Line data Source code
1 : /* Copyright (c) 2001 Matej Pfajfar.
2 : * Copyright (c) 2001-2004, Roger Dingledine.
3 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 : /* See LICENSE for licensing information */
6 :
7 : /**
8 : * \file nodelist.c
9 : *
10 : * \brief Structures and functions for tracking what we know about the routers
11 : * on the Tor network, and correlating information from networkstatus,
12 : * routerinfo, and microdescs.
13 : *
14 : * The key structure here is node_t: that's the canonical way to refer
15 : * to a Tor relay that we might want to build a circuit through. Every
16 : * node_t has either a routerinfo_t, or a routerstatus_t from the current
17 : * networkstatus consensus. If it has a routerstatus_t, it will also
18 : * need to have a microdesc_t before you can use it for circuits.
19 : *
20 : * The nodelist_t is a global singleton that maps identities to node_t
21 : * objects. Access them with the node_get_*() functions. The nodelist_t
22 : * is maintained by calls throughout the codebase
23 : *
24 : * Generally, other code should not have to reach inside a node_t to
25 : * see what information it has. Instead, you should call one of the
26 : * many accessor functions that works on a generic node_t. If there
27 : * isn't one that does what you need, it's better to make such a function,
28 : * and then use it.
29 : *
30 : * For historical reasons, some of the functions that select a node_t
31 : * from the list of all usable node_t objects are in the routerlist.c
32 : * module, since they originally selected a routerinfo_t. (TODO: They
33 : * should move!)
34 : *
35 : * (TODO: Perhaps someday we should abstract the remaining ways of
36 : * talking about a relay to also be node_t instances. Those would be
37 : * routerstatus_t as used for directory requests, and dir_server_t as
38 : * used for authorities and fallback directories.)
39 : */
40 :
41 : #define NODELIST_PRIVATE
42 :
43 : #include "core/or/or.h"
44 : #include "app/config/config.h"
45 : #include "core/mainloop/mainloop.h"
46 : #include "core/mainloop/netstatus.h"
47 : #include "core/or/address_set.h"
48 : #include "core/or/policies.h"
49 : #include "core/or/protover.h"
50 : #include "feature/client/bridges.h"
51 : #include "feature/client/entrynodes.h"
52 : #include "feature/control/control_events.h"
53 : #include "feature/dirauth/process_descs.h"
54 : #include "feature/dirclient/dirclient_modes.h"
55 : #include "feature/hs/hs_client.h"
56 : #include "feature/hs/hs_common.h"
57 : #include "feature/nodelist/describe.h"
58 : #include "feature/nodelist/dirlist.h"
59 : #include "feature/nodelist/microdesc.h"
60 : #include "feature/nodelist/networkstatus.h"
61 : #include "feature/nodelist/node_select.h"
62 : #include "feature/nodelist/nodefamily.h"
63 : #include "feature/nodelist/nodelist.h"
64 : #include "feature/nodelist/routerlist.h"
65 : #include "feature/nodelist/routerset.h"
66 : #include "feature/nodelist/torcert.h"
67 : #include "lib/encoding/binascii.h"
68 : #include "lib/err/backtrace.h"
69 : #include "lib/geoip/geoip.h"
70 : #include "lib/net/address.h"
71 :
72 : #include <string.h>
73 :
74 : #include "feature/dirauth/authmode.h"
75 :
76 : #include "feature/dirclient/dir_server_st.h"
77 : #include "feature/nodelist/microdesc_st.h"
78 : #include "feature/nodelist/networkstatus_st.h"
79 : #include "feature/nodelist/node_st.h"
80 : #include "feature/nodelist/routerinfo_st.h"
81 : #include "feature/nodelist/routerlist_st.h"
82 : #include "feature/nodelist/routerstatus_st.h"
83 :
84 : static void nodelist_drop_node(node_t *node, int remove_from_ht);
85 : #define node_free(val) \
86 : FREE_AND_NULL(node_t, node_free_, (val))
87 : static void node_free_(node_t *node);
88 :
89 : /** count_usable_descriptors counts descriptors with these flag(s)
90 : */
91 : typedef enum {
92 : /* All descriptors regardless of flags or exit policies */
93 : USABLE_DESCRIPTOR_ALL = 0U,
94 : /* Only count descriptors with an exit policy that allows at least one port
95 : */
96 : USABLE_DESCRIPTOR_EXIT_POLICY = 1U << 0,
97 : /* Only count descriptors for relays that have the exit flag in the
98 : * consensus */
99 : USABLE_DESCRIPTOR_EXIT_FLAG = 1U << 1,
100 : /* Only count descriptors for relays that have the policy and the flag */
101 : USABLE_DESCRIPTOR_EXIT_POLICY_AND_FLAG = (USABLE_DESCRIPTOR_EXIT_POLICY |
102 : USABLE_DESCRIPTOR_EXIT_FLAG)
103 : } usable_descriptor_t;
104 : static void count_usable_descriptors(int *num_present,
105 : int *num_usable,
106 : smartlist_t *descs_out,
107 : const networkstatus_t *consensus,
108 : time_t now,
109 : routerset_t *in_set,
110 : usable_descriptor_t exit_only);
111 : static void update_router_have_minimum_dir_info(void);
112 : static double get_frac_paths_needed_for_circs(const or_options_t *options,
113 : const networkstatus_t *ns);
114 : static void node_add_to_address_set(const node_t *node);
115 :
116 : /** A nodelist_t holds a node_t object for every router we're "willing to use
117 : * for something". Specifically, it should hold a node_t for every node that
118 : * is currently in the routerlist, or currently in the consensus we're using.
119 : */
120 : typedef struct nodelist_t {
121 : /* A list of all the nodes. */
122 : smartlist_t *nodes;
123 : /* Hash table to map from node ID digest to node. */
124 : HT_HEAD(nodelist_map, node_t) nodes_by_id;
125 : /* Hash table to map from node Ed25519 ID to node.
126 : *
127 : * Whenever a node's routerinfo or microdescriptor is about to change,
128 : * you should remove it from this map with node_remove_from_ed25519_map().
129 : * Whenever a node's routerinfo or microdescriptor has just changed,
130 : * you should add it to this map with node_add_to_ed25519_map().
131 : */
132 : HT_HEAD(nodelist_ed_map, node_t) nodes_by_ed_id;
133 :
134 : /* Set of addresses that belong to nodes we believe in. */
135 : address_set_t *node_addrs;
136 :
137 : /* Set of addresses + port that belong to nodes we know and that we don't
138 : * allow network re-entry towards them. */
139 : digestmap_t *reentry_set;
140 :
141 : /* The valid-after time of the last live consensus that initialized the
142 : * nodelist. We use this to detect outdated nodelists that need to be
143 : * rebuilt using a newer consensus. */
144 : time_t live_consensus_valid_after;
145 : } nodelist_t;
146 :
147 : static inline unsigned int
148 45909 : node_id_hash(const node_t *node)
149 : {
150 45909 : return (unsigned) siphash24g(node->identity, DIGEST_LEN);
151 : }
152 :
153 : static inline unsigned int
154 40563 : node_id_eq(const node_t *node1, const node_t *node2)
155 : {
156 40563 : return tor_memeq(node1->identity, node2->identity, DIGEST_LEN);
157 : }
158 :
159 112930 : HT_PROTOTYPE(nodelist_map, node_t, ht_ent, node_id_hash, node_id_eq);
160 28278 : HT_GENERATE2(nodelist_map, node_t, ht_ent, node_id_hash, node_id_eq,
161 : 0.6, tor_reallocarray_, tor_free_);
162 :
163 : static inline unsigned int
164 24154 : node_ed_id_hash(const node_t *node)
165 : {
166 24154 : return (unsigned) siphash24g(node->ed25519_id.pubkey, ED25519_PUBKEY_LEN);
167 : }
168 :
169 : static inline unsigned int
170 15975 : node_ed_id_eq(const node_t *node1, const node_t *node2)
171 : {
172 15975 : return ed25519_pubkey_eq(&node1->ed25519_id, &node2->ed25519_id);
173 : }
174 :
175 65751 : HT_PROTOTYPE(nodelist_ed_map, node_t, ed_ht_ent, node_ed_id_hash,
176 : node_ed_id_eq);
177 28246 : HT_GENERATE2(nodelist_ed_map, node_t, ed_ht_ent, node_ed_id_hash,
178 : node_ed_id_eq, 0.6, tor_reallocarray_, tor_free_);
179 :
180 : /** The global nodelist. */
181 : static nodelist_t *the_nodelist=NULL;
182 :
183 : /** Create an empty nodelist if we haven't done so already. */
184 : static void
185 6338 : init_nodelist(void)
186 : {
187 6338 : if (PREDICT_UNLIKELY(the_nodelist == NULL)) {
188 77 : the_nodelist = tor_malloc_zero(sizeof(nodelist_t));
189 77 : HT_INIT(nodelist_map, &the_nodelist->nodes_by_id);
190 77 : HT_INIT(nodelist_ed_map, &the_nodelist->nodes_by_ed_id);
191 77 : the_nodelist->nodes = smartlist_new();
192 : }
193 6338 : }
194 :
195 : /** As node_get_by_id, but returns a non-const pointer */
196 39870 : MOCK_IMPL(node_t *,
197 : node_get_mutable_by_id,(const char *identity_digest))
198 : {
199 39870 : node_t search, *node;
200 39870 : if (PREDICT_UNLIKELY(the_nodelist == NULL))
201 : return NULL;
202 :
203 39744 : memcpy(&search.identity, identity_digest, DIGEST_LEN);
204 39744 : node = HT_FIND(nodelist_map, &the_nodelist->nodes_by_id, &search);
205 39744 : return node;
206 : }
207 :
208 : /** As node_get_by_ed25519_id, but returns a non-const pointer */
209 : node_t *
210 12049 : node_get_mutable_by_ed25519_id(const ed25519_public_key_t *ed_id)
211 : {
212 12049 : node_t search, *node;
213 12049 : if (PREDICT_UNLIKELY(the_nodelist == NULL))
214 : return NULL;
215 12049 : if (BUG(ed_id == NULL) || BUG(ed25519_public_key_is_zero(ed_id)))
216 0 : return NULL;
217 :
218 12049 : memcpy(&search.ed25519_id, ed_id, sizeof(search.ed25519_id));
219 12049 : node = HT_FIND(nodelist_ed_map, &the_nodelist->nodes_by_ed_id, &search);
220 12049 : return node;
221 : }
222 :
223 : /** Return the node_t whose identity is <b>identity_digest</b>, or NULL
224 : * if no such node exists. */
225 6580 : MOCK_IMPL(const node_t *,
226 : node_get_by_id,(const char *identity_digest))
227 : {
228 6580 : return node_get_mutable_by_id(identity_digest);
229 : }
230 :
231 : /** Return the node_t whose ed25519 identity is <b>ed_id</b>, or NULL
232 : * if no such node exists. */
233 12049 : MOCK_IMPL(const node_t *,
234 : node_get_by_ed25519_id,(const ed25519_public_key_t *ed_id))
235 : {
236 12049 : return node_get_mutable_by_ed25519_id(ed_id);
237 : }
238 :
239 : /** Internal: return the node_t whose identity_digest is
240 : * <b>identity_digest</b>. If none exists, create a new one, add it to the
241 : * nodelist, and return it.
242 : *
243 : * Requires that the nodelist be initialized.
244 : */
245 : static node_t *
246 12206 : node_get_or_create(const char *identity_digest)
247 : {
248 12206 : node_t *node;
249 :
250 12206 : if ((node = node_get_mutable_by_id(identity_digest)))
251 : return node;
252 :
253 6165 : node = tor_malloc_zero(sizeof(node_t));
254 6165 : memcpy(node->identity, identity_digest, DIGEST_LEN);
255 6165 : HT_INSERT(nodelist_map, &the_nodelist->nodes_by_id, node);
256 :
257 6165 : smartlist_add(the_nodelist->nodes, node);
258 6165 : node->nodelist_idx = smartlist_len(the_nodelist->nodes) - 1;
259 :
260 6165 : node->country = -1;
261 :
262 6165 : return node;
263 : }
264 :
265 : /** Remove <b>node</b> from the ed25519 map (if it present), and
266 : * set its ed25519_id field to zero. */
267 : static int
268 6187 : node_remove_from_ed25519_map(node_t *node)
269 : {
270 6187 : tor_assert(the_nodelist);
271 6187 : tor_assert(node);
272 :
273 6187 : if (ed25519_public_key_is_zero(&node->ed25519_id)) {
274 : return 0;
275 : }
276 :
277 1 : int rv = 0;
278 1 : node_t *search =
279 1 : HT_FIND(nodelist_ed_map, &the_nodelist->nodes_by_ed_id, node);
280 1 : if (BUG(search != node)) {
281 0 : goto clear_and_return;
282 : }
283 :
284 1 : search = HT_REMOVE(nodelist_ed_map, &the_nodelist->nodes_by_ed_id, node);
285 1 : tor_assert(search == node);
286 : rv = 1;
287 :
288 1 : clear_and_return:
289 1 : memset(&node->ed25519_id, 0, sizeof(node->ed25519_id));
290 1 : return rv;
291 : }
292 :
293 : /** Helper function to log details of duplicated ed2559_ids */
294 : static void
295 1 : node_log_dup_ed_id(const node_t *old, const node_t *node, const char *ed_id)
296 : {
297 1 : char *s;
298 1 : char *olddesc = tor_strdup(node_describe(old));
299 :
300 1 : tor_asprintf(&s, "Reused ed25519_id %s: old %s new %s", ed_id,
301 : olddesc, node_describe(node));
302 1 : log_backtrace(LOG_NOTICE, LD_DIR, s);
303 1 : tor_free(olddesc);
304 1 : tor_free(s);
305 1 : }
306 :
307 : /** If <b>node</b> has an ed25519 id, and it is not already in the ed25519 id
308 : * map, set its ed25519_id field, and add it to the ed25519 map.
