tor  0.4.2.0-alpha-dev
bridges.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
14 #define TOR_BRIDGES_PRIVATE
15 
16 #include "core/or/or.h"
17 #include "app/config/config.h"
19 #include "core/or/circuitbuild.h"
20 #include "core/or/policies.h"
21 #include "feature/client/bridges.h"
32 #include "feature/nodelist/routerset.h"
33 
34 #include "core/or/extend_info_st.h"
35 #include "feature/nodelist/node_st.h"
36 #include "feature/nodelist/routerinfo_st.h"
37 #include "feature/nodelist/routerstatus_st.h"
38 #include "feature/nodelist/microdesc_st.h"
39 
43 struct bridge_info_t {
49  uint16_t port;
52  unsigned marked_for_removal : 1;
56 
59 
62 
66 };
67 
68 #define bridge_free(bridge) \
69  FREE_AND_NULL(bridge_info_t, bridge_free_, (bridge))
70 
71 static void bridge_free_(bridge_info_t *bridge);
72 static void rewrite_node_address_for_bridge(const bridge_info_t *bridge,
73  node_t *node);
74 
79 static smartlist_t *bridge_list = NULL;
80 
83 void
85 {
86  if (!bridge_list)
87  bridge_list = smartlist_new();
89  b->marked_for_removal = 1);
90 }
91 
94 void
96 {
97  if (!bridge_list)
98  bridge_list = smartlist_new();
100  if (b->marked_for_removal) {
102  bridge_free(b);
103  }
104  } SMARTLIST_FOREACH_END(b);
105 }
106 
108 STATIC void
110 {
111  if (!bridge_list)
112  bridge_list = smartlist_new();
113  SMARTLIST_FOREACH(bridge_list, bridge_info_t *, b, bridge_free(b));
115 }
116 
118 static void
120 {
121  if (!bridge)
122  return;
123 
124  tor_free(bridge->transport_name);
125  if (bridge->socks_args) {
126  SMARTLIST_FOREACH(bridge->socks_args, char*, s, tor_free(s));
127  smartlist_free(bridge->socks_args);
128  }
129 
130  tor_free(bridge);
131 }
132 
134 const smartlist_t *
136 {
137  if (!bridge_list)
138  bridge_list = smartlist_new();
139  return bridge_list;
140 }
141 
146 const uint8_t *
148 {
149  tor_assert(bridge);
150  if (tor_digest_is_zero(bridge->identity))
151  return NULL;
152  else
153  return (const uint8_t *) bridge->identity;
154 }
155 
160 const tor_addr_port_t *
162 {
163  tor_assert(bridge);
164  return &bridge->addrport_configured;
165 }
166 
171 STATIC bridge_info_t *
173  const smartlist_t *orports)
174 {
175  if (!bridge_list)
176  return NULL;
178  {
179  if (tor_digest_is_zero(bridge->identity)) {
181  {
182  if (tor_addr_compare(&bridge->addr, &ap->addr, CMP_EXACT) == 0 &&
183  bridge->port == ap->port)
184  return bridge;
185  }
186  SMARTLIST_FOREACH_END(ap);
187  }
188  if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
189  return bridge;
190  }
191  SMARTLIST_FOREACH_END(bridge);
192  return NULL;
193 }
194 
201  uint16_t port,
202  const char *digest)
203 {
204  if (!bridge_list)
205  return NULL;
207  {
208  if ((tor_digest_is_zero(bridge->identity) || digest == NULL) &&
209  !tor_addr_compare(&bridge->addr, addr, CMP_EXACT) &&
210  bridge->port == port)
211  return bridge;
212  if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
213  return bridge;
214  }
215  SMARTLIST_FOREACH_END(bridge);
216  return NULL;
217 }
218 
227  uint16_t port,
228  const char *digest)
229 {
230  if (!bridge_list)
231  return NULL;
233  if (!tor_addr_compare(&bridge->addr, addr, CMP_EXACT) &&
234  bridge->port == port) {
235 
236  if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
237  return bridge;
238  else if (!digest || tor_digest_is_zero(bridge->identity))
239  return bridge;
240  }
241 
242  } SMARTLIST_FOREACH_END(bridge);
243  return NULL;
244 }
245 
250 int
252  uint16_t port,
253  const char *digest)
254 {
255  tor_assert(addr);
256  return get_configured_bridge_by_addr_port_digest(addr, port, digest) ? 1 : 0;
257 }
258 
263 int
265 {
266  const char *digest = ei->onion_key ? ei->identity_digest : NULL;
267  return addr_is_a_configured_bridge(&ei->addr, ei->port, digest);
268 }
269 
272 static bridge_info_t *
274 {
275  bridge_info_t *bi = NULL;
