search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r12001@catbus: nickm | 2007-02-28 15:24:12 -0500
[tor.git] / src / or / main.c
blobb030fe2eb92e781885311f266b7b0f98dd7c5bdc
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
6 const char main_c_id[] =
7 "$Id$";
8
9 /**
10 * \file main.c
11 * \brief Toplevel module. Handles signals, multiplexes between
12 * connections, implements main loop, and drives scheduled events.
13 **/
14
15 #include "or.h"
16 #ifdef USE_DMALLOC
17 #include <dmalloc.h>
18 #endif
19 #ifdef USE_EVENTDNS
20 void evdns_shutdown(int);
21 #endif
22
23 /********* PROTOTYPES **********/
24
25 static void dumpmemusage(int severity);
26 static void dumpstats(int severity); /* log stats */
27 static void conn_read_callback(int fd, short event, void *_conn);
28 static void conn_write_callback(int fd, short event, void *_conn);
29 static void signal_callback(int fd, short events, void *arg);
30 static void second_elapsed_callback(int fd, short event, void *args);
31 static int conn_close_if_marked(int i);
32
33 /********* START VARIABLES **********/
34
35 int global_read_bucket; /**< Max number of bytes I can read this second. */
36 int global_write_bucket; /**< Max number of bytes I can write this second. */
37
38 /** What was the read bucket before the last call to prepare_for_pool?
39 * (used to determine how many bytes we've read). */
40 static int stats_prev_global_read_bucket;
41 /** What was the write bucket before the last call to prepare_for_pool?
42 * (used to determine how many bytes we've written). */
43 static int stats_prev_global_write_bucket;
44 /** How many bytes have we read/written since we started the process? */
45 static uint64_t stats_n_bytes_read = 0;
46 static uint64_t stats_n_bytes_written = 0;
47 /** What time did this process start up? */
48 long time_of_process_start = 0;
49 /** How many seconds have we been running? */
50 long stats_n_seconds_working = 0;
51 /** When do we next download a directory? */
52 static time_t time_to_fetch_directory = 0;
53 /** When do we next download a running-routers summary? */
54 static time_t time_to_fetch_running_routers = 0;
55 /** When do we next launch DNS wildcarding checks? */
56 static time_t time_to_check_for_correct_dns = 0;
57
58 /** How often will we honor SIGNEWNYM requests? */
59 #define MAX_SIGNEWNYM_RATE 10
60 /** When did we last process a SIGNEWNYM request? */
61 static time_t time_of_last_signewnym = 0;
62 /** Is there a signewnym request we're currently waiting to handle? */
63 static int signewnym_is_pending = 0;
64
65 /** Array of all open connections. The first n_conns elements are valid. */
66 static connection_t *connection_array[MAXCONNECTIONS+1] =
67 { NULL };
68 /** List of connections that have been marked for close and need to be freed
69 * and removed from connection_array. */
70 static smartlist_t *closeable_connection_lst = NULL;
71
72 static int n_conns=0; /**< Number of connections currently active. */
73
74 /** We set this to 1 when we've opened a circuit, so we can print a log
75 * entry to inform the user that Tor is working. */
76 int has_completed_circuit=0;
77
78 #ifdef MS_WINDOWS
79 #define MS_WINDOWS_SERVICE
80 #endif
81
82 #ifdef MS_WINDOWS_SERVICE
83 #include <tchar.h>
84 #define GENSRV_SERVICENAME TEXT("tor")
85 #define GENSRV_DISPLAYNAME TEXT("Tor Win32 Service")
86 #define GENSRV_DESCRIPTION \
87 TEXT("Provides an anonymous Internet communication system")
88 #define GENSRV_USERACCT TEXT("NT AUTHORITY\\LocalService")
89
90 // Cheating: using the pre-defined error codes, tricks Windows into displaying
91 // a semi-related human-readable error message if startup fails as
92 // opposed to simply scaring people with Error: 0xffffffff
93 #define NT_SERVICE_ERROR_TORINIT_FAILED ERROR_EXCEPTION_IN_SERVICE
94
95 SERVICE_STATUS service_status;
96 SERVICE_STATUS_HANDLE hStatus;
97 /* XXXX This 'backup argv' and 'backup argc' business is an ugly hack. This
98 * is a job for arguments, not globals. */
99 static char **backup_argv;
100 static int backup_argc;
101 static int nt_service_is_stopped(void);
102 static char* nt_strerror(uint32_t errnum);
103 #else
104 #define nt_service_is_stopped() (0)
105 #endif
106
107 /** If our router descriptor ever goes this long without being regenerated
108 * because something changed, we force an immediate regenerate-and-upload. */
109 #define FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60)
110 /** How often do we check whether part of our router info has changed in a way
111 * that would require an upload? */
112 #define CHECK_DESCRIPTOR_INTERVAL (60)
113 /** How often do we (as a router) check whether our IP address has changed? */
114 #define CHECK_IPADDRESS_INTERVAL (15*60)
115 /** How often do we check buffers for empty space that can be deallocated? */
116 #define BUF_SHRINK_INTERVAL (60)
117 /** How often do we check for router descriptors that we should download? */
118 #define DESCRIPTOR_RETRY_INTERVAL (10)
119 /** How often do we 'forgive' undownloadable router descriptors and attempt
120 * to download them again? */
121 #define DESCRIPTOR_FAILURE_RESET_INTERVAL (60*60)
122 /** How often do we add more entropy to OpenSSL's RNG pool? */
123 #define ENTROPY_INTERVAL (60*60)
124 /** How long do we let a directory connection stall before expiring it? */
125 #define DIR_CONN_MAX_STALL (5*60)
126
127 /** How old do we let a connection to an OR get before deciding it's
128 * obsolete? */
129 #define TIME_BEFORE_OR_CONN_IS_OBSOLETE (60*60*24*7)
130 /** How long do we let OR connections handshake before we decide that
131 * they are obsolete? */
132 #define TLS_HANDSHAKE_TIMEOUT (60)
133
134 /********* END VARIABLES ************/
135
136 /****************************************************************************
137 *
138 * This section contains accessors and other methods on the connection_array
139 * variables (which are global within this file and unavailable outside it).
140 *
141 ****************************************************************************/
142
143 /** Add <b>conn</b> to the array of connections that we can poll on. The
144 * connection's socket must be set; the connection starts out
145 * non-reading and non-writing.
146 */
147 int
148 connection_add(connection_t *conn)
149 {
150 tor_assert(conn);
151 tor_assert(conn->s >= 0);
152
153 if (n_conns >= get_options()->_ConnLimit-1) {
154 log_warn(LD_NET,"Failing because we have %d connections already. Please "
155 "raise your ulimit -n.", n_conns);
156 control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
157 n_conns);
158 return -1;
159 }
160
161 tor_assert(conn->conn_array_index == -1); /* can only connection_add once */
162 conn->conn_array_index = n_conns;
163 connection_array[n_conns] = conn;
164
165 conn->read_event = tor_malloc_zero(sizeof(struct event));
166 conn->write_event = tor_malloc_zero(sizeof(struct event));
167 event_set(conn->read_event, conn->s, EV_READ|EV_PERSIST,
168 conn_read_callback, conn);
169 event_set(conn->write_event, conn->s, EV_WRITE|EV_PERSIST,
170 conn_write_callback, conn);
171
172 n_conns++;
173
174 log_debug(LD_NET,"new conn type %s, socket %d, n_conns %d.",
175 conn_type_to_string(conn->type), conn->s, n_conns);
176
177 return 0;
178 }
179
180 /** Remove the connection from the global list, and remove the
181 * corresponding poll entry. Calling this function will shift the last
182 * connection (if any) into the position occupied by conn.
183 */
184 int
185 connection_remove(connection_t *conn)
186 {
187 int current_index;
188
189 tor_assert(conn);
190 tor_assert(n_conns>0);
191
192 log_debug(LD_NET,"removing socket %d (type %s), n_conns now %d",
193 conn->s, conn_type_to_string(conn->type), n_conns-1);
194
195 tor_assert(conn->conn_array_index >= 0);
196 current_index = conn->conn_array_index;
197 if (current_index == n_conns-1) { /* this is the end */
198 n_conns--;
199 return 0;
200 }
201
202 connection_unregister(conn);
203
204 /* replace this one with the one at the end */
205 n_conns--;
206 connection_array[current_index] = connection_array[n_conns];
207 connection_array[current_index]->conn_array_index = current_index;
208
209 return 0;
210 }
211
212 /** If it's an edge conn, remove it from the list
213 * of conn's on this circuit. If it's not on an edge,
214 * flush and send destroys for all circuits on this conn.
215 *
216 * If <b>remove</b> is non-zero, then remove it from the
217 * connection_array and closeable_connection_lst.
218 *
219 * Then free it.
220 */
221 static void
222 connection_unlink(connection_t *conn, int remove)
223 {
224 connection_about_to_close_connection(conn);
225 if (remove) {
226 connection_remove(conn);
227 }
228 smartlist_remove(closeable_connection_lst, conn);
229 if (conn->type == CONN_TYPE_EXIT) {
230 assert_connection_edge_not_dns_pending(TO_EDGE_CONN(conn));
231 }
232 if (conn->type == CONN_TYPE_OR) {
233 if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest))
234 connection_or_remove_from_identity_map(TO_OR_CONN(conn));
235 }
236 connection_free(conn);
237 }
238
239 /** Schedule <b>conn</b> to be closed. **/
240 void
241 add_connection_to_closeable_list(connection_t *conn)
242 {
243 tor_assert(!smartlist_isin(closeable_connection_lst, conn));
244 tor_assert(conn->marked_for_close);
245 assert_connection_ok(conn, time(NULL));
246 smartlist_add(closeable_connection_lst, conn);
247 }
248
249 /** Return 1 if conn is on the closeable list, else return 0. */
250 int
251 connection_is_on_closeable_list(connection_t *conn)
252 {
253 return smartlist_isin(closeable_connection_lst, conn);
254 }
255
256 /** Return true iff conn is in the current poll array. */
257 int
258 connection_in_array(connection_t *conn)
259 {
260 int i;
261 for (i=0; i<n_conns; ++i) {
262 if (conn==connection_array[i])
263 return 1;
264 }
265 return 0;
266 }
267
268 /** Set <b>*array</b> to an array of all connections, and <b>*n</b>
269 * to the length of the array. <b>*array</b> and <b>*n</b> must not
270 * be modified.
271 */
272 void
273 get_connection_array(connection_t ***array, int *n)
274 {
275 *array = connection_array;
276 *n = n_conns;
277 }
278
279 /** Set the event mask on <b>conn</b> to <b>events</b>. (The event
280 * mask is a bitmask whose bits are EV_READ and EV_WRITE.)
