1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2010, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
10 #include "connection.h"
11 #include "connection_or.h"
13 #include "directory.h"
16 #include "hibernate.h"
17 #include "microdesc.h"
18 #include "networkstatus.h"
22 #include "routerlist.h"
23 #include "routerparse.h"
27 * \brief Directory server core implementation. Manages directory
28 * contents and generates directories.
31 /** How far in the future do we allow a router to get? (seconds) */
32 #define ROUTER_ALLOW_SKEW (60*60*12)
33 /** How many seconds do we wait before regenerating the directory? */
34 #define DIR_REGEN_SLACK_TIME 30
35 /** If we're a cache, keep this many networkstatuses around from non-trusted
36 * directory authorities. */
37 #define MAX_UNTRUSTED_NETWORKSTATUSES 16
39 /** If a v1 directory is older than this, discard it. */
40 #define MAX_V1_DIRECTORY_AGE (30*24*60*60)
41 /** If a v1 running-routers is older than this, discard it. */
42 #define MAX_V1_RR_AGE (7*24*60*60)
44 extern time_t time_of_process_start
; /* from main.c */
46 /** Do we need to regenerate the v1 directory when someone asks for it? */
47 static time_t the_directory_is_dirty
= 1;
48 /** Do we need to regenerate the v1 runningrouters document when somebody
50 static time_t runningrouters_is_dirty
= 1;
51 /** Do we need to regenerate our v2 networkstatus document when somebody asks
53 static time_t the_v2_networkstatus_is_dirty
= 1;
55 /** Most recently generated encoded signed v1 directory. (v1 auth dirservers
57 static cached_dir_t
*the_directory
= NULL
;
59 /** For authoritative directories: the current (v1) network status. */
60 static cached_dir_t the_runningrouters
;
62 static void directory_remove_invalid(void);
63 static cached_dir_t
*dirserv_regenerate_directory(void);
64 static char *format_versions_list(config_line_t
*ln
);
65 struct authdir_config_t
;
66 static int add_fingerprint_to_dir(const char *nickname
, const char *fp
,
67 struct authdir_config_t
*list
);
68 static uint32_t dirserv_router_get_status(const routerinfo_t
*router
,
71 dirserv_get_status_impl(const char *fp
, const char *nickname
,
73 uint32_t addr
, uint16_t or_port
,
74 const char *platform
, const char *contact
,
75 const char **msg
, int should_log
);
76 static void clear_cached_dir(cached_dir_t
*d
);
77 static signed_descriptor_t
*get_signed_descriptor_by_fp(const char *fp
,
79 time_t publish_cutoff
);
80 static int dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
);
82 /************** Measured Bandwidth parsing code ******/
83 #define MAX_MEASUREMENT_AGE (3*24*60*60) /* 3 days */
85 /************** Fingerprint handling code ************/
87 #define FP_NAMED 1 /**< Listed in fingerprint file. */
88 #define FP_INVALID 2 /**< Believed invalid. */
89 #define FP_REJECT 4 /**< We will not publish this router. */
90 #define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
91 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
92 #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
94 /** Encapsulate a nickname and an FP_* status; target of status_by_digest
96 typedef struct router_status_t
{
97 char nickname
[MAX_NICKNAME_LEN
+1];
101 /** List of nickname-\>identity fingerprint mappings for all the routers
102 * that we name. Used to prevent router impersonation. */
103 typedef struct authdir_config_t
{
104 strmap_t
*fp_by_name
; /**< Map from lc nickname to fingerprint. */
105 digestmap_t
*status_by_digest
; /**< Map from digest to router_status_t. */
108 /** Should be static; exposed for testing. */
109 static authdir_config_t
*fingerprint_list
= NULL
;
111 /** Allocate and return a new, empty, authdir_config_t. */
112 static authdir_config_t
*
113 authdir_config_new(void)
115 authdir_config_t
*list
= tor_malloc_zero(sizeof(authdir_config_t
));
116 list
->fp_by_name
= strmap_new();
117 list
->status_by_digest
= digestmap_new();
121 /** Add the fingerprint <b>fp</b> for <b>nickname</b> to
122 * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
123 * new, or 1 if we replaced the old value.
126 add_fingerprint_to_dir(const char *nickname
, const char *fp
,
127 authdir_config_t
*list
)
131 router_status_t
*status
;
132 tor_assert(nickname
);
136 fingerprint
= tor_strdup(fp
);
137 tor_strstrip(fingerprint
, " ");
138 if (base16_decode(d
, DIGEST_LEN
, fingerprint
, strlen(fingerprint
))) {
139 log_warn(LD_DIRSERV
, "Couldn't decode fingerprint \"%s\"",
141 tor_free(fingerprint
);
145 if (!strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
146 log_warn(LD_DIRSERV
, "Tried to add a mapping for reserved nickname %s",
147 UNNAMED_ROUTER_NICKNAME
);
148 tor_free(fingerprint
);
152 status
= digestmap_get(list
->status_by_digest
, d
);
154 status
= tor_malloc_zero(sizeof(router_status_t
));
155 digestmap_set(list
->status_by_digest
, d
, status
);
158 if (nickname
[0] != '!') {
159 char *old_fp
= strmap_get_lc(list
->fp_by_name
, nickname
);
160 if (old_fp
&& !strcasecmp(fingerprint
, old_fp
)) {
161 tor_free(fingerprint
);
164 strmap_set_lc(list
->fp_by_name
, nickname
, fingerprint
);
166 status
->status
|= FP_NAMED
;
167 strlcpy(status
->nickname
, nickname
, sizeof(status
->nickname
));
169 tor_free(fingerprint
);
170 if (!strcasecmp(nickname
, "!reject")) {
171 status
->status
|= FP_REJECT
;
172 } else if (!strcasecmp(nickname
, "!invalid")) {
173 status
->status
|= FP_INVALID
;
174 } else if (!strcasecmp(nickname
, "!baddir")) {
175 status
->status
|= FP_BADDIR
;
176 } else if (!strcasecmp(nickname
, "!badexit")) {
177 status
->status
|= FP_BADEXIT
;
183 /** Add the nickname and fingerprint for this OR to the
184 * global list of recognized identity key fingerprints. */
186 dirserv_add_own_fingerprint(const char *nickname
, crypto_pk_env_t
*pk
)
188 char fp
[FINGERPRINT_LEN
+1];
189 if (crypto_pk_get_fingerprint(pk
, fp
, 0)<0) {
190 log_err(LD_BUG
, "Error computing fingerprint");
193 if (!fingerprint_list
)
194 fingerprint_list
= authdir_config_new();
195 add_fingerprint_to_dir(nickname
, fp
, fingerprint_list
);
199 /** Load the nickname-\>fingerprint mappings stored in the approved-routers
200 * file. The file format is line-based, with each non-blank holding one
201 * nickname, some space, and a fingerprint for that nickname. On success,
202 * replace the current fingerprint list with the new list and return 0. On
203 * failure, leave the current fingerprint list untouched, and return -1. */
205 dirserv_load_fingerprint_file(void)
209 char *nickname
, *fingerprint
;
210 authdir_config_t
*fingerprint_list_new
;
212 config_line_t
*front
=NULL
, *list
;
213 or_options_t
*options
= get_options();
215 fname
= get_datadir_fname("approved-routers");
217 "Reloading approved fingerprints from \"%s\"...", fname
);
219 cf
= read_file_to_str(fname
, RFTS_IGNORE_MISSING
, NULL
);
221 if (options
->NamingAuthoritativeDir
) {
222 log_warn(LD_FS
, "Cannot open fingerprint file '%s'. Failing.", fname
);
226 log_info(LD_FS
, "Cannot open fingerprint file '%s'. That's ok.", fname
);
233 result
= config_get_lines(cf
, &front
);
236 log_warn(LD_CONFIG
, "Error reading from fingerprint file");
240 fingerprint_list_new
= authdir_config_new();
242 for (list
=front
; list
; list
=list
->next
) {
243 char digest_tmp
[DIGEST_LEN
];
244 nickname
= list
->key
; fingerprint
= list
->value
;
245 if (strlen(nickname
) > MAX_NICKNAME_LEN
) {
246 log_notice(LD_CONFIG
,
247 "Nickname '%s' too long in fingerprint file. Skipping.",
251 if (!is_legal_nickname(nickname
) &&
252 strcasecmp(nickname
, "!reject") &&
253 strcasecmp(nickname
, "!invalid") &&
254 strcasecmp(nickname
, "!badexit")) {
255 log_notice(LD_CONFIG
,
256 "Invalid nickname '%s' in fingerprint file. Skipping.",
260 tor_strstrip(fingerprint
, " "); /* remove spaces */
261 if (strlen(fingerprint
) != HEX_DIGEST_LEN
||
262 base16_decode(digest_tmp
, sizeof(digest_tmp
),
263 fingerprint
, HEX_DIGEST_LEN
) < 0) {
264 log_notice(LD_CONFIG
,
265 "Invalid fingerprint (nickname '%s', "
266 "fingerprint %s). Skipping.",
267 nickname
, fingerprint
);
270 if (0==strcasecmp(nickname
, DEFAULT_CLIENT_NICKNAME
)) {
271 /* If you approved an OR called "client", then clients who use
272 * the default nickname could all be rejected. That's no good. */
273 log_notice(LD_CONFIG
,
274 "Authorizing nickname '%s' would break "
275 "many clients; skipping.",
276 DEFAULT_CLIENT_NICKNAME
);
279 if (0==strcasecmp(nickname
, UNNAMED_ROUTER_NICKNAME
)) {
280 /* If you approved an OR called "unnamed", then clients will be
282 log_notice(LD_CONFIG
,
283 "Authorizing nickname '%s' is not allowed; skipping.",
284 UNNAMED_ROUTER_NICKNAME
);
287 if (add_fingerprint_to_dir(nickname
, fingerprint
, fingerprint_list_new
)
289 log_notice(LD_CONFIG
, "Duplicate nickname '%s'.", nickname
);
292 config_free_lines(front
);
293 dirserv_free_fingerprint_list();
294 fingerprint_list
= fingerprint_list_new
;
295 /* Delete any routers whose fingerprints we no longer recognize */
296 directory_remove_invalid();
300 /** Check whether <b>router</b> has a nickname/identity key combination that
301 * we recognize from the fingerprint list, or an IP we automatically act on
302 * according to our configuration. Return the appropriate router status.
304 * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
305 * *<b>msg</b> to an explanation of why. */
307 dirserv_router_get_status(const routerinfo_t
*router
, const char **msg
)
311 if (crypto_pk_get_digest(router
->identity_pkey
, d
)) {
312 log_warn(LD_BUG
,"Error computing fingerprint");
314 *msg
= "Bug: Error computing fingerprint";
318 return dirserv_get_status_impl(d
, router
->nickname
,
320 router
->addr
, router
->or_port
,
321 router
->platform
, router
->contact_info
,
325 /** Return true if there is no point in downloading the router described by
326 * <b>rs</b> because this directory would reject it. */
328 dirserv_would_reject_router(routerstatus_t
*rs
)
332 res
= dirserv_get_status_impl(rs
->identity_digest
, rs
->nickname
,
333 "", /* address is only used in logs */
334 rs
->addr
, rs
->or_port
,
338 return (res
& FP_REJECT
) != 0;
341 /** Helper: Based only on the ID/Nickname combination,
342 * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
345 dirserv_get_name_status(const char *id_digest
, const char *nickname
)
347 char fp
[HEX_DIGEST_LEN
+1];
350 base16_encode(fp
, sizeof(fp
), id_digest
, DIGEST_LEN
);
353 strmap_get_lc(fingerprint_list
->fp_by_name
, nickname
))) {
354 if (!strcasecmp(fp
, fp_by_name
)) {
357 return FP_UNNAMED
; /* Wrong fingerprint. */
363 /** Helper: As dirserv_get_router_status, but takes the router fingerprint
364 * (hex, no spaces), nickname, address (used for logging only), IP address, OR
365 * port, platform (logging only) and contact info (logging only) as arguments.
367 * If should_log is false, do not log messages. (There's not much point in
368 * logging that we're rejecting servers we'll not download.)
371 dirserv_get_status_impl(const char *id_digest
, const char *nickname
,
373 uint32_t addr
, uint16_t or_port
,
374 const char *platform
, const char *contact
,
375 const char **msg
, int should_log
)
377 int reject_unlisted
= get_options()->AuthDirRejectUnlisted
;
379 router_status_t
*status_by_digest
;
381 if (!fingerprint_list
)
382 fingerprint_list
= authdir_config_new();
385 log_debug(LD_DIRSERV
, "%d fingerprints, %d digests known.",
386 strmap_size(fingerprint_list
->fp_by_name
),
387 digestmap_size(fingerprint_list
->status_by_digest
));
389 /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
390 * directory information. Once more of them die off, we should raise this
392 if (platform
&& !tor_version_as_new_as(platform
,"0.2.0.26-rc")) {
394 *msg
= "Tor version is far too old to work.";
396 } else if (platform
&& tor_version_as_new_as(platform
,"0.2.1.3-alpha")
397 && !tor_version_as_new_as(platform
, "0.2.1.19")) {
398 /* These versions mishandled RELAY_EARLY cells on rend circuits. */
400 *msg
= "Tor version is too buggy to work.";
404 result
= dirserv_get_name_status(id_digest
, nickname
);
405 if (result
& FP_NAMED
) {
407 log_debug(LD_DIRSERV
,"Good fingerprint for '%s'",nickname
);
409 if (result
& FP_UNNAMED
) {
411 char *esc_contact
= esc_for_log(contact
);
413 "Mismatched fingerprint for '%s'. "
414 "ContactInfo '%s', platform '%s'.)",
417 platform
? escaped(platform
) : "");
418 tor_free(esc_contact
);
421 *msg
= "Rejected: There is already a named server with this nickname "
422 "and a different fingerprint.";
425 status_by_digest
= digestmap_get(fingerprint_list
->status_by_digest
,
427 if (status_by_digest
)
428 result
|= (status_by_digest
->status
& ~FP_NAMED
);
430 if (result
& FP_REJECT
) {
432 *msg
= "Fingerprint is marked rejected";
434 } else if (result
& FP_INVALID
) {
436 *msg
= "Fingerprint is marked invalid";
439 if (authdir_policy_baddir_address(addr
, or_port
)) {
442 "Marking '%s' as bad directory because of address '%s'",
447 if (authdir_policy_badexit_address(addr
, or_port
)) {
449 log_info(LD_DIRSERV
, "Marking '%s' as bad exit because of address '%s'",
451 result
|= FP_BADEXIT
;
454 if (!(result
& FP_NAMED
)) {
455 if (!authdir_policy_permits_address(addr
, or_port
)) {
457 log_info(LD_DIRSERV
, "Rejecting '%s' because of address '%s'",
460 *msg
= "Authdir is rejecting routers in this range.";
463 if (!authdir_policy_valid_address(addr
, or_port
)) {
465 log_info(LD_DIRSERV
, "Not marking '%s' valid because of address '%s'",
467 result
|= FP_INVALID
;
469 if (reject_unlisted
) {
471 *msg
= "Authdir rejects unknown routers.";
479 /** If we are an authoritative dirserver, and the list of approved
480 * servers contains one whose identity key digest is <b>digest</b>,
481 * return that router's nickname. Otherwise return NULL. */
483 dirserv_get_nickname_by_digest(const char *digest
)
485 router_status_t
*status
;
486 if (!fingerprint_list
)
490 status
= digestmap_get(fingerprint_list
->status_by_digest
, digest
);
491 return status
? status
->nickname
: NULL
;
494 /** Clear the current fingerprint list. */
496 dirserv_free_fingerprint_list(void)
498 if (!fingerprint_list
)
501 strmap_free(fingerprint_list
->fp_by_name
, _tor_free
);
502 digestmap_free(fingerprint_list
->status_by_digest
, _tor_free
);
503 tor_free(fingerprint_list
);
510 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
511 * unless we're configured to not care. Return 0 if all ok. */
513 dirserv_router_has_valid_address(routerinfo_t
*ri
)
515 struct in_addr iaddr
;
516 if (get_options()->DirAllowPrivateAddresses
)
517 return 0; /* whatever it is, we're fine with it */
518 if (!tor_inet_aton(ri
->address
, &iaddr
)) {
519 log_info(LD_DIRSERV
,"Router '%s' published non-IP address '%s'. Refusing.",
520 ri
->nickname
, ri
->address
);
523 if (is_internal_IP(ntohl(iaddr
.s_addr
), 0)) {
525 "Router '%s' published internal IP address '%s'. Refusing.",
526 ri
->nickname
, ri
->address
);
527 return -1; /* it's a private IP, we should reject it */
532 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
533 * set its is_valid,named,running fields and return 0. Otherwise, return -1.