276  smartlist_t *orports = router_get_all_orports(ri);
278  orports);
279  SMARTLIST_FOREACH(orports, tor_addr_port_t *, p, tor_free(p));
280  smartlist_free(orports);
281  return bi;
282 }
283 
285 int
287 {
288  return get_configured_bridge_by_routerinfo(ri) ? 1 : 0;
289 }
290 
298 static int
299 bridge_exists_with_ipv4h_addr_and_port(const uint32_t ipv4_addr,
300  const uint16_t port,
301  const char *digest)
302 {
303  tor_addr_t node_ipv4;
304 
305  if (tor_addr_port_is_valid_ipv4h(ipv4_addr, port, 0)) {
306  tor_addr_from_ipv4h(&node_ipv4, ipv4_addr);
307 
308  bridge_info_t *bridge =
310  port,
311  digest);
312 
313  return (bridge != NULL);
314  }
315 
316  return 0;
317 }
318 
325 static int
327  const uint16_t port,
328  const char *digest)
329 {
330  if (!tor_addr_port_is_valid(ipv6_addr, port, 0))
331  return 0;
332 
333  bridge_info_t *bridge =
335  port,
336  digest);
337 
338  return (bridge != NULL);
339 }
340 
347 int
349 {
350  /* First, let's try searching for a bridge with matching identity. */
351  if (BUG(fast_mem_is_zero(node->identity, DIGEST_LEN)))
352  return 0;
353 
354  if (find_bridge_by_digest(node->identity) != NULL)
355  return 1;
356 
357  /* At this point, we have established that no bridge exists with
358  * matching identity digest. However, we still pass it into
359  * bridge_exists_* functions because we want further code to
360  * check for absence of identity digest in a bridge.
361  */
362  if (node->ri) {
364  node->ri->or_port,
365  node->identity))
366  return 1;
367 
369  node->ri->ipv6_orport,
370  node->identity))
371  return 1;
372  } else if (node->rs) {
374  node->rs->or_port,
375  node->identity))
376  return 1;
377 
379  node->rs->ipv6_orport,
380  node->identity))
381  return 1;
382  } else if (node->md) {
384  node->md->ipv6_orport,
385  node->identity))
386  return 1;
387  }
388 
389  return 0;
390 }
391 
396 void
397 learned_router_identity(const tor_addr_t *addr, uint16_t port,
398  const char *digest,
399  const ed25519_public_key_t *ed_id)
400 {
401  // XXXX prop220 use ed_id here, once there is some way to specify
402  (void)ed_id;
403  int learned = 0;
404  bridge_info_t *bridge =
406  if (bridge && tor_digest_is_zero(bridge->identity)) {
407  memcpy(bridge->identity, digest, DIGEST_LEN);
408  learned = 1;
409  }
410  /* XXXX prop220 remember bridge ed25519 identities -- add a field */
411 #if 0
412  if (bridge && ed_id &&
413  ed25519_public_key_is_zero(&bridge->ed25519_identity) &&
414  !ed25519_public_key_is_zero(ed_id)) {
415  memcpy(&bridge->ed25519_identity, ed_id, sizeof(*ed_id));
416  learned = 1;
417  }
418 #endif /* 0 */
419  if (learned) {
420  char *transport_info = NULL;
421  const char *transport_name =
423  if (transport_name)
424  tor_asprintf(&transport_info, " (with transport '%s')", transport_name);
425 
426  // XXXX prop220 log both fingerprints.
427  log_notice(LD_DIR, "Learned fingerprint %s for bridge %s%s.",
428  hex_str(digest, DIGEST_LEN), fmt_addrport(addr, port),
429  transport_info ? transport_info : "");
430  tor_free(transport_info);
432  (const uint8_t *)digest);
433  }
434 }
435 
439 static int
440 bridge_has_digest(const bridge_info_t *bridge, const char *digest)
441 {
442  if (digest)
443  return tor_memeq(digest, bridge->identity, DIGEST_LEN);
444  else
445  return tor_digest_is_zero(bridge->identity);
446 }
447 
453 STATIC void
454 bridge_resolve_conflicts(const tor_addr_t *addr, uint16_t port,
455  const char *digest, const char *transport_name)
456 {
457  /* Iterate the already-registered bridge list:
458 
459  If you find a bridge with the same address and port, mark it for
460  removal. It doesn't make sense to have two active bridges with
461  the same IP:PORT. If the bridge in question has a different
462  digest or transport than <b>digest</b>/<b>transport_name</b>,
463  it's probably a misconfiguration and we should warn the user.