281 */
282 void
283 connection_watch_events(connection_t *conn, short events)
284 {
285 int r;
286
287 tor_assert(conn);
288 tor_assert(conn->read_event);
289 tor_assert(conn->write_event);
290
291 if (events & EV_READ) {
292 r = event_add(conn->read_event, NULL);
293 } else {
294 r = event_del(conn->read_event);
295 }
296
297 if (r<0)
298 log_warn(LD_NET,
299 "Error from libevent setting read event state for %d to "
300 "%swatched: %s",
301 conn->s, (events & EV_READ)?"":"un",
302 tor_socket_strerror(tor_socket_errno(conn->s)));
303
304 if (events & EV_WRITE) {
305 r = event_add(conn->write_event, NULL);
306 } else {
307 r = event_del(conn->write_event);
308 }
309
310 if (r<0)
311 log_warn(LD_NET,
312 "Error from libevent setting read event state for %d to "
313 "%swatched: %s",
314 conn->s, (events & EV_WRITE)?"":"un",
315 tor_socket_strerror(tor_socket_errno(conn->s)));
316 }
317
318 /** Return true iff <b>conn</b> is listening for read events. */
319 int
320 connection_is_reading(connection_t *conn)
321 {
322 tor_assert(conn);
323
324 return conn->read_event && event_pending(conn->read_event, EV_READ, NULL);
325 }
326
327 /** Tell the main loop to stop notifying <b>conn</b> of any read events. */
328 void
329 connection_stop_reading(connection_t *conn)
330 {
331 tor_assert(conn);
332 tor_assert(conn->read_event);
333
334 log_debug(LD_NET,"entering.");
335 if (event_del(conn->read_event))
336 log_warn(LD_NET, "Error from libevent setting read event state for %d "
337 "to unwatched: %s",
338 conn->s,
339 tor_socket_strerror(tor_socket_errno(conn->s)));
340 }
341
342 /** Tell the main loop to start notifying <b>conn</b> of any read events. */
343 void
344 connection_start_reading(connection_t *conn)
345 {
346 tor_assert(conn);
347 tor_assert(conn->read_event);
348
349 if (event_add(conn->read_event, NULL))
350 log_warn(LD_NET, "Error from libevent setting read event state for %d "
351 "to watched: %s",
352 conn->s,
353 tor_socket_strerror(tor_socket_errno(conn->s)));
354 }
355
356 /** Return true iff <b>conn</b> is listening for write events. */
357 int
358 connection_is_writing(connection_t *conn)
359 {
360 tor_assert(conn);
361
362 return conn->write_event && event_pending(conn->write_event, EV_WRITE, NULL);
363 }
364
365 /** Tell the main loop to stop notifying <b>conn</b> of any write events. */
366 void
367 connection_stop_writing(connection_t *conn)
368 {
369 tor_assert(conn);
370 tor_assert(conn->write_event);
371
372 if (event_del(conn->write_event))
373 log_warn(LD_NET, "Error from libevent setting write event state for %d "
374 "to unwatched: %s",
375 conn->s,
376 tor_socket_strerror(tor_socket_errno(conn->s)));
377 }
378
379 /** Tell the main loop to start notifying <b>conn</b> of any write events. */
380 void
381 connection_start_writing(connection_t *conn)
382 {
383 tor_assert(conn);
384 tor_assert(conn->write_event);
385
386 if (event_add(conn->write_event, NULL))
387 log_warn(LD_NET, "Error from libevent setting write event state for %d "
388 "to watched: %s",
389 conn->s,
390 tor_socket_strerror(tor_socket_errno(conn->s)));
391 }
392
393 /** Close all connections that have been scheduled to get closed */
394 static void
395 close_closeable_connections(void)
396 {
397 int i;
398 for (i = 0; i < smartlist_len(closeable_connection_lst); ) {
399 connection_t *conn = smartlist_get(closeable_connection_lst, i);
400 if (conn->conn_array_index < 0) {
401 connection_unlink(conn, 0); /* blow it away right now */
402 } else {
403 if (!conn_close_if_marked(conn->conn_array_index))
404 ++i;
405 }
406 }
407 }
408
409 /** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
410 * some data to read. */
411 static void
412 conn_read_callback(int fd, short event, void *_conn)
413 {
414 connection_t *conn = _conn;
415 (void)fd;
416 (void)event;
417
418 log_debug(LD_NET,"socket %d wants to read.",conn->s);
419
420 assert_connection_ok(conn, time(NULL));
421
422 if (connection_handle_read(conn) < 0) {
423 if (!conn->marked_for_close) {
424 #ifndef MS_WINDOWS
425 log_warn(LD_BUG,"Bug: unhandled error on read for %s connection "
426 "(fd %d); removing",
427 conn_type_to_string(conn->type), conn->s);
428 tor_fragile_assert();
429 #endif
430 if (CONN_IS_EDGE(conn))
431 connection_edge_end_errno(TO_EDGE_CONN(conn),
432 TO_EDGE_CONN(conn)->cpath_layer);
433 connection_mark_for_close(conn);
434 }
435 }
436 assert_connection_ok(conn, time(NULL));
437
438 if (smartlist_len(closeable_connection_lst))
439 close_closeable_connections();
440 }
441
442 /** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
443 * some data to write. */
444 static void
445 conn_write_callback(int fd, short events, void *_conn)
446 {
447 connection_t *conn = _conn;
448 (void)fd;
449 (void)events;
450
451 LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "socket %d wants to write.",conn->s));
452
453 assert_connection_ok(conn, time(NULL));
454
455 if (connection_handle_write(conn, 0) < 0) {
456 if (!conn->marked_for_close) {
457 /* this connection is broken. remove it. */
458 log_fn(LOG_WARN,LD_BUG,
459 "Bug: unhandled error on write for %s connection (fd %d); removing",
460 conn_type_to_string(conn->type), conn->s);
461 tor_fragile_assert();
462 if (CONN_IS_EDGE(conn)) {
463 /* otherwise we cry wolf about duplicate close */
464 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
465 if (!edge_conn->end_reason)
466 edge_conn->end_reason = END_STREAM_REASON_INTERNAL;
467 conn->edge_has_sent_end = 1;
468 }
469 /* XXX do we need a close-immediate here, so we don't try to flush? */
470 connection_mark_for_close(conn);
471 }
472 }
473 assert_connection_ok(conn, time(NULL));
474
475 if (smartlist_len(closeable_connection_lst))
476 close_closeable_connections();
477 }
478
479 /** If the connection at connection_array[i] is marked for close, then:
480 * - If it has data that it wants to flush, try to flush it.
481 * - If it _still_ has data to flush, and conn->hold_open_until_flushed is
482 * true, then leave the connection open and return.
483 * - Otherwise, remove the connection from connection_array and from
484 * all other lists, close it, and free it.
485 * Returns 1 if the connection was closed, 0 otherwise.
486 */
487 static int
488 conn_close_if_marked(int i)
489 {
490 connection_t *conn;
491 int retval;
492
493 conn = connection_array[i];
494 if (!conn->marked_for_close)
495 return 0; /* nothing to see here, move along */
496 assert_connection_ok(conn, time(NULL));
497 assert_all_pending_dns_resolves_ok();
498
499 log_debug(LD_NET,"Cleaning up connection (fd %d).",conn->s);
500 if (conn->s >= 0 && connection_wants_to_flush(conn)) {
501 /* s == -1 means it's an incomplete edge connection, or that the socket
502 * has already been closed as unflushable. */
503 int sz = connection_bucket_write_limit(conn);
504 if (!conn->hold_open_until_flushed)
505 log_info(LD_NET,
506 "Conn (addr %s, fd %d, type %s, state %d) marked, but wants "
507 "to flush %d bytes. (Marked at %s:%d)",
508 escaped_safe_str(conn->address),
509 conn->s, conn_type_to_string(conn->type), conn->state,
510 (int)conn->outbuf_flushlen,
511 conn->marked_for_close_file, conn->marked_for_close);
512 if (connection_speaks_cells(conn)) {
513 if (conn->state == OR_CONN_STATE_OPEN) {
514 retval = flush_buf_tls(TO_OR_CONN(conn)->tls, conn->outbuf, sz,
515 &conn->outbuf_flushlen);
516 } else
517 retval = -1; /* never flush non-open broken tls connections */
518 } else {
519 retval = flush_buf(conn->s, conn->outbuf, sz, &conn->outbuf_flushlen);
520 }
521 if (retval >= 0 && /* Technically, we could survive things like
522 TLS_WANT_WRITE here. But don't bother for now. */
523 conn->hold_open_until_flushed && connection_wants_to_flush(conn)) {
524 if (retval > 0)
525 LOG_FN_CONN(conn, (LOG_INFO,LD_NET,
526 "Holding conn (fd %d) open for more flushing.",
527 conn->s));
528 /* XXX should we reset timestamp_lastwritten here? */
529 return 0;
530 }
531 if (connection_wants_to_flush(conn)) {
532 int severity;
533 if (conn->type == CONN_TYPE_EXIT ||
534 (conn->type == CONN_TYPE_OR && server_mode(get_options())) ||
535 (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER))
536 severity = LOG_INFO;
537 else
538 severity = LOG_NOTICE;
539 log_fn(severity, LD_NET, "Something wrong with your network connection? "
540 "We tried to write %d bytes to addr %s (fd %d, type %s, state %d)"
541 " but timed out. (Marked at %s:%d)",
542 (int)buf_datalen(conn->outbuf),
543 escaped_safe_str(conn->address), conn->s,
544 conn_type_to_string(conn->type), conn->state,
545 conn->marked_for_close_file,
546 conn->marked_for_close);
547 }
548 }
549 connection_unlink(conn, 1); /* unlink, remove, free */
550 return 1;
551 }
552
553 /** We've just tried every dirserver we know about, and none of
554 * them were reachable. Assume the network is down. Change state
555 * so next time an application connection arrives we'll delay it
556 * and try another directory fetch. Kill off all the circuit_wait
557 * streams that are waiting now, since they will all timeout anyway.
558 */
559 void
560 directory_all_unreachable(time_t now)
561 {
562 connection_t *conn;
563 (void)now;
564
565 stats_n_seconds_working=0; /* reset it */
566
567 while ((conn = connection_get_by_type_state(CONN_TYPE_AP,
568 AP_CONN_STATE_CIRCUIT_WAIT))) {
569 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
570 log_notice(LD_NET,
571 "Is your network connection down? "
572 "Failing connection to '%s:%d'.",
573 safe_str(edge_conn->socks_request->address),
574 edge_conn->socks_request->port);
575 connection_mark_unattached_ap(edge_conn,
576 END_STREAM_REASON_NET_UNREACHABLE);
577 }
578 control_event_general_status(LOG_ERR, "DIR_ALL_UNREACHABLE");
579 }
580
581 /** This function is called whenever we successfully pull down some new
582 * network statuses or server descriptors. */
583 void
584 directory_info_has_arrived(time_t now, int from_cache)
585 {
586 or_options_t *options = get_options();
587
588 if (!router_have_minimum_dir_info()) {
589 log(LOG_NOTICE, LD_DIR,
590 "I learned some more directory information, but not enough to "
591 "build a circuit.");
592 update_router_descriptor_downloads(now);
593 return;
594 }
595
596 if (server_mode(options) && !we_are_hibernating() && !from_cache &&
597 (has_completed_circuit || !any_predicted_circuits(now)))
598 consider_testing_reachability(1, 1);
599 }
600
601 /** Perform regular maintenance tasks for a single connection. This
602 * function gets run once per second per connection by run_scheduled_events.
603 */
604 static void
605 run_connection_housekeeping(int i, time_t now)
606 {
607 cell_t cell;
608 connection_t *conn = connection_array[i];
609 or_options_t *options = get_options();
610 or_connection_t *or_conn;
611
612 if (conn->outbuf && !buf_datalen(conn->outbuf) && conn->type == CONN_TYPE_OR)
613 TO_OR_CONN(conn)->timestamp_lastempty = now;
614
615 if (conn->marked_for_close) {
616 /* nothing to do here */
617 return;
618 }
619
620 /* Expire any directory connections that haven't been active (sent
621 * if a server or received if a client) for 5 min */
622 if (conn->type == CONN_TYPE_DIR &&
623 ((DIR_CONN_IS_SERVER(conn) &&
624 conn->timestamp_lastwritten + DIR_CONN_MAX_STALL < now) ||
625 (!DIR_CONN_IS_SERVER(conn) &&
626 conn->timestamp_lastread + DIR_CONN_MAX_STALL < now))) {
627 log_info(LD_DIR,"Expiring wedged directory conn (fd %d, purpose %d)",
628 conn->s, conn->purpose);
629 /* This check is temporary; it's to let us know whether we should consider
630 * parsing partial serverdesc responses. */
631 if (conn->purpose == DIR_PURPOSE_FETCH_SERVERDESC &&
632 buf_datalen(conn->inbuf)>=1024) {
633 log_info(LD_DIR,"Trying to extract information from wedged server desc "
634 "download.");
635 connection_dir_reached_eof(TO_DIR_CONN(conn));
636 } else {
637 connection_mark_for_close(conn);
638 }
639 return;
640 }
641
642 if (!connection_speaks_cells(conn))
643 return; /* we're all done here, the rest is just for OR conns */
644
645 or_conn = TO_OR_CONN(conn);
646
647 if (!conn->or_is_obsolete) {
648 if (conn->timestamp_created + TIME_BEFORE_OR_CONN_IS_OBSOLETE < now) {
649 log_info(LD_OR,
650 "Marking OR conn to %s:%d obsolete (fd %d, %d secs old).",
651 conn->address, conn->port, conn->s,
652 (int)(now - conn->timestamp_created));
653 conn->or_is_obsolete = 1;
654 } else {
655 or_connection_t *best =
656 connection_or_get_by_identity_digest(or_conn->identity_digest);
657 if (best && best != or_conn &&
658 (conn->state == OR_CONN_STATE_OPEN ||
659 now > conn->timestamp_created + TLS_HANDSHAKE_TIMEOUT)) {
660 /* We only mark as obsolete connections that already are in
661 * OR_CONN_STATE_OPEN, i.e. that have finished their TLS handshaking.
