search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use observed instead of declared uptime for HSDir
[tor.git] / src / or / dirserv.c
blob40136a18e382ff980cad6d446eee4ab9fe6117b1
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define DIRSERV_PRIVATE
7 #include "or.h"
8 #include "buffers.h"
9 #include "config.h"
10 #include "connection.h"
11 #include "connection_or.h"
12 #include "control.h"
13 #include "directory.h"
14 #include "dirserv.h"
15 #include "dirvote.h"
16 #include "hibernate.h"
17 #include "microdesc.h"
18 #include "networkstatus.h"
19 #include "policies.h"
20 #include "rephist.h"
21 #include "router.h"
22 #include "routerlist.h"
23 #include "routerparse.h"
24
25 /**
26 * \file dirserv.c
27 * \brief Directory server core implementation. Manages directory
28 * contents and generates directories.
29 */
30
31 /** How far in the future do we allow a router to get? (seconds) */
32 #define ROUTER_ALLOW_SKEW (60*60*12)
33 /** How many seconds do we wait before regenerating the directory? */
34 #define DIR_REGEN_SLACK_TIME 30
35 /** If we're a cache, keep this many networkstatuses around from non-trusted
36 * directory authorities. */
37 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
38
39 /** If a v1 directory is older than this, discard it. */
40 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
41 /** If a v1 running-routers is older than this, discard it. */
42 #define MAX_V1_RR_AGE (7*24*60*60)
43
44 extern time_t time_of_process_start; /* from main.c */
45
46 extern long stats_n_seconds_working; /* from main.c */
47
48 /** Do we need to regenerate the v1 directory when someone asks for it? */
49 static time_t the_directory_is_dirty = 1;
50 /** Do we need to regenerate the v1 runningrouters document when somebody
51 * asks for it? */
52 static time_t runningrouters_is_dirty = 1;
53 /** Do we need to regenerate our v2 networkstatus document when somebody asks
54 * for it? */
55 static time_t the_v2_networkstatus_is_dirty = 1;
56
57 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
58 * only.) */
59 static cached_dir_t *the_directory = NULL;
60
61 /** For authoritative directories: the current (v1) network status. */
62 static cached_dir_t the_runningrouters;
63
64 static void directory_remove_invalid(void);
65 static cached_dir_t *dirserv_regenerate_directory(void);
66 static char *format_versions_list(config_line_t *ln);
67 struct authdir_config_t;
68 static int add_fingerprint_to_dir(const char *nickname, const char *fp,
69 struct authdir_config_t *list);
70 static uint32_t dirserv_router_get_status(const routerinfo_t *router,
71 const char **msg);
72 static uint32_t
73 dirserv_get_status_impl(const char *fp, const char *nickname,
74 const char *address,
75 uint32_t addr, uint16_t or_port,
76 const char *platform, const char *contact,
77 const char **msg, int should_log);
78 static void clear_cached_dir(cached_dir_t *d);
79 static signed_descriptor_t *get_signed_descriptor_by_fp(const char *fp,
80 int extrainfo,
81 time_t publish_cutoff);
82 static int dirserv_add_extrainfo(extrainfo_t *ei, const char **msg);
83
84 /************** Measured Bandwidth parsing code ******/
85 #define MAX_MEASUREMENT_AGE (3*24*60*60) /* 3 days */
86
87 /************** Fingerprint handling code ************/
88
89 #define FP_NAMED 1 /**< Listed in fingerprint file. */
90 #define FP_INVALID 2 /**< Believed invalid. */
91 #define FP_REJECT 4 /**< We will not publish this router. */
92 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
93 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
94 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
95
96 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
97 * map. */
98 typedef struct router_status_t {
99 char nickname[MAX_NICKNAME_LEN+1];
100 uint32_t status;
101 } router_status_t;
102
103 /** List of nickname-\>identity fingerprint mappings for all the routers
104 * that we name. Used to prevent router impersonation. */
105 typedef struct authdir_config_t {
106 strmap_t *fp_by_name; /**< Map from lc nickname to fingerprint. */
107 digestmap_t *status_by_digest; /**< Map from digest to router_status_t. */
108 } authdir_config_t;
109
110 /** Should be static; exposed for testing. */
111 static authdir_config_t *fingerprint_list = NULL;
112
113 /** Allocate and return a new, empty, authdir_config_t. */
114 static authdir_config_t *
115 authdir_config_new(void)
116 {
117 authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
118 list->fp_by_name = strmap_new();
119 list->status_by_digest = digestmap_new();
120 return list;
121 }
122
123 /** Add the fingerprint <b>fp</b> for <b>nickname</b> to
124 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
125 * new, or 1 if we replaced the old value.
126 */
127 /* static */ int
128 add_fingerprint_to_dir(const char *nickname, const char *fp,
129 authdir_config_t *list)
130 {
131 char *fingerprint;
132 char d[DIGEST_LEN];
133 router_status_t *status;
134 tor_assert(nickname);
135 tor_assert(fp);
136 tor_assert(list);
137
138 fingerprint = tor_strdup(fp);
139 tor_strstrip(fingerprint, " ");
140 if (base16_decode(d, DIGEST_LEN, fingerprint, strlen(fingerprint))) {
141 log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
142 escaped(fp));
143 tor_free(fingerprint);
144 return 0;
145 }
146
147 if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
148 log_warn(LD_DIRSERV, "Tried to add a mapping for reserved nickname %s",
149 UNNAMED_ROUTER_NICKNAME);
150 tor_free(fingerprint);
151 return 0;
152 }
153
154 status = digestmap_get(list->status_by_digest, d);
155 if (!status) {
156 status = tor_malloc_zero(sizeof(router_status_t));
157 digestmap_set(list->status_by_digest, d, status);
158 }
159
160 if (nickname[0] != '!') {
161 char *old_fp = strmap_get_lc(list->fp_by_name, nickname);
162 if (old_fp && !strcasecmp(fingerprint, old_fp)) {
163 tor_free(fingerprint);
164 } else {
165 tor_free(old_fp);
166 strmap_set_lc(list->fp_by_name, nickname, fingerprint);
167 }
168 status->status |= FP_NAMED;
169 strlcpy(status->nickname, nickname, sizeof(status->nickname));
170 } else {
171 tor_free(fingerprint);
172 if (!strcasecmp(nickname, "!reject")) {
173 status->status |= FP_REJECT;
174 } else if (!strcasecmp(nickname, "!invalid")) {
175 status->status |= FP_INVALID;
176 } else if (!strcasecmp(nickname, "!baddir")) {
177 status->status |= FP_BADDIR;
178 } else if (!strcasecmp(nickname, "!badexit")) {
179 status->status |= FP_BADEXIT;
180 }
181 }
182 return 0;
183 }
184
185 /** Add the nickname and fingerprint for this OR to the
186 * global list of recognized identity key fingerprints. */
187 int
188 dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk)
189 {
190 char fp[FINGERPRINT_LEN+1];
191 if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
192 log_err(LD_BUG, "Error computing fingerprint");
193 return -1;
194 }
195 if (!fingerprint_list)
196 fingerprint_list = authdir_config_new();
197 add_fingerprint_to_dir(nickname, fp, fingerprint_list);
198 return 0;
199 }
200
201 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
202 * file. The file format is line-based, with each non-blank holding one
203 * nickname, some space, and a fingerprint for that nickname. On success,
204 * replace the current fingerprint list with the new list and return 0. On
205 * failure, leave the current fingerprint list untouched, and return -1. */
206 int
207 dirserv_load_fingerprint_file(void)
208 {
209 char *fname;
210 char *cf;
211 char *nickname, *fingerprint;
212 authdir_config_t *fingerprint_list_new;
213 int result;
214 config_line_t *front=NULL, *list;
215 or_options_t *options = get_options();
216
217 fname = get_datadir_fname("approved-routers");
218 log_info(LD_GENERAL,
219 "Reloading approved fingerprints from \"%s\"...", fname);
220
221 cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
222 if (!cf) {
223 if (options->NamingAuthoritativeDir) {
224 log_warn(LD_FS, "Cannot open fingerprint file '%s'. Failing.", fname);
225 tor_free(fname);
226 return -1;
227 } else {
228 log_info(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
229 tor_free(fname);
230 return 0;
231 }
232 }
233 tor_free(fname);
234
235 result = config_get_lines(cf, &front);
236 tor_free(cf);
237 if (result < 0) {
238 log_warn(LD_CONFIG, "Error reading from fingerprint file");
239 return -1;
240 }
241
242 fingerprint_list_new = authdir_config_new();
243
244 for (list=front; list; list=list->next) {
245 char digest_tmp[DIGEST_LEN];
246 nickname = list->key; fingerprint = list->value;
247 if (strlen(nickname) > MAX_NICKNAME_LEN) {
248 log_notice(LD_CONFIG,
249 "Nickname '%s' too long in fingerprint file. Skipping.",
250 nickname);
251 continue;
252 }
253 if (!is_legal_nickname(nickname) &&
254 strcasecmp(nickname, "!reject") &&
255 strcasecmp(nickname, "!invalid") &&
256 strcasecmp(nickname, "!badexit")) {
257 log_notice(LD_CONFIG,
258 "Invalid nickname '%s' in fingerprint file. Skipping.",
259 nickname);
260 continue;
261 }
262 tor_strstrip(fingerprint, " "); /* remove spaces */
263 if (strlen(fingerprint) != HEX_DIGEST_LEN ||
264 base16_decode(digest_tmp, sizeof(digest_tmp),
265 fingerprint, HEX_DIGEST_LEN) < 0) {
266 log_notice(LD_CONFIG,
267 "Invalid fingerprint (nickname '%s', "
268 "fingerprint %s). Skipping.",
269 nickname, fingerprint);
270 continue;
271 }
272 if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
273 /* If you approved an OR called "client", then clients who use
274 * the default nickname could all be rejected. That's no good. */
275 log_notice(LD_CONFIG,
276 "Authorizing nickname '%s' would break "
277 "many clients; skipping.",
278 DEFAULT_CLIENT_NICKNAME);
279 continue;
280 }
281 if (0==strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
282 /* If you approved an OR called "unnamed", then clients will be
283 * confused. */
284 log_notice(LD_CONFIG,
285 "Authorizing nickname '%s' is not allowed; skipping.",
286 UNNAMED_ROUTER_NICKNAME);
287 continue;
288 }
289 if (add_fingerprint_to_dir(nickname, fingerprint, fingerprint_list_new)
290 != 0)
291 log_notice(LD_CONFIG, "Duplicate nickname '%s'.", nickname);
292 }
293
294 config_free_lines(front);
295 dirserv_free_fingerprint_list();
296 fingerprint_list = fingerprint_list_new;
297 /* Delete any routers whose fingerprints we no longer recognize */
298 directory_remove_invalid();
299 return 0;
300 }
301
302 /** Check whether <b>router</b> has a nickname/identity key combination that
303 * we recognize from the fingerprint list, or an IP we automatically act on
304 * according to our configuration. Return the appropriate router status.
305 *
306 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
307 * *<b>msg</b> to an explanation of why. */
308 static uint32_t
309 dirserv_router_get_status(const routerinfo_t *router, const char **msg)
310 {
311 char d[DIGEST_LEN];
312
313 if (crypto_pk_get_digest(router->identity_pkey, d)) {
314 log_warn(LD_BUG,"Error computing fingerprint");
315 if (msg)
316 *msg = "Bug: Error computing fingerprint";
317 return FP_REJECT;
318 }
319
320 return dirserv_get_status_impl(d, router->nickname,
321 router->address,
322 router->addr, router->or_port,
323 router->platform, router->contact_info,
324 msg, 1);
325 }
326
327 /** Return true if there is no point in downloading the router described by
328 * <b>rs</b> because this directory would reject it. */
329 int
330 dirserv_would_reject_router(routerstatus_t *rs)
331 {
332 uint32_t res;
333
334 res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
335 "", /* address is only used in logs */
336 rs->addr, rs->or_port,
337 NULL, NULL,
338 NULL, 0);
339
340 return (res & FP_REJECT) != 0;
341 }
342
343 /** Helper: Based only on the ID/Nickname combination,
344 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
345 */
346 static uint32_t
347 dirserv_get_name_status(const char *id_digest, const char *nickname)
348 {
349 char fp[HEX_DIGEST_LEN+1];
350 char *fp_by_name;
351
352 base16_encode(fp, sizeof(fp), id_digest, DIGEST_LEN);
353
354 if ((fp_by_name =
355 strmap_get_lc(fingerprint_list->fp_by_name, nickname))) {
356 if (!strcasecmp(fp, fp_by_name)) {
357 return FP_NAMED;
358 } else {
359 return FP_UNNAMED; /* Wrong fingerprint. */
360 }
361 }
362 return 0;
363 }
364
365 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
366 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
367 * port, platform (logging only) and contact info (logging only) as arguments.
368 *
369 * If should_log is false, do not log messages. (There's not much point in
370 * logging that we're rejecting servers we'll not download.)
371 */
372 static uint32_t
373 dirserv_get_status_impl(const char *id_digest, const char *nickname,
374 const char *address,
375 uint32_t addr, uint16_t or_port,
376 const char *platform, const char *contact,
377 const char **msg, int should_log)
378 {
379 int reject_unlisted = get_options()->AuthDirRejectUnlisted;
380 uint32_t result = 0;
381 router_status_t *status_by_digest;
382
383 if (!fingerprint_list)
384 fingerprint_list = authdir_config_new();
385
386 if (should_log)
387 log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
388 strmap_size(fingerprint_list->fp_by_name),
389 digestmap_size(fingerprint_list->status_by_digest));
390
391 /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
392 * directory information. Once more of them die off, we should raise this
393 * minimum. */
394 if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
395 if (msg)
396 *msg = "Tor version is far too old to work.";
397 return FP_REJECT;
398 } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
399 && !tor_version_as_new_as(platform, "0.2.1.19")) {
400 /* These versions mishandled RELAY_EARLY cells on rend circuits. */
401 if (msg)
402 *msg = "Tor version is too buggy to work.";
403 return FP_REJECT;
404 }
405
406 result = dirserv_get_name_status(id_digest, nickname);
407 if (result & FP_NAMED) {
408 if (should_log)
409 log_debug(LD_DIRSERV,"Good fingerprint for '%s'",nickname);
410 }
411 if (result & FP_UNNAMED) {
412 if (should_log) {
413 char *esc_contact = esc_for_log(contact);
414 log_info(LD_DIRSERV,
415 "Mismatched fingerprint for '%s'. "
416 "ContactInfo '%s', platform '%s'.)",
417 nickname,
418 esc_contact,
419 platform ? escaped(platform) : "");
420 tor_free(esc_contact);
421 }
422 if (msg)
423 *msg = "Rejected: There is already a named server with this nickname "
424 "and a different fingerprint.";
425 }
426
427 status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
428 id_digest);
429 if (status_by_digest)
430 result |= (status_by_digest->status & ~FP_NAMED);
431
432 if (result & FP_REJECT) {
433 if (msg)
434 *msg = "Fingerprint is marked rejected";
435 return FP_REJECT;
436 } else if (result & FP_INVALID) {
437 if (msg)
438 *msg = "Fingerprint is marked invalid";
439 }
440
441 if (authdir_policy_baddir_address(addr, or_port)) {
442 if (should_log)
443 log_info(LD_DIRSERV,
444 "Marking '%s' as bad directory because of address '%s'",
445 nickname, address);
446 result |= FP_BADDIR;
447 }
448
449 if (authdir_policy_badexit_address(addr, or_port)) {
450 if (should_log)
451 log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
452 nickname, address);
453 result |= FP_BADEXIT;
454 }
455
456 if (!(result & FP_NAMED)) {
457 if (!authdir_policy_permits_address(addr, or_port)) {
458 if (should_log)
459 log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
460 nickname, address);
461 if (msg)
462 *msg = "Authdir is rejecting routers in this range.";
463 return FP_REJECT;
464 }
465 if (!authdir_policy_valid_address(addr, or_port)) {
466 if (should_log)
467 log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
468 nickname, address);
469 result |= FP_INVALID;
470 }
471 if (reject_unlisted) {
472 if (msg)
473 *msg = "Authdir rejects unknown routers.";
474 return FP_REJECT;
475 }
476 }
477
478 return result;
479 }
480
481 /** If we are an authoritative dirserver, and the list of approved
482 * servers contains one whose identity key digest is <b>digest</b>,
483 * return that router's nickname. Otherwise return NULL. */
484 const char *
485 dirserv_get_nickname_by_digest(const char *digest)
486 {
487 router_status_t *status;
488 if (!fingerprint_list)
489 return NULL;
490 tor_assert(digest);
491
492 status = digestmap_get(fingerprint_list->status_by_digest, digest);
493 return status ? status->nickname : NULL;
494 }
495
496 /** Clear the current fingerprint list. */
497 void
498 dirserv_free_fingerprint_list(void)
499 {
500 if (!fingerprint_list)
501 return;
502
503 strmap_free(fingerprint_list->fp_by_name, _tor_free);
504 digestmap_free(fingerprint_list->status_by_digest, _tor_free);
505 tor_free(fingerprint_list);
506 }
507
508 /*
509 * Descriptor list
510 */
511
512 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
513 * unless we're configured to not care. Return 0 if all ok. */
514 static int
515 dirserv_router_has_valid_address(routerinfo_t *ri)
516 {
517 struct in_addr iaddr;
518 if (get_options()->DirAllowPrivateAddresses)
519 return 0; /* whatever it is, we're fine with it */
520 if (!tor_inet_aton(ri->address, &iaddr)) {
521 log_info(LD_DIRSERV,"Router '%s' published non-IP address '%s'. Refusing.",
522 ri->nickname, ri->address);
523 return -1;
524 }
525 if (is_internal_IP(ntohl(iaddr.s_addr), 0)) {
526 log_info(LD_DIRSERV,
527 "Router '%s' published internal IP address '%s'. Refusing.",
528 ri->nickname, ri->address);
529 return -1; /* it's a private IP, we should reject it */
530 }
531 return 0;
532 }
533
534 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
535 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
536 *
537 * If the router is rejected, set *<b>msg</b> to an explanation of why.