464  */
466  if (bridge->marked_for_removal)
467  continue;
468 
469  if (tor_addr_eq(&bridge->addr, addr) && (bridge->port == port)) {
470 
471  bridge->marked_for_removal = 1;
472 
473  if (!bridge_has_digest(bridge, digest) ||
474  strcmp_opt(bridge->transport_name, transport_name)) {
475  /* warn the user */
476  char *bridge_description_new, *bridge_description_old;
477  tor_asprintf(&bridge_description_new, "%s:%s:%s",
478  fmt_addrport(addr, port),
479  digest ? hex_str(digest, DIGEST_LEN) : "",
480  transport_name ? transport_name : "");
481  tor_asprintf(&bridge_description_old, "%s:%s:%s",
482  fmt_addrport(&bridge->addr, bridge->port),
483  tor_digest_is_zero(bridge->identity) ?
484  "" : hex_str(bridge->identity,DIGEST_LEN),
485  bridge->transport_name ? bridge->transport_name : "");
486 
487  log_warn(LD_GENERAL,"Tried to add bridge '%s', but we found a conflict"
488  " with the already registered bridge '%s'. We will discard"
489  " the old bridge and keep '%s'. If this is not what you"
490  " wanted, please change your configuration file accordingly.",
491  bridge_description_new, bridge_description_old,
492  bridge_description_new);
493 
494  tor_free(bridge_description_new);
495  tor_free(bridge_description_old);
496  }
497  }
498  } SMARTLIST_FOREACH_END(bridge);
499 }
500 
504 transport_is_needed, (const char *transport_name))
505 {
506  if (!bridge_list)
507  return 0;
508 
510  if (bridge->transport_name &&
511  !strcmp(bridge->transport_name, transport_name))
512  return 1;
513  } SMARTLIST_FOREACH_END(bridge);
514 
515  return 0;
516 }
517 
520 void
522 {
523  bridge_info_t *b;
524 
525  // XXXX prop220 add a way to specify ed25519 ID to bridge_line_t.
526 
527  { /* Log the bridge we are about to register: */
528  log_debug(LD_GENERAL, "Registering bridge at %s (transport: %s) (%s)",
529  fmt_addrport(&bridge_line->addr, bridge_line->port),
530  bridge_line->transport_name ?
531  bridge_line->transport_name : "no transport",
532  tor_digest_is_zero(bridge_line->digest) ?
533  "no key listed" : hex_str(bridge_line->digest, DIGEST_LEN));
534 
535  if (bridge_line->socks_args) { /* print socks arguments */
536  int i = 0;
537 
538  tor_assert(smartlist_len(bridge_line->socks_args) > 0);
539 
540  log_debug(LD_GENERAL, "Bridge uses %d SOCKS arguments:",
541  smartlist_len(bridge_line->socks_args));
542  SMARTLIST_FOREACH(bridge_line->socks_args, const char *, arg,
543  log_debug(LD_CONFIG, "%d: %s", ++i, arg));
544  }
545  }
546 
547  bridge_resolve_conflicts(&bridge_line->addr,
548  bridge_line->port,
549  bridge_line->digest,
550  bridge_line->transport_name);
551 
552  b = tor_malloc_zero(sizeof(bridge_info_t));
553  tor_addr_copy(&b->addrport_configured.addr, &bridge_line->addr);
554  b->addrport_configured.port = bridge_line->port;
555  tor_addr_copy(&b->addr, &bridge_line->addr);
556  b->port = bridge_line->port;
557  memcpy(b->identity, bridge_line->digest, DIGEST_LEN);
558  if (bridge_line->transport_name)
559  b->transport_name = bridge_line->transport_name;
560  b->fetch_status.schedule = DL_SCHED_BRIDGE;
561  b->fetch_status.increment_on = DL_SCHED_INCREMENT_ATTEMPT;
562  /* We can't reset the bridge's download status here, because UseBridges
563  * might be 0 now, and it might be changed to 1 much later. */
564  b->socks_args = bridge_line->socks_args;
565  if (!bridge_list)
566  bridge_list = smartlist_new();
567 
568  tor_free(bridge_line); /* Deallocate bridge_line now. */
569 
571 }
572 
574 STATIC bridge_info_t *
575 find_bridge_by_digest(const char *digest)
576 {
577  if (! bridge_list)
578  return NULL;
580  {
581  if (tor_memeq(bridge->identity, digest, DIGEST_LEN))
582  return bridge;
583  });
584  return NULL;
585 }
586 
590 const char *
592 {
593  if (!bridge_list)
594  return NULL;
595 
597  if (tor_addr_eq(&bridge->addr, addr) &&
598  (bridge->port == port))
599  return bridge->transport_name;
600  } SMARTLIST_FOREACH_END(bridge);
601 
602  return NULL;
603 }
604 
613 int
614 get_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port,
615  const transport_t **transport)
616 {
617  *transport = NULL;
618  if (!bridge_list)
619  return 0;
620 
622  if (tor_addr_eq(&bridge->addr, addr) &&
623  (bridge->port == port)) { /* bridge matched */