662 * This is necessary because authorities judge whether a router is
663 * reachable based on whether they were able to TLS handshake with it
664 * recently. Without this check we would expire connections too
665 * early for router->last_reachable to be updated.
666 */
667 log_info(LD_OR,
668 "Marking duplicate conn to %s:%d obsolete "
669 "(fd %d, %d secs old).",
670 conn->address, conn->port, conn->s,
671 (int)(now - conn->timestamp_created));
672 conn->or_is_obsolete = 1;
673 }
674 }
675 }
676
677 if (conn->or_is_obsolete && !or_conn->n_circuits) {
678 /* no unmarked circs -- mark it now */
679 log_info(LD_OR,
680 "Expiring non-used OR connection to fd %d (%s:%d) [Obsolete].",
681 conn->s, conn->address, conn->port);
682 connection_mark_for_close(conn);
683 conn->hold_open_until_flushed = 1;
684 return;
685 }
686
687 /* If we haven't written to an OR connection for a while, then either nuke
688 the connection or send a keepalive, depending. */
689 if (now >= conn->timestamp_lastwritten + options->KeepalivePeriod) {
690 routerinfo_t *router = router_get_by_digest(or_conn->identity_digest);
691 if (!connection_state_is_open(conn)) {
692 log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
693 conn->s,conn->address, conn->port);
694 connection_mark_for_close(conn);
695 conn->hold_open_until_flushed = 1;
696 } else if (we_are_hibernating() && !or_conn->n_circuits &&
697 !buf_datalen(conn->outbuf)) {
698 log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
699 "[Hibernating or exiting].",
700 conn->s,conn->address, conn->port);
701 connection_mark_for_close(conn);
702 conn->hold_open_until_flushed = 1;
703 } else if (!clique_mode(options) && !or_conn->n_circuits &&
704 (!router || !server_mode(options) ||
705 !router_is_clique_mode(router))) {
706 log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
707 "[Not in clique mode].",
708 conn->s,conn->address, conn->port);
709 connection_mark_for_close(conn);
710 conn->hold_open_until_flushed = 1;
711 } else if (
712 now >= or_conn->timestamp_lastempty + options->KeepalivePeriod*10 &&
713 now >= conn->timestamp_lastwritten + options->KeepalivePeriod*10) {
714 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,
715 "Expiring stuck OR connection to fd %d (%s:%d). (%d bytes to "
716 "flush; %d seconds since last write)",
717 conn->s, conn->address, conn->port,
718 (int)buf_datalen(conn->outbuf),
719 (int)(now-conn->timestamp_lastwritten));
720 connection_mark_for_close(conn);
721 } else if (!buf_datalen(conn->outbuf)) {
722 /* either in clique mode, or we've got a circuit. send a padding cell. */
723 log_fn(LOG_DEBUG,LD_OR,"Sending keepalive to (%s:%d)",
724 conn->address, conn->port);
725 memset(&cell,0,sizeof(cell_t));
726 cell.command = CELL_PADDING;
727 connection_or_write_cell_to_buf(&cell, or_conn);
728 }
729 }
730 }
731
732 /** Perform regular maintenance tasks. This function gets run once per
733 * second by prepare_for_poll.
734 */
735 static void
736 run_scheduled_events(time_t now)
737 {
738 static time_t last_rotated_certificate = 0;
739 static time_t time_to_check_listeners = 0;
740 static time_t time_to_check_descriptor = 0;
741 static time_t time_to_check_ipaddress = 0;
742 static time_t time_to_shrink_buffers = 0;
743 static time_t time_to_try_getting_descriptors = 0;
744 static time_t time_to_reset_descriptor_failures = 0;
745 static time_t time_to_add_entropy = 0;
746 or_options_t *options = get_options();
747 int i;
748 int have_dir_info;
749
750 /** 0. See if we've been asked to shut down and our timeout has
751 * expired; or if our bandwidth limits are exhausted and we
752 * should hibernate; or if it's time to wake up from hibernation.
753 */
754 consider_hibernation(now);
755
756 /* 0b. If we've deferred a signewnym, make sure it gets handled
757 * eventually */
758 if (signewnym_is_pending &&
759 time_of_last_signewnym + MAX_SIGNEWNYM_RATE <= now) {
760 log(LOG_INFO, LD_CONTROL, "Honoring delayed NEWNYM request");
761 circuit_expire_all_dirty_circs();
762 addressmap_clear_transient();
763 time_of_last_signewnym = now;
764 signewnym_is_pending = 0;
765 }
766
767 /** 1a. Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion keys,
768 * shut down and restart all cpuworkers, and update the directory if
769 * necessary.
770 */
771 if (server_mode(options) &&
772 get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) {
773 log_info(LD_GENERAL,"Rotating onion key.");
774 rotate_onion_key();
775 cpuworkers_rotate();
776 if (router_rebuild_descriptor(1)<0) {
777 log_info(LD_CONFIG, "Couldn't rebuild router descriptor");
778 }
779 if (advertised_server_mode())
780 router_upload_dir_desc_to_dirservers(0);
781 }
782
783 if (time_to_try_getting_descriptors < now) {
784 /* XXXX Maybe we should do this every 10sec when not enough info,
785 * and every 60sec when we have enough info -NM */
786 update_router_descriptor_downloads(now);
787 time_to_try_getting_descriptors = now + DESCRIPTOR_RETRY_INTERVAL;
788 }
789
790 if (time_to_reset_descriptor_failures < now) {
791 router_reset_descriptor_download_failures();
792 time_to_reset_descriptor_failures =
793 now + DESCRIPTOR_FAILURE_RESET_INTERVAL;
794 }
795
796 /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
797 if (!last_rotated_certificate)
798 last_rotated_certificate = now;
799 if (last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) {
800 log_info(LD_GENERAL,"Rotating tls context.");
801 if (tor_tls_context_new(get_identity_key(), options->Nickname,
802 MAX_SSL_KEY_LIFETIME) < 0) {
803 log_warn(LD_BUG, "Error reinitializing TLS context");
804 /* XXX is it a bug here, that we just keep going? */
805 }
806 last_rotated_certificate = now;
807 /* XXXX We should rotate TLS connections as well; this code doesn't change
808 * them at all. */
809 }
810
811 if (time_to_add_entropy == 0)
812 time_to_add_entropy = now + ENTROPY_INTERVAL;
813 if (time_to_add_entropy < now) {
814 /* We already seeded once, so don't die on failure. */
815 crypto_seed_rng();
816 time_to_add_entropy = now + ENTROPY_INTERVAL;
817 }
818
819 /** 1c. If we have to change the accounting interval or record
820 * bandwidth used in this accounting interval, do so. */
821 if (accounting_is_enabled(options))
822 accounting_run_housekeeping(now);
823
824 if (now % 10 == 0 && authdir_mode(options) && !we_are_hibernating()) {
825 /* try to determine reachability of the other Tor servers */
826 dirserv_test_reachability(0);
827 }
828
829 /** 2. Periodically, we consider getting a new directory, getting a
830 * new running-routers list, and/or force-uploading our descriptor
831 * (if we've passed our internal checks). */
832 if (time_to_fetch_directory < now) {
833 /* Only caches actually need to fetch directories now. */
834 if (options->DirPort && !options->V1AuthoritativeDir) {
835 /* XXX actually, we should only do this if we want to advertise
836 * our dirport. not simply if we configured one. -RD */
837 if (any_trusted_dir_is_v1_authority())
838 directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 1);
839 }
840 /** How often do we (as a cache) fetch a new V1 directory? */
841 #define V1_DIR_FETCH_PERIOD (6*60*60)
842 time_to_fetch_directory = now + V1_DIR_FETCH_PERIOD;
843 }
844
845 /* Caches need to fetch running_routers; directory clients don't. */
846 if (options->DirPort && time_to_fetch_running_routers < now) {
847 if (!authdir_mode(options) || !options->V1AuthoritativeDir) {
848 directory_get_from_dirserver(DIR_PURPOSE_FETCH_RUNNING_LIST, NULL, 1);
849 }
850 /** How often do we (as a cache) fetch a new V1 runningrouters document? */
851 #define V1_RUNNINGROUTERS_FETCH_PERIOD (30*60)
852 time_to_fetch_running_routers = now + V1_RUNNINGROUTERS_FETCH_PERIOD;
853
854 /* Also, take this chance to remove old information from rephist
855 * and the rend cache. */
856 rep_history_clean(now - options->RephistTrackTime);
857 rend_cache_clean();
858 }
859
860 /* 2b. Once per minute, regenerate and upload the descriptor if the old
861 * one is inaccurate. */
862 if (time_to_check_descriptor < now) {
863 static int dirport_reachability_count = 0;
864 time_to_check_descriptor = now + CHECK_DESCRIPTOR_INTERVAL;
865 check_descriptor_bandwidth_changed(now);
866 if (time_to_check_ipaddress < now) {
867 time_to_check_ipaddress = now + CHECK_IPADDRESS_INTERVAL;
868 check_descriptor_ipaddress_changed(now);
869 }
870 mark_my_descriptor_dirty_if_older_than(
871 now - FORCE_REGENERATE_DESCRIPTOR_INTERVAL);
872 consider_publishable_server(0);
873 /* also, check religiously for reachability, if it's within the first
874 * 20 minutes of our uptime. */
875 if (server_mode(options) &&
876 (has_completed_circuit || !any_predicted_circuits(now)) &&
877 stats_n_seconds_working < TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT &&
878 !we_are_hibernating()) {
879 consider_testing_reachability(1, dirport_reachability_count==0);
880 if (++dirport_reachability_count > 5)
881 dirport_reachability_count = 0;
882 }
883
884 /* If any networkstatus documents are no longer recent, we need to
885 * update all the descriptors' running status. */
886 /* purge obsolete entries */
887 routerlist_remove_old_routers();
888 networkstatus_list_clean(now);
889 networkstatus_list_update_recent(now);
890 routers_update_all_from_networkstatus();
891
892 /* Also, once per minute, check whether we want to download any
893 * networkstatus documents.
894 */
895 update_networkstatus_downloads(now);
896 }
897
898 /** 3a. Every second, we examine pending circuits and prune the
899 * ones which have been pending for more than a few seconds.
900 * We do this before step 4, so it can try building more if
901 * it's not comfortable with the number of available circuits.
902 */
903 circuit_expire_building(now);
904
905 /** 3b. Also look at pending streams and prune the ones that 'began'
906 * a long time ago but haven't gotten a 'connected' yet.
907 * Do this before step 4, so we can put them back into pending
908 * state to be picked up by the new circuit.
909 */
910 connection_ap_expire_beginning();
911
912 /** 3c. And expire connections that we've held open for too long.
913 */
914 connection_expire_held_open();
915
916 /** 3d. And every 60 seconds, we relaunch listeners if any died. */
917 if (!we_are_hibernating() && time_to_check_listeners < now) {
918 /* 0 means "only launch the ones that died." */
919 retry_all_listeners(0, NULL, NULL);
920 time_to_check_listeners = now+60;
921 }
922
923 /** 4. Every second, we try a new circuit if there are no valid
924 * circuits. Every NewCircuitPeriod seconds, we expire circuits
925 * that became dirty more than MaxCircuitDirtiness seconds ago,
926 * and we make a new circ if there are no clean circuits.
927 */
928 have_dir_info = router_have_minimum_dir_info();
929 if (have_dir_info && !we_are_hibernating())
930 circuit_build_needed_circs(now);
931
932 /** 5. We do housekeeping for each connection... */
933 for (i=0;i<n_conns;i++) {
934 run_connection_housekeeping(i, now);
935 }
936 if (time_to_shrink_buffers < now) {
937 for (i=0;i<n_conns;i++) {
938 connection_t *conn = connection_array[i];
939 if (conn->outbuf)
940 buf_shrink(conn->outbuf);
941 if (conn->inbuf)
942 buf_shrink(conn->inbuf);
943 }
944 time_to_shrink_buffers = now + BUF_SHRINK_INTERVAL;
945 }
946
947 /** 6. And remove any marked circuits... */
948 circuit_close_all_marked();
949
950 /** 7. And upload service descriptors if necessary. */
951 if (has_completed_circuit && !we_are_hibernating())
952 rend_consider_services_upload(now);
953
954 /** 8. and blow away any connections that need to die. have to do this now,
955 * because if we marked a conn for close and left its socket -1, then
956 * we'll pass it to poll/select and bad things will happen.
