Line data Source code
1 : /* Copyright (c) 2001-2004, Roger Dingledine.
2 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 : /* See LICENSE for licensing information */
5 :
6 : /**
7 : * \file voteflags.c
8 : * \brief Authority code for deciding the performance thresholds for flags,
9 : * and assigning flags to routers.
10 : **/
11 :
12 : #define VOTEFLAGS_PRIVATE
13 : #include "core/or/or.h"
14 : #include "feature/dirauth/voteflags.h"
15 :
16 : #include "app/config/config.h"
17 : #include "core/mainloop/mainloop.h"
18 : #include "core/or/policies.h"
19 : #include "feature/dirauth/bwauth.h"
20 : #include "feature/dirauth/reachability.h"
21 : #include "feature/dirauth/dirauth_sys.h"
22 : #include "feature/hibernate/hibernate.h"
23 : #include "feature/nodelist/dirlist.h"
24 : #include "feature/nodelist/networkstatus.h"
25 : #include "feature/nodelist/nodelist.h"
26 : #include "feature/nodelist/routerlist.h"
27 : #include "feature/nodelist/routerset.h"
28 : #include "feature/relay/router.h"
29 : #include "feature/stats/rephist.h"
30 :
31 : #include "feature/dirauth/dirauth_options_st.h"
32 : #include "feature/nodelist/node_st.h"
33 : #include "feature/nodelist/routerinfo_st.h"
34 : #include "feature/nodelist/routerlist_st.h"
35 : #include "feature/nodelist/vote_routerstatus_st.h"
36 :
37 : #include "lib/container/order.h"
38 :
39 : /** If a router's uptime is at least this value, then it is always
40 : * considered stable, regardless of the rest of the network. This
41 : * way we resist attacks where an attacker doubles the size of the
42 : * network using allegedly high-uptime nodes, displacing all the
43 : * current guards. */
44 : #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
45 : /** If a router's MTBF is at least this value, then it is always stable.
46 : * See above. (Corresponds to about 7 days for current decay rates.) */
47 : #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
48 : /** Similarly, every node with at least this much weighted time known can be
49 : * considered familiar enough to be a guard. Corresponds to about 20 days for
50 : * current decay rates.
51 : */
52 : #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
53 : /** Similarly, every node with sufficient WFU is around enough to be a guard.
54 : */
55 : #define WFU_TO_GUARANTEE_GUARD (0.98)
56 :
57 : /* Thresholds for server performance: set by
58 : * dirserv_compute_performance_thresholds, and used by
59 : * generate_v2_networkstatus */
60 :
61 : /** Any router with an uptime of at least this value is stable. */
62 : static uint32_t stable_uptime = 0; /* start at a safe value */
63 : /** Any router with an mtbf of at least this value is stable. */
64 : static double stable_mtbf = 0.0;
65 : /** If true, we have measured enough mtbf info to look at stable_mtbf rather
66 : * than stable_uptime. */
67 : static int enough_mtbf_info = 0;
68 : /** Any router with a weighted fractional uptime of at least this much might
69 : * be good as a guard. */
70 : static double guard_wfu = 0.0;
71 : /** Don't call a router a guard unless we've known about it for at least this
72 : * many seconds. */
73 : static long guard_tk = 0;
74 : /** Any router with a bandwidth at least this high is "Fast" */
75 : static uint32_t fast_bandwidth_kb = 0;
76 : /** If exits can be guards, then all guards must have a bandwidth this
77 : * high. */
78 : static uint32_t guard_bandwidth_including_exits_kb = 0;
79 : /** If exits can't be guards, then all guards must have a bandwidth this
80 : * high. */
81 : static uint32_t guard_bandwidth_excluding_exits_kb = 0;
82 :
83 : /** Helper: estimate the uptime of a router given its stated uptime and the
84 : * amount of time since it last stated its stated uptime. */
85 : static inline long
86 12 : real_uptime(const routerinfo_t *router, time_t now)
87 : {
88 12 : if (now < router->cache_info.published_on)
89 0 : return router->uptime;
90 : else
91 12 : return router->uptime + (now - router->cache_info.published_on);
92 : }
93 :
94 : /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
95 : * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
96 : * If <b>need_capacity</b> is non-zero, we require a minimum advertised
97 : * bandwidth.