624  if (bridge->transport_name) { /* it also uses pluggable transports */
625  *transport = transport_get_by_name(bridge->transport_name);
626  if (*transport == NULL) { /* it uses pluggable transports, but
627  the transport could not be found! */
628  return -1;
629  }
630  return 0;
631  } else { /* bridge matched, but it doesn't use transports. */
632  break;
633  }
634  }
635  } SMARTLIST_FOREACH_END(bridge);
636 
637  *transport = NULL;
638  return 0;
639 }
640 
643 const smartlist_t *
645 {
647  port,
648  NULL);
649  return bridge ? bridge->socks_args : NULL;
650 }
651 
653 static void
655 {
656  const or_options_t *options = get_options();
657  circuit_guard_state_t *guard_state = NULL;
658 
659  if (connection_get_by_type_addr_port_purpose(
660  CONN_TYPE_DIR, &bridge->addr, bridge->port,
662  return; /* it's already on the way */
663 
664  if (routerset_contains_bridge(options->ExcludeNodes, bridge)) {
666  log_warn(LD_APP, "Not using bridge at %s: it is in ExcludeNodes.",
667  safe_str_client(fmt_and_decorate_addr(&bridge->addr)));
668  return;
669  }
670 
671  /* Until we get a descriptor for the bridge, we only know one address for
672  * it. */
673  if (!fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
674  FIREWALL_OR_CONNECTION, 0, 0)) {
675  log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a "
676  "bridge, but that bridge is not reachable through our "
677  "firewall.");
678  return;
679  }
680 
681  /* If we already have a node_t for this bridge, rewrite its address now. */
682  node_t *node = node_get_mutable_by_id(bridge->identity);
683  if (node) {
684  rewrite_node_address_for_bridge(bridge, node);
685  }
686 
687  tor_addr_port_t bridge_addrport;
688  memcpy(&bridge_addrport.addr, &bridge->addr, sizeof(tor_addr_t));
689  bridge_addrport.port = bridge->port;
690 
691  guard_state = get_guard_state_for_bridge_desc_fetch(bridge->identity);
692 
693  directory_request_t *req =
695  directory_request_set_or_addr_port(req, &bridge_addrport);
697  directory_request_set_router_purpose(req, ROUTER_PURPOSE_BRIDGE);
698  directory_request_set_resource(req, "authority.z");
699  if (guard_state) {
700  directory_request_set_guard_state(req, guard_state);
701  }
702  directory_initiate_request(req);
703  directory_request_free(req);
704 }
705 
708 void
710 {
711  bridge_info_t *bridge = find_bridge_by_digest(digest);
712  if (!bridge)
713  return; /* not found? oh well. */
714 
716 }
717 
721 void
722 fetch_bridge_descriptors(const or_options_t *options, time_t now)
723 {
724  int num_bridge_auths = get_n_authorities(BRIDGE_DIRINFO);
725  int ask_bridge_directly;
726  int can_use_bridge_authority;
727 
728  if (!bridge_list)
729  return;
730 
731  /* If we still have unconfigured managed proxies, don't go and
732  connect to a bridge. */
734  return;
735 
737  {
738  /* This resets the download status on first use */
739  if (!download_status_is_ready(&bridge->fetch_status, now))
740  continue; /* don't bother, no need to retry yet */
741  if (routerset_contains_bridge(options->ExcludeNodes, bridge)) {
742  download_status_mark_impossible(&bridge->fetch_status);
743  log_warn(LD_APP, "Not using bridge at %s: it is in ExcludeNodes.",
744  safe_str_client(fmt_and_decorate_addr(&bridge->addr)));
745  continue;
746  }
747 
748  /* schedule the next attempt
749  * we can't increment after a failure, because sometimes we use the
750  * bridge authority, and sometimes we use the bridge direct */
752  &bridge->fetch_status,
753  safe_str_client(fmt_and_decorate_addr(&bridge->addr)),
754  now);
755 
756  can_use_bridge_authority = !tor_digest_is_zero(bridge->identity) &&
757  num_bridge_auths;
758  ask_bridge_directly = !can_use_bridge_authority ||
759  !options->UpdateBridgesFromAuthority;
760  log_debug(LD_DIR, "ask_bridge_directly=%d (%d, %d, %d)",
761  ask_bridge_directly, tor_digest_is_zero(bridge->identity),
762  !options->UpdateBridgesFromAuthority, !num_bridge_auths);
763 
764  if (ask_bridge_directly &&
765  !fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
766  FIREWALL_OR_CONNECTION, 0,
767  0)) {
768  log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our "
769  "firewall policy. %s.",
770  fmt_addrport(&bridge->addr, bridge->port),
771  can_use_bridge_authority ?