535 * If the router is rejected, set *<b>msg</b> to an explanation of why.
537 * If <b>complain</b> then explain at log-level 'notice' why we refused
538 * a descriptor; else explain at log-level 'info'.
541 authdir_wants_to_reject_router(routerinfo_t
*ri
, const char **msg
,
544 /* Okay. Now check whether the fingerprint is recognized. */
545 uint32_t status
= dirserv_router_get_status(ri
, msg
);
547 int severity
= (complain
&& ri
->contact_info
) ? LOG_NOTICE
: LOG_INFO
;
549 if (status
& FP_REJECT
)
550 return -1; /* msg is already set. */
552 /* Is there too much clock skew? */
554 if (ri
->cache_info
.published_on
> now
+ROUTER_ALLOW_SKEW
) {
555 log_fn(severity
, LD_DIRSERV
, "Publication time for nickname '%s' is too "
556 "far (%d minutes) in the future; possible clock skew. Not adding "
558 ri
->nickname
, (int)((ri
->cache_info
.published_on
-now
)/60),
559 esc_router_info(ri
));
560 *msg
= "Rejected: Your clock is set too far in the future, or your "
561 "timezone is not correct.";
564 if (ri
->cache_info
.published_on
< now
-ROUTER_MAX_AGE_TO_PUBLISH
) {
565 log_fn(severity
, LD_DIRSERV
,
566 "Publication time for router with nickname '%s' is too far "
567 "(%d minutes) in the past. Not adding (%s)",
568 ri
->nickname
, (int)((now
-ri
->cache_info
.published_on
)/60),
569 esc_router_info(ri
));
570 *msg
= "Rejected: Server is expired, or your clock is too far in the past,"
571 " or your timezone is not correct.";
574 if (dirserv_router_has_valid_address(ri
) < 0) {
575 log_fn(severity
, LD_DIRSERV
,
576 "Router with nickname '%s' has invalid address '%s'. "
578 ri
->nickname
, ri
->address
,
579 esc_router_info(ri
));
580 *msg
= "Rejected: Address is not an IP, or IP is a private address.";
583 /* Okay, looks like we're willing to accept this one. */
584 ri
->is_named
= (status
& FP_NAMED
) ? 1 : 0;
585 ri
->is_valid
= (status
& FP_INVALID
) ? 0 : 1;
586 ri
->is_bad_directory
= (status
& FP_BADDIR
) ? 1 : 0;
587 ri
->is_bad_exit
= (status
& FP_BADEXIT
) ? 1 : 0;
592 /** True iff <b>a</b> is more severe than <b>b</b>. */
594 WRA_MORE_SEVERE(was_router_added_t a
, was_router_added_t b
)
599 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
600 * returns the most severe error that occurred for any one of them. */
602 dirserv_add_multiple_descriptors(const char *desc
, uint8_t purpose
,
606 was_router_added_t r
, r_tmp
;
611 time_t now
= time(NULL
);
612 char annotation_buf
[ROUTER_ANNOTATION_BUF_LEN
];
613 char time_buf
[ISO_TIME_LEN
+1];
614 int general
= purpose
== ROUTER_PURPOSE_GENERAL
;
617 r
=ROUTER_ADDED_SUCCESSFULLY
; /*Least severe return value. */
619 format_iso_time(time_buf
, now
);
620 if (tor_snprintf(annotation_buf
, sizeof(annotation_buf
),
623 "%s%s%s", time_buf
, escaped(source
),
624 !general
? "@purpose " : "",
625 !general
? router_purpose_to_string(purpose
) : "",
626 !general
? "\n" : "")<0) {
627 *msg
= "Couldn't format annotations";
632 list
= smartlist_create();
633 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 0, 0,
635 SMARTLIST_FOREACH(list
, routerinfo_t
*, ri
, {
637 tor_assert(ri
->purpose
== purpose
);
638 r_tmp
= dirserv_add_descriptor(ri
, &msg_out
, source
);
639 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
645 n_parsed
+= smartlist_len(list
);
646 smartlist_clear(list
);
649 if (!router_parse_list_from_string(&s
, NULL
, list
, SAVED_NOWHERE
, 1, 0,
651 SMARTLIST_FOREACH(list
, extrainfo_t
*, ei
, {
654 r_tmp
= dirserv_add_extrainfo(ei
, &msg_out
);
655 if (WRA_MORE_SEVERE(r_tmp
, r
)) {
661 n_parsed
+= smartlist_len(list
);
662 smartlist_free(list
);
666 *msg
= "No descriptors found in your POST.";
667 if (WRA_WAS_ADDED(r
))
668 r
= ROUTER_WAS_NOT_NEW
;
670 *msg
= "(no message)";
677 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
678 * the list of server descriptors. Set *<b>msg</b> to a message that should be
679 * passed back to the origin of this descriptor, or NULL if there is no such
680 * message. Use <b>source</b> to produce better log messages.
682 * Return the status of the operation
684 * This function is only called when fresh descriptors are posted, not when
685 * we re-load the cache.
688 dirserv_add_descriptor(routerinfo_t
*ri
, const char **msg
, const char *source
)
690 was_router_added_t r
;
691 routerinfo_t
*ri_old
;
692 char *desc
, *nickname
;
696 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
697 * network and it'll clog everything up. */
698 if (ri
->cache_info
.signed_descriptor_len
> MAX_DESCRIPTOR_UPLOAD_SIZE
) {
699 log_notice(LD_DIR
, "Somebody attempted to publish a router descriptor '%s'"
700 " (source: %s) with size %d. Either this is an attack, or the "
701 "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
702 ri
->nickname
, source
, (int)ri
->cache_info
.signed_descriptor_len
,
703 MAX_DESCRIPTOR_UPLOAD_SIZE
);
704 *msg
= "Router descriptor was too large";
705 control_event_or_authdir_new_descriptor("REJECTED",
706 ri
->cache_info
.signed_descriptor_body
,
707 ri
->cache_info
.signed_descriptor_len
, *msg
);
709 return ROUTER_AUTHDIR_REJECTS
;
712 /* Check whether this descriptor is semantically identical to the last one
713 * from this server. (We do this here and not in router_add_to_routerlist
714 * because we want to be able to accept the newest router descriptor that
715 * another authority has, so we all converge on the same one.) */
716 ri_old
= router_get_by_digest(ri
->cache_info
.identity_digest
);
717 if (ri_old
&& ri_old
->cache_info
.published_on
< ri
->cache_info
.published_on
718 && router_differences_are_cosmetic(ri_old
, ri
)
719 && !router_is_me(ri
)) {
721 "Not replacing descriptor from '%s' (source: %s); "
722 "differences are cosmetic.",
723 ri
->nickname
, source
);
724 *msg
= "Not replacing router descriptor; no information has changed since "
725 "the last one with this identity.";
726 control_event_or_authdir_new_descriptor("DROPPED",
727 ri
->cache_info
.signed_descriptor_body
,
728 ri
->cache_info
.signed_descriptor_len
, *msg
);
730 return ROUTER_WAS_NOT_NEW
;
733 /* Make a copy of desc, since router_add_to_routerlist might free
734 * ri and its associated signed_descriptor_t. */
735 desclen
= ri
->cache_info
.signed_descriptor_len
;
736 desc
= tor_strndup(ri
->cache_info
.signed_descriptor_body
, desclen
);
737 nickname
= tor_strdup(ri
->nickname
);
739 /* Tell if we're about to need to launch a test if we add this. */
740 ri
->needs_retest_if_added
=
741 dirserv_should_launch_reachability_test(ri
, ri_old
);
743 r
= router_add_to_routerlist(ri
, msg
, 0, 0);
744 if (!WRA_WAS_ADDED(r
)) {
745 /* unless the routerinfo was fine, just out-of-date */
746 if (WRA_WAS_REJECTED(r
))
747 control_event_or_authdir_new_descriptor("REJECTED", desc
, desclen
, *msg
);
749 "Did not add descriptor from '%s' (source: %s): %s.",
750 nickname
, source
, *msg
? *msg
: "(no message)");
752 smartlist_t
*changed
;
753 control_event_or_authdir_new_descriptor("ACCEPTED", desc
, desclen
, *msg
);
755 changed
= smartlist_create();
756 smartlist_add(changed
, ri
);
757 routerlist_descriptors_added(changed
, 0);
758 smartlist_free(changed
);
760 *msg
= ri
->is_valid
? "Descriptor for valid server accepted" :
761 "Descriptor for invalid server accepted";
764 "Added descriptor from '%s' (source: %s): %s.",
765 nickname
, source
, *msg
);
772 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
773 static was_router_added_t
774 dirserv_add_extrainfo(extrainfo_t
*ei
, const char **msg
)
781 ri
= router_get_by_digest(ei
->cache_info
.identity_digest
);
783 *msg
= "No corresponding router descriptor for extra-info descriptor";
785 return ROUTER_BAD_EI
;
788 /* If it's too big, refuse it now. Otherwise we'll cache it all over the
789 * network and it'll clog everything up. */
790 if (ei
->cache_info
.signed_descriptor_len
> MAX_EXTRAINFO_UPLOAD_SIZE
) {
791 log_notice(LD_DIR
, "Somebody attempted to publish an extrainfo "
792 "with size %d. Either this is an attack, or the "
793 "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
794 (int)ei
->cache_info
.signed_descriptor_len
,
795 MAX_EXTRAINFO_UPLOAD_SIZE
);
796 *msg
= "Extrainfo document was too large";
798 return ROUTER_BAD_EI
;
801 if ((r
= routerinfo_incompatible_with_extrainfo(ri
, ei
, NULL
, msg
))) {
803 return r
< 0 ? ROUTER_WAS_NOT_NEW
: ROUTER_BAD_EI
;
805 router_add_extrainfo_to_routerlist(ei
, msg
, 0, 0);
806 return ROUTER_ADDED_SUCCESSFULLY
;
809 /** Remove all descriptors whose nicknames or fingerprints no longer
810 * are allowed by our fingerprint list. (Descriptors that used to be
811 * good can become bad when we reload the fingerprint list.)
814 directory_remove_invalid(void)
818 routerlist_t
*rl
= router_get_routerlist();
820 routerlist_assert_ok(rl
);
822 for (i
= 0; i
< smartlist_len(rl
->routers
); ++i
) {
824 routerinfo_t
*ent
= smartlist_get(rl
->routers
, i
);
825 uint32_t r
= dirserv_router_get_status(ent
, &msg
);
827 log_info(LD_DIRSERV
, "Router '%s' is now rejected: %s",
828 ent
->nickname
, msg
?msg
:"");
829 routerlist_remove(rl
, ent
, 0, time(NULL
));
834 if (bool_neq((r
& FP_NAMED
), ent
->is_named
)) {
836 "Router '%s' is now %snamed.", ent
->nickname
,
837 (r
&FP_NAMED
)?"":"un");
838 ent
->is_named
= (r
&FP_NAMED
)?1:0;
841 if (bool_neq((r
& FP_INVALID
), !ent
->is_valid
)) {
842 log_info(LD_DIRSERV
, "Router '%s' is now %svalid.", ent
->nickname
,
843 (r
&FP_INVALID
) ? "in" : "");
844 ent
->is_valid
= (r
&FP_INVALID
)?0:1;
847 if (bool_neq((r
& FP_BADDIR
), ent
->is_bad_directory
)) {
848 log_info(LD_DIRSERV
, "Router '%s' is now a %s directory", ent
->nickname
,
849 (r
& FP_BADDIR
) ? "bad" : "good");
850 ent
->is_bad_directory
= (r
&FP_BADDIR
) ? 1: 0;
853 if (bool_neq((r
& FP_BADEXIT
), ent
->is_bad_exit
)) {
854 log_info(LD_DIRSERV
, "Router '%s' is now a %s exit", ent
->nickname
,
855 (r
& FP_BADEXIT
) ? "bad" : "good");
856 ent
->is_bad_exit
= (r
&FP_BADEXIT
) ? 1: 0;
861 directory_set_dirty();
863 routerlist_assert_ok(rl
);
866 /** Mark the directory as <b>dirty</b> -- when we're next asked for a
867 * directory, we will rebuild it instead of reusing the most recently
871 directory_set_dirty(void)
873 time_t now
= time(NULL
);
876 /* Regenerate stubs only every 8 hours.
877 * XXXX It would be nice to generate less often, but these are just
878 * stubs: it doesn't matter. */
879 #define STUB_REGENERATE_INTERVAL (8*60*60)
880 if (!the_directory
|| !the_runningrouters
.dir
)
882 else if (the_directory
->published
< now
- STUB_REGENERATE_INTERVAL
||
883 the_runningrouters
.published
< now
- STUB_REGENERATE_INTERVAL
)
887 if (!the_directory_is_dirty
)
888 the_directory_is_dirty
= now
;
889 if (!runningrouters_is_dirty
)
890 runningrouters_is_dirty
= now
;
892 if (!the_v2_networkstatus_is_dirty
)
893 the_v2_networkstatus_is_dirty
= now
;
897 * Allocate and return a description of the status of the server <b>desc</b>,
898 * for use in a v1-style router-status line. The server is listed
899 * as running iff <b>is_live</b> is true.
902 list_single_server_status(routerinfo_t
*desc
, int is_live
)
904 char buf
[MAX_NICKNAME_LEN
+HEX_DIGEST_LEN
+4]; /* !nickname=$hexdigest\0 */
913 if (desc
->is_valid
) {
914 strlcpy(cp
, desc
->nickname
, sizeof(buf
)-(cp
-buf
));
919 base16_encode(cp
, HEX_DIGEST_LEN
+1, desc
->cache_info
.identity_digest
,
921 return tor_strdup(buf
);
925 running_long_enough_to_decide_unreachable(void)
927 return time_of_process_start
928 + get_options()->TestingAuthDirTimeToLearnReachability
< approx_time();
931 /** Each server needs to have passed a reachability test no more
932 * than this number of seconds ago, or he is listed as down in
934 #define REACHABLE_TIMEOUT (45*60)
936 /** If we tested a router and found it reachable _at least this long_ after it
937 * declared itself hibernating, it is probably done hibernating and we just
938 * missed a descriptor from it. */
939 #define HIBERNATION_PUBLICATION_SKEW (60*60)
941 /** Treat a router as alive if
942 * - It's me, and I'm not hibernating.
943 * or - We've found it reachable recently. */
945 dirserv_set_router_is_running(routerinfo_t
*router
, time_t now
)
947 /*XXXX022 This function is a mess. Separate out the part that calculates
948 whether it's reachable and the part that tells rephist that the router was
953 if (router_is_me(router
)) {
954 /* We always know if we are down ourselves. */
955 answer
= ! we_are_hibernating();
956 } else if (router
->is_hibernating
&&
957 (router
->cache_info
.published_on
+
958 HIBERNATION_PUBLICATION_SKEW
) > router
->last_reachable
) {
959 /* A hibernating router is down unless we (somehow) had contact with it
960 * since it declared itself to be hibernating. */
962 } else if (get_options()->AssumeReachable
) {
963 /* If AssumeReachable, everybody is up unless they say they are down! */
966 /* Otherwise, a router counts as up if we found it reachable in the last
967 REACHABLE_TIMEOUT seconds. */
968 answer
= (now
< router
->last_reachable
+ REACHABLE_TIMEOUT
);
971 if (!answer
&& running_long_enough_to_decide_unreachable()) {
972 /* not considered reachable. tell rephist. */
973 rep_hist_note_router_unreachable(router
->cache_info
.identity_digest
, now
);
976 router
->is_running
= answer
;
979 /** Based on the routerinfo_ts in <b>routers</b>, allocate the
980 * contents of a v1-style router-status line, and store it in
981 * *<b>router_status_out</b>. Return 0 on success, -1 on failure.