957 */
958 close_closeable_connections();
959
960 /** 8b. And if anything in our state is ready to get flushed to disk, we
961 * flush it. */
962 or_state_save(now);
963
964 /** 9. and if we're a server, check whether our DNS is telling stories to
965 * us. */
966 if (server_mode(options) && time_to_check_for_correct_dns < now) {
967 if (!time_to_check_for_correct_dns) {
968 time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120);
969 } else {
970 dns_launch_correctness_checks();
971 time_to_check_for_correct_dns = now + 12*3600 +
972 crypto_rand_int(12*3600);
973 }
974 }
975 }
976
977 /** Libevent timer: used to invoke second_elapsed_callback() once per
978 * second. */
979 static struct event *timeout_event = NULL;
980 /** Number of libevent errors in the last second: we die if we get too many. */
981 static int n_libevent_errors = 0;
982
983 /** Libevent callback: invoked once every second. */
984 static void
985 second_elapsed_callback(int fd, short event, void *args)
986 {
987 /* XXXX This could be sensibly refactored into multiple callbacks, and we
988 * could use libevent's timers for this rather than checking the current
989 * time against a bunch of timeouts every second. */
990 static struct timeval one_second;
991 static long current_second = 0;
992 struct timeval now;
993 size_t bytes_written;
994 size_t bytes_read;
995 int seconds_elapsed;
996 or_options_t *options = get_options();
997 (void)fd;
998 (void)event;
999 (void)args;
1000 if (!timeout_event) {
1001 timeout_event = tor_malloc_zero(sizeof(struct event));
1002 evtimer_set(timeout_event, second_elapsed_callback, NULL);
1003 one_second.tv_sec = 1;
1004 one_second.tv_usec = 0;
1005 }
1006
1007 n_libevent_errors = 0;
1008
1009 /* log_fn(LOG_NOTICE, "Tick."); */
1010 tor_gettimeofday(&now);
1011
1012 /* the second has rolled over. check more stuff. */
1013 bytes_written = stats_prev_global_write_bucket - global_write_bucket;
1014 bytes_read = stats_prev_global_read_bucket - global_read_bucket;
1015 seconds_elapsed = current_second ? (now.tv_sec - current_second) : 0;
1016 stats_n_bytes_read += bytes_read;
1017 stats_n_bytes_written += bytes_written;
1018 if (accounting_is_enabled(options) && seconds_elapsed >= 0)
1019 accounting_add_bytes(bytes_read, bytes_written, seconds_elapsed);
1020 control_event_bandwidth_used((uint32_t)bytes_read,(uint32_t)bytes_written);
1021 control_event_stream_bandwidth_used();
1022
1023 if (seconds_elapsed > 0)
1024 connection_bucket_refill(seconds_elapsed);
1025 stats_prev_global_read_bucket = global_read_bucket;
1026 stats_prev_global_write_bucket = global_write_bucket;
1027
1028 if (server_mode(options) &&
1029 !we_are_hibernating() &&
1030 seconds_elapsed > 0 &&
1031 stats_n_seconds_working / TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT !=
1032 (stats_n_seconds_working+seconds_elapsed) /
1033 TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
1034 /* every 20 minutes, check and complain if necessary */
1035 routerinfo_t *me = router_get_my_routerinfo();
1036 if (me && !check_whether_orport_reachable())
1037 log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
1038 "its ORPort is reachable. Please check your firewalls, ports, "
1039 "address, /etc/hosts file, etc.",
1040 me->address, me->or_port);
1041 if (me && !check_whether_dirport_reachable())
1042 log_warn(LD_CONFIG,
1043 "Your server (%s:%d) has not managed to confirm that its "
1044 "DirPort is reachable. Please check your firewalls, ports, "
1045 "address, /etc/hosts file, etc.",
1046 me->address, me->dir_port);
1047 }
1048
1049 /** If more than this many seconds have elapsed, probably the clock
1050 * jumped: doesn't count. */
1051 #define NUM_JUMPED_SECONDS_BEFORE_WARN 100
1052 if (seconds_elapsed < -NUM_JUMPED_SECONDS_BEFORE_WARN ||
1053 seconds_elapsed >= NUM_JUMPED_SECONDS_BEFORE_WARN) {
1054 circuit_note_clock_jumped(seconds_elapsed);
1055 /* XXX if the time jumps *back* many months, do our events in
1056 * run_scheduled_events() recover? I don't think they do. -RD */
1057 } else if (seconds_elapsed > 0)
1058 stats_n_seconds_working += seconds_elapsed;
1059
1060 run_scheduled_events(now.tv_sec);
1061
1062 current_second = now.tv_sec; /* remember which second it is, for next time */
1063
1064 #if 0
1065 if (current_second % 300 == 0) {
1066 rep_history_clean(current_second - options->RephistTrackTime);
1067 dumpmemusage(get_min_log_level()<LOG_INFO ?
1068 get_min_log_level() : LOG_INFO);
1069 }
1070 #endif
1071
1072 if (evtimer_add(timeout_event, &one_second))
1073 log_err(LD_NET,
1074 "Error from libevent when setting one-second timeout event");
1075 }
1076
1077 #ifndef MS_WINDOWS
1078 /** Called when a possibly ignorable libevent error occurs; ensures that we
1079 * don't get into an infinite loop by ignoring too many errors from
1080 * libevent. */
1081 static int
1082 got_libevent_error(void)
1083 {
1084 if (++n_libevent_errors > 8) {
1085 log_err(LD_NET, "Too many libevent errors in one second; dying");
1086 return -1;
1087 }
1088 return 0;
1089 }
1090 #endif
1091
1092 #define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
1093
1094 /** Called when our IP address seems to have changed. <b>at_interface</b>
1095 * should be true if we detected a change in our interface, and false if we
1096 * detected a change in our published address. */
1097 void
1098 ip_address_changed(int at_interface)
1099 {
1100 int server = server_mode(get_options());
1101
1102 if (at_interface) {
1103 if (! server) {
1104 /* Okay, change our keys. */
1105 init_keys();
1106 }
1107 } else {
1108 if (server) {
1109 if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST)
1110 reset_bandwidth_test();
1111 stats_n_seconds_working = 0;
1112 router_reset_reachability();
1113 mark_my_descriptor_dirty();
1114 }
1115 }
1116
1117 dns_servers_relaunch_checks();
1118 }
1119
1120 /** Forget what we've learned about the correctness of our DNS servers, and
1121 * start learning again. */
1122 void
1123 dns_servers_relaunch_checks(void)
1124 {
1125 if (server_mode(get_options())) {
1126 dns_reset_correctness_checks();
1127 time_to_check_for_correct_dns = 0;
1128 }
1129 }
1130
1131 /** Called when we get a SIGHUP: reload configuration files and keys,
1132 * retry all connections, re-upload all descriptors, and so on. */
1133 static int
1134 do_hup(void)
1135 {
1136 or_options_t *options = get_options();
1137
1138 log_notice(LD_GENERAL,"Received reload signal (hup). Reloading config.");
1139 if (accounting_is_enabled(options))
1140 accounting_record_bandwidth_usage(time(NULL), get_or_state());
1141
1142 router_reset_warnings();
1143 routerlist_reset_warnings();
1144 addressmap_clear_transient();
1145 /* first, reload config variables, in case they've changed */
1146 /* no need to provide argc/v, they've been cached inside init_from_config */
1147 if (options_init_from_torrc(0, NULL) < 0) {
1148 log_err(LD_CONFIG,"Reading config failed--see warnings above. "
1149 "For usage, try -h.");
1150 return -1;
1151 }
1152 options = get_options(); /* they have changed now */
1153 if (authdir_mode(options)) {
1154 /* reload the approved-routers file */
1155 if (dirserv_load_fingerprint_file() < 0) {
1156 /* warnings are logged from dirserv_load_fingerprint_file() directly */
1157 log_info(LD_GENERAL, "Error reloading fingerprints. "
1158 "Continuing with old list.");
1159 }
1160 }
1161
1162 /* Rotate away from the old dirty circuits. This has to be done
1163 * after we've read the new options, but before we start using
1164 * circuits for directory fetches. */
1165 circuit_expire_all_dirty_circs();
1166
1167 /* retry appropriate downloads */
1168 router_reset_status_download_failures();
1169 router_reset_descriptor_download_failures();
1170 update_networkstatus_downloads(time(NULL));
1171
1172 /* We'll retry routerstatus downloads in about 10 seconds; no need to
1173 * force a retry there. */
1174
1175 if (server_mode(options)) {
1176 // const char *descriptor;
1177 mark_my_descriptor_dirty();
1178 /* Restart cpuworker and dnsworker processes, so they get up-to-date
1179 * configuration options. */
1180 cpuworkers_rotate();
1181 dns_reset();
1182 #if 0
1183 const char *descriptor;
1184 char keydir[512];
1185 /* Write out a fresh descriptor, but leave old one on failure. */
1186 router_rebuild_descriptor(1);
1187 descriptor = router_get_my_descriptor();
1188 if (descriptor) {
1189 tor_snprintf(keydir,sizeof(keydir),"%s/router.desc",
1190 options->DataDirectory);
1191 log_info(LD_OR,"Saving descriptor to \"%s\"...",keydir);
1192 if (write_str_to_file(keydir, descriptor, 0)) {
1193 return 0;
1194 }
1195 }
1196 #endif
1197 }
1198 return 0;
1199 }
1200
1201 /** Tor main loop. */
1202 static int
1203 do_main_loop(void)
1204 {
1205 int loop_result;
1206
1207 /* initialize dns resolve map, spawn workers if needed */
1208 if (dns_init() < 0) {
1209 log_err(LD_GENERAL,"Error initializing dns subsystem; exiting");
1210 return -1;
1211 }
1212
1213 handle_signals(1);
1214
1215 /* load the private keys, if we're supposed to have them, and set up the
1216 * TLS context. */
1217 if (! identity_key_is_set()) {
1218 if (init_keys() < 0) {
1219 log_err(LD_BUG,"Error initializing keys; exiting");
1220 return -1;
1221 }
1222 }
1223
1224 /* Set up our buckets */
1225 connection_bucket_init();
1226 stats_prev_global_read_bucket = global_read_bucket;
1227 stats_prev_global_write_bucket = global_write_bucket;
1228
1229 /* load the routers file, or assign the defaults. */
1230 if (router_reload_router_list()) {
1231 return -1;
1232 }
1233 /* load the networkstatuses. (This launches a download for new routers as
1234 * appropriate.)
1235 */
1236 if (router_reload_networkstatus()) {
1237 return -1;
1238 }
1239 directory_info_has_arrived(time(NULL),1);
1240
1241 if (authdir_mode(get_options())) {
1242 /* the directory is already here, run startup things */
1243 dirserv_test_reachability(1);
1244 }
1245
1246 if (server_mode(get_options())) {
1247 /* launch cpuworkers. Need to do this *after* we've read the onion key. */
1248 cpu_init();
1249 }
1250
1251 /* set up once-a-second callback. */
1252 second_elapsed_callback(0,0,NULL);
1253
1254 for (;;) {
1255 if (nt_service_is_stopped())
1256 return 0;
1257
1258 #ifndef MS_WINDOWS
1259 /* Make it easier to tell whether libevent failure is our fault or not. */
1260 errno = 0;
1261 #endif
1262 /* poll until we have an event, or the second ends */
1263 loop_result = event_dispatch();
1264
1265 /* let catch() handle things like ^c, and otherwise don't worry about it */
1266 if (loop_result < 0) {
1267 int e = tor_socket_errno(-1);
1268 /* let the program survive things like ^z */
1269 if (e != EINTR && !ERRNO_IS_EINPROGRESS(e)) {
1270 #ifdef HAVE_EVENT_GET_METHOD
1271 log_err(LD_NET,"libevent call with %s failed: %s [%d]",
1272 event_get_method(), tor_socket_strerror(e), e);
1273 #else
1274 log_err(LD_NET,"libevent call failed: %s [%d]",
1275 tor_socket_strerror(e), e);
1276 #endif
1277 return -1;
1278 #ifndef MS_WINDOWS
1279 } else if (e == EINVAL) {
1280 log_warn(LD_NET, "EINVAL from libevent: should you upgrade libevent?");
1281 if (got_libevent_error())
1282 return -1;
1283 #endif
1284 } else {
1285 if (ERRNO_IS_EINPROGRESS(e))
1286 log_warn(LD_BUG,
1287 "libevent call returned EINPROGRESS? Please report.");
1288 log_debug(LD_NET,"libevent call interrupted.");
1289 /* You can't trust the results of this poll(). Go back to the
1290 * top of the big for loop. */
1291 continue;
1292 }
1293 }
1294
1295 /* refilling buckets and sending cells happens at the beginning of the
1296 * next iteration of the loop, inside prepare_for_poll()
1297 * XXXX No longer so.
