1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2008, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
11 * \brief Directory server core implementation. Manages directory
12 * contents and generates directories.
15 /** How far in the future do we allow a router to get? (seconds) */
16 #define ROUTER_ALLOW_SKEW (60*60*12)
17 /** How many seconds do we wait before regenerating the directory? */
18 #define DIR_REGEN_SLACK_TIME 30
19 /** If we're a cache, keep this many networkstatuses around from non-trusted
20 * directory authorities. */
21 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
23 /** If a v1 directory is older than this, discard it. */
24 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
25 /** If a v1 running-routers is older than this, discard it. */
26 #define MAX_V1_RR_AGE (7*24*60*60)
28 extern time_t time_of_process_start
; /* from main.c */
30 /** Do we need to regenerate the v1 directory when someone asks for it? */
31 static time_t the_directory_is_dirty
= 1;
32 /** Do we need to regenerate the v1 runningrouters document when somebody
34 static time_t runningrouters_is_dirty
= 1;
35 /** Do we need to regenerate our v2 networkstatus document when somebody asks
37 static time_t the_v2_networkstatus_is_dirty
= 1;
39 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
41 static cached_dir_t
*the_directory
= NULL
;
43 /** For authoritative directories: the current (v1) network status. */
44 static cached_dir_t the_runningrouters
= { NULL
, NULL
, 0, 0, 0, -1 };
46 static void directory_remove_invalid(void);
47 static cached_dir_t
*dirserv_regenerate_directory(void);
48 static char *format_versions_list(config_line_t
*ln
);
49 struct authdir_config_t
;
50 static int add_fingerprint_to_dir(const char *nickname
, const char *fp
,
51 struct authdir_config_t
*list
);
52 static uint32_t dirserv_router_get_status(const routerinfo_t
*router
,
55 dirserv_get_status_impl(const char *fp
, const char *nickname
,
57 uint32_t addr
, uint16_t or_port
,
58 const char *platform
, const char *contact
,
59 const char **msg
, int should_log
);
60 static void clear_cached_dir(cached_dir_t
*d
);
61 static signed_descriptor_t
*get_signed_descriptor_by_fp(const char *fp
,
63 time_t publish_cutoff
);
64 static int dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
);
66 /************** Fingerprint handling code ************/
68 #define FP_NAMED 1 /**< Listed in fingerprint file. */
69 #define FP_INVALID 2 /**< Believed invalid. */
70 #define FP_REJECT 4 /**< We will not publish this router. */
71 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
72 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
73 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
75 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
77 typedef struct router_status_t
{
78 char nickname
[MAX_NICKNAME_LEN
+1];
82 /** List of nickname-\>identity fingerprint mappings for all the routers
83 * that we name. Used to prevent router impersonation. */
84 typedef struct authdir_config_t
{
85 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
86 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
89 /** Should be static; exposed for testing. */
90 static authdir_config_t
*fingerprint_list
= NULL
;
92 /** Allocate and return a new, empty, authdir_config_t. */
93 static authdir_config_t
*
94 authdir_config_new(void)
96 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
97 list
->fp_by_name
= strmap_new();
98 list
->status_by_digest
= digestmap_new();
102 /** Add the fingerprint <b>fp</b> for the nickname <b>nickname</b> to
103 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
104 * new, or 1 if we replaced the old value.
107 add_fingerprint_to_dir(const char *nickname
, const char *fp
,
108 authdir_config_t
*list
)
112 router_status_t
*status
;
113 tor_assert(nickname
);
117 fingerprint
= tor_strdup(fp
);
118 tor_strstrip(fingerprint
, " ");
119 if (base16_decode(d
, DIGEST_LEN
, fingerprint
, strlen(fingerprint
))) {
120 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
122 tor_free(fingerprint
);
126 if (!strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
127 log_warn(LD_DIRSERV
, "Tried to add a mapping for reserved nickname %s",
128 UNNAMED_ROUTER_NICKNAME
);
129 tor_free(fingerprint
);
133 status
= digestmap_get(list
->status_by_digest
, d
);
135 status
= tor_malloc_zero(sizeof(router_status_t
));
136 digestmap_set(list
->status_by_digest
, d
, status
);
139 if (nickname
[0] != '!') {
140 char *old_fp
= strmap_get_lc(list
->fp_by_name
, nickname
);
141 if (old_fp
&& !strcasecmp(fingerprint
, old_fp
)) {
142 tor_free(fingerprint
);
145 strmap_set_lc(list
->fp_by_name
, nickname
, fingerprint
);
147 status
->status
|= FP_NAMED
;
148 strlcpy(status
->nickname
, nickname
, sizeof(status
->nickname
));
150 tor_free(fingerprint
);
151 if (!strcasecmp(nickname
, "!reject")) {
152 status
->status
|= FP_REJECT
;
153 } else if (!strcasecmp(nickname
, "!invalid")) {
154 status
->status
|= FP_INVALID
;
155 } else if (!strcasecmp(nickname
, "!baddir")) {
156 status
->status
|= FP_BADDIR
;
157 } else if (!strcasecmp(nickname
, "!badexit")) {
158 status
->status
|= FP_BADEXIT
;
164 /** Add the nickname and fingerprint for this OR to the
165 * global list of recognized identity key fingerprints. */
167 dirserv_add_own_fingerprint(const char *nickname
, crypto_pk_env_t
*pk
)
169 char fp
[FINGERPRINT_LEN
+1];
170 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
171 log_err(LD_BUG
, "Error computing fingerprint");
174 if (!fingerprint_list
)
175 fingerprint_list
= authdir_config_new();
176 add_fingerprint_to_dir(nickname
, fp
, fingerprint_list
);
180 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
181 * file. The file format is line-based, with each non-blank holding one
182 * nickname, some space, and a fingerprint for that nickname. On success,
183 * replace the current fingerprint list with the new list and return 0. On
184 * failure, leave the current fingerprint list untouched, and
187 dirserv_load_fingerprint_file(void)
191 char *nickname
, *fingerprint
;
192 authdir_config_t
*fingerprint_list_new
;
194 config_line_t
*front
=NULL
, *list
;
195 or_options_t
*options
= get_options();
197 fname
= get_datadir_fname("approved-routers");
199 "Reloading approved fingerprints from \"%s\"...", fname
);
201 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
203 if (options
->NamingAuthoritativeDir
) {
204 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. Failing.", fname
);
208 log_info(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
215 result
= config_get_lines(cf
, &front
);
218 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
222 fingerprint_list_new
= authdir_config_new();
224 for (list
=front
; list
; list
=list
->next
) {
225 char digest_tmp
[DIGEST_LEN
];
226 nickname
= list
->key
; fingerprint
= list
->value
;
227 if (strlen(nickname
) > MAX_NICKNAME_LEN
) {
228 log_notice(LD_CONFIG
,
229 "Nickname '%s' too long in fingerprint file. Skipping.",
233 if (!is_legal_nickname(nickname
) &&
234 strcasecmp(nickname
, "!reject") &&
235 strcasecmp(nickname
, "!invalid") &&
236 strcasecmp(nickname
, "!badexit")) {
237 log_notice(LD_CONFIG
,
238 "Invalid nickname '%s' in fingerprint file. Skipping.",
242 tor_strstrip(fingerprint
, " "); /* remove spaces */
243 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
244 base16_decode(digest_tmp
, sizeof(digest_tmp
),
245 fingerprint
, HEX_DIGEST_LEN
) < 0) {
246 log_notice(LD_CONFIG
,
247 "Invalid fingerprint (nickname '%s', "
248 "fingerprint %s). Skipping.",
249 nickname
, fingerprint
);
252 if (0==strcasecmp(nickname
, DEFAULT_CLIENT_NICKNAME
)) {
253 /* If you approved an OR called "client", then clients who use
254 * the default nickname could all be rejected. That's no good. */
255 log_notice(LD_CONFIG
,
256 "Authorizing nickname '%s' would break "
257 "many clients; skipping.",
258 DEFAULT_CLIENT_NICKNAME
);
261 if (0==strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
262 /* If you approved an OR called "unnamed", then clients will be
264 log_notice(LD_CONFIG
,
265 "Authorizing nickname '%s' is not allowed; skipping.",
266 UNNAMED_ROUTER_NICKNAME
);
269 if (add_fingerprint_to_dir(nickname
, fingerprint
, fingerprint_list_new
)
271 log_notice(LD_CONFIG
, "Duplicate nickname '%s'.", nickname
);
274 config_free_lines(front
);
275 dirserv_free_fingerprint_list();
276 fingerprint_list
= fingerprint_list_new
;
277 /* Delete any routers whose fingerprints we no longer recognize */
278 directory_remove_invalid();
282 /** Check whether <b>router</b> has a nickname/identity key combination that
283 * we recognize from the fingerprint list, or an IP we automatically act on
284 * according to our configuration. Return the appropriate router status.
286 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
287 * *<b>msg</b> to an explanation of why. */
289 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
)
293 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
294 log_warn(LD_BUG
,"Error computing fingerprint");
296 *msg
= "Bug: Error computing fingerprint";
300 return dirserv_get_status_impl(d
, router
->nickname
,
302 router
->addr
, router
->or_port
,
303 router
->platform
, router
->contact_info
,
307 /** Return true if there is no point in downloading the router described by
308 * <b>rs</b> because this directory would reject it. */
310 dirserv_would_reject_router(routerstatus_t
*rs
)
314 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
315 "", /* address is only used in logs */
316 rs
->addr
, rs
->or_port
,
320 return (res
& FP_REJECT
) != 0;
323 /** Helper: Based only on the ID/Nickname combination,
324 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
327 dirserv_get_name_status(const char *id_digest
, const char *nickname
)
329 char fp
[HEX_DIGEST_LEN
+1];
332 base16_encode(fp
, sizeof(fp
), id_digest
, DIGEST_LEN
);
335 strmap_get_lc(fingerprint_list
->fp_by_name
, nickname
))) {
336 if (!strcasecmp(fp
, fp_by_name
)) {
339 return FP_UNNAMED
; /* Wrong fingerprint. */
345 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
346 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
347 * port, platform (logging only) and contact info (logging only) as arguments.
349 * If should_log is false, do not log messages. (There's not much point in
350 * logging that we're rejecting servers we'll not download.)