983 * If for_controller is true, include the routers with very old descriptors.
986 list_server_status_v1(smartlist_t
*routers
, char **router_status_out
,
989 /* List of entries in a router-status style: An optional !, then an optional
990 * equals-suffixed nickname, then a dollar-prefixed hexdigest. */
991 smartlist_t
*rs_entries
;
992 time_t now
= time(NULL
);
993 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
994 or_options_t
*options
= get_options();
995 /* We include v2 dir auths here too, because they need to answer
996 * controllers. Eventually we'll deprecate this whole function;
997 * see also networkstatus_getinfo_by_purpose(). */
998 int authdir
= authdir_mode_publishes_statuses(options
);
999 tor_assert(router_status_out
);
1001 rs_entries
= smartlist_create();
1003 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
1005 /* Update router status in routerinfo_t. */
1006 dirserv_set_router_is_running(ri
, now
);
1008 if (for_controller
) {
1009 char name_buf
[MAX_VERBOSE_NICKNAME_LEN
+2];
1010 char *cp
= name_buf
;
1011 if (!ri
->is_running
)
1013 router_get_verbose_nickname(cp
, ri
);
1014 smartlist_add(rs_entries
, tor_strdup(name_buf
));
1015 } else if (ri
->cache_info
.published_on
>= cutoff
) {
1016 smartlist_add(rs_entries
, list_single_server_status(ri
, ri
->is_running
));
1018 } SMARTLIST_FOREACH_END(ri
);
1020 *router_status_out
= smartlist_join_strings(rs_entries
, " ", 0, NULL
);
1022 SMARTLIST_FOREACH(rs_entries
, char *, cp
, tor_free(cp
));
1023 smartlist_free(rs_entries
);
1028 /** Given a (possibly empty) list of config_line_t, each line of which contains
1029 * a list of comma-separated version numbers surrounded by optional space,
1030 * allocate and return a new string containing the version numbers, in order,
1031 * separated by commas. Used to generate Recommended(Client|Server)?Versions
1034 format_versions_list(config_line_t
*ln
)
1036 smartlist_t
*versions
;
1038 versions
= smartlist_create();
1039 for ( ; ln
; ln
= ln
->next
) {
1040 smartlist_split_string(versions
, ln
->value
, ",",
1041 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
1043 sort_version_list(versions
, 1);
1044 result
= smartlist_join_strings(versions
,",",0,NULL
);
1045 SMARTLIST_FOREACH(versions
,char *,s
,tor_free(s
));
1046 smartlist_free(versions
);
1050 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
1051 * not hibernating, and not too old. Else return 0.
1054 router_is_active(routerinfo_t
*ri
, time_t now
)
1056 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
1057 if (ri
->cache_info
.published_on
< cutoff
)
1059 if (!ri
->is_running
|| !ri
->is_valid
|| ri
->is_hibernating
)
1064 /** Generate a new v1 directory and write it into a newly allocated string.
1065 * Point *<b>dir_out</b> to the allocated string. Sign the
1066 * directory with <b>private_key</b>. Return 0 on success, -1 on
1067 * failure. If <b>complete</b> is set, give us all the descriptors;
1068 * otherwise leave out non-running and non-valid ones.
1071 dirserv_dump_directory_to_string(char **dir_out
,
1072 crypto_pk_env_t
*private_key
)
1075 char *identity_pkey
; /* Identity key, DER64-encoded. */
1076 char *recommended_versions
;
1077 char digest
[DIGEST_LEN
];
1078 char published
[ISO_TIME_LEN
+1];
1081 size_t identity_pkey_len
;
1082 time_t now
= time(NULL
);
1084 tor_assert(dir_out
);
1087 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1088 &identity_pkey_len
)<0) {
1089 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1093 recommended_versions
=
1094 format_versions_list(get_options()->RecommendedVersions
);
1096 format_iso_time(published
, now
);
1098 buf_len
= 2048+strlen(recommended_versions
);
1100 buf
= tor_malloc(buf_len
);
1101 /* We'll be comparing against buf_len throughout the rest of the
1102 function, though strictly speaking we shouldn't be able to exceed
1103 it. This is C, after all, so we may as well check for buffer
1106 tor_snprintf(buf
, buf_len
,
1107 "signed-directory\n"
1109 "recommended-software %s\n"
1110 "router-status %s\n"
1111 "dir-signing-key\n%s\n",
1112 published
, recommended_versions
, "",
1115 tor_free(recommended_versions
);
1116 tor_free(identity_pkey
);
1118 cp
= buf
+ strlen(buf
);
1121 /* These multiple strlcat calls are inefficient, but dwarfed by the RSA
1123 if (strlcat(buf
, "directory-signature ", buf_len
) >= buf_len
)
1125 if (strlcat(buf
, get_options()->Nickname
, buf_len
) >= buf_len
)
1127 if (strlcat(buf
, "\n", buf_len
) >= buf_len
)
1130 if (router_get_dir_hash(buf
,digest
)) {
1131 log_warn(LD_BUG
,"couldn't compute digest");
1135 note_crypto_pk_op(SIGN_DIR
);
1136 if (router_append_dirobj_signature(buf
,buf_len
,digest
,DIGEST_LEN
,
1145 log_warn(LD_BUG
,"tried to exceed string length.");
1150 /********************************************************************/
1152 /* A set of functions to answer questions about how we'd like to behave
1153 * as a directory mirror/client. */
1155 /** Return 1 if we fetch our directory material directly from the
1156 * authorities, rather than from a mirror. */
1158 directory_fetches_from_authorities(or_options_t
*options
)
1163 if (options
->FetchDirInfoEarly
)
1165 if (options
->BridgeRelay
== 1)
1167 if (server_mode(options
) && router_pick_published_address(options
, &addr
)<0)
1168 return 1; /* we don't know our IP address; ask an authority. */
1169 refuseunknown
= ! router_my_exit_policy_is_reject_star() &&
1170 should_refuse_unknown_exits(options
);
1171 if (options
->DirPort
== 0 && !refuseunknown
)
1173 if (!server_mode(options
) || !advertised_server_mode())
1175 me
= router_get_my_routerinfo();
1176 if (!me
|| (!me
->dir_port
&& !refuseunknown
))
1177 return 0; /* if dirport not advertised, return 0 too */
1181 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1182 * on the "mirror" schedule rather than the "client" schedule.
1185 directory_fetches_dir_info_early(or_options_t
*options
)
1187 return directory_fetches_from_authorities(options
);
1190 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
1191 * on a very passive schedule -- waiting long enough for ordinary clients
1192 * to probably have the info we want. These would include bridge users,
1193 * and maybe others in the future e.g. if a Tor client uses another Tor
1194 * client as a directory guard.
1197 directory_fetches_dir_info_later(or_options_t
*options
)
1199 return options
->UseBridges
!= 0;
1202 /** Return 1 if we want to cache v2 dir info (each status file).
1205 directory_caches_v2_dir_info(or_options_t
*options
)
1207 return options
->DirPort
!= 0;
1210 /** Return 1 if we want to keep descriptors, networkstatuses, etc around
1211 * and we're willing to serve them to others. Else return 0.
1214 directory_caches_dir_info(or_options_t
*options
)
1216 if (options
->BridgeRelay
|| options
->DirPort
)
1218 if (!server_mode(options
) || !advertised_server_mode())
1220 /* We need an up-to-date view of network info if we're going to try to
1221 * block exit attempts from unknown relays. */
1222 return ! router_my_exit_policy_is_reject_star() &&
1223 should_refuse_unknown_exits(options
);
1226 /** Return 1 if we want to allow remote people to ask us directory
1227 * requests via the "begin_dir" interface, which doesn't require
1228 * having any separate port open. */
1230 directory_permits_begindir_requests(or_options_t
*options
)
1232 return options
->BridgeRelay
!= 0 || options
->DirPort
!= 0;
1235 /** Return 1 if we want to allow controllers to ask us directory
1236 * requests via the controller interface, which doesn't require
1237 * having any separate port open. */
1239 directory_permits_controller_requests(or_options_t
*options
)
1241 return options
->DirPort
!= 0;
1244 /** Return 1 if we have no need to fetch new descriptors. This generally
1245 * happens when we're not a dir cache and we haven't built any circuits
1249 directory_too_idle_to_fetch_descriptors(or_options_t
*options
, time_t now
)
1251 return !directory_caches_dir_info(options
) &&
1252 !options
->FetchUselessDescriptors
&&
1253 rep_hist_circbuilding_dormant(now
);
1256 /********************************************************************/
1258 /* Used only by non-v1-auth dirservers: The v1 directory and
1259 * runningrouters we'll serve when requested. */
1261 /** The v1 directory we'll serve (as a cache or as an authority) if
1263 static cached_dir_t
*cached_directory
= NULL
;
1264 /** The v1 runningrouters document we'll serve (as a cache or as an authority)
1266 static cached_dir_t cached_runningrouters
;
1268 /** Used for other dirservers' v2 network statuses. Map from hexdigest to
1270 static digestmap_t
*cached_v2_networkstatus
= NULL
;
1272 /** Map from flavor name to the v3 consensuses that we're currently serving. */
1273 static strmap_t
*cached_consensuses
= NULL
;
1275 /** Possibly replace the contents of <b>d</b> with the value of
1276 * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
1277 * the last value, or too far in the future.
1279 * Does not copy <b>directory</b>; frees it if it isn't used.
1282 set_cached_dir(cached_dir_t
*d
, char *directory
, time_t when
)
1284 time_t now
= time(NULL
);
1285 if (when
<=d
->published
) {
1286 log_info(LD_DIRSERV
, "Ignoring old directory; not caching.");
1287 tor_free(directory
);
1288 } else if (when
>=now
+ROUTER_MAX_AGE_TO_PUBLISH
) {
1289 log_info(LD_DIRSERV
, "Ignoring future directory; not caching.");
1290 tor_free(directory
);
1292 /* if (when>d->published && when<now+ROUTER_MAX_AGE) */
1293 log_debug(LD_DIRSERV
, "Caching directory.");
1296 d
->dir_len
= strlen(directory
);
1298 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1300 log_warn(LD_BUG
,"Error compressing cached directory");
1302 d
->published
= when
;
1306 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
1307 * any references. */
1309 cached_dir_decref(cached_dir_t
*d
)
1311 if (!d
|| --d
->refcnt
> 0)
1313 clear_cached_dir(d
);
1317 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
1318 * published at <b>published</b>. */
1320 new_cached_dir(char *s
, time_t published
)
1322 cached_dir_t
*d
= tor_malloc_zero(sizeof(cached_dir_t
));
1325 d
->dir_len
= strlen(s
);
1326 d
->published
= published
;
1327 if (tor_gzip_compress(&(d
->dir_z
), &(d
->dir_z_len
), d
->dir
, d
->dir_len
,
1329 log_warn(LD_BUG
, "Error compressing directory");
1334 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
1336 clear_cached_dir(cached_dir_t
*d
)
1340 memset(d
, 0, sizeof(cached_dir_t
));
1343 /** Free all storage held by the cached_dir_t in <b>d</b>. */
1345 _free_cached_dir(void *_d
)
1351 d
= (cached_dir_t
*)_d
;
1352 cached_dir_decref(d
);
1355 /** If we have no cached v1 directory, or it is older than <b>published</b>,
1356 * then replace it with <b>directory</b>, published at <b>published</b>.
1358 * If <b>published</b> is too old, do nothing.
1360 * If <b>is_running_routers</b>, this is really a v1 running_routers
1361 * document rather than a v1 directory.
1364 dirserv_set_cached_directory(const char *directory
, time_t published
,
1365 int is_running_routers
)
1367 time_t now
= time(NULL
);
1369 if (is_running_routers
) {
1370 if (published
>= now
- MAX_V1_RR_AGE
)
1371 set_cached_dir(&cached_runningrouters
, tor_strdup(directory
), published
);
1373 if (published
>= now
- MAX_V1_DIRECTORY_AGE
) {
1374 cached_dir_decref(cached_directory
);
1375 cached_directory
= new_cached_dir(tor_strdup(directory
), published
);
1380 /** If <b>networkstatus</b> is non-NULL, we've just received a v2
1381 * network-status for an authoritative directory with identity digest
1382 * <b>identity</b> published at <b>published</b> -- store it so we can
1383 * serve it to others.
1385 * If <b>networkstatus</b> is NULL, remove the entry with the given
1386 * identity fingerprint from the v2 cache.
1389 dirserv_set_cached_networkstatus_v2(const char *networkstatus
,
1390 const char *identity
,
1393 cached_dir_t
*d
, *old_d
;
1394 smartlist_t
*trusted_dirs
;
1395 if (!cached_v2_networkstatus
)
1396 cached_v2_networkstatus
= digestmap_new();
1398 old_d
= digestmap_get(cached_v2_networkstatus
, identity
);
1399 if (!old_d
&& !networkstatus
)
1402 if (networkstatus
) {
1403 if (!old_d
|| published
> old_d
->published
) {
1404 d
= new_cached_dir(tor_strdup(networkstatus
), published
);
1405 digestmap_set(cached_v2_networkstatus
, identity
, d
);
1407 cached_dir_decref(old_d
);
1411 digestmap_remove(cached_v2_networkstatus
, identity
);
1412 cached_dir_decref(old_d
);
1416 /* Now purge old entries. */
1417 trusted_dirs
= router_get_trusted_dir_servers();
1418 if (digestmap_size(cached_v2_networkstatus
) >
1419 smartlist_len(trusted_dirs
) + MAX_UNTRUSTED_NETWORKSTATUSES
) {
1420 /* We need to remove the oldest untrusted networkstatus. */
1421 const char *oldest
= NULL
;
1422 time_t oldest_published
= TIME_MAX
;
1423 digestmap_iter_t
*iter
;
1425 for (iter
= digestmap_iter_init(cached_v2_networkstatus
);
1426 !digestmap_iter_done(iter
);
1427 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
)) {
1430 digestmap_iter_get(iter
, &ident
, &val
);
1432 if (d
->published
< oldest_published
&&
1433 !router_digest_is_trusted_dir(ident
)) {
1435 oldest_published
= d
->published
;
1439 d
= digestmap_remove(cached_v2_networkstatus
, oldest
);
1441 cached_dir_decref(d
);
1445 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
1446 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
1447 * validation is performed. */
1449 dirserv_set_cached_consensus_networkstatus(const char *networkstatus
,
1450 const char *flavor_name
,
1451 const digests_t
*digests
,
1454 cached_dir_t
*new_networkstatus
;
1455 cached_dir_t
*old_networkstatus
;
1456 if (!cached_consensuses
)
1457 cached_consensuses
= strmap_new();
1459 new_networkstatus
= new_cached_dir(tor_strdup(networkstatus
), published
);
1460 memcpy(&new_networkstatus
->digests
, digests
, sizeof(digests_t
));
1461 old_networkstatus
= strmap_set(cached_consensuses
, flavor_name
,
1463 if (old_networkstatus
)
1464 cached_dir_decref(old_networkstatus
);
1467 /** Remove any v2 networkstatus from the directory cache that was published
1468 * before <b>cutoff</b>. */
1470 dirserv_clear_old_networkstatuses(time_t cutoff
)
1472 if (!cached_v2_networkstatus
)
1475 DIGESTMAP_FOREACH_MODIFY(cached_v2_networkstatus
, id
, cached_dir_t
*, dir
) {
1476 if (dir
->published
< cutoff
) {
1478 fname
= networkstatus_get_cache_filename(id
);
1479 if (file_status(fname
) == FN_FILE
) {
1480 log_info(LD_DIR
, "Removing too-old untrusted networkstatus in %s",
1485 cached_dir_decref(dir
);
1486 MAP_DEL_CURRENT(id
);
1488 } DIGESTMAP_FOREACH_END
1491 /** Remove any v1 info from the directory cache that was published
1494 dirserv_clear_old_v1_info(time_t now
)
1496 if (cached_directory
&&
1497 cached_directory
->published
< (now
- MAX_V1_DIRECTORY_AGE
)) {
1498 cached_dir_decref(cached_directory
);
1499 cached_directory
= NULL
;
1501 if (cached_runningrouters
.published
< (now
- MAX_V1_RR_AGE
)) {
1502 clear_cached_dir(&cached_runningrouters
);
1506 /** Helper: If we're an authority for the right directory version (v1 or v2)
1507 * (based on <b>auth_type</b>), try to regenerate
1508 * auth_src as appropriate and return it, falling back to cache_src on
1509 * failure. If we're a cache, simply return cache_src.