309 : */
310 : static int
311 6187 : node_add_to_ed25519_map(node_t *node)
312 : {
313 6187 : tor_assert(the_nodelist);
314 6187 : tor_assert(node);
315 :
316 6187 : if (! ed25519_public_key_is_zero(&node->ed25519_id)) {
317 : return 0;
318 : }
319 :
320 6187 : const ed25519_public_key_t *key = node_get_ed25519_id(node);
321 6187 : if (!key) {
322 : return 0;
323 : }
324 :
325 6052 : node_t *old;
326 6052 : memcpy(&node->ed25519_id, key, sizeof(node->ed25519_id));
327 6052 : old = HT_FIND(nodelist_ed_map, &the_nodelist->nodes_by_ed_id, node);
328 6052 : if (old) {
329 1 : char ed_id[BASE32_BUFSIZE(sizeof(key->pubkey))];
330 :
331 1 : base32_encode(ed_id, sizeof(ed_id), (const char *)key->pubkey,
332 : sizeof(key->pubkey));
333 1 : if (BUG(old == node)) {
334 : /* Actual bug: all callers of this function call
335 : * node_remove_from_ed25519_map first. */
336 0 : log_err(LD_BUG,
337 : "Unexpectedly found deleted node with ed25519_id %s", ed_id);
338 : } else {
339 : /* Distinct nodes sharing a ed25519 id, possibly due to relay
340 : * misconfiguration. The key pinning might not catch this,
341 : * possibly due to downloading a missing descriptor during
342 : * consensus voting. */
343 1 : node_log_dup_ed_id(old, node, ed_id);
344 1 : memset(&node->ed25519_id, 0, sizeof(node->ed25519_id));
345 : }
346 1 : return 0;
347 : }
348 :
349 6051 : HT_INSERT(nodelist_ed_map, &the_nodelist->nodes_by_ed_id, node);
350 6051 : return 1;
351 : }
352 :
353 : /* For a given <b>node</b> for the consensus <b>ns</b>, set the hsdir index
354 : * for the node, both current and next if possible. This can only fails if the
355 : * node_t ed25519 identity key can't be found which would be a bug. */
356 : STATIC void
357 12054 : node_set_hsdir_index(node_t *node, const networkstatus_t *ns)
358 : {
359 12054 : time_t now = approx_time();
360 12054 : const ed25519_public_key_t *node_identity_pk;
361 12054 : uint8_t *fetch_srv = NULL, *store_first_srv = NULL, *store_second_srv = NULL;
362 12054 : uint64_t next_time_period_num, current_time_period_num;
363 12054 : uint64_t fetch_tp, store_first_tp, store_second_tp;
364 :
365 12054 : tor_assert(node);
366 12054 : tor_assert(ns);
367 :
368 12054 : if (!networkstatus_consensus_reasonably_live(ns, now)) {
369 0 : static struct ratelim_t live_consensus_ratelim = RATELIM_INIT(30 * 60);
370 0 : log_fn_ratelim(&live_consensus_ratelim, LOG_INFO, LD_GENERAL,
371 : "Not setting hsdir index with a non-live consensus.");
372 0 : goto done;
373 : }
374 :
375 12054 : node_identity_pk = node_get_ed25519_id(node);
376 12054 : if (node_identity_pk == NULL) {
377 6033 : log_debug(LD_GENERAL, "ed25519 identity public key not found when "
378 : "trying to build the hsdir indexes for node %s",
379 : node_describe(node));
380 6033 : goto done;
381 : }
382 :
383 : /* Get the current and next time period number. */
384 6021 : current_time_period_num = hs_get_time_period_num(0);
385 6021 : next_time_period_num = hs_get_next_time_period_num(0);
386 :
387 : /* We always use the current time period for fetching descs */
388 6021 : fetch_tp = current_time_period_num;
389 :
390 : /* Now extract the needed SRVs and time periods for building hsdir indices */
391 6021 : if (hs_in_period_between_tp_and_srv(ns, now)) {
392 3000 : fetch_srv = hs_get_current_srv(fetch_tp, ns);
393 :
394 3000 : store_first_tp = hs_get_previous_time_period_num(0);
395 3000 : store_second_tp = current_time_period_num;
396 : } else {
397 3021 : fetch_srv = hs_get_previous_srv(fetch_tp, ns);
398 :
399 3021 : store_first_tp = current_time_period_num;
400 3021 : store_second_tp = next_time_period_num;
401 : }
402 :
403 : /* We always use the old SRV for storing the first descriptor and the latest
404 : * SRV for storing the second descriptor */
405 6021 : store_first_srv = hs_get_previous_srv(store_first_tp, ns);
406 6021 : store_second_srv = hs_get_current_srv(store_second_tp, ns);
407 :
408 : /* Build the fetch index. */
409 6021 : hs_build_hsdir_index(node_identity_pk, fetch_srv, fetch_tp,
410 6021 : node->hsdir_index.fetch);
411 :
412 : /* If we are in the time segment between SRV#N and TP#N, the fetch index is
413 : the same as the first store index */
414 6021 : if (!hs_in_period_between_tp_and_srv(ns, now)) {
415 3021 : memcpy(node->hsdir_index.store_first, node->hsdir_index.fetch,
416 : sizeof(node->hsdir_index.store_first));
417 : } else {
418 3000 : hs_build_hsdir_index(node_identity_pk, store_first_srv, store_first_tp,
419 3000 : node->hsdir_index.store_first);
420 : }
421 :
422 : /* If we are in the time segment between TP#N and SRV#N+1, the fetch index is
423 : the same as the second store index */
424 6021 : if (hs_in_period_between_tp_and_srv(ns, now)) {
425 3000 : memcpy(node->hsdir_index.store_second, node->hsdir_index.fetch,
426 : sizeof(node->hsdir_index.store_second));
427 : } else {
428 3021 : hs_build_hsdir_index(node_identity_pk, store_second_srv, store_second_tp,
429 3021 : node->hsdir_index.store_second);
430 : }
431 :
432 12054 : done:
433 12054 : tor_free(fetch_srv);
434 12054 : tor_free(store_first_srv);
435 12054 : tor_free(store_second_srv);
436 12054 : return;
437 : }
438 :
439 : /** Called when a node's address changes. */
440 : static void
441 0 : node_addrs_changed(node_t *node)
442 : {
443 0 : node->last_reachable = node->last_reachable6 = 0;
444 0 : node->country = -1;
445 0 : }
446 :
447 : /** Add all address information about <b>node</b> to the current address
448 : * set (if there is one).
449 : */
450 : static void
451 12214 : node_add_to_address_set(const node_t *node)
452 : {
453 12214 : if (!the_nodelist ||
454 12214 : !the_nodelist->node_addrs || !the_nodelist->reentry_set)
455 : return;
456 :
457 : /* These various address sources can be redundant, but it's likely faster to
458 : * add them all than to compare them all for equality.
459 : *
460 : * For relays, we only add the ORPort in the addr+port set since we want to
461 : * allow re-entry into the network to the DirPort so the self reachability
462 : * test succeeds and thus the 0 value for the DirPort. */
463 :
464 6057 : if (node->rs) {
465 6049 : if (!tor_addr_is_null(&node->rs->ipv4_addr))
466 6043 : nodelist_add_addr_to_address_set(&node->rs->ipv4_addr,
467 6043 : node->rs->ipv4_orport, 0);
468 6049 : if (!tor_addr_is_null(&node->rs->ipv6_addr))
469 8 : nodelist_add_addr_to_address_set(&node->rs->ipv6_addr,
470 8 : node->rs->ipv6_orport, 0);
471 : }
472 6057 : if (node->ri) {
473 28 : if (!tor_addr_is_null(&node->ri->ipv4_addr))
474 0 : nodelist_add_addr_to_address_set(&node->ri->ipv4_addr,
475 0 : node->ri->ipv4_orport, 0);
476 28 : if (!tor_addr_is_null(&node->ri->ipv6_addr))
477 0 : nodelist_add_addr_to_address_set(&node->ri->ipv6_addr,
478 0 : node->ri->ipv6_orport, 0);
479 : }
480 6057 : if (node->md) {
481 6023 : if (!tor_addr_is_null(&node->md->ipv6_addr))
482 0 : nodelist_add_addr_to_address_set(&node->md->ipv6_addr,
483 0 : node->md->ipv6_orport, 0);
484 : }
485 : }
486 :
487 : /** Build a construction for the reentry set consisting of an address and port
488 : * pair.
489 : *
490 : * If the given address is _not_ AF_INET or AF_INET6, then the item is an
491 : * array of 0s.
492 : *
493 : * Return a pointer to a static buffer containing the item. Next call to this
494 : * function invalidates its previous content. */
495 : static char *
496 1012 : build_addr_port_item(const tor_addr_t *addr, const uint16_t port)
497 : {
498 : /* At most 16 bytes are put in this (IPv6) and then 2 bytes for the port
499 : * which is within the maximum of 20 bytes (DIGEST_LEN). */
500 1012 : static char data[DIGEST_LEN];
501 :
502 1012 : memset(data, 0, sizeof(data));
503 1012 : switch (tor_addr_family(addr)) {
504 862 : case AF_INET:
505 862 : memcpy(data, &addr->addr.in_addr.s_addr, 4);
506 : break;
507 150 : case AF_INET6:
508 150 : memcpy(data, &addr->addr.in6_addr.s6_addr, 16);
509 : break;
510 : case AF_UNSPEC:
511 : /* Leave the 0. */
512 : break;
513 0 : default:
514 : /* LCOV_EXCL_START */
515 : tor_fragile_assert();
516 : /* LCOV_EXCL_STOP */
517 : }
518 :
519 1012 : memcpy(data + 16, &port, sizeof(port));
520 1012 : return data;
521 : }
522 :
523 : /** Add the given address into the nodelist address set. */
524 : void
525 6751 : nodelist_add_addr_to_address_set(const tor_addr_t *addr,
526 : uint16_t or_port, uint16_t dir_port)
527 : {
528 13502 : if (BUG(!addr) || tor_addr_is_null(addr) ||
529 6899 : (!tor_addr_is_v4(addr) && !tor_addr_is_v6(addr)) ||
530 6751 : !the_nodelist || !the_nodelist->node_addrs ||
531 6751 : !the_nodelist->reentry_set) {
532 0 : return;
533 : }
534 6751 : address_set_add(the_nodelist->node_addrs, addr);
535 6751 : if (or_port != 0) {
536 446 : digestmap_set(the_nodelist->reentry_set,
537 446 : build_addr_port_item(addr, or_port), (void*) 1);
538 : }
539 6751 : if (dir_port != 0) {
540 560 : digestmap_set(the_nodelist->reentry_set,
541 560 : build_addr_port_item(addr, dir_port), (void*) 1);
542 : }
543 : }
544 :
545 : /** Return true if <b>addr</b> is the address of some node in the nodelist.
546 : * If not, probably return false. */
547 : int
548 166 : nodelist_probably_contains_address(const tor_addr_t *addr)
549 : {
550 166 : if (BUG(!addr))
551 0 : return 0;
552 :
553 166 : if (!the_nodelist || !the_nodelist->node_addrs)
554 : return 0;
555 :
556 20 : return address_set_probably_contains(the_nodelist->node_addrs, addr);
557 : }
558 :
559 : /** Return true if <b>addr</b> is the address of some node in the nodelist and
560 : * corresponds also to the given port. If not, probably return false. */
561 : bool
562 6 : nodelist_reentry_contains(const tor_addr_t *addr, uint16_t port)
563 : {
564 6 : if (BUG(!addr) || BUG(!port))
565 0 : return false;
566 :
567 6 : if (!the_nodelist || !the_nodelist->reentry_set)
568 : return false;
569 :
570 6 : return digestmap_get(the_nodelist->reentry_set,
571 12 : build_addr_port_item(addr, port)) != NULL;
572 : }
573 :
574 : /** Add <b>ri</b> to an appropriate node in the nodelist. If we replace an
575 : * old routerinfo, and <b>ri_old_out</b> is not NULL, set *<b>ri_old_out</b>
576 : * to the previous routerinfo.
577 : */
578 : node_t *
579 6160 : nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out)
580 : {
581 6160 : node_t *node;
582 6160 : const char *id_digest;
583 6160 : int had_router = 0;
584 6160 : tor_assert(ri);
585 :
586 6160 : init_nodelist();
587 6160 : id_digest = ri->cache_info.identity_digest;
588 6160 : node = node_get_or_create(id_digest);
589 :
590 6160 : node_remove_from_ed25519_map(node);
591 :
592 6160 : if (node->ri) {
593 1 : if (!routers_have_same_or_addrs(node->ri, ri)) {
594 0 : node_addrs_changed(node);
595 : }
596 1 : had_router = 1;
597 1 : if (ri_old_out)
598 1 : *ri_old_out = node->ri;
599 : } else {
600 6159 : if (ri_old_out)
601 3 : *ri_old_out = NULL;
602 : }
603 6160 : node->ri = ri;
604 :
605 6160 : node_add_to_ed25519_map(node);
606 :
607 6160 : if (node->country == -1)
608 6160 : node_set_country(node);
609 :
610 6160 : if (authdir_mode(get_options()) && !had_router) {
611 0 : const char *discard=NULL;
612 0 : uint32_t status = dirserv_router_get_status(ri, &discard, LOG_INFO);
613 0 : dirserv_set_node_flags_from_authoritative_status(node, status);
614 : }
615 :
616 : /* Setting the HSDir index requires the ed25519 identity key which can
617 : * only be found either in the ri or md. This is why this is called here.
618 : * Only nodes supporting HSDir=2 protocol version needs this index. */
619 6160 : if (node->rs && node->rs->pv.supports_v3_hsdir) {
620 0 : node_set_hsdir_index(node,
621 0 : networkstatus_get_latest_consensus());
622 : }
623 :
624 6160 : node_add_to_address_set(node);
625 :
626 6160 : return node;
627 : }
628 :
629 : /** Set the appropriate node_t to use <b>md</b> as its microdescriptor.
630 : *
631 : * Called when a new microdesc has arrived and the usable consensus flavor
632 : * is "microdesc".
633 : **/
634 : node_t *
635 2 : nodelist_add_microdesc(microdesc_t *md)
636 : {
637 2 : networkstatus_t *ns =
638 2 : networkstatus_get_latest_consensus_by_flavor(FLAV_MICRODESC);
639 2 : const routerstatus_t *rs;
640 2 : node_t *node;
641 2 : if (ns == NULL)
642 : return NULL;
643 2 : init_nodelist();
644 :
645 : /* Microdescriptors don't carry an identity digest, so we need to figure
646 : * it out by looking up the routerstatus. */
647 2 : rs = router_get_consensus_status_by_descriptor_digest(ns, md->digest);
648 2 : if (rs == NULL)
649 : return NULL;
650 2 : node = node_get_mutable_by_id(rs->identity_digest);
651 2 : if (node == NULL)
652 : return NULL;
653 :
654 2 : node_remove_from_ed25519_map(node);
655 2 : if (node->md)
656 0 : node->md->held_by_nodes--;
657 :
658 2 : node->md = md;
659 2 : md->held_by_nodes++;
660 : /* Setting the HSDir index requires the ed25519 identity key which can
661 : * only be found either in the ri or md. This is why this is called here.
662 : * Only nodes supporting HSDir=2 protocol version needs this index. */
663 2 : if (rs->pv.supports_v3_hsdir) {
664 0 : node_set_hsdir_index(node, ns);
665 : }
666 2 : node_add_to_ed25519_map(node);
667 2 : node_add_to_address_set(node);
668 :
669 2 : return node;
670 : }
671 :
672 : /* Default value. */
673 : #define ESTIMATED_ADDRESS_PER_NODE 2
674 :
675 : /* Return the estimated number of address per node_t. This is used for the
676 : * size of the bloom filter in the nodelist (node_addrs). */
677 70 : MOCK_IMPL(int,
678 : get_estimated_address_per_node, (void))
679 : {
680 70 : return ESTIMATED_ADDRESS_PER_NODE;
681 : }
682 :
683 : /** Tell the nodelist that the current usable consensus is <b>ns</b>.
684 : * This makes the nodelist change all of the routerstatus entries for
685 : * the nodes, drop nodes that no longer have enough info to get used,
686 : * and grab microdescriptors into nodes as appropriate.