353 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
355 uint32_t addr
, uint16_t or_port
,
356 const char *platform
, const char *contact
,
357 const char **msg
, int should_log
)
359 int reject_unlisted
= get_options()->AuthDirRejectUnlisted
;
361 router_status_t
*status_by_digest
;
363 if (!fingerprint_list
)
364 fingerprint_list
= authdir_config_new();
367 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
368 strmap_size(fingerprint_list
->fp_by_name
),
369 digestmap_size(fingerprint_list
->status_by_digest
));
371 /* 0.1.1.17-rc was the first version that claimed to be stable, doesn't
372 * crash and drop circuits all the time, and is even vaguely compatible with
373 * the current network */
374 if (platform
&& !tor_version_as_new_as(platform
,"0.1.1.17-rc")) {
376 *msg
= "Tor version is far too old to work.";
380 result
= dirserv_get_name_status(id_digest
, nickname
);
381 if (result
& FP_NAMED
) {
383 log_debug(LD_DIRSERV
,"Good fingerprint for '%s'",nickname
);
385 if (result
& FP_UNNAMED
) {
387 char *esc_contact
= esc_for_log(contact
);
389 "Mismatched fingerprint for '%s'. "
390 "ContactInfo '%s', platform '%s'.)",
393 platform
? escaped(platform
) : "");
394 tor_free(esc_contact
);
397 *msg
= "Rejected: There is already a named server with this nickname "
398 "and a different fingerprint.";
401 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
403 if (status_by_digest
)
404 result
|= (status_by_digest
->status
& ~FP_NAMED
);
406 if (result
& FP_REJECT
) {
408 *msg
= "Fingerprint is marked rejected";
410 } else if (result
& FP_INVALID
) {
412 *msg
= "Fingerprint is marked invalid";
415 if (authdir_policy_baddir_address(addr
, or_port
)) {
418 "Marking '%s' as bad directory because of address '%s'",
423 if (authdir_policy_badexit_address(addr
, or_port
)) {
425 log_info(LD_DIRSERV
, "Marking '%s' as bad exit because of address '%s'",
427 result
|= FP_BADEXIT
;
430 if (!(result
& FP_NAMED
)) {
431 if (!authdir_policy_permits_address(addr
, or_port
)) {
433 log_info(LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
436 *msg
= "Authdir is rejecting routers in this range.";
439 if (!authdir_policy_valid_address(addr
, or_port
)) {
441 log_info(LD_DIRSERV
, "Not marking '%s' valid because of address '%s'",
443 result
|= FP_INVALID
;
445 if (reject_unlisted
) {
447 *msg
= "Authdir rejects unknown routers.";
455 /** If we are an authoritative dirserver, and the list of approved
456 * servers contains one whose identity key digest is <b>digest</b>,
457 * return that router's nickname. Otherwise return NULL. */
459 dirserv_get_nickname_by_digest(const char *digest
)
461 router_status_t
*status
;
462 if (!fingerprint_list
)
466 status
= digestmap_get(fingerprint_list
->status_by_digest
, digest
);
467 return status
? status
->nickname
: NULL
;
470 /** Clear the current fingerprint list. */
472 dirserv_free_fingerprint_list(void)
474 if (!fingerprint_list
)
477 strmap_free(fingerprint_list
->fp_by_name
, _tor_free
);
478 digestmap_free(fingerprint_list
->status_by_digest
, _tor_free
);
479 tor_free(fingerprint_list
);
486 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
487 * unless we're configured to not care. Return 0 if all ok. */
489 dirserv_router_has_valid_address(routerinfo_t
*ri
)
491 struct in_addr iaddr
;
492 if (get_options()->DirAllowPrivateAddresses
)
493 return 0; /* whatever it is, we're fine with it */
494 if (!tor_inet_aton(ri
->address
, &iaddr
)) {
495 log_info(LD_DIRSERV
,"Router '%s' published non-IP address '%s'. Refusing.",
496 ri
->nickname
, ri
->address
);
499 if (is_internal_IP(ntohl(iaddr
.s_addr
), 0)) {
501 "Router '%s' published internal IP address '%s'. Refusing.",
502 ri
->nickname
, ri
->address
);
503 return -1; /* it's a private IP, we should reject it */
508 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
509 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
511 * If the router is rejected, set *<b>msg</b> to an explanation of why.
513 * If <b>complain</b> then explain at log-level 'notice' why we refused
514 * a descriptor; else explain at log-level 'info'.
517 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
520 /* Okay. Now check whether the fingerprint is recognized. */
521 uint32_t status
= dirserv_router_get_status(ri
, msg
);
523 int severity
= complain
? LOG_NOTICE
: LOG_INFO
;
525 if (status
& FP_REJECT
)
526 return -1; /* msg is already set. */
528 /* Is there too much clock skew? */
530 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
531 log_fn(severity
, LD_DIRSERV
, "Publication time for nickname '%s' is too "
532 "far (%d minutes) in the future; possible clock skew. Not adding "
534 ri
->nickname
, (int)((ri
->cache_info
.published_on
-now
)/60),
535 esc_router_info(ri
));
536 *msg
= "Rejected: Your clock is set too far in the future, or your "
537 "timezone is not correct.";
540 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
541 log_fn(severity
, LD_DIRSERV
,
542 "Publication time for router with nickname '%s' is too far "
543 "(%d minutes) in the past. Not adding (%s)",
544 ri
->nickname
, (int)((now
-ri
->cache_info
.published_on
)/60),
545 esc_router_info(ri
));
546 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
547 " or your timezone is not correct.";
550 if (dirserv_router_has_valid_address(ri
) < 0) {
551 log_fn(severity
, LD_DIRSERV
,
552 "Router with nickname '%s' has invalid address '%s'. "
554 ri
->nickname
, ri
->address
,
555 esc_router_info(ri
));
556 *msg
= "Rejected: Address is not an IP, or IP is a private address.";
559 /* Okay, looks like we're willing to accept this one. */
560 ri
->is_named
= (status
& FP_NAMED
) ? 1 : 0;
561 ri
->is_valid
= (status
& FP_INVALID
) ? 0 : 1;
562 ri
->is_bad_directory
= (status
& FP_BADDIR
) ? 1 : 0;
563 ri
->is_bad_exit
= (status
& FP_BADEXIT
) ? 1 : 0;
568 /** True iff <b>a</b> is more severe than <b>b</b>. */
570 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
575 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
576 * returns the most severe error that occurred for any one of them. */
578 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
582 was_router_added_t r
, r_tmp
;
587 time_t now
= time(NULL
);
588 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
589 char time_buf
[ISO_TIME_LEN
+1];
590 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
593 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
595 format_iso_time(time_buf
, now
);
596 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
599 "%s%s%s", time_buf
, escaped(source
),
600 !general
? "@purpose " : "",
601 !general
? router_purpose_to_string(purpose
) : "",
602 !general
? "\n" : "")<0) {
603 *msg
= "Couldn't format annotations";
608 list
= smartlist_create();
609 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
611 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
613 tor_assert(ri
->purpose
== purpose
);
614 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
615 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
621 n_parsed
+= smartlist_len(list
);
622 smartlist_clear(list
);
625 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
627 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
630 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
631 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
637 n_parsed
+= smartlist_len(list
);
638 smartlist_free(list
);
642 *msg
= "No descriptors found in your POST.";
643 if (WRA_WAS_ADDED(r
))
644 r
= ROUTER_WAS_NOT_NEW
;
646 *msg
= "(no message)";
653 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
654 * the list of server descriptors. Set *<b>msg</b> to a message that should be
655 * passed back to the origin of this descriptor. Use <b>source</b> to produce
656 * better log messages.
658 * Return the status of the operation
660 * This function is only called when fresh descriptors are posted, not when
661 * we re-load the cache.
664 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
666 was_router_added_t r
;
667 routerinfo_t
*ri_old
;
668 char *desc
, *nickname
;
671 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
672 * network and it'll clog everything up. */
673 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
674 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
675 " (source: %s) with size %d. Either this is an attack, or the "
676 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
677 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
678 MAX_DESCRIPTOR_UPLOAD_SIZE
);
679 *msg
= "Router descriptor was too large";
680 control_event_or_authdir_new_descriptor("REJECTED",
681 ri
->cache_info
.signed_descriptor_body
,
682 ri
->cache_info
.signed_descriptor_len
, *msg
);
684 return ROUTER_AUTHDIR_REJECTS
;
687 /* Check whether this descriptor is semantically identical to the last one
688 * from this server. (We do this here and not in router_add_to_routerlist
689 * because we want to be able to accept the newest router descriptor that
690 * another authority has, so we all converge on the same one.) */
691 ri_old
= router_get_by_digest(ri
->cache_info
.identity_digest
);
692 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
693 && router_differences_are_cosmetic(ri_old
, ri
)
694 && !router_is_me(ri
)) {
696 "Not replacing descriptor from '%s' (source: %s); "
697 "differences are cosmetic.",
698 ri
->nickname
, source
);
699 *msg
= "Not replacing router descriptor; no information has changed since "
700 "the last one with this identity.";
701 control_event_or_authdir_new_descriptor("DROPPED",
702 ri
->cache_info
.signed_descriptor_body
,
703 ri
->cache_info
.signed_descriptor_len
, *msg
);
705 return ROUTER_WAS_NOT_NEW
;
708 /* Make a copy of desc, since router_add_to_routerlist might free
709 * ri and its associated signed_descriptor_t. */
710 desclen
= ri
->cache_info
.signed_descriptor_len
;
711 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
712 nickname
= tor_strdup(ri
->nickname
);
714 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
715 if (!WRA_WAS_ADDED(r
)) {
716 /* unless the routerinfo was fine, just out-of-date */
717 if (WRA_WAS_REJECTED(r
))
718 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
720 "Did not add descriptor from '%s' (source: %s): %s.",
721 nickname
, source
, *msg
);
723 smartlist_t
*changed
;
724 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
726 changed
= smartlist_create();
727 smartlist_add(changed
, ri
);
728 control_event_descriptors_changed(changed
);
729 smartlist_free(changed
);
731 *msg
= ri
->is_valid
? "Descriptor for valid server accepted" :
732 "Descriptor for invalid server accepted";
735 "Added descriptor from '%s' (source: %s): %s.",
736 nickname
, source
, *msg
);
743 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
744 static was_router_added_t
745 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
752 ri
= router_get_by_digest(ei
->cache_info
.identity_digest
);
754 *msg
= "No corresponding router descriptor for extra-info descriptor";
756 return ROUTER_BAD_EI
;
759 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
760 * network and it'll clog everything up. */
761 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
762 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
763 "with size %d. Either this is an attack, or the "
764 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
765 (int)ei
->cache_info
.signed_descriptor_len
,
766 MAX_EXTRAINFO_UPLOAD_SIZE
);
767 *msg
= "Extrainfo document was too large";
769 return ROUTER_BAD_EI
;
772 if ((r
= routerinfo_incompatible_with_extrainfo(ri
, ei
, NULL
, msg
))) {
774 return r
< 0 ? ROUTER_WAS_NOT_NEW
: ROUTER_BAD_EI
;
776 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
777 return ROUTER_ADDED_SUCCESSFULLY
;
780 /** Remove all descriptors whose nicknames or fingerprints no longer
781 * are allowed by our fingerprint list. (Descriptors that used to be
782 * good can become bad when we reload the fingerprint list.)
785 directory_remove_invalid(void)
789 routerlist_t
*rl
= router_get_routerlist();
791 routerlist_assert_ok(rl
);
793 for (i
= 0; i
< smartlist_len(rl
->routers
); ++i
) {
795 routerinfo_t
*ent
= smartlist_get(rl
->routers
, i
);
796 uint32_t r
= dirserv_router_get_status(ent
, &msg
);
798 log_info(LD_DIRSERV
, "Router '%s' is now rejected: %s",
799 ent
->nickname
, msg
?msg
:"");
800 routerlist_remove(rl
, ent
, 0);
805 if (bool_neq((r
& FP_NAMED
), ent
->is_named
)) {
807 "Router '%s' is now %snamed.", ent
->nickname
,
808 (r
&FP_NAMED
)?"":"un");
809 ent
->is_named
= (r
&FP_NAMED
)?1:0;
812 if (bool_neq((r
& FP_INVALID
), !ent
->is_valid
)) {
813 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", ent
->nickname
,
814 (r
&FP_INVALID
) ? "in" : "");
815 ent
->is_valid
= (r
&FP_INVALID
)?0:1;
818 if (bool_neq((r
& FP_BADDIR
), ent
->is_bad_directory
)) {
819 log_info(LD_DIRSERV
, "Router '%s' is now a %s directory", ent
->nickname
,
820 (r
& FP_BADDIR
) ? "bad" : "good");
821 ent
->is_bad_directory
= (r
&FP_BADDIR
) ? 1: 0;
824 if (bool_neq((r
& FP_BADEXIT
), ent
->is_bad_exit
)) {
825 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", ent
->nickname
,
826 (r
& FP_BADEXIT
) ? "bad" : "good");
827 ent
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
832 directory_set_dirty();
834 routerlist_assert_ok(rl
);
837 /** Write a list of unregistered descriptors into a newly allocated
838 * string and return it. Used by dirserv operators to keep track of
839 * fast nodes that haven't registered.
842 getinfo_helper_dirserv_unregistered(control_connection_t
*control_conn
,
843 const char *question
, char **answer_out
)
845 smartlist_t
*answerlist
;
848 int min_bw
= atoi(question
);
849 routerlist_t
*rl
= router_get_routerlist();
853 if (strcmpstart(question
, "unregistered-servers-"))
855 question
+= strlen("unregistered-servers-");
857 answerlist
= smartlist_create();
858 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ent
, {
859 uint32_t r
= dirserv_router_get_status(ent
, NULL
);
860 if (router_get_advertised_bandwidth(ent
) >= (size_t)min_bw
&&
862 /* then log this one */
863 tor_snprintf(buf
, sizeof(buf
),
864 "%s: BW %d on '%s'.",
865 ent
->nickname
, router_get_advertised_bandwidth(ent
),
866 ent
->platform
? ent
->platform
: "");
867 smartlist_add(answerlist
, tor_strdup(buf
));
870 answer
= smartlist_join_strings(answerlist
, "\r\n", 0, NULL
);
871 SMARTLIST_FOREACH(answerlist
, char *, cp
, tor_free(cp
));
872 smartlist_free(answerlist
);
873 *answer_out
= answer
;
877 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
878 * directory, we will rebuild it instead of reusing the most recently
882 directory_set_dirty(void)
884 time_t now
= time(NULL
);
887 /* Regenerate stubs only every 8 hours.