98 : */
99 : static int
100 12 : dirserv_thinks_router_is_unreliable(time_t now,
101 : const routerinfo_t *router,
102 : int need_uptime, int need_capacity)
103 : {
104 12 : if (need_uptime) {
105 6 : if (!enough_mtbf_info) {
106 : /* XXXX We should change the rule from
107 : * "use uptime if we don't have mtbf data" to "don't advertise Stable on
108 : * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
109 : * hit a point where we need to reset a lot of authorities at once,
110 : * none of them would be in a position to declare Stable.
111 : */
112 6 : long uptime = real_uptime(router, now);
113 6 : if ((unsigned)uptime < stable_uptime &&
114 : (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
115 : return 1;
116 : } else {
117 0 : double mtbf =
118 0 : rep_hist_get_stability(router->cache_info.identity_digest, now);
119 0 : if (mtbf < stable_mtbf &&
120 : mtbf < MTBF_TO_GUARANTEE_STABLE)
121 : return 1;
122 : }
123 : }
124 12 : if (need_capacity) {
125 6 : uint32_t bw_kb = dirserv_get_credible_bandwidth_kb(router);
126 6 : if (bw_kb < fast_bandwidth_kb)
127 0 : return 1;
128 : }
129 : return 0;
130 : }
131 :
132 : /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
133 : * not hibernating, having observed bw greater 0, and not too old. Else
134 : * return 0.
135 : */
136 : static int
137 0 : router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
138 : {
139 0 : time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
140 0 : if (ri->cache_info.published_on < cutoff) {
141 : return 0;
142 : }
143 0 : if (!node->is_running || !node->is_valid || ri->is_hibernating) {
144 : return 0;
145 : }
146 : /* Only require bandwidth capacity in non-test networks, or
147 : * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
148 0 : if (!ri->bandwidthcapacity) {
149 0 : if (get_options()->TestingTorNetwork) {
150 0 : if (dirauth_get_options()->TestingMinExitFlagThreshold > 0) {
151 : /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
152 : * then require bandwidthcapacity */
153 0 : return 0;
154 : }
155 : } else {
156 : /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
157 : return 0;
158 : }
159 : }
160 : return 1;
161 : }
162 :
163 : /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
164 : *
165 : * Right now this means it advertises support for it, it has a high uptime,
166 : * it's a directory cache, it has the Stable and Fast flags, and it's currently
167 : * considered Running.
168 : *
169 : * This function needs to be called after router-\>is_running has
170 : * been set.
171 : */
172 : static int
173 6 : dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
174 : const node_t *node, time_t now)
175 : {
176 :
177 6 : long uptime;
178 :
179 : /* If we haven't been running for at least
180 : * MinUptimeHidServDirectoryV2 seconds, we can't
181 : * have accurate data telling us a relay has been up for at least
182 : * that long. We also want to allow a bit of slack: Reachability
183 : * tests aren't instant. If we haven't been running long enough,
184 : * trust the relay. */
185 :
186 6 : if (get_uptime() >
187 6 : dirauth_get_options()->MinUptimeHidServDirectoryV2 * 1.1)
188 0 : uptime = MIN(rep_hist_get_uptime(router->cache_info.identity_digest, now),
189 : real_uptime(router, now));
190 : else
191 6 : uptime = real_uptime(router, now);
192 :
193 6 : return (router->wants_to_be_hs_dir &&
194 : router->supports_tunnelled_dir_requests &&
195 0 : node->is_stable && node->is_fast &&
196 6 : uptime >= dirauth_get_options()->MinUptimeHidServDirectoryV2 &&
197 0 : router_is_active(router, node, now));
198 : }
199 :
200 : /** Don't consider routers with less bandwidth than this when computing
201 : * thresholds. */
202 : #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
