * Return the number of routers actually added.
4347 * If <b>requested_fingerprints</b> is provided, it must contain a list of
4348 * uppercased fingerprints. Do not update any router whose
4349 * fingerprint is not on the list; after updating a router, remove its
4350 * fingerprint from the list.
4352 * If <b>descriptor_digests</b> is non-zero, then the requested_fingerprints
4353 * are descriptor digests. Otherwise they are identity digests.
4356 router_load_routers_from_string(const char *s
, const char *eos
,
4357 saved_location_t saved_location
,
4358 smartlist_t
*requested_fingerprints
,
4359 int descriptor_digests
,
4360 const char *prepend_annotations
)
4362 smartlist_t
*routers
= smartlist_new(), *changed
= smartlist_new();
4363 char fp
[HEX_DIGEST_LEN
+1];
4365 int from_cache
= (saved_location
!= SAVED_NOWHERE
);
4366 int allow_annotations
= (saved_location
!= SAVED_NOWHERE
);
4367 int any_changed
= 0;
4368 smartlist_t
*invalid_digests
= smartlist_new();
4370 router_parse_list_from_string(&s
, eos
, routers
, saved_location
, 0,
4371 allow_annotations
, prepend_annotations
,
4374 routers_update_status_from_consensus_networkstatus(routers
, !from_cache
);
4376 log_info(LD_DIR
, "%d elements to add", smartlist_len(routers
));
4378 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
4379 was_router_added_t r
;
4381 if (requested_fingerprints
) {
4382 base16_encode(fp
, sizeof(fp
), descriptor_digests
?
4383 ri
->cache_info
.signed_descriptor_digest
:
4384 ri
->cache_info
.identity_digest
,
4386 if (smartlist_contains_string(requested_fingerprints
, fp
)) {
4387 smartlist_string_remove(requested_fingerprints
, fp
);
4390 smartlist_join_strings(requested_fingerprints
," ",0,NULL
);
4392 "We received a router descriptor with a fingerprint (%s) "
4393 "that we never requested. (We asked for: %s.) Dropping.",
4395 tor_free(requested
);
4396 routerinfo_free(ri
);
4401 memcpy(d
, ri
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
4402 r
= router_add_to_routerlist(ri
, &msg
, from_cache
, !from_cache
);
4403 if (WRA_WAS_ADDED(r
)) {
4405 smartlist_add(changed
, ri
);
4406 routerlist_descriptors_added(changed
, from_cache
);
4407 smartlist_clear(changed
);
4408 } else if (WRA_NEVER_DOWNLOADABLE(r
)) {
4409 download_status_t
*dl_status
;
4410 dl_status
= router_get_dl_status_by_descriptor_digest(d
);
4412 log_info(LD_GENERAL
, "Marking router %s as never downloadable",
4413 hex_str(d
, DIGEST_LEN
));
4414 download_status_mark_impossible(dl_status
);
4417 } SMARTLIST_FOREACH_END(ri
);
4419 SMARTLIST_FOREACH_BEGIN(invalid_digests
, const uint8_t *, bad_digest
) {
4420 /* This digest is never going to be parseable. */
4421 base16_encode(fp
, sizeof(fp
), (char*)bad_digest
, DIGEST_LEN
);
4422 if (requested_fingerprints
&& descriptor_digests
) {
4423 if (! smartlist_contains_string(requested_fingerprints
, fp
)) {
4424 /* But we didn't ask for it, so we should assume shennanegans. */
4427 smartlist_string_remove(requested_fingerprints
, fp
);
4429 download_status_t
*dls
;
4430 dls
= router_get_dl_status_by_descriptor_digest((char*)bad_digest
);
4432 log_info(LD_GENERAL
, "Marking router with descriptor %s as unparseable, "
4433 "and therefore undownloadable", fp
);
4434 download_status_mark_impossible(dls
);
4436 } SMARTLIST_FOREACH_END(bad_digest
);
4437 SMARTLIST_FOREACH(invalid_digests
, uint8_t *, d
, tor_free(d
));
4438 smartlist_free(invalid_digests
);
4440 routerlist_assert_ok(routerlist
);
4443 router_rebuild_store(0, &routerlist
->desc_store
);
4445 smartlist_free(routers
);
4446 smartlist_free(changed
);
4451 /** Parse one or more extrainfos from <b>s</b> (ending immediately before
4452 * <b>eos</b> if <b>eos</b> is present). Other arguments are as for
4453 * router_load_routers_from_string(). */
4455 router_load_extrainfo_from_string(const char *s
, const char *eos
,
4456 saved_location_t saved_location
,
4457 smartlist_t
*requested_fingerprints
,
4458 int descriptor_digests
)
4460 smartlist_t
*extrainfo_list
= smartlist_new();
4462 int from_cache
= (saved_location
!= SAVED_NOWHERE
);
4463 smartlist_t
*invalid_digests
= smartlist_new();
4465 router_parse_list_from_string(&s
, eos
, extrainfo_list
, saved_location
, 1, 0,
4466 NULL
, invalid_digests
);
4468 log_info(LD_DIR
, "%d elements to add", smartlist_len(extrainfo_list
));
4470 SMARTLIST_FOREACH_BEGIN(extrainfo_list
, extrainfo_t
*, ei
) {
4471 uint8_t d
[DIGEST_LEN
];
4472 memcpy(d
, ei
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
4473 was_router_added_t added
=
4474 router_add_extrainfo_to_routerlist(ei
, &msg
, from_cache
, !from_cache
);
4475 if (WRA_WAS_ADDED(added
) && requested_fingerprints
) {
4476 char fp
[HEX_DIGEST_LEN
+1];
4477 base16_encode(fp
, sizeof(fp
), descriptor_digests
?