888 * XXXX It would be nice to generate less often, but these are just
889 * stubs: it doesn't matter. */
890 #define STUB_REGENERATE_INTERVAL (8*60*60)
891 if (!the_directory
|| !the_runningrouters
.dir
)
893 else if (the_directory
->published
< now
- STUB_REGENERATE_INTERVAL
||
894 the_runningrouters
.published
< now
- STUB_REGENERATE_INTERVAL
)
898 if (!the_directory_is_dirty
)
899 the_directory_is_dirty
= now
;
900 if (!runningrouters_is_dirty
)
901 runningrouters_is_dirty
= now
;
903 if (!the_v2_networkstatus_is_dirty
)
904 the_v2_networkstatus_is_dirty
= now
;
908 * Allocate and return a description of the status of the server <b>desc</b>,
909 * for use in a v1-style router-status line. The server is listed
910 * as running iff <b>is_live</b> is true.
913 list_single_server_status(routerinfo_t
*desc
, int is_live
)
915 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
924 if (desc
->is_valid
) {
925 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
930 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
932 return tor_strdup(buf
);
935 /** Each server needs to have passed a reachability test no more
936 * than this number of seconds ago, or he is listed as down in
938 #define REACHABLE_TIMEOUT (45*60)
940 /** Treat a router as alive if
941 * - It's me, and I'm not hibernating.
942 * or - We've found it reachable recently. */
944 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
948 if (router_is_me(router
) && !we_are_hibernating())
951 answer
= get_options()->AssumeReachable
||
952 now
< router
->last_reachable
+ REACHABLE_TIMEOUT
;
954 if (router
->is_running
&& !answer
) {
955 /* it was running but now it's not. tell rephist. */
956 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, now
);
959 router
->is_running
= answer
;
962 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
963 * contents of a v1-style router-status line, and store it in
964 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
966 * If for_controller is true, include the routers with very old descriptors.
967 * If for_controller is >1, use the verbose nickname format.
970 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
973 /* List of entries in a router-status style: An optional !, then an optional
974 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
975 smartlist_t
*rs_entries
;
976 time_t now
= time(NULL
);
977 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
978 or_options_t
*options
= get_options();
979 /* We include v2 dir auths here too, because they need to answer
980 * controllers. Eventually we'll deprecate this whole function;
981 * see also networkstatus_getinfo_by_purpose(). */
982 int authdir
= authdir_mode_publishes_statuses(options
);
983 tor_assert(router_status_out
);
985 rs_entries
= smartlist_create();
987 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
,
990 /* Update router status in routerinfo_t. */
991 dirserv_set_router_is_running(ri
, now
);
993 if (for_controller
== 1 || ri
->cache_info
.published_on
>= cutoff
)
994 smartlist_add(rs_entries
, list_single_server_status(ri
, ri
->is_running
));
995 else if (for_controller
> 2) {
996 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
1000 router_get_verbose_nickname(cp
, ri
);
1001 smartlist_add(rs_entries
, tor_strdup(name_buf
));
1005 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
1007 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
1008 smartlist_free(rs_entries
);
1013 /** Given a (possibly empty) list of config_line_t, each line of which contains
1014 * a list of comma-separated version numbers surrounded by optional space,
1015 * allocate and return a new string containing the version numbers, in order,
1016 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1019 format_versions_list(config_line_t
*ln
)
1021 smartlist_t
*versions
;
1023 versions
= smartlist_create();
1024 for ( ; ln
; ln
= ln
->next
) {
1025 smartlist_split_string(versions
, ln
->value
, ",",
1026 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
1028 sort_version_list(versions
, 1);
1029 result
= smartlist_join_strings(versions
,",",0,NULL
);
1030 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
1031 smartlist_free(versions
);
1035 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1036 * not hibernating, and not too old. Else return 0.
1039 router_is_active(routerinfo_t
*ri
, time_t now
)
1041 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1042 if (ri
->cache_info
.published_on
< cutoff
)
1044 if (!ri
->is_running
|| !ri
->is_valid
|| ri
->is_hibernating
)
1049 /** Generate a new v1 directory and write it into a newly allocated string.
1050 * Point *<b>dir_out</b> to the allocated string. Sign the
1051 * directory with <b>private_key</b>. Return 0 on success, -1 on
1052 * failure. If <b>complete</b> is set, give us all the descriptors;
1053 * otherwise leave out non-running and non-valid ones.
1056 dirserv_dump_directory_to_string(char **dir_out
,
1057 crypto_pk_env_t
*private_key
)
1060 char *identity_pkey
; /* Identity key, DER64-encoded. */
1061 char *recommended_versions
;
1062 char digest
[DIGEST_LEN
];
1063 char published
[ISO_TIME_LEN
+1];
1066 size_t identity_pkey_len
;
1067 time_t now
= time(NULL
);
1069 tor_assert(dir_out
);
1072 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1073 &identity_pkey_len
)<0) {
1074 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1078 recommended_versions
=
1079 format_versions_list(get_options()->RecommendedVersions
);
1081 format_iso_time(published
, now
);
1083 buf_len
= 2048+strlen(recommended_versions
);
1085 buf
= tor_malloc(buf_len
);
1086 /* We'll be comparing against buf_len throughout the rest of the
1087 function, though strictly speaking we shouldn't be able to exceed
1088 it. This is C, after all, so we may as well check for buffer
1091 tor_snprintf(buf
, buf_len
,
1092 "signed-directory\n"
1094 "recommended-software %s\n"
1095 "router-status %s\n"
1096 "dir-signing-key\n%s\n",
1097 published
, recommended_versions
, "",
1100 tor_free(recommended_versions
);
1101 tor_free(identity_pkey
);
1103 cp
= buf
+ strlen(buf
);
1106 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1108 if (strlcat(buf
, "directory-signature ", buf_len
) >= buf_len
)
1110 if (strlcat(buf
, get_options()->Nickname
, buf_len
) >= buf_len
)
1112 if (strlcat(buf
, "\n", buf_len
) >= buf_len
)
1115 if (router_get_dir_hash(buf
,digest
)) {
1116 log_warn(LD_BUG
,"couldn't compute digest");
1120 note_crypto_pk_op(SIGN_DIR
);
1121 if (router_append_dirobj_signature(buf
,buf_len
,digest
,private_key
)<0) {
1129 log_warn(LD_BUG
,"tried to exceed string length.");
1134 /********************************************************************/
1136 /* A set of functions to answer questions about how we'd like to behave
1137 * as a directory mirror/client. */
1139 /** Return 1 if we fetch our directory material directly from the
1140 * authorities, rather than from a mirror. */
1142 directory_fetches_from_authorities(or_options_t
*options
)
1146 if (options
->FetchDirInfoEarly
)
1148 if (options
->BridgeRelay
== 1)
1150 if (server_mode(options
) && router_pick_published_address(options
, &addr
)<0)
1151 return 1; /* we don't know our IP address; ask an authority. */
1152 if (options
->DirPort
== 0)
1154 if (!server_mode(options
) || !advertised_server_mode())
1156 me
= router_get_my_routerinfo();
1157 if (!me
|| !me
->dir_port
)
1158 return 0; /* if dirport not advertised, return 0 too */
1162 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1163 * on the "mirror" schedule rather than the "client" schedule.
1166 directory_fetches_dir_info_early(or_options_t
*options
)
1168 return directory_fetches_from_authorities(options
);
1171 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1172 * on a very passive schedule -- waiting long enough for ordinary clients
1173 * to probably have the info we want. These would include bridge users,
1174 * and maybe others in the future e.g. if a Tor client uses another Tor
1175 * client as a directory guard.
1178 directory_fetches_dir_info_later(or_options_t
*options
)
1180 return options
->UseBridges
!= 0;
1183 /** Return 1 if we want to cache v2 dir info (each status file).
1186 directory_caches_v2_dir_info(or_options_t
*options
)
1188 return options
->DirPort
!= 0;
1191 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1192 * and we're willing to serve them to others. Else return 0.
1195 directory_caches_dir_info(or_options_t
*options
)
1197 return options
->BridgeRelay
!= 0 || options
->DirPort
!= 0;
1200 /** Return 1 if we want to allow remote people to ask us directory
1201 * requests via the "begin_dir" interface, which doesn't require
1202 * having any separate port open. */
1204 directory_permits_begindir_requests(or_options_t
*options
)
1206 return options
->BridgeRelay
!= 0 || options
->DirPort
!= 0;
1209 /** Return 1 if we want to allow controllers to ask us directory
1210 * requests via the controller interface, which doesn't require
1211 * having any separate port open. */
1213 directory_permits_controller_requests(or_options_t
*options
)
1215 return options
->DirPort
!= 0;
1218 /** Return 1 if we have no need to fetch new descriptors. This generally
1219 * happens when we're not a dir cache and we haven't built any circuits
1223 directory_too_idle_to_fetch_descriptors(or_options_t
*options
, time_t now
)
1225 return !directory_caches_dir_info(options
) &&
1226 !options
->FetchUselessDescriptors
&&
1227 rep_hist_circbuilding_dormant(now
);
1230 /********************************************************************/
1232 /* Used only by non-v1-auth dirservers: The v1 directory and
1233 * runningrouters we'll serve when requested. */
1235 /** The v1 directory we'll serve (as a cache or as an authority) if
1237 static cached_dir_t
*cached_directory
= NULL
;
1238 /** The v1 runningrouters document we'll serve (as a cache or as an authority)
1240 static cached_dir_t cached_runningrouters
= { NULL
, NULL
, 0, 0, 0, -1 };
1242 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1244 static digestmap_t
*cached_v2_networkstatus
= NULL
;
1246 /** The v3 consensus network status that we're currently serving. */
1247 static cached_dir_t
*cached_v3_networkstatus
= NULL
;
1249 /** Possibly replace the contents of <b>d</b> with the value of
1250 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1251 * the last value, or too far in the future.
1253 * Does not copy <b>directory</b>; frees it if it isn't used.
1256 set_cached_dir(cached_dir_t
*d
, char *directory
, time_t when
)
1258 time_t now
= time(NULL
);
1259 if (when
<=d
->published
) {
1260 log_info(LD_DIRSERV
, "Ignoring old directory; not caching.");
1261 tor_free(directory
);
1262 } else if (when
>=now
+ROUTER_MAX_AGE_TO_PUBLISH
) {
1263 log_info(LD_DIRSERV
, "Ignoring future directory; not caching.");
1264 tor_free(directory
);
1266 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1267 log_debug(LD_DIRSERV
, "Caching directory.");
1270 d
->dir_len
= strlen(directory
);
1272 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1274 log_warn(LD_BUG
,"Error compressing cached directory");
1276 d
->published
= when
;
1280 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1281 * any references. */
1283 cached_dir_decref(cached_dir_t
*d
)
1285 if (!d
|| --d
->refcnt
> 0)
1287 clear_cached_dir(d
);
1291 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1292 * published at <b>published</b>. */
1294 new_cached_dir(char *s
, time_t published
)
1296 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1299 d
->dir_len
= strlen(s
);
1300 d
->published
= published
;
1301 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1303 log_warn(LD_BUG
, "Error compressing directory");
1308 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1310 clear_cached_dir(cached_dir_t
*d
)
1314 memset(d
, 0, sizeof(cached_dir_t
));
1317 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1319 _free_cached_dir(void *_d
)
1321 cached_dir_t
*d
= (cached_dir_t
*)_d
;
1322 cached_dir_decref(d
);
1325 /** If we have no cached v1 directory, or it is older than <b>published</b>,
1326 * then replace it with <b>directory</b>, published at <b>published</b>.
1328 * If <b>published</b> is too old, do nothing.
1330 * If <b>is_running_routers</b>, this is really a v1 running_routers
1331 * document rather than a v1 directory.