203 :
204 : /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
205 : * include a router in our calculations, and return true iff we should; the
206 : * require_mbw parameter is passed in by
207 : * dirserv_compute_performance_thresholds() and controls whether we ever
208 : * count routers with only advertised bandwidths */
209 : static int
210 0 : router_counts_toward_thresholds(const node_t *node, time_t now,
211 : const digestmap_t *omit_as_sybil,
212 : int require_mbw)
213 : {
214 : /* Have measured bw? */
215 0 : int have_mbw =
216 0 : dirserv_has_measured_bw(node->identity);
217 0 : uint64_t min_bw_kb = ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB;
218 0 : const or_options_t *options = get_options();
219 0 : const dirauth_options_t *dirauth_options = dirauth_get_options();
220 :
221 0 : if (options->TestingTorNetwork) {
222 0 : min_bw_kb = (int64_t)dirauth_options->TestingMinExitFlagThreshold / 1000;
223 : }
224 :
225 0 : return node->ri && router_is_active(node->ri, node, now) &&
226 0 : !digestmap_get(omit_as_sybil, node->identity) &&
227 0 : (dirserv_get_credible_bandwidth_kb(node->ri) >= min_bw_kb) &&
228 0 : (have_mbw || !require_mbw);
229 : }
230 :
231 : /** Look through the routerlist, the Mean Time Between Failure history, and
232 : * the Weighted Fractional Uptime history, and use them to set thresholds for
233 : * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
234 : * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
235 : * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
236 : *
237 : * Also, set the is_exit flag of each router appropriately. */
238 : void
239 0 : dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
240 : {
241 0 : int n_active, n_active_nonexit, n_familiar;
242 0 : uint32_t *uptimes, *bandwidths_kb, *bandwidths_excluding_exits_kb;
243 0 : long *tks;
244 0 : double *mtbfs, *wfus;
245 0 : const smartlist_t *nodelist;
246 0 : time_t now = time(NULL);
247 0 : const or_options_t *options = get_options();
248 0 : const dirauth_options_t *dirauth_options = dirauth_get_options();
249 :
250 : /* Require mbw? */
251 0 : int require_mbw =
252 0 : (dirserv_get_last_n_measured_bws() >
253 0 : dirauth_options->MinMeasuredBWsForAuthToIgnoreAdvertised) ? 1 : 0;
254 :
255 : /* initialize these all here, in case there are no routers */
256 0 : stable_uptime = 0;
257 0 : stable_mtbf = 0;
258 0 : fast_bandwidth_kb = 0;
259 0 : guard_bandwidth_including_exits_kb = 0;
260 0 : guard_bandwidth_excluding_exits_kb = 0;
261 0 : guard_tk = 0;
262 0 : guard_wfu = 0;
263 :
264 0 : nodelist_assert_ok();
265 0 : nodelist = nodelist_get_list();
266 :
267 : /* Initialize arrays that will hold values for each router. We'll
268 : * sort them and use that to compute thresholds. */
269 0 : n_active = n_active_nonexit = 0;
270 : /* Uptime for every active router. */
271 0 : uptimes = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
272 : /* Bandwidth for every active router. */
273 0 : bandwidths_kb = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
274 : /* Bandwidth for every active non-exit router. */
275 0 : bandwidths_excluding_exits_kb =
276 0 : tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
277 : /* Weighted mean time between failure for each active router. */
278 0 : mtbfs = tor_calloc(smartlist_len(nodelist), sizeof(double));
279 : /* Time-known for each active router. */
280 0 : tks = tor_calloc(smartlist_len(nodelist), sizeof(long));
281 : /* Weighted fractional uptime for each active router. */
282 0 : wfus = tor_calloc(smartlist_len(nodelist), sizeof(double));
283 :
284 : /* Now, fill in the arrays. */
285 0 : SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
286 0 : if (options->BridgeAuthoritativeDir &&
287 0 : node->ri &&