687 : */
688 : void
689 41 : nodelist_set_consensus(const networkstatus_t *ns)
690 : {
691 41 : const or_options_t *options = get_options();
692 41 : int authdir = authdir_mode_v3(options);
693 :
694 41 : init_nodelist();
695 41 : if (ns->flavor == FLAV_MICRODESC)
696 13 : (void) get_microdesc_cache(); /* Make sure it exists first. */
697 :
698 6086 : SMARTLIST_FOREACH(the_nodelist->nodes, node_t *, node,
699 : node->rs = NULL);
700 :
701 : /* Conservatively estimate that every node will have 2 addresses (v4 and
702 : * v6). Then we add the number of configured trusted authorities we have. */
703 82 : int estimated_addresses = smartlist_len(ns->routerstatus_list) *
704 41 : get_estimated_address_per_node();
705 41 : estimated_addresses += (get_n_authorities(V3_DIRINFO | BRIDGE_DIRINFO) *
706 41 : get_estimated_address_per_node());
707 : /* Clear our sets because we will repopulate them with what this new
708 : * consensus contains. */
709 41 : address_set_free(the_nodelist->node_addrs);
710 41 : the_nodelist->node_addrs = address_set_new(estimated_addresses);
711 41 : digestmap_free(the_nodelist->reentry_set, NULL);
712 41 : the_nodelist->reentry_set = digestmap_new();
713 :
714 6087 : SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
715 6046 : node_t *node = node_get_or_create(rs->identity_digest);
716 6046 : node->rs = rs;
717 6046 : if (ns->flavor == FLAV_MICRODESC) {
718 25 : if (node->md == NULL ||
719 0 : tor_memneq(node->md->digest,rs->descriptor_digest,DIGEST256_LEN)) {
720 25 : node_remove_from_ed25519_map(node);
721 25 : if (node->md)
722 0 : node->md->held_by_nodes--;
723 50 : node->md = microdesc_cache_lookup_by_digest256(NULL,
724 25 : rs->descriptor_digest);
725 25 : if (node->md)
726 0 : node->md->held_by_nodes++;
727 25 : node_add_to_ed25519_map(node);
728 : }
729 : }
730 :
731 6046 : if (rs->pv.supports_v3_hsdir) {
732 6033 : node_set_hsdir_index(node, ns);
733 : }
734 6046 : node_set_country(node);
735 :
736 : /* If we're not an authdir, believe others. */
737 6046 : if (!authdir) {
738 6046 : node->is_valid = rs->is_valid;
739 6046 : node->is_running = rs->is_flagged_running;
740 6046 : node->is_fast = rs->is_fast;
741 6046 : node->is_stable = rs->is_stable;
742 6046 : node->is_possible_guard = rs->is_possible_guard;
743 6046 : node->is_exit = rs->is_exit;
744 6046 : node->is_bad_exit = rs->is_bad_exit;
745 6046 : node->is_hs_dir = rs->is_hs_dir;
746 6046 : node->ipv6_preferred = 0;
747 6046 : if (reachable_addr_prefer_ipv6_orport(options) &&
748 0 : (tor_addr_is_null(&rs->ipv6_addr) == 0 ||
749 0 : (node->md && tor_addr_is_null(&node->md->ipv6_addr) == 0)))
750 0 : node->ipv6_preferred = 1;
751 : }
752 :
753 6046 : } SMARTLIST_FOREACH_END(rs);
754 :
755 41 : nodelist_purge();
756 :
757 : /* Now add all the nodes we have to the address set. */
758 6093 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
759 6052 : node_add_to_address_set(node);
760 6052 : } SMARTLIST_FOREACH_END(node);
761 : /* Then, add all trusted configured directories. Some might not be in the
762 : * consensus so make sure we know them. */
763 41 : dirlist_add_trusted_dir_addresses();
764 :
765 41 : if (! authdir) {
766 6093 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
767 : /* We have no routerstatus for this router. Clear flags so we can skip
768 : * it, maybe.*/
769 6052 : if (!node->rs) {
770 6 : tor_assert(node->ri); /* if it had only an md, or nothing, purge
771 : * would have removed it. */
772 6 : if (node->ri->purpose == ROUTER_PURPOSE_GENERAL) {
773 : /* Clear all flags. */
774 6 : node->is_valid = node->is_running = node->is_hs_dir =
775 6 : node->is_fast = node->is_stable =
776 6 : node->is_possible_guard = node->is_exit =
777 6 : node->is_bad_exit = node->ipv6_preferred = 0;
778 : }
779 : }
780 6052 : } SMARTLIST_FOREACH_END(node);
781 : }
782 :
783 : /* If the consensus is live, note down the consensus valid-after that formed
784 : * the nodelist. */
785 41 : if (networkstatus_is_live(ns, approx_time())) {
786 31 : the_nodelist->live_consensus_valid_after = ns->valid_after;
787 : }
788 41 : }
789 :
790 : /** Return 1 iff <b>node</b> has Exit flag and no BadExit flag.
791 : * Otherwise, return 0.
792 : */
793 : int
794 0 : node_is_good_exit(const node_t *node)
795 : {
796 0 : return node->is_exit && ! node->is_bad_exit;
797 : }
798 :
799 : /** Helper: return true iff a node has a usable amount of information*/
800 : static inline int
801 6052 : node_is_usable(const node_t *node)
802 : {
803 6052 : return (node->rs) || (node->ri);
804 : }
805 :
806 : /** Tell the nodelist that <b>md</b> is no longer a microdescriptor for the
807 : * node with <b>identity_digest</b>. */
808 : void
809 0 : nodelist_remove_microdesc(const char *identity_digest, microdesc_t *md)
810 : {
811 0 : node_t *node = node_get_mutable_by_id(identity_digest);
812 0 : if (node && node->md == md) {
813 0 : node->md = NULL;
814 0 : md->held_by_nodes--;
815 0 : if (! node_get_ed25519_id(node)) {
816 0 : node_remove_from_ed25519_map(node);
817 : }
818 : }
819 0 : }
820 :
821 : /** Tell the nodelist that <b>ri</b> is no longer in the routerlist. */
822 : void
823 0 : nodelist_remove_routerinfo(routerinfo_t *ri)
824 : {
825 0 : node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
826 0 : if (node && node->ri == ri) {
827 0 : node->ri = NULL;
828 0 : if (! node_is_usable(node)) {
829 0 : nodelist_drop_node(node, 1);
830 0 : node_free(node);
831 : }
832 : }
833 0 : }
834 :
835 : /** Remove <b>node</b> from the nodelist. (Asserts that it was there to begin
836 : * with.) */
837 : static void
838 0 : nodelist_drop_node(node_t *node, int remove_from_ht)
839 : {
840 0 : node_t *tmp;
841 0 : int idx;
842 0 : if (remove_from_ht) {
843 0 : tmp = HT_REMOVE(nodelist_map, &the_nodelist->nodes_by_id, node);
844 0 : tor_assert(tmp == node);
845 : }
846 0 : node_remove_from_ed25519_map(node);
847 :
848 0 : idx = node->nodelist_idx;
849 0 : tor_assert(idx >= 0);
850 :
851 0 : tor_assert(node == smartlist_get(the_nodelist->nodes, idx));
852 0 : smartlist_del(the_nodelist->nodes, idx);
853 0 : if (idx < smartlist_len(the_nodelist->nodes)) {
854 0 : tmp = smartlist_get(the_nodelist->nodes, idx);
855 0 : tmp->nodelist_idx = idx;
856 : }
857 0 : node->nodelist_idx = -1;
858 0 : }
859 :
860 : /** Return a newly allocated smartlist of the nodes that have <b>md</b> as
861 : * their microdescriptor. */
862 : smartlist_t *
863 0 : nodelist_find_nodes_with_microdesc(const microdesc_t *md)
864 : {
865 0 : smartlist_t *result = smartlist_new();
866 :
867 0 : if (the_nodelist == NULL)
868 : return result;
869 :
870 0 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
871 0 : if (node->md == md) {
872 0 : smartlist_add(result, node);
873 : }
874 0 : } SMARTLIST_FOREACH_END(node);
875 :
876 : return result;
877 : }
878 :
879 : /** Release storage held by <b>node</b> */
880 : static void
881 6118 : node_free_(node_t *node)
882 : {
883 6118 : if (!node)
884 : return;
885 6118 : if (node->md)
886 0 : node->md->held_by_nodes--;
887 6118 : tor_assert(node->nodelist_idx == -1);
888 6118 : tor_free(node);
889 : }
890 :
891 : /** Remove all entries from the nodelist that don't have enough info to be
892 : * usable for anything. */
893 : void
894 41 : nodelist_purge(void)
895 : {
896 41 : node_t **iter;
897 41 : if (PREDICT_UNLIKELY(the_nodelist == NULL))
898 : return;
899 :
900 : /* Remove the non-usable nodes. */
901 6093 : for (iter = HT_START(nodelist_map, &the_nodelist->nodes_by_id); iter; ) {
902 6052 : node_t *node = *iter;
903 :
904 6052 : if (node->md && !node->rs) {
905 : /* An md is only useful if there is an rs. */
906 0 : node->md->held_by_nodes--;
907 0 : node->md = NULL;
908 : }
909 :
910 6052 : if (node_is_usable(node)) {
911 6052 : iter = HT_NEXT(nodelist_map, &the_nodelist->nodes_by_id, iter);
912 : } else {
913 0 : iter = HT_NEXT_RMV(nodelist_map, &the_nodelist->nodes_by_id, iter);
914 0 : nodelist_drop_node(node, 0);
915 0 : node_free(node);
916 : }
917 : }
918 41 : nodelist_assert_ok();
919 : }
920 :
921 : /** Release all storage held by the nodelist. */
922 : void
923 301 : nodelist_free_all(void)
924 : {
925 301 : if (PREDICT_UNLIKELY(the_nodelist == NULL))
926 : return;
927 :
928 60 : HT_CLEAR(nodelist_map, &the_nodelist->nodes_by_id);
929 60 : HT_CLEAR(nodelist_ed_map, &the_nodelist->nodes_by_ed_id);
930 6178 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
931 6118 : node->nodelist_idx = -1;
932 6118 : node_free(node);
933 6118 : } SMARTLIST_FOREACH_END(node);
934 :
935 60 : smartlist_free(the_nodelist->nodes);
936 :
937 60 : address_set_free(the_nodelist->node_addrs);
938 60 : the_nodelist->node_addrs = NULL;
939 60 : digestmap_free(the_nodelist->reentry_set, NULL);
940 60 : the_nodelist->reentry_set = NULL;
941 :
942 60 : tor_free(the_nodelist);
943 : }
944 :
945 : /** Check that the nodelist is internally consistent, and consistent with
946 : * the directory info it's derived from.
947 : */
948 : void
949 42 : nodelist_assert_ok(void)
950 : {
951 42 : routerlist_t *rl = router_get_routerlist();
952 42 : networkstatus_t *ns = networkstatus_get_latest_consensus();
953 42 : digestmap_t *dm;
954 :
955 42 : if (!the_nodelist)
956 : return;
957 :
958 42 : dm = digestmap_new();
959 :
960 : /* every routerinfo in rl->routers should be in the nodelist. */
961 42 : if (rl) {
962 70 : SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, ri) {
963 28 : const node_t *node = node_get_by_id(ri->cache_info.identity_digest);
964 28 : tor_assert(node && node->ri == ri);
965 28 : tor_assert(fast_memeq(ri->cache_info.identity_digest,
966 : node->identity, DIGEST_LEN));
967 28 : tor_assert(! digestmap_get(dm, node->identity));
968 28 : digestmap_set(dm, node->identity, (void*)node);
969 28 : } SMARTLIST_FOREACH_END(ri);
970 : }
971 :
972 : /* every routerstatus in ns should be in the nodelist */
973 42 : if (ns) {
974 6091 : SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
975 6049 : const node_t *node = node_get_by_id(rs->identity_digest);
976 6049 : tor_assert(node && node->rs == rs);
977 6049 : tor_assert(fast_memeq(rs->identity_digest, node->identity, DIGEST_LEN));
978 6049 : digestmap_set(dm, node->identity, (void*)node);
979 6049 : if (ns->flavor == FLAV_MICRODESC) {
980 : /* If it's a microdesc consensus, every entry that has a
981 : * microdescriptor should be in the nodelist.
982 : */
983 28 : microdesc_t *md =
984 28 : microdesc_cache_lookup_by_digest256(NULL, rs->descriptor_digest);
985 28 : tor_assert(md == node->md);
986 28 : if (md)
987 0 : tor_assert(md->held_by_nodes >= 1);
988 : }
989 6049 : } SMARTLIST_FOREACH_END(rs);
990 : }
991 :
992 : /* The nodelist should have no other entries, and its entries should be
993 : * well-formed. */
994 6098 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
995 6056 : tor_assert(digestmap_get(dm, node->identity) != NULL);
996 6056 : tor_assert(node_sl_idx == node->nodelist_idx);
997 6056 : } SMARTLIST_FOREACH_END(node);
998 :
999 : /* Every node listed with an ed25519 identity should be listed by that
1000 : * identity.
1001 : */
1002 6098 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
1003 6056 : if (!ed25519_public_key_is_zero(&node->ed25519_id)) {
1004 6021 : tor_assert(node == node_get_by_ed25519_id(&node->ed25519_id));
1005 : }
1006 6056 : } SMARTLIST_FOREACH_END(node);
1007 :
1008 42 : node_t **idx;
1009 6063 : HT_FOREACH(idx, nodelist_ed_map, &the_nodelist->nodes_by_ed_id) {
1010 6021 : node_t *node = *idx;
1011 6021 : tor_assert(node == node_get_by_ed25519_id(&node->ed25519_id));
1012 : }
1013 :
1014 42 : tor_assert((long)smartlist_len(the_nodelist->nodes) ==
1015 : (long)HT_SIZE(&the_nodelist->nodes_by_id));
1016 :
1017 42 : tor_assert((long)smartlist_len(the_nodelist->nodes) >=
1018 : (long)HT_SIZE(&the_nodelist->nodes_by_ed_id));
1019 :
1020 42 : digestmap_free(dm, NULL);
1021 : }
1022 :
1023 : /** Ensure that the nodelist has been created with the most recent consensus.
1024 : * If that's not the case, make it so. */
1025 : void
1026 66 : nodelist_ensure_freshness(const networkstatus_t *ns)
1027 : {
1028 66 : tor_assert(ns);
1029 :
1030 : /* We don't even have a nodelist: this is a NOP. */
1031 66 : if (!the_nodelist) {
1032 : return;
1033 : }
1034 :
1035 66 : if (the_nodelist->live_consensus_valid_after != ns->valid_after) {
1036 28 : log_info(LD_GENERAL, "Nodelist was not fresh: rebuilding. (%d / %d)",
1037 : (int) the_nodelist->live_consensus_valid_after,
1038 : (int) ns->valid_after);
1039 28 : nodelist_set_consensus(ns);
1040 : }
1041 : }
1042 :
1043 : /** Return a list of a node_t * for every node we know about. The caller
1044 : * MUST NOT modify the list. (You can set and clear flags in the nodes if
1045 : * you must, but you must not add or remove nodes.) */
1046 135 : MOCK_IMPL(const smartlist_t *,
1047 : nodelist_get_list,(void))
1048 : {
1049 135 : init_nodelist();
1050 135 : return the_nodelist->nodes;
1051 : }
1052 :
1053 : /** Given a hex-encoded nickname of the format DIGEST, $DIGEST, $DIGEST=name,
1054 : * or $DIGEST~name, return the node with the matching identity digest and
1055 : * nickname (if any). Return NULL if no such node exists, or if <b>hex_id</b>
1056 : * is not well-formed. DOCDOC flags */
1057 : const node_t *
1058 0 : node_get_by_hex_id(const char *hex_id, unsigned flags)
1059 : {
1060 0 : char digest_buf[DIGEST_LEN];
1061 0 : char nn_buf[MAX_NICKNAME_LEN+1];
1062 0 : char nn_char='\0';
1063 :
1064 0 : (void) flags; // XXXX
1065 :
1066 0 : if (hex_digest_nickname_decode(hex_id, digest_buf, &nn_char, nn_buf)==0) {
1067 0 : const node_t *node = node_get_by_id(digest_buf);
1068 0 : if (!node)
1069 : return NULL;
1070 0 : if (nn_char == '=') {
1071 : /* "=" indicates a Named relay, but there aren't any of those now. */
1072 : return NULL;
1073 : }
1074 0 : return node;
1075 : }
1076 :
1077 : return NULL;
1078 : }
1079 :
1080 : /** Given a nickname (possibly verbose, possibly a hexadecimal digest), return
1081 : * the corresponding node_t, or NULL if none exists. Warn the user if they
1082 : * have specified a router by nickname, unless the NNF_NO_WARN_UNNAMED bit is
1083 : * set in <b>flags</b>. */
1084 11 : MOCK_IMPL(const node_t *,
1085 : node_get_by_nickname,(const char *nickname, unsigned flags))
1086 : {
1087 11 : const int warn_if_unnamed = !(flags & NNF_NO_WARN_UNNAMED);
1088 :
1089 11 : if (!the_nodelist)
1090 : return NULL;
1091 :
1092 : /* Handle these cases: DIGEST, $DIGEST, $DIGEST=name, $DIGEST~name. */
1093 : {
1094 0 : const node_t *node;
1095 0 : if ((node = node_get_by_hex_id(nickname, flags)) != NULL)
1096 : return node;
1097 : }
1098 :
1099 0 : if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME))
1100 : return NULL;
1101 :
1102 : /* Okay, so the name is not canonical for anybody. */
1103 : {
1104 0 : smartlist_t *matches = smartlist_new();
1105 0 : const node_t *choice = NULL;
1106 :
1107 0 : SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
1108 0 : if (!strcasecmp(node_get_nickname(node), nickname))
1109 0 : smartlist_add(matches, node);
1110 0 : } SMARTLIST_FOREACH_END(node);
1111 :
1112 0 : if (smartlist_len(matches)>1 && warn_if_unnamed) {
1113 : int any_unwarned = 0;
1114 0 : SMARTLIST_FOREACH_BEGIN(matches, node_t *, node) {
1115 0 : if (!node->name_lookup_warned) {
1116 0 : node->name_lookup_warned = 1;
1117 0 : any_unwarned = 1;
1118 : }
1119 0 : } SMARTLIST_FOREACH_END(node);
1120 :
1121 0 : if (any_unwarned) {
1122 0 : log_warn(LD_CONFIG, "There are multiple matches for the name %s. "
1123 : "Choosing one arbitrarily.", nickname);
1124 : }
1125 0 : } else if (smartlist_len(matches)==1 && warn_if_unnamed) {
1126 0 : char fp[HEX_DIGEST_LEN+1];
1127 0 : node_t *node = smartlist_get(matches, 0);
1128 0 : if (! node->name_lookup_warned) {
1129 0 : base16_encode(fp, sizeof(fp), node->identity, DIGEST_LEN);
1130 0 : log_warn(LD_CONFIG,
1131 : "You specified a relay \"%s\" by name, but nicknames can be "
1132 : "used by any relay, not just the one you meant. "
1133 : "To make sure you get the same relay in the future, refer "
1134 : "to it by key, as \"$%s\".", nickname, fp);
1135 0 : node->name_lookup_warned = 1;
1136 : }
1137 : }
1138 :
1139 0 : if (smartlist_len(matches))
1140 0 : choice = smartlist_get(matches, 0);
1141 :
1142 0 : smartlist_free(matches);
1143 0 : return choice;
1144 : }
1145 : }
1146 :
1147 : /** Return the Ed25519 identity key for the provided node, or NULL if it
1148 : * doesn't have one. */
1149 26281 : MOCK_IMPL(const ed25519_public_key_t *,
1150 : node_get_ed25519_id,(const node_t *node))
1151 : {
1152 26281 : const ed25519_public_key_t *ri_pk = NULL;
1153 26281 : const ed25519_public_key_t *md_pk = NULL;
1154 :
1155 26281 : if (node->ri) {
1156 12242 : if (node->ri->cache_info.signing_key_cert) {
1157 12078 : ri_pk = &node->ri->cache_info.signing_key_cert->signing_key;
1158 : /* Checking whether routerinfo ed25519 is all zero.