1334 dirserv_set_cached_directory(const char *directory
, time_t published
,
1335 int is_running_routers
)
1337 time_t now
= time(NULL
);
1339 if (is_running_routers
) {
1340 if (published
>= now
- MAX_V1_RR_AGE
)
1341 set_cached_dir(&cached_runningrouters
, tor_strdup(directory
), published
);
1343 if (published
>= now
- MAX_V1_DIRECTORY_AGE
) {
1344 cached_dir_decref(cached_directory
);
1345 cached_directory
= new_cached_dir(tor_strdup(directory
), published
);
1350 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1351 * network-status for an authoritative directory with identity digest
1352 * <b>identity</b> published at <b>published</b> -- store it so we can
1353 * serve it to others.
1355 * If <b>networkstatus</b> is NULL, remove the entry with the given
1356 * identity fingerprint from the v2 cache.
1359 dirserv_set_cached_networkstatus_v2(const char *networkstatus
,
1360 const char *identity
,
1363 cached_dir_t
*d
, *old_d
;
1364 smartlist_t
*trusted_dirs
;
1365 if (!cached_v2_networkstatus
)
1366 cached_v2_networkstatus
= digestmap_new();
1368 old_d
= digestmap_get(cached_v2_networkstatus
, identity
);
1369 if (!old_d
&& !networkstatus
)
1372 if (networkstatus
) {
1373 if (!old_d
|| published
> old_d
->published
) {
1374 d
= new_cached_dir(tor_strdup(networkstatus
), published
);
1375 digestmap_set(cached_v2_networkstatus
, identity
, d
);
1377 cached_dir_decref(old_d
);
1381 digestmap_remove(cached_v2_networkstatus
, identity
);
1382 cached_dir_decref(old_d
);
1386 /* Now purge old entries. */
1387 trusted_dirs
= router_get_trusted_dir_servers();
1388 if (digestmap_size(cached_v2_networkstatus
) >
1389 smartlist_len(trusted_dirs
) + MAX_UNTRUSTED_NETWORKSTATUSES
) {
1390 /* We need to remove the oldest untrusted networkstatus. */
1391 const char *oldest
= NULL
;
1392 time_t oldest_published
= TIME_MAX
;
1393 digestmap_iter_t
*iter
;
1395 for (iter
= digestmap_iter_init(cached_v2_networkstatus
);
1396 !digestmap_iter_done(iter
);
1397 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
)) {
1400 digestmap_iter_get(iter
, &ident
, &val
);
1402 if (d
->published
< oldest_published
&&
1403 !router_digest_is_trusted_dir(ident
)) {
1405 oldest_published
= d
->published
;
1409 d
= digestmap_remove(cached_v2_networkstatus
, oldest
);
1411 cached_dir_decref(d
);
1415 /** Replace the v3 consensus networkstatus that we're serving with
1416 * <b>networkstatus</b>, published at <b>published</b>. No validation is
1419 dirserv_set_cached_networkstatus_v3(const char *networkstatus
,
1422 if (cached_v3_networkstatus
)
1423 cached_dir_decref(cached_v3_networkstatus
);
1424 cached_v3_networkstatus
= new_cached_dir(
1425 tor_strdup(networkstatus
), published
);
1428 /** Remove any v2 networkstatus from the directory cache that was published
1429 * before <b>cutoff</b>. */
1431 dirserv_clear_old_networkstatuses(time_t cutoff
)
1433 if (!cached_v2_networkstatus
)
1436 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus
, id
, cached_dir_t
*, dir
) {
1437 if (dir
->published
< cutoff
) {
1439 fname
= networkstatus_get_cache_filename(id
);
1440 if (file_status(fname
) == FN_FILE
) {
1441 log_info(LD_DIR
, "Removing too-old untrusted networkstatus in %s",
1446 cached_dir_decref(dir
);
1447 MAP_DEL_CURRENT(id
);
1449 } DIGESTMAP_FOREACH_END
1452 /** Remove any v1 info from the directory cache that was published
1455 dirserv_clear_old_v1_info(time_t now
)
1457 if (cached_directory
&&
1458 cached_directory
->published
< (now
- MAX_V1_DIRECTORY_AGE
)) {
1459 cached_dir_decref(cached_directory
);
1460 cached_directory
= NULL
;
1462 if (cached_runningrouters
.published
< (now
- MAX_V1_RR_AGE
)) {
1463 clear_cached_dir(&cached_runningrouters
);
1467 /** Helper: If we're an authority for the right directory version (v1 or v2)
1468 * (based on <b>auth_type</b>), try to regenerate
1469 * auth_src as appropriate and return it, falling back to cache_src on
1470 * failure. If we're a cache, simply return cache_src.
1472 static cached_dir_t
*
1473 dirserv_pick_cached_dir_obj(cached_dir_t
*cache_src
,
1474 cached_dir_t
*auth_src
,
1475 time_t dirty
, cached_dir_t
*(*regenerate
)(void),
1477 authority_type_t auth_type
)
1479 or_options_t
*options
= get_options();
1480 int authority
= (auth_type
== V1_AUTHORITY
&& authdir_mode_v1(options
)) ||
1481 (auth_type
== V2_AUTHORITY
&& authdir_mode_v2(options
));
1483 if (!authority
|| authdir_mode_bridge(options
)) {
1486 /* We're authoritative. */
1487 if (regenerate
!= NULL
) {
1488 if (dirty
&& dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
)) {
1489 if (!(auth_src
= regenerate())) {
1490 log_err(LD_BUG
, "Couldn't generate %s?", name
);
1494 log_info(LD_DIRSERV
, "The %s is still clean; reusing.", name
);
1497 return auth_src
? auth_src
: cache_src
;
1501 /** Return the most recently generated encoded signed v1 directory,
1502 * generating a new one as necessary. If not a v1 authoritative directory
1503 * may return NULL if no directory is yet cached. */
1505 dirserv_get_directory(void)
1507 return dirserv_pick_cached_dir_obj(cached_directory
, the_directory
,
1508 the_directory_is_dirty
,
1509 dirserv_regenerate_directory
,
1510 "v1 server directory", V1_AUTHORITY
);
1513 /** Only called by v1 auth dirservers.
1514 * Generate a fresh v1 directory; set the_directory and return a pointer
1517 static cached_dir_t
*
1518 dirserv_regenerate_directory(void)
1520 char *new_directory
=NULL
;
1522 if (dirserv_dump_directory_to_string(&new_directory
, get_identity_key())) {
1523 log_warn(LD_BUG
, "Error creating directory.");
1524 tor_free(new_directory
);
1527 cached_dir_decref(the_directory
);
1528 the_directory
= new_cached_dir(new_directory
, time(NULL
));
1529 log_info(LD_DIRSERV
,"New directory (size %d) has been built.",
1530 (int)the_directory
->dir_len
);
1531 log_debug(LD_DIRSERV
,"New directory (size %d):\n%s",
1532 (int)the_directory
->dir_len
, the_directory
->dir
);
1534 the_directory_is_dirty
= 0;
1536 /* Save the directory to disk so we re-load it quickly on startup.
1538 dirserv_set_cached_directory(the_directory
->dir
, time(NULL
), 0);
1540 return the_directory
;
1543 /** Only called by v1 auth dirservers.
1544 * Replace the current running-routers list with a newly generated one. */
1545 static cached_dir_t
*
1546 generate_runningrouters(void)
1549 char digest
[DIGEST_LEN
];
1550 char published
[ISO_TIME_LEN
+1];
1552 crypto_pk_env_t
*private_key
= get_identity_key();
1553 char *identity_pkey
; /* Identity key, DER64-encoded. */
1554 size_t identity_pkey_len
;
1556 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1557 &identity_pkey_len
)<0) {
1558 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1561 format_iso_time(published
, time(NULL
));
1564 s
= tor_malloc_zero(len
);
1565 tor_snprintf(s
, len
,
1568 "router-status %s\n"
1569 "dir-signing-key\n%s"
1570 "directory-signature %s\n",
1571 published
, "", identity_pkey
,
1572 get_options()->Nickname
);
1573 tor_free(identity_pkey
);
1574 if (router_get_runningrouters_hash(s
,digest
)) {
1575 log_warn(LD_BUG
,"couldn't compute digest");
1578 note_crypto_pk_op(SIGN_DIR
);
1579 if (router_append_dirobj_signature(s
, len
, digest
, private_key
)<0)
1582 set_cached_dir(&the_runningrouters
, s
, time(NULL
));
1583 runningrouters_is_dirty
= 0;
1585 return &the_runningrouters
;
1591 /** Set *<b>rr</b> to the most recently generated encoded signed
1592 * running-routers list, generating a new one as necessary. Return the
1593 * size of the directory on success, and 0 on failure. */
1595 dirserv_get_runningrouters(void)
1597 return dirserv_pick_cached_dir_obj(
1598 &cached_runningrouters
, &the_runningrouters
,
1599 runningrouters_is_dirty
,
1600 generate_runningrouters
,
1601 "v1 network status list", V1_AUTHORITY
);
1604 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1605 * optionally compressed format, suitable for sending to clients. */
1607 dirserv_get_consensus(void)
1609 return cached_v3_networkstatus
;
1612 /** For authoritative directories: the current (v2) network status. */
1613 static cached_dir_t
*the_v2_networkstatus
= NULL
;
1615 /** Return true iff our opinion of the routers has been stale for long
1616 * enough that we should generate a new v2 network status doc. */
1618 should_generate_v2_networkstatus(void)
1620 return authdir_mode_v2(get_options()) &&
1621 the_v2_networkstatus_is_dirty
&&
1622 the_v2_networkstatus_is_dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
);
1625 /** If a router's uptime is at least this value, then it is always
1626 * considered stable, regardless of the rest of the network. This
1627 * way we resist attacks where an attacker doubles the size of the
1628 * network using allegedly high-uptime nodes, displacing all the
1629 * current guards. */
1630 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1631 /** If a router's MTBF is at least this value, then it is always stable.
1632 * See above. (Corresponds to about 7 days for current decay rates.) */
1633 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1634 /** Similarly, we protect sufficiently fast nodes from being pushed
1635 * out of the set of Fast nodes. */
1636 #define BANDWIDTH_TO_GUARANTEE_FAST (100*1024)
1637 /** Similarly, every node with sufficient bandwidth can be considered
1638 * for Guard status. */
1639 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1640 /** Similarly, every node with at least this much weighted time known can be
1641 * considered familiar enough to be a guard. Corresponds to about 20 days for
1642 * current decay rates.
1644 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1645 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1647 #define WFU_TO_GUARANTEE_GUARD (0.995)
1649 /* Thresholds for server performance: set by
1650 * dirserv_compute_performance_thresholds, and used by
1651 * generate_v2_networkstatus */
1653 /** Any router with an uptime of at least this value is stable. */
1654 static uint32_t stable_uptime
= 0; /* start at a safe value */
1655 /** Any router with an mtbf of at least this value is stable. */
1656 static double stable_mtbf
= 0.0;
1657 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1658 * than stable_uptime. */
1659 static int enough_mtbf_info
= 0;
1660 /** Any router with a weighted fractional uptime of at least this much might
1661 * be good as a guard. */
1662 static double guard_wfu
= 0.0;
1663 /** Don't call a router a guard unless we've known about it for at least this
1665 static long guard_tk
= 0;
1666 /** Any router with a bandwidth at least this high is "Fast" */
1667 static uint32_t fast_bandwidth
= 0;
1668 /** If exits can be guards, then all guards must have a bandwidth this
1670 static uint32_t guard_bandwidth_including_exits
= 0;
1671 /** If exits can't be guards, then all guards must have a bandwidth this
1673 static uint32_t guard_bandwidth_excluding_exits
= 0;
1674 /** Total bandwidth of all the routers we're considering. */
1675 static uint64_t total_bandwidth
= 0;
1676 /** Total bandwidth of all the exit routers we're considering. */
1677 static uint64_t total_exit_bandwidth
= 0;
1679 /** Helper: estimate the uptime of a router given its stated uptime and the
1680 * amount of time since it last stated its stated uptime. */
1682 real_uptime(routerinfo_t
*router
, time_t now
)
1684 if (now
< router
->cache_info
.published_on
)
1685 return router
->uptime
;
1687 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1690 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1691 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1692 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1696 dirserv_thinks_router_is_unreliable(time_t now
,
1697 routerinfo_t
*router
,
1698 int need_uptime
, int need_capacity
)
1701 if (!enough_mtbf_info
) {
1702 /* XXX022 Once most authorities are on v3, we should change the rule from
1703 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1704 * v3 if we don't have enough mtbf data." */
1705 long uptime
= real_uptime(router
, now
);
1706 if ((unsigned)uptime
< stable_uptime
&&
1707 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1711 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1712 if (mtbf
< stable_mtbf
&&
1713 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1717 if (need_capacity
) {
1718 uint32_t bw
= router_get_advertised_bandwidth(router
);
1719 if (bw
< fast_bandwidth
)
1725 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1726 * Right now this means it advertises support for it, it has a high
1727 * uptime, and it's currently considered Running.