1298 */
1299 }
1300 }
1301
1302 /** Used to implement the SIGNAL control command: if we accept
1303 * <b>the_signal</b> as a remote pseudo-signal, act on it. */
1304 /* We don't re-use catch() here because:
1305 * 1. We handle a different set of signals than those allowed in catch.
1306 * 2. Platforms without signal() are unlikely to define SIGfoo.
1307 * 3. The control spec is defined to use fixed numeric signal values
1308 * which just happen to match the unix values.
1309 */
1310 void
1311 control_signal_act(int the_signal)
1312 {
1313 switch (the_signal)
1314 {
1315 case 1:
1316 signal_callback(0,0,(void*)(uintptr_t)SIGHUP);
1317 break;
1318 case 2:
1319 signal_callback(0,0,(void*)(uintptr_t)SIGINT);
1320 break;
1321 case 10:
1322 signal_callback(0,0,(void*)(uintptr_t)SIGUSR1);
1323 break;
1324 case 12:
1325 signal_callback(0,0,(void*)(uintptr_t)SIGUSR2);
1326 break;
1327 case 15:
1328 signal_callback(0,0,(void*)(uintptr_t)SIGTERM);
1329 break;
1330 case SIGNEWNYM:
1331 signal_callback(0,0,(void*)(uintptr_t)SIGNEWNYM);
1332 break;
1333 case SIGCLEARDNSCACHE:
1334 signal_callback(0,0,(void*)(uintptr_t)SIGCLEARDNSCACHE);
1335 break;
1336 default:
1337 log_warn(LD_BUG, "Unrecognized signal number %d.", the_signal);
1338 break;
1339 }
1340 }
1341
1342 /** Libevent callback: invoked when we get a signal.
1343 */
1344 static void
1345 signal_callback(int fd, short events, void *arg)
1346 {
1347 uintptr_t sig = (uintptr_t)arg;
1348 (void)fd;
1349 (void)events;
1350 switch (sig)
1351 {
1352 case SIGTERM:
1353 log_err(LD_GENERAL,"Catching signal TERM, exiting cleanly.");
1354 tor_cleanup();
1355 exit(0);
1356 break;
1357 case SIGINT:
1358 if (!server_mode(get_options())) { /* do it now */
1359 log_notice(LD_GENERAL,"Interrupt: exiting cleanly.");
1360 tor_cleanup();
1361 exit(0);
1362 }
1363 hibernate_begin_shutdown();
1364 break;
1365 #ifdef SIGPIPE
1366 case SIGPIPE:
1367 log_debug(LD_GENERAL,"Caught sigpipe. Ignoring.");
1368 break;
1369 #endif
1370 case SIGUSR1:
1371 /* prefer to log it at INFO, but make sure we always see it */
1372 dumpstats(get_min_log_level()<LOG_INFO ? get_min_log_level() : LOG_INFO);
1373 break;
1374 case SIGUSR2:
1375 switch_logs_debug();
1376 log_debug(LD_GENERAL,"Caught USR2, going to loglevel debug. "
1377 "Send HUP to change back.");
1378 break;
1379 case SIGHUP:
1380 if (do_hup() < 0) {
1381 log_warn(LD_CONFIG,"Restart failed (config error?). Exiting.");
1382 tor_cleanup();
1383 exit(1);
1384 }
1385 break;
1386 #ifdef SIGCHLD
1387 case SIGCHLD:
1388 while (waitpid(-1,NULL,WNOHANG) > 0) ; /* keep reaping until no more
1389 zombies */
1390 break;
1391 #endif
1392 case SIGNEWNYM: {
1393 time_t now = time(NULL);
1394 if (time_of_last_signewnym + MAX_SIGNEWNYM_RATE > now) {
1395 signewnym_is_pending = 1;
1396 log(LOG_NOTICE, LD_CONTROL,
1397 "Rate limiting NEWNYM request: delaying by %d second(s)",
1398 (int)(MAX_SIGNEWNYM_RATE+time_of_last_signewnym-now));
1399 } else {
1400 /* XXX refactor someday: these two calls are in
1401 * run_scheduled_events() above too, and they should be in just
1402 * one place. */
1403 circuit_expire_all_dirty_circs();
1404 addressmap_clear_transient();
1405 time_of_last_signewnym = now;
1406 }
1407 break;
1408 }
1409 case SIGCLEARDNSCACHE:
1410 addressmap_clear_transient();
1411 break;
1412 }
1413 }
1414
1415 extern uint64_t buf_total_used;
1416 extern uint64_t buf_total_alloc;
1417 extern uint64_t rephist_total_alloc;
1418 extern uint32_t rephist_total_num;
1419
1420 /**
1421 * Write current memory usage information to the log.
1422 */
1423 static void
1424 dumpmemusage(int severity)
1425 {
1426 log(severity, LD_GENERAL,
1427 "In buffers: "U64_FORMAT" used/"U64_FORMAT" allocated (%d conns).",
1428 U64_PRINTF_ARG(buf_total_used), U64_PRINTF_ARG(buf_total_alloc),
1429 n_conns);
1430 log(severity, LD_GENERAL, "In rephist: "U64_FORMAT" used by %d Tors.",
1431 U64_PRINTF_ARG(rephist_total_alloc), rephist_total_num);
1432 dump_routerlist_mem_usage(severity);
1433 }
1434
1435 /** Write all statistics to the log, with log level 'severity'. Called
1436 * in response to a SIGUSR1. */
1437 static void
1438 dumpstats(int severity)
1439 {
1440 int i;
1441 connection_t *conn;
1442 time_t now = time(NULL);
1443 time_t elapsed;
1444
1445 log(severity, LD_GENERAL, "Dumping stats:");
1446
1447 for (i=0;i<n_conns;i++) {
1448 conn = connection_array[i];
1449 log(severity, LD_GENERAL,
1450 "Conn %d (socket %d) type %d (%s), state %d (%s), created %d secs ago",
1451 i, conn->s, conn->type, conn_type_to_string(conn->type),
1452 conn->state, conn_state_to_string(conn->type, conn->state),
1453 (int)(now - conn->timestamp_created));
1454 if (!connection_is_listener(conn)) {
1455 log(severity,LD_GENERAL,
1456 "Conn %d is to %s:%d.", i,
1457 safe_str(conn->address), conn->port);
1458 log(severity,LD_GENERAL,
1459 "Conn %d: %d bytes waiting on inbuf (len %d, last read %d secs ago)",
1460 i,
1461 (int)buf_datalen(conn->inbuf),
1462 (int)buf_capacity(conn->inbuf),
1463 (int)(now - conn->timestamp_lastread));
1464 log(severity,LD_GENERAL,
1465 "Conn %d: %d bytes waiting on outbuf "
1466 "(len %d, last written %d secs ago)",i,
1467 (int)buf_datalen(conn->outbuf),
1468 (int)buf_capacity(conn->outbuf),
1469 (int)(now - conn->timestamp_lastwritten));
1470 }
1471 circuit_dump_by_conn(conn, severity); /* dump info about all the circuits
1472 * using this conn */
1473 }
1474 log(severity, LD_NET,
1475 "Cells processed: "U64_FORMAT" padding\n"
1476 " "U64_FORMAT" create\n"
1477 " "U64_FORMAT" created\n"
1478 " "U64_FORMAT" relay\n"
1479 " ("U64_FORMAT" relayed)\n"
1480 " ("U64_FORMAT" delivered)\n"
1481 " "U64_FORMAT" destroy",
1482 U64_PRINTF_ARG(stats_n_padding_cells_processed),
1483 U64_PRINTF_ARG(stats_n_create_cells_processed),
1484 U64_PRINTF_ARG(stats_n_created_cells_processed),
1485 U64_PRINTF_ARG(stats_n_relay_cells_processed),
1486 U64_PRINTF_ARG(stats_n_relay_cells_relayed),
1487 U64_PRINTF_ARG(stats_n_relay_cells_delivered),
1488 U64_PRINTF_ARG(stats_n_destroy_cells_processed));
1489 if (stats_n_data_cells_packaged)
1490 log(severity,LD_NET,"Average packaged cell fullness: %2.3f%%",
1491 100*(U64_TO_DBL(stats_n_data_bytes_packaged) /
1492 U64_TO_DBL(stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE)) );
1493 if (stats_n_data_cells_received)
1494 log(severity,LD_NET,"Average delivered cell fullness: %2.3f%%",
1495 100*(U64_TO_DBL(stats_n_data_bytes_received) /
1496 U64_TO_DBL(stats_n_data_cells_received*RELAY_PAYLOAD_SIZE)) );
1497
1498 if (now - time_of_process_start >= 0)
1499 elapsed = now - time_of_process_start;
1500 else
1501 elapsed = 0;
1502
1503 if (elapsed) {
1504 log(severity, LD_NET,
1505 "Average bandwidth: "U64_FORMAT"/%d = %d bytes/sec reading",
1506 U64_PRINTF_ARG(stats_n_bytes_read),
1507 (int)elapsed,
1508 (int) (stats_n_bytes_read/elapsed));
1509 log(severity, LD_NET,
1510 "Average bandwidth: "U64_FORMAT"/%d = %d bytes/sec writing",
1511 U64_PRINTF_ARG(stats_n_bytes_written),
1512 (int)elapsed,
1513 (int) (stats_n_bytes_written/elapsed));
1514 }
1515
1516 log(severity, LD_NET, "--------------- Dumping memory information:");
1517 dumpmemusage(severity);
1518
1519 rep_hist_dump_stats(now,severity);
1520 rend_service_dump_stats(severity);
1521 dump_pk_ops(severity);
1522 dump_distinct_digest_count(severity);
1523 }
1524
1525 /** Called by exit() as we shut down the process.
1526 */
1527 static void
1528 exit_function(void)
1529 {
1530 /* NOTE: If we ever daemonize, this gets called immediately. That's
1531 * okay for now, because we only use this on Windows. */
1532 #ifdef MS_WINDOWS
1533 WSACleanup();
1534 #endif
1535 }
1536
1537 /** Set up the signal handlers for either parent or child. */
1538 void
1539 handle_signals(int is_parent)
1540 {
1541 #ifndef MS_WINDOWS /* do signal stuff only on unix */
1542 int i;
1543 static int signals[] = {
1544 SIGINT, /* do a controlled slow shutdown */
1545 SIGTERM, /* to terminate now */
1546 SIGPIPE, /* otherwise sigpipe kills us */
1547 SIGUSR1, /* dump stats */
1548 SIGUSR2, /* go to loglevel debug */
1549 SIGHUP, /* to reload config, retry conns, etc */
1550 #ifdef SIGXFSZ
1551 SIGXFSZ, /* handle file-too-big resource exhaustion */
1552 #endif
1553 SIGCHLD, /* handle dns/cpu workers that exit */
1554 -1 };
1555 static struct event signal_events[16]; /* bigger than it has to be. */
1556 if (is_parent) {
1557 for (i = 0; signals[i] >= 0; ++i) {
1558 signal_set(&signal_events[i], signals[i], signal_callback,
1559 (void*)(uintptr_t)signals[i]);
1560 if (signal_add(&signal_events[i], NULL))
1561 log_warn(LD_BUG, "Error from libevent when adding event for signal %d",
1562 signals[i]);
1563 }
1564 } else {
1565 struct sigaction action;
1566 action.sa_flags = 0;
1567 sigemptyset(&action.sa_mask);
1568 action.sa_handler = SIG_IGN;
1569 sigaction(SIGINT, &action, NULL);
1570 sigaction(SIGTERM, &action, NULL);
1571 sigaction(SIGPIPE, &action, NULL);
1572 sigaction(SIGUSR1, &action, NULL);
1573 sigaction(SIGUSR2, &action, NULL);
1574 sigaction(SIGHUP, &action, NULL);
1575 #ifdef SIGXFSZ
1576 sigaction(SIGXFSZ, &action, NULL);
1577 #endif
1578 }
1579 #else /* MS windows */
1580 (void)is_parent;
1581 #endif /* signal stuff */
1582 }
1583
1584 /** Main entry point for the Tor command-line client.