288 0 : node->ri->purpose != ROUTER_PURPOSE_BRIDGE)
289 0 : continue;
290 :
291 0 : routerinfo_t *ri = node->ri;
292 0 : if (ri) {
293 0 : node->is_exit = (!router_exit_policy_rejects_all(ri) &&
294 0 : exit_policy_is_general_exit(ri->exit_policy));
295 : }
296 :
297 0 : if (router_counts_toward_thresholds(node, now, omit_as_sybil,
298 : require_mbw)) {
299 0 : const char *id = node->identity;
300 0 : uint32_t bw_kb;
301 :
302 : /* resolve spurious clang shallow analysis null pointer errors */
303 0 : tor_assert(ri);
304 :
305 0 : uptimes[n_active] = (uint32_t)real_uptime(ri, now);
306 0 : mtbfs[n_active] = rep_hist_get_stability(id, now);
307 0 : tks [n_active] = rep_hist_get_weighted_time_known(id, now);
308 0 : bandwidths_kb[n_active] = bw_kb = dirserv_get_credible_bandwidth_kb(ri);
309 0 : if (!node->is_exit || node->is_bad_exit) {
310 0 : bandwidths_excluding_exits_kb[n_active_nonexit] = bw_kb;
311 0 : ++n_active_nonexit;
312 : }
313 0 : ++n_active;
314 : }
315 0 : } SMARTLIST_FOREACH_END(node);
316 :
317 : /* Now, compute thresholds. */
318 0 : if (n_active) {
319 : /* The median uptime is stable. */
320 0 : stable_uptime = median_uint32(uptimes, n_active);
321 : /* The median mtbf is stable, if we have enough mtbf info */
322 0 : stable_mtbf = median_double(mtbfs, n_active);
323 : /* The 12.5th percentile bandwidth is fast. */
324 0 : fast_bandwidth_kb = find_nth_uint32(bandwidths_kb, n_active, n_active/8);
325 : /* (Now bandwidths is sorted.) */
326 0 : if (fast_bandwidth_kb < RELAY_REQUIRED_MIN_BANDWIDTH/(2 * 1000))
327 0 : fast_bandwidth_kb = bandwidths_kb[n_active/4];
328 0 : guard_bandwidth_including_exits_kb =
329 0 : third_quartile_uint32(bandwidths_kb, n_active);
330 0 : guard_tk = find_nth_long(tks, n_active, n_active/8);
331 : }
332 :
333 0 : if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
334 0 : guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
335 :
336 : {
337 : /* We can vote on a parameter for the minimum and maximum. */
338 : #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
339 0 : int32_t min_fast_kb, max_fast_kb, min_fast, max_fast;
340 0 : min_fast = networkstatus_get_param(NULL, "FastFlagMinThreshold",
341 : ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
342 : ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
343 : INT32_MAX);
344 0 : if (options->TestingTorNetwork) {
345 0 : min_fast = (int32_t)dirauth_options->TestingMinFastFlagThreshold;
346 : }
347 0 : max_fast = networkstatus_get_param(NULL, "FastFlagMaxThreshold",
348 : INT32_MAX, min_fast, INT32_MAX);
349 0 : min_fast_kb = min_fast / 1000;
350 0 : max_fast_kb = max_fast / 1000;
351 :
352 0 : if (fast_bandwidth_kb < (uint32_t)min_fast_kb)
353 0 : fast_bandwidth_kb = min_fast_kb;
354 0 : if (fast_bandwidth_kb > (uint32_t)max_fast_kb)
355 0 : fast_bandwidth_kb = max_fast_kb;
356 : }
357 : /* Protect sufficiently fast nodes from being pushed out of the set
358 : * of Fast nodes. */
359 : {
360 0 : const uint64_t fast_opt = dirauth_get_options()->AuthDirFastGuarantee;
361 0 : if (fast_opt && fast_bandwidth_kb > fast_opt / 1000)
362 0 : fast_bandwidth_kb = (uint32_t)(fast_opt / 1000);
363 : }
364 :
365 : /* Now that we have a time-known that 7/8 routers are known longer than,
366 : * fill wfus with the wfu of every such "familiar" router. */
367 0 : n_familiar = 0;
368 :
369 0 : SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
370 0 : if (router_counts_toward_thresholds(node, now,
371 : omit_as_sybil, require_mbw)) {
372 0 : routerinfo_t *ri = node->ri;
373 0 : const char *id = ri->cache_info.identity_digest;
374 0 : long tk = rep_hist_get_weighted_time_known(id, now);
375 0 : if (tk < guard_tk)
376 0 : continue;
377 0 : wfus[n_familiar++] = rep_hist_get_weighted_fractional_uptime(id, now);