772  "Asking bridge authority instead" : "Skipping");
773  if (can_use_bridge_authority)
774  ask_bridge_directly = 0;
775  else
776  continue;
777  }
778 
779  if (ask_bridge_directly) {
780  /* we need to ask the bridge itself for its descriptor. */
782  } else {
783  /* We have a digest and we want to ask an authority. We could
784  * combine all the requests into one, but that may give more
785  * hints to the bridge authority than we want to give. */
786  char resource[10 + HEX_DIGEST_LEN];
787  memcpy(resource, "fp/", 3);
788  base16_encode(resource+3, HEX_DIGEST_LEN+1,
789  bridge->identity, DIGEST_LEN);
790  memcpy(resource+3+HEX_DIGEST_LEN, ".z", 3);
791  log_info(LD_DIR, "Fetching bridge info '%s' from bridge authority.",
792  resource);
793  directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC,
794  ROUTER_PURPOSE_BRIDGE, resource, 0, DL_WANT_AUTHORITY);
795  }
796  }
797  SMARTLIST_FOREACH_END(bridge);
798 }
799 
805 static void
807 {
808  /* XXXX move this function. */
809  /* XXXX overridden addresses should really live in the node_t, so that the
810  * routerinfo_t and the microdesc_t can be immutable. But we can only
811  * do that safely if we know that no function that connects to an OR
812  * does so through an address from any source other than node_get_addr().
813  */
814  tor_addr_t addr;
815  const or_options_t *options = get_options();
816 
817  if (node->ri) {
818  routerinfo_t *ri = node->ri;
819  tor_addr_from_ipv4h(&addr, ri->addr);
820  if ((!tor_addr_compare(&bridge->addr, &addr, CMP_EXACT) &&
821  bridge->port == ri->or_port) ||
822  (!tor_addr_compare(&bridge->addr, &ri->ipv6_addr, CMP_EXACT) &&
823  bridge->port == ri->ipv6_orport)) {
824  /* they match, so no need to do anything */
825  } else {
826  if (tor_addr_family(&bridge->addr) == AF_INET) {
827  ri->addr = tor_addr_to_ipv4h(&bridge->addr);
828  ri->or_port = bridge->port;
829  log_info(LD_DIR,
830  "Adjusted bridge routerinfo for '%s' to match configured "
831  "address %s:%d.",
832  ri->nickname, fmt_addr32(ri->addr), ri->or_port);
833  } else if (tor_addr_family(&bridge->addr) == AF_INET6) {
834  tor_addr_copy(&ri->ipv6_addr, &bridge->addr);
835  ri->ipv6_orport = bridge->port;
836  log_info(LD_DIR,
837  "Adjusted bridge routerinfo for '%s' to match configured "
838  "address %s.",
839  ri->nickname, fmt_addrport(&ri->ipv6_addr, ri->ipv6_orport));
840  } else {
841  log_err(LD_BUG, "Address family not supported: %d.",
842  tor_addr_family(&bridge->addr));
843  return;
844  }
845  }
846 
847  if (options->ClientPreferIPv6ORPort == -1 ||
848  options->ClientAutoIPv6ORPort == 0) {
849  /* Mark which address to use based on which bridge_t we got. */
850  node->ipv6_preferred = (tor_addr_family(&bridge->addr) == AF_INET6 &&
851  !tor_addr_is_null(&node->ri->ipv6_addr));
852  } else {
853  /* Mark which address to use based on user preference */
855  !tor_addr_is_null(&node->ri->ipv6_addr));
856  }
857 
858  /* XXXipv6 we lack support for falling back to another address for
859  the same relay, warn the user */
860  if (!tor_addr_is_null(&ri->ipv6_addr)) {
861  tor_addr_port_t ap;
862  node_get_pref_orport(node, &ap);
863  log_notice(LD_CONFIG,
864  "Bridge '%s' has both an IPv4 and an IPv6 address. "
865  "Will prefer using its %s address (%s) based on %s.",
866  ri->nickname,
867  node->ipv6_preferred ? "IPv6" : "IPv4",
868  fmt_addrport(&ap.addr, ap.port),
869  options->ClientPreferIPv6ORPort == -1 ?