538 *
539 * If <b>complain</b> then explain at log-level 'notice' why we refused
540 * a descriptor; else explain at log-level 'info'.
541 */
542 int
543 authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
544 int complain)
545 {
546 /* Okay. Now check whether the fingerprint is recognized. */
547 uint32_t status = dirserv_router_get_status(ri, msg);
548 time_t now;
549 int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
550 tor_assert(msg);
551 if (status & FP_REJECT)
552 return -1; /* msg is already set. */
553
554 /* Is there too much clock skew? */
555 now = time(NULL);
556 if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
557 log_fn(severity, LD_DIRSERV, "Publication time for nickname '%s' is too "
558 "far (%d minutes) in the future; possible clock skew. Not adding "
559 "(%s)",
560 ri->nickname, (int)((ri->cache_info.published_on-now)/60),
561 esc_router_info(ri));
562 *msg = "Rejected: Your clock is set too far in the future, or your "
563 "timezone is not correct.";
564 return -1;
565 }
566 if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
567 log_fn(severity, LD_DIRSERV,
568 "Publication time for router with nickname '%s' is too far "
569 "(%d minutes) in the past. Not adding (%s)",
570 ri->nickname, (int)((now-ri->cache_info.published_on)/60),
571 esc_router_info(ri));
572 *msg = "Rejected: Server is expired, or your clock is too far in the past,"
573 " or your timezone is not correct.";
574 return -1;
575 }
576 if (dirserv_router_has_valid_address(ri) < 0) {
577 log_fn(severity, LD_DIRSERV,
578 "Router with nickname '%s' has invalid address '%s'. "
579 "Not adding (%s).",
580 ri->nickname, ri->address,
581 esc_router_info(ri));
582 *msg = "Rejected: Address is not an IP, or IP is a private address.";
583 return -1;
584 }
585 /* Okay, looks like we're willing to accept this one. */
586 ri->is_named = (status & FP_NAMED) ? 1 : 0;
587 ri->is_valid = (status & FP_INVALID) ? 0 : 1;
588 ri->is_bad_directory = (status & FP_BADDIR) ? 1 : 0;
589 ri->is_bad_exit = (status & FP_BADEXIT) ? 1 : 0;
590
591 return 0;
592 }
593
594 /** True iff <b>a</b> is more severe than <b>b</b>. */
595 static int
596 WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
597 {
598 return a < b;
599 }
600
601 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
602 * returns the most severe error that occurred for any one of them. */
603 was_router_added_t
604 dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
605 const char *source,
606 const char **msg)
607 {
608 was_router_added_t r, r_tmp;
609 const char *msg_out;
610 smartlist_t *list;
611 const char *s;
612 int n_parsed = 0;
613 time_t now = time(NULL);
614 char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
615 char time_buf[ISO_TIME_LEN+1];
616 int general = purpose == ROUTER_PURPOSE_GENERAL;
617 tor_assert(msg);
618
619 r=ROUTER_ADDED_SUCCESSFULLY; /*Least severe return value. */
620
621 format_iso_time(time_buf, now);
622 if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
623 "@uploaded-at %s\n"
624 "@source %s\n"
625 "%s%s%s", time_buf, escaped(source),
626 !general ? "@purpose " : "",
627 !general ? router_purpose_to_string(purpose) : "",
628 !general ? "\n" : "")<0) {
629 *msg = "Couldn't format annotations";
630 return -1;
631 }
632
633 s = desc;
634 list = smartlist_create();
635 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
636 annotation_buf)) {
637 SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
638 msg_out = NULL;
639 tor_assert(ri->purpose == purpose);
640 r_tmp = dirserv_add_descriptor(ri, &msg_out, source);
641 if (WRA_MORE_SEVERE(r_tmp, r)) {
642 r = r_tmp;
643 *msg = msg_out;
644 }
645 });
646 }
647 n_parsed += smartlist_len(list);
648 smartlist_clear(list);
649
650 s = desc;
651 if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
652 NULL)) {
653 SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
654 msg_out = NULL;
655
656 r_tmp = dirserv_add_extrainfo(ei, &msg_out);
657 if (WRA_MORE_SEVERE(r_tmp, r)) {
658 r = r_tmp;
659 *msg = msg_out;
660 }
661 });
662 }
663 n_parsed += smartlist_len(list);
664 smartlist_free(list);
665
666 if (! *msg) {
667 if (!n_parsed) {
668 *msg = "No descriptors found in your POST.";
669 if (WRA_WAS_ADDED(r))
670 r = ROUTER_WAS_NOT_NEW;
671 } else {
672 *msg = "(no message)";
673 }
674 }
675
676 return r;
677 }
678
679 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
680 * the list of server descriptors. Set *<b>msg</b> to a message that should be
681 * passed back to the origin of this descriptor, or NULL if there is no such
682 * message. Use <b>source</b> to produce better log messages.
683 *
684 * Return the status of the operation
685 *
686 * This function is only called when fresh descriptors are posted, not when
687 * we re-load the cache.
688 */
689 was_router_added_t
690 dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
691 {
692 was_router_added_t r;
693 routerinfo_t *ri_old;
694 char *desc, *nickname;
695 size_t desclen = 0;
696 *msg = NULL;
697
698 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
699 * network and it'll clog everything up. */
700 if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
701 log_notice(LD_DIR, "Somebody attempted to publish a router descriptor '%s'"
702 " (source: %s) with size %d. Either this is an attack, or the "
703 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
704 ri->nickname, source, (int)ri->cache_info.signed_descriptor_len,
705 MAX_DESCRIPTOR_UPLOAD_SIZE);
706 *msg = "Router descriptor was too large";
707 control_event_or_authdir_new_descriptor("REJECTED",
708 ri->cache_info.signed_descriptor_body,
709 ri->cache_info.signed_descriptor_len, *msg);
710 routerinfo_free(ri);
711 return ROUTER_AUTHDIR_REJECTS;
712 }
713
714 /* Check whether this descriptor is semantically identical to the last one
715 * from this server. (We do this here and not in router_add_to_routerlist
716 * because we want to be able to accept the newest router descriptor that
717 * another authority has, so we all converge on the same one.) */
718 ri_old = router_get_by_digest(ri->cache_info.identity_digest);
719 if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
720 && router_differences_are_cosmetic(ri_old, ri)
721 && !router_is_me(ri)) {
722 log_info(LD_DIRSERV,
723 "Not replacing descriptor from '%s' (source: %s); "
724 "differences are cosmetic.",
725 ri->nickname, source);
726 *msg = "Not replacing router descriptor; no information has changed since "
727 "the last one with this identity.";
728 control_event_or_authdir_new_descriptor("DROPPED",
729 ri->cache_info.signed_descriptor_body,
730 ri->cache_info.signed_descriptor_len, *msg);
731 routerinfo_free(ri);
732 return ROUTER_WAS_NOT_NEW;
733 }
734
735 /* Make a copy of desc, since router_add_to_routerlist might free
736 * ri and its associated signed_descriptor_t. */
737 desclen = ri->cache_info.signed_descriptor_len;
738 desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
739 nickname = tor_strdup(ri->nickname);
740
741 /* Tell if we're about to need to launch a test if we add this. */
742 ri->needs_retest_if_added =
743 dirserv_should_launch_reachability_test(ri, ri_old);
744
745 r = router_add_to_routerlist(ri, msg, 0, 0);
746 if (!WRA_WAS_ADDED(r)) {
747 /* unless the routerinfo was fine, just out-of-date */
748 if (WRA_WAS_REJECTED(r))
749 control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
750 log_info(LD_DIRSERV,
751 "Did not add descriptor from '%s' (source: %s): %s.",
752 nickname, source, *msg ? *msg : "(no message)");
753 } else {
754 smartlist_t *changed;
755 control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
756
757 changed = smartlist_create();
758 smartlist_add(changed, ri);
759 routerlist_descriptors_added(changed, 0);
760 smartlist_free(changed);
761 if (!*msg) {
762 *msg = ri->is_valid ? "Descriptor for valid server accepted" :
763 "Descriptor for invalid server accepted";
764 }
765 log_info(LD_DIRSERV,
766 "Added descriptor from '%s' (source: %s): %s.",
767 nickname, source, *msg);
768 }
769 tor_free(desc);
770 tor_free(nickname);
771 return r;
772 }
773
774 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
775 static was_router_added_t
776 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
777 {
778 routerinfo_t *ri;
779 int r;
780 tor_assert(msg);
781 *msg = NULL;
782
783 ri = router_get_by_digest(ei->cache_info.identity_digest);
784 if (!ri) {
785 *msg = "No corresponding router descriptor for extra-info descriptor";
786 extrainfo_free(ei);
787 return ROUTER_BAD_EI;
788 }
789
790 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
791 * network and it'll clog everything up. */
792 if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
793 log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
794 "with size %d. Either this is an attack, or the "
795 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
796 (int)ei->cache_info.signed_descriptor_len,
797 MAX_EXTRAINFO_UPLOAD_SIZE);
798 *msg = "Extrainfo document was too large";
799 extrainfo_free(ei);
800 return ROUTER_BAD_EI;
801 }
802
803 if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) {
804 extrainfo_free(ei);
805 return r < 0 ? ROUTER_WAS_NOT_NEW : ROUTER_BAD_EI;
806 }
807 router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
808 return ROUTER_ADDED_SUCCESSFULLY;
809 }
810
811 /** Remove all descriptors whose nicknames or fingerprints no longer
812 * are allowed by our fingerprint list. (Descriptors that used to be
813 * good can become bad when we reload the fingerprint list.)
814 */
815 static void
816 directory_remove_invalid(void)
817 {
818 int i;
819 int changed = 0;
820 routerlist_t *rl = router_get_routerlist();
821
822 routerlist_assert_ok(rl);
823
824 for (i = 0; i < smartlist_len(rl->routers); ++i) {
825 const char *msg;
826 routerinfo_t *ent = smartlist_get(rl->routers, i);
827 uint32_t r = dirserv_router_get_status(ent, &msg);
828 if (r & FP_REJECT) {
829 log_info(LD_DIRSERV, "Router '%s' is now rejected: %s",
830 ent->nickname, msg?msg:"");
831 routerlist_remove(rl, ent, 0, time(NULL));
832 i--;
833 changed = 1;
834 continue;
835 }
836 if (bool_neq((r & FP_NAMED), ent->is_named)) {
837 log_info(LD_DIRSERV,
838 "Router '%s' is now %snamed.", ent->nickname,
839 (r&FP_NAMED)?"":"un");
840 ent->is_named = (r&FP_NAMED)?1:0;
841 changed = 1;
842 }
843 if (bool_neq((r & FP_INVALID), !ent->is_valid)) {
844 log_info(LD_DIRSERV, "Router '%s' is now %svalid.", ent->nickname,
845 (r&FP_INVALID) ? "in" : "");
846 ent->is_valid = (r&FP_INVALID)?0:1;
847 changed = 1;
848 }
849 if (bool_neq((r & FP_BADDIR), ent->is_bad_directory)) {
850 log_info(LD_DIRSERV, "Router '%s' is now a %s directory", ent->nickname,
851 (r & FP_BADDIR) ? "bad" : "good");
852 ent->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
853 changed = 1;
854 }
855 if (bool_neq((r & FP_BADEXIT), ent->is_bad_exit)) {
856 log_info(LD_DIRSERV, "Router '%s' is now a %s exit", ent->nickname,
857 (r & FP_BADEXIT) ? "bad" : "good");
858 ent->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
859 changed = 1;
860 }
861 }
862 if (changed)
863 directory_set_dirty();
864
865 routerlist_assert_ok(rl);
866 }
867
868 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
869 * directory, we will rebuild it instead of reusing the most recently
870 * generated one.
871 */
872 void
873 directory_set_dirty(void)
874 {
875 time_t now = time(NULL);
876 int set_v1_dirty=0;
877
878 /* Regenerate stubs only every 8 hours.
879 * XXXX It would be nice to generate less often, but these are just
880 * stubs: it doesn't matter. */
881 #define STUB_REGENERATE_INTERVAL (8*60*60)
882 if (!the_directory || !the_runningrouters.dir)
883 set_v1_dirty = 1;
884 else if (the_directory->published < now - STUB_REGENERATE_INTERVAL ||
885 the_runningrouters.published < now - STUB_REGENERATE_INTERVAL)
886 set_v1_dirty = 1;
887
888 if (set_v1_dirty) {
889 if (!the_directory_is_dirty)
890 the_directory_is_dirty = now;
891 if (!runningrouters_is_dirty)
892 runningrouters_is_dirty = now;
893 }
894 if (!the_v2_networkstatus_is_dirty)
895 the_v2_networkstatus_is_dirty = now;
896 }
897
898 /**
899 * Allocate and return a description of the status of the server <b>desc</b>,
900 * for use in a v1-style router-status line. The server is listed
901 * as running iff <b>is_live</b> is true.
902 */
903 static char *
904 list_single_server_status(routerinfo_t *desc, int is_live)
905 {
906 char buf[MAX_NICKNAME_LEN+HEX_DIGEST_LEN+4]; /* !nickname=$hexdigest\0 */
907 char *cp;
908
909 tor_assert(desc);
910
911 cp = buf;
912 if (!is_live) {
913 *cp++ = '!';
914 }
915 if (desc->is_valid) {
916 strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
917 cp += strlen(cp);
918 *cp++ = '=';
919 }
920 *cp++ = '$';
921 base16_encode(cp, HEX_DIGEST_LEN+1, desc->cache_info.identity_digest,
922 DIGEST_LEN);
923 return tor_strdup(buf);
924 }
925
926 static INLINE int
927 running_long_enough_to_decide_unreachable(void)
928 {
929 return time_of_process_start
930 + get_options()->TestingAuthDirTimeToLearnReachability < approx_time();
931 }
932
933 /** Each server needs to have passed a reachability test no more
934 * than this number of seconds ago, or he is listed as down in
935 * the directory. */
936 #define REACHABLE_TIMEOUT (45*60)
937
938 /** If we tested a router and found it reachable _at least this long_ after it
939 * declared itself hibernating, it is probably done hibernating and we just
940 * missed a descriptor from it. */
941 #define HIBERNATION_PUBLICATION_SKEW (60*60)
942
943 /** Treat a router as alive if
944 * - It's me, and I'm not hibernating.
945 * or - We've found it reachable recently. */
946 void
947 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
948 {
949 /*XXXX022 This function is a mess. Separate out the part that calculates
950 whether it's reachable and the part that tells rephist that the router was
951 unreachable.
952 */
953 int answer;
954
955 if (router_is_me(router)) {
956 /* We always know if we are down ourselves. */
957 answer = ! we_are_hibernating();
958 } else if (router->is_hibernating &&
959 (router->cache_info.published_on +
960 HIBERNATION_PUBLICATION_SKEW) > router->last_reachable) {
961 /* A hibernating router is down unless we (somehow) had contact with it
962 * since it declared itself to be hibernating. */
963 answer = 0;
964 } else if (get_options()->AssumeReachable) {
965 /* If AssumeReachable, everybody is up unless they say they are down! */
966 answer = 1;
967 } else {
968 /* Otherwise, a router counts as up if we found it reachable in the last
969 REACHABLE_TIMEOUT seconds. */
970 answer = (now < router->last_reachable + REACHABLE_TIMEOUT);
971 }
972
973 if (!answer && running_long_enough_to_decide_unreachable()) {
974 /* not considered reachable. tell rephist. */
975 rep_hist_note_router_unreachable(router->cache_info.identity_digest, now);
976 }
977
978 router->is_running = answer;
979 }
980
981 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
982 * contents of a v1-style router-status line, and store it in
983 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
984 *
985 * If for_controller is true, include the routers with very old descriptors.