378 : }
379 0 : } SMARTLIST_FOREACH_END(node);
380 0 : if (n_familiar)
381 0 : guard_wfu = median_double(wfus, n_familiar);
382 0 : if (guard_wfu > WFU_TO_GUARANTEE_GUARD)
383 0 : guard_wfu = WFU_TO_GUARANTEE_GUARD;
384 :
385 0 : enough_mtbf_info = rep_hist_have_measured_enough_stability();
386 :
387 0 : if (n_active_nonexit) {
388 0 : guard_bandwidth_excluding_exits_kb =
389 0 : find_nth_uint32(bandwidths_excluding_exits_kb,
390 0 : n_active_nonexit, n_active_nonexit*3/4);
391 : }
392 :
393 0 : log_info(LD_DIRSERV,
394 : "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
395 : "For Fast: %lu kilobytes/sec. "
396 : "For Guard: WFU %.03f%%, time-known %lu sec, "
397 : "and bandwidth %lu or %lu kilobytes/sec. "
398 : "We%s have enough stability data.",
399 : (unsigned long)stable_uptime,
400 : (unsigned long)stable_mtbf,
401 : (unsigned long)fast_bandwidth_kb,
402 : guard_wfu*100,
403 : (unsigned long)guard_tk,
404 : (unsigned long)guard_bandwidth_including_exits_kb,
405 : (unsigned long)guard_bandwidth_excluding_exits_kb,
406 : enough_mtbf_info ? "" : " don't");
407 :
408 0 : tor_free(uptimes);
409 0 : tor_free(mtbfs);
410 0 : tor_free(bandwidths_kb);
411 0 : tor_free(bandwidths_excluding_exits_kb);
412 0 : tor_free(tks);
413 0 : tor_free(wfus);
414 0 : }
415 :
416 : /* Use dirserv_compute_performance_thresholds() to compute the thresholds
417 : * for the status flags, specifically for bridges.
418 : *
419 : * This is only called by a Bridge Authority from
420 : * networkstatus_getinfo_by_purpose().
421 : */
422 : void
423 0 : dirserv_compute_bridge_flag_thresholds(void)
424 : {
425 0 : digestmap_t *omit_as_sybil = digestmap_new();
426 0 : dirserv_compute_performance_thresholds(omit_as_sybil);
427 0 : digestmap_free(omit_as_sybil, NULL);
428 0 : }
429 :
430 : /** Give a statement of our current performance thresholds for inclusion
431 : * in a vote document. */
432 : char *
433 27 : dirserv_get_flag_thresholds_line(void)
434 : {
435 27 : char *result=NULL;
436 54 : const int measured_threshold =
437 27 : dirauth_get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised;
438 54 : const int enough_measured_bw =
439 27 : dirserv_get_last_n_measured_bws() > measured_threshold;
440 :
441 27 : tor_asprintf(&result,
442 : "stable-uptime=%lu stable-mtbf=%lu "
443 : "fast-speed=%lu "
444 : "guard-wfu=%.03f%% guard-tk=%lu "
445 : "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
446 : "enough-mtbf=%d ignoring-advertised-bws=%d",
447 : (unsigned long)stable_uptime,
448 : (unsigned long)stable_mtbf,
449 27 : (unsigned long)fast_bandwidth_kb*1000,
450 : guard_wfu*100,
451 : (unsigned long)guard_tk,
452 27 : (unsigned long)guard_bandwidth_including_exits_kb*1000,
453 27 : (unsigned long)guard_bandwidth_excluding_exits_kb*1000,
454 : enough_mtbf_info ? 1 : 0,
455 : enough_measured_bw ? 1 : 0);
456 :
457 27 : return result;
458 : }
459 :
460 : /* DOCDOC running_long_enough_to_decide_unreachable */
461 : int
462 0 : running_long_enough_to_decide_unreachable(void)
463 : {
464 0 : const dirauth_options_t *opts = dirauth_get_options();
465 0 : return time_of_process_start +
466 0 : opts->TestingAuthDirTimeToLearnReachability < approx_time();
467 : }
468 :
469 : /** Each server needs to have passed a reachability test no more
470 : * than this number of seconds ago, or it is listed as down in
471 : * the directory. */
472 : #define REACHABLE_TIMEOUT (45*60)
473 :
474 : /** If we tested a router and found it reachable _at least this long_ after it
475 : * declared itself hibernating, it is probably done hibernating and we just
476 : * missed a descriptor from it. */
477 : #define HIBERNATION_PUBLICATION_SKEW (60*60)
478 :
479 : /** Treat a router as alive if
480 : * - It's me, and I'm not hibernating.