4478 ei
->cache_info
.signed_descriptor_digest
:
4479 ei
->cache_info
.identity_digest
,
4481 smartlist_string_remove(requested_fingerprints
, fp
);
4482 /* We silently let relays stuff us with extrainfos we didn't ask for,
4483 * so long as we would have wanted them anyway. Since we always fetch
4484 * all the extrainfos we want, and we never actually act on them
4485 * inside Tor, this should be harmless. */
4486 } else if (WRA_NEVER_DOWNLOADABLE(added
)) {
4487 signed_descriptor_t
*sd
= router_get_by_extrainfo_digest((char*)d
);
4489 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
4490 "unparseable, and therefore undownloadable",
4491 hex_str((char*)d
,DIGEST_LEN
));
4492 download_status_mark_impossible(&sd
->ei_dl_status
);
4495 } SMARTLIST_FOREACH_END(ei
);
4497 SMARTLIST_FOREACH_BEGIN(invalid_digests
, const uint8_t *, bad_digest
) {
4498 /* This digest is never going to be parseable. */
4499 char fp
[HEX_DIGEST_LEN
+1];
4500 base16_encode(fp
, sizeof(fp
), (char*)bad_digest
, DIGEST_LEN
);
4501 if (requested_fingerprints
) {
4502 if (! smartlist_contains_string(requested_fingerprints
, fp
)) {
4503 /* But we didn't ask for it, so we should assume shennanegans. */
4506 smartlist_string_remove(requested_fingerprints
, fp
);
4508 signed_descriptor_t
*sd
=
4509 router_get_by_extrainfo_digest((char*)bad_digest
);
4511 log_info(LD_GENERAL
, "Marking extrainfo with descriptor %s as "
4512 "unparseable, and therefore undownloadable", fp
);
4513 download_status_mark_impossible(&sd
->ei_dl_status
);
4515 } SMARTLIST_FOREACH_END(bad_digest
);
4516 SMARTLIST_FOREACH(invalid_digests
, uint8_t *, d
, tor_free(d
));
4517 smartlist_free(invalid_digests
);
4519 routerlist_assert_ok(routerlist
);
4520 router_rebuild_store(0, &router_get_routerlist()->extrainfo_store
);
4522 smartlist_free(extrainfo_list
);
4525 /** Return true iff the latest ns-flavored consensus includes a descriptor
4526 * whose digest is that of <b>desc</b>. */
4528 signed_desc_digest_is_recognized(signed_descriptor_t
*desc
)
4530 const routerstatus_t
*rs
;
4531 networkstatus_t
*consensus
= networkstatus_get_latest_consensus_by_flavor(
4535 rs
= networkstatus_vote_find_entry(consensus
, desc
->identity_digest
);
4536 if (rs
&& tor_memeq(rs
->descriptor_digest
,
4537 desc
->signed_descriptor_digest
, DIGEST_LEN
))
4543 /** Update downloads for router descriptors and/or microdescriptors as
4546 update_all_descriptor_downloads(time_t now
)
4548 if (get_options()->DisableNetwork
)
4550 update_router_descriptor_downloads(now
);
4551 update_microdesc_downloads(now
);
4552 launch_dummy_descriptor_download_as_needed(now
, get_options());
4555 /** Clear all our timeouts for fetching v3 directory stuff, and then
4556 * give it all a try again. */
4558 routerlist_retry_directory_downloads(time_t now
)
4562 log_debug(LD_GENERAL
,
4563 "In routerlist_retry_directory_downloads()");
4565 router_reset_status_download_failures();
4566 router_reset_descriptor_download_failures();
4567 reschedule_directory_downloads();
4570 /** Return true iff <b>router</b> does not permit exit streams.
4573 router_exit_policy_rejects_all(const routerinfo_t
*router
)
4575 return router
->policy_is_reject_star
;
4578 /** Create a directory server at <b>address</b>:<b>port</b>, with OR identity
4579 * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL,
4580 * add ourself. If <b>is_authority</b>, this is a directory authority. Return
4581 * the new directory server entry on success or NULL on failure. */
4582 static dir_server_t
*
4583 dir_server_new(int is_authority
,
4584 const char *nickname
,
4585 const tor_addr_t
*addr
,
4586 const char *hostname
,
4587 uint16_t dir_port
, uint16_t or_port
,
4588 const tor_addr_port_t
*addrport_ipv6
,
4589 const char *digest
, const char *v3_auth_digest
,
4590 dirinfo_type_t type
,
4595 char *hostname_
= NULL
;
4602 if (tor_addr_family(addr
) == AF_INET
)
4603 a
= tor_addr_to_ipv4h(addr
);
4608 hostname_
= tor_addr_to_str_dup(addr
);
4610 hostname_
= tor_strdup(hostname
);
4612 ent
= tor_malloc_zero(sizeof(dir_server_t
));
4613 ent
->nickname
= nickname
? tor_strdup(nickname
) : NULL
;
4614 ent
->address
= hostname_
;
4616 ent
->dir_port
= dir_port
;
4617 ent
->or_port
= or_port
;
4618 ent
->is_running
= 1;
4619 ent
->is_authority
= is_authority
;
4621 ent
->weight
= weight
;
4622 if (addrport_ipv6
) {
4623 if (tor_addr_family(&addrport_ipv6
->addr
) != AF_INET6
) {
4624 log_warn(LD_BUG
, "Hey, I got a non-ipv6 addr as addrport_ipv6.");
4625 tor_addr_make_unspec(&ent
->ipv6_addr
);
4627 tor_addr_copy(&ent
->ipv6_addr
, &addrport_ipv6
->addr
);
4628 ent
->ipv6_orport
= addrport_ipv6
->port
;
4631 tor_addr_make_unspec(&ent
->ipv6_addr
);
4634 memcpy(ent
->digest
, digest
, DIGEST_LEN
);
4635 if (v3_auth_digest
&& (type
& V3_DIRINFO
))
4636 memcpy(ent
->v3_identity_digest
, v3_auth_digest
, DIGEST_LEN
);
4639 tor_asprintf(&ent
->description
, "directory server \"%s\" at %s:%d",
4640 nickname
, hostname_
, (int)dir_port
);
4642 tor_asprintf(&ent
->description
, "directory server at %s:%d",
4643 hostname_
, (int)dir_port
);
4645 ent
->fake_status
.addr
= ent
->addr
;
4646 tor_addr_copy(&ent
->fake_status
.ipv6_addr
, &ent
->ipv6_addr
);
4647 memcpy(ent
->fake_status
.identity_digest
, digest
, DIGEST_LEN
);
4649 strlcpy(ent
->fake_status
.nickname
, nickname
,
4650 sizeof(ent
->fake_status
.nickname
));
4652 ent
->fake_status
.nickname
[0] = '\0';
4653 ent
->fake_status
.dir_port
= ent
->dir_port
;
4654 ent
->fake_status
.or_port
= ent
->or_port
;
4655 ent
->fake_status
.ipv6_orport
= ent
->ipv6_orport
;
4660 /** Create an authoritative directory server at
4661 * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
4662 * <b>address</b> is NULL, add ourself. Return the new trusted directory
4663 * server entry on success or NULL if we couldn't add it. */