870  "the configured Bridge address" :
871  "ClientPreferIPv6ORPort");
872  }
873  }
874  if (node->rs) {
875  routerstatus_t *rs = node->rs;
876  tor_addr_from_ipv4h(&addr, rs->addr);
877 
878  if ((!tor_addr_compare(&bridge->addr, &addr, CMP_EXACT) &&
879  bridge->port == rs->or_port) ||
880  (!tor_addr_compare(&bridge->addr, &rs->ipv6_addr, CMP_EXACT) &&
881  bridge->port == rs->ipv6_orport)) {
882  /* they match, so no need to do anything */
883  } else {
884  if (tor_addr_family(&bridge->addr) == AF_INET) {
885  rs->addr = tor_addr_to_ipv4h(&bridge->addr);
886  rs->or_port = bridge->port;
887  log_info(LD_DIR,
888  "Adjusted bridge routerstatus for '%s' to match "
889  "configured address %s.",
890  rs->nickname, fmt_addrport(&bridge->addr, rs->or_port));
891  /* set IPv6 preferences even if there is no ri */
892  } else if (tor_addr_family(&bridge->addr) == AF_INET6) {
893  tor_addr_copy(&rs->ipv6_addr, &bridge->addr);
894  rs->ipv6_orport = bridge->port;
895  log_info(LD_DIR,
896  "Adjusted bridge routerstatus for '%s' to match configured"
897  " address %s.",
898  rs->nickname, fmt_addrport(&rs->ipv6_addr, rs->ipv6_orport));
899  } else {
900  log_err(LD_BUG, "Address family not supported: %d.",
901  tor_addr_family(&bridge->addr));
902  return;
903  }
904  }
905 
906  if (options->ClientPreferIPv6ORPort == -1) {
907  /* Mark which address to use based on which bridge_t we got. */
908  node->ipv6_preferred = (tor_addr_family(&bridge->addr) == AF_INET6 &&
909  !tor_addr_is_null(&node->rs->ipv6_addr));
910  } else {
911  /* Mark which address to use based on user preference */
913  !tor_addr_is_null(&node->rs->ipv6_addr));
914  }
915 
916  /* XXXipv6 we lack support for falling back to another address for
917  the same relay, warn the user */
918  if (!tor_addr_is_null(&rs->ipv6_addr)) {
919  tor_addr_port_t ap;
920  node_get_pref_orport(node, &ap);
921  log_notice(LD_CONFIG,
922  "Bridge '%s' has both an IPv4 and an IPv6 address. "
923  "Will prefer using its %s address (%s) based on %s.",
924  rs->nickname,
925  node->ipv6_preferred ? "IPv6" : "IPv4",
926  fmt_addrport(&ap.addr, ap.port),
927  options->ClientPreferIPv6ORPort == -1 ?
928  "the configured Bridge address" :
929  "ClientPreferIPv6ORPort");
930  }
931  }
932 }
933 
936 void
938 {
939  tor_assert(ri);
940  tor_assert(ri->purpose == ROUTER_PURPOSE_BRIDGE);
941  if (get_options()->UseBridges) {
942  /* Retry directory downloads whenever we get a bridge descriptor:
943  * - when bootstrapping, and
944  * - when we aren't sure if any of our bridges are reachable.
945  * Keep on retrying until we have at least one reachable bridge. */
946  int first = num_bridges_usable(0) < 1;
948  time_t now = time(NULL);
949  router_set_status(ri->cache_info.identity_digest, 1);
950 
951  if (bridge) { /* if we actually want to use this one */
952  node_t *node;
953  /* it's here; schedule its re-fetch for a long time from now. */
954  if (!from_cache) {
955  /* This schedules the re-fetch at a constant interval, which produces
956  * a pattern of bridge traffic. But it's better than trying all
957  * configured briges several times in the first few minutes. */
959  }
960 
961  node = node_get_mutable_by_id(ri->cache_info.identity_digest);
962  tor_assert(node);
963  rewrite_node_address_for_bridge(bridge, node);
964  if (tor_digest_is_zero(bridge->identity)) {
965  memcpy(bridge->identity,ri->cache_info.identity_digest, DIGEST_LEN);
966  log_notice(LD_DIR, "Learned identity %s for bridge at %s:%d",
967  hex_str(bridge->identity, DIGEST_LEN),
968  fmt_and_decorate_addr(&bridge->addr),
969  (int) bridge->port);
970  }
972  (const uint8_t*)ri->cache_info.identity_digest);
973 
974  log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s", ri->nickname,
975  from_cache ? "cached" : "fresh", router_describe(ri));
976  /* If we didn't have a reachable bridge before this one, try directory
977  * documents again. */
978  if (first) {
980  }
981  }
982  }
983 }
984 
987 list_bridge_identities, (void))
988 {
989  smartlist_t *result = NULL;
990  char *digest_tmp;
991 
992  if (get_options()->UseBridges && bridge_list) {
993  result = smartlist_new();
994 
996  digest_tmp = tor_malloc(DIGEST_LEN);
997  memcpy(digest_tmp, b->identity, DIGEST_LEN);
998  smartlist_add(result, digest_tmp);
999  } SMARTLIST_FOREACH_END(b);
1000  }
1001 
1002  return result;
1003 }
1004 
1007 get_bridge_dl_status_by_id, (const char *digest))
1008 {
1009  download_status_t *dl = NULL;
1010 
1011  if (digest && get_options()->UseBridges && bridge_list) {
1013  if (tor_memeq(digest, b->identity, DIGEST_LEN)) {
1014  dl = &(b->fetch_status);
1015  break;
1016  }
1017  } SMARTLIST_FOREACH_END(b);
1018  }
1019 
1020  return dl;
1021 }
1022 
1024 void
1026 {
1028  smartlist_free(bridge_list);
1029  bridge_list = NULL;
1030 }
int ClientAutoIPv6ORPort
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:508
Header file for dirclient.c.