1585 */
1586 static int
1587 tor_init(int argc, char *argv[])
1588 {
1589 time_of_process_start = time(NULL);
1590 if (!closeable_connection_lst)
1591 closeable_connection_lst = smartlist_create();
1592 /* Initialize the history structures. */
1593 rep_hist_init();
1594 /* Initialize the service cache. */
1595 rend_cache_init();
1596 addressmap_init(); /* Init the client dns cache. Do it always, since it's
1597 * cheap. */
1598
1599 /* give it somewhere to log to initially */
1600 add_temp_log();
1601
1602 log(LOG_NOTICE, LD_GENERAL, "Tor v%s. This is experimental software. "
1603 "Do not rely on it for strong anonymity.",VERSION);
1604
1605 if (network_init()<0) {
1606 log_err(LD_BUG,"Error initializing network; exiting.");
1607 return -1;
1608 }
1609 atexit(exit_function);
1610
1611 if (options_init_from_torrc(argc,argv) < 0) {
1612 log_err(LD_CONFIG,"Reading config failed--see warnings above.");
1613 return -1;
1614 }
1615
1616 #ifndef MS_WINDOWS
1617 if (geteuid()==0)
1618 log_warn(LD_GENERAL,"You are running Tor as root. You don't need to, "
1619 "and you probably shouldn't.");
1620 #endif
1621
1622 crypto_global_init(get_options()->HardwareAccel);
1623 if (crypto_seed_rng()) {
1624 log_err(LD_BUG, "Unable to seed random number generator. Exiting.");
1625 return -1;
1626 }
1627
1628 return 0;
1629 }
1630
1631 /** Free all memory that we might have allocated somewhere.
1632 * Helps us find the real leaks with dmalloc and the like.
1633 *
1634 * Also valgrind should then report 0 reachable in its
1635 * leak report */
1636 void
1637 tor_free_all(int postfork)
1638 {
1639 #ifdef USE_EVENTDNS
1640 if (!postfork) {
1641 evdns_shutdown(1);
1642 }
1643 #endif
1644 routerlist_free_all();
1645 addressmap_free_all();
1646 set_exit_redirects(NULL); /* free the registered exit redirects */
1647 dirserv_free_all();
1648 rend_service_free_all();
1649 rend_cache_free_all();
1650 rep_hist_free_all();
1651 dns_free_all();
1652 clear_pending_onions();
1653 circuit_free_all();
1654 entry_guards_free_all();
1655 connection_free_all();
1656 policies_free_all();
1657 if (!postfork) {
1658 config_free_all();
1659 router_free_all();
1660 }
1661 tor_tls_free_all();
1662 /* stuff in main.c */
1663 smartlist_free(closeable_connection_lst);
1664 tor_free(timeout_event);
1665 /* Stuff in util.c */
1666 escaped(NULL);
1667 if (!postfork) {
1668 close_logs(); /* free log strings. do this last so logs keep working. */
1669 }
1670 }
1671
1672 /** Do whatever cleanup is necessary before shutting Tor down. */
1673 void
1674 tor_cleanup(void)
1675 {
1676 or_options_t *options = get_options();
1677 /* Remove our pid file. We don't care if there was an error when we
1678 * unlink, nothing we could do about it anyways. */
1679 if (options->command == CMD_RUN_TOR) {
1680 if (options->PidFile)
1681 unlink(options->PidFile);
1682 if (accounting_is_enabled(options))
1683 accounting_record_bandwidth_usage(time(NULL), get_or_state());
1684 or_state_mark_dirty(get_or_state(), 0); /* force an immediate save. */
1685 or_state_save(time(NULL));
1686 }
1687 tor_free_all(0); /* move tor_free_all back into the ifdef below later. XXX*/
1688 crypto_global_cleanup();
1689 #ifdef USE_DMALLOC
1690 dmalloc_log_unfreed();
1691 dmalloc_shutdown();
1692 #endif
1693 }
1694
1695 /** Read/create keys as needed, and echo our fingerprint to stdout. */
1696 static int
1697 do_list_fingerprint(void)
1698 {
1699 char buf[FINGERPRINT_LEN+1];
1700 crypto_pk_env_t *k;
1701 const char *nickname = get_options()->Nickname;
1702 if (!server_mode(get_options())) {
1703 log_err(LD_GENERAL,
1704 "Clients don't have long-term identity keys. Exiting.\n");
1705 return -1;
1706 }
1707 tor_assert(nickname);
1708 if (init_keys() < 0) {
1709 log_err(LD_BUG,"Error initializing keys; can't display fingerprint");
1710 return -1;
1711 }
1712 if (!(k = get_identity_key())) {
1713 log_err(LD_GENERAL,"Error: missing identity key.");
1714 return -1;
1715 }
1716 if (crypto_pk_get_fingerprint(k, buf, 1)<0) {
1717 log_err(LD_BUG, "Error computing fingerprint");
1718 return -1;
1719 }
1720 printf("%s %s\n", nickname, buf);
1721 return 0;
1722 }
1723
1724 /** Entry point for password hashing: take the desired password from
1725 * the command line, and print its salted hash to stdout. **/
1726 static void
1727 do_hash_password(void)
1728 {
1729
1730 char output[256];
1731 char key[S2K_SPECIFIER_LEN+DIGEST_LEN];
1732
1733 crypto_rand(key, S2K_SPECIFIER_LEN-1);
1734 key[S2K_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */
1735 secret_to_key(key+S2K_SPECIFIER_LEN, DIGEST_LEN,
1736 get_options()->command_arg, strlen(get_options()->command_arg),
1737 key);
1738 base16_encode(output, sizeof(output), key, sizeof(key));
1739 printf("16:%s\n",output);
1740 }
1741
1742 #ifdef MS_WINDOWS_SERVICE
1743
1744 /* XXXX can some/all these functions become static? without breaing NT
1745 * services? */
1746 void nt_service_control(DWORD request);
1747 void nt_service_body(int argc, char **argv);
1748 void nt_service_main(void);
1749 SC_HANDLE nt_service_open_scm(void);
1750 SC_HANDLE nt_service_open(SC_HANDLE hSCManager);
1751 int nt_service_start(SC_HANDLE hService);
1752 int nt_service_stop(SC_HANDLE hService);
1753 int nt_service_install(int argc, char **argv);
1754 int nt_service_remove(void);
1755 int nt_service_cmd_start(void);
1756 int nt_service_cmd_stop(void);
1757
1758 struct service_fns {
1759 int loaded;
1760
1761 BOOL (WINAPI *ChangeServiceConfig2A_fn)(
1762 SC_HANDLE hService,
1763 DWORD dwInfoLevel,
1764 LPVOID lpInfo);
1765
1766 BOOL (WINAPI *CloseServiceHandle_fn)(
1767 SC_HANDLE hSCObject);
1768
1769 BOOL (WINAPI *ControlService_fn)(
1770 SC_HANDLE hService,
1771 DWORD dwControl,
1772 LPSERVICE_STATUS lpServiceStatus);
1773
1774 SC_HANDLE (WINAPI *CreateServiceA_fn)(
1775 SC_HANDLE hSCManager,
1776 LPCTSTR lpServiceName,
1777 LPCTSTR lpDisplayName,
1778 DWORD dwDesiredAccess,
1779 DWORD dwServiceType,
1780 DWORD dwStartType,
1781 DWORD dwErrorControl,
1782 LPCTSTR lpBinaryPathName,
1783 LPCTSTR lpLoadOrderGroup,
1784 LPDWORD lpdwTagId,
1785 LPCTSTR lpDependencies,
1786 LPCTSTR lpServiceStartName,
1787 LPCTSTR lpPassword);
1788
1789 BOOL (WINAPI *DeleteService_fn)(
1790 SC_HANDLE hService);
1791
1792 SC_HANDLE (WINAPI *OpenSCManagerA_fn)(
1793 LPCTSTR lpMachineName,
1794 LPCTSTR lpDatabaseName,
1795 DWORD dwDesiredAccess);
1796
1797 SC_HANDLE (WINAPI *OpenServiceA_fn)(
1798 SC_HANDLE hSCManager,
1799 LPCTSTR lpServiceName,
1800 DWORD dwDesiredAccess);
1801
1802 BOOL (WINAPI *QueryServiceStatus_fn)(
1803 SC_HANDLE hService,
1804 LPSERVICE_STATUS lpServiceStatus);
1805
1806 SERVICE_STATUS_HANDLE (WINAPI *RegisterServiceCtrlHandlerA_fn)(
1807 LPCTSTR lpServiceName,
1808 LPHANDLER_FUNCTION lpHandlerProc);
1809
1810 BOOL (WINAPI *SetServiceStatus_fn)(SERVICE_STATUS_HANDLE,
1811 LPSERVICE_STATUS);
1812
1813 BOOL (WINAPI *StartServiceCtrlDispatcherA_fn)(
1814 const SERVICE_TABLE_ENTRY* lpServiceTable);
1815
1816 BOOL (WINAPI *StartServiceA_fn)(
1817 SC_HANDLE hService,
1818 DWORD dwNumServiceArgs,
1819 LPCTSTR* lpServiceArgVectors);
1820
1821 BOOL (WINAPI *LookupAccountNameA_fn)(
1822 LPCTSTR lpSystemName,
1823 LPCTSTR lpAccountName,
1824 PSID Sid,
1825 LPDWORD cbSid,
1826 LPTSTR ReferencedDomainName,
1827 LPDWORD cchReferencedDomainName,
1828 PSID_NAME_USE peUse);
1829 } service_fns = { 0,
1830 NULL, NULL, NULL, NULL, NULL, NULL,
1831 NULL, NULL, NULL, NULL, NULL, NULL,
1832 NULL};
1833
1834 /** Loads functions used by NT services. Returns on success, or prints a
1835 * complaint to stdout and exits on error. */
1836 static void
1837 nt_service_loadlibrary(void)
1838 {
1839 HMODULE library = 0;
1840 void *fn;
1841
1842 if (service_fns.loaded)
1843 return;
1844
1845 /* XXXX Possibly, we should hardcode the location of this DLL. */
1846 if (!(library = LoadLibrary("advapi32.dll"))) {
1847 log_err(LD_GENERAL, "Couldn't open advapi32.dll. Are you trying to use "
1848 "NT services on Windows 98? That doesn't work.");
1849 goto err;
1850 }
1851
1852 #define LOAD(f) do { \
1853 if (!(fn = GetProcAddress(library, #f))) { \
1854 log_err(LD_BUG, \
1855 "Couldn't find %s in advapi32.dll! We probably got the " \
1856 "name wrong.", #f); \
1857 goto err; \
1858 } else { \
1859 service_fns.f ## _fn = fn; \
1860 } \
1861 } while (0)
1862
1863 LOAD(ChangeServiceConfig2A);
1864 LOAD(CloseServiceHandle);
1865 LOAD(ControlService);
1866 LOAD(CreateServiceA);
1867 LOAD(DeleteService);
1868 LOAD(OpenSCManagerA);
1869 LOAD(OpenServiceA);
1870 LOAD(QueryServiceStatus);
1871 LOAD(RegisterServiceCtrlHandlerA);
1872 LOAD(SetServiceStatus);
1873 LOAD(StartServiceCtrlDispatcherA);
1874 LOAD(StartServiceA);
1875 LOAD(LookupAccountNameA);
1876
1877 service_fns.loaded = 1;
1878
1879 return;
1880 err:
1881 printf("Unable to load library support for NT services: exiting.\n");
1882 exit(1);
1883 }
1884
1885 /** If we're compiled to run as an NT service, and the service has been
1886 * shut down, then change our current status and return 1. Else
1887 * return 0.