1729 * This function needs to be called after router-\>is_running has
1733 dirserv_thinks_router_is_hs_dir(routerinfo_t
*router
, time_t now
)
1735 long uptime
= real_uptime(router
, now
);
1737 return (router
->wants_to_be_hs_dir
&&
1738 uptime
> get_options()->MinUptimeHidServDirectoryV2
&&
1739 router
->is_running
);
1742 /** Look through the routerlist, the Mean Time Between Failure history, and
1743 * the Weighted Fractional Uptime history, and use them to set thresholds for
1744 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1745 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1746 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1747 * total_bandwidth, and total_exit_bandwidth.
1749 * Also, set the is_exit flag of each router appropriately. */
1751 dirserv_compute_performance_thresholds(routerlist_t
*rl
)
1753 int n_active
, n_active_nonexit
, n_familiar
;
1754 uint32_t *uptimes
, *bandwidths
, *bandwidths_excluding_exits
;
1756 double *mtbfs
, *wfus
;
1757 time_t now
= time(NULL
);
1759 /* initialize these all here, in case there are no routers */
1763 guard_bandwidth_including_exits
= 0;
1764 guard_bandwidth_excluding_exits
= 0;
1767 total_bandwidth
= 0;
1768 total_exit_bandwidth
= 0;
1770 /* Initialize arrays that will hold values for each router. We'll
1771 * sort them and use that to compute thresholds. */
1772 n_active
= n_active_nonexit
= 0;
1773 /* Uptime for every active router. */
1774 uptimes
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1775 /* Bandwidth for every active router. */
1776 bandwidths
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1777 /* Bandwidth for every active non-exit router. */
1778 bandwidths_excluding_exits
=
1779 tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1780 /* Weighted mean time between failure for each active router. */
1781 mtbfs
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1782 /* Time-known for each active router. */
1783 tks
= tor_malloc(sizeof(long)*smartlist_len(rl
->routers
));
1784 /* Weighted fractional uptime for each active router. */
1785 wfus
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1787 /* Now, fill in the arrays. */
1788 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
1789 if (router_is_active(ri
, now
)) {
1790 const char *id
= ri
->cache_info
.identity_digest
;
1792 ri
->is_exit
= exit_policy_is_general_exit(ri
->exit_policy
);
1793 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1794 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1795 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1796 bandwidths
[n_active
] = bw
= router_get_advertised_bandwidth(ri
);
1797 total_bandwidth
+= bw
;
1798 if (ri
->is_exit
&& !ri
->is_bad_exit
) {
1799 total_exit_bandwidth
+= bw
;
1801 bandwidths_excluding_exits
[n_active_nonexit
] = bw
;
1808 /* Now, compute thresholds. */
1810 /* The median uptime is stable. */
1811 stable_uptime
= median_uint32(uptimes
, n_active
);
1812 /* The median mtbf is stable, if we have enough mtbf info */
1813 stable_mtbf
= median_double(mtbfs
, n_active
);
1814 /* The 12.5th percentile bandwidth is fast. */
1815 fast_bandwidth
= find_nth_uint32(bandwidths
, n_active
, n_active
/8);
1816 /* (Now bandwidths is sorted.) */
1817 if (fast_bandwidth
< ROUTER_REQUIRED_MIN_BANDWIDTH
)
1818 fast_bandwidth
= bandwidths
[n_active
/4];
1819 guard_bandwidth_including_exits
= bandwidths
[(n_active
-1)/2];
1820 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1823 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1824 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1826 if (fast_bandwidth
> BANDWIDTH_TO_GUARANTEE_FAST
)
1827 fast_bandwidth
= BANDWIDTH_TO_GUARANTEE_FAST
;
1829 /* Now that we have a time-known that 7/8 routers are known longer than,
1830 * fill wfus with the wfu of every such "familiar" router. */
1832 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
1833 if (router_is_active(ri
, now
)) {
1834 const char *id
= ri
->cache_info
.identity_digest
;
1835 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1838 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1842 guard_wfu
= median_double(wfus
, n_familiar
);
1843 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1844 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1846 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1848 if (n_active_nonexit
) {
1849 guard_bandwidth_excluding_exits
=
1850 median_uint32(bandwidths_excluding_exits
, n_active_nonexit
);
1853 log(LOG_INFO
, LD_DIRSERV
,
1854 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1855 "For Fast: %lu bytes/sec. "
1856 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1857 "and bandwidth %lu or %lu bytes/sec. We%s have enough stability data.",
1858 (unsigned long)stable_uptime
,
1859 (unsigned long)stable_mtbf
,
1860 (unsigned long)fast_bandwidth
,
1862 (unsigned long)guard_tk
,
1863 (unsigned long)guard_bandwidth_including_exits
,
1864 (unsigned long)guard_bandwidth_excluding_exits
,
1865 enough_mtbf_info
? "" : " don't ");
1869 tor_free(bandwidths
);
1870 tor_free(bandwidths_excluding_exits
);
1875 /** Given a platform string as in a routerinfo_t (possibly null), return a
1876 * newly allocated version string for a networkstatus document, or NULL if the
1877 * platform doesn't give a Tor version. */
1879 version_from_platform(const char *platform
)
1881 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1882 const char *eos
= find_whitespace(platform
+4);
1883 if (eos
&& !strcmpstart(eos
, " (r")) {
1884 /* XXXX Unify this logic with the other version extraction
1885 * logic in routerparse.c. */
1886 eos
= find_whitespace(eos
+1);
1889 return tor_strndup(platform
, eos
-platform
);
1895 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1896 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1897 * Use the same format as in network-status documents. If <b>version</b> is
1898 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1899 * failure. If <b>first_line_only</b> is true, don't include any flags
1903 routerstatus_format_entry(char *buf
, size_t buf_len
,
1904 routerstatus_t
*rs
, const char *version
,
1905 int first_line_only
, int v2_format
)
1906 /* XXX: first_line_only and v2_format should probably be be both
1907 * replaced by a single purpose parameter.
1915 char published
[ISO_TIME_LEN
+1];
1916 char ipaddr
[INET_NTOA_BUF_LEN
];
1917 char identity64
[BASE64_DIGEST_LEN
+1];
1918 char digest64
[BASE64_DIGEST_LEN
+1];
1920 format_iso_time(published
, rs
->published_on
);
1921 digest_to_base64(identity64
, rs
->identity_digest
);
1922 digest_to_base64(digest64
, rs
->descriptor_digest
);
1923 in
.s_addr
= htonl(rs
->addr
);
1924 tor_inet_ntoa(&in
, ipaddr
, sizeof(ipaddr
));
1926 r
= tor_snprintf(buf
, buf_len
,
1927 "r %s %s %s %s %s %d %d\n",
1936 log_warn(LD_BUG
, "Not enough space in buffer.");
1939 if (first_line_only
)
1942 cp
= buf
+ strlen(buf
);
1943 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
1944 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
1945 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
1946 /* These must stay in alphabetical order. */
1947 rs
->is_authority
?" Authority":"",
1948 rs
->is_bad_directory
?" BadDirectory":"",
1949 rs
->is_bad_exit
?" BadExit":"",
1950 rs
->is_exit
?" Exit":"",
1951 rs
->is_fast
?" Fast":"",
1952 rs
->is_possible_guard
?" Guard":"",
1953 rs
->is_hs_dir
?" HSDir":"",
1954 rs
->is_named
?" Named":"",
1955 rs
->is_running
?" Running":"",
1956 rs
->is_stable
?" Stable":"",
1957 rs
->is_unnamed
?" Unnamed":"",
1958 rs
->is_v2_dir
?" V2Dir":"",
1959 rs
->is_valid
?" Valid":"");
1961 log_warn(LD_BUG
, "Not enough space in buffer.");
1966 /* length of "opt v \n" */
1967 #define V_LINE_OVERHEAD 7
1968 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
1969 if (tor_snprintf(cp
, buf_len
- (cp
-buf
), "opt v %s\n", version
)<0) {
1970 log_warn(LD_BUG
, "Unable to print router version.");
1977 routerinfo_t
* desc
= router_get_by_digest(rs
->identity_digest
);
1979 /* Blow up more or less nicely if we didn't get anything or not the
1980 * thing we expected.
1983 char id
[HEX_DIGEST_LEN
+1];
1984 char dd
[HEX_DIGEST_LEN
+1];
1986 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
1987 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
1988 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
1989 "(wanted descriptor %s).",
1993 if (memcmp(desc
->cache_info
.signed_descriptor_digest
,
1994 rs
->descriptor_digest
,
1996 char rl_d
[HEX_DIGEST_LEN
+1];
1997 char rs_d
[HEX_DIGEST_LEN
+1];
1998 char id
[HEX_DIGEST_LEN
+1];
2000 base16_encode(rl_d
, sizeof(rl_d
),
2001 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
2002 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
2003 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2004 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
2005 "the one in routerstatus: %s vs %s "
2009 tor_assert(!memcmp(desc
->cache_info
.signed_descriptor_digest
,
2010 rs
->descriptor_digest
,
2014 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2016 router_get_advertised_bandwidth_capped(desc
) / 1024);
2018 log_warn(LD_BUG
, "Not enough space in buffer.");
2023 summary
= policy_summarize(desc
->exit_policy
);
2024 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
), "p %s\n", summary
);
2026 log_warn(LD_BUG
, "Not enough space in buffer.");
2037 /** Helper for sorting: compares two routerinfos first by address, and then by
2038 * descending order of "usefulness". (An authority is more useful than a
2039 * non-authority; a running router is more useful than a non-running router;
2040 * and a router with more bandwidth is more useful than one with less.)