4665 trusted_dir_server_new(const char *nickname
, const char *address
,
4666 uint16_t dir_port
, uint16_t or_port
,
4667 const tor_addr_port_t
*ipv6_addrport
,
4668 const char *digest
, const char *v3_auth_digest
,
4669 dirinfo_type_t type
, double weight
)
4673 char *hostname
=NULL
;
4674 dir_server_t
*result
;
4676 if (!address
) { /* The address is us; we should guess. */
4677 if (resolve_my_address(LOG_WARN
, get_options(),
4678 &a
, NULL
, &hostname
) < 0) {
4680 "Couldn't find a suitable address when adding ourself as a "
4681 "trusted directory server.");
4685 hostname
= tor_dup_ip(a
);
4687 if (tor_lookup_hostname(address
, &a
)) {
4689 "Unable to lookup address for directory server at '%s'",
4693 hostname
= tor_strdup(address
);
4695 tor_addr_from_ipv4h(&addr
, a
);
4697 result
= dir_server_new(1, nickname
, &addr
, hostname
,
4701 v3_auth_digest
, type
, weight
);
4706 /** Return a new dir_server_t for a fallback directory server at
4707 * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
4708 * <b>id_digest</b> */
4710 fallback_dir_server_new(const tor_addr_t
*addr
,
4711 uint16_t dir_port
, uint16_t or_port
,
4712 const tor_addr_port_t
*addrport_ipv6
,
4713 const char *id_digest
, double weight
)
4715 return dir_server_new(0, NULL
, addr
, NULL
, dir_port
, or_port
,
4718 NULL
, ALL_DIRINFO
, weight
);
4721 /** Add a directory server to the global list(s). */
4723 dir_server_add(dir_server_t
*ent
)
4725 if (!trusted_dir_servers
)
4726 trusted_dir_servers
= smartlist_new();
4727 if (!fallback_dir_servers
)
4728 fallback_dir_servers
= smartlist_new();
4730 if (ent
->is_authority
)
4731 smartlist_add(trusted_dir_servers
, ent
);
4733 smartlist_add(fallback_dir_servers
, ent
);
4734 router_dir_info_changed();
4737 /** Free storage held in <b>cert</b>. */
4739 authority_cert_free(authority_cert_t
*cert
)
4744 tor_free(cert
->cache_info
.signed_descriptor_body
);
4745 crypto_pk_free(cert
->signing_key
);
4746 crypto_pk_free(cert
->identity_key
);
4751 /** Free storage held in <b>ds</b>. */
4753 dir_server_free(dir_server_t
*ds
)
4758 tor_free(ds
->nickname
);
4759 tor_free(ds
->description
);
4760 tor_free(ds
->address
);
4764 /** Remove all members from the list of dir servers. */
4766 clear_dir_servers(void)
4768 if (fallback_dir_servers
) {
4769 SMARTLIST_FOREACH(fallback_dir_servers
, dir_server_t
*, ent
,
4770 dir_server_free(ent
));
4771 smartlist_clear(fallback_dir_servers
);
4773 fallback_dir_servers
= smartlist_new();
4775 if (trusted_dir_servers
) {
4776 smartlist_clear(trusted_dir_servers
);
4778 trusted_dir_servers
= smartlist_new();
4780 router_dir_info_changed();
4783 /** For every current directory connection whose purpose is <b>purpose</b>,
4784 * and where the resource being downloaded begins with <b>prefix</b>, split
4785 * rest of the resource into base16 fingerprints (or base64 fingerprints if
4786 * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
4787 * corresponding elements of <b>result</b> to a nonzero value.
4790 list_pending_downloads(digestmap_t
*result
, digest256map_t
*result256
,
4791 int purpose
, const char *prefix
)
4793 const size_t p_len
= strlen(prefix
);
4794 smartlist_t
*tmp
= smartlist_new();
4795 smartlist_t
*conns
= get_connection_array();
4796 int flags
= DSR_HEX
;
4797 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
)
4798 flags
= DSR_DIGEST256
|DSR_BASE64
;
4800 tor_assert(result
|| result256
);
4802 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
4803 if (conn
->type
== CONN_TYPE_DIR
&&
4804 conn
->purpose
== purpose
&&
4805 !conn
->marked_for_close
) {
4806 const char *resource
= TO_DIR_CONN(conn
)->requested_resource
;
4807 if (!strcmpstart(resource
, prefix
))
4808 dir_split_resource_into_fingerprints(resource
+ p_len
,
4811 } SMARTLIST_FOREACH_END(conn
);
4814 SMARTLIST_FOREACH(tmp
, char *, d
,
4816 digestmap_set(result
, d
, (void*)1);
4819 } else if (result256
) {
4820 SMARTLIST_FOREACH(tmp
, uint8_t *, d
,
4822 digest256map_set(result256
, d
, (void*)1);
4826 smartlist_free(tmp
);
4829 /** For every router descriptor (or extra-info document if <b>extrainfo</b> is
4830 * true) we are currently downloading by descriptor digest, set result[d] to
4833 list_pending_descriptor_downloads(digestmap_t
*result
, int extrainfo
)
4836 extrainfo
? DIR_PURPOSE_FETCH_EXTRAINFO
: DIR_PURPOSE_FETCH_SERVERDESC
;
4837 list_pending_downloads(result
, NULL
, purpose
, "d/");
4840 /** For every microdescriptor we are currently downloading by descriptor
4841 * digest, set result[d] to (void*)1.
4844 list_pending_microdesc_downloads(digest256map_t
*result
)
4846 list_pending_downloads(NULL
, result
, DIR_PURPOSE_FETCH_MICRODESC
, "d/");
4849 /** For every certificate we are currently downloading by (identity digest,
4850 * signing key digest) pair, set result[fp_pair] to (void *1).
4853 list_pending_fpsk_downloads(fp_pair_map_t
*result
)
4855 const char *pfx
= "fp-sk/";
4858 const char *resource
;
4862 tmp
= smartlist_new();
4863 conns
= get_connection_array();
4865 SMARTLIST_FOREACH_BEGIN(conns
, connection_t
*, conn
) {
4866 if (conn
->type
== CONN_TYPE_DIR
&&
4867 conn
->purpose
== DIR_PURPOSE_FETCH_CERTIFICATE
&&
4868 !conn
->marked_for_close
) {
4869 resource
= TO_DIR_CONN(conn
)->requested_resource
;
4870 if (!strcmpstart(resource
, pfx
))
4871 dir_split_resource_into_fingerprint_pairs(resource
+ strlen(pfx
),
4874 } SMARTLIST_FOREACH_END(conn
);
4876 SMARTLIST_FOREACH_BEGIN(tmp
, fp_pair_t
*, fp
) {
4877 fp_pair_map_set(result
, fp
, (void*)1);
4879 } SMARTLIST_FOREACH_END(fp
);
4881 smartlist_free(tmp
);
4884 /** Launch downloads for all the descriptors whose digests or digests256
4885 * are listed as digests[i] for lo <= i < hi. (Lo and hi may be out of
4886 * range.) If <b>source</b> is given, download from <b>source</b>;
4887 * otherwise, download from an appropriate random directory server.