1159 : * Our descriptor parser should make sure this never happens. */
1160 12078 : if (BUG(ed25519_public_key_is_zero(ri_pk)))
1161 : ri_pk = NULL;
1162 : }
1163 : }
1164 :
1165 26281 : if (node->md) {
1166 20053 : if (node->md->ed25519_identity_pkey) {
1167 2 : md_pk = node->md->ed25519_identity_pkey;
1168 : /* Checking whether microdesc ed25519 is all zero.
1169 : * Our descriptor parser should make sure this never happens. */
1170 2 : if (BUG(ed25519_public_key_is_zero(md_pk)))
1171 : md_pk = NULL;
1172 : }
1173 : }
1174 :
1175 26281 : if (ri_pk && md_pk) {
1176 1 : if (ed25519_pubkey_eq(ri_pk, md_pk)) {
1177 : return ri_pk;
1178 : } else {
1179 : /* This can happen if the relay gets flagged NoEdConsensus which will be
1180 : * triggered on all relays of the network. Thus a protocol warning. */
1181 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1182 : "Inconsistent ed25519 identities in the nodelist");
1183 0 : return NULL;
1184 : }
1185 26280 : } else if (ri_pk) {
1186 : return ri_pk;
1187 : } else {
1188 14203 : return md_pk;
1189 : }
1190 : }
1191 :
1192 : /** Return true iff this node's Ed25519 identity matches <b>id</b>.
1193 : * (An absent Ed25519 identity matches NULL or zero.) */
1194 : int
1195 0 : node_ed25519_id_matches(const node_t *node, const ed25519_public_key_t *id)
1196 : {
1197 0 : const ed25519_public_key_t *node_id = node_get_ed25519_id(node);
1198 0 : if (node_id == NULL || ed25519_public_key_is_zero(node_id)) {
1199 0 : return id == NULL || ed25519_public_key_is_zero(id);
1200 : } else {
1201 0 : return id && ed25519_pubkey_eq(node_id, id);
1202 : }
1203 : }
1204 :
1205 : /** Dummy object that should be unreturnable. Used to ensure that
1206 : * node_get_protover_summary_flags() always returns non-NULL. */
1207 : static const protover_summary_flags_t zero_protover_flags = {
1208 : 0,0,0,0,0,0,0,0,0,0,0,0
1209 : };
1210 :
1211 : /** Return the protover_summary_flags for a given node. */
1212 : static const protover_summary_flags_t *
1213 30073 : node_get_protover_summary_flags(const node_t *node)
1214 : {
1215 30073 : if (node->rs) {
1216 30065 : return &node->rs->pv;
1217 8 : } else if (node->ri) {
1218 8 : return &node->ri->pv;
1219 : } else {
1220 : /* This should be impossible: every node should have a routerstatus or a
1221 : * router descriptor or both. But just in case we've messed up somehow,
1222 : * return a nice empty set of flags to indicate "this node supports
1223 : * nothing." */
1224 0 : tor_assert_nonfatal_unreached_once();
1225 0 : return &zero_protover_flags;
1226 : }
1227 : }
1228 :
1229 : /** Return true iff <b>node</b> supports authenticating itself
1230 : * by ed25519 ID during the link handshake. If <b>compatible_with_us</b>,
1231 : * it needs to be using a link authentication method that we understand.
1232 : * If not, any plausible link authentication method will do. */
1233 23 : MOCK_IMPL(bool,
1234 : node_supports_ed25519_link_authentication,(const node_t *node,
1235 : bool compatible_with_us))
1236 : {
1237 23 : if (! node_get_ed25519_id(node))
1238 : return 0;
1239 :
1240 2 : const protover_summary_flags_t *pv = node_get_protover_summary_flags(node);
1241 :
1242 2 : if (compatible_with_us)
1243 0 : return pv->supports_ed25519_link_handshake_compat;
1244 : else
1245 2 : return pv->supports_ed25519_link_handshake_any;
1246 : }
1247 :
1248 : /** Return true iff <b>node</b> supports the hidden service directory version
1249 : * 3 protocol (proposal 224). */
1250 : bool
1251 30065 : node_supports_v3_hsdir(const node_t *node)
1252 : {
1253 30065 : tor_assert(node);
1254 :
1255 30065 : return node_get_protover_summary_flags(node)->supports_v3_hsdir;
1256 : }
1257 :
1258 : /** Return true iff <b>node</b> supports ed25519 authentication as an hidden
1259 : * service introduction point.*/
1260 : bool
1261 3 : node_supports_ed25519_hs_intro(const node_t *node)
1262 : {
1263 3 : tor_assert(node);
1264 :
1265 3 : return node_get_protover_summary_flags(node)->supports_ed25519_hs_intro;
1266 : }
1267 :
1268 : /** Return true iff <b>node</b> can be a rendezvous point for hidden
1269 : * service version 3 (HSRend=2). */
1270 : bool
1271 0 : node_supports_v3_rendezvous_point(const node_t *node)
1272 : {
1273 0 : tor_assert(node);
1274 :
1275 : /* We can't use a v3 rendezvous point without the curve25519 onion pk. */
1276 0 : if (!node_get_curve25519_onion_key(node)) {
1277 : return 0;
1278 : }
1279 :
1280 0 : return node_get_protover_summary_flags(node)->supports_v3_rendezvous_point;
1281 : }
1282 :
1283 : /** Return true iff <b>node</b> supports the DoS ESTABLISH_INTRO cell
1284 : * extension. */
1285 : bool
1286 3 : node_supports_establish_intro_dos_extension(const node_t *node)
1287 : {
1288 3 : tor_assert(node);
1289 :
1290 3 : return node_get_protover_summary_flags(node)->
1291 : supports_establish_intro_dos_extension;
1292 : }
1293 :
1294 : /** Return true iff <b>node</b> can initiate IPv6 extends (Relay=3).
1295 : *
1296 : * This check should only be performed by client path selection code.
1297 : *
1298 : * Extending relays should check their own IPv6 support using
1299 : * router_can_extend_over_ipv6(). Like other extends, they should not verify
1300 : * the link specifiers in the extend cell against the consensus, because it
1301 : * may be out of date. */
1302 : bool
1303 0 : node_supports_initiating_ipv6_extends(const node_t *node)
1304 : {
1305 0 : tor_assert(node);
1306 :
1307 : /* Relays can't initiate an IPv6 extend, unless they have an IPv6 ORPort. */
1308 0 : if (!node_has_ipv6_orport(node)) {
1309 : return 0;
1310 : }
1311 :
1312 : /* Initiating relays also need to support the relevant protocol version. */
1313 0 : return
1314 0 : node_get_protover_summary_flags(node)->supports_initiating_ipv6_extends;
1315 : }
1316 :
1317 : /** Return true iff <b>node</b> can accept IPv6 extends (Relay=2 or Relay=3)
1318 : * from other relays. If <b>need_canonical_ipv6_conn</b> is true, also check
1319 : * if the relay supports canonical IPv6 connections (Relay=3 only).
1320 : *
1321 : * This check should only be performed by client path selection code.
1322 : */
1323 : bool
1324 0 : node_supports_accepting_ipv6_extends(const node_t *node,
1325 : bool need_canonical_ipv6_conn)
1326 : {
1327 0 : tor_assert(node);
1328 :
1329 : /* Relays can't accept an IPv6 extend, unless they have an IPv6 ORPort. */
1330 0 : if (!node_has_ipv6_orport(node)) {
1331 : return 0;
1332 : }
1333 :
1334 : /* Accepting relays also need to support the relevant protocol version. */
1335 0 : if (need_canonical_ipv6_conn) {
1336 0 : return
1337 0 : node_get_protover_summary_flags(node)->supports_canonical_ipv6_conns;
1338 : } else {
1339 0 : return
1340 0 : node_get_protover_summary_flags(node)->supports_accepting_ipv6_extends;
1341 : }
1342 : }
1343 :
1344 : /** Return the RSA ID key's SHA1 digest for the provided node. */
1345 : const uint8_t *
1346 28 : node_get_rsa_id_digest(const node_t *node)
1347 : {
1348 28 : tor_assert(node);
1349 28 : return (const uint8_t*)node->identity;
1350 : }
1351 :
1352 : /* Returns a new smartlist with all possible link specifiers from node:
1353 : * - legacy ID is mandatory thus MUST be present in node;
1354 : * - include ed25519 link specifier if present in the node, and the node
1355 : * supports ed25519 link authentication, and:
1356 : * - if direct_conn is true, its link versions are compatible with us,
1357 : * - if direct_conn is false, regardless of its link versions;
1358 : * - include IPv4 link specifier, if the primary address is not IPv4, log a
1359 : * BUG() warning, and return an empty smartlist;
1360 : * - include IPv6 link specifier if present in the node.
1361 : *
1362 : * If node is NULL, returns an empty smartlist.
1363 : *
1364 : * The smartlist must be freed using link_specifier_smartlist_free(). */
1365 23 : MOCK_IMPL(smartlist_t *,
1366 : node_get_link_specifier_smartlist,(const node_t *node, bool direct_conn))
1367 : {
1368 23 : link_specifier_t *ls;
1369 23 : tor_addr_port_t ap;
1370 23 : smartlist_t *lspecs = smartlist_new();
1371 :
1372 23 : if (!node)
1373 : return lspecs;
1374 :
1375 : /* Get the relay's IPv4 address. */
1376 2 : node_get_prim_orport(node, &ap);
1377 :
1378 : /* We expect the node's primary address to be a valid IPv4 address.
1379 : * This conforms to the protocol, which requires either an IPv4 or IPv6
1380 : * address (or both). */
1381 2 : if (BUG(!tor_addr_is_v4(&ap.addr)) ||
1382 2 : BUG(!tor_addr_port_is_valid_ap(&ap, 0))) {
1383 0 : return lspecs;
1384 : }
1385 :
1386 2 : ls = link_specifier_new();
1387 2 : link_specifier_set_ls_type(ls, LS_IPV4);
1388 2 : link_specifier_set_un_ipv4_addr(ls, tor_addr_to_ipv4h(&ap.addr));
1389 2 : link_specifier_set_un_ipv4_port(ls, ap.port);
1390 : /* Four bytes IPv4 and two bytes port. */
1391 2 : link_specifier_set_ls_len(ls, sizeof(ap.addr.addr.in_addr) +
1392 : sizeof(ap.port));
1393 2 : smartlist_add(lspecs, ls);
1394 :
1395 : /* Legacy ID is mandatory and will always be present in node. */
1396 2 : ls = link_specifier_new();
1397 2 : link_specifier_set_ls_type(ls, LS_LEGACY_ID);
1398 2 : memcpy(link_specifier_getarray_un_legacy_id(ls), node->identity,
1399 : link_specifier_getlen_un_legacy_id(ls));
1400 2 : link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls));
1401 2 : smartlist_add(lspecs, ls);
1402 :
1403 : /* ed25519 ID is only included if the node has it, and the node declares a
1404 : protocol version that supports ed25519 link authentication.
1405 : If direct_conn is true, we also require that the node's link version is
1406 : compatible with us. (Otherwise, we will be sending the ed25519 key
1407 : to another tor, which may support different link versions.) */
1408 4 : if (!ed25519_public_key_is_zero(&node->ed25519_id) &&
1409 2 : node_supports_ed25519_link_authentication(node, direct_conn)) {
1410 2 : ls = link_specifier_new();
1411 2 : link_specifier_set_ls_type(ls, LS_ED25519_ID);
1412 2 : memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id,
1413 : link_specifier_getlen_un_ed25519_id(ls));
1414 2 : link_specifier_set_ls_len(ls, link_specifier_getlen_un_ed25519_id(ls));
1415 2 : smartlist_add(lspecs, ls);
1416 : }
1417 :
1418 : /* Check for IPv6. If so, include it as well. */
1419 2 : if (node_has_ipv6_orport(node)) {
1420 0 : ls = link_specifier_new();
1421 0 : node_get_pref_ipv6_orport(node, &ap);
1422 0 : link_specifier_set_ls_type(ls, LS_IPV6);
1423 0 : size_t addr_len = link_specifier_getlen_un_ipv6_addr(ls);
1424 0 : const uint8_t *in6_addr = tor_addr_to_in6_addr8(&ap.addr);
1425 0 : uint8_t *ipv6_array = link_specifier_getarray_un_ipv6_addr(ls);
1426 0 : memcpy(ipv6_array, in6_addr, addr_len);
1427 0 : link_specifier_set_un_ipv6_port(ls, ap.port);
1428 : /* Sixteen bytes IPv6 and two bytes port. */
1429 0 : link_specifier_set_ls_len(ls, addr_len + sizeof(ap.port));
1430 0 : smartlist_add(lspecs, ls);
1431 : }
1432 :
1433 : return lspecs;
1434 : }
1435 :
1436 : /* Free a link specifier list. */
1437 : void
1438 8 : link_specifier_smartlist_free_(smartlist_t *ls_list)
1439 : {
1440 8 : if (!ls_list)
1441 : return;
1442 :
1443 13 : SMARTLIST_FOREACH(ls_list, link_specifier_t *, lspec,
1444 : link_specifier_free(lspec));
1445 8 : smartlist_free(ls_list);
1446 : }
1447 :
1448 : /** Return the nickname of <b>node</b>, or NULL if we can't find one. */
1449 : const char *
1450 1987 : node_get_nickname(const node_t *node)
1451 : {
1452 1987 : tor_assert(node);
1453 1987 : if (node->rs)
1454 1983 : return node->rs->nickname;
1455 4 : else if (node->ri)
1456 4 : return node->ri->nickname;
1457 : else
1458 : return NULL;
1459 : }
1460 :
1461 : /** Return true iff <b>node</b> appears to be a directory authority or
1462 : * directory cache */
1463 : int
1464 253701 : node_is_dir(const node_t *node)
1465 : {
1466 253701 : if (node->rs) {
1467 253695 : routerstatus_t * rs = node->rs;
1468 : /* This is true if supports_tunnelled_dir_requests is true which
1469 : * indicates that we support directory request tunnelled or through the
1470 : * DirPort. */
1471 253695 : return rs->is_v2_dir;
1472 6 : } else if (node->ri) {
1473 4 : routerinfo_t * ri = node->ri;
1474 : /* Both tunnelled request is supported or DirPort is set. */
1475 4 : return ri->supports_tunnelled_dir_requests;
1476 : } else {
1477 : return 0;
1478 : }
1479 : }
1480 :
1481 : /** Return true iff <b>node</b> has either kind of descriptor -- that
1482 : * is, a routerdescriptor or a microdescriptor.