986 */
987 int
988 list_server_status_v1(smartlist_t *routers, char **router_status_out,
989 int for_controller)
990 {
991 /* List of entries in a router-status style: An optional !, then an optional
992 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
993 smartlist_t *rs_entries;
994 time_t now = time(NULL);
995 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
996 or_options_t *options = get_options();
997 /* We include v2 dir auths here too, because they need to answer
998 * controllers. Eventually we'll deprecate this whole function;
999 * see also networkstatus_getinfo_by_purpose(). */
1000 int authdir = authdir_mode_publishes_statuses(options);
1001 tor_assert(router_status_out);
1002
1003 rs_entries = smartlist_create();
1004
1005 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
1006 if (authdir) {
1007 /* Update router status in routerinfo_t. */
1008 dirserv_set_router_is_running(ri, now);
1009 }
1010 if (for_controller) {
1011 char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
1012 char *cp = name_buf;
1013 if (!ri->is_running)
1014 *cp++ = '!';
1015 router_get_verbose_nickname(cp, ri);
1016 smartlist_add(rs_entries, tor_strdup(name_buf));
1017 } else if (ri->cache_info.published_on >= cutoff) {
1018 smartlist_add(rs_entries, list_single_server_status(ri, ri->is_running));
1019 }
1020 } SMARTLIST_FOREACH_END(ri);
1021
1022 *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
1023
1024 SMARTLIST_FOREACH(rs_entries, char *, cp, tor_free(cp));
1025 smartlist_free(rs_entries);
1026
1027 return 0;
1028 }
1029
1030 /** Given a (possibly empty) list of config_line_t, each line of which contains
1031 * a list of comma-separated version numbers surrounded by optional space,
1032 * allocate and return a new string containing the version numbers, in order,
1033 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1034 */
1035 static char *
1036 format_versions_list(config_line_t *ln)
1037 {
1038 smartlist_t *versions;
1039 char *result;
1040 versions = smartlist_create();
1041 for ( ; ln; ln = ln->next) {
1042 smartlist_split_string(versions, ln->value, ",",
1043 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1044 }
1045 sort_version_list(versions, 1);
1046 result = smartlist_join_strings(versions,",",0,NULL);
1047 SMARTLIST_FOREACH(versions,char *,s,tor_free(s));
1048 smartlist_free(versions);
1049 return result;
1050 }
1051
1052 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1053 * not hibernating, and not too old. Else return 0.
1054 */
1055 static int
1056 router_is_active(routerinfo_t *ri, time_t now)
1057 {
1058 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
1059 if (ri->cache_info.published_on < cutoff)
1060 return 0;
1061 if (!ri->is_running || !ri->is_valid || ri->is_hibernating)
1062 return 0;
1063 return 1;
1064 }
1065
1066 /** Generate a new v1 directory and write it into a newly allocated string.
1067 * Point *<b>dir_out</b> to the allocated string. Sign the
1068 * directory with <b>private_key</b>. Return 0 on success, -1 on
1069 * failure. If <b>complete</b> is set, give us all the descriptors;
1070 * otherwise leave out non-running and non-valid ones.
1071 */
1072 int
1073 dirserv_dump_directory_to_string(char **dir_out,
1074 crypto_pk_env_t *private_key)
1075 {
1076 char *cp;
1077 char *identity_pkey; /* Identity key, DER64-encoded. */
1078 char *recommended_versions;
1079 char digest[DIGEST_LEN];
1080 char published[ISO_TIME_LEN+1];
1081 char *buf = NULL;
1082 size_t buf_len;
1083 size_t identity_pkey_len;
1084 time_t now = time(NULL);
1085
1086 tor_assert(dir_out);
1087 *dir_out = NULL;
1088
1089 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1090 &identity_pkey_len)<0) {
1091 log_warn(LD_BUG,"write identity_pkey to string failed!");
1092 return -1;
1093 }
1094
1095 recommended_versions =
1096 format_versions_list(get_options()->RecommendedVersions);
1097
1098 format_iso_time(published, now);
1099
1100 buf_len = 2048+strlen(recommended_versions);
1101
1102 buf = tor_malloc(buf_len);
1103 /* We'll be comparing against buf_len throughout the rest of the
1104 function, though strictly speaking we shouldn't be able to exceed
1105 it. This is C, after all, so we may as well check for buffer
1106 overruns.*/
1107
1108 tor_snprintf(buf, buf_len,
1109 "signed-directory\n"
1110 "published %s\n"
1111 "recommended-software %s\n"
1112 "router-status %s\n"
1113 "dir-signing-key\n%s\n",
1114 published, recommended_versions, "",
1115 identity_pkey);
1116
1117 tor_free(recommended_versions);
1118 tor_free(identity_pkey);
1119
1120 cp = buf + strlen(buf);
1121 *cp = '\0';
1122
1123 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1124 signature. */
1125 if (strlcat(buf, "directory-signature ", buf_len) >= buf_len)
1126 goto truncated;
1127 if (strlcat(buf, get_options()->Nickname, buf_len) >= buf_len)
1128 goto truncated;
1129 if (strlcat(buf, "\n", buf_len) >= buf_len)
1130 goto truncated;
1131
1132 if (router_get_dir_hash(buf,digest)) {
1133 log_warn(LD_BUG,"couldn't compute digest");
1134 tor_free(buf);
1135 return -1;
1136 }
1137 note_crypto_pk_op(SIGN_DIR);
1138 if (router_append_dirobj_signature(buf,buf_len,digest,DIGEST_LEN,
1139 private_key)<0) {
1140 tor_free(buf);
1141 return -1;
1142 }
1143
1144 *dir_out = buf;
1145 return 0;
1146 truncated:
1147 log_warn(LD_BUG,"tried to exceed string length.");
1148 tor_free(buf);
1149 return -1;
1150 }
1151
1152 /********************************************************************/
1153
1154 /* A set of functions to answer questions about how we'd like to behave
1155 * as a directory mirror/client. */
1156
1157 /** Return 1 if we fetch our directory material directly from the
1158 * authorities, rather than from a mirror. */
1159 int
1160 directory_fetches_from_authorities(or_options_t *options)
1161 {
1162 routerinfo_t *me;
1163 uint32_t addr;
1164 int refuseunknown;
1165 if (options->FetchDirInfoEarly)
1166 return 1;
1167 if (options->BridgeRelay == 1)
1168 return 0;
1169 if (server_mode(options) && router_pick_published_address(options, &addr)<0)
1170 return 1; /* we don't know our IP address; ask an authority. */
1171 refuseunknown = ! router_my_exit_policy_is_reject_star() &&
1172 should_refuse_unknown_exits(options);
1173 if (options->DirPort == 0 && !refuseunknown)
1174 return 0;
1175 if (!server_mode(options) || !advertised_server_mode())
1176 return 0;
1177 me = router_get_my_routerinfo();
1178 if (!me || (!me->dir_port && !refuseunknown))
1179 return 0; /* if dirport not advertised, return 0 too */
1180 return 1;
1181 }
1182
1183 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1184 * on the "mirror" schedule rather than the "client" schedule.
1185 */
1186 int
1187 directory_fetches_dir_info_early(or_options_t *options)
1188 {
1189 return directory_fetches_from_authorities(options);
1190 }
1191
1192 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1193 * on a very passive schedule -- waiting long enough for ordinary clients
1194 * to probably have the info we want. These would include bridge users,
1195 * and maybe others in the future e.g. if a Tor client uses another Tor
1196 * client as a directory guard.
1197 */
1198 int
1199 directory_fetches_dir_info_later(or_options_t *options)
1200 {
1201 return options->UseBridges != 0;
1202 }
1203
1204 /** Return 1 if we want to cache v2 dir info (each status file).
1205 */
1206 int
1207 directory_caches_v2_dir_info(or_options_t *options)
1208 {
1209 return options->DirPort != 0;
1210 }
1211
1212 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1213 * and we're willing to serve them to others. Else return 0.
1214 */
1215 int
1216 directory_caches_dir_info(or_options_t *options)
1217 {
1218 if (options->BridgeRelay || options->DirPort)
1219 return 1;
1220 if (!server_mode(options) || !advertised_server_mode())
1221 return 0;
1222 /* We need an up-to-date view of network info if we're going to try to
1223 * block exit attempts from unknown relays. */
1224 return ! router_my_exit_policy_is_reject_star() &&
1225 should_refuse_unknown_exits(options);
1226 }
1227
1228 /** Return 1 if we want to allow remote people to ask us directory
1229 * requests via the "begin_dir" interface, which doesn't require
1230 * having any separate port open. */
1231 int
1232 directory_permits_begindir_requests(or_options_t *options)
1233 {
1234 return options->BridgeRelay != 0 || options->DirPort != 0;
1235 }
1236
1237 /** Return 1 if we want to allow controllers to ask us directory
1238 * requests via the controller interface, which doesn't require
1239 * having any separate port open. */
1240 int
1241 directory_permits_controller_requests(or_options_t *options)
1242 {
1243 return options->DirPort != 0;
1244 }
1245
1246 /** Return 1 if we have no need to fetch new descriptors. This generally
1247 * happens when we're not a dir cache and we haven't built any circuits
1248 * lately.
1249 */
1250 int
1251 directory_too_idle_to_fetch_descriptors(or_options_t *options, time_t now)
1252 {
1253 return !directory_caches_dir_info(options) &&
1254 !options->FetchUselessDescriptors &&
1255 rep_hist_circbuilding_dormant(now);
1256 }
1257
1258 /********************************************************************/
1259
1260 /* Used only by non-v1-auth dirservers: The v1 directory and
1261 * runningrouters we'll serve when requested. */
1262
1263 /** The v1 directory we'll serve (as a cache or as an authority) if
1264 * requested. */
1265 static cached_dir_t *cached_directory = NULL;
1266 /** The v1 runningrouters document we'll serve (as a cache or as an authority)
1267 * if requested. */
1268 static cached_dir_t cached_runningrouters;
1269
1270 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1271 * cached_dir_t. */
1272 static digestmap_t *cached_v2_networkstatus = NULL;
1273
1274 /** Map from flavor name to the v3 consensuses that we're currently serving. */
1275 static strmap_t *cached_consensuses = NULL;
1276
1277 /** Possibly replace the contents of <b>d</b> with the value of
1278 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1279 * the last value, or too far in the future.
1280 *
1281 * Does not copy <b>directory</b>; frees it if it isn't used.
1282 */
1283 static void
1284 set_cached_dir(cached_dir_t *d, char *directory, time_t when)
1285 {
1286 time_t now = time(NULL);
1287 if (when<=d->published) {
1288 log_info(LD_DIRSERV, "Ignoring old directory; not caching.");
1289 tor_free(directory);
1290 } else if (when>=now+ROUTER_MAX_AGE_TO_PUBLISH) {
1291 log_info(LD_DIRSERV, "Ignoring future directory; not caching.");
1292 tor_free(directory);
1293 } else {
1294 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1295 log_debug(LD_DIRSERV, "Caching directory.");
1296 tor_free(d->dir);
1297 d->dir = directory;
1298 d->dir_len = strlen(directory);
1299 tor_free(d->dir_z);
1300 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1301 ZLIB_METHOD)) {
1302 log_warn(LD_BUG,"Error compressing cached directory");
1303 }
1304 d->published = when;
1305 }
1306 }
1307
1308 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1309 * any references. */
1310 void
1311 cached_dir_decref(cached_dir_t *d)
1312 {
1313 if (!d || --d->refcnt > 0)
1314 return;
1315 clear_cached_dir(d);
1316 tor_free(d);
1317 }
1318
1319 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1320 * published at <b>published</b>. */
1321 cached_dir_t *
1322 new_cached_dir(char *s, time_t published)
1323 {
1324 cached_dir_t *d = tor_malloc_zero(sizeof(cached_dir_t));
1325 d->refcnt = 1;
1326 d->dir = s;
1327 d->dir_len = strlen(s);
1328 d->published = published;
1329 if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
1330 ZLIB_METHOD)) {
1331 log_warn(LD_BUG, "Error compressing directory");
1332 }
1333 return d;
1334 }
1335
1336 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1337 static void
1338 clear_cached_dir(cached_dir_t *d)
1339 {
1340 tor_free(d->dir);
1341 tor_free(d->dir_z);
1342 memset(d, 0, sizeof(cached_dir_t));
1343 }
1344
1345 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1346 static void
1347 _free_cached_dir(void *_d)
1348 {
1349 cached_dir_t *d;
1350 if (!_d)
1351 return;
1352
1353 d = (cached_dir_t *)_d;
1354 cached_dir_decref(d);
1355 }
1356
1357 /** If we have no cached v1 directory, or it is older than <b>published</b>,
1358 * then replace it with <b>directory</b>, published at <b>published</b>.
1359 *
1360 * If <b>published</b> is too old, do nothing.
1361 *
1362 * If <b>is_running_routers</b>, this is really a v1 running_routers
1363 * document rather than a v1 directory.
1364 */
1365 void
1366 dirserv_set_cached_directory(const char *directory, time_t published,
1367 int is_running_routers)
1368 {
1369 time_t now = time(NULL);
1370
1371 if (is_running_routers) {
1372 if (published >= now - MAX_V1_RR_AGE)
1373 set_cached_dir(&cached_runningrouters, tor_strdup(directory), published);
1374 } else {
1375 if (published >= now - MAX_V1_DIRECTORY_AGE) {
1376 cached_dir_decref(cached_directory);
1377 cached_directory = new_cached_dir(tor_strdup(directory), published);
1378 }
1379 }
1380 }
1381
1382 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1383 * network-status for an authoritative directory with identity digest
1384 * <b>identity</b> published at <b>published</b> -- store it so we can
1385 * serve it to others.
1386 *
1387 * If <b>networkstatus</b> is NULL, remove the entry with the given
1388 * identity fingerprint from the v2 cache.
1389 */
1390 void
1391 dirserv_set_cached_networkstatus_v2(const char *networkstatus,
1392 const char *identity,
1393 time_t published)
1394 {
1395 cached_dir_t *d, *old_d;
1396 smartlist_t *trusted_dirs;
1397 if (!cached_v2_networkstatus)
1398 cached_v2_networkstatus = digestmap_new();
1399
1400 old_d = digestmap_get(cached_v2_networkstatus, identity);
1401 if (!old_d && !networkstatus)
1402 return;
1403
1404 if (networkstatus) {
1405 if (!old_d || published > old_d->published) {
1406 d = new_cached_dir(tor_strdup(networkstatus), published);
1407 digestmap_set(cached_v2_networkstatus, identity, d);
1408 if (old_d)
1409 cached_dir_decref(old_d);
1410 }
1411 } else {
1412 if (old_d) {
1413 digestmap_remove(cached_v2_networkstatus, identity);
1414 cached_dir_decref(old_d);
1415 }
1416 }
1417
1418 /* Now purge old entries. */
1419 trusted_dirs = router_get_trusted_dir_servers();
1420 if (digestmap_size(cached_v2_networkstatus) >
1421 smartlist_len(trusted_dirs) + MAX_UNTRUSTED_NETWORKSTATUSES) {
1422 /* We need to remove the oldest untrusted networkstatus. */
1423 const char *oldest = NULL;
1424 time_t oldest_published = TIME_MAX;
1425 digestmap_iter_t *iter;
1426
1427 for (iter = digestmap_iter_init(cached_v2_networkstatus);
1428 !digestmap_iter_done(iter);
1429 iter = digestmap_iter_next(cached_v2_networkstatus, iter)) {
1430 const char *ident;
1431 void *val;
1432 digestmap_iter_get(iter, &ident, &val);
1433 d = val;
1434 if (d->published < oldest_published &&
1435 !router_digest_is_trusted_dir(ident)) {
1436 oldest = ident;
1437 oldest_published = d->published;
1438 }
1439 }
1440 tor_assert(oldest);
1441 d = digestmap_remove(cached_v2_networkstatus, oldest);
1442 if (d)
1443 cached_dir_decref(d);
1444 }
1445 }
1446
1447 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1448 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1449 * validation is performed. */
1450 void
1451 dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
1452 const char *flavor_name,
1453 const digests_t *digests,
1454 time_t published)
1455 {
1456 cached_dir_t *new_networkstatus;
1457 cached_dir_t *old_networkstatus;
1458 if (!cached_consensuses)
1459 cached_consensuses = strmap_new();
1460
1461 new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
1462 memcpy(&new_networkstatus->digests, digests, sizeof(digests_t));
1463 old_networkstatus = strmap_set(cached_consensuses, flavor_name,
1464 new_networkstatus);
1465 if (old_networkstatus)
1466 cached_dir_decref(old_networkstatus);
1467 }
1468
1469 /** Remove any v2 networkstatus from the directory cache that was published
1470 * before <b>cutoff</b>. */
1471 void
1472 dirserv_clear_old_networkstatuses(time_t cutoff)
1473 {
1474 if (!cached_v2_networkstatus)
1475 return;
1476
1477 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus, id, cached_dir_t *, dir) {
1478 if (dir->published < cutoff) {
1479 char *fname;
1480 fname = networkstatus_get_cache_filename(id);
1481 if (file_status(fname) == FN_FILE) {
1482 log_info(LD_DIR, "Removing too-old untrusted networkstatus in %s",
1483 fname);
1484 unlink(fname);
1485 }
1486 tor_free(fname);
1487 cached_dir_decref(dir);
1488 MAP_DEL_CURRENT(id);
1489 }
1490 } DIGESTMAP_FOREACH_END
1491 }
1492
1493 /** Remove any v1 info from the directory cache that was published
1494 * too long ago. */
1495 void
1496 dirserv_clear_old_v1_info(time_t now)
1497 {
1498 if (cached_directory &&
1499 cached_directory->published < (now - MAX_V1_DIRECTORY_AGE)) {
1500 cached_dir_decref(cached_directory);
1501 cached_directory = NULL;
1502 }
1503 if (cached_runningrouters.published < (now - MAX_V1_RR_AGE)) {
1504 clear_cached_dir(&cached_runningrouters);
1505 }
1506 }
1507
1508 /** Helper: If we're an authority for the right directory version (v1 or v2)
1509 * (based on <b>auth_type</b>), try to regenerate
1510 * auth_src as appropriate and return it, falling back to cache_src on
1511 * failure. If we're a cache, simply return cache_src.