int ClientPreferIPv6ORPort
void entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport, const uint8_t *rsa_id_digest)
Definition: entrynodes.c:950
Header file for circuitbuild.c.
Definition: node_st.h:28
uint16_t ipv6_orport
Definition: microdesc_st.h:72
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
void download_status_reset(download_status_t *dls)
Definition: dlstatus.c:359
static void bridge_free_(bridge_info_t *bridge)
Definition: bridges.c:119
Header file for connection.c.
#define LD_GENERAL
Definition: log.h:59
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
Definition: address.c:953
void learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
Definition: bridges.c:937
int get_n_authorities(dirinfo_type_t type)
Definition: dirlist.c:55
Header file for describe.c.
Header file for nodelist.c.
const uint8_t * bridge_get_rsa_id_digest(const bridge_info_t *bridge)
Definition: bridges.c:147
static bridge_info_t * get_configured_bridge_by_routerinfo(const routerinfo_t *ri)
Definition: bridges.c:273
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
void learned_router_identity(const tor_addr_t *addr, uint16_t port, const char *digest, const ed25519_public_key_t *ed_id)
Definition: bridges.c:397
struct directory_request_t directory_request_t
Definition: dirclient.h:52
Header file for config.c.
#define fmt_and_decorate_addr(a)
Definition: address.h:214
void router_set_status(const char *digest, int up)
Definition: nodelist.c:2231
download_status_t fetch_status
Definition: bridges.c:61
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
int routerinfo_is_a_configured_bridge(const routerinfo_t *ri)
Definition: bridges.c:286
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
Definition: address.h:152
static smartlist_t * bridge_list
Definition: bridges.c:79
const smartlist_t * get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:644
smartlist_t * socks_args
Definition: bridges.c:65
#define tor_free(p)
Definition: malloc.h:52
STATIC void bridge_resolve_conflicts(const tor_addr_t *addr, uint16_t port, const char *digest, const char *transport_name)
Definition: bridges.c:454
#define SMARTLIST_DEL_CURRENT(sl, var)
void bridges_free_all(void)
Definition: bridges.c:1025
void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1705
int addr_is_a_configured_bridge(const tor_addr_t *addr, uint16_t port, const char *digest)
Definition: bridges.c:251
static int bridge_exists_with_ipv4h_addr_and_port(const uint32_t ipv4_addr, const uint16_t port, const char *digest)
Definition: bridges.c:299
int download_status_is_ready(download_status_t *dls, time_t now)
Definition: dlstatus.c:376
char * transport_name
Definition: bridges.c:58
time_t download_status_increment_attempt(download_status_t *dls, const char *item, time_t now)
Definition: dlstatus.c:304
crypto_pk_t * onion_key
Header file for policies.c.
#define LD_APP
Definition: log.h:75
static void rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
Definition: bridges.c:806
download_schedule_bitfield_t schedule
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:38
tor_assert(buffer)
directory_request_t * directory_request_new(uint8_t dir_purpose)
Definition: dirclient.c:946
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1168
void directory_request_set_guard_state(directory_request_t *req, struct circuit_guard_state_t *state)
Definition: dirclient.c:1135
routerset_t * ExcludeNodes
Definition: or_options_st.h:84
void download_status_mark_impossible(download_status_t *dl)
Definition: dlstatus.c:388
#define DIGEST_LEN
Definition: digest_sizes.h:20
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
char identity[DIGEST_LEN]
Definition: node_st.h:40
int UpdateBridgesFromAuthority
Header file for circuitbuild.c.