1483 : *
1484 : * You should probably use node_has_preferred_descriptor() instead.
1485 : **/
1486 : int
1487 0 : node_has_any_descriptor(const node_t *node)
1488 : {
1489 0 : return (node->ri ||
1490 0 : (node->rs && node->md));
1491 : }
1492 :
1493 : /** Return true iff <b>node</b> has the kind of descriptor we would prefer to
1494 : * use for it, given our configuration and how we intend to use the node.
1495 : *
1496 : * If <b>for_direct_connect</b> is true, we intend to connect to the node
1497 : * directly, as the first hop of a circuit; otherwise, we intend to connect to
1498 : * it indirectly, or use it as if we were connecting to it indirectly. */
1499 : int
1500 24203 : node_has_preferred_descriptor(const node_t *node,
1501 : int for_direct_connect)
1502 : {
1503 24203 : const int is_bridge = node_is_a_configured_bridge(node);
1504 24203 : const int we_use_mds = we_use_microdescriptors_for_circuits(get_options());
1505 :
1506 24203 : if ((is_bridge && for_direct_connect) || !we_use_mds) {
1507 : /* We need an ri in this case. */
1508 6 : if (!node->ri)
1509 0 : return 0;
1510 : } else {
1511 : /* Otherwise we need an rs and an md. */
1512 24197 : if (node->rs == NULL || node->md == NULL)
1513 0 : return 0;
1514 : }
1515 :
1516 : return 1;
1517 : }
1518 :
1519 : /** Return the router_purpose of <b>node</b>. */
1520 : int
1521 0 : node_get_purpose(const node_t *node)
1522 : {
1523 0 : if (node->ri)
1524 0 : return node->ri->purpose;
1525 : else
1526 : return ROUTER_PURPOSE_GENERAL;
1527 : }
1528 :
1529 : /** Compute the verbose ("extended") nickname of <b>node</b> and store it
1530 : * into the MAX_VERBOSE_NICKNAME_LEN+1 character buffer at
1531 : * <b>verbose_name_out</b> */
1532 : void
1533 67 : node_get_verbose_nickname(const node_t *node,
1534 : char *verbose_name_out)
1535 : {
1536 67 : const char *nickname = node_get_nickname(node);
1537 67 : verbose_name_out[0] = '$';
1538 67 : base16_encode(verbose_name_out+1, HEX_DIGEST_LEN+1, node->identity,
1539 : DIGEST_LEN);
1540 67 : if (!nickname)
1541 : return;
1542 67 : verbose_name_out[1+HEX_DIGEST_LEN] = '~';
1543 67 : strlcpy(verbose_name_out+1+HEX_DIGEST_LEN+1, nickname, MAX_NICKNAME_LEN+1);
1544 : }
1545 :
1546 : /** Compute the verbose ("extended") nickname of node with
1547 : * given <b>id_digest</b> and store it into the MAX_VERBOSE_NICKNAME_LEN+1
1548 : * character buffer at <b>verbose_name_out</b>
1549 : *
1550 : * If node_get_by_id() returns NULL, base 16 encoding of
1551 : * <b>id_digest</b> is returned instead. */
1552 : void
1553 79 : node_get_verbose_nickname_by_id(const char *id_digest,
1554 : char *verbose_name_out)
1555 : {
1556 79 : const node_t *node = node_get_by_id(id_digest);
1557 79 : if (!node) {
1558 13 : verbose_name_out[0] = '$';
1559 13 : base16_encode(verbose_name_out+1, HEX_DIGEST_LEN+1, id_digest, DIGEST_LEN);
1560 : } else {
1561 66 : node_get_verbose_nickname(node, verbose_name_out);
1562 : }
1563 79 : }
1564 :
1565 : /** Return true iff it seems that <b>node</b> allows circuits to exit
1566 : * through it directlry from the client. */
1567 : int
1568 7323 : node_allows_single_hop_exits(const node_t *node)
1569 : {
1570 7323 : if (node && node->ri)
1571 6 : return node->ri->allow_single_hop_exits;
1572 : else
1573 : return 0;
1574 : }
1575 :
1576 : /** Return true iff it seems that <b>node</b> has an exit policy that doesn't
1577 : * actually permit anything to exit, or we don't know its exit policy */
1578 : int
1579 813 : node_exit_policy_rejects_all(const node_t *node)
1580 : {
1581 813 : if (node->rejects_all)
1582 : return 1;
1583 :
1584 813 : if (node->ri)
1585 0 : return node->ri->policy_is_reject_star;
1586 813 : else if (node->md)
1587 813 : return node->md->policy_is_reject_star;
1588 : else
1589 : return 1;
1590 : }
1591 :
1592 : /** Return true iff the exit policy for <b>node</b> is such that we can treat
1593 : * rejecting an address of type <b>family</b> unexpectedly as a sign of that
1594 : * node's failure. */
1595 : int
1596 0 : node_exit_policy_is_exact(const node_t *node, sa_family_t family)
1597 : {
1598 0 : if (family == AF_UNSPEC) {
1599 : return 1; /* Rejecting an address but not telling us what address
1600 : * is a bad sign. */
1601 0 : } else if (family == AF_INET) {
1602 0 : return node->ri != NULL;
1603 0 : } else if (family == AF_INET6) {
1604 : return 0;
1605 : }
1606 0 : tor_fragile_assert();
1607 : return 1;
1608 : }
1609 :
1610 : /* Check if the "addr" and port_field fields from r are a valid non-listening
1611 : * address/port. If so, set valid to true and add a newly allocated
1612 : * tor_addr_port_t containing "addr" and port_field to sl.
1613 : * "addr" is an IPv4 host-order address and port_field is a uint16_t.
1614 : * r is typically a routerinfo_t or routerstatus_t.
1615 : */
1616 : #define SL_ADD_NEW_AP(r, addr_field, port_field, sl, valid) \
1617 : STMT_BEGIN \
1618 : if (tor_addr_port_is_valid(&(r)->addr_field, (r)->port_field, 0)) { \
1619 : valid = 1; \
1620 : tor_addr_port_t *ap = tor_addr_port_new(&(r)->addr_field, \
1621 : (r)->port_field); \
1622 : smartlist_add((sl), ap); \
1623 : } \
1624 : STMT_END
1625 :
1626 : /** Return list of tor_addr_port_t with all OR ports (in the sense IP
1627 : * addr + TCP port) for <b>node</b>. Caller must free all elements
1628 : * using tor_free() and free the list using smartlist_free().
1629 : *
1630 : * XXX this is potentially a memory fragmentation hog -- if on
1631 : * critical path consider the option of having the caller allocate the
1632 : * memory
1633 : */
1634 : smartlist_t *
1635 0 : node_get_all_orports(const node_t *node)
1636 : {
1637 0 : smartlist_t *sl = smartlist_new();
1638 0 : int valid = 0;
1639 :
1640 : /* Find a valid IPv4 address and port */
1641 0 : if (node->ri != NULL) {
1642 0 : SL_ADD_NEW_AP(node->ri, ipv4_addr, ipv4_orport, sl, valid);
1643 : }
1644 :
1645 : /* If we didn't find a valid address/port in the ri, try the rs */
1646 0 : if (!valid && node->rs != NULL) {
1647 0 : SL_ADD_NEW_AP(node->rs, ipv4_addr, ipv4_orport, sl, valid);
1648 : }
1649 :
1650 : /* Find a valid IPv6 address and port */
1651 0 : valid = 0;
1652 0 : if (node->ri != NULL) {
1653 0 : SL_ADD_NEW_AP(node->ri, ipv6_addr, ipv6_orport, sl, valid);
1654 : }
1655 :
1656 0 : if (!valid && node->rs != NULL) {
1657 0 : SL_ADD_NEW_AP(node->rs, ipv6_addr, ipv6_orport, sl, valid);
1658 : }
1659 :
1660 0 : if (!valid && node->md != NULL) {
1661 0 : SL_ADD_NEW_AP(node->md, ipv6_addr, ipv6_orport, sl, valid);
1662 : }
1663 :
1664 0 : return sl;
1665 : }
1666 :
1667 : #undef SL_ADD_NEW_AP
1668 :
1669 : /** Wrapper around node_get_prim_orport for backward
1670 : compatibility. */
1671 : void
1672 616 : node_get_addr(const node_t *node, tor_addr_t *addr_out)
1673 : {
1674 616 : tor_addr_port_t ap;
1675 616 : node_get_prim_orport(node, &ap);
1676 616 : tor_addr_copy(addr_out, &ap.addr);
1677 616 : }
1678 :
1679 : /** Return the IPv4 address for <b>node</b>, or NULL if none found. */
1680 : static const tor_addr_t *
1681 0 : node_get_prim_addr_ipv4(const node_t *node)
1682 : {
1683 : /* Don't check the ORPort or DirPort, as this function isn't port-specific,
1684 : * and the node might have a valid IPv4 address, yet have a zero
1685 : * ORPort or DirPort.
1686 : */
1687 0 : if (node->ri && tor_addr_is_valid(&node->ri->ipv4_addr, 0)) {
1688 0 : return &node->ri->ipv4_addr;
1689 0 : } else if (node->rs && tor_addr_is_valid(&node->rs->ipv4_addr, 0)) {
1690 0 : return &node->rs->ipv4_addr;
1691 : }
1692 : return NULL;
1693 : }
1694 :
1695 : /** Copy a string representation of an IP address for <b>node</b> into
1696 : * the <b>len</b>-byte buffer at <b>buf</b>. */
1697 : void
1698 0 : node_get_address_string(const node_t *node, char *buf, size_t len)
1699 : {
1700 0 : const tor_addr_t *ipv4_addr = node_get_prim_addr_ipv4(node);
1701 :
1702 0 : if (ipv4_addr) {
1703 0 : tor_addr_to_str(buf, ipv4_addr, len, 0);
1704 0 : } else if (len > 0) {
1705 0 : buf[0] = '\0';
1706 : }
1707 0 : }
1708 :
1709 : /** Return <b>node</b>'s declared uptime, or -1 if it doesn't seem to have
1710 : * one. */
1711 : long
1712 0 : node_get_declared_uptime(const node_t *node)
1713 : {
1714 0 : if (node->ri)
1715 0 : return node->ri->uptime;
1716 : else
1717 : return -1;
1718 : }
1719 :
1720 : /** Return <b>node</b>'s platform string, or NULL if we don't know it. */
1721 : const char *
1722 0 : node_get_platform(const node_t *node)
1723 : {
1724 : /* If we wanted, we could record the version in the routerstatus_t, since
1725 : * the consensus lists it. We don't, though, so this function just won't
1726 : * work with microdescriptors. */
1727 0 : if (node->ri)
1728 0 : return node->ri->platform;
1729 : else
1730 : return NULL;
1731 : }
1732 :
1733 : /** Return true iff <b>node</b> is one representing this router. */
1734 : int
1735 0 : node_is_me(const node_t *node)
1736 : {
1737 0 : return router_digest_is_me(node->identity);
1738 : }
1739 :
1740 : /* Does this node have a valid IPv6 address?
1741 : * Prefer node_has_ipv6_orport() or node_has_ipv6_dirport() for
1742 : * checking specific ports. */
1743 : int
1744 0 : node_has_ipv6_addr(const node_t *node)
1745 : {
1746 : /* Don't check the ORPort or DirPort, as this function isn't port-specific,
1747 : * and the node might have a valid IPv6 address, yet have a zero
1748 : * ORPort or DirPort.
1749 : */
1750 0 : if (node->ri && tor_addr_is_valid(&node->ri->ipv6_addr, 0))
1751 : return 1;
1752 0 : if (node->rs && tor_addr_is_valid(&node->rs->ipv6_addr, 0))
1753 : return 1;
1754 0 : if (node->md && tor_addr_is_valid(&node->md->ipv6_addr, 0))
1755 0 : return 1;
1756 :
1757 : return 0;
1758 : }
1759 :
1760 : /* Does this node have a valid IPv6 ORPort? */
1761 : int
1762 19 : node_has_ipv6_orport(const node_t *node)
1763 : {
1764 19 : tor_addr_port_t ipv6_orport;
1765 19 : node_get_pref_ipv6_orport(node, &ipv6_orport);
1766 19 : return tor_addr_port_is_valid_ap(&ipv6_orport, 0);
1767 : }
1768 :
1769 : /* Does this node have a valid IPv6 DirPort? */
1770 : int
1771 10 : node_has_ipv6_dirport(const node_t *node)
1772 : {
1773 10 : tor_addr_port_t ipv6_dirport;
1774 10 : node_get_pref_ipv6_dirport(node, &ipv6_dirport);
1775 10 : return tor_addr_port_is_valid_ap(&ipv6_dirport, 0);
1776 : }
1777 :
1778 : /** Return 1 if we prefer the IPv6 address and OR TCP port of
1779 : * <b>node</b>, else 0.
1780 : *
1781 : * We prefer the IPv6 address if the router has an IPv6 address,
1782 : * and we can use IPv6 addresses, and:
1783 : * i) the node_t says that it prefers IPv6
1784 : * or
1785 : * ii) the router has no IPv4 OR address.
1786 : *
1787 : * If you don't have a node, consider looking it up.
1788 : * If there is no node, use reachable_addr_prefer_ipv6_orport().
1789 : */
1790 : int
1791 4642 : node_ipv6_or_preferred(const node_t *node)
1792 : {
1793 4642 : const or_options_t *options = get_options();
1794 4642 : tor_addr_port_t ipv4_addr;
1795 4642 : node_assert_ok(node);
1796 :
1797 : /* XX/teor - node->ipv6_preferred is set from
1798 : * reachable_addr_prefer_ipv6_orport() each time the consensus is loaded.