4889 MOCK_IMPL(STATIC
void,
4890 initiate_descriptor_downloads
,(const routerstatus_t
*source
,
4891 int purpose
, smartlist_t
*digests
,
4892 int lo
, int hi
, int pds_flags
))
4894 char *resource
, *cp
;
4895 int digest_len
, enc_digest_len
;
4900 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
) {
4901 /* Microdescriptors are downloaded by "-"-separated base64-encoded
4902 * 256-bit digests. */
4903 digest_len
= DIGEST256_LEN
;
4904 enc_digest_len
= BASE64_DIGEST256_LEN
+ 1;
4908 digest_len
= DIGEST_LEN
;
4909 enc_digest_len
= HEX_DIGEST_LEN
+ 1;
4916 if (hi
> smartlist_len(digests
))
4917 hi
= smartlist_len(digests
);
4922 tmp
= smartlist_new();
4924 for (; lo
< hi
; ++lo
) {
4925 cp
= tor_malloc(enc_digest_len
);
4927 digest256_to_base64(cp
, smartlist_get(digests
, lo
));
4929 base16_encode(cp
, enc_digest_len
, smartlist_get(digests
, lo
),
4932 smartlist_add(tmp
, cp
);
4935 cp
= smartlist_join_strings(tmp
, sep
, 0, NULL
);
4936 tor_asprintf(&resource
, "d/%s.z", cp
);
4938 SMARTLIST_FOREACH(tmp
, char *, cp1
, tor_free(cp1
));
4939 smartlist_free(tmp
);
4943 /* We know which authority or directory mirror we want. */
4944 directory_request_t
*req
= directory_request_new(purpose
);
4945 directory_request_set_routerstatus(req
, source
);
4946 directory_request_set_resource(req
, resource
);
4947 directory_initiate_request(req
);
4948 directory_request_free(req
);
4950 directory_get_from_dirserver(purpose
, ROUTER_PURPOSE_GENERAL
, resource
,
4951 pds_flags
, DL_WANT_ANY_DIRSERVER
);
4956 /** Return the max number of hashes to put in a URL for a given request.
4959 max_dl_per_request(const or_options_t
*options
, int purpose
)
4961 /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
4962 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4963 * /tor/server/d/.z) == 4026
4964 * 4026/41 (40 for the hash and 1 for the + that separates them) => 98
4965 * So use 96 because it's a nice number.
4967 * For microdescriptors, the calculation is
4968 * 4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
4969 * /tor/micro/d/.z) == 4027
4970 * 4027/44 (43 for the hash and 1 for the - that separates them) => 91
4971 * So use 90 because it's a nice number.
4974 if (purpose
== DIR_PURPOSE_FETCH_MICRODESC
) {
4977 /* If we're going to tunnel our connections, we can ask for a lot more
4979 if (directory_must_use_begindir(options
)) {
4985 /** Don't split our requests so finely that we are requesting fewer than
4986 * this number per server. (Grouping more than this at once leads to
4987 * diminishing returns.) */
4988 #define MIN_DL_PER_REQUEST 32
4989 /** To prevent a single screwy cache from confusing us by selective reply,
4990 * try to split our requests into at least this many requests. */
4991 #define MIN_REQUESTS 3
4992 /** If we want fewer than this many descriptors, wait until we
4993 * want more, or until TestingClientMaxIntervalWithoutRequest has passed. */
4994 #define MAX_DL_TO_DELAY 16
4996 /** Given a <b>purpose</b> (FETCH_MICRODESC or FETCH_SERVERDESC) and a list of
4997 * router descriptor digests or microdescriptor digest256s in
4998 * <b>downloadable</b>, decide whether to delay fetching until we have more.
4999 * If we don't want to delay, launch one or more requests to the appropriate
5000 * directory authorities.
5003 launch_descriptor_downloads(int purpose
,
5004 smartlist_t
*downloadable
,
5005 const routerstatus_t
*source
, time_t now
)
5007 const or_options_t
*options
= get_options();
5008 const char *descname
;
5009 const int fetch_microdesc
= (purpose
== DIR_PURPOSE_FETCH_MICRODESC
);
5010 int n_downloadable
= smartlist_len(downloadable
);
5012 int i
, n_per_request
, max_dl_per_req
;
5013 const char *req_plural
= "", *rtr_plural
= "";
5014 int pds_flags
= PDS_RETRY_IF_NO_SERVERS
;
5016 tor_assert(fetch_microdesc
|| purpose
== DIR_PURPOSE_FETCH_SERVERDESC
);
5017 descname
= fetch_microdesc
? "microdesc" : "routerdesc";
5019 if (!n_downloadable
)
5022 if (!directory_fetches_dir_info_early(options
)) {
5023 if (n_downloadable
>= MAX_DL_TO_DELAY
) {
5025 "There are enough downloadable %ss to launch requests.",
5030 if ((last_descriptor_download_attempted
+
5031 options
->TestingClientMaxIntervalWithoutRequest
) > now
)
5034 if (last_descriptor_download_attempted
) {
5036 "There are not many downloadable %ss, but we've "
5037 "been waiting long enough (%d seconds). Downloading.",
5039 (int)(now
-last_descriptor_download_attempted
));
5042 "There are not many downloadable %ss, but we haven't "
5043 "tried downloading descriptors recently. Downloading.",
5049 if (!authdir_mode(options
)) {
5050 /* If we wind up going to the authorities, we want to only open one
5051 * connection to each authority at a time, so that we don't overload
5052 * them. We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
5053 * regardless of whether we're a cache or not.
5055 * Setting this flag can make initiate_descriptor_downloads() ignore
5056 * requests. We need to make sure that we do in fact call
5057 * update_router_descriptor_downloads() later on, once the connections
5058 * have succeeded or failed.
5060 pds_flags
|= fetch_microdesc
?
5061 PDS_NO_EXISTING_MICRODESC_FETCH
:
5062 PDS_NO_EXISTING_SERVERDESC_FETCH
;
5065 n_per_request
= CEIL_DIV(n_downloadable
, MIN_REQUESTS
);
5066 max_dl_per_req
= max_dl_per_request(options
, purpose
);
5068 if (n_per_request
> max_dl_per_req
)
5069 n_per_request
= max_dl_per_req
;
5071 if (n_per_request
< MIN_DL_PER_REQUEST
) {
5072 n_per_request
= MIN(MIN_DL_PER_REQUEST
, n_downloadable
);
5075 if (n_downloadable
> n_per_request
)
5076 req_plural
= rtr_plural
= "s";
5077 else if (n_downloadable
> 1)
5081 "Launching %d request%s for %d %s%s, %d at a time",
5082 CEIL_DIV(n_downloadable
, n_per_request
), req_plural
,
5083 n_downloadable
, descname
, rtr_plural
, n_per_request
);
5084 smartlist_sort_digests(downloadable
);
5085 for (i
=0; i
< n_downloadable
; i
+= n_per_request
) {
5086 initiate_descriptor_downloads(source
, purpose
,
5087 downloadable
, i
, i
+n_per_request
,
5090 last_descriptor_download_attempted
= now
;
5093 /** For any descriptor that we want that's currently listed in
5094 * <b>consensus</b>, download it as appropriate. */
5096 update_consensus_router_descriptor_downloads(time_t now
, int is_vote
,
5097 networkstatus_t
*consensus
)
5099 const or_options_t
*options
= get_options();
5100 digestmap_t
*map
= NULL
;
5101 smartlist_t
*no_longer_old
= smartlist_new();
5102 smartlist_t
*downloadable
= smartlist_new();
5103 routerstatus_t
*source
= NULL
;
5104 int authdir
= authdir_mode(options
);
5105 int n_delayed
=0, n_have
=0, n_would_reject
=0, n_wouldnt_use
=0,
5106 n_inprogress
=0, n_in_oldrouters
=0;
5108 if (directory_too_idle_to_fetch_descriptors(options
, now
))
5114 /* where's it from, so we know whom to ask for descriptors */
5116 networkstatus_voter_info_t
*voter
= smartlist_get(consensus
->voters
, 0);
5118 ds
= trusteddirserver_get_by_v3_auth_digest(voter
->identity_digest
);
5120 source
= &(ds
->fake_status
);
5122 log_warn(LD_DIR
, "couldn't lookup source from vote?");
5125 map
= digestmap_new();
5126 list_pending_descriptor_downloads(map
, 0);
5127 SMARTLIST_FOREACH_BEGIN(consensus
->routerstatus_list
, void *, rsp
) {
5128 routerstatus_t
*rs
=
5129 is_vote
? &(((vote_routerstatus_t
*)rsp
)->status
) : rsp
;
5130 signed_descriptor_t
*sd
;
5131 if ((sd
= router_get_by_descriptor_digest(rs
->descriptor_digest
))) {
5132 const routerinfo_t
*ri
;
5134 if (!(ri
= router_get_by_id_digest(rs
->identity_digest
)) ||
5135 tor_memneq(ri
->cache_info
.signed_descriptor_digest
,
5136 sd
->signed_descriptor_digest
, DIGEST_LEN
)) {
5137 /* We have a descriptor with this digest, but either there is no
5138 * entry in routerlist with the same ID (!ri), or there is one,
5139 * but the identity digest differs (memneq).