2043 _compare_routerinfo_by_ip_and_bw(const void **a
, const void **b
)
2045 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2046 int first_is_auth
, second_is_auth
;
2047 uint32_t bw_first
, bw_second
;
2049 /* we return -1 if first should appear before second... that is,
2050 * if first is a better router. */
2051 if (first
->addr
< second
->addr
)
2053 else if (first
->addr
> second
->addr
)
2056 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
2057 * reality, we will almost never get here, since addresses will usually be
2061 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2063 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2065 if (first_is_auth
&& !second_is_auth
)
2067 else if (!first_is_auth
&& second_is_auth
)
2070 else if (first
->is_running
&& !second
->is_running
)
2072 else if (!first
->is_running
&& second
->is_running
)
2075 bw_first
= router_get_advertised_bandwidth(first
);
2076 bw_second
= router_get_advertised_bandwidth(second
);
2078 if (bw_first
> bw_second
)
2080 else if (bw_first
< bw_second
)
2083 /* They're equal! Compare by identity digest, so there's a
2084 * deterministic order and we avoid flapping. */
2085 return memcmp(first
->cache_info
.identity_digest
,
2086 second
->cache_info
.identity_digest
,
2090 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2091 * whose keys are the identity digests of those routers that we're going to
2092 * exclude for Sybil-like appearance. */
2093 static digestmap_t
*
2094 get_possible_sybil_list(const smartlist_t
*routers
)
2096 or_options_t
*options
= get_options();
2097 digestmap_t
*omit_as_sybil
;
2098 smartlist_t
*routers_by_ip
= smartlist_create();
2101 /* Allow at most this number of Tor servers on a single IP address, ... */
2102 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2103 /* ... unless it's a directory authority, in which case allow more. */
2104 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2105 if (max_with_same_addr
<= 0)
2106 max_with_same_addr
= INT_MAX
;
2107 if (max_with_same_addr_on_authority
<= 0)
2108 max_with_same_addr_on_authority
= INT_MAX
;
2110 smartlist_add_all(routers_by_ip
, routers
);
2111 smartlist_sort(routers_by_ip
, _compare_routerinfo_by_ip_and_bw
);
2112 omit_as_sybil
= digestmap_new();
2116 SMARTLIST_FOREACH(routers_by_ip
, routerinfo_t
*, ri
,
2118 if (last_addr
!= ri
->addr
) {
2119 last_addr
= ri
->addr
;
2121 } else if (++addr_count
> max_with_same_addr
) {
2122 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2123 addr_count
> max_with_same_addr_on_authority
)
2124 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2128 smartlist_free(routers_by_ip
);
2129 return omit_as_sybil
;
2132 /** Extract status information from <b>ri</b> and from other authority
2133 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2134 * the named flag in <b>rs</b>. If not <b>exits_can_be_guards</b>, never mark
2135 * an exit as a guard. If <b>listbadexits</b>, consider setting the badexit
2138 * We assume that ri-\>is_running has already been set, e.g. by
2139 * dirserv_set_router_is_running(ri, now);
2142 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2143 routerinfo_t
*ri
, time_t now
,
2144 int naming
, int exits_can_be_guards
,
2145 int listbadexits
, int listbaddirs
)
2147 int unstable_version
=
2148 !tor_version_as_new_as(ri
->platform
,"0.1.1.16-rc-cvs");
2149 memset(rs
, 0, sizeof(routerstatus_t
));
2152 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2154 /* Already set by compute_performance_thresholds. */
2155 rs
->is_exit
= ri
->is_exit
;
2156 rs
->is_stable
= ri
->is_stable
=
2157 router_is_active(ri
, now
) &&
2158 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0) &&
2160 rs
->is_fast
= ri
->is_fast
=
2161 router_is_active(ri
, now
) &&
2162 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2163 rs
->is_running
= ri
->is_running
; /* computed above */
2166 uint32_t name_status
= dirserv_get_name_status(
2167 ri
->cache_info
.identity_digest
, ri
->nickname
);
2168 rs
->is_named
= (naming
&& (name_status
& FP_NAMED
)) ? 1 : 0;
2169 rs
->is_unnamed
= (naming
&& (name_status
& FP_UNNAMED
)) ? 1 : 0;
2171 rs
->is_valid
= ri
->is_valid
;
2174 (!rs
->is_exit
|| exits_can_be_guards
) &&
2175 (router_get_advertised_bandwidth(ri
) >= BANDWIDTH_TO_GUARANTEE_GUARD
||
2176 router_get_advertised_bandwidth(ri
) >=
2177 (exits_can_be_guards
? guard_bandwidth_including_exits
:
2178 guard_bandwidth_excluding_exits
))) {
2179 long tk
= rep_hist_get_weighted_time_known(
2180 ri
->cache_info
.identity_digest
, now
);
2181 double wfu
= rep_hist_get_weighted_fractional_uptime(
2182 ri
->cache_info
.identity_digest
, now
);
2183 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2185 rs
->is_possible_guard
= 0;
2187 rs
->is_bad_directory
= listbaddirs
&& ri
->is_bad_directory
;
2188 rs
->is_bad_exit
= listbadexits
&& ri
->is_bad_exit
;
2189 ri
->is_hs_dir
= dirserv_thinks_router_is_hs_dir(ri
, now
);
2190 rs
->is_hs_dir
= ri
->is_hs_dir
;
2191 rs
->is_v2_dir
= ri
->dir_port
!= 0;
2193 if (!strcasecmp(ri
->nickname
, UNNAMED_ROUTER_NICKNAME
))
2194 rs
->is_named
= rs
->is_unnamed
= 0;
2196 rs
->published_on
= ri
->cache_info
.published_on
;
2197 memcpy(rs
->identity_digest
, ri
->cache_info
.identity_digest
, DIGEST_LEN
);
2198 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2200 rs
->addr
= ri
->addr
;
2201 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2202 rs
->or_port
= ri
->or_port
;
2203 rs
->dir_port
= ri
->dir_port
;
2206 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2207 * too narrow an IP-space. Clear out its flags: we don't want people
2211 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2213 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2214 rs
->is_running
= rs
->is_named
= rs
->is_valid
= rs
->is_v2_dir
=
2215 rs
->is_hs_dir
= rs
->is_possible_guard
= rs
->is_bad_exit
=
2216 rs
->is_bad_directory
= 0;
2217 /* FFFF we might want some mechanism to check later on if we
2218 * missed zeroing any flags: it's easy to add a new flag but
2219 * forget to add it to this clause. */
2222 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2223 * function here because it's eerily similar to
2224 * clear_status_flags_on_sybil() above. One day we should merge them. */
2226 router_clear_status_flags(routerinfo_t
*router
)
2228 router
->is_valid
= router
->is_running
= router
->is_hs_dir
=
2229 router
->is_fast
= router
->is_stable
=
2230 router
->is_possible_guard
= router
->is_exit
=
2231 router
->is_bad_exit
= router
->is_bad_directory
= 0;
2234 /** Return a new networkstatus_t* containing our current opinion. (For v3
2237 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t
*private_key
,
2238 authority_cert_t
*cert
)
2240 or_options_t
*options
= get_options();
2241 networkstatus_t
*v3_out
= NULL
;
2243 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2244 const char *contact
;
2245 smartlist_t
*routers
, *routerstatuses
;
2246 char identity_digest
[DIGEST_LEN
];
2247 char signing_key_digest
[DIGEST_LEN
];
2248 int naming
= options
->NamingAuthoritativeDir
;
2249 int listbadexits
= options
->AuthDirListBadExits
;
2250 int listbaddirs
= options
->AuthDirListBadDirs
;
2251 int exits_can_be_guards
;
2252 routerlist_t
*rl
= router_get_routerlist();
2253 time_t now
= time(NULL
);
2254 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2255 networkstatus_voter_info_t
*voter
= NULL
;
2256 vote_timing_t timing
;
2257 digestmap_t
*omit_as_sybil
= NULL
;
2258 int vote_on_reachability
= 1;
2260 tor_assert(private_key
);
2263 if (now
- time_of_process_start
<
2264 options
->TestingAuthDirTimeToLearnReachability
)
2265 vote_on_reachability
= 0;
2267 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2268 log_warn(LD_NET
, "Couldn't resolve my hostname");
2271 if (!strchr(hostname
, '.')) {
2273 hostname
= tor_dup_ip(addr
);
2275 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2276 log_err(LD_BUG
, "Error computing signing key digest");
2279 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2280 log_err(LD_BUG
, "Error computing identity key digest");
2284 if (options
->VersioningAuthoritativeDir
) {
2285 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2286 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2289 contact
= get_options()->ContactInfo
;
2293 /* precompute this part, since we need it to decide what "stable"
2295 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2296 dirserv_set_router_is_running(ri
, now
);
2299 dirserv_compute_performance_thresholds(rl
);
2301 /* XXXX We should take steps to keep this from oscillating if
2302 * total_exit_bandwidth is close to total_bandwidth/3. */
2303 exits_can_be_guards
= total_exit_bandwidth
>= (total_bandwidth
/ 3);
2305 routers
= smartlist_create();
2306 smartlist_add_all(routers
, rl
->routers
);
2307 routers_sort_by_identity(routers
);
2308 omit_as_sybil
= get_possible_sybil_list(routers
);
2310 routerstatuses
= smartlist_create();
2312 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
, {
2313 if (ri
->cache_info
.published_on
>= cutoff
) {
2315 vote_routerstatus_t
*vrs
;
2317 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2319 set_routerstatus_from_routerinfo(rs
, ri
, now
,
2320 naming
, exits_can_be_guards
,
2321 listbadexits
, listbaddirs
);
2323 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2324 clear_status_flags_on_sybil(rs
);
2326 if (!vote_on_reachability
)
2329 vrs
->version
= version_from_platform(ri
->platform
);
2330 smartlist_add(routerstatuses
, vrs
);
2333 smartlist_free(routers
);
2334 digestmap_free(omit_as_sybil
, NULL
);
2336 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2338 v3_out
->type
= NS_TYPE_VOTE
;
2339 dirvote_get_preferred_voting_intervals(&timing
);
2340 v3_out
->published
= now
;
2342 char tbuf
[ISO_TIME_LEN
+1];
2343 networkstatus_t
*current_consensus
=
2344 networkstatus_get_live_consensus(now
);
2345 long last_consensus_interval
; /* only used to pick a valid_after */
2346 if (current_consensus
)
2347 last_consensus_interval
= current_consensus
->fresh_until
-
2348 current_consensus
->valid_after
;
2350 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2351 v3_out
->valid_after
=
2352 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
);
2353 format_iso_time(tbuf
, v3_out
->valid_after
);
2354 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2355 "consensus_set=%d, last_interval=%d",
2356 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2358 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2359 v3_out
->valid_until
= v3_out
->valid_after
+
2360 (timing
.vote_interval
* timing
.n_intervals_valid
);
2361 v3_out
->vote_seconds
= timing
.vote_delay
;
2362 v3_out
->dist_seconds
= timing
.dist_delay
;
2363 tor_assert(v3_out
->vote_seconds
> 0);
2364 tor_assert(v3_out
->dist_seconds
> 0);
2365 tor_assert(timing
.n_intervals_valid
> 0);
2367 v3_out
->client_versions
= client_versions
;
2368 v3_out
->server_versions
= server_versions
;
2369 v3_out
->known_flags
= smartlist_create();
2370 smartlist_split_string(v3_out
->known_flags
,
2371 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2372 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2373 if (vote_on_reachability
)
2374 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2376 smartlist_add(v3_out
->known_flags
, tor_strdup("BadDirectory"));
2378 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2380 smartlist_add(v3_out
->known_flags
, tor_strdup("Named"));
2381 smartlist_add(v3_out
->known_flags
, tor_strdup("Unnamed"));
2383 smartlist_sort_strings(v3_out
->known_flags
);
2385 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2386 voter
->nickname
= tor_strdup(options
->Nickname
);
2387 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
2388 voter
->address
= hostname
;
2390 voter
->dir_port
= options
->DirPort
;
2391 voter
->or_port
= options
->ORPort
;
2392 voter
->contact
= tor_strdup(contact
);
2393 memcpy(voter
->signing_key_digest
, signing_key_digest
, DIGEST_LEN
);
2394 if (options
->V3AuthUseLegacyKey
) {
2395 authority_cert_t
*c
= get_my_v3_legacy_cert();
2397 crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
);
2401 v3_out
->voters
= smartlist_create();
2402 smartlist_add(v3_out
->voters
, voter
);
2403 v3_out
->cert
= authority_cert_dup(cert
);
2404 v3_out
->routerstatus_list
= routerstatuses
;
2405 /* Note: networkstatus_digest is unset; it won't get set until we actually
2406 * format the vote. */
2411 /** For v2 authoritative directories only: Replace the contents of