1799 : */
1800 4642 : node_get_prim_orport(node, &ipv4_addr);
1801 4642 : if (!reachable_addr_use_ipv6(options)) {
1802 : return 0;
1803 47 : } else if (node->ipv6_preferred ||
1804 30 : !tor_addr_port_is_valid_ap(&ipv4_addr, 0)) {
1805 17 : return node_has_ipv6_orport(node);
1806 : }
1807 : return 0;
1808 : }
1809 :
1810 : #define RETURN_IPV4_AP(r, port_field, ap_out) \
1811 : STMT_BEGIN \
1812 : if (r && tor_addr_port_is_valid(&(r)->ipv4_addr, (r)->port_field, 0)) { \
1813 : tor_addr_copy(&(ap_out)->addr, &(r)->ipv4_addr); \
1814 : (ap_out)->port = (r)->port_field; \
1815 : } \
1816 : STMT_END
1817 :
1818 : /** Copy the primary (IPv4) OR port (IP address and TCP port) for <b>node</b>
1819 : * into *<b>ap_out</b>. */
1820 : void
1821 5345 : node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
1822 : {
1823 5345 : node_assert_ok(node);
1824 5345 : tor_assert(ap_out);
1825 :
1826 : /* Clear the address, as a safety precaution if calling functions ignore the
1827 : * return value */
1828 5345 : tor_addr_make_null(&ap_out->addr, AF_INET);
1829 5345 : ap_out->port = 0;
1830 :
1831 : /* Check ri first, because rewrite_node_address_for_bridge() updates
1832 : * node->ri with the configured bridge address. */
1833 :
1834 5345 : RETURN_IPV4_AP(node->ri, ipv4_orport, ap_out);
1835 5345 : RETURN_IPV4_AP(node->rs, ipv4_orport, ap_out);
1836 : /* Microdescriptors only have an IPv6 address */
1837 5345 : }
1838 :
1839 : /** Copy the preferred OR port (IP address and TCP port) for
1840 : * <b>node</b> into *<b>ap_out</b>. */
1841 : void
1842 6 : node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
1843 : {
1844 6 : tor_assert(ap_out);
1845 :
1846 6 : if (node_ipv6_or_preferred(node)) {
1847 3 : node_get_pref_ipv6_orport(node, ap_out);
1848 : } else {
1849 : /* the primary ORPort is always on IPv4 */
1850 3 : node_get_prim_orport(node, ap_out);
1851 : }
1852 6 : }
1853 :
1854 : /** Copy the preferred IPv6 OR port (IP address and TCP port) for
1855 : * <b>node</b> into *<b>ap_out</b>. */
1856 : void
1857 705 : node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
1858 : {
1859 705 : node_assert_ok(node);
1860 705 : tor_assert(ap_out);
1861 705 : memset(ap_out, 0, sizeof(*ap_out));
1862 :
1863 : /* Check ri first, because rewrite_node_address_for_bridge() updates
1864 : * node->ri with the configured bridge address.
1865 : * Prefer rs over md for consistency with the fascist_firewall_* functions.
1866 : * Check if the address or port are valid, and try another alternative
1867 : * if they are not. */
1868 :
1869 705 : if (node->ri && tor_addr_port_is_valid(&node->ri->ipv6_addr,
1870 : node->ri->ipv6_orport, 0)) {
1871 12 : tor_addr_copy(&ap_out->addr, &node->ri->ipv6_addr);
1872 12 : ap_out->port = node->ri->ipv6_orport;
1873 693 : } else if (node->rs && tor_addr_port_is_valid(&node->rs->ipv6_addr,
1874 : node->rs->ipv6_orport, 0)) {
1875 74 : tor_addr_copy(&ap_out->addr, &node->rs->ipv6_addr);
1876 74 : ap_out->port = node->rs->ipv6_orport;
1877 619 : } else if (node->md && tor_addr_port_is_valid(&node->md->ipv6_addr,
1878 : node->md->ipv6_orport, 0)) {
1879 0 : tor_addr_copy(&ap_out->addr, &node->md->ipv6_addr);
1880 0 : ap_out->port = node->md->ipv6_orport;
1881 : } else {
1882 619 : tor_addr_make_null(&ap_out->addr, AF_INET6);
1883 619 : ap_out->port = 0;
1884 : }
1885 705 : }
1886 :
1887 : /** Return 1 if we prefer the IPv6 address and Dir TCP port of
1888 : * <b>node</b>, else 0.
1889 : *
1890 : * We prefer the IPv6 address if the router has an IPv6 address,
1891 : * and we can use IPv6 addresses, and:
1892 : * i) the router has no IPv4 Dir address.
1893 : * or
1894 : * ii) our preference is for IPv6 Dir addresses.
1895 : *
1896 : * If there is no node, use reachable_addr_prefer_ipv6_dirport().
1897 : */
1898 : int
1899 30 : node_ipv6_dir_preferred(const node_t *node)
1900 : {
1901 30 : const or_options_t *options = get_options();
1902 30 : tor_addr_port_t ipv4_addr;
1903 30 : node_assert_ok(node);
1904 :
1905 : /* node->ipv6_preferred is set from reachable_addr_prefer_ipv6_orport(),
1906 : * so we can't use it to determine DirPort IPv6 preference.
1907 : * This means that bridge clients will use IPv4 DirPorts by default.
1908 : */
1909 30 : node_get_prim_dirport(node, &ipv4_addr);
1910 30 : if (!reachable_addr_use_ipv6(options)) {
1911 : return 0;
1912 28 : } else if (!tor_addr_port_is_valid_ap(&ipv4_addr, 0)
1913 28 : || reachable_addr_prefer_ipv6_dirport(get_options())) {
1914 10 : return node_has_ipv6_dirport(node);
1915 : }
1916 : return 0;
1917 : }
1918 :
1919 : /** Copy the primary (IPv4) Dir port (IP address and TCP port) for <b>node</b>
1920 : * into *<b>ap_out</b>. */
1921 : void
1922 96 : node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out)
1923 : {
1924 96 : node_assert_ok(node);
1925 96 : tor_assert(ap_out);
1926 :
1927 : /* Clear the address, as a safety precaution if calling functions ignore the
1928 : * return value */
1929 96 : tor_addr_make_null(&ap_out->addr, AF_INET);
1930 96 : ap_out->port = 0;
1931 :
1932 : /* Check ri first, because rewrite_node_address_for_bridge() updates
1933 : * node->ri with the configured bridge address. */
1934 :
1935 96 : RETURN_IPV4_AP(node->ri, ipv4_dirport, ap_out);
1936 96 : RETURN_IPV4_AP(node->rs, ipv4_dirport, ap_out);
1937 : /* Microdescriptors only have an IPv6 address */
1938 96 : }
1939 :
1940 : #undef RETURN_IPV4_AP
1941 :
1942 : /** Copy the preferred Dir port (IP address and TCP port) for
1943 : * <b>node</b> into *<b>ap_out</b>. */
1944 : void
1945 0 : node_get_pref_dirport(const node_t *node, tor_addr_port_t *ap_out)
1946 : {
1947 0 : tor_assert(ap_out);
1948 :
1949 0 : if (node_ipv6_dir_preferred(node)) {
1950 0 : node_get_pref_ipv6_dirport(node, ap_out);
1951 : } else {
1952 : /* the primary DirPort is always on IPv4 */
1953 0 : node_get_prim_dirport(node, ap_out);
1954 : }
1955 0 : }
1956 :
1957 : /** Copy the preferred IPv6 Dir port (IP address and TCP port) for
1958 : * <b>node</b> into *<b>ap_out</b>. */
1959 : void
1960 76 : node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out)
1961 : {
1962 76 : node_assert_ok(node);
1963 76 : tor_assert(ap_out);
1964 :
1965 : /* Check ri first, because rewrite_node_address_for_bridge() updates
1966 : * node->ri with the configured bridge address.
1967 : * Prefer rs over md for consistency with the fascist_firewall_* functions.
1968 : * Check if the address or port are valid, and try another alternative
1969 : * if they are not. */
1970 :
1971 : /* Assume IPv4 and IPv6 dirports are the same */
1972 76 : if (node->ri && tor_addr_port_is_valid(&node->ri->ipv6_addr,
1973 : node->ri->ipv4_dirport, 0)) {
1974 0 : tor_addr_copy(&ap_out->addr, &node->ri->ipv6_addr);
1975 0 : ap_out->port = node->ri->ipv4_dirport;
1976 76 : } else if (node->rs && tor_addr_port_is_valid(&node->rs->ipv6_addr,
1977 : node->rs->ipv4_dirport, 0)) {
1978 70 : tor_addr_copy(&ap_out->addr, &node->rs->ipv6_addr);
1979 70 : ap_out->port = node->rs->ipv4_dirport;
1980 : } else {
1981 6 : tor_addr_make_null(&ap_out->addr, AF_INET6);
1982 6 : ap_out->port = 0;
1983 : }
1984 76 : }
1985 :
1986 : /** Return true iff <b>md</b> has a curve25519 onion key.
1987 : * Use node_has_curve25519_onion_key() instead of calling this directly. */
1988 : static int
1989 7359 : microdesc_has_curve25519_onion_key(const microdesc_t *md)
1990 : {
1991 7359 : if (!md) {
1992 : return 0;
1993 : }
1994 :
1995 7359 : if (!md->onion_curve25519_pkey) {
1996 : return 0;
1997 : }
1998 :
1999 7359 : if (fast_mem_is_zero((const char*)md->onion_curve25519_pkey->public_key,
2000 : CURVE25519_PUBKEY_LEN)) {
2001 0 : return 0;
2002 : }
2003 :
2004 : return 1;
2005 : }
2006 :
2007 : /** Return true iff <b>node</b> has a curve25519 onion key. */
2008 : int
2009 7344 : node_has_curve25519_onion_key(const node_t *node)
2010 : {
2011 7344 : return node_get_curve25519_onion_key(node) != NULL;
2012 : }
2013 :
2014 : /** Return the curve25519 key of <b>node</b>, or NULL if none. */
2015 : const curve25519_public_key_t *
2016 7372 : node_get_curve25519_onion_key(const node_t *node)
2017 : {
2018 7372 : if (!node)
2019 : return NULL;
2020 7372 : if (routerinfo_has_curve25519_onion_key(node->ri))
2021 13 : return node->ri->onion_curve25519_pkey;
2022 7359 : else if (microdesc_has_curve25519_onion_key(node->md))
2023 7359 : return node->md->onion_curve25519_pkey;
2024 : else
2025 : return NULL;
2026 : }
2027 :
2028 : /* Return a newly allocacted RSA onion public key taken from the given node.
2029 : *
2030 : * Return NULL if node is NULL or no RSA onion public key can be found. It is
2031 : * the caller responsibility to free the returned object. */
2032 : crypto_pk_t *
2033 21 : node_get_rsa_onion_key(const node_t *node)
2034 : {
2035 21 : crypto_pk_t *pk = NULL;
2036 21 : const char *onion_pkey;
2037 21 : size_t onion_pkey_len;
2038 :
2039 21 : if (!node) {
2040 0 : goto end;
2041 : }
2042 :
2043 21 : if (node->ri) {
2044 0 : onion_pkey = node->ri->onion_pkey;
2045 0 : onion_pkey_len = node->ri->onion_pkey_len;
2046 21 : } else if (node->rs && node->md) {
2047 21 : onion_pkey = node->md->onion_pkey;
2048 21 : onion_pkey_len = node->md->onion_pkey_len;
2049 : } else {
2050 : /* No descriptor or microdescriptor. */
2051 0 : goto end;
2052 : }
2053 21 : pk = router_get_rsa_onion_pkey(onion_pkey, onion_pkey_len);
2054 :
2055 21 : end:
2056 21 : return pk;
2057 : }
2058 :
2059 : /** Refresh the country code of <b>ri</b>. This function MUST be called on
2060 : * each router when the GeoIP database is reloaded, and on all new routers. */
2061 : void
2062 12206 : node_set_country(node_t *node)
2063 : {
2064 12206 : const tor_addr_t *ipv4_addr = NULL;
2065 :
2066 : /* XXXXipv6 */
2067 12206 : if (node->rs)
2068 6047 : ipv4_addr = &node->rs->ipv4_addr;
2069 6159 : else if (node->ri)
2070 6159 : ipv4_addr = &node->ri->ipv4_addr;
2071 :
2072 : /* IPv4 is mandatory for a relay so this should not happen unless we are
2073 : * attempting to set the country code on a node without a descriptor. */
2074 0 : if (BUG(!ipv4_addr)) {
2075 0 : node->country = -1;
2076 0 : return;
2077 : }
2078 12206 : node->country = geoip_get_country_by_addr(ipv4_addr);
2079 : }
2080 :
2081 : /** Set the country code of all routers in the routerlist. */
2082 : void
2083 4 : nodelist_refresh_countries(void)
2084 : {
2085 4 : const smartlist_t *nodes = nodelist_get_list();
2086 4 : SMARTLIST_FOREACH(nodes, node_t *, node,
2087 : node_set_country(node));
2088 4 : }
2089 :
2090 : /** Return true iff router1 and router2 have similar enough network addresses
2091 : * that we should treat them as being in the same family */
2092 : int
2093 317 : router_addrs_in_same_network(const tor_addr_t *a1,
2094 : const tor_addr_t *a2)
2095 : {
2096 317 : if (tor_addr_is_null(a1) || tor_addr_is_null(a2))
2097 5 : return 0;
2098 :
2099 312 : switch (tor_addr_family(a1)) {
2100 308 : case AF_INET:
2101 308 : return 0 == tor_addr_compare_masked(a1, a2, 16, CMP_SEMANTIC);
2102 4 : case AF_INET6:
2103 4 : return 0 == tor_addr_compare_masked(a1, a2, 32, CMP_SEMANTIC);
2104 : default:
2105 : /* If not IPv4 or IPv6, return 0. */
2106 : return 0;
2107 : }
2108 : }
2109 :
2110 : /** Return true if <b>node</b>'s nickname matches <b>nickname</b>
2111 : * (case-insensitive), or if <b>node's</b> identity key digest
2112 : * matches a hexadecimal value stored in <b>nickname</b>. Return
2113 : * false otherwise. */
2114 : STATIC int
2115 21 : node_nickname_matches(const node_t *node, const char *nickname)
2116 : {
2117 21 : const char *n = node_get_nickname(node);
2118 21 : if (n && nickname[0]!='$' && !strcasecmp(n, nickname))
2119 : return 1;
2120 18 : return hex_digest_nickname_matches(nickname,
2121 18 : node->identity,
2122 : n);
2123 : }
2124 :
2125 : /** Return true iff <b>node</b> is named by some nickname in <b>lst</b>. */
2126 : STATIC int
2127 3 : node_in_nickname_smartlist(const smartlist_t *lst, const node_t *node)
2128 : {
2129 3 : if (!lst) return 0;
2130 6 : SMARTLIST_FOREACH(lst, const char *, name, {
2131 : if (node_nickname_matches(node, name))
2132 : return 1;
2133 : });
2134 : return 0;
2135 : }
2136 :
2137 : /** Return true iff n1's declared family contains n2. */
2138 : STATIC int
2139 35 : node_family_contains(const node_t *n1, const node_t *n2)
2140 : {
2141 35 : if (n1->ri && n1->ri->declared_family) {
2142 3 : return node_in_nickname_smartlist(n1->ri->declared_family, n2);
2143 32 : } else if (n1->md) {
2144 28 : return nodefamily_contains_node(n1->md->family, n2);
2145 : } else {
2146 : return 0;
2147 : }
2148 : }
2149 :
2150 : /**
2151 : * Return true iff <b>node</b> has declared a nonempty family.
2152 : **/
2153 : STATIC bool
2154 6 : node_has_declared_family(const node_t *node)
2155 : {
2156 6 : if (node->ri && node->ri->declared_family &&
2157 0 : smartlist_len(node->ri->declared_family)) {
2158 : return true;
2159 : }
2160 :
2161 6 : if (node->md && node->md->family) {
2162 0 : return true;
2163 : }
2164 :
2165 : return false;
2166 : }
2167 :
2168 : /**
2169 : * Add to <b>out</b> every node_t that is listed by <b>node</b> as being in
2170 : * its family. (Note that these nodes are not in node's family unless they
2171 : * also agree that node is in their family.)