5141 smartlist_add(no_longer_old
, sd
);
5142 ++n_in_oldrouters
; /* We have it in old_routers. */
5144 continue; /* We have it already. */
5146 if (digestmap_get(map
, rs
->descriptor_digest
)) {
5148 continue; /* We have an in-progress download. */
5150 if (!download_status_is_ready(&rs
->dl_status
, now
,
5151 options
->TestingDescriptorMaxDownloadTries
)) {
5152 ++n_delayed
; /* Not ready for retry. */
5155 if (authdir
&& dirserv_would_reject_router(rs
)) {
5157 continue; /* We would throw it out immediately. */
5159 if (!we_want_to_fetch_flavor(options
, consensus
->flavor
) &&
5160 !client_would_use_router(rs
, now
)) {
5162 continue; /* We would never use it ourself. */
5164 if (is_vote
&& source
) {
5165 char time_bufnew
[ISO_TIME_LEN
+1];
5166 char time_bufold
[ISO_TIME_LEN
+1];
5167 const routerinfo_t
*oldrouter
;
5168 oldrouter
= router_get_by_id_digest(rs
->identity_digest
);
5169 format_iso_time(time_bufnew
, rs
->published_on
);
5171 format_iso_time(time_bufold
, oldrouter
->cache_info
.published_on
);
5172 log_info(LD_DIR
, "Learned about %s (%s vs %s) from %s's vote (%s)",
5173 routerstatus_describe(rs
),
5175 oldrouter
? time_bufold
: "none",
5176 source
->nickname
, oldrouter
? "known" : "unknown");
5178 smartlist_add(downloadable
, rs
->descriptor_digest
);
5179 } SMARTLIST_FOREACH_END(rsp
);
5181 if (!authdir_mode_v3(options
)
5182 && smartlist_len(no_longer_old
)) {
5183 routerlist_t
*rl
= router_get_routerlist();
5184 log_info(LD_DIR
, "%d router descriptors listed in consensus are "
5185 "currently in old_routers; making them current.",
5186 smartlist_len(no_longer_old
));
5187 SMARTLIST_FOREACH_BEGIN(no_longer_old
, signed_descriptor_t
*, sd
) {
5189 was_router_added_t r
;
5190 routerinfo_t
*ri
= routerlist_reparse_old(rl
, sd
);
5192 log_warn(LD_BUG
, "Failed to re-parse a router.");
5195 r
= router_add_to_routerlist(ri
, &msg
, 1, 0);
5196 if (WRA_WAS_OUTDATED(r
)) {
5197 log_warn(LD_DIR
, "Couldn't add re-parsed router: %s",
5200 } SMARTLIST_FOREACH_END(sd
);
5201 routerlist_assert_ok(rl
);
5205 "%d router descriptors downloadable. %d delayed; %d present "
5206 "(%d of those were in old_routers); %d would_reject; "
5207 "%d wouldnt_use; %d in progress.",
5208 smartlist_len(downloadable
), n_delayed
, n_have
, n_in_oldrouters
,
5209 n_would_reject
, n_wouldnt_use
, n_inprogress
);
5211 launch_descriptor_downloads(DIR_PURPOSE_FETCH_SERVERDESC
,
5212 downloadable
, source
, now
);
5214 digestmap_free(map
, NULL
);
5216 smartlist_free(downloadable
);
5217 smartlist_free(no_longer_old
);
5220 /** How often should we launch a server/authority request to be sure of getting
5221 * a guess for our IP? */
5222 /*XXXX+ this info should come from netinfo cells or something, or we should
5223 * do this only when we aren't seeing incoming data. see bug 652. */
5224 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
5226 /** As needed, launch a dummy router descriptor fetch to see if our
5227 * address has changed. */
5229 launch_dummy_descriptor_download_as_needed(time_t now
,
5230 const or_options_t
*options
)
5232 static time_t last_dummy_download
= 0;
5233 /* XXXX+ we could be smarter here; see notes on bug 652. */
5234 /* If we're a server that doesn't have a configured address, we rely on
5235 * directory fetches to learn when our address changes. So if we haven't
5236 * tried to get any routerdescs in a long time, try a dummy fetch now. */
5237 if (!options
->Address
&&
5238 server_mode(options
) &&
5239 last_descriptor_download_attempted
+ DUMMY_DOWNLOAD_INTERVAL
< now
&&
5240 last_dummy_download
+ DUMMY_DOWNLOAD_INTERVAL
< now
) {
5241 last_dummy_download
= now
;
5242 /* XX/teor - do we want an authority here, because they are less likely
5243 * to give us the wrong address? (See #17782)
5244 * I'm leaving the previous behaviour intact, because I don't like
5245 * the idea of some relays contacting an authority every 20 minutes. */
5246 directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC
,
5247 ROUTER_PURPOSE_GENERAL
, "authority.z",
5248 PDS_RETRY_IF_NO_SERVERS
,
5249 DL_WANT_ANY_DIRSERVER
);
5253 /** Launch downloads for router status as needed. */
5255 update_router_descriptor_downloads(time_t now
)
5257 const or_options_t
*options
= get_options();
5258 if (should_delay_dir_fetches(options
, NULL
))
5260 if (!we_fetch_router_descriptors(options
))
5263 update_consensus_router_descriptor_downloads(now
, 0,
5264 networkstatus_get_reasonably_live_consensus(now
, FLAV_NS