1511 static cached_dir_t
*
1512 dirserv_pick_cached_dir_obj(cached_dir_t
*cache_src
,
1513 cached_dir_t
*auth_src
,
1514 time_t dirty
, cached_dir_t
*(*regenerate
)(void),
1516 authority_type_t auth_type
)
1518 or_options_t
*options
= get_options();
1519 int authority
= (auth_type
== V1_AUTHORITY
&& authdir_mode_v1(options
)) ||
1520 (auth_type
== V2_AUTHORITY
&& authdir_mode_v2(options
));
1522 if (!authority
|| authdir_mode_bridge(options
)) {
1525 /* We're authoritative. */
1526 if (regenerate
!= NULL
) {
1527 if (dirty
&& dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
)) {
1528 if (!(auth_src
= regenerate())) {
1529 log_err(LD_BUG
, "Couldn't generate %s?", name
);
1533 log_info(LD_DIRSERV
, "The %s is still clean; reusing.", name
);
1536 return auth_src
? auth_src
: cache_src
;
1540 /** Return the most recently generated encoded signed v1 directory,
1541 * generating a new one as necessary. If not a v1 authoritative directory
1542 * may return NULL if no directory is yet cached. */
1544 dirserv_get_directory(void)
1546 return dirserv_pick_cached_dir_obj(cached_directory
, the_directory
,
1547 the_directory_is_dirty
,
1548 dirserv_regenerate_directory
,
1549 "v1 server directory", V1_AUTHORITY
);
1552 /** Only called by v1 auth dirservers.
1553 * Generate a fresh v1 directory; set the_directory and return a pointer
1556 static cached_dir_t
*
1557 dirserv_regenerate_directory(void)
1559 char *new_directory
=NULL
;
1561 if (dirserv_dump_directory_to_string(&new_directory
,
1562 get_server_identity_key())) {
1563 log_warn(LD_BUG
, "Error creating directory.");
1564 tor_free(new_directory
);
1567 cached_dir_decref(the_directory
);
1568 the_directory
= new_cached_dir(new_directory
, time(NULL
));
1569 log_info(LD_DIRSERV
,"New directory (size %d) has been built.",
1570 (int)the_directory
->dir_len
);
1571 log_debug(LD_DIRSERV
,"New directory (size %d):\n%s",
1572 (int)the_directory
->dir_len
, the_directory
->dir
);
1574 the_directory_is_dirty
= 0;
1576 /* Save the directory to disk so we re-load it quickly on startup.
1578 dirserv_set_cached_directory(the_directory
->dir
, time(NULL
), 0);
1580 return the_directory
;
1583 /** Only called by v1 auth dirservers.
1584 * Replace the current running-routers list with a newly generated one. */
1585 static cached_dir_t
*
1586 generate_runningrouters(void)
1589 char digest
[DIGEST_LEN
];
1590 char published
[ISO_TIME_LEN
+1];
1592 crypto_pk_env_t
*private_key
= get_server_identity_key();
1593 char *identity_pkey
; /* Identity key, DER64-encoded. */
1594 size_t identity_pkey_len
;
1596 if (crypto_pk_write_public_key_to_string(private_key
,&identity_pkey
,
1597 &identity_pkey_len
)<0) {
1598 log_warn(LD_BUG
,"write identity_pkey to string failed!");
1601 format_iso_time(published
, time(NULL
));
1604 s
= tor_malloc_zero(len
);
1605 tor_snprintf(s
, len
,
1608 "router-status %s\n"
1609 "dir-signing-key\n%s"
1610 "directory-signature %s\n",
1611 published
, "", identity_pkey
,
1612 get_options()->Nickname
);
1613 tor_free(identity_pkey
);
1614 if (router_get_runningrouters_hash(s
,digest
)) {
1615 log_warn(LD_BUG
,"couldn't compute digest");
1618 note_crypto_pk_op(SIGN_DIR
);
1619 if (router_append_dirobj_signature(s
, len
, digest
, DIGEST_LEN
,
1623 set_cached_dir(&the_runningrouters
, s
, time(NULL
));
1624 runningrouters_is_dirty
= 0;
1626 return &the_runningrouters
;
1632 /** Set *<b>rr</b> to the most recently generated encoded signed
1633 * running-routers list, generating a new one as necessary. Return the
1634 * size of the directory on success, and 0 on failure. */
1636 dirserv_get_runningrouters(void)
1638 return dirserv_pick_cached_dir_obj(
1639 &cached_runningrouters
, &the_runningrouters
,
1640 runningrouters_is_dirty
,
1641 generate_runningrouters
,
1642 "v1 network status list", V1_AUTHORITY
);
1645 /** Return the latest downloaded consensus networkstatus in encoded, signed,
1646 * optionally compressed format, suitable for sending to clients. */
1648 dirserv_get_consensus(const char *flavor_name
)
1650 if (!cached_consensuses
)
1652 return strmap_get(cached_consensuses
, flavor_name
);
1655 /** For authoritative directories: the current (v2) network status. */
1656 static cached_dir_t
*the_v2_networkstatus
= NULL
;
1658 /** Return true iff our opinion of the routers has been stale for long
1659 * enough that we should generate a new v2 network status doc. */
1661 should_generate_v2_networkstatus(void)
1663 return authdir_mode_v2(get_options()) &&
1664 the_v2_networkstatus_is_dirty
&&
1665 the_v2_networkstatus_is_dirty
+ DIR_REGEN_SLACK_TIME
< time(NULL
);
1668 /** If a router's uptime is at least this value, then it is always
1669 * considered stable, regardless of the rest of the network. This
1670 * way we resist attacks where an attacker doubles the size of the
1671 * network using allegedly high-uptime nodes, displacing all the
1672 * current guards. */
1673 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
1674 /** If a router's MTBF is at least this value, then it is always stable.
1675 * See above. (Corresponds to about 7 days for current decay rates.) */
1676 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
1677 /** Similarly, we protect sufficiently fast nodes from being pushed
1678 * out of the set of Fast nodes. */
1679 #define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
1680 /** Similarly, every node with sufficient bandwidth can be considered
1681 * for Guard status. */
1682 #define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
1683 /** Similarly, every node with at least this much weighted time known can be
1684 * considered familiar enough to be a guard. Corresponds to about 20 days for
1685 * current decay rates.
1687 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
1688 /** Similarly, every node with sufficient WFU is around enough to be a guard.
1690 #define WFU_TO_GUARANTEE_GUARD (0.98)
1692 /* Thresholds for server performance: set by
1693 * dirserv_compute_performance_thresholds, and used by
1694 * generate_v2_networkstatus */
1696 /** Any router with an uptime of at least this value is stable. */
1697 static uint32_t stable_uptime
= 0; /* start at a safe value */
1698 /** Any router with an mtbf of at least this value is stable. */
1699 static double stable_mtbf
= 0.0;
1700 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
1701 * than stable_uptime. */
1702 static int enough_mtbf_info
= 0;
1703 /** Any router with a weighted fractional uptime of at least this much might
1704 * be good as a guard. */
1705 static double guard_wfu
= 0.0;
1706 /** Don't call a router a guard unless we've known about it for at least this
1708 static long guard_tk
= 0;
1709 /** Any router with a bandwidth at least this high is "Fast" */
1710 static uint32_t fast_bandwidth
= 0;
1711 /** If exits can be guards, then all guards must have a bandwidth this
1713 static uint32_t guard_bandwidth_including_exits
= 0;
1714 /** If exits can't be guards, then all guards must have a bandwidth this
1716 static uint32_t guard_bandwidth_excluding_exits
= 0;
1717 /** Total bandwidth of all the routers we're considering. */
1718 static uint64_t total_bandwidth
= 0;
1719 /** Total bandwidth of all the exit routers we're considering. */
1720 static uint64_t total_exit_bandwidth
= 0;
1722 /** Helper: estimate the uptime of a router given its stated uptime and the
1723 * amount of time since it last stated its stated uptime. */
1725 real_uptime(routerinfo_t
*router
, time_t now
)
1727 if (now
< router
->cache_info
.published_on
)
1728 return router
->uptime
;
1730 return router
->uptime
+ (now
- router
->cache_info
.published_on
);
1733 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
1734 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
1735 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
1739 dirserv_thinks_router_is_unreliable(time_t now
,
1740 routerinfo_t
*router
,
1741 int need_uptime
, int need_capacity
)
1744 if (!enough_mtbf_info
) {
1745 /* XXX022 Once most authorities are on v3, we should change the rule from
1746 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
1747 * v3 if we don't have enough mtbf data." */
1748 long uptime
= real_uptime(router
, now
);
1749 if ((unsigned)uptime
< stable_uptime
&&
1750 (unsigned)uptime
< UPTIME_TO_GUARANTEE_STABLE
)
1754 rep_hist_get_stability(router
->cache_info
.identity_digest
, now
);
1755 if (mtbf
< stable_mtbf
&&
1756 mtbf
< MTBF_TO_GUARANTEE_STABLE
)
1760 if (need_capacity
) {
1761 uint32_t bw
= router_get_advertised_bandwidth(router
);
1762 if (bw
< fast_bandwidth
)
1768 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
1769 * Right now this means it advertises support for it, it has a high
1770 * uptime, it has a DirPort open, and it's currently considered Running.
1772 * This function needs to be called after router-\>is_running has
1776 dirserv_thinks_router_is_hs_dir(routerinfo_t
*router
, time_t now
)
1778 long uptime
= real_uptime(router
, now
);
1780 /* XXX We shouldn't need to check dir_port, but we do because of
1781 * bug 1693. In the future, once relays set wants_to_be_hs_dir
1782 * correctly, we can revert to only checking dir_port if router's
1783 * version is too old. */
1784 return (router
->wants_to_be_hs_dir
&& router
->dir_port
&&
1785 uptime
> get_options()->MinUptimeHidServDirectoryV2
&&
1786 router
->is_running
);
1789 /** Look through the routerlist, the Mean Time Between Failure history, and
1790 * the Weighted Fractional Uptime history, and use them to set thresholds for
1791 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
1792 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
1793 * guard_bandwidh_including_exits, guard_bandwidth_excluding_exits,
1794 * total_bandwidth, and total_exit_bandwidth.
1796 * Also, set the is_exit flag of each router appropriately. */
1798 dirserv_compute_performance_thresholds(routerlist_t
*rl
)
1800 int n_active
, n_active_nonexit
, n_familiar
;
1801 uint32_t *uptimes
, *bandwidths
, *bandwidths_excluding_exits
;
1803 double *mtbfs
, *wfus
;
1804 time_t now
= time(NULL
);
1806 /* initialize these all here, in case there are no routers */
1810 guard_bandwidth_including_exits
= 0;
1811 guard_bandwidth_excluding_exits
= 0;
1814 total_bandwidth
= 0;
1815 total_exit_bandwidth
= 0;
1817 /* Initialize arrays that will hold values for each router. We'll
1818 * sort them and use that to compute thresholds. */
1819 n_active
= n_active_nonexit
= 0;
1820 /* Uptime for every active router. */
1821 uptimes
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1822 /* Bandwidth for every active router. */
1823 bandwidths
= tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1824 /* Bandwidth for every active non-exit router. */
1825 bandwidths_excluding_exits
=
1826 tor_malloc(sizeof(uint32_t)*smartlist_len(rl
->routers
));
1827 /* Weighted mean time between failure for each active router. */
1828 mtbfs
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1829 /* Time-known for each active router. */
1830 tks
= tor_malloc(sizeof(long)*smartlist_len(rl
->routers
));
1831 /* Weighted fractional uptime for each active router. */
1832 wfus
= tor_malloc(sizeof(double)*smartlist_len(rl
->routers
));
1834 /* Now, fill in the arrays. */
1835 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
1836 if (router_is_active(ri
, now
)) {
1837 const char *id
= ri
->cache_info
.identity_digest
;
1839 ri
->is_exit
= (!router_exit_policy_rejects_all(ri
) &&
1840 exit_policy_is_general_exit(ri
->exit_policy
));
1841 uptimes
[n_active
] = (uint32_t)real_uptime(ri
, now
);
1842 mtbfs
[n_active
] = rep_hist_get_stability(id
, now
);
1843 tks
[n_active
] = rep_hist_get_weighted_time_known(id
, now
);
1844 bandwidths
[n_active
] = bw
= router_get_advertised_bandwidth(ri
);
1845 total_bandwidth
+= bw
;
1846 if (ri
->is_exit
&& !ri
->is_bad_exit
) {
1847 total_exit_bandwidth
+= bw
;
1849 bandwidths_excluding_exits
[n_active_nonexit
] = bw
;
1856 /* Now, compute thresholds. */
1858 /* The median uptime is stable. */
1859 stable_uptime
= median_uint32(uptimes
, n_active
);
1860 /* The median mtbf is stable, if we have enough mtbf info */
1861 stable_mtbf
= median_double(mtbfs
, n_active
);
1862 /* The 12.5th percentile bandwidth is fast. */
1863 fast_bandwidth
= find_nth_uint32(bandwidths
, n_active
, n_active
/8);
1864 /* (Now bandwidths is sorted.) */
1865 if (fast_bandwidth
< ROUTER_REQUIRED_MIN_BANDWIDTH
/2)
1866 fast_bandwidth
= bandwidths
[n_active
/4];
1867 guard_bandwidth_including_exits
= bandwidths
[(n_active
-1)/2];
1868 guard_tk
= find_nth_long(tks
, n_active
, n_active
/8);
1871 if (guard_tk
> TIME_KNOWN_TO_GUARANTEE_FAMILIAR
)
1872 guard_tk
= TIME_KNOWN_TO_GUARANTEE_FAMILIAR
;
1874 if (fast_bandwidth
> BANDWIDTH_TO_GUARANTEE_FAST
)
1875 fast_bandwidth
= BANDWIDTH_TO_GUARANTEE_FAST
;
1877 /* Now that we have a time-known that 7/8 routers are known longer than,
1878 * fill wfus with the wfu of every such "familiar" router. */
1880 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
1881 if (router_is_active(ri
, now
)) {
1882 const char *id
= ri
->cache_info
.identity_digest
;
1883 long tk
= rep_hist_get_weighted_time_known(id
, now
);
1886 wfus
[n_familiar
++] = rep_hist_get_weighted_fractional_uptime(id
, now
);
1890 guard_wfu
= median_double(wfus
, n_familiar
);
1891 if (guard_wfu
> WFU_TO_GUARANTEE_GUARD
)
1892 guard_wfu
= WFU_TO_GUARANTEE_GUARD
;
1894 enough_mtbf_info
= rep_hist_have_measured_enough_stability();
1896 if (n_active_nonexit
) {
1897 guard_bandwidth_excluding_exits
=
1898 median_uint32(bandwidths_excluding_exits
, n_active_nonexit
);
1901 log(LOG_INFO
, LD_DIRSERV
,
1902 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
1903 "For Fast: %lu bytes/sec. "
1904 "For Guard: WFU %.03lf%%, time-known %lu sec, "
1905 "and bandwidth %lu or %lu bytes/sec. We%s have enough stability data.",
1906 (unsigned long)stable_uptime
,
1907 (unsigned long)stable_mtbf
,
1908 (unsigned long)fast_bandwidth
,
1910 (unsigned long)guard_tk
,
1911 (unsigned long)guard_bandwidth_including_exits
,
1912 (unsigned long)guard_bandwidth_excluding_exits
,
1913 enough_mtbf_info
? "" : " don't ");
1917 tor_free(bandwidths
);
1918 tor_free(bandwidths_excluding_exits
);
1923 /** Given a platform string as in a routerinfo_t (possibly null), return a
1924 * newly allocated version string for a networkstatus document, or NULL if the
1925 * platform doesn't give a Tor version. */
1927 version_from_platform(const char *platform
)
1929 if (platform
&& !strcmpstart(platform
, "Tor ")) {
1930 const char *eos
= find_whitespace(platform
+4);
1931 if (eos
&& !strcmpstart(eos
, " (r")) {
1932 /* XXXX Unify this logic with the other version extraction
1933 * logic in routerparse.c. */
1934 eos
= find_whitespace(eos
+1);
1937 return tor_strndup(platform
, eos
-platform
);
1943 /** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
1944 * which has at least <b>buf_len</b> free characters. Do NUL-termination.