Master header file for Tor-specific functionality.
const char * find_transport_name_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:591
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
bridge_info_t * get_configured_bridge_by_addr_port_digest(const tor_addr_t *addr, uint16_t port, const char *digest)
Definition: bridges.c:200
int extend_info_is_a_configured_bridge(const extend_info_t *ei)
Definition: bridges.c:264
Header file for circuitbuild.c.
tor_addr_port_t addrport_configured
Definition: bridges.c:45
const char * fmt_addr32(uint32_t addr)
Definition: address.c:1180
tor_addr_t ipv6_addr
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:769
tor_addr_t addr
Definition: bridges.c:47
bridge_info_t * get_configured_bridge_by_exact_addr_port_digest(const tor_addr_t *addr, uint16_t port, const char *digest)
Definition: bridges.c:226
char nickname[MAX_NICKNAME_LEN+1]
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
int pt_proxies_configuration_pending(void)
Definition: transports.c:371
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:557
void directory_request_set_router_purpose(directory_request_t *req, uint8_t router_purpose)
Definition: dirclient.c:1014
STATIC bridge_info_t * get_configured_bridge_by_orports_digest(const char *digest, const smartlist_t *orports)
Definition: bridges.c:172
Headers for transports.c.
void retry_bridge_descriptor_fetch_directly(const char *digest)
Definition: bridges.c:709
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
tor_addr_t ipv6_addr
Definition: microdesc_st.h:70
circuit_guard_state_t * get_guard_state_for_bridge_desc_fetch(const char *digest)
Definition: entrynodes.c:3228
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
download_schedule_increment_bitfield_t increment_on
#define LD_DIR
Definition: log.h:85
void mark_bridge_list(void)
Definition: bridges.c:84
char identity_digest[DIGEST_LEN]
void bridge_add_from_config(bridge_line_t *bridge_line)
Definition: bridges.c:521
unsigned int ipv6_preferred
Definition: node_st.h:83
void sweep_bridge_list(void)
Definition: bridges.c:95
static int bridge_exists_with_ipv6_addr_and_port(const tor_addr_t *ipv6_addr, const uint16_t port, const char *digest)
Definition: bridges.c:326
char identity_digest[DIGEST_LEN]
#define SMARTLIST_FOREACH(sl, type, var, cmd)
STATIC void clear_bridge_list(void)
Definition: bridges.c:109
void directory_request_set_or_addr_port(directory_request_t *req, const tor_addr_port_t *p)
Definition: dirclient.c:981
char * nickname
Definition: routerinfo_st.h:17
void routerlist_retry_directory_downloads(time_t now)
Definition: routerlist.c:2228
Header file for dlstatus.c.
smartlist_t * router_get_all_orports(const routerinfo_t *ri)
Definition: routerinfo.c:39
void fetch_bridge_descriptors(const or_options_t *options, time_t now)
Definition: bridges.c:722
#define tor_addr_eq(a, b)
Definition: address.h:244
static int bridge_has_digest(const bridge_info_t *bridge, const char *digest)
Definition: bridges.c:440
Header file for dirlist.c.
MOCK_IMPL(int, transport_is_needed,(const char *transport_name))
Definition: bridges.c:503
int strcmp_opt(const char *s1, const char *s2)
Definition: util_string.c:188
uint32_t addr
Definition: routerinfo_st.h:19
int node_is_a_configured_bridge(const node_t *node)
Definition: bridges.c:348
uint16_t ipv6_orport
#define CONN_TYPE_DIR
Definition: connection.h:35
STATIC bridge_info_t * find_bridge_by_digest(const char *digest)
Definition: bridges.c:575
void directory_request_set_directory_id_digest(directory_request_t *req, const char *digest)
Definition: dirclient.c:1002
uint8_t purpose
const tor_addr_port_t * bridge_get_addr_port(const bridge_info_t *bridge)
Definition: bridges.c:161
unsigned marked_for_removal
Definition: bridges.c:52
static void launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
Definition: bridges.c:654
tor_addr_t addr
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:27
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:903
void directory_request_set_resource(directory_request_t *req, const char *resource)
Definition: dirclient.c:1043
const smartlist_t * bridge_list_get(void)
Definition: bridges.c:135
Header file for routerinfo.c.
void smartlist_clear(smartlist_t *sl)
int get_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, const transport_t **transport)
Definition: bridges.c:614
const char * router_describe(const routerinfo_t *ri)
Definition: describe.c:81
int routerset_contains_bridge(const routerset_t *set, const bridge_info_t *bridge)
Definition: routerset.c:346
char identity[DIGEST_LEN]
Definition: bridges.c:55
#define LD_BUG
Definition: log.h:83
#define LD_CONFIG
Definition: log.h:65
Header file for routerlist.c.
uint16_t port
Definition: bridges.c:49
uint16_t or_port
Definition: routerinfo_st.h:20
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:179