));
5267 /** Launch extrainfo downloads as needed. */
5269 update_extrainfo_downloads(time_t now
)
5271 const or_options_t
*options
= get_options();
5273 smartlist_t
*wanted
;
5274 digestmap_t
*pending
;
5275 int old_routers
, i
, max_dl_per_req
;
5276 int n_no_ei
= 0, n_pending
= 0, n_have
= 0, n_delay
= 0, n_bogus
[2] = {0,0};
5277 if (! options
->DownloadExtraInfo
)
5279 if (should_delay_dir_fetches(options
, NULL
))
5281 if (!router_have_minimum_dir_info())
5284 pending
= digestmap_new();
5285 list_pending_descriptor_downloads(pending
, 1);
5286 rl
= router_get_routerlist();
5287 wanted
= smartlist_new();
5288 for (old_routers
= 0; old_routers
< 2; ++old_routers
) {
5289 smartlist_t
*lst
= old_routers
? rl
->old_routers
: rl
->routers
;
5290 for (i
= 0; i
< smartlist_len(lst
); ++i
) {
5291 signed_descriptor_t
*sd
;
5294 sd
= smartlist_get(lst
, i
);
5296 sd
= &((routerinfo_t
*)smartlist_get(lst
, i
))->cache_info
;
5297 if (sd
->is_extrainfo
)
5298 continue; /* This should never happen. */
5299 if (old_routers
&& !router_get_by_id_digest(sd
->identity_digest
))
5300 continue; /* Couldn't check the signature if we got it. */
5301 if (sd
->extrainfo_is_bogus
)
5303 d
= sd
->extra_info_digest
;
5304 if (tor_digest_is_zero(d
)) {
5308 if (eimap_get(rl
->extra_info_map
, d
)) {
5312 if (!download_status_is_ready(&sd
->ei_dl_status
, now
,
5313 options
->TestingDescriptorMaxDownloadTries
)) {
5317 if (digestmap_get(pending
, d
)) {
5322 const signed_descriptor_t
*sd2
= router_get_by_extrainfo_digest(d
);
5325 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
5326 char d3
[HEX_DIGEST_LEN
+1], d4
[HEX_DIGEST_LEN
+1];
5327 base16_encode(d1
, sizeof(d1
), sd
->identity_digest
, DIGEST_LEN
);
5328 base16_encode(d2
, sizeof(d2
), sd2
->identity_digest
, DIGEST_LEN
);
5329 base16_encode(d3
, sizeof(d3
), d
, DIGEST_LEN
);
5330 base16_encode(d4
, sizeof(d3
), sd2
->extra_info_digest
, DIGEST_LEN
);
5332 log_info(LD_DIR
, "Found an entry in %s with mismatched "
5333 "router_get_by_extrainfo_digest() value. This has ID %s "
5334 "but the entry in the map has ID %s. This has EI digest "
5335 "%s and the entry in the map has EI digest %s.",
5336 old_routers
?"old_routers":"routers",
5339 char d1
[HEX_DIGEST_LEN
+1], d2
[HEX_DIGEST_LEN
+1];
5340 base16_encode(d1
, sizeof(d1
), sd
->identity_digest
, DIGEST_LEN
);
5341 base16_encode(d2
, sizeof(d2
), d
, DIGEST_LEN
);
5343 log_info(LD_DIR
, "Found an entry in %s with NULL "
5344 "router_get_by_extrainfo_digest() value. This has ID %s "
5345 "and EI digest %s.",
5346 old_routers
?"old_routers":"routers",
5349 ++n_bogus
[old_routers
];
5352 smartlist_add(wanted
, d
);
5355 digestmap_free(pending
, NULL
);
5357 log_info(LD_DIR
, "Extrainfo download status: %d router with no ei, %d "
5358 "with present ei, %d delaying, %d pending, %d downloadable, %d "
5359 "bogus in routers, %d bogus in old_routers",
5360 n_no_ei
, n_have
, n_delay
, n_pending
, smartlist_len(wanted
),
5361 n_bogus
[0], n_bogus
[1]);
5363 smartlist_shuffle(wanted
);
5365 max_dl_per_req
= max_dl_per_request(options
, DIR_PURPOSE_FETCH_EXTRAINFO
);
5366 for (i
= 0; i
< smartlist_len(wanted
); i
+= max_dl_per_req
) {
5367 initiate_descriptor_downloads(NULL
, DIR_PURPOSE_FETCH_EXTRAINFO
,
5368 wanted
, i
, i
+max_dl_per_req
,
5369 PDS_RETRY_IF_NO_SERVERS
|PDS_NO_EXISTING_SERVERDESC_FETCH
);
5372 smartlist_free(wanted
);
5375 /** Reset the descriptor download failure count on all routers, so that we
5376 * can retry any long-failed routers immediately.
5379 router_reset_descriptor_download_failures(void)
5381 log_debug(LD_GENERAL
,
5382 "In router_reset_descriptor_download_failures()");
5384 networkstatus_reset_download_failures();
5385 last_descriptor_download_attempted
= 0;
5388 SMARTLIST_FOREACH(routerlist
->routers
, routerinfo_t
*, ri
,
5390 download_status_reset(&ri
->cache_info
.ei_dl_status
);
5392 SMARTLIST_FOREACH(routerlist
->old_routers
, signed_descriptor_t
*, sd
,
5394 download_status_reset(&sd
->ei_dl_status
);
5398 /** Any changes in a router descriptor's publication time larger than this are
5399 * automatically non-cosmetic. */
5400 #define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60)
5402 /** We allow uptime to vary from how much it ought to be by this much. */
5403 #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
5405 /** Return true iff the only differences between r1 and r2 are such that
5406 * would not cause a recent (post 0.1.1.6) dirserver to republish.