1945 * Use the same format as in network-status documents. If <b>version</b> is
1946 * non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
1949 * The format argument has three possible values:
1950 * NS_V2 - Output an entry suitable for a V2 NS opinion document
1951 * NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
1952 * NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
1954 * NS_V3_VOTE - Output a complete V3 NS vote
1955 * NS_CONTROL_PORT - Output a NS document for the control port
1958 routerstatus_format_entry(char *buf
, size_t buf_len
,
1959 routerstatus_t
*rs
, const char *version
,
1960 routerstatus_format_type_t format
)
1967 char published
[ISO_TIME_LEN
+1];
1968 char ipaddr
[INET_NTOA_BUF_LEN
];
1969 char identity64
[BASE64_DIGEST_LEN
+1];
1970 char digest64
[BASE64_DIGEST_LEN
+1];
1972 format_iso_time(published
, rs
->published_on
);
1973 digest_to_base64(identity64
, rs
->identity_digest
);
1974 digest_to_base64(digest64
, rs
->descriptor_digest
);
1975 in
.s_addr
= htonl(rs
->addr
);
1976 tor_inet_ntoa(&in
, ipaddr
, sizeof(ipaddr
));
1978 r
= tor_snprintf(buf
, buf_len
,
1979 "r %s %s %s%s%s %s %d %d\n",
1982 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":digest64
,
1983 (format
==NS_V3_CONSENSUS_MICRODESC
)?"":" ",
1989 log_warn(LD_BUG
, "Not enough space in buffer.");
1993 /* TODO: Maybe we want to pass in what we need to build the rest of
1994 * this here, instead of in the caller. Then we could use the
1995 * networkstatus_type_t values, with an additional control port value
1997 if (format
== NS_V3_CONSENSUS
|| format
== NS_V3_CONSENSUS_MICRODESC
)
2000 cp
= buf
+ strlen(buf
);
2001 /* NOTE: Whenever this list expands, be sure to increase MAX_FLAG_LINE_LEN*/
2002 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2003 "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
2004 /* These must stay in alphabetical order. */
2005 rs
->is_authority
?" Authority":"",
2006 rs
->is_bad_directory
?" BadDirectory":"",
2007 rs
->is_bad_exit
?" BadExit":"",
2008 rs
->is_exit
?" Exit":"",
2009 rs
->is_fast
?" Fast":"",
2010 rs
->is_possible_guard
?" Guard":"",
2011 rs
->is_hs_dir
?" HSDir":"",
2012 rs
->is_named
?" Named":"",
2013 rs
->is_running
?" Running":"",
2014 rs
->is_stable
?" Stable":"",
2015 rs
->is_unnamed
?" Unnamed":"",
2016 rs
->is_v2_dir
?" V2Dir":"",
2017 rs
->is_valid
?" Valid":"");
2019 log_warn(LD_BUG
, "Not enough space in buffer.");
2024 /* length of "opt v \n" */
2025 #define V_LINE_OVERHEAD 7
2026 if (version
&& strlen(version
) < MAX_V_LINE_LEN
- V_LINE_OVERHEAD
) {
2027 if (tor_snprintf(cp
, buf_len
- (cp
-buf
), "opt v %s\n", version
)<0) {
2028 log_warn(LD_BUG
, "Unable to print router version.");
2034 if (format
!= NS_V2
) {
2035 routerinfo_t
* desc
= router_get_by_digest(rs
->identity_digest
);
2038 if (format
!= NS_CONTROL_PORT
) {
2039 /* Blow up more or less nicely if we didn't get anything or not the
2040 * thing we expected.
2043 char id
[HEX_DIGEST_LEN
+1];
2044 char dd
[HEX_DIGEST_LEN
+1];
2046 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2047 base16_encode(dd
, sizeof(dd
), rs
->descriptor_digest
, DIGEST_LEN
);
2048 log_warn(LD_BUG
, "Cannot get any descriptor for %s "
2049 "(wanted descriptor %s).",
2054 /* This assert can fire for the control port, because
2055 * it can request NS documents before all descriptors
2056 * have been fetched. */
2057 if (memcmp(desc
->cache_info
.signed_descriptor_digest
,
2058 rs
->descriptor_digest
,
2060 char rl_d
[HEX_DIGEST_LEN
+1];
2061 char rs_d
[HEX_DIGEST_LEN
+1];
2062 char id
[HEX_DIGEST_LEN
+1];
2064 base16_encode(rl_d
, sizeof(rl_d
),
2065 desc
->cache_info
.signed_descriptor_digest
, DIGEST_LEN
);
2066 base16_encode(rs_d
, sizeof(rs_d
), rs
->descriptor_digest
, DIGEST_LEN
);
2067 base16_encode(id
, sizeof(id
), rs
->identity_digest
, DIGEST_LEN
);
2068 log_err(LD_BUG
, "descriptor digest in routerlist does not match "
2069 "the one in routerstatus: %s vs %s "
2073 tor_assert(!memcmp(desc
->cache_info
.signed_descriptor_digest
,
2074 rs
->descriptor_digest
,
2079 if (format
== NS_CONTROL_PORT
&& rs
->has_bandwidth
) {
2083 bw
= router_get_advertised_bandwidth_capped(desc
) / 1000;
2085 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2086 "w Bandwidth=%d\n", bw
);
2089 log_warn(LD_BUG
, "Not enough space in buffer.");
2093 if (format
== NS_V3_VOTE
&& rs
->has_measured_bw
) {
2094 *--cp
= '\0'; /* Kill "\n" */
2095 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
),
2096 " Measured=%d\n", rs
->measured_bw
);
2098 log_warn(LD_BUG
, "Not enough space in buffer for weight line.");
2105 summary
= policy_summarize(desc
->exit_policy
);
2106 r
= tor_snprintf(cp
, buf_len
- (cp
-buf
), "p %s\n", summary
);
2108 log_warn(LD_BUG
, "Not enough space in buffer.");
2120 /** Helper for sorting: compares two routerinfos first by address, and then by
2121 * descending order of "usefulness". (An authority is more useful than a
2122 * non-authority; a running router is more useful than a non-running router;
2123 * and a router with more bandwidth is more useful than one with less.)
2126 _compare_routerinfo_by_ip_and_bw(const void **a
, const void **b
)
2128 routerinfo_t
*first
= *(routerinfo_t
**)a
, *second
= *(routerinfo_t
**)b
;
2129 int first_is_auth
, second_is_auth
;
2130 uint32_t bw_first
, bw_second
;
2132 /* we return -1 if first should appear before second... that is,
2133 * if first is a better router. */
2134 if (first
->addr
< second
->addr
)
2136 else if (first
->addr
> second
->addr
)
2139 /* Potentially, this next bit could cause k n lg n memcmp calls. But in
2140 * reality, we will almost never get here, since addresses will usually be
2144 router_digest_is_trusted_dir(first
->cache_info
.identity_digest
);
2146 router_digest_is_trusted_dir(second
->cache_info
.identity_digest
);
2148 if (first_is_auth
&& !second_is_auth
)
2150 else if (!first_is_auth
&& second_is_auth
)
2153 else if (first
->is_running
&& !second
->is_running
)
2155 else if (!first
->is_running
&& second
->is_running
)
2158 bw_first
= router_get_advertised_bandwidth(first
);
2159 bw_second
= router_get_advertised_bandwidth(second
);
2161 if (bw_first
> bw_second
)
2163 else if (bw_first
< bw_second
)
2166 /* They're equal! Compare by identity digest, so there's a
2167 * deterministic order and we avoid flapping. */
2168 return memcmp(first
->cache_info
.identity_digest
,
2169 second
->cache_info
.identity_digest
,
2173 /** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
2174 * whose keys are the identity digests of those routers that we're going to
2175 * exclude for Sybil-like appearance. */
2176 static digestmap_t
*
2177 get_possible_sybil_list(const smartlist_t
*routers
)
2179 or_options_t
*options
= get_options();
2180 digestmap_t
*omit_as_sybil
;
2181 smartlist_t
*routers_by_ip
= smartlist_create();
2184 /* Allow at most this number of Tor servers on a single IP address, ... */
2185 int max_with_same_addr
= options
->AuthDirMaxServersPerAddr
;
2186 /* ... unless it's a directory authority, in which case allow more. */
2187 int max_with_same_addr_on_authority
= options
->AuthDirMaxServersPerAuthAddr
;
2188 if (max_with_same_addr
<= 0)
2189 max_with_same_addr
= INT_MAX
;
2190 if (max_with_same_addr_on_authority
<= 0)
2191 max_with_same_addr_on_authority
= INT_MAX
;
2193 smartlist_add_all(routers_by_ip
, routers
);
2194 smartlist_sort(routers_by_ip
, _compare_routerinfo_by_ip_and_bw
);
2195 omit_as_sybil
= digestmap_new();
2199 SMARTLIST_FOREACH(routers_by_ip
, routerinfo_t
*, ri
,
2201 if (last_addr
!= ri
->addr
) {
2202 last_addr
= ri
->addr
;
2204 } else if (++addr_count
> max_with_same_addr
) {
2205 if (!router_addr_is_trusted_dir(ri
->addr
) ||
2206 addr_count
> max_with_same_addr_on_authority
)
2207 digestmap_set(omit_as_sybil
, ri
->cache_info
.identity_digest
, ri
);
2211 smartlist_free(routers_by_ip
);
2212 return omit_as_sybil
;
2215 /** Extract status information from <b>ri</b> and from other authority
2216 * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
2217 * the named flag in <b>rs</b>.
2219 * We assume that ri-\>is_running has already been set, e.g. by
2220 * dirserv_set_router_is_running(ri, now);
2223 set_routerstatus_from_routerinfo(routerstatus_t
*rs
,
2224 routerinfo_t
*ri
, time_t now
,
2225 int naming
, int listbadexits
,
2228 int unstable_version
=
2229 !tor_version_as_new_as(ri
->platform
,"0.1.1.16-rc-cvs");
2230 memset(rs
, 0, sizeof(routerstatus_t
));
2233 router_digest_is_trusted_dir(ri
->cache_info
.identity_digest
);
2235 /* Already set by compute_performance_thresholds. */
2236 rs
->is_exit
= ri
->is_exit
;
2237 rs
->is_stable
= ri
->is_stable
=
2238 router_is_active(ri
, now
) &&
2239 !dirserv_thinks_router_is_unreliable(now
, ri
, 1, 0) &&
2241 rs
->is_fast
= ri
->is_fast
=
2242 router_is_active(ri
, now
) &&
2243 !dirserv_thinks_router_is_unreliable(now
, ri
, 0, 1);
2244 rs
->is_running
= ri
->is_running
; /* computed above */
2247 uint32_t name_status
= dirserv_get_name_status(
2248 ri
->cache_info
.identity_digest
, ri
->nickname
);
2249 rs
->is_named
= (naming
&& (name_status
& FP_NAMED
)) ? 1 : 0;
2250 rs
->is_unnamed
= (naming
&& (name_status
& FP_UNNAMED
)) ? 1 : 0;
2252 rs
->is_valid
= ri
->is_valid
;
2255 (router_get_advertised_bandwidth(ri
) >= BANDWIDTH_TO_GUARANTEE_GUARD
||
2256 router_get_advertised_bandwidth(ri
) >=
2257 MIN(guard_bandwidth_including_exits
,
2258 guard_bandwidth_excluding_exits
))) {
2259 long tk
= rep_hist_get_weighted_time_known(
2260 ri
->cache_info
.identity_digest
, now
);
2261 double wfu
= rep_hist_get_weighted_fractional_uptime(
2262 ri
->cache_info
.identity_digest
, now
);
2263 rs
->is_possible_guard
= (wfu
>= guard_wfu
&& tk
>= guard_tk
) ? 1 : 0;
2265 rs
->is_possible_guard
= 0;
2267 rs
->is_bad_directory
= listbaddirs
&& ri
->is_bad_directory
;
2268 rs
->is_bad_exit
= listbadexits
&& ri
->is_bad_exit
;
2269 ri
->is_hs_dir
= dirserv_thinks_router_is_hs_dir(ri
, now
);
2270 rs
->is_hs_dir
= ri
->is_hs_dir
;
2271 rs
->is_v2_dir
= ri
->dir_port
!= 0;
2273 if (!strcasecmp(ri
->nickname
, UNNAMED_ROUTER_NICKNAME
))
2274 rs
->is_named
= rs
->is_unnamed
= 0;
2276 rs
->published_on
= ri
->cache_info
.published_on
;
2277 memcpy(rs
->identity_digest
, ri
->cache_info
.identity_digest
, DIGEST_LEN
);
2278 memcpy(rs
->descriptor_digest
, ri
->cache_info
.signed_descriptor_digest
,
2280 rs
->addr
= ri
->addr
;
2281 strlcpy(rs
->nickname
, ri
->nickname
, sizeof(rs
->nickname
));
2282 rs
->or_port
= ri
->or_port
;
2283 rs
->dir_port
= ri
->dir_port
;
2286 /** Routerstatus <b>rs</b> is part of a group of routers that are on
2287 * too narrow an IP-space. Clear out its flags: we don't want people
2291 clear_status_flags_on_sybil(routerstatus_t
*rs
)
2293 rs
->is_authority
= rs
->is_exit
= rs
->is_stable
= rs
->is_fast
=
2294 rs
->is_running
= rs
->is_named
= rs
->is_valid
= rs
->is_v2_dir
=
2295 rs
->is_hs_dir
= rs
->is_possible_guard
= rs
->is_bad_exit
=
2296 rs
->is_bad_directory
= 0;
2297 /* FFFF we might want some mechanism to check later on if we
2298 * missed zeroing any flags: it's easy to add a new flag but
2299 * forget to add it to this clause. */
2302 /** Clear all the status flags in routerinfo <b>router</b>. We put this
2303 * function here because it's eerily similar to
2304 * clear_status_flags_on_sybil() above. One day we should merge them. */
2306 router_clear_status_flags(routerinfo_t
*router
)
2308 router
->is_valid
= router
->is_running
= router
->is_hs_dir
=
2309 router
->is_fast
= router
->is_stable
=
2310 router
->is_possible_guard
= router
->is_exit
=
2311 router
->is_bad_exit
= router
->is_bad_directory
= 0;
2315 * Helper function to parse out a line in the measured bandwidth file
2316 * into a measured_bw_line_t output structure. Returns -1 on failure
2320 measured_bw_line_parse(measured_bw_line_t
*out
, const char *orig_line
)
2322 char *line
= tor_strdup(orig_line
);
2325 int got_node_id
= 0;
2326 char *strtok_state
; /* lame sauce d'jour */
2327 cp
= tor_strtok_r(cp
, " \t", &strtok_state
);
2330 log_warn(LD_DIRSERV
, "Invalid line in bandwidth file: %s",
2331 escaped(orig_line
));
2336 if (orig_line
[strlen(orig_line
)-1] != '\n') {
2337 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2338 escaped(orig_line
));
2344 if (strcmpstart(cp
, "bw=") == 0) {
2348 log_warn(LD_DIRSERV
, "Double bw= in bandwidth file line: %s",
2349 escaped(orig_line
));
2355 out
->bw
= tor_parse_long(cp
, 0, 0, LONG_MAX
, &parse_ok
, &endptr
);
2356 if (!parse_ok
|| (*endptr
&& !TOR_ISSPACE(*endptr
))) {
2357 log_warn(LD_DIRSERV
, "Invalid bandwidth in bandwidth file line: %s",
2358 escaped(orig_line
));
2363 } else if (strcmpstart(cp
, "node_id=$") == 0) {
2365 log_warn(LD_DIRSERV
, "Double node_id= in bandwidth file line: %s",
2366 escaped(orig_line
));
2370 cp
+=strlen("node_id=$");
2372 if (strlen(cp
) != HEX_DIGEST_LEN
||
2373 base16_decode(out
->node_id
, DIGEST_LEN
, cp
, HEX_DIGEST_LEN
)) {
2374 log_warn(LD_DIRSERV
, "Invalid node_id in bandwidth file line: %s",
2375 escaped(orig_line
));
2379 strncpy(out
->node_hex
, cp
, sizeof(out
->node_hex
));
2382 } while ((cp
= tor_strtok_r(NULL
, " \t", &strtok_state
)));
2384 if (got_bw
&& got_node_id
) {
2388 log_warn(LD_DIRSERV
, "Incomplete line in bandwidth file: %s",
2389 escaped(orig_line
));
2396 * Helper function to apply a parsed measurement line to a list
2397 * of bandwidth statuses. Returns true if a line is found,
2401 measured_bw_line_apply(measured_bw_line_t
*parsed_line
,
2402 smartlist_t
*routerstatuses
)
2404 routerstatus_t
*rs
= NULL
;
2405 if (!routerstatuses
)
2408 rs
= smartlist_bsearch(routerstatuses
, parsed_line
->node_id
,
2409 compare_digest_to_routerstatus_entry
);
2412 rs
->has_measured_bw
= 1;
2413 rs
->measured_bw
= (uint32_t)parsed_line
->bw
;
2415 log_info(LD_DIRSERV
, "Node ID %s not found in routerstatus list",
2416 parsed_line
->node_hex
);
2423 * Read the measured bandwidth file and apply it to the list of
2424 * routerstatuses. Returns -1 on error, 0 otherwise.