2172 : **/
2173 : STATIC void
2174 2 : node_lookup_declared_family(smartlist_t *out, const node_t *node)
2175 : {
2176 2 : if (node->ri && node->ri->declared_family &&
2177 1 : smartlist_len(node->ri->declared_family)) {
2178 3 : SMARTLIST_FOREACH_BEGIN(node->ri->declared_family, const char *, name) {
2179 2 : const node_t *n2 = node_get_by_nickname(name, NNF_NO_WARN_UNNAMED);
2180 2 : if (n2) {
2181 2 : smartlist_add(out, (node_t *)n2);
2182 : }
2183 2 : } SMARTLIST_FOREACH_END(name);
2184 : return;
2185 : }
2186 :
2187 1 : if (node->md && node->md->family) {
2188 1 : nodefamily_add_nodes_to_smartlist(node->md->family, out);
2189 : }
2190 : }
2191 :
2192 : /** Return true iff r1 and r2 are in the same family, but not the same
2193 : * router. */
2194 : int
2195 332 : nodes_in_same_family(const node_t *node1, const node_t *node2)
2196 : {
2197 332 : const or_options_t *options = get_options();
2198 :
2199 : /* Are they in the same family because of their addresses? */
2200 332 : if (options->EnforceDistinctSubnets) {
2201 308 : tor_addr_t a1, a2;
2202 308 : node_get_addr(node1, &a1);
2203 308 : node_get_addr(node2, &a2);
2204 :
2205 308 : tor_addr_port_t ap6_1, ap6_2;
2206 308 : node_get_pref_ipv6_orport(node1, &ap6_1);
2207 308 : node_get_pref_ipv6_orport(node2, &ap6_2);
2208 :
2209 312 : if (router_addrs_in_same_network(&a1, &a2) ||
2210 4 : router_addrs_in_same_network(&ap6_1.addr, &ap6_2.addr))
2211 305 : return 1;
2212 : }
2213 :
2214 : /* Are they in the same family because the agree they are? */
2215 27 : if (node_family_contains(node1, node2) &&
2216 0 : node_family_contains(node2, node1)) {
2217 : return 1;
2218 : }
2219 :
2220 : /* Are they in the same family because the user says they are? */
2221 27 : if (options->NodeFamilySets) {
2222 0 : SMARTLIST_FOREACH(options->NodeFamilySets, const routerset_t *, rs, {
2223 : if (routerset_contains_node(rs, node1) &&
2224 : routerset_contains_node(rs, node2))
2225 : return 1;
2226 : });
2227 : }
2228 :
2229 : return 0;
2230 : }
2231 :
2232 : /**
2233 : * Add all the family of <b>node</b>, including <b>node</b> itself, to
2234 : * the smartlist <b>sl</b>.
2235 : *
2236 : * This is used to make sure we don't pick siblings in a single path, or
2237 : * pick more than one relay from a family for our entry guard list.
2238 : * Note that a node may be added to <b>sl</b> more than once if it is
2239 : * part of <b>node</b>'s family for more than one reason.
2240 : */
2241 : void
2242 6 : nodelist_add_node_and_family(smartlist_t *sl, const node_t *node)
2243 : {
2244 6 : const smartlist_t *all_nodes = nodelist_get_list();
2245 6 : const or_options_t *options = get_options();
2246 :
2247 6 : tor_assert(node);
2248 :
2249 : /* Let's make sure that we have the node itself, if it's a real node. */
2250 : {
2251 6 : const node_t *real_node = node_get_by_id(node->identity);
2252 6 : if (real_node)
2253 6 : smartlist_add(sl, (node_t*)real_node);
2254 : }
2255 :
2256 : /* First, add any nodes with similar network addresses. */
2257 6 : if (options->EnforceDistinctSubnets) {
2258 0 : tor_addr_t node_addr;
2259 0 : tor_addr_port_t node_ap6;
2260 0 : node_get_addr(node, &node_addr);
2261 0 : node_get_pref_ipv6_orport(node, &node_ap6);
2262 :
2263 0 : SMARTLIST_FOREACH_BEGIN(all_nodes, const node_t *, node2) {
2264 0 : tor_addr_t a;
2265 0 : tor_addr_port_t ap6;
2266 0 : node_get_addr(node2, &a);
2267 0 : node_get_pref_ipv6_orport(node2, &ap6);
2268 0 : if (router_addrs_in_same_network(&a, &node_addr) ||
2269 0 : router_addrs_in_same_network(&ap6.addr, &node_ap6.addr))
2270 0 : smartlist_add(sl, (void*)node2);
2271 0 : } SMARTLIST_FOREACH_END(node2);
2272 : }
2273 :
2274 : /* Now, add all nodes in the declared family of this node, if they
2275 : * also declare this node to be in their family. */
2276 6 : if (node_has_declared_family(node)) {
2277 0 : smartlist_t *declared_family = smartlist_new();
2278 0 : node_lookup_declared_family(declared_family, node);
2279 :
2280 : /* Add every r such that router declares familyness with node, and node
2281 : * declares familyhood with router. */
2282 0 : SMARTLIST_FOREACH_BEGIN(declared_family, const node_t *, node2) {
2283 0 : if (node_family_contains(node2, node)) {
2284 0 : smartlist_add(sl, (void*)node2);
2285 : }
2286 0 : } SMARTLIST_FOREACH_END(node2);
2287 0 : smartlist_free(declared_family);
2288 : }
2289 :
2290 : /* If the user declared any families locally, honor those too. */
2291 6 : if (options->NodeFamilySets) {
2292 0 : SMARTLIST_FOREACH(options->NodeFamilySets, const routerset_t *, rs, {
2293 : if (routerset_contains_node(rs, node)) {
2294 : routerset_get_all_nodes(sl, rs, NULL, 0);
2295 : }
2296 : });
2297 : }
2298 6 : }
2299 :
2300 : /** Find a router that's up, that has this IP address, and
2301 : * that allows exit to this address:port, or return NULL if there
2302 : * isn't a good one.
2303 : * Don't exit enclave to excluded relays -- it wouldn't actually
2304 : * hurt anything, but this way there are fewer confused users.
2305 : */
2306 : const node_t *
2307 0 : router_find_exact_exit_enclave(const char *address, uint16_t port)
2308 : {/*XXXX MOVE*/
2309 0 : struct in_addr in;
2310 0 : tor_addr_t ipv4_addr;
2311 0 : const or_options_t *options = get_options();
2312 :
2313 0 : if (!tor_inet_aton(address, &in))
2314 : return NULL; /* it's not an IP already */
2315 0 : tor_addr_from_in(&ipv4_addr, &in);
2316 :
2317 0 : SMARTLIST_FOREACH(nodelist_get_list(), const node_t *, node, {
2318 : if (tor_addr_eq(node_get_prim_addr_ipv4(node), &ipv4_addr) &&
2319 : node->is_running &&
2320 : compare_tor_addr_to_node_policy(&ipv4_addr, port, node) ==
2321 : ADDR_POLICY_ACCEPTED &&
2322 : !routerset_contains_node(options->ExcludeExitNodesUnion_, node))
2323 : return node;
2324 : });
2325 : return NULL;
2326 : }
2327 :
2328 : /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
2329 : * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
2330 : * If <b>need_capacity</b> is non-zero, we require a minimum advertised
2331 : * bandwidth.
2332 : * If <b>need_guard</b>, we require that the router is a possible entry guard.
2333 : */
2334 : int
2335 7323 : node_is_unreliable(const node_t *node, int need_uptime,
2336 : int need_capacity, int need_guard)
2337 : {
2338 7323 : if (need_uptime && !node->is_stable)
2339 : return 1;
2340 7323 : if (need_capacity && !node->is_fast)
2341 : return 1;
2342 7323 : if (need_guard && !node->is_possible_guard)
2343 0 : return 1;
2344 : return 0;
2345 : }
2346 :
2347 : /** Return 1 if all running sufficiently-stable routers we can use will reject
2348 : * addr:port. Return 0 if any might accept it. */
2349 : int
2350 0 : router_exit_policy_all_nodes_reject(const tor_addr_t *addr, uint16_t port,
2351 : int need_uptime)
2352 : {
2353 0 : addr_policy_result_t r;
2354 :
2355 0 : SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
2356 0 : if (node->is_running &&
2357 0 : !node_is_unreliable(node, need_uptime, 0, 0)) {
2358 :
2359 0 : r = compare_tor_addr_to_node_policy(addr, port, node);
2360 :
2361 0 : if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
2362 : return 0; /* this one could be ok. good enough. */
2363 : }
2364 0 : } SMARTLIST_FOREACH_END(node);
2365 : return 1; /* all will reject. */
2366 : }
2367 :
2368 : /** Mark the router with ID <b>digest</b> as running or non-running
2369 : * in our routerlist. */
2370 : void
2371 24 : router_set_status(const char *digest, int up)
2372 : {
2373 24 : node_t *node;
2374 24 : tor_assert(digest);
2375 :
2376 4434 : SMARTLIST_FOREACH(router_get_fallback_dir_servers(),
2377 : dir_server_t *, d,
2378 : if (tor_memeq(d->digest, digest, DIGEST_LEN))
2379 : d->is_running = up);
2380 :
2381 234 : SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
2382 : dir_server_t *, d,
2383 : if (tor_memeq(d->digest, digest, DIGEST_LEN))
2384 : d->is_running = up);
2385 :
2386 24 : node = node_get_mutable_by_id(digest);
2387 24 : if (node) {
2388 : #if 0
2389 : log_debug(LD_DIR,"Marking router %s as %s.",
2390 : node_describe(node), up ? "up" : "down");
2391 : #endif
2392 0 : if (!up && node_is_me(node) && !net_is_disabled())
2393 0 : log_warn(LD_NET, "We just marked ourself as down. Are your external "
2394 : "addresses reachable?");
2395 :
2396 0 : if (bool_neq(node->is_running, up))
2397 0 : router_dir_info_changed();
2398 :
2399 0 : node->is_running = up;
2400 : }
2401 24 : }
2402 :
2403 : /** True iff, the last time we checked whether we had enough directory info
2404 : * to build circuits, the answer was "yes". If there are no exits in the
2405 : * consensus, we act as if we have 100% of the exit directory info. */
2406 : static int have_min_dir_info = 0;
2407 :
2408 : /** Does the consensus contain nodes that can exit? */
2409 : static consensus_path_type_t have_consensus_path = CONSENSUS_PATH_UNKNOWN;
2410 :
2411 : /** True iff enough has changed since the last time we checked whether we had
2412 : * enough directory info to build circuits that our old answer can no longer
2413 : * be trusted. */
2414 : static int need_to_update_have_min_dir_info = 1;
2415 : /** String describing what we're missing before we have enough directory
2416 : * info. */
2417 : static char dir_info_status[512] = "";
2418 :
2419 : /** Return true iff we have enough consensus information to
2420 : * start building circuits. Right now, this means "a consensus that's
2421 : * less than a day old, and at least 60% of router descriptors (configurable),
2422 : * weighted by bandwidth. Treat the exit fraction as 100% if there are
2423 : * no exits in the consensus."
2424 : * To obtain the final weighted bandwidth, we multiply the
2425 : * weighted bandwidth fraction for each position (guard, middle, exit). */
2426 12 : MOCK_IMPL(int,
2427 : router_have_minimum_dir_info,(void))
2428 : {
2429 12 : static int logged_delay=0;
2430 12 : const char *delay_fetches_msg = NULL;
2431 12 : if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) {
2432 10 : if (!logged_delay)
2433 2 : log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg);
2434 10 : logged_delay=1;
2435 10 : strlcpy(dir_info_status, delay_fetches_msg, sizeof(dir_info_status));
2436 10 : return 0;
2437 : }
2438 2 : logged_delay = 0; /* reset it if we get this far */
2439 :
2440 2 : if (PREDICT_UNLIKELY(need_to_update_have_min_dir_info)) {
2441 1 : update_router_have_minimum_dir_info();
2442 : }
2443 :
2444 2 : return have_min_dir_info;
2445 : }
2446 :
2447 : /** Set to CONSENSUS_PATH_EXIT if there is at least one exit node
2448 : * in the consensus. We update this flag in compute_frac_paths_available if
2449 : * there is at least one relay that has an Exit flag in the consensus.
2450 : * Used to avoid building exit circuits when they will almost certainly fail.
2451 : * Set to CONSENSUS_PATH_INTERNAL if there are no exits in the consensus.
2452 : * (This situation typically occurs during bootstrap of a test network.)
2453 : * Set to CONSENSUS_PATH_UNKNOWN if we have never checked, or have
2454 : * reason to believe our last known value was invalid or has expired.
2455 : * If we're in a network with TestingDirAuthVoteExit set,
2456 : * this can cause router_have_consensus_path() to be set to
2457 : * CONSENSUS_PATH_EXIT, even if there are no nodes with accept exit policies.
2458 : */
2459 3 : MOCK_IMPL(consensus_path_type_t,
2460 : router_have_consensus_path, (void))
2461 : {
2462 3 : return have_consensus_path;
2463 : }
2464 :
2465 : /** Called when our internal view of the directory has changed. This can be
2466 : * when the authorities change, networkstatuses change, the list of routerdescs
2467 : * changes, or number of running routers changes.
2468 : */
2469 : void
2470 45174 : router_dir_info_changed(void)
2471 : {
2472 45174 : need_to_update_have_min_dir_info = 1;
2473 45174 : hs_service_dir_info_changed();
2474 45174 : hs_client_dir_info_changed();
2475 45174 : }
2476 :
2477 : /** Return a string describing what we're missing before we have enough
2478 : * directory info. */
2479 : const char *
2480 1 : get_dir_info_status_string(void)
2481 : {
2482 1 : return dir_info_status;
2483 : }
2484 :
2485 : /** Iterate over the servers listed in <b>consensus</b>, and count how many of
2486 : * them seem like ones we'd use (store this in *<b>num_usable</b>), and how
2487 : * many of <em>those</em> we have descriptors for (store this in
2488 : * *<b>num_present</b>).
2489 : *
2490 : * If <b>in_set</b> is non-NULL, only consider those routers in <b>in_set</b>.
2491 : * If <b>exit_only</b> & USABLE_DESCRIPTOR_EXIT_POLICY, only consider nodes
2492 : * present if they have an exit policy that accepts at least one port.
2493 : * If <b>exit_only</b> & USABLE_DESCRIPTOR_EXIT_FLAG, only consider nodes
2494 : * usable if they have the exit flag in the consensus.
2495 : *
2496 : * If *<b>descs_out</b> is present, add a node_t for each usable descriptor
2497 : * to it.
2498 : */
2499 : static void
2500 3 : count_usable_descriptors(int *num_present, int *num_usable,
2501 : smartlist_t *descs_out,
2502 : const networkstatus_t *consensus,
2503 : time_t now,
2504 : routerset_t *in_set,
2505 : usable_descriptor_t exit_only)
2506 : {
2507 3 : const int md = (consensus->flavor == FLAV_MICRODESC);
2508 3 : *num_present = 0, *num_usable = 0;
2509 :
2510 12 : SMARTLIST_FOREACH_BEGIN(consensus->routerstatus_list, routerstatus_t *, rs)
2511 : {
2512 9 : const node_t *node = node_get_by_id(rs->identity_digest);
2513 9 : if (!node)
2514 0 : continue; /* This would be a bug: every entry in the consensus is
2515 : * supposed to have a node. */
2516 9 : if ((exit_only & USABLE_DESCRIPTOR_EXIT_FLAG) && ! rs->is_exit)
2517 1 : continue;
2518 8 : if (in_set && ! routerset_contains_routerstatus(in_set, rs, -1))
2519 2 : continue;
2520 6 : if (client_would_use_router(rs, now)) {
2521 0 : const char * const digest = rs->descriptor_digest;
2522 0 : int present;
2523 0 : ++*num_usable; /* the consensus says we want it. */
2524 0 : if (md)
2525 0 : present = NULL != microdesc_cache_lookup_by_digest256(NULL, digest);
2526 : else
2527 0 : present = NULL != router_get_by_descriptor_digest(digest);
2528 0 : if (present) {
2529 : /* Do the policy check last, because it requires a descriptor,
2530 : * and is potentially expensive */
2531 0 : if ((exit_only & USABLE_DESCRIPTOR_EXIT_POLICY) &&
2532 0 : node_exit_policy_rejects_all(node)) {
2533 0 : continue;
2534 : }
2535 : /* we have the descriptor listed in the consensus, and it
2536 : * satisfies our exit constraints (if any) */
2537 0 : ++*num_present;
2538 : }
2539 0 : if (descs_out)
2540 0 : smartlist_add(descs_out, (node_t*)node);
2541 : }
2542 : }
2543 9 : SMARTLIST_FOREACH_END(rs);
2544 :
2545 11 : log_debug(LD_DIR, "%d usable, %d present (%s%s%s%s%s).",
2546 : *num_usable, *num_present,
2547 : md ? "microdesc" : "desc",
2548 : (exit_only & USABLE_DESCRIPTOR_EXIT_POLICY_AND_FLAG) ?
2549 : " exit" : "s",
2550 : (exit_only & USABLE_DESCRIPTOR_EXIT_POLICY) ?