5409 router_differences_are_cosmetic(const routerinfo_t
*r1
, const routerinfo_t
*r2
)
5411 time_t r1pub
, r2pub
;
5412 long time_difference
;
5413 tor_assert(r1
&& r2
);
5415 /* r1 should be the one that was published first. */
5416 if (r1
->cache_info
.published_on
> r2
->cache_info
.published_on
) {
5417 const routerinfo_t
*ri_tmp
= r2
;
5422 /* If any key fields differ, they're different. */
5423 if (r1
->addr
!= r2
->addr
||
5424 strcasecmp(r1
->nickname
, r2
->nickname
) ||
5425 r1
->or_port
!= r2
->or_port
||
5426 !tor_addr_eq(&r1
->ipv6_addr
, &r2
->ipv6_addr
) ||
5427 r1
->ipv6_orport
!= r2
->ipv6_orport
||
5428 r1
->dir_port
!= r2
->dir_port
||
5429 r1
->purpose
!= r2
->purpose
||
5430 !crypto_pk_eq_keys(r1
->onion_pkey
, r2
->onion_pkey
) ||
5431 !crypto_pk_eq_keys(r1
->identity_pkey
, r2
->identity_pkey
) ||
5432 strcasecmp(r1
->platform
, r2
->platform
) ||
5433 (r1
->contact_info
&& !r2
->contact_info
) || /* contact_info is optional */
5434 (!r1
->contact_info
&& r2
->contact_info
) ||
5435 (r1
->contact_info
&& r2
->contact_info
&&
5436 strcasecmp(r1
->contact_info
, r2
->contact_info
)) ||
5437 r1
->is_hibernating
!= r2
->is_hibernating
||
5438 ! addr_policies_eq(r1
->exit_policy
, r2
->exit_policy
) ||
5439 (r1
->supports_tunnelled_dir_requests
!=
5440 r2
->supports_tunnelled_dir_requests
))
5442 if ((r1
->declared_family
== NULL
) != (r2
->declared_family
== NULL
))
5444 if (r1
->declared_family
&& r2
->declared_family
) {
5446 if (smartlist_len(r1
->declared_family
)!=smartlist_len(r2
->declared_family
))
5448 n
= smartlist_len(r1
->declared_family
);
5449 for (i
=0; i
< n
; ++i
) {
5450 if (strcasecmp(smartlist_get(r1
->declared_family
, i
),
5451 smartlist_get(r2
->declared_family
, i
)))
5456 /* Did bandwidth change a lot? */
5457 if ((r1
->bandwidthcapacity
< r2
->bandwidthcapacity
/2) ||
5458 (r2
->bandwidthcapacity
< r1
->bandwidthcapacity
/2))
5461 /* Did the bandwidthrate or bandwidthburst change? */
5462 if ((r1
->bandwidthrate
!= r2
->bandwidthrate
) ||
5463 (r1
->bandwidthburst
!= r2
->bandwidthburst
))
5466 /* Did more than 12 hours pass? */
5467 if (r1
->cache_info
.published_on
+ ROUTER_MAX_COSMETIC_TIME_DIFFERENCE
5468 < r2
->cache_info
.published_on
)
5471 /* Did uptime fail to increase by approximately the amount we would think,
5472 * give or take some slop? */
5473 r1pub
= r1
->cache_info
.published_on
;
5474 r2pub
= r2
->cache_info
.published_on
;
5475 time_difference
= labs(r2
->uptime
- (r1
->uptime
+ (r2pub
- r1pub
)));
5476 if (time_difference
> ROUTER_ALLOW_UPTIME_DRIFT
&&
5477 time_difference
> r1
->uptime
* .05 &&
5478 time_difference
> r2
->uptime
* .05)
5481 /* Otherwise, the difference is cosmetic. */
5485 /** Check whether <b>sd</b> describes a router descriptor compatible with the
5486 * extrainfo document <b>ei</b>.
5488 * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
5489 * for the router. We use it to check the signature of the extrainfo document,
5490 * if it has not already been checked.
5492 * If no router is compatible with <b>ei</b>, <b>ei</b> should be
5493 * dropped. Return 0 for "compatible", return 1 for "reject, and inform
5494 * whoever uploaded <b>ei</b>, and return -1 for "reject silently.". If
5495 * <b>msg</b> is present, set *<b>msg</b> to a description of the
5496 * incompatibility (if any).
5498 * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
5499 * but the extrainfo was nonetheless incompatible.
5502 routerinfo_incompatible_with_extrainfo(const crypto_pk_t
*identity_pkey
,
5504 signed_descriptor_t
*sd
,
5507 int digest_matches
, digest256_matches
, r
=1;
5508 tor_assert(identity_pkey
);
5513 if (msg
) *msg
= "Extrainfo signature was bad, or signed with wrong key.";
5517 digest_matches
= tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5518 sd
->extra_info_digest
, DIGEST_LEN
);
5519 /* Set digest256_matches to 1 if the digest is correct, or if no
5520 * digest256 was in the ri. */
5521 digest256_matches
= tor_memeq(ei
->digest256
,
5522 sd
->extra_info_digest256
, DIGEST256_LEN
);
5523 digest256_matches
|=
5524 tor_mem_is_zero(sd
->extra_info_digest256
, DIGEST256_LEN
);
5526 /* The identity must match exactly to have been generated at the same time
5527 * by the same router. */
5528 if (tor_memneq(sd
->identity_digest
,
5529 ei
->cache_info
.identity_digest
,
5531 if (msg
) *msg
= "Extrainfo nickname or identity did not match routerinfo";
5532 goto err
; /* different servers */
5535 if (! tor_cert_opt_eq(sd
->signing_key_cert
,
5536 ei
->cache_info
.signing_key_cert
)) {
5537 if (msg
) *msg
= "Extrainfo signing key cert didn't match routerinfo";
5538 goto err
; /* different servers */
5541 if (ei
->pending_sig
) {
5542 char signed_digest
[128];
5543 if (crypto_pk_public_checksig(identity_pkey
,
5544 signed_digest
, sizeof(signed_digest
),
5545 ei
->pending_sig
, ei
->pending_sig_len
) != DIGEST_LEN
||
5546 tor_memneq(signed_digest
, ei
->cache_info
.signed_descriptor_digest
,
5549 tor_free(ei
->pending_sig
);
5550 if (msg
) *msg
= "Extrainfo signature bad, or signed with wrong key";
5551 goto err
; /* Bad signature, or no match. */
5554 ei
->cache_info
.send_unencrypted
= sd
->send_unencrypted
;
5555 tor_free(ei
->pending_sig
);
5558 if (ei
->cache_info
.published_on
< sd
->published_on
) {
5559 if (msg
) *msg
= "Extrainfo published time did not match routerdesc";
5561 } else if (ei
->cache_info
.published_on
> sd
->published_on
) {
5562 if (msg
) *msg
= "Extrainfo published time did not match routerdesc";
5567 if (!digest256_matches
&& !digest_matches
) {
5568 if (msg
) *msg
= "Neither digest256 or digest matched "
5569 "digest from routerdesc";
5573 if (!digest256_matches
) {
5574 if (msg
) *msg
= "Extrainfo digest did not match digest256 from routerdesc";
5575 goto err
; /* Digest doesn't match declared value. */
5578 if (!digest_matches
) {
5579 if (msg
) *msg
= "Extrainfo digest did not match value from routerdesc";
5580 goto err
; /* Digest doesn't match declared value. */
5585 if (digest_matches
) {
5586 /* This signature was okay, and the digest was right: This is indeed the
5587 * corresponding extrainfo. But insanely, it doesn't match the routerinfo
5588 * that lists it. Don't try to fetch this one again. */
5589 sd
->extrainfo_is_bogus
= 1;
5595 /* Does ri have a valid ntor onion key?
5596 * Valid ntor onion keys exist and have at least one non-zero byte. */
5598 routerinfo_has_curve25519_onion_key(const routerinfo_t
*ri
)
5604 if (!ri
->onion_curve25519_pkey
) {
5608 if (tor_mem_is_zero((const char*)ri
->onion_curve25519_pkey
->public_key
,
5609 CURVE25519_PUBKEY_LEN
)) {
5616 /* Is rs running a tor version known to support EXTEND2 cells?