1888 */
1889 static int
1890 nt_service_is_stopped(void)
1891 {
1892 nt_service_loadlibrary();
1893
1894 if (service_status.dwCurrentState == SERVICE_STOP_PENDING) {
1895 service_status.dwWin32ExitCode = 0;
1896 service_status.dwCurrentState = SERVICE_STOPPED;
1897 service_fns.SetServiceStatus_fn(hStatus, &service_status);
1898 return 1;
1899 } else if (service_status.dwCurrentState == SERVICE_STOPPED) {
1900 return 1;
1901 }
1902 return 0;
1903 }
1904
1905 /** Handles service control requests, such as stopping or starting the
1906 * Tor service. */
1907 void
1908 nt_service_control(DWORD request)
1909 {
1910 static struct timeval exit_now;
1911 exit_now.tv_sec = 0;
1912 exit_now.tv_usec = 0;
1913
1914 nt_service_loadlibrary();
1915
1916 switch (request) {
1917 case SERVICE_CONTROL_STOP:
1918 case SERVICE_CONTROL_SHUTDOWN:
1919 log_err(LD_GENERAL,
1920 "Got stop/shutdown request; shutting down cleanly.");
1921 service_status.dwCurrentState = SERVICE_STOP_PENDING;
1922 event_loopexit(&exit_now);
1923 return;
1924 }
1925 service_fns.SetServiceStatus_fn(hStatus, &service_status);
1926 }
1927
1928 /** Called when the service is started via the system's service control
1929 * manager. This calls tor_init() and starts the main event loop. If
1930 * tor_init() fails, the service will be stopped and exit code set to
1931 * NT_SERVICE_ERROR_TORINIT_FAILED. */
1932 void
1933 nt_service_body(int argc, char **argv)
1934 {
1935 int r;
1936 (void) argc; /* unused */
1937 (void) argv; /* unused */
1938 nt_service_loadlibrary();
1939 service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
1940 service_status.dwCurrentState = SERVICE_START_PENDING;
1941 service_status.dwControlsAccepted =
1942 SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
1943 service_status.dwWin32ExitCode = 0;
1944 service_status.dwServiceSpecificExitCode = 0;
1945 service_status.dwCheckPoint = 0;
1946 service_status.dwWaitHint = 1000;
1947 hStatus = service_fns.RegisterServiceCtrlHandlerA_fn(GENSRV_SERVICENAME,
1948 (LPHANDLER_FUNCTION) nt_service_control);
1949
1950 if (hStatus == 0) {
1951 /* Failed to register the service control handler function */
1952 return;
1953 }
1954
1955 r = tor_init(backup_argc, backup_argv);
1956 if (r) {
1957 /* Failed to start the Tor service */
1958 r = NT_SERVICE_ERROR_TORINIT_FAILED;
1959 service_status.dwCurrentState = SERVICE_STOPPED;
1960 service_status.dwWin32ExitCode = r;
1961 service_status.dwServiceSpecificExitCode = r;
1962 service_fns.SetServiceStatus_fn(hStatus, &service_status);
1963 return;
1964 }
1965
1966 /* Set the service's status to SERVICE_RUNNING and start the main
1967 * event loop */
1968 service_status.dwCurrentState = SERVICE_RUNNING;
1969 service_fns.SetServiceStatus_fn(hStatus, &service_status);
1970 do_main_loop();
1971 tor_cleanup();
1972 }
1973
1974 /** Main service entry point. Starts the service control dispatcher and waits
1975 * until the service status is set to SERVICE_STOPPED. */
1976 void
1977 nt_service_main(void)
1978 {
1979 SERVICE_TABLE_ENTRY table[2];
1980 DWORD result = 0;
1981 char *errmsg;
1982 nt_service_loadlibrary();
1983 table[0].lpServiceName = (char*)GENSRV_SERVICENAME;
1984 table[0].lpServiceProc = (LPSERVICE_MAIN_FUNCTION)nt_service_body;
1985 table[1].lpServiceName = NULL;
1986 table[1].lpServiceProc = NULL;
1987
1988 if (!service_fns.StartServiceCtrlDispatcherA_fn(table)) {
1989 result = GetLastError();
1990 errmsg = nt_strerror(result);
1991 printf("Service error %d : %s\n", (int) result, errmsg);
1992 LocalFree(errmsg);
1993 if (result == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) {
1994 if (tor_init(backup_argc, backup_argv) < 0)
1995 return;
1996 switch (get_options()->command) {
1997 case CMD_RUN_TOR:
1998 do_main_loop();
1999 break;
2000 case CMD_LIST_FINGERPRINT:
2001 do_list_fingerprint();
2002 break;
2003 case CMD_HASH_PASSWORD:
2004 do_hash_password();
2005 break;
2006 case CMD_VERIFY_CONFIG:
2007 printf("Configuration was valid\n");
2008 break;
2009 case CMD_RUN_UNITTESTS:
2010 default:
2011 log_err(LD_CONFIG, "Illegal command number %d: internal error.",
2012 get_options()->command);
2013 }
2014 tor_cleanup();
2015 }
2016 }
2017 }
2018
2019 /** Return a handle to the service control manager on success, or NULL on
2020 * failure. */
2021 SC_HANDLE
2022 nt_service_open_scm(void)
2023 {
2024 SC_HANDLE hSCManager;
2025 char *errmsg = NULL;
2026
2027 nt_service_loadlibrary();
2028 if ((hSCManager = service_fns.OpenSCManagerA_fn(
2029 NULL, NULL, SC_MANAGER_CREATE_SERVICE)) == NULL) {
2030 errmsg = nt_strerror(GetLastError());
2031 printf("OpenSCManager() failed : %s\n", errmsg);
2032 LocalFree(errmsg);
2033 }
2034 return hSCManager;
2035 }
2036
2037 /** Open a handle to the Tor service using <b>hSCManager</b>. Return NULL
2038 * on failure. */
2039 SC_HANDLE
2040 nt_service_open(SC_HANDLE hSCManager)
2041 {
2042 SC_HANDLE hService;
2043 char *errmsg = NULL;
2044 nt_service_loadlibrary();
2045 if ((hService = service_fns.OpenServiceA_fn(hSCManager, GENSRV_SERVICENAME,
2046 SERVICE_ALL_ACCESS)) == NULL) {
2047 errmsg = nt_strerror(GetLastError());
2048 printf("OpenService() failed : %s\n", errmsg);
2049 LocalFree(errmsg);
2050 }
2051 return hService;
2052 }
2053
2054 /** Start the Tor service. Return 0 if the service is started or was
2055 * previously running. Return -1 on error. */
2056 int
2057 nt_service_start(SC_HANDLE hService)
2058 {
2059 char *errmsg = NULL;
2060
2061 nt_service_loadlibrary();
2062
2063 service_fns.QueryServiceStatus_fn(hService, &service_status);
2064 if (service_status.dwCurrentState == SERVICE_RUNNING) {
2065 printf("Service is already running\n");
2066 return 0;
2067 }
2068
2069 if (service_fns.StartServiceA_fn(hService, 0, NULL)) {
2070 /* Loop until the service has finished attempting to start */
2071 while (service_fns.QueryServiceStatus_fn(hService, &service_status) &&
2072 (service_status.dwCurrentState == SERVICE_START_PENDING)) {
2073 Sleep(500);
2074 }
2075
2076 /* Check if it started successfully or not */
2077 if (service_status.dwCurrentState == SERVICE_RUNNING) {
2078 printf("Service started successfully\n");
2079 return 0;
2080 } else {
2081 errmsg = nt_strerror(service_status.dwWin32ExitCode);
2082 printf("Service failed to start : %s\n", errmsg);
2083 LocalFree(errmsg);
2084 }
2085 } else {
2086 errmsg = nt_strerror(GetLastError());
2087 printf("StartService() failed : %s\n", errmsg);
2088 LocalFree(errmsg);
2089 }
2090 return -1;
2091 }
2092
2093 /** Stop the Tor service. Return 0 if the service is stopped or was not
2094 * previously running. Return -1 on error. */
2095 int
2096 nt_service_stop(SC_HANDLE hService)
2097 {
2098 /** Wait at most 10 seconds for the service to stop. */
2099 #define MAX_SERVICE_WAIT_TIME 10
2100 int wait_time;
2101 char *errmsg = NULL;
2102 nt_service_loadlibrary();
2103
2104 service_fns.QueryServiceStatus_fn(hService, &service_status);
2105 if (service_status.dwCurrentState == SERVICE_STOPPED) {
2106 printf("Service is already stopped\n");
2107 return 0;
2108 }
2109
2110 if (service_fns.ControlService_fn(hService, SERVICE_CONTROL_STOP,
2111 &service_status)) {
2112 wait_time = 0;
2113 while (service_fns.QueryServiceStatus_fn(hService, &service_status) &&
2114 (service_status.dwCurrentState != SERVICE_STOPPED) &&
2115 (wait_time < MAX_SERVICE_WAIT_TIME)) {
2116 Sleep(1000);
2117 wait_time++;
2118 }
2119 if (service_status.dwCurrentState == SERVICE_STOPPED) {
2120 printf("Service stopped successfully\n");
2121 return 0;
2122 } else if (wait_time == MAX_SERVICE_WAIT_TIME) {
2123 printf("Service did not stop within %d seconds.\n", wait_time);
2124 } else {
2125 errmsg = nt_strerror(GetLastError());
2126 printf("QueryServiceStatus() failed : %s\n",errmsg);
2127 LocalFree(errmsg);
2128 }
2129 } else {
2130 errmsg = nt_strerror(GetLastError());
2131 printf("ControlService() failed : %s\n", errmsg);
2132 LocalFree(errmsg);
2133 }
2134 return -1;
2135 }
2136
2137 /** Build a formatted command line used for the NT service. Return a
2138 * pointer to the formatted string on success, or NULL on failure. Set
2139 * *<b>using_default_torrc</b> to true if we're going to use the default
2140 * location to torrc, or 1 if an option was specified on the command line.
2141 */
2142 static char *
2143 nt_service_command_line(int *using_default_torrc)
2144 {
2145 TCHAR tor_exe[MAX_PATH+1];
2146 char *command, *options=NULL;
2147 smartlist_t *sl;
2148 int i, cmdlen;
2149 *using_default_torrc = 1;
2150
2151 /* Get the location of tor.exe */
2152 if (0 == GetModuleFileName(NULL, tor_exe, MAX_PATH))
2153 return NULL;
2154
2155 /* Get the service arguments */
2156 sl = smartlist_create();
2157 for (i = 1; i < backup_argc; ++i) {
2158 if (!strcmp(backup_argv[i], "--options") ||
2159 !strcmp(backup_argv[i], "-options")) {
2160 while (++i < backup_argc) {
2161 if (!strcmp(backup_argv[i], "-f"))
2162 *using_default_torrc = 0;
2163 smartlist_add(sl, backup_argv[i]);
2164 }
2165 }
2166 }
2167 if (smartlist_len(sl))
2168 options = smartlist_join_strings(sl,"\" \"",0,NULL);
2169 smartlist_free(sl);
2170
2171 /* Allocate a string for the NT service command line */
2172 cmdlen = strlen(tor_exe) + (options?strlen(options):0) + 32;
2173 command = tor_malloc(cmdlen);
2174
2175 /* Format the service command */
2176 if (options) {
2177 if (tor_snprintf(command, cmdlen, "\"%s\" --nt-service \"%s\"",
2178 tor_exe, options)<0) {
2179 tor_free(command); /* sets command to NULL. */
2180 }
2181 } else { /* ! options */
2182 if (tor_snprintf(command, cmdlen, "\"%s\" --nt-service", tor_exe)<0) {
2183 tor_free(command); /* sets command to NULL. */
2184 }
2185 }
2186
2187 tor_free(options);
2188 return command;
2189 }
2190
2191 /** Creates a Tor NT service, set to start on boot. The service will be
2192 * started if installation succeeds. Returns 0 on success, or -1 on
2193 * failure. */
2194 int
2195 nt_service_install(int argc, char **argv)
2196 {
2197 /* Notes about developing NT services:
2198 *
2199 * 1. Don't count on your CWD. If an absolute path is not given, the
2200 * fopen() function goes wrong.