481 : * or - We've found it reachable recently. */
482 : void
483 0 : dirserv_set_router_is_running(routerinfo_t *router, time_t now)
484 : {
485 : /*XXXX This function is a mess. Separate out the part that calculates
486 : whether it's reachable and the part that tells rephist that the router was
487 : unreachable.
488 : */
489 0 : int answer;
490 0 : const dirauth_options_t *dirauth_options = dirauth_get_options();
491 0 : node_t *node = node_get_mutable_by_id(router->cache_info.identity_digest);
492 0 : tor_assert(node);
493 :
494 0 : if (router_is_me(router)) {
495 : /* We always know if we are shutting down or hibernating ourselves. */
496 0 : answer = ! we_are_hibernating();
497 0 : } else if (router->is_hibernating &&
498 0 : (router->cache_info.published_on +
499 0 : HIBERNATION_PUBLICATION_SKEW) > node->last_reachable) {
500 : /* A hibernating router is down unless we (somehow) had contact with it
501 : * since it declared itself to be hibernating. */
502 : answer = 0;
503 0 : } else if (! dirauth_options->AuthDirTestReachability) {
504 : /* If we aren't testing reachability, then everybody is up unless they say
505 : * they are down. */
506 : answer = 1;
507 : } else {
508 : /* Otherwise, a router counts as up if we found all announced OR
509 : ports reachable in the last REACHABLE_TIMEOUT seconds.
510 :
511 : XXX prop186 For now there's always one IPv4 and at most one
512 : IPv6 OR port.
513 :
514 : If we're not on IPv6, don't consider reachability of potential
515 : IPv6 OR port since that'd kill all dual stack relays until a
516 : majority of the dir auths have IPv6 connectivity. */
517 0 : answer = (now < node->last_reachable + REACHABLE_TIMEOUT &&
518 0 : (dirauth_options->AuthDirHasIPv6Connectivity != 1 ||
519 0 : tor_addr_is_null(&router->ipv6_addr) ||
520 0 : now < node->last_reachable6 + REACHABLE_TIMEOUT));
521 : }
522 :
523 0 : if (!answer && running_long_enough_to_decide_unreachable()) {
524 : /* Not considered reachable. tell rephist about that.
525 :
526 : Because we launch a reachability test for each router every
527 : REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
528 : been down since at least that time after we last successfully reached
529 : it.
530 :
531 : XXX ipv6
532 : */
533 0 : time_t when = now;
534 0 : if (node->last_reachable &&
535 0 : node->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD < now)
536 : when = node->last_reachable + REACHABILITY_TEST_CYCLE_PERIOD;
537 0 : rep_hist_note_router_unreachable(router->cache_info.identity_digest, when);
538 : }
539 :
540 0 : node->is_running = answer;
541 0 : }
542 :
543 : /* Check <b>node</b> and <b>ri</b> on whether or not we should publish a
544 : * relay's IPv6 addresses. */
545 : static int
546 6 : should_publish_node_ipv6(const node_t *node, const routerinfo_t *ri,
547 : time_t now)
548 : {
549 6 : const dirauth_options_t *options = dirauth_get_options();
550 :
551 2 : return options->AuthDirHasIPv6Connectivity == 1 &&
552 6 : !tor_addr_is_null(&ri->ipv6_addr) &&
553 3 : ((node->last_reachable6 >= now - REACHABLE_TIMEOUT) ||
554 1 : router_is_me(ri));
555 : }
556 :
557 : /**
558 : * Extract status information from <b>ri</b> and from other authority
559 : * functions and store it in <b>rs</b>, as per
560 : * <b>set_routerstatus_from_routerinfo</b>. Additionally, sets information
561 : * in from the authority subsystem.