5617 * If allow_unknown_versions is true, return true if we can't tell
5618 * (from a versions line or a protocols line) whether it supports extend2
5620 * Otherwise, return false if the version is unknown. */
5622 routerstatus_version_supports_extend2_cells(const routerstatus_t
*rs
,
5623 int allow_unknown_versions
)
5626 return allow_unknown_versions
;
5629 if (!rs
->protocols_known
) {
5630 return allow_unknown_versions
;
5633 return rs
->supports_extend2_cells
;
5636 /** Assert that the internal representation of <b>rl</b> is
5637 * self-consistent. */
5639 routerlist_assert_ok(const routerlist_t
*rl
)
5642 signed_descriptor_t
*sd2
;
5645 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, r
) {
5646 r2
= rimap_get(rl
->identity_map
, r
->cache_info
.identity_digest
);
5647 tor_assert(r
== r2
);
5648 sd2
= sdmap_get(rl
->desc_digest_map
,
5649 r
->cache_info
.signed_descriptor_digest
);
5650 tor_assert(&(r
->cache_info
) == sd2
);
5651 tor_assert(r
->cache_info
.routerlist_index
== r_sl_idx
);
5654 * Hoo boy. We need to fix this one, and the fix is a bit tricky, so
5655 * commenting this out is just a band-aid.
5657 * The problem is that, although well-behaved router descriptors
5658 * should never have the same value for their extra_info_digest, it's
5659 * possible for ill-behaved routers to claim whatever they like there.
5661 * The real answer is to trash desc_by_eid_map and instead have
5662 * something that indicates for a given extra-info digest we want,
5663 * what its download status is. We'll do that as a part of routerlist
5664 * refactoring once consensus directories are in. For now,
5665 * this rep violation is probably harmless: an adversary can make us
5666 * reset our retry count for an extrainfo, but that's not the end
5667 * of the world. Changing the representation in 0.2.0.x would just
5668 * destabilize the codebase.
5669 if (!tor_digest_is_zero(r->cache_info.extra_info_digest)) {
5670 signed_descriptor_t *sd3 =
5671 sdmap_get(rl->desc_by_eid_map, r->cache_info.extra_info_digest);
5672 tor_assert(sd3 == &(r->cache_info));
5675 } SMARTLIST_FOREACH_END(r
);
5676 SMARTLIST_FOREACH_BEGIN(rl
->old_routers
, signed_descriptor_t
*, sd
) {
5677 r2
= rimap_get(rl
->identity_map
, sd
->identity_digest
);
5678 tor_assert(!r2
|| sd
!= &(r2
->cache_info
));
5679 sd2
= sdmap_get(rl
->desc_digest_map
, sd
->signed_descriptor_digest
);
5680 tor_assert(sd
== sd2
);
5681 tor_assert(sd
->routerlist_index
== sd_sl_idx
);
5683 if (!tor_digest_is_zero(sd->extra_info_digest)) {
5684 signed_descriptor_t *sd3 =
5685 sdmap_get(rl->desc_by_eid_map, sd->extra_info_digest);
5686 tor_assert(sd3 == sd);
5689 } SMARTLIST_FOREACH_END(sd
);
5691 RIMAP_FOREACH(rl
->identity_map
, d
, r
) {
5692 tor_assert(tor_memeq(r
->cache_info
.identity_digest
, d
, DIGEST_LEN
));
5693 } DIGESTMAP_FOREACH_END
;
5694 SDMAP_FOREACH(rl
->desc_digest_map
, d
, sd
) {
5695 tor_assert(tor_memeq(sd
->signed_descriptor_digest
, d
, DIGEST_LEN
));
5696 } DIGESTMAP_FOREACH_END
;
5697 SDMAP_FOREACH(rl
->desc_by_eid_map
, d
, sd
) {
5698 tor_assert(!tor_digest_is_zero(d
));
5700 tor_assert(tor_memeq(sd
->extra_info_digest
, d
, DIGEST_LEN
));
5701 } DIGESTMAP_FOREACH_END
;
5702 EIMAP_FOREACH(rl
->extra_info_map
, d
, ei
) {
5703 signed_descriptor_t
*sd
;
5704 tor_assert(tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5706 sd
= sdmap_get(rl
->desc_by_eid_map
,
5707 ei
->cache_info
.signed_descriptor_digest
);
5708 // tor_assert(sd); // XXXX see above
5710 tor_assert(tor_memeq(ei
->cache_info
.signed_descriptor_digest
,
5711 sd
->extra_info_digest
, DIGEST_LEN
));
5713 } DIGESTMAP_FOREACH_END
;
5716 /** Allocate and return a new string representing the contact info
5717 * and platform string for <b>router</b>,
5718 * surrounded by quotes and using standard C escapes.
5720 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
5721 * thread. Also, each call invalidates the last-returned value, so don't
5722 * try log_warn(LD_GENERAL, "%s %s", esc_router_info(a), esc_router_info(b));
5724 * If <b>router</b> is NULL, it just frees its internal memory and returns.
5727 esc_router_info(const routerinfo_t
*router
)
5729 static char *info
=NULL
;
5730 char *esc_contact
, *esc_platform
;
5734 return NULL
; /* we're exiting; just free the memory we use */
5736 esc_contact
= esc_for_log(router
->contact_info
);
5737 esc_platform
= esc_for_log(router
->platform
);
5739 tor_asprintf(&info
, "Contact %s, Platform %s", esc_contact
, esc_platform
);
5740 tor_free(esc_contact
);
5741 tor_free(esc_platform
);
5746 /** Helper for sorting: compare two routerinfos by their identity
5749 compare_routerinfo_by_id_digest_(const void **a
, const void **b
)
5751 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
5752 return fast_memcmp(first
->cache_info
.identity_digest
,
5753 second
->cache_info
.identity_digest
,
5757 /** Sort a list of routerinfo_t in ascending order of identity digest. */
5759 routers_sort_by_identity(smartlist_t
*routers
)
5761 smartlist_sort(routers
, compare_routerinfo_by_id_digest_
);
5764 /** Called when we change a node set, or when we reload the geoip IPv4 list:
5765 * recompute all country info in all configuration node sets and in the
5768 refresh_all_country_info(void)
5770 const or_options_t
*options
= get_options();
5772 if (options
->EntryNodes
)
5773 routerset_refresh_countries(options
->EntryNodes
);
5774 if (options
->ExitNodes
)
5775 routerset_refresh_countries(options
->ExitNodes
);
5776 if (options
->ExcludeNodes
)
5777 routerset_refresh_countries(options
->ExcludeNodes
);
5778 if (options
->ExcludeExitNodes
)
5779 routerset_refresh_countries(options
->ExcludeExitNodes
);
5780 if (options
->ExcludeExitNodesUnion_
)
5781 routerset_refresh_countries(options
->ExcludeExitNodesUnion_
);
5783 nodelist_refresh_countries();