1512 */
1513 static cached_dir_t *
1514 dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
1515 cached_dir_t *auth_src,
1516 time_t dirty, cached_dir_t *(*regenerate)(void),
1517 const char *name,
1518 authority_type_t auth_type)
1519 {
1520 or_options_t *options = get_options();
1521 int authority = (auth_type == V1_AUTHORITY && authdir_mode_v1(options)) ||
1522 (auth_type == V2_AUTHORITY && authdir_mode_v2(options));
1523
1524 if (!authority || authdir_mode_bridge(options)) {
1525 return cache_src;
1526 } else {
1527 /* We're authoritative. */
1528 if (regenerate != NULL) {
1529 if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) {
1530 if (!(auth_src = regenerate())) {
1531 log_err(LD_BUG, "Couldn't generate %s?", name);
1532 exit(1);
1533 }
1534 } else {
1535 log_info(LD_DIRSERV, "The %s is still clean; reusing.", name);
1536 }
1537 }
1538 return auth_src ? auth_src : cache_src;
1539 }
1540 }
1541
1542 /** Return the most recently generated encoded signed v1 directory,
1543 * generating a new one as necessary. If not a v1 authoritative directory
1544 * may return NULL if no directory is yet cached. */
1545 cached_dir_t *
1546 dirserv_get_directory(void)
1547 {
1548 return dirserv_pick_cached_dir_obj(cached_directory, the_directory,
1549 the_directory_is_dirty,
1550 dirserv_regenerate_directory,
1551 "v1 server directory", V1_AUTHORITY);
1552 }
1553
1554 /** Only called by v1 auth dirservers.
1555 * Generate a fresh v1 directory; set the_directory and return a pointer
1556 * to the new value.
1557 */
1558 static cached_dir_t *
1559 dirserv_regenerate_directory(void)
1560 {
1561 char *new_directory=NULL;
1562
1563 if (dirserv_dump_directory_to_string(&new_directory,
1564 get_server_identity_key())) {
1565 log_warn(LD_BUG, "Error creating directory.");
1566 tor_free(new_directory);
1567 return NULL;
1568 }
1569 cached_dir_decref(the_directory);
1570 the_directory = new_cached_dir(new_directory, time(NULL));
1571 log_info(LD_DIRSERV,"New directory (size %d) has been built.",
1572 (int)the_directory->dir_len);
1573 log_debug(LD_DIRSERV,"New directory (size %d):\n%s",
1574 (int)the_directory->dir_len, the_directory->dir);
1575
1576 the_directory_is_dirty = 0;
1577
1578 /* Save the directory to disk so we re-load it quickly on startup.
1579 */
1580 dirserv_set_cached_directory(the_directory->dir, time(NULL), 0);
1581
1582 return the_directory;
1583 }
1584
1585 /** Only called by v1 auth dirservers.
1586 * Replace the current running-routers list with a newly generated one. */
1587 static cached_dir_t *
1588 generate_runningrouters(void)
1589 {
1590 char *s=NULL;
1591 char digest[DIGEST_LEN];
1592 char published[ISO_TIME_LEN+1];
1593 size_t len;
1594 crypto_pk_env_t *private_key = get_server_identity_key();
1595 char *identity_pkey; /* Identity key, DER64-encoded. */
1596 size_t identity_pkey_len;
1597
1598 if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
1599 &identity_pkey_len)<0) {
1600 log_warn(LD_BUG,"write identity_pkey to string failed!");
1601 goto err;
1602 }
1603 format_iso_time(published, time(NULL));
1604
1605 len = 2048;
1606 s = tor_malloc_zero(len);
1607 tor_snprintf(s, len,
1608 "network-status\n"
1609 "published %s\n"
1610 "router-status %s\n"
1611 "dir-signing-key\n%s"
1612 "directory-signature %s\n",
1613 published, "", identity_pkey,
1614 get_options()->Nickname);
1615 tor_free(identity_pkey);
1616 if (router_get_runningrouters_hash(s,digest)) {
1617 log_warn(LD_BUG,"couldn't compute digest");
1618 goto err;
1619 }
1620 note_crypto_pk_op(SIGN_DIR);
1621 if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN,
1622 private_key)<0)
1623 goto err;
1624
1625 set_cached_dir(&the_runningrouters, s, time(NULL));
1626 runningrouters_is_dirty = 0;
1627
1628 return &the_runningrouters;
1629 err:
1630 tor_free(s);
1631 return NULL;
1632 }
1633
1634 /** Set *<b>rr</b> to the most recently generated encoded signed
1635 * running-routers list, generating a new one as necessary. Return the
1636 * size of the directory on success, and 0 on failure. */
1637 cached_dir_t *
1638 dirserv_get_runningrouters(void)
1639 {
1640 return dirserv_pick_cached_dir_obj(
1641 &cached_runningrouters, &the_runningrouters,
1642 runningrouters_is_dirty,
1643 generate_runningrouters,
1644 "v1 network status list", V1_AUTHORITY);
1645 }
1646
1647 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1648 * optionally compressed format, suitable for sending to clients. */
1649 cached_dir_t *
1650 dirserv_get_consensus(const char *flavor_name)
1651 {
1652 if (!cached_consensuses)
1653 return NULL;
1654 return strmap_get(cached_consensuses, flavor_name);
1655 }
1656
1657 /** For authoritative directories: the current (v2) network status. */
1658 static cached_dir_t *the_v2_networkstatus = NULL;
1659
1660 /** Return true iff our opinion of the routers has been stale for long
1661 * enough that we should generate a new v2 network status doc. */
1662 static int
1663 should_generate_v2_networkstatus(void)
1664 {
1665 return authdir_mode_v2(get_options()) &&
1666 the_v2_networkstatus_is_dirty &&
1667 the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
1668 }
1669
1670 /** If a router's uptime is at least this value, then it is always
1671 * considered stable, regardless of the rest of the network. This
1672 * way we resist attacks where an attacker doubles the size of the
1673 * network using allegedly high-uptime nodes, displacing all the
1674 * current guards. */
1675 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1676 /** If a router's MTBF is at least this value, then it is always stable.
1677 * See above. (Corresponds to about 7 days for current decay rates.) */
1678 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1679 /** Similarly, we protect sufficiently fast nodes from being pushed
1680 * out of the set of Fast nodes. */
1681 #define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
1682 /** Similarly, every node with sufficient bandwidth can be considered
1683 * for Guard status. */
1684 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1685 /** Similarly, every node with at least this much weighted time known can be
1686 * considered familiar enough to be a guard. Corresponds to about 20 days for
1687 * current decay rates.
1688 */
1689 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1690 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1691 */
1692 #define WFU_TO_GUARANTEE_GUARD (0.98)
1693
1694 /* Thresholds for server performance: set by
1695 * dirserv_compute_performance_thresholds, and used by
1696 * generate_v2_networkstatus */
1697
1698 /** Any router with an uptime of at least this value is stable. */
1699 static uint32_t stable_uptime = 0; /* start at a safe value */
1700 /** Any router with an mtbf of at least this value is stable. */
1701 static double stable_mtbf = 0.0;
1702 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1703 * than stable_uptime. */
1704 static int enough_mtbf_info = 0;
1705 /** Any router with a weighted fractional uptime of at least this much might
1706 * be good as a guard. */
1707 static double guard_wfu = 0.0;
1708 /** Don't call a router a guard unless we've known about it for at least this
1709 * many seconds. */
1710 static long guard_tk = 0;
1711 /** Any router with a bandwidth at least this high is "Fast" */
1712 static uint32_t fast_bandwidth = 0;
1713 /** If exits can be guards, then all guards must have a bandwidth this
1714 * high. */
1715 static uint32_t guard_bandwidth_including_exits = 0;
1716 /** If exits can't be guards, then all guards must have a bandwidth this
1717 * high. */
1718 static uint32_t guard_bandwidth_excluding_exits = 0;
1719 /** Total bandwidth of all the routers we're considering. */
1720 static uint64_t total_bandwidth = 0;
1721 /** Total bandwidth of all the exit routers we're considering. */
1722 static uint64_t total_exit_bandwidth = 0;
1723
1724 /** Helper: estimate the uptime of a router given its stated uptime and the
1725 * amount of time since it last stated its stated uptime. */
1726 static INLINE long
1727 real_uptime(routerinfo_t *router, time_t now)
1728 {
1729 if (now < router->cache_info.published_on)
1730 return router->uptime;
1731 else
1732 return router->uptime + (now - router->cache_info.published_on);
1733 }
1734
1735 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1736 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1737 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1738 * bandwidth.
1739 */
1740 static int
1741 dirserv_thinks_router_is_unreliable(time_t now,
1742 routerinfo_t *router,
1743 int need_uptime, int need_capacity)
1744 {
1745 if (need_uptime) {
1746 if (!enough_mtbf_info) {
1747 /* XXX022 Once most authorities are on v3, we should change the rule from
1748 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1749 * v3 if we don't have enough mtbf data." */
1750 long uptime = real_uptime(router, now);
1751 if ((unsigned)uptime < stable_uptime &&
1752 (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
1753 return 1;
1754 } else {
1755 double mtbf =
1756 rep_hist_get_stability(router->cache_info.identity_digest, now);
1757 if (mtbf < stable_mtbf &&
1758 mtbf < MTBF_TO_GUARANTEE_STABLE)
1759 return 1;
1760 }
1761 }
1762 if (need_capacity) {
1763 uint32_t bw = router_get_advertised_bandwidth(router);
1764 if (bw < fast_bandwidth)
1765 return 1;
1766 }
1767 return 0;
1768 }
1769
1770 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1771 * Right now this means it advertises support for it, it has a high
1772 * uptime, it has a DirPort open, and it's currently considered Running.
1773 *
1774 * This function needs to be called after router-\>is_running has
1775 * been set.
1776 */
1777 static int
1778 dirserv_thinks_router_is_hs_dir(routerinfo_t *router, time_t now)
1779 {
1780
1781 long uptime;
1782
1783 /* If we haven't been running for at least
1784 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
1785 * have accurate data telling us a relay has been up for at least
1786 * that long. We also want to allow a bit of slack: Reachability
1787 * tests aren't instant. If we haven't been running long enough,
1788 * trust the relay. */
1789
1790 if (stats_n_seconds_working >
1791 get_options()->MinUptimeHidServDirectoryV2 * 1.1)
1792 uptime = MIN(rep_hist_get_uptime(router->cache_info.identity_digest, now),
1793 real_uptime(router, now));
1794 else
1795 uptime = real_uptime(router, now);
1796
1797 /* XXX We shouldn't need to check dir_port, but we do because of
1798 * bug 1693. In the future, once relays set wants_to_be_hs_dir
1799 * correctly, we can revert to only checking dir_port if router's
1800 * version is too old. */
1801 return (router->wants_to_be_hs_dir && router->dir_port &&
1802 uptime > get_options()->MinUptimeHidServDirectoryV2 &&
1803 router->is_running);
1804 }
1805
1806 /** Look through the routerlist, the Mean Time Between Failure history, and
1807 * the Weighted Fractional Uptime history, and use them to set thresholds for
1808 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1809 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1810 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1811 * total_bandwidth, and total_exit_bandwidth.
1812 *
1813 * Also, set the is_exit flag of each router appropriately. */
1814 static void
1815 dirserv_compute_performance_thresholds(routerlist_t *rl)
1816 {
1817 int n_active, n_active_nonexit, n_familiar;
1818 uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
1819 long *tks;
1820 double *mtbfs, *wfus;
1821 time_t now = time(NULL);
1822
1823 /* initialize these all here, in case there are no routers */
1824 stable_uptime = 0;
1825 stable_mtbf = 0;
1826 fast_bandwidth = 0;
1827 guard_bandwidth_including_exits = 0;
1828 guard_bandwidth_excluding_exits = 0;
1829 guard_tk = 0;
1830 guard_wfu = 0;
1831 total_bandwidth = 0;
1832 total_exit_bandwidth = 0;
1833
1834 /* Initialize arrays that will hold values for each router. We'll
1835 * sort them and use that to compute thresholds. */
1836 n_active = n_active_nonexit = 0;
1837 /* Uptime for every active router. */
1838 uptimes = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1839 /* Bandwidth for every active router. */
1840 bandwidths = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1841 /* Bandwidth for every active non-exit router. */
1842 bandwidths_excluding_exits =
1843 tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
1844 /* Weighted mean time between failure for each active router. */
1845 mtbfs = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1846 /* Time-known for each active router. */
1847 tks = tor_malloc(sizeof(long)*smartlist_len(rl->routers));
1848 /* Weighted fractional uptime for each active router. */
1849 wfus = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
1850
1851 /* Now, fill in the arrays. */
1852 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1853 if (router_is_active(ri, now)) {
1854 const char *id = ri->cache_info.identity_digest;
1855 uint32_t bw;
1856 ri->is_exit = (!router_exit_policy_rejects_all(ri) &&
1857 exit_policy_is_general_exit(ri->exit_policy));
1858 uptimes[n_active] = (uint32_t)real_uptime(ri, now);
1859 mtbfs[n_active] = rep_hist_get_stability(id, now);
1860 tks [n_active] = rep_hist_get_weighted_time_known(id, now);
1861 bandwidths[n_active] = bw = router_get_advertised_bandwidth(ri);
1862 total_bandwidth += bw;
1863 if (ri->is_exit && !ri->is_bad_exit) {
1864 total_exit_bandwidth += bw;
1865 } else {
1866 bandwidths_excluding_exits[n_active_nonexit] = bw;
1867 ++n_active_nonexit;
1868 }
1869 ++n_active;
1870 }
1871 });
1872
1873 /* Now, compute thresholds. */
1874 if (n_active) {
1875 /* The median uptime is stable. */
1876 stable_uptime = median_uint32(uptimes, n_active);
1877 /* The median mtbf is stable, if we have enough mtbf info */
1878 stable_mtbf = median_double(mtbfs, n_active);
1879 /* The 12.5th percentile bandwidth is fast. */
1880 fast_bandwidth = find_nth_uint32(bandwidths, n_active, n_active/8);
1881 /* (Now bandwidths is sorted.) */
1882 if (fast_bandwidth < ROUTER_REQUIRED_MIN_BANDWIDTH/2)
1883 fast_bandwidth = bandwidths[n_active/4];
1884 guard_bandwidth_including_exits = bandwidths[(n_active-1)/2];
1885 guard_tk = find_nth_long(tks, n_active, n_active/8);
1886 }
1887
1888 if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
1889 guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
1890
1891 if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
1892 fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
1893
1894 /* Now that we have a time-known that 7/8 routers are known longer than,
1895 * fill wfus with the wfu of every such "familiar" router. */
1896 n_familiar = 0;
1897 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
1898 if (router_is_active(ri, now)) {
1899 const char *id = ri->cache_info.identity_digest;
1900 long tk = rep_hist_get_weighted_time_known(id, now);
1901 if (tk < guard_tk)
1902 continue;
1903 wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
1904 }
1905 });
1906 if (n_familiar)
1907 guard_wfu = median_double(wfus, n_familiar);
1908 if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
1909 guard_wfu = WFU_TO_GUARANTEE_GUARD;
1910
1911 enough_mtbf_info = rep_hist_have_measured_enough_stability();
1912
1913 if (n_active_nonexit) {
1914 guard_bandwidth_excluding_exits =
1915 median_uint32(bandwidths_excluding_exits, n_active_nonexit);
1916 }
1917
1918 log(LOG_INFO, LD_DIRSERV,
1919 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1920 "For Fast: %lu bytes/sec. "
1921 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1922 "and bandwidth %lu or %lu bytes/sec. We%s have enough stability data.",
1923 (unsigned long)stable_uptime,
1924 (unsigned long)stable_mtbf,
1925 (unsigned long)fast_bandwidth,
1926 guard_wfu*100,
1927 (unsigned long)guard_tk,
1928 (unsigned long)guard_bandwidth_including_exits,
1929 (unsigned long)guard_bandwidth_excluding_exits,
1930 enough_mtbf_info ? "" : " don't ");
1931
1932 tor_free(uptimes);
1933 tor_free(mtbfs);
1934 tor_free(bandwidths);
1935 tor_free(bandwidths_excluding_exits);
1936 tor_free(tks);
1937 tor_free(wfus);
1938 }
1939
1940 /** Given a platform string as in a routerinfo_t (possibly null), return a
1941 * newly allocated version string for a networkstatus document, or NULL if the
1942 * platform doesn't give a Tor version. */
1943 static char *
1944 version_from_platform(const char *platform)
1945 {
1946 if (platform && !strcmpstart(platform, "Tor ")) {
1947 const char *eos = find_whitespace(platform+4);
1948 if (eos && !strcmpstart(eos, " (r")) {
1949 /* XXXX Unify this logic with the other version extraction
1950 * logic in routerparse.c. */
1951 eos = find_whitespace(eos+1);
1952 }
1953 if (eos) {
1954 return tor_strndup(platform, eos-platform);
1955 }
1956 }
1957 return NULL;
1958 }
1959
1960 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1961 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1962 * Use the same format as in network-status documents. If <b>version</b> is
1963 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1964 * failure.