2427 dirserv_read_measured_bandwidths(const char *from_file
,
2428 smartlist_t
*routerstatuses
)
2431 FILE *fp
= fopen(from_file
, "r");
2432 int applied_lines
= 0;
2436 log_warn(LD_CONFIG
, "Can't open bandwidth file at configured location: %s",
2441 if (!fgets(line
, sizeof(line
), fp
)
2442 || !strlen(line
) || line
[strlen(line
)-1] != '\n') {
2443 log_warn(LD_DIRSERV
, "Long or truncated time in bandwidth file: %s",
2449 line
[strlen(line
)-1] = '\0';
2450 file_time
= tor_parse_ulong(line
, 10, 0, ULONG_MAX
, &ok
, NULL
);
2452 log_warn(LD_DIRSERV
, "Non-integer time in bandwidth file: %s",
2458 if ((time(NULL
) - file_time
) > MAX_MEASUREMENT_AGE
) {
2459 log_warn(LD_DIRSERV
, "Bandwidth measurement file stale. Age: %u",
2460 (unsigned)(time(NULL
) - file_time
));
2466 smartlist_sort(routerstatuses
, compare_routerstatus_entries
);
2469 measured_bw_line_t parsed_line
;
2470 if (fgets(line
, sizeof(line
), fp
) && strlen(line
)) {
2471 if (measured_bw_line_parse(&parsed_line
, line
) != -1) {
2472 if (measured_bw_line_apply(&parsed_line
, routerstatuses
) > 0)
2479 log_info(LD_DIRSERV
,
2480 "Bandwidth measurement file successfully read. "
2481 "Applied %d measurements.", applied_lines
);
2485 /** Return a new networkstatus_t* containing our current opinion. (For v3
2488 dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t
*private_key
,
2489 authority_cert_t
*cert
)
2491 or_options_t
*options
= get_options();
2492 networkstatus_t
*v3_out
= NULL
;
2494 char *hostname
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
;
2495 const char *contact
;
2496 smartlist_t
*routers
, *routerstatuses
;
2497 char identity_digest
[DIGEST_LEN
];
2498 char signing_key_digest
[DIGEST_LEN
];
2499 int naming
= options
->NamingAuthoritativeDir
;
2500 int listbadexits
= options
->AuthDirListBadExits
;
2501 int listbaddirs
= options
->AuthDirListBadDirs
;
2502 routerlist_t
*rl
= router_get_routerlist();
2503 time_t now
= time(NULL
);
2504 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2505 networkstatus_voter_info_t
*voter
= NULL
;
2506 vote_timing_t timing
;
2507 digestmap_t
*omit_as_sybil
= NULL
;
2508 const int vote_on_reachability
= running_long_enough_to_decide_unreachable();
2509 smartlist_t
*microdescriptors
= NULL
;
2511 tor_assert(private_key
);
2514 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2515 log_warn(LD_NET
, "Couldn't resolve my hostname");
2518 if (!strchr(hostname
, '.')) {
2520 hostname
= tor_dup_ip(addr
);
2522 if (crypto_pk_get_digest(private_key
, signing_key_digest
)<0) {
2523 log_err(LD_BUG
, "Error computing signing key digest");
2526 if (crypto_pk_get_digest(cert
->identity_key
, identity_digest
)<0) {
2527 log_err(LD_BUG
, "Error computing identity key digest");
2531 if (options
->VersioningAuthoritativeDir
) {
2532 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2533 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2536 contact
= get_options()->ContactInfo
;
2540 /* precompute this part, since we need it to decide what "stable"
2542 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2543 dirserv_set_router_is_running(ri
, now
);
2546 dirserv_compute_performance_thresholds(rl
);
2548 routers
= smartlist_create();
2549 smartlist_add_all(routers
, rl
->routers
);
2550 routers_sort_by_identity(routers
);
2551 omit_as_sybil
= get_possible_sybil_list(routers
);
2553 routerstatuses
= smartlist_create();
2554 microdescriptors
= smartlist_create();
2556 SMARTLIST_FOREACH_BEGIN(routers
, routerinfo_t
*, ri
) {
2557 if (ri
->cache_info
.published_on
>= cutoff
) {
2559 vote_routerstatus_t
*vrs
;
2562 vrs
= tor_malloc_zero(sizeof(vote_routerstatus_t
));
2564 set_routerstatus_from_routerinfo(rs
, ri
, now
,
2565 naming
, listbadexits
, listbaddirs
);
2567 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2568 clear_status_flags_on_sybil(rs
);
2570 if (!vote_on_reachability
)
2573 vrs
->version
= version_from_platform(ri
->platform
);
2574 md
= dirvote_create_microdescriptor(ri
);
2577 vote_microdesc_hash_t
*h
;
2578 dirvote_format_microdesc_vote_line(buf
, sizeof(buf
), md
);
2579 h
= tor_malloc(sizeof(vote_microdesc_hash_t
));
2580 h
->microdesc_hash_line
= tor_strdup(buf
);
2583 md
->last_listed
= now
;
2584 smartlist_add(microdescriptors
, md
);
2587 smartlist_add(routerstatuses
, vrs
);
2589 } SMARTLIST_FOREACH_END(ri
);
2592 smartlist_t
*added
=
2593 microdescs_add_list_to_cache(get_microdesc_cache(),
2594 microdescriptors
, SAVED_NOWHERE
, 0);
2595 smartlist_free(added
);
2596 smartlist_free(microdescriptors
);
2599 smartlist_free(routers
);
2600 digestmap_free(omit_as_sybil
, NULL
);
2602 if (options
->V3BandwidthsFile
) {
2603 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
,
2607 v3_out
= tor_malloc_zero(sizeof(networkstatus_t
));
2609 v3_out
->type
= NS_TYPE_VOTE
;
2610 dirvote_get_preferred_voting_intervals(&timing
);
2611 v3_out
->published
= now
;
2613 char tbuf
[ISO_TIME_LEN
+1];
2614 networkstatus_t
*current_consensus
=
2615 networkstatus_get_live_consensus(now
);
2616 long last_consensus_interval
; /* only used to pick a valid_after */
2617 if (current_consensus
)
2618 last_consensus_interval
= current_consensus
->fresh_until
-
2619 current_consensus
->valid_after
;
2621 last_consensus_interval
= options
->TestingV3AuthInitialVotingInterval
;
2622 v3_out
->valid_after
=
2623 dirvote_get_start_of_next_interval(now
, (int)last_consensus_interval
);
2624 format_iso_time(tbuf
, v3_out
->valid_after
);
2625 log_notice(LD_DIR
,"Choosing valid-after time in vote as %s: "
2626 "consensus_set=%d, last_interval=%d",
2627 tbuf
, current_consensus
?1:0, (int)last_consensus_interval
);
2629 v3_out
->fresh_until
= v3_out
->valid_after
+ timing
.vote_interval
;
2630 v3_out
->valid_until
= v3_out
->valid_after
+
2631 (timing
.vote_interval
* timing
.n_intervals_valid
);
2632 v3_out
->vote_seconds
= timing
.vote_delay
;
2633 v3_out
->dist_seconds
= timing
.dist_delay
;
2634 tor_assert(v3_out
->vote_seconds
> 0);
2635 tor_assert(v3_out
->dist_seconds
> 0);
2636 tor_assert(timing
.n_intervals_valid
> 0);
2638 v3_out
->client_versions
= client_versions
;
2639 v3_out
->server_versions
= server_versions
;
2640 v3_out
->known_flags
= smartlist_create();
2641 smartlist_split_string(v3_out
->known_flags
,
2642 "Authority Exit Fast Guard HSDir Stable V2Dir Valid",
2643 0, SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2644 if (vote_on_reachability
)
2645 smartlist_add(v3_out
->known_flags
, tor_strdup("Running"));
2647 smartlist_add(v3_out
->known_flags
, tor_strdup("BadDirectory"));
2649 smartlist_add(v3_out
->known_flags
, tor_strdup("BadExit"));
2651 smartlist_add(v3_out
->known_flags
, tor_strdup("Named"));
2652 smartlist_add(v3_out
->known_flags
, tor_strdup("Unnamed"));
2654 smartlist_sort_strings(v3_out
->known_flags
);
2656 if (options
->ConsensusParams
) {
2657 v3_out
->net_params
= smartlist_create();
2658 smartlist_split_string(v3_out
->net_params
,
2659 options
->ConsensusParams
, NULL
, 0, 0);
2660 smartlist_sort_strings(v3_out
->net_params
);
2663 voter
= tor_malloc_zero(sizeof(networkstatus_voter_info_t
));
2664 voter
->nickname
= tor_strdup(options
->Nickname
);
2665 memcpy(voter
->identity_digest
, identity_digest
, DIGEST_LEN
);
2666 voter
->sigs
= smartlist_create();
2667 voter
->address
= hostname
;
2669 voter
->dir_port
= options
->DirPort
;
2670 voter
->or_port
= options
->ORPort
;
2671 voter
->contact
= tor_strdup(contact
);
2672 if (options
->V3AuthUseLegacyKey
) {
2673 authority_cert_t
*c
= get_my_v3_legacy_cert();
2675 crypto_pk_get_digest(c
->identity_key
, voter
->legacy_id_digest
);
2679 v3_out
->voters
= smartlist_create();
2680 smartlist_add(v3_out
->voters
, voter
);
2681 v3_out
->cert
= authority_cert_dup(cert
);
2682 v3_out
->routerstatus_list
= routerstatuses
;
2683 /* Note: networkstatus_digest is unset; it won't get set until we actually
2684 * format the vote. */
2689 /** For v2 authoritative directories only: Replace the contents of
2690 * <b>the_v2_networkstatus</b> with a newly generated network status
2692 static cached_dir_t
*
2693 generate_v2_networkstatus_opinion(void)
2695 cached_dir_t
*r
= NULL
;
2696 size_t len
, identity_pkey_len
;
2697 char *status
= NULL
, *client_versions
= NULL
, *server_versions
= NULL
,
2698 *identity_pkey
= NULL
, *hostname
= NULL
;
2700 or_options_t
*options
= get_options();
2701 char fingerprint
[FINGERPRINT_LEN
+1];
2702 char ipaddr
[INET_NTOA_BUF_LEN
];
2703 char published
[ISO_TIME_LEN
+1];
2704 char digest
[DIGEST_LEN
];
2707 crypto_pk_env_t
*private_key
;
2708 routerlist_t
*rl
= router_get_routerlist();
2709 time_t now
= time(NULL
);
2710 time_t cutoff
= now
- ROUTER_MAX_AGE_TO_PUBLISH
;
2711 int naming
= options
->NamingAuthoritativeDir
;
2712 int versioning
= options
->VersioningAuthoritativeDir
;
2713 int listbaddirs
= options
->AuthDirListBadDirs
;
2714 int listbadexits
= options
->AuthDirListBadExits
;
2715 const char *contact
;
2716 char *version_lines
= NULL
;
2717 smartlist_t
*routers
= NULL
;
2718 digestmap_t
*omit_as_sybil
= NULL
;
2720 private_key
= get_server_identity_key();
2722 if (resolve_my_address(LOG_WARN
, options
, &addr
, &hostname
)<0) {
2723 log_warn(LD_NET
, "Couldn't resolve my hostname");
2726 in
.s_addr
= htonl(addr
);
2727 tor_inet_ntoa(&in
, ipaddr
, sizeof(ipaddr
));
2729 format_iso_time(published
, now
);
2731 client_versions
= format_versions_list(options
->RecommendedClientVersions
);
2732 server_versions
= format_versions_list(options
->RecommendedServerVersions
);
2734 if (crypto_pk_write_public_key_to_string(private_key
, &identity_pkey
,
2735 &identity_pkey_len
)<0) {
2736 log_warn(LD_BUG
,"Writing public key to string failed.");
2740 if (crypto_pk_get_fingerprint(private_key
, fingerprint
, 0)<0) {
2741 log_err(LD_BUG
, "Error computing fingerprint");
2745 contact
= get_options()->ContactInfo
;
2750 size_t v_len
= 64+strlen(client_versions
)+strlen(server_versions
);
2751 version_lines
= tor_malloc(v_len
);
2752 tor_snprintf(version_lines
, v_len
,
2753 "client-versions %s\nserver-versions %s\n",
2754 client_versions
, server_versions
);
2756 version_lines
= tor_strdup("");
2759 len
= 4096+strlen(client_versions
)+strlen(server_versions
);
2760 len
+= identity_pkey_len
*2;
2761 len
+= (RS_ENTRY_LEN
)*smartlist_len(rl
->routers
);
2763 status
= tor_malloc(len
);
2764 tor_snprintf(status
, len
,
2765 "network-status-version 2\n"
2766 "dir-source %s %s %d\n"
2770 "dir-options%s%s%s%s\n"
2771 "%s" /* client version line, server version line. */
2772 "dir-signing-key\n%s",
2773 hostname
, ipaddr
, (int)options
->DirPort
,
2777 naming
? " Names" : "",
2778 listbaddirs
? " BadDirectories" : "",
2779 listbadexits
? " BadExits" : "",
2780 versioning
? " Versions" : "",
2783 outp
= status
+ strlen(status
);
2784 endp
= status
+ len
;
2786 /* precompute this part, since we need it to decide what "stable"
2788 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
2789 dirserv_set_router_is_running(ri
, now
);
2792 dirserv_compute_performance_thresholds(rl
);
2794 routers
= smartlist_create();
2795 smartlist_add_all(routers
, rl
->routers
);
2796 routers_sort_by_identity(routers
);
2798 omit_as_sybil
= get_possible_sybil_list(routers
);
2800 SMARTLIST_FOREACH(routers
, routerinfo_t
*, ri
, {
2801 if (ri
->cache_info
.published_on
>= cutoff
) {
2803 char *version
= version_from_platform(ri
->platform
);
2805 set_routerstatus_from_routerinfo(&rs
, ri
, now
,
2806 naming
, listbadexits
, listbaddirs
);
2808 if (digestmap_get(omit_as_sybil
, ri
->cache_info
.identity_digest
))
2809 clear_status_flags_on_sybil(&rs
);
2811 if (routerstatus_format_entry(outp