2412 * <b>the_v2_networkstatus</b> with a newly generated network status
2414 static cached_dir_t
*
2415 generate_v2_networkstatus_opinion(void)
2417 cached_dir_t
*r
= NULL
;
2418 size_t len
, identity_pkey_len
;
2419 char *status
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
,
2420 *identity_pkey
= NULL
, *hostname
= NULL
;
2422 or_options_t
*options
= get_options();
2423 char fingerprint
[FINGERPRINT_LEN
+1];
2424 char ipaddr
[INET_NTOA_BUF_LEN
];
2425 char published
[ISO_TIME_LEN
+1];
2426 char digest
[DIGEST_LEN
];
2429 crypto_pk_env_t
*private_key
;
2430 routerlist_t
*rl
= router_get_routerlist();
2431 time_t now
= time(NULL
);
2432 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2433 int naming
= options
->NamingAuthoritativeDir
;
2434 int versioning
= options
->VersioningAuthoritativeDir
;
2435 int listbaddirs
= options
->AuthDirListBadDirs
;
2436 int listbadexits
= options
->AuthDirListBadExits
;
2437 int exits_can_be_guards
;
2438 const char *contact
;
2439 char *version_lines
= NULL
;
2440 smartlist_t
*routers
= NULL
;
2441 digestmap_t
*omit_as_sybil
= NULL
;
2443 private_key
= get_identity_key();
2445 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2446 log_warn(LD_NET
, "Couldn't resolve my hostname");
2449 in
.s_addr
= htonl(addr
);
2450 tor_inet_ntoa(&in
, ipaddr
, sizeof(ipaddr
));
2452 format_iso_time(published
, now
);
2454 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2455 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2457 if (crypto_pk_write_public_key_to_string(private_key
, &identity_pkey
,
2458 &identity_pkey_len
)<0) {
2459 log_warn(LD_BUG
,"Writing public key to string failed.");
2463 if (crypto_pk_get_fingerprint(private_key
, fingerprint
, 0)<0) {
2464 log_err(LD_BUG
, "Error computing fingerprint");
2468 contact
= get_options()->ContactInfo
;
2473 size_t v_len
= 64+strlen(client_versions
)+strlen(server_versions
);
2474 version_lines
= tor_malloc(v_len
);
2475 tor_snprintf(version_lines
, v_len
,
2476 "client-versions %s\nserver-versions %s\n",
2477 client_versions
, server_versions
);
2479 version_lines
= tor_strdup("");
2482 len
= 4096+strlen(client_versions
)+strlen(server_versions
);
2483 len
+= identity_pkey_len
*2;
2484 len
+= (RS_ENTRY_LEN
)*smartlist_len(rl
->routers
);
2486 status
= tor_malloc(len
);
2487 tor_snprintf(status
, len
,
2488 "network-status-version 2\n"
2489 "dir-source %s %s %d\n"
2493 "dir-options%s%s%s%s\n"
2494 "%s" /* client version line, server version line. */
2495 "dir-signing-key\n%s",
2496 hostname
, ipaddr
, (int)options
->DirPort
,
2500 naming
? " Names" : "",
2501 listbaddirs
? " BadDirectories" : "",
2502 listbadexits
? " BadExits" : "",
2503 versioning
? " Versions" : "",
2506 outp
= status
+ strlen(status
);
2507 endp
= status
+ len
;
2509 /* precompute this part, since we need it to decide what "stable"
2511 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2512 dirserv_set_router_is_running(ri
, now
);
2515 dirserv_compute_performance_thresholds(rl
);
2517 /* XXXX We should take steps to keep this from oscillating if
2518 * total_exit_bandwidth is close to total_bandwidth/3. */
2519 exits_can_be_guards
= total_exit_bandwidth
>= (total_bandwidth
/ 3);
2521 routers
= smartlist_create();
2522 smartlist_add_all(routers
, rl
->routers
);
2523 routers_sort_by_identity(routers
);
2525 omit_as_sybil
= get_possible_sybil_list(routers
);
2527 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
, {
2528 if (ri
->cache_info
.published_on
>= cutoff
) {
2530 char *version
= version_from_platform(ri
->platform
);
2532 set_routerstatus_from_routerinfo(&rs
, ri
, now
,
2533 naming
, exits_can_be_guards
,
2534 listbadexits
, listbaddirs
);
2536 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2537 clear_status_flags_on_sybil(&rs
);
2539 if (routerstatus_format_entry(outp
, endp
-outp
, &rs
, version
, 0, 1)) {
2540 log_warn(LD_BUG
, "Unable to print router status.");
2545 outp
+= strlen(outp
);
2549 if (tor_snprintf(outp
, endp
-outp
, "directory-signature %s\n",
2550 get_options()->Nickname
)<0) {
2551 log_warn(LD_BUG
, "Unable to write signature line.");
2554 if (router_get_networkstatus_v2_hash(status
, digest
)<0) {
2555 log_warn(LD_BUG
, "Unable to hash network status");
2558 outp
+= strlen(outp
);
2560 note_crypto_pk_op(SIGN_DIR
);
2561 if (router_append_dirobj_signature(outp
,endp
-outp
,digest
,private_key
)<0) {
2562 log_warn(LD_BUG
, "Unable to sign router status.");
2567 networkstatus_v2_t
*ns
;
2568 if (!(ns
= networkstatus_v2_parse_from_string(status
))) {
2569 log_err(LD_BUG
,"Generated a networkstatus we couldn't parse.");
2572 networkstatus_v2_free(ns
);
2576 cached_dir_t
**ns_ptr
= &the_v2_networkstatus
;
2578 cached_dir_decref(*ns_ptr
);
2579 *ns_ptr
= new_cached_dir(status
, now
);
2580 status
= NULL
; /* So it doesn't get double-freed. */
2581 the_v2_networkstatus_is_dirty
= 0;
2582 router_set_networkstatus_v2((*ns_ptr
)->dir
, now
, NS_GENERATED
, NULL
);
2587 tor_free(client_versions
);
2588 tor_free(server_versions
);
2589 tor_free(version_lines
);
2592 tor_free(identity_pkey
);
2594 smartlist_free(routers
);
2596 digestmap_free(omit_as_sybil
, NULL
);
2600 /** Given the portion of a networkstatus request URL after "tor/status/" in
2601 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2602 * networkstatus objects that the client has requested. */
2604 dirserv_get_networkstatus_v2_fingerprints(smartlist_t
*result
,
2609 if (!cached_v2_networkstatus
)
2610 cached_v2_networkstatus
= digestmap_new();
2612 if (should_generate_v2_networkstatus())
2613 generate_v2_networkstatus_opinion();
2615 if (!strcmp(key
,"authority")) {
2616 if (authdir_mode_v2(get_options())) {
2617 routerinfo_t
*me
= router_get_my_routerinfo();
2619 smartlist_add(result
,
2620 tor_memdup(me
->cache_info
.identity_digest
, DIGEST_LEN
));
2622 } else if (!strcmp(key
, "all")) {
2623 if (digestmap_size(cached_v2_networkstatus
)) {
2624 digestmap_iter_t
*iter
;
2625 iter
= digestmap_iter_init(cached_v2_networkstatus
);
2626 while (!digestmap_iter_done(iter
)) {
2629 digestmap_iter_get(iter
, &ident
, &val
);
2630 smartlist_add(result
, tor_memdup(ident
, DIGEST_LEN
));
2631 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
);
2634 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2635 trusted_dir_server_t
*, ds
,
2636 if (ds
->type
& V2_AUTHORITY
)
2637 smartlist_add(result
, tor_memdup(ds
->digest
, DIGEST_LEN
)));
2639 smartlist_sort_digests(result
);
2640 if (smartlist_len(result
) == 0)
2641 log_info(LD_DIRSERV
,
2642 "Client requested 'all' network status objects; we have none.");
2643 } else if (!strcmpstart(key
, "fp/")) {
2644 dir_split_resource_into_fingerprints(key
+3, result
, NULL
, 1, 1);
2648 /** Look for a network status object as specified by <b>key</b>, which should
2649 * be either "authority" (to find a network status generated by us), a hex
2650 * identity digest (to find a network status generated by given directory), or
2651 * "all" (to return all the v2 network status objects we have).
2654 dirserv_get_networkstatus_v2(smartlist_t
*result
,
2657 cached_dir_t
*cached
;
2658 smartlist_t
*fingerprints
= smartlist_create();
2661 if (!cached_v2_networkstatus
)
2662 cached_v2_networkstatus
= digestmap_new();
2664 dirserv_get_networkstatus_v2_fingerprints(fingerprints
, key
);
2665 SMARTLIST_FOREACH(fingerprints
, const char *, fp
,
2667 if (router_digest_is_me(fp
) && should_generate_v2_networkstatus())
2668 generate_v2_networkstatus_opinion();
2669 cached
= digestmap_get(cached_v2_networkstatus
, fp
);
2671 smartlist_add(result
, cached
);
2673 char hexbuf
[HEX_DIGEST_LEN
+1];
2674 base16_encode(hexbuf
, sizeof(hexbuf
), fp
, DIGEST_LEN
);
2675 log_info(LD_DIRSERV
, "Don't know about any network status with "
2676 "fingerprint '%s'", hexbuf
);
2679 SMARTLIST_FOREACH(fingerprints
, char *, cp
, tor_free(cp
));
2680 smartlist_free(fingerprints
);
2683 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2684 * pointers, adds copies of digests to fps_out, and doesn't use the
2685 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2686 * requests, adds identity digests.
2689 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
2690 const char **msg
, int for_unencrypted_conn
,
2696 if (!strcmp(key
, "all")) {
2697 routerlist_t
*rl
= router_get_routerlist();
2698 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
2699 smartlist_add(fps_out
,
2700 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
2701 } else if (!strcmp(key
, "authority")) {
2702 routerinfo_t
*ri
= router_get_my_routerinfo();
2704 smartlist_add(fps_out
,
2705 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
2706 } else if (!strcmpstart(key
, "d/")) {
2708 key
+= strlen("d/");
2709 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
, 1, 1);
2710 } else if (!strcmpstart(key
, "fp/")) {
2711 key
+= strlen("fp/");
2712 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
, 1, 1);
2714 *msg
= "Key not recognized";
2718 if (for_unencrypted_conn
) {
2719 /* Remove anything that insists it not be sent unencrypted. */
2720 SMARTLIST_FOREACH(fps_out
, char *, cp
, {
2721 signed_descriptor_t
*sd
;
2723 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
2724 else if (is_extrainfo
)
2725 sd
= extrainfo_get_by_descriptor_digest(cp
);
2727 sd
= router_get_by_descriptor_digest(cp
);
2728 if (sd
&& !sd
->send_unencrypted
) {
2730 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
2735 if (!smartlist_len(fps_out
)) {
2736 *msg
= "Servers unavailable";
2742 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
2743 * <b>key</b>. The key should be either
2744 * - "/tor/server/authority" for our own routerinfo;
2745 * - "/tor/server/all" for all the routerinfos we have, concatenated;
2746 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
2747 * hex identity digests; or
2748 * - "/tor/server/d/D" where D is a plus-separated sequence
2749 * of server descriptor digests, in hex.
2751 * Return 0 if we found some matching descriptors, or -1 if we do not
2752 * have any descriptors, no matching descriptors, or if we did not
2753 * recognize the key (URL).
2754 * If -1 is returned *<b>msg</b> will be set to an appropriate error
2757 * XXXX rename this function. It's only called from the controller.
2758 * XXXX in fact, refactor this function, mergeing as much as possible.
2761 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
2766 if (!strcmp(key
, "/tor/server/all")) {
2767 routerlist_t
*rl
= router_get_routerlist();
2768 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
2769 smartlist_add(descs_out
, &(r
->cache_info
)));
2770 } else if (!strcmp(key
, "/tor/server/authority")) {
2771 routerinfo_t
*ri
= router_get_my_routerinfo();
2773 smartlist_add(descs_out
, &(ri
->cache_info
));
2774 } else if (!strcmpstart(key
, "/tor/server/d/")) {
2775 smartlist_t
*digests
= smartlist_create();
2776 key
+= strlen("/tor/server/d/");
2777 dir_split_resource_into_fingerprints(key
, digests
, NULL
, 1, 1);
2778 SMARTLIST_FOREACH(digests
, const char *, d
,
2780 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
2782 smartlist_add(descs_out
,sd
);
2784 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
2785 smartlist_free(digests
);
2786 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
2787 smartlist_t
*digests
= smartlist_create();
2788 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
2789 key
+= strlen("/tor/server/fp/");
2790 dir_split_resource_into_fingerprints(key
, digests
, NULL
, 1, 1);
2791 SMARTLIST_FOREACH(digests
, const char *, d
,
2793 if (router_digest_is_me(d
)) {
2794 /* make sure desc_routerinfo exists */
2795 routerinfo_t
*ri
= router_get_my_routerinfo();
2797 smartlist_add(descs_out
, &(ri
->cache_info
));
2799 routerinfo_t
*ri
= router_get_by_digest(d
);
2800 /* Don't actually serve a descriptor that everyone will think is
2801 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
2802 * Tors from downloading descriptors that they will throw away.
2804 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
2805 smartlist_add(descs_out
, &(ri
->cache_info
));
2808 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
2809 smartlist_free(digests
);
2811 *msg
= "Key not recognized";
2815 if (!smartlist_len(descs_out
)) {
2816 *msg
= "Servers unavailable";
2822 /** Called when a TLS handshake has completed successfully with a
2823 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
2824 * a certificate with digest <b>digest_rcvd</b>.
2826 * Also, if as_advertised is 1, then inform the reachability checker
2827 * that we could get to this guy.