1965 *
1966 * The format argument has three possible values:
1967 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1968 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1969 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1970 * consensus entry.
1971 * NS_V3_VOTE - Output a complete V3 NS vote
1972 * NS_CONTROL_PORT - Output a NS document for the control port
1973 */
1974 int
1975 routerstatus_format_entry(char *buf, size_t buf_len,
1976 routerstatus_t *rs, const char *version,
1977 routerstatus_format_type_t format)
1978 {
1979 int r;
1980 struct in_addr in;
1981 char *cp;
1982 char *summary;
1983
1984 char published[ISO_TIME_LEN+1];
1985 char ipaddr[INET_NTOA_BUF_LEN];
1986 char identity64[BASE64_DIGEST_LEN+1];
1987 char digest64[BASE64_DIGEST_LEN+1];
1988
1989 format_iso_time(published, rs->published_on);
1990 digest_to_base64(identity64, rs->identity_digest);
1991 digest_to_base64(digest64, rs->descriptor_digest);
1992 in.s_addr = htonl(rs->addr);
1993 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
1994
1995 r = tor_snprintf(buf, buf_len,
1996 "r %s %s %s%s%s %s %d %d\n",
1997 rs->nickname,
1998 identity64,
1999 (format==NS_V3_CONSENSUS_MICRODESC)?"":digest64,
2000 (format==NS_V3_CONSENSUS_MICRODESC)?"":" ",
2001 published,
2002 ipaddr,
2003 (int)rs->or_port,
2004 (int)rs->dir_port);
2005 if (r<0) {
2006 log_warn(LD_BUG, "Not enough space in buffer.");
2007 return -1;
2008 }
2009
2010 /* TODO: Maybe we want to pass in what we need to build the rest of
2011 * this here, instead of in the caller. Then we could use the
2012 * networkstatus_type_t values, with an additional control port value
2013 * added -MP */
2014 if (format == NS_V3_CONSENSUS || format == NS_V3_CONSENSUS_MICRODESC)
2015 return 0;
2016
2017 cp = buf + strlen(buf);
2018 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
2019 r = tor_snprintf(cp, buf_len - (cp-buf),
2020 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
2021 /* These must stay in alphabetical order. */
2022 rs->is_authority?" Authority":"",
2023 rs->is_bad_directory?" BadDirectory":"",
2024 rs->is_bad_exit?" BadExit":"",
2025 rs->is_exit?" Exit":"",
2026 rs->is_fast?" Fast":"",
2027 rs->is_possible_guard?" Guard":"",
2028 rs->is_hs_dir?" HSDir":"",
2029 rs->is_named?" Named":"",
2030 rs->is_running?" Running":"",
2031 rs->is_stable?" Stable":"",
2032 rs->is_unnamed?" Unnamed":"",
2033 rs->is_v2_dir?" V2Dir":"",
2034 rs->is_valid?" Valid":"");
2035 if (r<0) {
2036 log_warn(LD_BUG, "Not enough space in buffer.");
2037 return -1;
2038 }
2039 cp += strlen(cp);
2040
2041 /* length of "opt v \n" */
2042 #define V_LINE_OVERHEAD 7
2043 if (version && strlen(version) < MAX_V_LINE_LEN - V_LINE_OVERHEAD) {
2044 if (tor_snprintf(cp, buf_len - (cp-buf), "opt v %s\n", version)<0) {
2045 log_warn(LD_BUG, "Unable to print router version.");
2046 return -1;
2047 }
2048 cp += strlen(cp);
2049 }
2050
2051 if (format != NS_V2) {
2052 routerinfo_t* desc = router_get_by_digest(rs->identity_digest);
2053 uint32_t bw;
2054
2055 if (format != NS_CONTROL_PORT) {
2056 /* Blow up more or less nicely if we didn't get anything or not the
2057 * thing we expected.
2058 */
2059 if (!desc) {
2060 char id[HEX_DIGEST_LEN+1];
2061 char dd[HEX_DIGEST_LEN+1];
2062
2063 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2064 base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
2065 log_warn(LD_BUG, "Cannot get any descriptor for %s "
2066 "(wanted descriptor %s).",
2067 id, dd);
2068 return -1;
2069 };
2070
2071 /* This assert can fire for the control port, because
2072 * it can request NS documents before all descriptors
2073 * have been fetched. */
2074 if (memcmp(desc->cache_info.signed_descriptor_digest,
2075 rs->descriptor_digest,
2076 DIGEST_LEN)) {
2077 char rl_d[HEX_DIGEST_LEN+1];
2078 char rs_d[HEX_DIGEST_LEN+1];
2079 char id[HEX_DIGEST_LEN+1];
2080
2081 base16_encode(rl_d, sizeof(rl_d),
2082 desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
2083 base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
2084 base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
2085 log_err(LD_BUG, "descriptor digest in routerlist does not match "
2086 "the one in routerstatus: %s vs %s "
2087 "(router %s)\n",
2088 rl_d, rs_d, id);
2089
2090 tor_assert(!memcmp(desc->cache_info.signed_descriptor_digest,
2091 rs->descriptor_digest,
2092 DIGEST_LEN));
2093 };
2094 }
2095
2096 if (format == NS_CONTROL_PORT && rs->has_bandwidth) {
2097 bw = rs->bandwidth;
2098 } else {
2099 tor_assert(desc);
2100 bw = router_get_advertised_bandwidth_capped(desc) / 1000;
2101 }
2102 r = tor_snprintf(cp, buf_len - (cp-buf),
2103 "w Bandwidth=%d\n", bw);
2104
2105 if (r<0) {
2106 log_warn(LD_BUG, "Not enough space in buffer.");
2107 return -1;
2108 }
2109 cp += strlen(cp);
2110 if (format == NS_V3_VOTE && rs->has_measured_bw) {
2111 *--cp = '\0'; /* Kill "\n" */
2112 r = tor_snprintf(cp, buf_len - (cp-buf),
2113 " Measured=%d\n", rs->measured_bw);
2114 if (r<0) {
2115 log_warn(LD_BUG, "Not enough space in buffer for weight line.");
2116 return -1;
2117 }
2118 cp += strlen(cp);
2119 }
2120
2121 if (desc) {
2122 summary = policy_summarize(desc->exit_policy);
2123 r = tor_snprintf(cp, buf_len - (cp-buf), "p %s\n", summary);
2124 if (r<0) {
2125 log_warn(LD_BUG, "Not enough space in buffer.");
2126 tor_free(summary);
2127 return -1;
2128 }
2129 cp += strlen(cp);
2130 tor_free(summary);
2131 }
2132 }
2133
2134 return 0;
2135 }
2136
2137 /** Helper for sorting: compares two routerinfos first by address, and then by
2138 * descending order of "usefulness". (An authority is more useful than a
2139 * non-authority; a running router is more useful than a non-running router;
2140 * and a router with more bandwidth is more useful than one with less.)
2141 **/
2142 static int
2143 _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
2144 {
2145 routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
2146 int first_is_auth, second_is_auth;
2147 uint32_t bw_first, bw_second;
2148
2149 /* we return -1 if first should appear before second... that is,
2150 * if first is a better router. */
2151 if (first->addr < second->addr)
2152 return -1;
2153 else if (first->addr > second->addr)
2154 return 1;
2155
2156 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
2157 * reality, we will almost never get here, since addresses will usually be
2158 * different. */
2159
2160 first_is_auth =
2161 router_digest_is_trusted_dir(first->cache_info.identity_digest);
2162 second_is_auth =
2163 router_digest_is_trusted_dir(second->cache_info.identity_digest);
2164
2165 if (first_is_auth && !second_is_auth)
2166 return -1;
2167 else if (!first_is_auth && second_is_auth)
2168 return 1;
2169
2170 else if (first->is_running && !second->is_running)
2171 return -1;
2172 else if (!first->is_running && second->is_running)
2173 return 1;
2174
2175 bw_first = router_get_advertised_bandwidth(first);
2176 bw_second = router_get_advertised_bandwidth(second);
2177
2178 if (bw_first > bw_second)
2179 return -1;
2180 else if (bw_first < bw_second)
2181 return 1;
2182
2183 /* They're equal! Compare by identity digest, so there's a
2184 * deterministic order and we avoid flapping. */
2185 return memcmp(first->cache_info.identity_digest,
2186 second->cache_info.identity_digest,
2187 DIGEST_LEN);
2188 }
2189
2190 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2191 * whose keys are the identity digests of those routers that we're going to
2192 * exclude for Sybil-like appearance. */
2193 static digestmap_t *
2194 get_possible_sybil_list(const smartlist_t *routers)
2195 {
2196 or_options_t *options = get_options();
2197 digestmap_t *omit_as_sybil;
2198 smartlist_t *routers_by_ip = smartlist_create();
2199 uint32_t last_addr;
2200 int addr_count;
2201 /* Allow at most this number of Tor servers on a single IP address, ... */
2202 int max_with_same_addr = options->AuthDirMaxServersPerAddr;
2203 /* ... unless it's a directory authority, in which case allow more. */
2204 int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
2205 if (max_with_same_addr <= 0)
2206 max_with_same_addr = INT_MAX;
2207 if (max_with_same_addr_on_authority <= 0)
2208 max_with_same_addr_on_authority = INT_MAX;
2209
2210 smartlist_add_all(routers_by_ip, routers);
2211 smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
2212 omit_as_sybil = digestmap_new();
2213
2214 last_addr = 0;
2215 addr_count = 0;
2216 SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
2217 {
2218 if (last_addr != ri->addr) {
2219 last_addr = ri->addr;
2220 addr_count = 1;
2221 } else if (++addr_count > max_with_same_addr) {
2222 if (!router_addr_is_trusted_dir(ri->addr) ||
2223 addr_count > max_with_same_addr_on_authority)
2224 digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
2225 }
2226 });
2227
2228 smartlist_free(routers_by_ip);
2229 return omit_as_sybil;
2230 }
2231
2232 /** Extract status information from <b>ri</b> and from other authority
2233 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2234 * the named flag in <b>rs</b>.
2235 *
2236 * We assume that ri-\>is_running has already been set, e.g. by
2237 * dirserv_set_router_is_running(ri, now);
2238 */
2239 void
2240 set_routerstatus_from_routerinfo(routerstatus_t *rs,
2241 routerinfo_t *ri, time_t now,
2242 int naming, int listbadexits,
2243 int listbaddirs)
2244 {
2245 int unstable_version =
2246 !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
2247 memset(rs, 0, sizeof(routerstatus_t));
2248
2249 rs->is_authority =
2250 router_digest_is_trusted_dir(ri->cache_info.identity_digest);
2251
2252 /* Already set by compute_performance_thresholds. */
2253 rs->is_exit = ri->is_exit;
2254 rs->is_stable = ri->is_stable =
2255 router_is_active(ri, now) &&
2256 !dirserv_thinks_router_is_unreliable(now, ri, 1, 0) &&
2257 !unstable_version;
2258 rs->is_fast = ri->is_fast =
2259 router_is_active(ri, now) &&
2260 !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
2261 rs->is_running = ri->is_running; /* computed above */
2262
2263 if (naming) {
2264 uint32_t name_status = dirserv_get_name_status(
2265 ri->cache_info.identity_digest, ri->nickname);
2266 rs->is_named = (naming && (name_status & FP_NAMED)) ? 1 : 0;
2267 rs->is_unnamed = (naming && (name_status & FP_UNNAMED)) ? 1 : 0;
2268 }
2269 rs->is_valid = ri->is_valid;
2270
2271 if (rs->is_fast &&
2272 (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
2273 router_get_advertised_bandwidth(ri) >=
2274 MIN(guard_bandwidth_including_exits,
2275 guard_bandwidth_excluding_exits))) {
2276 long tk = rep_hist_get_weighted_time_known(
2277 ri->cache_info.identity_digest, now);
2278 double wfu = rep_hist_get_weighted_fractional_uptime(
2279 ri->cache_info.identity_digest, now);
2280 rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
2281 } else {
2282 rs->is_possible_guard = 0;
2283 }
2284 rs->is_bad_directory = listbaddirs && ri->is_bad_directory;
2285 rs->is_bad_exit = listbadexits && ri->is_bad_exit;
2286 ri->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, now);
2287 rs->is_hs_dir = ri->is_hs_dir;
2288 rs->is_v2_dir = ri->dir_port != 0;
2289
2290 if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME))
2291 rs->is_named = rs->is_unnamed = 0;
2292
2293 rs->published_on = ri->cache_info.published_on;
2294 memcpy(rs->identity_digest, ri->cache_info.identity_digest, DIGEST_LEN);
2295 memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
2296 DIGEST_LEN);
2297 rs->addr = ri->addr;
2298 strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
2299 rs->or_port = ri->or_port;
2300 rs->dir_port = ri->dir_port;
2301 }
2302
2303 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2304 * too narrow an IP-space. Clear out its flags: we don't want people
2305 * using it.
2306 */
2307 static void
2308 clear_status_flags_on_sybil(routerstatus_t *rs)
2309 {
2310 rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
2311 rs->is_running = rs->is_named = rs->is_valid = rs->is_v2_dir =
2312 rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit =
2313 rs->is_bad_directory = 0;
2314 /* FFFF we might want some mechanism to check later on if we
2315 * missed zeroing any flags: it's easy to add a new flag but
2316 * forget to add it to this clause. */
2317 }
2318
2319 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2320 * function here because it's eerily similar to
2321 * clear_status_flags_on_sybil() above. One day we should merge them. */
2322 void
2323 router_clear_status_flags(routerinfo_t *router)
2324 {
2325 router->is_valid = router->is_running = router->is_hs_dir =
2326 router->is_fast = router->is_stable =
2327 router->is_possible_guard = router->is_exit =
2328 router->is_bad_exit = router->is_bad_directory = 0;
2329 }
2330
2331 /**
2332 * Helper function to parse out a line in the measured bandwidth file
2333 * into a measured_bw_line_t output structure. Returns -1 on failure
2334 * or 0 on success.