, endp
-outp
, &rs
, version
, NS_V2
)) {
2812 log_warn(LD_BUG
, "Unable to print router status.");
2817 outp
+= strlen(outp
);
2821 if (tor_snprintf(outp
, endp
-outp
, "directory-signature %s\n",
2822 get_options()->Nickname
)<0) {
2823 log_warn(LD_BUG
, "Unable to write signature line.");
2826 if (router_get_networkstatus_v2_hash(status
, digest
)<0) {
2827 log_warn(LD_BUG
, "Unable to hash network status");
2830 outp
+= strlen(outp
);
2832 note_crypto_pk_op(SIGN_DIR
);
2833 if (router_append_dirobj_signature(outp
,endp
-outp
,digest
,DIGEST_LEN
,
2835 log_warn(LD_BUG
, "Unable to sign router status.");
2840 networkstatus_v2_t
*ns
;
2841 if (!(ns
= networkstatus_v2_parse_from_string(status
))) {
2842 log_err(LD_BUG
,"Generated a networkstatus we couldn't parse.");
2845 networkstatus_v2_free(ns
);
2849 cached_dir_t
**ns_ptr
= &the_v2_networkstatus
;
2851 cached_dir_decref(*ns_ptr
);
2852 *ns_ptr
= new_cached_dir(status
, now
);
2853 status
= NULL
; /* So it doesn't get double-freed. */
2854 the_v2_networkstatus_is_dirty
= 0;
2855 router_set_networkstatus_v2((*ns_ptr
)->dir
, now
, NS_GENERATED
, NULL
);
2860 tor_free(client_versions
);
2861 tor_free(server_versions
);
2862 tor_free(version_lines
);
2865 tor_free(identity_pkey
);
2866 smartlist_free(routers
);
2867 digestmap_free(omit_as_sybil
, NULL
);
2871 /** Given the portion of a networkstatus request URL after "tor/status/" in
2872 * <b>key</b>, append to <b>result</b> the digests of the identity keys of the
2873 * networkstatus objects that the client has requested. */
2875 dirserv_get_networkstatus_v2_fingerprints(smartlist_t
*result
,
2880 if (!cached_v2_networkstatus
)
2881 cached_v2_networkstatus
= digestmap_new();
2883 if (should_generate_v2_networkstatus())
2884 generate_v2_networkstatus_opinion();
2886 if (!strcmp(key
,"authority")) {
2887 if (authdir_mode_v2(get_options())) {
2888 routerinfo_t
*me
= router_get_my_routerinfo();
2890 smartlist_add(result
,
2891 tor_memdup(me
->cache_info
.identity_digest
, DIGEST_LEN
));
2893 } else if (!strcmp(key
, "all")) {
2894 if (digestmap_size(cached_v2_networkstatus
)) {
2895 digestmap_iter_t
*iter
;
2896 iter
= digestmap_iter_init(cached_v2_networkstatus
);
2897 while (!digestmap_iter_done(iter
)) {
2900 digestmap_iter_get(iter
, &ident
, &val
);
2901 smartlist_add(result
, tor_memdup(ident
, DIGEST_LEN
));
2902 iter
= digestmap_iter_next(cached_v2_networkstatus
, iter
);
2905 SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2906 trusted_dir_server_t
*, ds
,
2907 if (ds
->type
& V2_AUTHORITY
)
2908 smartlist_add(result
, tor_memdup(ds
->digest
, DIGEST_LEN
)));
2910 smartlist_sort_digests(result
);
2911 if (smartlist_len(result
) == 0)
2912 log_info(LD_DIRSERV
,
2913 "Client requested 'all' network status objects; we have none.");
2914 } else if (!strcmpstart(key
, "fp/")) {
2915 dir_split_resource_into_fingerprints(key
+3, result
, NULL
,
2916 DSR_HEX
|DSR_SORT_UNIQ
);
2920 /** Look for a network status object as specified by <b>key</b>, which should
2921 * be either "authority" (to find a network status generated by us), a hex
2922 * identity digest (to find a network status generated by given directory), or
2923 * "all" (to return all the v2 network status objects we have).
2926 dirserv_get_networkstatus_v2(smartlist_t
*result
,
2929 cached_dir_t
*cached
;
2930 smartlist_t
*fingerprints
= smartlist_create();
2933 if (!cached_v2_networkstatus
)
2934 cached_v2_networkstatus
= digestmap_new();
2936 dirserv_get_networkstatus_v2_fingerprints(fingerprints
, key
);
2937 SMARTLIST_FOREACH(fingerprints
, const char *, fp
,
2939 if (router_digest_is_me(fp
) && should_generate_v2_networkstatus())
2940 generate_v2_networkstatus_opinion();
2941 cached
= digestmap_get(cached_v2_networkstatus
, fp
);
2943 smartlist_add(result
, cached
);
2945 char hexbuf
[HEX_DIGEST_LEN
+1];
2946 base16_encode(hexbuf
, sizeof(hexbuf
), fp
, DIGEST_LEN
);
2947 log_info(LD_DIRSERV
, "Don't know about any network status with "
2948 "fingerprint '%s'", hexbuf
);
2951 SMARTLIST_FOREACH(fingerprints
, char *, cp
, tor_free(cp
));
2952 smartlist_free(fingerprints
);
2955 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
2956 * pointers, adds copies of digests to fps_out, and doesn't use the
2957 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
2958 * requests, adds identity digests.
2961 dirserv_get_routerdesc_fingerprints(smartlist_t
*fps_out
, const char *key
,
2962 const char **msg
, int for_unencrypted_conn
,
2968 if (!strcmp(key
, "all")) {
2969 routerlist_t
*rl
= router_get_routerlist();
2970 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
2971 smartlist_add(fps_out
,
2972 tor_memdup(r
->cache_info
.identity_digest
, DIGEST_LEN
)));
2973 } else if (!strcmp(key
, "authority")) {
2974 routerinfo_t
*ri
= router_get_my_routerinfo();
2976 smartlist_add(fps_out
,
2977 tor_memdup(ri
->cache_info
.identity_digest
, DIGEST_LEN
));
2978 } else if (!strcmpstart(key
, "d/")) {
2980 key
+= strlen("d/");
2981 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
2982 DSR_HEX
|DSR_SORT_UNIQ
);
2983 } else if (!strcmpstart(key
, "fp/")) {
2984 key
+= strlen("fp/");
2985 dir_split_resource_into_fingerprints(key
, fps_out
, NULL
,
2986 DSR_HEX
|DSR_SORT_UNIQ
);
2988 *msg
= "Key not recognized";
2992 if (for_unencrypted_conn
) {
2993 /* Remove anything that insists it not be sent unencrypted. */
2994 SMARTLIST_FOREACH(fps_out
, char *, cp
, {
2995 signed_descriptor_t
*sd
;
2997 sd
= get_signed_descriptor_by_fp(cp
,is_extrainfo
,0);
2998 else if (is_extrainfo
)
2999 sd
= extrainfo_get_by_descriptor_digest(cp
);
3001 sd
= router_get_by_descriptor_digest(cp
);
3002 if (sd
&& !sd
->send_unencrypted
) {
3004 SMARTLIST_DEL_CURRENT(fps_out
, cp
);
3009 if (!smartlist_len(fps_out
)) {
3010 *msg
= "Servers unavailable";
3016 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
3017 * <b>key</b>. The key should be either
3018 * - "/tor/server/authority" for our own routerinfo;
3019 * - "/tor/server/all" for all the routerinfos we have, concatenated;
3020 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
3021 * hex identity digests; or
3022 * - "/tor/server/d/D" where D is a plus-separated sequence
3023 * of server descriptor digests, in hex.
3025 * Return 0 if we found some matching descriptors, or -1 if we do not
3026 * have any descriptors, no matching descriptors, or if we did not
3027 * recognize the key (URL).
3028 * If -1 is returned *<b>msg</b> will be set to an appropriate error
3031 * XXXX rename this function. It's only called from the controller.
3032 * XXXX in fact, refactor this function, merging as much as possible.
3035 dirserv_get_routerdescs(smartlist_t
*descs_out
, const char *key
,
3040 if (!strcmp(key
, "/tor/server/all")) {
3041 routerlist_t
*rl
= router_get_routerlist();
3042 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, r
,
3043 smartlist_add(descs_out
, &(r
->cache_info
)));
3044 } else if (!strcmp(key
, "/tor/server/authority")) {
3045 routerinfo_t
*ri
= router_get_my_routerinfo();
3047 smartlist_add(descs_out
, &(ri
->cache_info
));
3048 } else if (!strcmpstart(key
, "/tor/server/d/")) {
3049 smartlist_t
*digests
= smartlist_create();
3050 key
+= strlen("/tor/server/d/");
3051 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3052 DSR_HEX
|DSR_SORT_UNIQ
);
3053 SMARTLIST_FOREACH(digests
, const char *, d
,
3055 signed_descriptor_t
*sd
= router_get_by_descriptor_digest(d
);
3057 smartlist_add(descs_out
,sd
);
3059 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3060 smartlist_free(digests
);
3061 } else if (!strcmpstart(key
, "/tor/server/fp/")) {
3062 smartlist_t
*digests
= smartlist_create();
3063 time_t cutoff
= time(NULL
) - ROUTER_MAX_AGE_TO_PUBLISH
;
3064 key
+= strlen("/tor/server/fp/");
3065 dir_split_resource_into_fingerprints(key
, digests
, NULL
,
3066 DSR_HEX
|DSR_SORT_UNIQ
);
3067 SMARTLIST_FOREACH(digests
, const char *, d
,
3069 if (router_digest_is_me(d
)) {
3070 /* make sure desc_routerinfo exists */
3071 routerinfo_t
*ri
= router_get_my_routerinfo();
3073 smartlist_add(descs_out
, &(ri
->cache_info
));
3075 routerinfo_t
*ri
= router_get_by_digest(d
);
3076 /* Don't actually serve a descriptor that everyone will think is
3077 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
3078 * Tors from downloading descriptors that they will throw away.
3080 if (ri
&& ri
->cache_info
.published_on
> cutoff
)
3081 smartlist_add(descs_out
, &(ri
->cache_info
));
3084 SMARTLIST_FOREACH(digests
, char *, d
, tor_free(d
));
3085 smartlist_free(digests
);
3087 *msg
= "Key not recognized";
3091 if (!smartlist_len(descs_out
)) {
3092 *msg
= "Servers unavailable";
3098 /** Called when a TLS handshake has completed successfully with a
3099 * router listening at <b>address</b>:<b>or_port</b>, and has yielded
3100 * a certificate with digest <b>digest_rcvd</b>.
3102 * Also, if as_advertised is 1, then inform the reachability checker
3103 * that we could get to this guy.
3106 dirserv_orconn_tls_done(const char *address
,
3108 const char *digest_rcvd
,
3111 routerlist_t
*rl
= router_get_routerlist();
3112 time_t now
= time(NULL
);
3113 int bridge_auth
= authdir_mode_bridge(get_options());
3114 tor_assert(address
);
3115 tor_assert(digest_rcvd
);
3117 SMARTLIST_FOREACH(rl
->routers
, routerinfo_t
*, ri
, {
3118 if (!strcasecmp(address
, ri
->address
) && or_port
== ri
->or_port
&&
3120 !memcmp(ri
->cache_info
.identity_digest
, digest_rcvd
, DIGEST_LEN
)) {
3121 /* correct digest. mark this router reachable! */
3122 if (!bridge_auth
|| ri
->purpose
== ROUTER_PURPOSE_BRIDGE
) {
3123 log_info(LD_DIRSERV
, "Found router %s to be reachable. Yay.",
3125 rep_hist_note_router_reachable(digest_rcvd
, now
);
3126 ri
->last_reachable
= now
;
3130 /* FFFF Maybe we should reinstate the code that dumps routers with the same
3131 * addr/port but with nonmatching keys, but instead of dumping, we should
3135 /** Called when we, as an authority, receive a new router descriptor either as
3136 * an upload or a download. Used to decide whether to relaunch reachability
3137 * testing for the server. */
3139 dirserv_should_launch_reachability_test(routerinfo_t
*ri
, routerinfo_t
*ri_old
)
3141 if (!authdir_mode_handles_descs(get_options(), ri
->purpose
))
3144 /* New router: Launch an immediate reachability test, so we will have an
3145 * opinion soon in case we're generating a consensus soon */
3148 if (ri_old
->is_hibernating
&& !ri
->is_hibernating
) {
3149 /* It just came out of hibernation; launch a reachability test */
3152 if (! routers_have_same_or_addr(ri
, ri_old
)) {
3153 /* Address or port changed; launch a reachability test */
3159 /** Helper function for dirserv_test_reachability(). Start a TLS
3160 * connection to <b>router</b>, and annotate it with when we started
3163 dirserv_single_reachability_test(time_t now
, routerinfo_t
*router
)
3165 tor_addr_t router_addr
;
3166 log_debug(LD_OR
,"Testing reachability of %s at %s:%u.",
3167 router
->nickname
, router
->address
, router
->or_port
);
3168 /* Remember when we started trying to determine reachability */
3169 if (!router
->testing_since
)
3170 router
->testing_since
= now
;
3171 tor_addr_from_ipv4h(&router_addr
, router
->addr
);
3172 connection_or_connect(&router_addr
, router
->or_port
,
3173 router
->cache_info
.identity_digest
);
3176 /** Auth dir server only: load balance such that we only
3177 * try a few connections per call.
3179 * The load balancing is such that if we get called once every ten
3180 * seconds, we will cycle through all the tests in 1280 seconds (a
3181 * bit over 20 minutes).