2551 : " policies" : "" ,
2552 : (exit_only == USABLE_DESCRIPTOR_EXIT_POLICY_AND_FLAG) ?
2553 : " and" : "" ,
2554 : (exit_only & USABLE_DESCRIPTOR_EXIT_FLAG) ?
2555 : " flags" : "" );
2556 3 : }
2557 :
2558 : /** Return an estimate of which fraction of usable paths through the Tor
2559 : * network we have available for use. Count how many routers seem like ones
2560 : * we'd use (store this in *<b>num_usable_out</b>), and how many of
2561 : * <em>those</em> we have descriptors for (store this in
2562 : * *<b>num_present_out</b>.)
2563 : *
2564 : * If **<b>status_out</b> is present, allocate a new string and print the
2565 : * available percentages of guard, middle, and exit nodes to it, noting
2566 : * whether there are exits in the consensus.
2567 : * If there are no exits in the consensus, we treat the exit fraction as 100%,
2568 : * but set router_have_consensus_path() so that we can only build internal
2569 : * paths. */
2570 : static double
2571 1 : compute_frac_paths_available(const networkstatus_t *consensus,
2572 : const or_options_t *options, time_t now,
2573 : int *num_present_out, int *num_usable_out,
2574 : char **status_out)
2575 : {
2576 1 : smartlist_t *guards = smartlist_new();
2577 1 : smartlist_t *mid = smartlist_new();
2578 1 : smartlist_t *exits = smartlist_new();
2579 1 : double f_guard, f_mid, f_exit;
2580 1 : double f_path = 0.0;
2581 : /* Used to determine whether there are any exits in the consensus */
2582 1 : int np = 0;
2583 : /* Used to determine whether there are any exits with descriptors */
2584 1 : int nu = 0;
2585 1 : const int authdir = authdir_mode_v3(options);
2586 :
2587 1 : count_usable_descriptors(num_present_out, num_usable_out,
2588 1 : mid, consensus, now, options->MiddleNodes,
2589 : USABLE_DESCRIPTOR_ALL);
2590 1 : log_debug(LD_NET,
2591 : "%s: %d present, %d usable",
2592 : "mid",
2593 : np,
2594 : nu);
2595 :
2596 1 : if (options->EntryNodes) {
2597 1 : count_usable_descriptors(&np, &nu, guards, consensus, now,
2598 : options->EntryNodes, USABLE_DESCRIPTOR_ALL);
2599 1 : log_debug(LD_NET,
2600 : "%s: %d present, %d usable",
2601 : "guard",
2602 : np,
2603 : nu);
2604 : } else {
2605 0 : SMARTLIST_FOREACH(mid, const node_t *, node, {
2606 : if (authdir) {
2607 : if (node->rs && node->rs->is_possible_guard)
2608 : smartlist_add(guards, (node_t*)node);
2609 : } else {
2610 : if (node->is_possible_guard)
2611 : smartlist_add(guards, (node_t*)node);
2612 : }
2613 : });
2614 0 : log_debug(LD_NET,
2615 : "%s: %d possible",
2616 : "guard",
2617 : smartlist_len(guards));
2618 : }
2619 :
2620 : /* All nodes with exit policy and flag */
2621 1 : count_usable_descriptors(&np, &nu, exits, consensus, now,
2622 : NULL, USABLE_DESCRIPTOR_EXIT_POLICY_AND_FLAG);
2623 1 : log_debug(LD_NET,
2624 : "%s: %d present, %d usable",
2625 : "exits",
2626 : np,
2627 : nu);
2628 :
2629 : /* We need at least 1 exit (flag and policy) in the consensus to consider
2630 : * building exit paths */
2631 : /* Update our understanding of whether the consensus has exits */
2632 1 : consensus_path_type_t old_have_consensus_path = have_consensus_path;
2633 1 : have_consensus_path = ((np > 0) ?
2634 1 : CONSENSUS_PATH_EXIT :
2635 : CONSENSUS_PATH_INTERNAL);
2636 :
2637 1 : if (old_have_consensus_path != have_consensus_path) {
2638 1 : if (have_consensus_path == CONSENSUS_PATH_INTERNAL) {
2639 1 : log_notice(LD_NET,
2640 : "The current consensus has no exit nodes. "
2641 : "Tor can only build internal paths, "
2642 : "such as paths to onion services.");
2643 :
2644 : /* However, exit nodes can reachability self-test using this consensus,
2645 : * join the network, and appear in a later consensus. This will allow
2646 : * the network to build exit paths, such as paths for world wide web
2647 : * browsing (as distinct from hidden service web browsing). */
2648 0 : } else if (old_have_consensus_path == CONSENSUS_PATH_INTERNAL) {
2649 0 : log_notice(LD_NET,
2650 : "The current consensus contains exit nodes. "
2651 : "Tor can build exit and internal paths.");
2652 : }
2653 : }
2654 :
2655 1 : f_guard = frac_nodes_with_descriptors(guards, WEIGHT_FOR_GUARD, 1);
2656 1 : f_mid = frac_nodes_with_descriptors(mid, WEIGHT_FOR_MID, 0);
2657 1 : f_exit = frac_nodes_with_descriptors(exits, WEIGHT_FOR_EXIT, 0);
2658 :
2659 : /* If we are using bridges and have at least one bridge with a full
2660 : * descriptor, assume f_guard is 1.0. */
2661 1 : if (options->UseBridges && num_bridges_usable(0) > 0)
2662 0 : f_guard = 1.0;
2663 :
2664 1 : log_debug(LD_NET,
2665 : "f_guard: %.2f, f_mid: %.2f, f_exit: %.2f",
2666 : f_guard,
2667 : f_mid,
2668 : f_exit);
2669 :
2670 1 : smartlist_free(guards);
2671 1 : smartlist_free(mid);
2672 1 : smartlist_free(exits);
2673 :
2674 1 : if (options->ExitNodes) {
2675 0 : double f_myexit, f_myexit_unflagged;
2676 0 : smartlist_t *myexits= smartlist_new();
2677 0 : smartlist_t *myexits_unflagged = smartlist_new();
2678 :
2679 : /* All nodes with exit policy and flag in ExitNodes option */
2680 0 : count_usable_descriptors(&np, &nu, myexits, consensus, now,
2681 0 : options->ExitNodes,
2682 : USABLE_DESCRIPTOR_EXIT_POLICY_AND_FLAG);
2683 0 : log_debug(LD_NET,
2684 : "%s: %d present, %d usable",
2685 : "myexits",
2686 : np,
2687 : nu);
2688 :
2689 : /* Now compute the nodes in the ExitNodes option where we know their exit
2690 : * policy permits something. */
2691 0 : count_usable_descriptors(&np, &nu, myexits_unflagged,
2692 : consensus, now,
2693 0 : options->ExitNodes,
2694 : USABLE_DESCRIPTOR_EXIT_POLICY);
2695 0 : log_debug(LD_NET,
2696 : "%s: %d present, %d usable",
2697 : "myexits_unflagged (initial)",
2698 : np,
2699 : nu);
2700 :
2701 0 : f_myexit= frac_nodes_with_descriptors(myexits,WEIGHT_FOR_EXIT, 0);
2702 0 : f_myexit_unflagged=
2703 0 : frac_nodes_with_descriptors(myexits_unflagged,
2704 : WEIGHT_FOR_EXIT, 0);
2705 :
2706 0 : log_debug(LD_NET,
2707 : "f_exit: %.2f, f_myexit: %.2f, f_myexit_unflagged: %.2f",
2708 : f_exit,
2709 : f_myexit,
2710 : f_myexit_unflagged);
2711 :
2712 : /* If our ExitNodes list has eliminated every possible Exit node, and there
2713 : * were some possible Exit nodes, then instead consider nodes that permit
2714 : * exiting to some ports. */
2715 0 : if (smartlist_len(myexits) == 0 &&
2716 0 : smartlist_len(myexits_unflagged)) {
2717 0 : f_myexit = f_myexit_unflagged;
2718 : }
2719 :
2720 0 : smartlist_free(myexits);
2721 0 : smartlist_free(myexits_unflagged);
2722 :
2723 : /* This is a tricky point here: we don't want to make it easy for a
2724 : * directory to trickle exits to us until it learns which exits we have
2725 : * configured, so require that we have a threshold both of total exits
2726 : * and usable exits. */
2727 0 : if (f_myexit < f_exit)
2728 0 : f_exit = f_myexit;
2729 : }
2730 :
2731 : /* If the consensus has no exits that pass flag, descriptor, and policy
2732 : * checks, we can only build onion service paths, which are G - M - M. */
2733 1 : if (router_have_consensus_path() != CONSENSUS_PATH_EXIT) {
2734 : /* If the exit bandwidth weight fraction is not zero, we need to wait for
2735 : * descriptors for those exits. (The bandwidth weight fraction does not
2736 : * check for descriptors.)
2737 : * If the exit bandwidth fraction is zero, there are no exits in the
2738 : * consensus at all. So it is safe to replace f_exit with f_mid.
2739 : *
2740 : * f_exit is non-negative, but some compilers complain about float and ==
2741 : */
2742 1 : if (f_exit <= 0.0) {
2743 1 : f_exit = f_mid;
2744 : }
2745 : }
2746 :
2747 1 : f_path = f_guard * f_mid * f_exit;
2748 :
2749 1 : if (status_out)
2750 1 : tor_asprintf(status_out,
2751 : "%d%% of guards bw, "
2752 : "%d%% of midpoint bw, and "
2753 : "%d%% of %s = "
2754 : "%d%% of path bw",
2755 1 : (int)(f_guard*100),
2756 1 : (int)(f_mid*100),
2757 1 : (int)(f_exit*100),
2758 1 : (router_have_consensus_path() == CONSENSUS_PATH_EXIT ?
2759 : "exit bw" :
2760 : "end bw (no exits in consensus, using mid)"),
2761 1 : (int)(f_path*100));
2762 :
2763 1 : return f_path;
2764 : }
2765 :
2766 : /** We just fetched a new set of descriptors. Compute how far through
2767 : * the "loading descriptors" bootstrapping phase we are, so we can inform
2768 : * the controller of our progress. */
2769 : int
2770 0 : count_loading_descriptors_progress(void)
2771 : {
2772 0 : int num_present = 0, num_usable=0;
2773 0 : time_t now = time(NULL);
2774 0 : const or_options_t *options = get_options();
2775 0 : const networkstatus_t *consensus =
2776 0 : networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor());
2777 0 : double paths, fraction;
2778 :
2779 0 : if (!consensus)
2780 : return 0; /* can't count descriptors if we have no list of them */
2781 :
2782 0 : paths = compute_frac_paths_available(consensus, options, now,
2783 : &num_present, &num_usable,
2784 : NULL);
2785 :
2786 0 : fraction = paths / get_frac_paths_needed_for_circs(options,consensus);
2787 0 : if (fraction > 1.0)
2788 : return 0; /* it's not the number of descriptors holding us back */
2789 0 : return BOOTSTRAP_STATUS_LOADING_DESCRIPTORS + (int)
2790 0 : (fraction*(BOOTSTRAP_STATUS_ENOUGH_DIRINFO-1 -
2791 : BOOTSTRAP_STATUS_LOADING_DESCRIPTORS));
2792 : }
2793 :
2794 : /** Return the fraction of paths needed before we're willing to build
2795 : * circuits, as configured in <b>options</b>, or in the consensus <b>ns</b>. */
2796 : static double
2797 1 : get_frac_paths_needed_for_circs(const or_options_t *options,
2798 : const networkstatus_t *ns)
2799 : {
2800 : #define DFLT_PCT_USABLE_NEEDED 60
2801 1 : if (options->PathsNeededToBuildCircuits >= 0.0) {
2802 : return options->PathsNeededToBuildCircuits;
2803 : } else {
2804 1 : return networkstatus_get_param(ns, "min_paths_for_circs_pct",
2805 : DFLT_PCT_USABLE_NEEDED,
2806 1 : 25, 95)/100.0;
2807 : }
2808 : }
2809 :
2810 : /** Change the value of have_min_dir_info, setting it true iff we have enough
2811 : * network and router information to build circuits. Clear the value of
2812 : * need_to_update_have_min_dir_info. */
2813 : static void
2814 1 : update_router_have_minimum_dir_info(void)
2815 : {
2816 1 : time_t now = time(NULL);
2817 1 : int res;
2818 1 : int num_present=0, num_usable=0;
2819 1 : const or_options_t *options = get_options();
2820 1 : const networkstatus_t *consensus =
2821 1 : networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor());
2822 1 : int using_md;
2823 :
2824 1 : if (!consensus) {
2825 0 : if (!networkstatus_get_latest_consensus())
2826 0 : strlcpy(dir_info_status, "We have no usable consensus.",
2827 : sizeof(dir_info_status));
2828 : else
2829 0 : strlcpy(dir_info_status, "We have no recent usable consensus.",
2830 : sizeof(dir_info_status));
2831 0 : res = 0;
2832 0 : goto done;
2833 : }
2834 :
2835 1 : using_md = consensus->flavor == FLAV_MICRODESC;
2836 :
2837 : /* Check fraction of available paths */
2838 : {
2839 1 : char *status = NULL;
2840 1 : double paths = compute_frac_paths_available(consensus, options, now,
2841 : &num_present, &num_usable,
2842 : &status);
2843 :
2844 1 : if (paths < get_frac_paths_needed_for_circs(options,consensus)) {
2845 1 : tor_snprintf(dir_info_status, sizeof(dir_info_status),
2846 : "We need more %sdescriptors: we have %d/%d, and "
2847 : "can only build %d%% of likely paths. (We have %s.)",
2848 : using_md?"micro":"", num_present, num_usable,
2849 1 : (int)(paths*100), status);
2850 1 : tor_free(status);
2851 1 : res = 0;
2852 1 : control_event_boot_dir(BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS, 0);
2853 1 : goto done;
2854 : }
2855 :
2856 0 : tor_free(status);
2857 0 : res = 1;
2858 : }
2859 :
2860 : { /* Check entry guard dirinfo status */
2861 0 : char *guard_error = entry_guards_get_err_str_if_dir_info_missing(using_md,
2862 : num_present,
2863 : num_usable);
2864 0 : if (guard_error) {
2865 0 : strlcpy(dir_info_status, guard_error, sizeof(dir_info_status));
2866 0 : tor_free(guard_error);
2867 0 : res = 0;
2868 0 : goto done;
2869 : }
2870 : }
2871 :
2872 : done:
2873 :
2874 : /* If paths have just become available in this update. */
2875 1 : if (res && !have_min_dir_info) {
2876 0 : control_event_client_status(LOG_NOTICE, "ENOUGH_DIR_INFO");
2877 0 : control_event_boot_dir(BOOTSTRAP_STATUS_ENOUGH_DIRINFO, 0);
2878 0 : log_info(LD_DIR,
2879 : "We now have enough directory information to build circuits.");
2880 : }
2881 :
2882 : /* If paths have just become unavailable in this update. */
2883 1 : if (!res && have_min_dir_info) {
2884 0 : int quiet = dirclient_too_idle_to_fetch_descriptors(options, now);
2885 0 : tor_log(quiet ? LOG_INFO : LOG_NOTICE, LD_DIR,
2886 : "Our directory information is no longer up-to-date "
2887 : "enough to build circuits: %s", dir_info_status);
2888 :
2889 : /* a) make us log when we next complete a circuit, so we know when Tor
2890 : * is back up and usable, and b) disable some activities that Tor
2891 : * should only do while circuits are working, like reachability tests
2892 : * and fetching bridge descriptors only over circuits. */
2893 0 : note_that_we_maybe_cant_complete_circuits();
2894 0 : have_consensus_path = CONSENSUS_PATH_UNKNOWN;
2895 0 : control_event_client_status(LOG_NOTICE, "NOT_ENOUGH_DIR_INFO");
2896 : }
2897 1 : have_min_dir_info = res;
2898 1 : need_to_update_have_min_dir_info = 0;
2899 1 : }
|