2830 dirserv_orconn_tls_done(const char *address
,
2832 const char *digest_rcvd
,
2835 routerlist_t
*rl
= router_get_routerlist();
2836 time_t now
= time(NULL
);
2837 int bridge_auth
= authdir_mode_bridge(get_options());
2838 tor_assert(address
);
2839 tor_assert(digest_rcvd
);
2841 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2842 if (!strcasecmp(address
, ri
->address
) && or_port
== ri
->or_port
&&
2844 !memcmp(ri
->cache_info
.identity_digest
, digest_rcvd
, DIGEST_LEN
)) {
2845 /* correct digest. mark this router reachable! */
2846 if (!bridge_auth
|| ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
2847 log_info(LD_DIRSERV
, "Found router %s to be reachable. Yay.",
2849 rep_hist_note_router_reachable(digest_rcvd
, now
);
2850 ri
->last_reachable
= now
;
2854 /* FFFF Maybe we should reinstate the code that dumps routers with the same
2855 * addr/port but with nonmatching keys, but instead of dumping, we should
2859 /** Auth dir server only: if <b>try_all</b> is 1, launch connections to
2860 * all known routers; else we want to load balance such that we only
2861 * try a few connections per call.
2863 * The load balancing is such that if we get called once every ten
2864 * seconds, we will cycle through all the tests in 1280 seconds (a
2865 * bit over 20 minutes).
2868 dirserv_test_reachability(time_t now
, int try_all
)
2870 /* XXX decide what to do here; see or-talk thread "purging old router
2871 * information, revocation." -NM
2872 * We can't afford to mess with this in 0.1.2.x. The reason is that
2873 * if we stop doing reachability tests on some of routerlist, then
2874 * we'll for-sure think they're down, which may have unexpected
2875 * effects in other parts of the code. It doesn't hurt much to do
2876 * the testing, and directory authorities are easy to upgrade. Let's
2877 * wait til 0.2.0. -RD */
2878 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
2879 routerlist_t
*rl
= router_get_routerlist();
2880 static char ctr
= 0;
2881 int bridge_auth
= authdir_mode_bridge(get_options());
2883 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
2884 const char *id_digest
= router
->cache_info
.identity_digest
;
2885 tor_addr_t router_addr
;
2886 if (router_is_me(router
))
2888 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
2889 continue; /* bridge authorities only test reachability on bridges */
2890 // if (router->cache_info.published_on > cutoff)
2892 if (try_all
|| (((uint8_t)id_digest
[0]) % 128) == ctr
) {
2893 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
2894 router
->nickname
, router
->address
, router
->or_port
);
2895 /* Remember when we started trying to determine reachability */
2896 if (!router
->testing_since
)
2897 router
->testing_since
= now
;
2898 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
2899 connection_or_connect(&router_addr
, router
->or_port
, id_digest
);
2901 } SMARTLIST_FOREACH_END(router
);
2902 if (!try_all
) /* increment ctr */
2903 ctr
= (ctr
+ 1) % 128;
2906 /** Given a fingerprint <b>fp</b> which is either set if we're looking
2907 * for a v2 status, or zeroes if we're looking for a v3 status, return
2908 * a pointer to the appropriate cached dir object, or NULL if there isn't
2910 static cached_dir_t
*
2911 lookup_cached_dir_by_fp(const char *fp
)
2913 cached_dir_t
*d
= NULL
;
2914 if (tor_digest_is_zero(fp
) && cached_v3_networkstatus
)
2915 d
= cached_v3_networkstatus
;
2916 else if (router_digest_is_me(fp
) && the_v2_networkstatus
)
2917 d
= the_v2_networkstatus
;
2918 else if (cached_v2_networkstatus
)
2919 d
= digestmap_get(cached_v2_networkstatus
, fp
);
2923 /** Remove from <b>fps</b> every networkstatus key where both
2924 * a) we have a networkstatus document and
2925 * b) it is not newer than <b>cutoff</b>.
2927 * Return 1 if any items were present at all; else return 0.
2930 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
2933 SMARTLIST_FOREACH(fps
, char *, digest
,
2935 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
2939 if (d
->published
<= cutoff
) {
2941 SMARTLIST_DEL_CURRENT(fps
, digest
);
2948 /** Return the cache-info for identity fingerprint <b>fp</b>, or
2949 * its extra-info document if <b>extrainfo</b> is true. Return
2950 * NULL if not found or if the descriptor is older than
2951 * <b>publish_cutoff</b>. */
2952 static signed_descriptor_t
*
2953 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
2954 time_t publish_cutoff
)
2956 if (router_digest_is_me(fp
)) {
2958 return &(router_get_my_extrainfo()->cache_info
);
2960 return &(router_get_my_routerinfo()->cache_info
);
2962 routerinfo_t
*ri
= router_get_by_digest(fp
);
2964 ri
->cache_info
.published_on
> publish_cutoff
) {
2966 return extrainfo_get_by_descriptor_digest(
2967 ri
->cache_info
.extra_info_digest
);
2969 return &ri
->cache_info
;
2975 /** Return true iff we have any of the docments (extrainfo or routerdesc)
2976 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
2977 * decide whether to send a 404. */
2979 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
2981 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
2982 SMARTLIST_FOREACH(fps
, const char *, fp
, {
2985 case DIR_SPOOL_EXTRA_BY_DIGEST
:
2986 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
2988 case DIR_SPOOL_SERVER_BY_DIGEST
:
2989 if (router_get_by_descriptor_digest(fp
)) return 1;
2991 case DIR_SPOOL_EXTRA_BY_FP
:
2992 case DIR_SPOOL_SERVER_BY_FP
:
2993 if (get_signed_descriptor_by_fp(fp
,
2994 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3002 /** Return an approximate estimate of the number of bytes that will
3003 * be needed to transmit the server descriptors (if is_serverdescs --
3004 * they can be either d/ or fp/ queries) or networkstatus objects (if
3005 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3006 * we guess how large the data will be after compression.
3008 * The return value is an estimate; it might be larger or smaller.
3011 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3016 if (is_serverdescs
) {
3017 int n
= smartlist_len(fps
);
3018 routerinfo_t
*me
= router_get_my_routerinfo();
3019 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3021 result
/= 2; /* observed compressability is between 35 and 55%. */
3024 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3025 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3027 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3033 /** When we're spooling data onto our outbuf, add more whenever we dip
3034 * below this threshold. */
3035 #define DIRSERV_BUFFER_MIN 16384
3037 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3038 * Flushes any remaining data to be (un)compressed, and changes the spool
3039 * source to NONE. Returns 0 on success, negative on failure. */
3041 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3043 if (conn
->zlib_state
) {
3044 connection_write_to_buf_zlib("", 0, conn
, 1);
3045 tor_zlib_free(conn
->zlib_state
);
3046 conn
->zlib_state
= NULL
;
3048 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3052 /** Spooling helper: called when we're sending a bunch of server descriptors,
3053 * and the outbuf has become too empty. Pulls some entries from
3054 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3055 * run out of entries, flushes the zlib state and sets the spool source to
3056 * NONE. Returns 0 on success, negative on failure.
3059 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3061 #ifdef TRACK_SERVED_TIME
3062 time_t now
= time(NULL
);
3064 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3065 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3066 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3067 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3068 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3070 while (smartlist_len(conn
->fingerprint_stack
) &&
3071 buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
3073 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3074 signed_descriptor_t
*sd
= NULL
;
3076 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3078 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3079 : router_get_by_descriptor_digest(fp
);
3084 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3085 /* we did this check once before (so we could have an accurate size
3086 * estimate and maybe send a 404 if somebody asked for only bridges on a
3087 * connection), but we need to do it again in case a previously
3088 * unknown bridge descriptor has shown up between then and now. */
3091 #ifdef TRACK_SERVED_TIME
3092 sd
->last_served_at
= now
;
3094 body
= signed_descriptor_get_body(sd
);
3095 if (conn
->zlib_state
) {
3096 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3097 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3100 tor_zlib_free(conn
->zlib_state
);
3101 conn
->zlib_state
= NULL
;
3104 connection_write_to_buf(body
,
3105 sd
->signed_descriptor_len
,
3110 if (!smartlist_len(conn
->fingerprint_stack
)) {
3111 /* We just wrote the last one; finish up. */
3112 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3113 smartlist_free(conn
->fingerprint_stack
);
3114 conn
->fingerprint_stack
= NULL
;
3119 /** Spooling helper: Called when we're sending a directory or networkstatus,
3120 * and the outbuf has become too empty. Pulls some bytes from
3121 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3122 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3123 * and sets the spool source to NONE. Returns 0 on success, negative on
3126 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3131 bytes
= DIRSERV_BUFFER_MIN
- buf_datalen(conn
->_base
.outbuf
);
3132 tor_assert(bytes
> 0);
3133 tor_assert(conn
->cached_dir
);
3136 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3137 if (bytes
> remaining
)
3138 bytes
= (ssize_t
) remaining
;
3140 if (conn
->zlib_state
) {
3141 connection_write_to_buf_zlib(
3142 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3143 bytes
, conn
, bytes
== remaining
);
3145 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3146 bytes
, TO_CONN(conn
));
3148 conn
->cached_dir_offset
+= bytes
;
3149 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3150 /* We just wrote the last one; finish up. */
3151 connection_dirserv_finish_spooling(conn
);
3152 cached_dir_decref(conn
->cached_dir
);
3153 conn
->cached_dir
= NULL
;
3158 /** Spooling helper: Called when we're spooling networkstatus objects on
3159 * <b>conn</b>, and the outbuf has become too empty. If the current
3160 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3161 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3162 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3163 * treated as a request for the current consensus.) If we run out of entries,
3164 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3165 * success, negative on failure. */
3167 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3170 while (buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
3171 if (conn
->cached_dir
) {
3172 int uncompressing
= (conn
->zlib_state
!= NULL
);
3173 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3174 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3175 /* add_dir_bytes thinks we're done with the cached_dir. But we
3176 * may have more cached_dirs! */
3177 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3178 /* This bit is tricky. If we were uncompressing the last
3179 * networkstatus, we may need to make a new zlib object to
3180 * uncompress the next one. */
3181 if (uncompressing
&& ! conn
->zlib_state
&&
3182 conn
->fingerprint_stack
&&
3183 smartlist_len(conn
->fingerprint_stack
)) {
3184 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
);
3188 } else if (conn
->fingerprint_stack
&&
3189 smartlist_len(conn
->fingerprint_stack
)) {
3190 /* Add another networkstatus; start serving it. */
3191 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3192 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3196 conn
->cached_dir
= d
;
3197 conn
->cached_dir_offset
= 0;
3200 connection_dirserv_finish_spooling(conn
);
3201 if (conn
->fingerprint_stack
)
3202 smartlist_free(conn
->fingerprint_stack
);
3203 conn
->fingerprint_stack
= NULL
;
3210 /** Called whenever we have flushed some directory data in state
3211 * SERVER_WRITING. */
3213 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3215 tor_assert(conn
->_base
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3217 if (buf_datalen(conn
->_base
.outbuf
) >= DIRSERV_BUFFER_MIN
)
3220 switch (conn
->dir_spool_src
) {
3221 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3222 case DIR_SPOOL_EXTRA_BY_FP
:
3223 case DIR_SPOOL_SERVER_BY_DIGEST
:
3224 case DIR_SPOOL_SERVER_BY_FP
:
3225 return connection_dirserv_add_servers_to_outbuf(conn
);
3226 case DIR_SPOOL_CACHED_DIR
:
3227 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3228 case DIR_SPOOL_NETWORKSTATUS
:
3229 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3230 case DIR_SPOOL_NONE
:
3236 /** Release all storage used by the directory server. */
3238 dirserv_free_all(void)
3240 dirserv_free_fingerprint_list();
3242 cached_dir_decref(the_directory
);
3243 clear_cached_dir(&the_runningrouters
);
3244 cached_dir_decref(the_v2_networkstatus
);
3245 cached_dir_decref(cached_directory
);
3246 clear_cached_dir(&cached_runningrouters
);
3247 if (cached_v2_networkstatus
) {
3248 digestmap_free(cached_v2_networkstatus
, _free_cached_dir
);
3249 cached_v2_networkstatus
= NULL
;
3251 cached_dir_decref(cached_v3_networkstatus
);