562 : */
563 : void
564 6 : dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs,
565 : node_t *node,
566 : const routerinfo_t *ri,
567 : time_t now,
568 : int listbadexits)
569 : {
570 6 : const or_options_t *options = get_options();
571 6 : uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri);
572 :
573 : /* Set these flags so that set_routerstatus_from_routerinfo can copy them.
574 : */
575 6 : node->is_stable = !dirserv_thinks_router_is_unreliable(now, ri, 1, 0);
576 6 : node->is_fast = !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
577 6 : node->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, node, now);
578 :
579 6 : set_routerstatus_from_routerinfo(rs, node, ri);
580 :
581 : /* Override rs->is_possible_guard. */
582 6 : const uint64_t bw_opt = dirauth_get_options()->AuthDirGuardBWGuarantee;
583 6 : if (node->is_fast && node->is_stable &&
584 0 : ri->supports_tunnelled_dir_requests &&
585 0 : ((bw_opt && routerbw_kb >= bw_opt / 1000) ||
586 0 : routerbw_kb >= MIN(guard_bandwidth_including_exits_kb,
587 0 : guard_bandwidth_excluding_exits_kb))) {
588 0 : long tk = rep_hist_get_weighted_time_known(
589 0 : node->identity, now);
590 0 : double wfu = rep_hist_get_weighted_fractional_uptime(
591 : node->identity, now);
592 0 : rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0;
593 : } else {
594 6 : rs->is_possible_guard = 0;
595 : }
596 :
597 : /* Override rs->is_bad_exit */
598 6 : rs->is_bad_exit = listbadexits && node->is_bad_exit;
599 :
600 : /* Set rs->is_staledesc. */
601 6 : rs->is_staledesc =
602 6 : (ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now;
603 :
604 6 : if (! should_publish_node_ipv6(node, ri, now)) {
605 : /* We're not configured as having IPv6 connectivity or the node isn't:
606 : * zero its IPv6 information. */
607 5 : tor_addr_make_null(&rs->ipv6_addr, AF_INET6);
608 5 : rs->ipv6_orport = 0;
609 : }
610 :
611 6 : if (options->TestingTorNetwork) {
612 0 : dirserv_set_routerstatus_testing(rs);
613 : }
614 6 : }
615 :
616 : /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
617 : * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
618 : * respectively. But don't set the corresponding node flags.
619 : * Should only be called if TestingTorNetwork is set. */
620 : STATIC void
621 11 : dirserv_set_routerstatus_testing(routerstatus_t *rs)
622 : {
623 11 : const dirauth_options_t *options = dirauth_get_options();
624 :
625 11 : tor_assert(get_options()->TestingTorNetwork);
626 :
627 11 : if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit,
628 : rs, 0)) {
629 3 : rs->is_exit = 1;
630 8 : } else if (options->TestingDirAuthVoteExitIsStrict) {
631 2 : rs->is_exit = 0;
632 : }
633 :
634 11 : if (routerset_contains_routerstatus(options->TestingDirAuthVoteGuard,
635 : rs, 0)) {
636 3 : rs->is_possible_guard = 1;
637 8 : } else if (options->TestingDirAuthVoteGuardIsStrict) {
638 2 : rs->is_possible_guard = 0;
639 : }
640 :
641 11 : if (routerset_contains_routerstatus(options->TestingDirAuthVoteHSDir,
642 : rs, 0)) {
643 3 : rs->is_hs_dir = 1;
644 8 : } else if (options->TestingDirAuthVoteHSDirIsStrict) {
645 2 : rs->is_hs_dir = 0;
646 : }
647 11 : }
648 :
649 : /** Use dirserv_set_router_is_running() to set bridges as running if they're
650 : * reachable.
651 : *
652 : * This function is called from set_bridge_running_callback() when running as
653 : * a bridge authority.
654 : */
655 : void
656 0 : dirserv_set_bridges_running(time_t now)
657 : {
658 0 : routerlist_t *rl = router_get_routerlist();
659 :
660 0 : SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, ri) {
661 0 : if (ri->purpose == ROUTER_PURPOSE_BRIDGE)
662 0 : dirserv_set_router_is_running(ri, now);
663 0 : } SMARTLIST_FOREACH_END(ri);
664 0 : }
|