2201 * 2. The parameters given to the nt_service_body() function differ
2202 * from those given to main() function.
2203 */
2204
2205 SC_HANDLE hSCManager = NULL;
2206 SC_HANDLE hService = NULL;
2207 SERVICE_DESCRIPTION sdBuff;
2208 char *command;
2209 char *errmsg;
2210 const char *user_acct = GENSRV_USERACCT;
2211 const char *password = "";
2212 int i;
2213 OSVERSIONINFOEX info;
2214 SID_NAME_USE sidUse;
2215 DWORD sidLen = 0, domainLen = 0;
2216 int is_win2k_or_worse = 0;
2217 int using_default_torrc = 0;
2218
2219 nt_service_loadlibrary();
2220
2221 /* Open the service control manager so we can create a new service */
2222 if ((hSCManager = nt_service_open_scm()) == NULL)
2223 return -1;
2224 /* Build the command line used for the service */
2225 if ((command = nt_service_command_line(&using_default_torrc)) == NULL) {
2226 printf("Unable to build service command line.\n");
2227 service_fns.CloseServiceHandle_fn(hSCManager);
2228 return -1;
2229 }
2230
2231 for (i=1; i < argc; ++i) {
2232 if (!strcmp(argv[i], "--user") && i+1<argc) {
2233 user_acct = argv[i+1];
2234 ++i;
2235 }
2236 if (!strcmp(argv[i], "--password") && i+1<argc) {
2237 password = argv[i+1];
2238 ++i;
2239 }
2240 }
2241
2242 /* Compute our version and see whether we're running win2k or earlier. */
2243 memset(&info, 0, sizeof(info));
2244 info.dwOSVersionInfoSize = sizeof(info);
2245 if (! GetVersionEx((LPOSVERSIONINFO)&info)) {
2246 printf("Call to GetVersionEx failed.\n");
2247 is_win2k_or_worse = 1;
2248 } else {
2249 if (info.dwMajorVersion < 5 ||
2250 (info.dwMajorVersion == 5 && info.dwMinorVersion == 0))
2251 is_win2k_or_worse = 1;
2252 }
2253
2254 if (user_acct == GENSRV_USERACCT) {
2255 if (is_win2k_or_worse) {
2256 /* On Win2k, there is no LocalService account, so we actually need to
2257 * fall back on NULL (the system account). */
2258 printf("Running on Win2K or earlier, so the LocalService account "
2259 "doesn't exist. Falling back to SYSTEM account.\n");
2260 user_acct = NULL;
2261 } else {
2262 /* Genericity is apparently _so_ last year in Redmond, where some
2263 * accounts are accounts that you can look up, and some accounts
2264 * are magic and undetectable via the security subsystem. See
2265 * http://msdn2.microsoft.com/en-us/library/ms684188.aspx
2266 */
2267 printf("Running on a Post-Win2K OS, so we'll assume that the "
2268 "LocalService account exists.\n");
2269 }
2270 } else if (0 && service_fns.LookupAccountNameA_fn(NULL, // On this system
2271 user_acct,
2272 NULL, &sidLen, // Don't care about the SID
2273 NULL, &domainLen, // Don't care about the domain
2274 &sidUse) == 0) {
2275 /* XXXX012 For some reason, the above test segfaults. Fix that. */
2276 printf("User \"%s\" doesn't seem to exist.\n", user_acct);
2277 return -1;
2278 } else {
2279 printf("Will try to install service as user \"%s\".\n", user_acct);
2280 }
2281 /* XXXX This warning could be better about explaining how to resolve the
2282 * situation. */
2283 if (using_default_torrc)
2284 printf("IMPORTANT NOTE:\n"
2285 " The Tor service will run under the account \"%s\". This means\n"
2286 " that Tor will look for its configuration file under that\n"
2287 " account's Application Data directory, which is probably not\n"
2288 " the same as yours.\n", user_acct?user_acct:"<local system>");
2289
2290 /* Create the Tor service, set to auto-start on boot */
2291 if ((hService = service_fns.CreateServiceA_fn(hSCManager, GENSRV_SERVICENAME,
2292 GENSRV_DISPLAYNAME,
2293 SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
2294 SERVICE_AUTO_START, SERVICE_ERROR_IGNORE,
2295 command, NULL, NULL, NULL,
2296 user_acct, password)) == NULL) {
2297 errmsg = nt_strerror(GetLastError());
2298 printf("CreateService() failed : %s\n", errmsg);
2299 service_fns.CloseServiceHandle_fn(hSCManager);
2300 LocalFree(errmsg);
2301 tor_free(command);
2302 return -1;
2303 }
2304 printf("Done with CreateService.\n");
2305
2306 /* Set the service's description */
2307 sdBuff.lpDescription = (char*)GENSRV_DESCRIPTION;
2308 service_fns.ChangeServiceConfig2A_fn(hService, SERVICE_CONFIG_DESCRIPTION,
2309 &sdBuff);
2310 printf("Service installed successfully\n");
2311
2312 /* Start the service initially */
2313 nt_service_start(hService);
2314
2315 service_fns.CloseServiceHandle_fn(hService);
2316 service_fns.CloseServiceHandle_fn(hSCManager);
2317 tor_free(command);
2318
2319 return 0;
2320 }
2321
2322 /** Removes the Tor NT service. Returns 0 if the service was successfully
2323 * removed, or -1 on error. */
2324 int
2325 nt_service_remove(void)
2326 {
2327 SC_HANDLE hSCManager = NULL;
2328 SC_HANDLE hService = NULL;
2329 char *errmsg;
2330
2331 nt_service_loadlibrary();
2332 if ((hSCManager = nt_service_open_scm()) == NULL)
2333 return -1;
2334 if ((hService = nt_service_open(hSCManager)) == NULL) {
2335 service_fns.CloseServiceHandle_fn(hSCManager);
2336 return -1;
2337 }
2338
2339 nt_service_stop(hService);
2340 if (service_fns.DeleteService_fn(hService) == FALSE) {
2341 errmsg = nt_strerror(GetLastError());
2342 printf("DeleteService() failed : %s\n", errmsg);
2343 LocalFree(errmsg);
2344 service_fns.CloseServiceHandle_fn(hService);
2345 service_fns.CloseServiceHandle_fn(hSCManager);
2346 return -1;
2347 }
2348
2349 service_fns.CloseServiceHandle_fn(hService);
2350 service_fns.CloseServiceHandle_fn(hSCManager);
2351 printf("Service removed successfully\n");
2352
2353 return 0;
2354 }
2355
2356 /** Starts the Tor service. Returns 0 on success, or -1 on error. */
2357 int
2358 nt_service_cmd_start(void)
2359 {
2360 SC_HANDLE hSCManager;
2361 SC_HANDLE hService;
2362 int start;
2363
2364 if ((hSCManager = nt_service_open_scm()) == NULL)
2365 return -1;
2366 if ((hService = nt_service_open(hSCManager)) == NULL) {
2367 service_fns.CloseServiceHandle_fn(hSCManager);
2368 return -1;
2369 }
2370
2371 start = nt_service_start(hService);
2372 service_fns.CloseServiceHandle_fn(hService);
2373 service_fns.CloseServiceHandle_fn(hSCManager);
2374
2375 return start;
2376 }
2377
2378 /** Stops the Tor service. Returns 0 on success, or -1 on error. */
2379 int
2380 nt_service_cmd_stop(void)
2381 {
2382 SC_HANDLE hSCManager;
2383 SC_HANDLE hService;
2384 int stop;
2385
2386 if ((hSCManager = nt_service_open_scm()) == NULL)
2387 return -1;
2388 if ((hService = nt_service_open(hSCManager)) == NULL) {
2389 service_fns.CloseServiceHandle_fn(hSCManager);
2390 return -1;
2391 }
2392
2393 stop = nt_service_stop(hService);
2394 service_fns.CloseServiceHandle_fn(hService);
2395 service_fns.CloseServiceHandle_fn(hSCManager);
2396
2397 return stop;
2398 }
2399
2400 /** Given a Win32 error code, this attempts to make Windows
2401 * return a human-readable error message. The char* returned
2402 * is allocated by Windows, but should be freed with LocalFree()
2403 * when finished with it. */
2404 static char*
2405 nt_strerror(uint32_t errnum)
2406 {
2407 char *msgbuf;
2408 FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
2409 NULL, errnum, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
2410 (LPSTR)&msgbuf, 0, NULL);
2411 return msgbuf;
2412 }
2413 #endif
2414
2415 #ifdef USE_DMALLOC
2416 #include <openssl/crypto.h>
2417 static void
2418 _tor_dmalloc_free(void *p)
2419 {
2420 tor_free(p);
2421 }
2422 #endif
2423
2424 /** Main entry point for the Tor process. Called from main(). */
2425 /* This function is distinct from main() only so we can link main.c into
2426 * the unittest binary without conflicting with the unittests' main. */
2427 int
2428 tor_main(int argc, char *argv[])
2429 {
2430 int result = 0;
2431 #ifdef USE_DMALLOC
2432 int r = CRYPTO_set_mem_ex_functions(_tor_malloc, _tor_realloc,
2433 _tor_dmalloc_free);
2434 log_notice(LD_CONFIG, "Set up dmalloc; returned %d", r);
2435 #endif
2436 #ifdef MS_WINDOWS_SERVICE
2437 backup_argv = argv;
2438 backup_argc = argc;
2439 if ((argc >= 3) &&
2440 (!strcmp(argv[1], "-service") || !strcmp(argv[1], "--service"))) {
2441 nt_service_loadlibrary();
2442 if (!strcmp(argv[2], "install"))
2443 return nt_service_install(argc, argv);
2444 if (!strcmp(argv[2], "remove"))
2445 return nt_service_remove();
2446 if (!strcmp(argv[2], "start"))
2447 return nt_service_cmd_start();
2448 if (!strcmp(argv[2], "stop"))
2449 return nt_service_cmd_stop();
2450 printf("Unrecognized service command '%s'\n", argv[2]);
2451 return -1;
2452 }
2453 if (argc >= 2) {
2454 if (!strcmp(argv[1], "-nt-service") || !strcmp(argv[1], "--nt-service")) {
2455 nt_service_loadlibrary();
2456 nt_service_main();
2457 return 0;
2458 }
2459 // These values have been deprecated since 0.1.1.2-alpha; we've warned
2460 // about them since 0.1.2.7-alpha.
2461 if (!strcmp(argv[1], "-install") || !strcmp(argv[1], "--install")) {
2462 nt_service_loadlibrary();
2463 fprintf(stderr,
2464 "The %s option is deprecated; use \"--service install\" instead.",
2465 argv[1]);
2466 return nt_service_install(argc, argv);
2467 }
2468 if (!strcmp(argv[1], "-remove") || !strcmp(argv[1], "--remove")) {
2469 nt_service_loadlibrary();
2470 fprintf(stderr,
2471 "The %s option is deprecated; use \"--service remove\" instead.",
2472 argv[1]);
2473 return nt_service_remove();
2474 }
2475 }
2476 #endif
2477 if (tor_init(argc, argv)<0)
2478 return -1;
2479 switch (get_options()->command) {
2480 case CMD_RUN_TOR:
2481 #ifdef MS_WINDOWS_SERVICE
2482 service_status.dwCurrentState = SERVICE_RUNNING;
2483 #endif
2484 result = do_main_loop();
2485 break;
2486 case CMD_LIST_FINGERPRINT:
2487 result = do_list_fingerprint();
2488 break;
2489 case CMD_HASH_PASSWORD:
2490 do_hash_password();
2491 result = 0;
2492 break;
2493 case CMD_VERIFY_CONFIG:
2494 printf("Configuration was valid\n");
2495 result = 0;
2496 break;
2497 case CMD_RUN_UNITTESTS: /* only set by test.c */
2498 default:
2499 log_warn(LD_BUG,"Illegal command number %d: internal error.",
2500 get_options()->command);
2501 result = -1;
2502 }
2503 tor_cleanup();
2504 return result;
2505 }
2506
The Onion Router