2335 */
2336 int
2337 measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line)
2338 {
2339 char *line = tor_strdup(orig_line);
2340 char *cp = line;
2341 int got_bw = 0;
2342 int got_node_id = 0;
2343 char *strtok_state; /* lame sauce d'jour */
2344 cp = tor_strtok_r(cp, " \t", &strtok_state);
2345
2346 if (!cp) {
2347 log_warn(LD_DIRSERV, "Invalid line in bandwidth file: %s",
2348 escaped(orig_line));
2349 tor_free(line);
2350 return -1;
2351 }
2352
2353 if (orig_line[strlen(orig_line)-1] != '\n') {
2354 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2355 escaped(orig_line));
2356 tor_free(line);
2357 return -1;
2358 }
2359
2360 do {
2361 if (strcmpstart(cp, "bw=") == 0) {
2362 int parse_ok = 0;
2363 char *endptr;
2364 if (got_bw) {
2365 log_warn(LD_DIRSERV, "Double bw= in bandwidth file line: %s",
2366 escaped(orig_line));
2367 tor_free(line);
2368 return -1;
2369 }
2370 cp+=strlen("bw=");
2371
2372 out->bw = tor_parse_long(cp, 0, 0, LONG_MAX, &parse_ok, &endptr);
2373 if (!parse_ok || (*endptr && !TOR_ISSPACE(*endptr))) {
2374 log_warn(LD_DIRSERV, "Invalid bandwidth in bandwidth file line: %s",
2375 escaped(orig_line));
2376 tor_free(line);
2377 return -1;
2378 }
2379 got_bw=1;
2380 } else if (strcmpstart(cp, "node_id=$") == 0) {
2381 if (got_node_id) {
2382 log_warn(LD_DIRSERV, "Double node_id= in bandwidth file line: %s",
2383 escaped(orig_line));
2384 tor_free(line);
2385 return -1;
2386 }
2387 cp+=strlen("node_id=$");
2388
2389 if (strlen(cp) != HEX_DIGEST_LEN ||
2390 base16_decode(out->node_id, DIGEST_LEN, cp, HEX_DIGEST_LEN)) {
2391 log_warn(LD_DIRSERV, "Invalid node_id in bandwidth file line: %s",
2392 escaped(orig_line));
2393 tor_free(line);
2394 return -1;
2395 }
2396 strncpy(out->node_hex, cp, sizeof(out->node_hex));
2397 got_node_id=1;
2398 }
2399 } while ((cp = tor_strtok_r(NULL, " \t", &strtok_state)));
2400
2401 if (got_bw && got_node_id) {
2402 tor_free(line);
2403 return 0;
2404 } else {
2405 log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
2406 escaped(orig_line));
2407 tor_free(line);
2408 return -1;
2409 }
2410 }
2411
2412 /**
2413 * Helper function to apply a parsed measurement line to a list
2414 * of bandwidth statuses. Returns true if a line is found,
2415 * false otherwise.
2416 */
2417 int
2418 measured_bw_line_apply(measured_bw_line_t *parsed_line,
2419 smartlist_t *routerstatuses)
2420 {
2421 routerstatus_t *rs = NULL;
2422 if (!routerstatuses)
2423 return 0;
2424
2425 rs = smartlist_bsearch(routerstatuses, parsed_line->node_id,
2426 compare_digest_to_routerstatus_entry);
2427
2428 if (rs) {
2429 rs->has_measured_bw = 1;
2430 rs->measured_bw = (uint32_t)parsed_line->bw;
2431 } else {
2432 log_info(LD_DIRSERV, "Node ID %s not found in routerstatus list",
2433 parsed_line->node_hex);
2434 }
2435
2436 return rs != NULL;
2437 }
2438
2439 /**
2440 * Read the measured bandwidth file and apply it to the list of
2441 * routerstatuses. Returns -1 on error, 0 otherwise.
2442 */
2443 int
2444 dirserv_read_measured_bandwidths(const char *from_file,
2445 smartlist_t *routerstatuses)
2446 {
2447 char line[256];
2448 FILE *fp = fopen(from_file, "r");
2449 int applied_lines = 0;
2450 time_t file_time;
2451 int ok;
2452 if (fp == NULL) {
2453 log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
2454 from_file);
2455 return -1;
2456 }
2457
2458 if (!fgets(line, sizeof(line), fp)
2459 || !strlen(line) || line[strlen(line)-1] != '\n') {
2460 log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
2461 escaped(line));
2462 fclose(fp);
2463 return -1;
2464 }
2465
2466 line[strlen(line)-1] = '\0';
2467 file_time = tor_parse_ulong(line, 10, 0, ULONG_MAX, &ok, NULL);
2468 if (!ok) {
2469 log_warn(LD_DIRSERV, "Non-integer time in bandwidth file: %s",
2470 escaped(line));
2471 fclose(fp);
2472 return -1;
2473 }
2474
2475 if ((time(NULL) - file_time) > MAX_MEASUREMENT_AGE) {
2476 log_warn(LD_DIRSERV, "Bandwidth measurement file stale. Age: %u",
2477 (unsigned)(time(NULL) - file_time));
2478 fclose(fp);
2479 return -1;
2480 }
2481
2482 if (routerstatuses)
2483 smartlist_sort(routerstatuses, compare_routerstatus_entries);
2484
2485 while (!feof(fp)) {
2486 measured_bw_line_t parsed_line;
2487 if (fgets(line, sizeof(line), fp) && strlen(line)) {
2488 if (measured_bw_line_parse(&parsed_line, line) != -1) {
2489 if (measured_bw_line_apply(&parsed_line, routerstatuses) > 0)
2490 applied_lines++;
2491 }
2492 }
2493 }
2494
2495 fclose(fp);
2496 log_info(LD_DIRSERV,
2497 "Bandwidth measurement file successfully read. "
2498 "Applied %d measurements.", applied_lines);
2499 return 0;
2500 }
2501
2502 /** Return a new networkstatus_t* containing our current opinion. (For v3
2503 * authorities) */
2504 networkstatus_t *
2505 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
2506 authority_cert_t *cert)
2507 {
2508 or_options_t *options = get_options();
2509 networkstatus_t *v3_out = NULL;
2510 uint32_t addr;
2511 char *hostname = NULL, *client_versions = NULL, *server_versions = NULL;
2512 const char *contact;
2513 smartlist_t *routers, *routerstatuses;
2514 char identity_digest[DIGEST_LEN];
2515 char signing_key_digest[DIGEST_LEN];
2516 int naming = options->NamingAuthoritativeDir;
2517 int listbadexits = options->AuthDirListBadExits;
2518 int listbaddirs = options->AuthDirListBadDirs;
2519 routerlist_t *rl = router_get_routerlist();
2520 time_t now = time(NULL);
2521 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2522 networkstatus_voter_info_t *voter = NULL;
2523 vote_timing_t timing;
2524 digestmap_t *omit_as_sybil = NULL;
2525 const int vote_on_reachability = running_long_enough_to_decide_unreachable();
2526 smartlist_t *microdescriptors = NULL;
2527
2528 tor_assert(private_key);
2529 tor_assert(cert);
2530
2531 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2532 log_warn(LD_NET, "Couldn't resolve my hostname");
2533 return NULL;
2534 }
2535 if (!strchr(hostname, '.')) {
2536 tor_free(hostname);
2537 hostname = tor_dup_ip(addr);
2538 }
2539 if (crypto_pk_get_digest(private_key, signing_key_digest)<0) {
2540 log_err(LD_BUG, "Error computing signing key digest");
2541 return NULL;
2542 }
2543 if (crypto_pk_get_digest(cert->identity_key, identity_digest)<0) {
2544 log_err(LD_BUG, "Error computing identity key digest");
2545 return NULL;
2546 }
2547
2548 if (options->VersioningAuthoritativeDir) {
2549 client_versions = format_versions_list(options->RecommendedClientVersions);
2550 server_versions = format_versions_list(options->RecommendedServerVersions);
2551 }
2552
2553 contact = get_options()->ContactInfo;
2554 if (!contact)
2555 contact = "(none)";
2556
2557 /* precompute this part, since we need it to decide what "stable"
2558 * means. */
2559 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2560 dirserv_set_router_is_running(ri, now);
2561 });
2562
2563 dirserv_compute_performance_thresholds(rl);
2564
2565 routers = smartlist_create();
2566 smartlist_add_all(routers, rl->routers);
2567 routers_sort_by_identity(routers);
2568 omit_as_sybil = get_possible_sybil_list(routers);
2569
2570 routerstatuses = smartlist_create();
2571 microdescriptors = smartlist_create();
2572
2573 SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
2574 if (ri->cache_info.published_on >= cutoff) {
2575 routerstatus_t *rs;
2576 vote_routerstatus_t *vrs;
2577 microdesc_t *md;
2578
2579 vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
2580 rs = &vrs->status;
2581 set_routerstatus_from_routerinfo(rs, ri, now,
2582 naming, listbadexits, listbaddirs);
2583
2584 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2585 clear_status_flags_on_sybil(rs);
2586
2587 if (!vote_on_reachability)
2588 rs->is_running = 0;
2589
2590 vrs->version = version_from_platform(ri->platform);
2591 md = dirvote_create_microdescriptor(ri);
2592 if (md) {
2593 char buf[128];
2594 vote_microdesc_hash_t *h;
2595 dirvote_format_microdesc_vote_line(buf, sizeof(buf), md);
2596 h = tor_malloc(sizeof(vote_microdesc_hash_t));
2597 h->microdesc_hash_line = tor_strdup(buf);
2598 h->next = NULL;
2599 vrs->microdesc = h;
2600 md->last_listed = now;
2601 smartlist_add(microdescriptors, md);
2602 }
2603
2604 smartlist_add(routerstatuses, vrs);
2605 }
2606 } SMARTLIST_FOREACH_END(ri);
2607
2608 {
2609 smartlist_t *added =
2610 microdescs_add_list_to_cache(get_microdesc_cache(),
2611 microdescriptors, SAVED_NOWHERE, 0);
2612 smartlist_free(added);
2613 smartlist_free(microdescriptors);
2614 }
2615
2616 smartlist_free(routers);
2617 digestmap_free(omit_as_sybil, NULL);
2618
2619 if (options->V3BandwidthsFile) {
2620 dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
2621 routerstatuses);
2622 }
2623
2624 v3_out = tor_malloc_zero(sizeof(networkstatus_t));
2625
2626 v3_out->type = NS_TYPE_VOTE;
2627 dirvote_get_preferred_voting_intervals(&timing);
2628 v3_out->published = now;
2629 {
2630 char tbuf[ISO_TIME_LEN+1];
2631 networkstatus_t *current_consensus =
2632 networkstatus_get_live_consensus(now);
2633 long last_consensus_interval; /* only used to pick a valid_after */
2634 if (current_consensus)
2635 last_consensus_interval = current_consensus->fresh_until -
2636 current_consensus->valid_after;
2637 else
2638 last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
2639 v3_out->valid_after =
2640 dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
2641 format_iso_time(tbuf, v3_out->valid_after);
2642 log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
2643 "consensus_set=%d, last_interval=%d",
2644 tbuf, current_consensus?1:0, (int)last_consensus_interval);
2645 }
2646 v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
2647 v3_out->valid_until = v3_out->valid_after +
2648 (timing.vote_interval * timing.n_intervals_valid);
2649 v3_out->vote_seconds = timing.vote_delay;
2650 v3_out->dist_seconds = timing.dist_delay;
2651 tor_assert(v3_out->vote_seconds > 0);
2652 tor_assert(v3_out->dist_seconds > 0);
2653 tor_assert(timing.n_intervals_valid > 0);
2654
2655 v3_out->client_versions = client_versions;
2656 v3_out->server_versions = server_versions;
2657 v3_out->known_flags = smartlist_create();
2658 smartlist_split_string(v3_out->known_flags,
2659 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2660 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
2661 if (vote_on_reachability)
2662 smartlist_add(v3_out->known_flags, tor_strdup("Running"));
2663 if (listbaddirs)
2664 smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
2665 if (listbadexits)
2666 smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
2667 if (naming) {
2668 smartlist_add(v3_out->known_flags, tor_strdup("Named"));
2669 smartlist_add(v3_out->known_flags, tor_strdup("Unnamed"));
2670 }
2671 smartlist_sort_strings(v3_out->known_flags);
2672
2673 if (options->ConsensusParams) {
2674 v3_out->net_params = smartlist_create();
2675 smartlist_split_string(v3_out->net_params,
2676 options->ConsensusParams, NULL, 0, 0);
2677 smartlist_sort_strings(v3_out->net_params);
2678 }
2679
2680 voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
2681 voter->nickname = tor_strdup(options->Nickname);
2682 memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
2683 voter->sigs = smartlist_create();
2684 voter->address = hostname;
2685 voter->addr = addr;
2686 voter->dir_port = options->DirPort;
2687 voter->or_port = options->ORPort;
2688 voter->contact = tor_strdup(contact);
2689 if (options->V3AuthUseLegacyKey) {
2690 authority_cert_t *c = get_my_v3_legacy_cert();
2691 if (c) {
2692 crypto_pk_get_digest(c->identity_key, voter->legacy_id_digest);
2693 }
2694 }
2695
2696 v3_out->voters = smartlist_create();
2697 smartlist_add(v3_out->voters, voter);
2698 v3_out->cert = authority_cert_dup(cert);
2699 v3_out->routerstatus_list = routerstatuses;
2700 /* Note: networkstatus_digest is unset; it won't get set until we actually
2701 * format the vote. */
2702
2703 return v3_out;
2704 }
2705
2706 /** For v2 authoritative directories only: Replace the contents of
2707 * <b>the_v2_networkstatus</b> with a newly generated network status
2708 * object. */
2709 static cached_dir_t *
2710 generate_v2_networkstatus_opinion(void)
2711 {
2712 cached_dir_t *r = NULL;
2713 size_t len, identity_pkey_len;
2714 char *status = NULL, *client_versions = NULL, *server_versions = NULL,
2715 *identity_pkey = NULL, *hostname = NULL;
2716 char *outp, *endp;
2717 or_options_t *options = get_options();
2718 char fingerprint[FINGERPRINT_LEN+1];
2719 char ipaddr[INET_NTOA_BUF_LEN];
2720 char published[ISO_TIME_LEN+1];
2721 char digest[DIGEST_LEN];
2722 struct in_addr in;
2723 uint32_t addr;
2724 crypto_pk_env_t *private_key;
2725 routerlist_t *rl = router_get_routerlist();
2726 time_t now = time(NULL);
2727 time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2728 int naming = options->NamingAuthoritativeDir;
2729 int versioning = options->VersioningAuthoritativeDir;
2730 int listbaddirs = options->AuthDirListBadDirs;
2731 int listbadexits = options->AuthDirListBadExits;
2732 const char *contact;
2733 char *version_lines = NULL;
2734 smartlist_t *routers = NULL;
2735 digestmap_t *omit_as_sybil = NULL;
2736
2737 private_key = get_server_identity_key();
2738
2739 if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
2740 log_warn(LD_NET, "Couldn't resolve my hostname");
2741 goto done;
2742 }
2743 in.s_addr = htonl(addr);
2744 tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
2745
2746 format_iso_time(published, now);
2747
2748 client_versions = format_versions_list(options->RecommendedClientVersions);
2749 server_versions = format_versions_list(options->RecommendedServerVersions);
2750
2751 if (crypto_pk_write_public_key_to_string(private_key, &identity_pkey,
2752 &identity_pkey_len)<0) {
2753 log_warn(LD_BUG,"Writing public key to string failed.");
2754 goto done;
2755 }
2756
2757 if (crypto_pk_get_fingerprint(private_key, fingerprint, 0)<0) {
2758 log_err(LD_BUG, "Error computing fingerprint");
2759 goto done;
2760 }
2761
2762 contact = get_options()->ContactInfo;
2763 if (!contact)
2764 contact = "(none)";
2765
2766 if (versioning) {
2767 size_t v_len = 64+strlen(client_versions)+strlen(server_versions);
2768 version_lines = tor_malloc(v_len);
2769 tor_snprintf(version_lines, v_len,
2770 "client-versions %s\nserver-versions %s\n",
2771 client_versions, server_versions);
2772 } else {
2773 version_lines = tor_strdup("");
2774 }
2775
2776 len = 4096+strlen(client_versions)+strlen(server_versions);
2777 len += identity_pkey_len*2;
2778 len += (RS_ENTRY_LEN)*smartlist_len(rl->routers);
2779
2780 status = tor_malloc(len);
2781 tor_snprintf(status, len,
2782 "network-status-version 2\n"
2783 "dir-source %s %s %d\n"
2784 "fingerprint %s\n"
2785 "contact %s\n"
2786 "published %s\n"
2787 "dir-options%s%s%s%s\n"