3184 dirserv_test_reachability(time_t now
)
3186 /* XXX decide what to do here; see or-talk thread "purging old router
3187 * information, revocation." -NM
3188 * We can't afford to mess with this in 0.1.2.x. The reason is that
3189 * if we stop doing reachability tests on some of routerlist, then
3190 * we'll for-sure think they're down, which may have unexpected
3191 * effects in other parts of the code. It doesn't hurt much to do
3192 * the testing, and directory authorities are easy to upgrade. Let's
3193 * wait til 0.2.0. -RD */
3194 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
3195 routerlist_t
*rl
= router_get_routerlist();
3196 static char ctr
= 0;
3197 int bridge_auth
= authdir_mode_bridge(get_options());
3199 SMARTLIST_FOREACH_BEGIN(rl
->routers
, routerinfo_t
*, router
) {
3200 const char *id_digest
= router
->cache_info
.identity_digest
;
3201 if (router_is_me(router
))
3203 if (bridge_auth
&& router
->purpose
!= ROUTER_PURPOSE_BRIDGE
)
3204 continue; /* bridge authorities only test reachability on bridges */
3205 // if (router->cache_info.published_on > cutoff)
3207 if ((((uint8_t)id_digest
[0]) % 128) == ctr
) {
3208 dirserv_single_reachability_test(now
, router
);
3210 } SMARTLIST_FOREACH_END(router
);
3211 ctr
= (ctr
+ 1) % 128; /* increment ctr */
3214 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
3215 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
3216 * flavor name if we want a flavored v3 status, return a pointer to the
3217 * appropriate cached dir object, or NULL if there isn't one available. */
3218 static cached_dir_t
*
3219 lookup_cached_dir_by_fp(const char *fp
)
3221 cached_dir_t
*d
= NULL
;
3222 if (tor_digest_is_zero(fp
) && cached_consensuses
)
3223 d
= strmap_get(cached_consensuses
, "ns");
3224 else if (memchr(fp
, '\0', DIGEST_LEN
) && cached_consensuses
&&
3225 (d
= strmap_get(cached_consensuses
, fp
))) {
3226 /* this here interface is a nasty hack XXXX022 */;
3227 } else if (router_digest_is_me(fp
) && the_v2_networkstatus
)
3228 d
= the_v2_networkstatus
;
3229 else if (cached_v2_networkstatus
)
3230 d
= digestmap_get(cached_v2_networkstatus
, fp
);
3234 /** Remove from <b>fps</b> every networkstatus key where both
3235 * a) we have a networkstatus document and
3236 * b) it is not newer than <b>cutoff</b>.
3238 * Return 1 if any items were present at all; else return 0.
3241 dirserv_remove_old_statuses(smartlist_t
*fps
, time_t cutoff
)
3244 SMARTLIST_FOREACH(fps
, char *, digest
,
3246 cached_dir_t
*d
= lookup_cached_dir_by_fp(digest
);
3250 if (d
->published
<= cutoff
) {
3252 SMARTLIST_DEL_CURRENT(fps
, digest
);
3259 /** Return the cache-info for identity fingerprint <b>fp</b>, or
3260 * its extra-info document if <b>extrainfo</b> is true. Return
3261 * NULL if not found or if the descriptor is older than
3262 * <b>publish_cutoff</b>. */
3263 static signed_descriptor_t
*
3264 get_signed_descriptor_by_fp(const char *fp
, int extrainfo
,
3265 time_t publish_cutoff
)
3267 if (router_digest_is_me(fp
)) {
3269 return &(router_get_my_extrainfo()->cache_info
);
3271 return &(router_get_my_routerinfo()->cache_info
);
3273 routerinfo_t
*ri
= router_get_by_digest(fp
);
3275 ri
->cache_info
.published_on
> publish_cutoff
) {
3277 return extrainfo_get_by_descriptor_digest(
3278 ri
->cache_info
.extra_info_digest
);
3280 return &ri
->cache_info
;
3286 /** Return true iff we have any of the documents (extrainfo or routerdesc)
3287 * specified by the fingerprints in <b>fps</b> and <b>spool_src</b>. Used to
3288 * decide whether to send a 404. */
3290 dirserv_have_any_serverdesc(smartlist_t
*fps
, int spool_src
)
3292 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3293 SMARTLIST_FOREACH(fps
, const char *, fp
, {
3296 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3297 if (extrainfo_get_by_descriptor_digest(fp
)) return 1;
3299 case DIR_SPOOL_SERVER_BY_DIGEST
:
3300 if (router_get_by_descriptor_digest(fp
)) return 1;
3302 case DIR_SPOOL_EXTRA_BY_FP
:
3303 case DIR_SPOOL_SERVER_BY_FP
:
3304 if (get_signed_descriptor_by_fp(fp
,
3305 spool_src
== DIR_SPOOL_EXTRA_BY_FP
, publish_cutoff
))
3313 /** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
3314 * a microdescriptor we have. */
3316 dirserv_have_any_microdesc(const smartlist_t
*fps
)
3318 microdesc_cache_t
*cache
= get_microdesc_cache();
3319 SMARTLIST_FOREACH(fps
, const char *, fp
,
3320 if (microdesc_cache_lookup_by_digest256(cache
, fp
))
3325 /** Return an approximate estimate of the number of bytes that will
3326 * be needed to transmit the server descriptors (if is_serverdescs --
3327 * they can be either d/ or fp/ queries) or networkstatus objects (if
3328 * !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is set,
3329 * we guess how large the data will be after compression.
3331 * The return value is an estimate; it might be larger or smaller.
3334 dirserv_estimate_data_size(smartlist_t
*fps
, int is_serverdescs
,
3339 if (is_serverdescs
) {
3340 int n
= smartlist_len(fps
);
3341 routerinfo_t
*me
= router_get_my_routerinfo();
3342 result
= (me
?me
->cache_info
.signed_descriptor_len
:2048) * n
;
3344 result
/= 2; /* observed compressibility is between 35 and 55%. */
3347 SMARTLIST_FOREACH(fps
, const char *, digest
, {
3348 cached_dir_t
*dir
= lookup_cached_dir_by_fp(digest
);
3350 result
+= compressed
? dir
->dir_z_len
: dir
->dir_len
;
3356 /** Given a list of microdescriptor hashes, guess how many bytes will be
3357 * needed to transmit them, and return the guess. */
3359 dirserv_estimate_microdesc_size(const smartlist_t
*fps
, int compressed
)
3361 size_t result
= smartlist_len(fps
) * microdesc_average_size(NULL
);
3367 /** When we're spooling data onto our outbuf, add more whenever we dip
3368 * below this threshold. */
3369 #define DIRSERV_BUFFER_MIN 16384
3371 /** Spooling helper: called when we have no more data to spool to <b>conn</b>.
3372 * Flushes any remaining data to be (un)compressed, and changes the spool
3373 * source to NONE. Returns 0 on success, negative on failure. */
3375 connection_dirserv_finish_spooling(dir_connection_t
*conn
)
3377 if (conn
->zlib_state
) {
3378 connection_write_to_buf_zlib("", 0, conn
, 1);
3379 tor_zlib_free(conn
->zlib_state
);
3380 conn
->zlib_state
= NULL
;
3382 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3386 /** Spooling helper: called when we're sending a bunch of server descriptors,
3387 * and the outbuf has become too empty. Pulls some entries from
3388 * fingerprint_stack, and writes the corresponding servers onto outbuf. If we
3389 * run out of entries, flushes the zlib state and sets the spool source to
3390 * NONE. Returns 0 on success, negative on failure.
3393 connection_dirserv_add_servers_to_outbuf(dir_connection_t
*conn
)
3395 #ifdef TRACK_SERVED_TIME
3396 time_t now
= time(NULL
);
3398 int by_fp
= (conn
->dir_spool_src
== DIR_SPOOL_SERVER_BY_FP
||
3399 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
);
3400 int extra
= (conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_FP
||
3401 conn
->dir_spool_src
== DIR_SPOOL_EXTRA_BY_DIGEST
);
3402 time_t publish_cutoff
= time(NULL
)-ROUTER_MAX_AGE_TO_PUBLISH
;
3404 while (smartlist_len(conn
->fingerprint_stack
) &&
3405 buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
3407 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3408 signed_descriptor_t
*sd
= NULL
;
3410 sd
= get_signed_descriptor_by_fp(fp
, extra
, publish_cutoff
);
3412 sd
= extra
? extrainfo_get_by_descriptor_digest(fp
)
3413 : router_get_by_descriptor_digest(fp
);
3418 if (!connection_dir_is_encrypted(conn
) && !sd
->send_unencrypted
) {
3419 /* we did this check once before (so we could have an accurate size
3420 * estimate and maybe send a 404 if somebody asked for only bridges on a
3421 * connection), but we need to do it again in case a previously
3422 * unknown bridge descriptor has shown up between then and now. */
3425 #ifdef TRACK_SERVED_TIME
3426 sd
->last_served_at
= now
;
3428 body
= signed_descriptor_get_body(sd
);
3429 if (conn
->zlib_state
) {
3430 /* XXXX022 This 'last' business should actually happen on the last
3431 * routerinfo, not on the last fingerprint. */
3432 int last
= ! smartlist_len(conn
->fingerprint_stack
);
3433 connection_write_to_buf_zlib(body
, sd
->signed_descriptor_len
, conn
,
3436 tor_zlib_free(conn
->zlib_state
);
3437 conn
->zlib_state
= NULL
;
3440 connection_write_to_buf(body
,
3441 sd
->signed_descriptor_len
,
3446 if (!smartlist_len(conn
->fingerprint_stack
)) {
3447 /* We just wrote the last one; finish up. */
3448 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3449 smartlist_free(conn
->fingerprint_stack
);
3450 conn
->fingerprint_stack
= NULL
;
3455 /** Spooling helper: called when we're sending a bunch of microdescriptors,
3456 * and the outbuf has become too empty. Pulls some entries from
3457 * fingerprint_stack, and writes the corresponding microdescs onto outbuf. If
3458 * we run out of entries, flushes the zlib state and sets the spool source to
3459 * NONE. Returns 0 on success, negative on failure.
3462 connection_dirserv_add_microdescs_to_outbuf(dir_connection_t
*conn
)
3464 microdesc_cache_t
*cache
= get_microdesc_cache();
3465 while (smartlist_len(conn
->fingerprint_stack
) &&
3466 buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
3467 char *fp256
= smartlist_pop_last(conn
->fingerprint_stack
);
3468 microdesc_t
*md
= microdesc_cache_lookup_by_digest256(cache
, fp256
);
3472 if (conn
->zlib_state
) {
3473 /* XXXX022 This 'last' business should actually happen on the last
3474 * routerinfo, not on the last fingerprint. */
3475 int last
= !smartlist_len(conn
->fingerprint_stack
);
3476 connection_write_to_buf_zlib(md
->body
, md
->bodylen
, conn
, last
);
3478 tor_zlib_free(conn
->zlib_state
);
3479 conn
->zlib_state
= NULL
;
3482 connection_write_to_buf(md
->body
, md
->bodylen
, TO_CONN(conn
));
3485 if (!smartlist_len(conn
->fingerprint_stack
)) {
3486 conn
->dir_spool_src
= DIR_SPOOL_NONE
;
3487 smartlist_free(conn
->fingerprint_stack
);
3488 conn
->fingerprint_stack
= NULL
;
3493 /** Spooling helper: Called when we're sending a directory or networkstatus,
3494 * and the outbuf has become too empty. Pulls some bytes from
3495 * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
3496 * puts them on the outbuf. If we run out of entries, flushes the zlib state
3497 * and sets the spool source to NONE. Returns 0 on success, negative on
3500 connection_dirserv_add_dir_bytes_to_outbuf(dir_connection_t
*conn
)
3505 bytes
= DIRSERV_BUFFER_MIN
- buf_datalen(conn
->_base
.outbuf
);
3506 tor_assert(bytes
> 0);
3507 tor_assert(conn
->cached_dir
);
3510 remaining
= conn
->cached_dir
->dir_z_len
- conn
->cached_dir_offset
;
3511 if (bytes
> remaining
)
3512 bytes
= (ssize_t
) remaining
;
3514 if (conn
->zlib_state
) {
3515 connection_write_to_buf_zlib(
3516 conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3517 bytes
, conn
, bytes
== remaining
);
3519 connection_write_to_buf(conn
->cached_dir
->dir_z
+ conn
->cached_dir_offset
,
3520 bytes
, TO_CONN(conn
));
3522 conn
->cached_dir_offset
+= bytes
;
3523 if (conn
->cached_dir_offset
== (int)conn
->cached_dir
->dir_z_len
) {
3524 /* We just wrote the last one; finish up. */
3525 connection_dirserv_finish_spooling(conn
);
3526 cached_dir_decref(conn
->cached_dir
);
3527 conn
->cached_dir
= NULL
;
3532 /** Spooling helper: Called when we're spooling networkstatus objects on
3533 * <b>conn</b>, and the outbuf has become too empty. If the current
3534 * networkstatus object (in <b>conn</b>-\>cached_dir) has more data, pull data
3535 * from there. Otherwise, pop the next fingerprint from fingerprint_stack,
3536 * and start spooling the next networkstatus. (A digest of all 0 bytes is
3537 * treated as a request for the current consensus.) If we run out of entries,
3538 * flushes the zlib state and sets the spool source to NONE. Returns 0 on
3539 * success, negative on failure. */
3541 connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t
*conn
)
3544 while (buf_datalen(conn
->_base
.outbuf
) < DIRSERV_BUFFER_MIN
) {
3545 if (conn
->cached_dir
) {
3546 int uncompressing
= (conn
->zlib_state
!= NULL
);
3547 int r
= connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3548 if (conn
->dir_spool_src
== DIR_SPOOL_NONE
) {
3549 /* add_dir_bytes thinks we're done with the cached_dir. But we
3550 * may have more cached_dirs! */
3551 conn
->dir_spool_src
= DIR_SPOOL_NETWORKSTATUS
;
3552 /* This bit is tricky. If we were uncompressing the last
3553 * networkstatus, we may need to make a new zlib object to
3554 * uncompress the next one. */
3555 if (uncompressing
&& ! conn
->zlib_state
&&
3556 conn
->fingerprint_stack
&&
3557 smartlist_len(conn
->fingerprint_stack
)) {
3558 conn
->zlib_state
= tor_zlib_new(0, ZLIB_METHOD
);
3562 } else if (conn
->fingerprint_stack
&&
3563 smartlist_len(conn
->fingerprint_stack
)) {
3564 /* Add another networkstatus; start serving it. */
3565 char *fp
= smartlist_pop_last(conn
->fingerprint_stack
);
3566 cached_dir_t
*d
= lookup_cached_dir_by_fp(fp
);
3570 conn
->cached_dir
= d
;
3571 conn
->cached_dir_offset
= 0;
3574 connection_dirserv_finish_spooling(conn
);
3575 smartlist_free(conn
->fingerprint_stack
);
3576 conn
->fingerprint_stack
= NULL
;
3583 /** Called whenever we have flushed some directory data in state
3584 * SERVER_WRITING. */
3586 connection_dirserv_flushed_some(dir_connection_t
*conn
)
3588 tor_assert(conn
->_base
.state
== DIR_CONN_STATE_SERVER_WRITING
);
3590 if (buf_datalen(conn
->_base
.outbuf
) >= DIRSERV_BUFFER_MIN
)
3593 switch (conn
->dir_spool_src
) {
3594 case DIR_SPOOL_EXTRA_BY_DIGEST
:
3595 case DIR_SPOOL_EXTRA_BY_FP
:
3596 case DIR_SPOOL_SERVER_BY_DIGEST
:
3597 case DIR_SPOOL_SERVER_BY_FP
:
3598 return connection_dirserv_add_servers_to_outbuf(conn
);
3599 case DIR_SPOOL_MICRODESC
:
3600 return connection_dirserv_add_microdescs_to_outbuf(conn
);
3601 case DIR_SPOOL_CACHED_DIR
:
3602 return connection_dirserv_add_dir_bytes_to_outbuf(conn
);
3603 case DIR_SPOOL_NETWORKSTATUS
:
3604 return connection_dirserv_add_networkstatus_bytes_to_outbuf(conn
);
3605 case DIR_SPOOL_NONE
:
3611 /** Release all storage used by the directory server. */
3613 dirserv_free_all(void)
3615 dirserv_free_fingerprint_list();
3617 cached_dir_decref(the_directory
);
3618 clear_cached_dir(&the_runningrouters
);
3619 cached_dir_decref(the_v2_networkstatus
);
3620 cached_dir_decref(cached_directory
);
3621 clear_cached_dir(&cached_runningrouters
);
3623 digestmap_free(cached_v2_networkstatus
, _free_cached_dir
);
3624 cached_v2_networkstatus
= NULL
;
3625 strmap_free(cached_consensuses
, _free_cached_dir
);
3626 cached_consensuses
= NULL
;