2788 "%s" /* client version line, server version line. */
2789 "dir-signing-key\n%s",
2790 hostname, ipaddr, (int)options->DirPort,
2791 fingerprint,
2792 contact,
2793 published,
2794 naming ? " Names" : "",
2795 listbaddirs ? " BadDirectories" : "",
2796 listbadexits ? " BadExits" : "",
2797 versioning ? " Versions" : "",
2798 version_lines,
2799 identity_pkey);
2800 outp = status + strlen(status);
2801 endp = status + len;
2802
2803 /* precompute this part, since we need it to decide what "stable"
2804 * means. */
2805 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
2806 dirserv_set_router_is_running(ri, now);
2807 });
2808
2809 dirserv_compute_performance_thresholds(rl);
2810
2811 routers = smartlist_create();
2812 smartlist_add_all(routers, rl->routers);
2813 routers_sort_by_identity(routers);
2814
2815 omit_as_sybil = get_possible_sybil_list(routers);
2816
2817 SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
2818 if (ri->cache_info.published_on >= cutoff) {
2819 routerstatus_t rs;
2820 char *version = version_from_platform(ri->platform);
2821
2822 set_routerstatus_from_routerinfo(&rs, ri, now,
2823 naming, listbadexits, listbaddirs);
2824
2825 if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
2826 clear_status_flags_on_sybil(&rs);
2827
2828 if (routerstatus_format_entry(outp, endp-outp, &rs, version, NS_V2)) {
2829 log_warn(LD_BUG, "Unable to print router status.");
2830 tor_free(version);
2831 goto done;
2832 }
2833 tor_free(version);
2834 outp += strlen(outp);
2835 }
2836 });
2837
2838 if (tor_snprintf(outp, endp-outp, "directory-signature %s\n",
2839 get_options()->Nickname)<0) {
2840 log_warn(LD_BUG, "Unable to write signature line.");
2841 goto done;
2842 }
2843 if (router_get_networkstatus_v2_hash(status, digest)<0) {
2844 log_warn(LD_BUG, "Unable to hash network status");
2845 goto done;
2846 }
2847 outp += strlen(outp);
2848
2849 note_crypto_pk_op(SIGN_DIR);
2850 if (router_append_dirobj_signature(outp,endp-outp,digest,DIGEST_LEN,
2851 private_key)<0) {
2852 log_warn(LD_BUG, "Unable to sign router status.");
2853 goto done;
2854 }
2855
2856 {
2857 networkstatus_v2_t *ns;
2858 if (!(ns = networkstatus_v2_parse_from_string(status))) {
2859 log_err(LD_BUG,"Generated a networkstatus we couldn't parse.");
2860 goto done;
2861 }
2862 networkstatus_v2_free(ns);
2863 }
2864
2865 {
2866 cached_dir_t **ns_ptr = &the_v2_networkstatus;
2867 if (*ns_ptr)
2868 cached_dir_decref(*ns_ptr);
2869 *ns_ptr = new_cached_dir(status, now);
2870 status = NULL; /* So it doesn't get double-freed. */
2871 the_v2_networkstatus_is_dirty = 0;
2872 router_set_networkstatus_v2((*ns_ptr)->dir, now, NS_GENERATED, NULL);
2873 r = *ns_ptr;
2874 }
2875
2876 done:
2877 tor_free(client_versions);
2878 tor_free(server_versions);
2879 tor_free(version_lines);
2880 tor_free(status);
2881 tor_free(hostname);
2882 tor_free(identity_pkey);
2883 smartlist_free(routers);
2884 digestmap_free(omit_as_sybil, NULL);
2885 return r;
2886 }
2887
2888 /** Given the portion of a networkstatus request URL after "tor/status/" in
2889 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2890 * networkstatus objects that the client has requested. */
2891 void
2892 dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
2893 const char *key)
2894 {
2895 tor_assert(result);
2896
2897 if (!cached_v2_networkstatus)
2898 cached_v2_networkstatus = digestmap_new();
2899
2900 if (should_generate_v2_networkstatus())
2901 generate_v2_networkstatus_opinion();
2902
2903 if (!strcmp(key,"authority")) {
2904 if (authdir_mode_v2(get_options())) {
2905 routerinfo_t *me = router_get_my_routerinfo();
2906 if (me)
2907 smartlist_add(result,
2908 tor_memdup(me->cache_info.identity_digest, DIGEST_LEN));
2909 }
2910 } else if (!strcmp(key, "all")) {
2911 if (digestmap_size(cached_v2_networkstatus)) {
2912 digestmap_iter_t *iter;
2913 iter = digestmap_iter_init(cached_v2_networkstatus);
2914 while (!digestmap_iter_done(iter)) {
2915 const char *ident;
2916 void *val;
2917 digestmap_iter_get(iter, &ident, &val);
2918 smartlist_add(result, tor_memdup(ident, DIGEST_LEN));
2919 iter = digestmap_iter_next(cached_v2_networkstatus, iter);
2920 }
2921 } else {
2922 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2923 trusted_dir_server_t *, ds,
2924 if (ds->type & V2_AUTHORITY)
2925 smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
2926 }
2927 smartlist_sort_digests(result);
2928 if (smartlist_len(result) == 0)
2929 log_info(LD_DIRSERV,
2930 "Client requested 'all' network status objects; we have none.");
2931 } else if (!strcmpstart(key, "fp/")) {
2932 dir_split_resource_into_fingerprints(key+3, result, NULL,
2933 DSR_HEX|DSR_SORT_UNIQ);
2934 }
2935 }
2936
2937 /** Look for a network status object as specified by <b>key</b>, which should
2938 * be either "authority" (to find a network status generated by us), a hex
2939 * identity digest (to find a network status generated by given directory), or
2940 * "all" (to return all the v2 network status objects we have).
2941 */
2942 void
2943 dirserv_get_networkstatus_v2(smartlist_t *result,
2944 const char *key)
2945 {
2946 cached_dir_t *cached;
2947 smartlist_t *fingerprints = smartlist_create();
2948 tor_assert(result);
2949
2950 if (!cached_v2_networkstatus)
2951 cached_v2_networkstatus = digestmap_new();
2952
2953 dirserv_get_networkstatus_v2_fingerprints(fingerprints, key);
2954 SMARTLIST_FOREACH(fingerprints, const char *, fp,
2955 {
2956 if (router_digest_is_me(fp) && should_generate_v2_networkstatus())
2957 generate_v2_networkstatus_opinion();
2958 cached = digestmap_get(cached_v2_networkstatus, fp);
2959 if (cached) {
2960 smartlist_add(result, cached);
2961 } else {
2962 char hexbuf[HEX_DIGEST_LEN+1];
2963 base16_encode(hexbuf, sizeof(hexbuf), fp, DIGEST_LEN);
2964 log_info(LD_DIRSERV, "Don't know about any network status with "
2965 "fingerprint '%s'", hexbuf);
2966 }
2967 });
2968 SMARTLIST_FOREACH(fingerprints, char *, cp, tor_free(cp));
2969 smartlist_free(fingerprints);
2970 }
2971
2972 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2973 * pointers, adds copies of digests to fps_out, and doesn't use the
2974 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2975 * requests, adds identity digests.
2976 */
2977 int
2978 dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
2979 const char **msg, int for_unencrypted_conn,
2980 int is_extrainfo)
2981 {
2982 int by_id = 1;
2983 *msg = NULL;
2984
2985 if (!strcmp(key, "all")) {
2986 routerlist_t *rl = router_get_routerlist();
2987 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
2988 smartlist_add(fps_out,
2989 tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
2990 /* Treat "all" requests as if they were unencrypted */
2991 for_unencrypted_conn = 1;
2992 } else if (!strcmp(key, "authority")) {
2993 routerinfo_t *ri = router_get_my_routerinfo();
2994 if (ri)
2995 smartlist_add(fps_out,
2996 tor_memdup(ri->cache_info.identity_digest, DIGEST_LEN));
2997 } else if (!strcmpstart(key, "d/")) {
2998 by_id = 0;
2999 key += strlen("d/");
3000 dir_split_resource_into_fingerprints(key, fps_out, NULL,
3001 DSR_HEX|DSR_SORT_UNIQ);
3002 } else if (!strcmpstart(key, "fp/")) {
3003 key += strlen("fp/");
3004 dir_split_resource_into_fingerprints(key, fps_out, NULL,
3005 DSR_HEX|DSR_SORT_UNIQ);
3006 } else {
3007 *msg = "Key not recognized";
3008 return -1;
3009 }
3010
3011 if (for_unencrypted_conn) {
3012 /* Remove anything that insists it not be sent unencrypted. */
3013 SMARTLIST_FOREACH(fps_out, char *, cp, {
3014 signed_descriptor_t *sd;
3015 if (by_id)
3016 sd = get_signed_descriptor_by_fp(cp,is_extrainfo,0);
3017 else if (is_extrainfo)
3018 sd = extrainfo_get_by_descriptor_digest(cp);
3019 else
3020 sd = router_get_by_descriptor_digest(cp);
3021 if (sd && !sd->send_unencrypted) {
3022 tor_free(cp);
3023 SMARTLIST_DEL_CURRENT(fps_out, cp);
3024 }
3025 });
3026 }
3027
3028 if (!smartlist_len(fps_out)) {
3029 *msg = "Servers unavailable";
3030 return -1;
3031 }
3032 return 0;
3033 }
3034
3035 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3036 * <b>key</b>. The key should be either
3037 * - "/tor/server/authority" for our own routerinfo;
3038 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3039 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3040 * hex identity digests; or
3041 * - "/tor/server/d/D" where D is a plus-separated sequence
3042 * of server descriptor digests, in hex.
3043 *
3044 * Return 0 if we found some matching descriptors, or -1 if we do not
3045 * have any descriptors, no matching descriptors, or if we did not
3046 * recognize the key (URL).
3047 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3048 * message.
3049 *
3050 * XXXX rename this function. It's only called from the controller.
3051 * XXXX in fact, refactor this function, merging as much as possible.
3052 */
3053 int
3054 dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
3055 const char **msg)
3056 {
3057 *msg = NULL;
3058
3059 if (!strcmp(key, "/tor/server/all")) {
3060 routerlist_t *rl = router_get_routerlist();
3061 SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
3062 smartlist_add(descs_out, &(r->cache_info)));
3063 } else if (!strcmp(key, "/tor/server/authority")) {
3064 routerinfo_t *ri = router_get_my_routerinfo();
3065 if (ri)
3066 smartlist_add(descs_out, &(ri->cache_info));
3067 } else if (!strcmpstart(key, "/tor/server/d/")) {
3068 smartlist_t *digests = smartlist_create();
3069 key += strlen("/tor/server/d/");
3070 dir_split_resource_into_fingerprints(key, digests, NULL,
3071 DSR_HEX|DSR_SORT_UNIQ);
3072 SMARTLIST_FOREACH(digests, const char *, d,
3073 {
3074 signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
3075 if (sd)
3076 smartlist_add(descs_out,sd);
3077 });
3078 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3079 smartlist_free(digests);
3080 } else if (!strcmpstart(key, "/tor/server/fp/")) {
3081 smartlist_t *digests = smartlist_create();
3082 time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
3083 key += strlen("/tor/server/fp/");
3084 dir_split_resource_into_fingerprints(key, digests, NULL,
3085 DSR_HEX|DSR_SORT_UNIQ);
3086 SMARTLIST_FOREACH(digests, const char *, d,
3087 {
3088 if (router_digest_is_me(d)) {
3089 /* make sure desc_routerinfo exists */
3090 routerinfo_t *ri = router_get_my_routerinfo();
3091 if (ri)
3092 smartlist_add(descs_out, &(ri->cache_info));
3093 } else {
3094 routerinfo_t *ri = router_get_by_digest(d);
3095 /* Don't actually serve a descriptor that everyone will think is
3096 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3097 * Tors from downloading descriptors that they will throw away.
3098 */
3099 if (ri && ri->cache_info.published_on > cutoff)
3100 smartlist_add(descs_out, &(ri->cache_info));
3101 }
3102 });
3103 SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
3104 smartlist_free(digests);
3105 } else {
3106 *msg = "Key not recognized";
3107 return -1;
3108 }
3109
3110 if (!smartlist_len(descs_out)) {
3111 *msg = "Servers unavailable";
3112 return -1;
3113 }
3114 return 0;
3115 }
3116
3117 /** Called when a TLS handshake has completed successfully with a
3118 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3119 * a certificate with digest <b>digest_rcvd</b>.
3120 *
3121 * Also, if as_advertised is 1, then inform the reachability checker
3122 * that we could get to this guy.
3123 */
3124 void
3125 dirserv_orconn_tls_done(const char *address,
3126 uint16_t or_port,
3127 const char *digest_rcvd,
3128 int as_advertised)
3129 {
3130 routerlist_t *rl = router_get_routerlist();
3131 time_t now = time(NULL);
3132 int bridge_auth = authdir_mode_bridge(get_options());
3133 tor_assert(address);
3134 tor_assert(digest_rcvd);
3135
3136 /* XXX023 Doing a loop like this is stupid. We should just look up the
3137 * router by digest_rcvd, and see if address, orport, and as_advertised
3138 * match up. -NM */
3139 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, ri) {
3140 if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
3141 as_advertised &&
3142 !memcmp(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
3143 /* correct digest. mark this router reachable! */
3144 if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) {
3145 tor_addr_t addr, *addrp=NULL;
3146 log_info(LD_DIRSERV, "Found router %s to be reachable at %s:%d. Yay.",
3147 ri->nickname, address, ri->or_port );
3148 if (tor_addr_from_str(&addr, ri->address) != -1)
3149 addrp = &addr;
3150 else
3151 log_warn(LD_BUG, "Couldn't parse IP address \"%s\"", ri->address);
3152 rep_hist_note_router_reachable(digest_rcvd, addrp, or_port, now);
3153 ri->last_reachable = now;
3154 }
3155 }
3156 } SMARTLIST_FOREACH_END(ri);
3157 /* FFFF Maybe we should reinstate the code that dumps routers with the same
3158 * addr/port but with nonmatching keys, but instead of dumping, we should
3159 * skip testing. */
3160 }
3161
3162 /** Called when we, as an authority, receive a new router descriptor either as
3163 * an upload or a download. Used to decide whether to relaunch reachability
3164 * testing for the server. */
3165 int
3166 dirserv_should_launch_reachability_test(routerinfo_t *ri, routerinfo_t *ri_old)
3167 {
3168 if (!authdir_mode_handles_descs(get_options(), ri->purpose))
3169 return 0;
3170 if (!ri_old) {
3171 /* New router: Launch an immediate reachability test, so we will have an
3172 * opinion soon in case we're generating a consensus soon */
3173 return 1;
3174 }
3175 if (ri_old->is_hibernating && !ri->is_hibernating) {
3176 /* It just came out of hibernation; launch a reachability test */
3177 return 1;
3178 }
3179 if (! routers_have_same_or_addr(ri, ri_old)) {
3180 /* Address or port changed; launch a reachability test */
3181 return 1;
3182 }
3183 return 0;
3184 }
3185
3186 /** Helper function for dirserv_test_reachability(). Start a TLS
3187 * connection to <b>router</b>, and annotate it with when we started
3188 * the test. */
3189 void
3190 dirserv_single_reachability_test(time_t now, routerinfo_t *router)
3191 {
3192 tor_addr_t router_addr;
3193 log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
3194 router->nickname, router->address, router->or_port);
3195 /* Remember when we started trying to determine reachability */
3196 if (!router->testing_since)
3197 router->testing_since = now;
3198 tor_addr_from_ipv4h(&router_addr, router->addr);
3199 connection_or_connect(&router_addr, router->or_port,
3200 router->cache_info.identity_digest);
3201 }
3202
3203 /** Auth dir server only: load balance such that we only
3204 * try a few connections per call.
3205 *
3206 * The load balancing is such that if we get called once every ten
3207 * seconds, we will cycle through all the tests in 1280 seconds (a
3208 * bit over 20 minutes).
3209 */
3210 void
3211 dirserv_test_reachability(time_t now)
3212 {
3213 /* XXX decide what to do here; see or-talk thread "purging old router
3214 * information, revocation." -NM
3215 * We can't afford to mess with this in 0.1.2.x. The reason is that
3216 * if we stop doing reachability tests on some of routerlist, then
3217 * we'll for-sure think they're down, which may have unexpected
3218 * effects in other parts of the code. It doesn't hurt much to do
3219 * the testing, and directory authorities are easy to upgrade. Let's
3220 * wait til 0.2.0. -RD */
3221 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3222 routerlist_t *rl = router_get_routerlist();
3223 static char ctr = 0;
3224 int bridge_auth = authdir_mode_bridge(get_options());
3225
3226 SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, router) {
3227 const char *id_digest = router->cache_info.identity_digest;
3228 if (router_is_me(router))
3229 continue;
3230 if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
3231 continue; /* bridge authorities only test reachability on bridges */
3232 // if (router->cache_info.published_on > cutoff)
3233 // continue;
3234 if ((((uint8_t)id_digest[0]) % 128) == ctr) {
3235 dirserv_single_reachability_test(now, router);
3236 }
3237 } SMARTLIST_FOREACH_END(router);
3238 ctr = (ctr + 1) % 128; /* increment ctr */
3239 }
3240
3241 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3242 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3243 * flavor name if we want a flavored v3 status, return a pointer to the
3244 * appropriate cached dir object, or NULL if there isn't one available. */
3245 static cached_dir_t *
3246 lookup_cached_dir_by_fp(const char *fp)
3247 {
3248 cached_dir_t *d = NULL;
3249 if (tor_digest_is_zero(fp) && cached_consensuses)
3250 d = strmap_get(cached_consensuses, "ns");
3251 else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses &&
3252 (d = strmap_get(cached_consensuses, fp))) {
3253 /* this here interface is a nasty hack XXXX022 */;
3254 } else if (router_digest_is_me(fp) && the_v2_networkstatus)
3255 d = the_v2_networkstatus;
3256 else if (cached_v2_networkstatus)
3257 d = digestmap_get(cached_v2_networkstatus, fp);
3258 return d;
3259 }
3260
3261 /** Remove from <b>fps</b> every networkstatus key where both
3262 * a) we have a networkstatus document and
3263 * b) it is not newer than <b>cutoff</b>.
3264 *
3265 * Return 1 if any items were present at all; else return 0.
3266 */
3267 int
3268 dirserv_remove_old_statuses(smartlist_t *fps, time_t cutoff)
3269 {
3270 int found_any = 0;
3271 SMARTLIST_FOREACH(fps, char *, digest,
3272 {
3273 cached_dir_t *d = lookup_cached_dir_by_fp(digest);
3274 if (!d)
3275 continue;
3276 found_any = 1;
3277 if (d->published <= cutoff) {
3278 tor_free(digest);
3279 SMARTLIST_DEL_CURRENT(fps, digest);
3280 }
3281 });
3282
3283 return found_any;
3284 }
3285
3286 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3287 * its extra-info document if <b>extrainfo</b> is true. Return
3288 * NULL if not found or if the descriptor is older than
3289 * <b>publish_cutoff</b>. */
3290 static signed_descriptor_t *
3291 get_signed_descriptor_by_fp(const char *fp, int extrainfo,
3292 time_t publish_cutoff)
3293 {
3294 if (router_digest_is_me(fp)) {
3295 if (extrainfo)
3296 return &(router_get_my_extrainfo()->cache_info);
3297 else
3298 return &(router_get_my_routerinfo()->cache_info);
3299 } else {
3300 routerinfo_t *ri = router_get_by_digest(fp);
3301 if (ri &&
3302 ri->cache_info.published_on > publish_cutoff) {
3303 if (extrainfo)
3304 return extrainfo_get_by_descriptor_digest(
3305 ri->cache_info.extra_info_digest);
3306 else
3307 return &ri->cache_info;
3308 }
3309 }
3310 return NULL;
3311 }
3312
3313 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3314 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3315 * decide whether to send a 404. */
3316 int
3317 dirserv_have_any_serverdesc(smartlist_t *fps, int spool_src)
3318 {
3319 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3320 SMARTLIST_FOREACH(fps, const char *, fp, {
3321 switch (spool_src)
3322 {
3323 case DIR_SPOOL_EXTRA_BY_DIGEST:
3324 if (extrainfo_get_by_descriptor_digest(fp)) return 1;
3325 break;
3326 case DIR_SPOOL_SERVER_BY_DIGEST:
3327 if (router_get_by_descriptor_digest(fp)) return 1;
3328 break;
3329 case DIR_SPOOL_EXTRA_BY_FP:
3330 case DIR_SPOOL_SERVER_BY_FP:
3331 if (get_signed_descriptor_by_fp(fp,
3332 spool_src == DIR_SPOOL_EXTRA_BY_FP, publish_cutoff))
3333 return 1;
3334 break;
3335 }
3336 });
3337 return 0;
3338 }
3339
3340 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3341 * a microdescriptor we have. */
3342 int
3343 dirserv_have_any_microdesc(const smartlist_t *fps)
3344 {
3345 microdesc_cache_t *cache = get_microdesc_cache();
3346 SMARTLIST_FOREACH(fps, const char *, fp,
3347 if (microdesc_cache_lookup_by_digest256(cache, fp))
3348 return 1);
3349 return 0;
3350 }
3351
3352 /** Return an approximate estimate of the number of bytes that will
3353 * be needed to transmit the server descriptors (if is_serverdescs --
3354 * they can be either d/ or fp/ queries) or networkstatus objects (if
3355 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3356 * we guess how large the data will be after compression.
3357 *
3358 * The return value is an estimate; it might be larger or smaller.
3359 **/
3360 size_t
3361 dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
3362 int compressed)
3363 {
3364 size_t result;
3365 tor_assert(fps);
3366 if (is_serverdescs) {
3367 int n = smartlist_len(fps);
3368 routerinfo_t *me = router_get_my_routerinfo();
3369 result = (me?me->cache_info.signed_descriptor_len:2048) * n;
3370 if (compressed)
3371 result /= 2; /* observed compressibility is between 35 and 55%. */
3372 } else {
3373 result = 0;
3374 SMARTLIST_FOREACH(fps, const char *, digest, {
3375 cached_dir_t *dir = lookup_cached_dir_by_fp(digest);
3376 if (dir)
3377 result += compressed ? dir->dir_z_len : dir->dir_len;
3378 });
3379 }
3380 return result;
3381 }
3382
3383 /** Given a list of microdescriptor hashes, guess how many bytes will be
3384 * needed to transmit them, and return the guess. */
3385 size_t
3386 dirserv_estimate_microdesc_size(const smartlist_t *fps, int compressed)
3387 {
3388 size_t result = smartlist_len(fps) * microdesc_average_size(NULL);
3389 if (compressed)
3390 result /= 2;
3391 return result;
3392 }
3393
3394 /** When we're spooling data onto our outbuf, add more whenever we dip
3395 * below this threshold. */
3396 #define DIRSERV_BUFFER_MIN 16384
3397
3398 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3399 * Flushes any remaining data to be (un)compressed, and changes the spool
3400 * source to NONE. Returns 0 on success, negative on failure. */
3401 static int
3402 connection_dirserv_finish_spooling(dir_connection_t *conn)
3403 {
3404 if (conn->zlib_state) {
3405 connection_write_to_buf_zlib("", 0, conn, 1);
3406 tor_zlib_free(conn->zlib_state);
3407 conn->zlib_state = NULL;
3408 }
3409 conn->dir_spool_src = DIR_SPOOL_NONE;
3410 return 0;
3411 }
3412
3413 /** Spooling helper: called when we're sending a bunch of server descriptors,
3414 * and the outbuf has become too empty. Pulls some entries from
3415 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3416 * run out of entries, flushes the zlib state and sets the spool source to
3417 * NONE. Returns 0 on success, negative on failure.
3418 */
3419 static int
3420 connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
3421 {
3422 #ifdef TRACK_SERVED_TIME
3423 time_t now = time(NULL);
3424 #endif
3425 int by_fp = (conn->dir_spool_src == DIR_SPOOL_SERVER_BY_FP ||
3426 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP);
3427 int extra = (conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_FP ||
3428 conn->dir_spool_src == DIR_SPOOL_EXTRA_BY_DIGEST);
3429 time_t publish_cutoff = time(NULL)-ROUTER_MAX_AGE_TO_PUBLISH;
3430
3431 while (smartlist_len(conn->fingerprint_stack) &&
3432 buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3433 const char *body;
3434 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3435 signed_descriptor_t *sd = NULL;
3436 if (by_fp) {
3437 sd = get_signed_descriptor_by_fp(fp, extra, publish_cutoff);
3438 } else {
3439 sd = extra ? extrainfo_get_by_descriptor_digest(fp)
3440 : router_get_by_descriptor_digest(fp);
3441 }
3442 tor_free(fp);
3443 if (!sd)
3444 continue;
3445 if (!connection_dir_is_encrypted(conn) && !sd->send_unencrypted) {
3446 /* we did this check once before (so we could have an accurate size
3447 * estimate and maybe send a 404 if somebody asked for only bridges on a
3448 * connection), but we need to do it again in case a previously
3449 * unknown bridge descriptor has shown up between then and now. */
3450 continue;
3451 }
3452 #ifdef TRACK_SERVED_TIME
3453 sd->last_served_at = now;
3454 #endif
3455 body = signed_descriptor_get_body(sd);
3456 if (conn->zlib_state) {
3457 /* XXXX022 This 'last' business should actually happen on the last
3458 * routerinfo, not on the last fingerprint. */
3459 int last = ! smartlist_len(conn->fingerprint_stack);
3460 connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
3461 last);
3462 if (last) {
3463 tor_zlib_free(conn->zlib_state);
3464 conn->zlib_state = NULL;
3465 }
3466 } else {
3467 connection_write_to_buf(body,
3468 sd->signed_descriptor_len,
3469 TO_CONN(conn));
3470 }
3471 }
3472
3473 if (!smartlist_len(conn->fingerprint_stack)) {
3474 /* We just wrote the last one; finish up. */
3475 conn->dir_spool_src = DIR_SPOOL_NONE;
3476 smartlist_free(conn->fingerprint_stack);
3477 conn->fingerprint_stack = NULL;
3478 }
3479 return 0;
3480 }
3481
3482 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3483 * and the outbuf has become too empty. Pulls some entries from
3484 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3485 * we run out of entries, flushes the zlib state and sets the spool source to
3486 * NONE. Returns 0 on success, negative on failure.
3487 */
3488 static int
3489 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t *conn)
3490 {
3491 microdesc_cache_t *cache = get_microdesc_cache();
3492 while (smartlist_len(conn->fingerprint_stack) &&
3493 buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3494 char *fp256 = smartlist_pop_last(conn->fingerprint_stack);
3495 microdesc_t *md = microdesc_cache_lookup_by_digest256(cache, fp256);
3496 tor_free(fp256);
3497 if (!md)
3498 continue;
3499 if (conn->zlib_state) {
3500 /* XXXX022 This 'last' business should actually happen on the last
3501 * routerinfo, not on the last fingerprint. */
3502 int last = !smartlist_len(conn->fingerprint_stack);
3503 connection_write_to_buf_zlib(md->body, md->bodylen, conn, last);
3504 if (last) {
3505 tor_zlib_free(conn->zlib_state);
3506 conn->zlib_state = NULL;
3507 }
3508 } else {
3509 connection_write_to_buf(md->body, md->bodylen, TO_CONN(conn));
3510 }
3511 }
3512 if (!smartlist_len(conn->fingerprint_stack)) {
3513 conn->dir_spool_src = DIR_SPOOL_NONE;
3514 smartlist_free(conn->fingerprint_stack);
3515 conn->fingerprint_stack = NULL;
3516 }
3517 return 0;
3518 }
3519
3520 /** Spooling helper: Called when we're sending a directory or networkstatus,
3521 * and the outbuf has become too empty. Pulls some bytes from
3522 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3523 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3524 * and sets the spool source to NONE. Returns 0 on success, negative on
3525 * failure. */
3526 static int
3527 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t *conn)
3528 {
3529 ssize_t bytes;
3530 int64_t remaining;
3531
3532 bytes = DIRSERV_BUFFER_MIN - buf_datalen(conn->_base.outbuf);
3533 tor_assert(bytes > 0);
3534 tor_assert(conn->cached_dir);
3535 if (bytes < 8192)
3536 bytes = 8192;
3537 remaining = conn->cached_dir->dir_z_len - conn->cached_dir_offset;
3538 if (bytes > remaining)
3539 bytes = (ssize_t) remaining;
3540
3541 if (conn->zlib_state) {
3542 connection_write_to_buf_zlib(
3543 conn->cached_dir->dir_z + conn->cached_dir_offset,
3544 bytes, conn, bytes == remaining);
3545 } else {
3546 connection_write_to_buf(conn->cached_dir->dir_z + conn->cached_dir_offset,
3547 bytes, TO_CONN(conn));
3548 }
3549 conn->cached_dir_offset += bytes;
3550 if (conn->cached_dir_offset == (int)conn->cached_dir->dir_z_len) {
3551 /* We just wrote the last one; finish up. */
3552 connection_dirserv_finish_spooling(conn);
3553 cached_dir_decref(conn->cached_dir);
3554 conn->cached_dir = NULL;
3555 }
3556 return 0;
3557 }
3558
3559 /** Spooling helper: Called when we're spooling networkstatus objects on
3560 * <b>conn</b>, and the outbuf has become too empty. If the current
3561 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3562 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3563 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3564 * treated as a request for the current consensus.) If we run out of entries,
3565 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3566 * success, negative on failure. */
3567 static int
3568 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
3569 {
3570
3571 while (buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
3572 if (conn->cached_dir) {
3573 int uncompressing = (conn->zlib_state != NULL);
3574 int r = connection_dirserv_add_dir_bytes_to_outbuf(conn);
3575 if (conn->dir_spool_src == DIR_SPOOL_NONE) {
3576 /* add_dir_bytes thinks we're done with the cached_dir. But we
3577 * may have more cached_dirs! */
3578 conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
3579 /* This bit is tricky. If we were uncompressing the last
3580 * networkstatus, we may need to make a new zlib object to
3581 * uncompress the next one. */
3582 if (uncompressing && ! conn->zlib_state &&
3583 conn->fingerprint_stack &&
3584 smartlist_len(conn->fingerprint_stack)) {
3585 conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
3586 }
3587 }
3588 if (r) return r;
3589 } else if (conn->fingerprint_stack &&
3590 smartlist_len(conn->fingerprint_stack)) {
3591 /* Add another networkstatus; start serving it. */
3592 char *fp = smartlist_pop_last(conn->fingerprint_stack);
3593 cached_dir_t *d = lookup_cached_dir_by_fp(fp);
3594 tor_free(fp);
3595 if (d) {
3596 ++d->refcnt;
3597 conn->cached_dir = d;
3598 conn->cached_dir_offset = 0;
3599 }
3600 } else {
3601 connection_dirserv_finish_spooling(conn);
3602 smartlist_free(conn->fingerprint_stack);
3603 conn->fingerprint_stack = NULL;
3604 return 0;
3605 }
3606 }
3607 return 0;
3608 }
3609
3610 /** Called whenever we have flushed some directory data in state
3611 * SERVER_WRITING. */
3612 int
3613 connection_dirserv_flushed_some(dir_connection_t *conn)
3614 {
3615 tor_assert(conn->_base.state == DIR_CONN_STATE_SERVER_WRITING);
3616
3617 if (buf_datalen(conn->_base.outbuf) >= DIRSERV_BUFFER_MIN)
3618 return 0;
3619
3620 switch (conn->dir_spool_src) {
3621 case DIR_SPOOL_EXTRA_BY_DIGEST:
3622 case DIR_SPOOL_EXTRA_BY_FP:
3623 case DIR_SPOOL_SERVER_BY_DIGEST:
3624 case DIR_SPOOL_SERVER_BY_FP:
3625 return connection_dirserv_add_servers_to_outbuf(conn);
3626 case DIR_SPOOL_MICRODESC:
3627 return connection_dirserv_add_microdescs_to_outbuf(conn);
3628 case DIR_SPOOL_CACHED_DIR:
3629 return connection_dirserv_add_dir_bytes_to_outbuf(conn);
3630 case DIR_SPOOL_NETWORKSTATUS:
3631 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn);
3632 case DIR_SPOOL_NONE:
3633 default:
3634 return 0;
3635 }
3636 }
3637
3638 /** Release all storage used by the directory server. */
3639 void
3640 dirserv_free_all(void)
3641 {
3642 dirserv_free_fingerprint_list();
3643
3644 cached_dir_decref(the_directory);
3645 clear_cached_dir(&the_runningrouters);
3646 cached_dir_decref(the_v2_networkstatus);
3647 cached_dir_decref(cached_directory);
3648 clear_cached_dir(&cached_runningrouters);
3649
3650 digestmap_free(cached_v2_networkstatus, _free_cached_dir);
3651 cached_v2_networkstatus = NULL;
3652 strmap_free(cached_consensuses, _free_cached_dir);
3653 cached_consensuses = NULL;
3654 }
3655
The Onion Router