tor-auto/doxygen/consdiffmgr_8c_source.html

/* Copyright (c) 2017-2020, The Tor Project, Inc. */

/* See LICENSE for licensing information */


/**

 * \file consdiffmgr.c

 *

 * \brief consensus diff manager functions

 *

 * This module is run by directory authorities and caches in order

 * to remember a number of past consensus documents, and to generate

 * and serve the diffs from those documents to the latest consensus.

 */


#define CONSDIFFMGR_PRIVATE


#include "core/or/or.h"

#include "app/config/config.h"

#include "feature/dircache/conscache.h"

#include "feature/dircommon/consdiff.h"

#include "feature/dircache/consdiffmgr.h"

#include "core/mainloop/cpuworker.h"

#include "feature/nodelist/networkstatus.h"

#include "feature/dirparse/ns_parse.h"

#include "lib/evloop/compat_libevent.h"

#include "lib/evloop/workqueue.h"

#include "lib/compress/compress.h"

#include "lib/encoding/confline.h"


#include "feature/nodelist/networkstatus_st.h"

#include "feature/nodelist/networkstatus_voter_info_st.h"


/**

 * Labels to apply to items in the conscache object.

 *

 * @{

 */

/* One of DOCTYPE_CONSENSUS or DOCTYPE_CONSENSUS_DIFF */

#define LABEL_DOCTYPE "document-type"

/* The valid-after time for a consensus (or for the target consensus of a

 * diff), encoded as ISO UTC. */

#define LABEL_VALID_AFTER "consensus-valid-after"

/* The fresh-until time for a consensus (or for the target consensus of a

 * diff), encoded as ISO UTC. */

#define LABEL_FRESH_UNTIL "consensus-fresh-until"

/* The valid-until time for a consensus (or for the target consensus of a

 * diff), encoded as ISO UTC. */

#define LABEL_VALID_UNTIL "consensus-valid-until"

/* Comma-separated list of hex-encoded identity digests for the voting

 * authorities. */

#define LABEL_SIGNATORIES "consensus-signatories"

/* A hex encoded SHA3 digest of the object, as compressed (if any) */

#define LABEL_SHA3_DIGEST "sha3-digest"

/* A hex encoded SHA3 digest of the object before compression. */

#define LABEL_SHA3_DIGEST_UNCOMPRESSED "sha3-digest-uncompressed"

/* A hex encoded SHA3 digest-as-signed of a consensus */

#define LABEL_SHA3_DIGEST_AS_SIGNED "sha3-digest-as-signed"

/* The flavor of the consensus or consensuses diff */

#define LABEL_FLAVOR "consensus-flavor"

/* Diff only: the SHA3 digest-as-signed of the source consensus. */

#define LABEL_FROM_SHA3_DIGEST "from-sha3-digest"

/* Diff only: the SHA3 digest-in-full of the target consensus. */

#define LABEL_TARGET_SHA3_DIGEST "target-sha3-digest"

/* Diff only: the valid-after date of the source consensus. */

#define LABEL_FROM_VALID_AFTER "from-valid-after"

/* What kind of compression was used? */

#define LABEL_COMPRESSION_TYPE "compression"

/** @} */


#define DOCTYPE_CONSENSUS "consensus"

#define DOCTYPE_CONSENSUS_DIFF "consensus-diff"


/**

 * Underlying directory that stores consensuses and consensus diffs.  Don't

 * use this directly: use cdm_cache_get() instead.

 */

static consensus_cache_t *cons_diff_cache = NULL;

/**

 * If true, we have learned at least one new consensus since the

 * consensus cache was last up-to-date.

 */

static int cdm_cache_dirty = 0;

/**

 * If true, we have scanned the cache to update our hashtable of diffs.

 */

static int cdm_cache_loaded = 0;


/**

 * Possible status values for cdm_diff_t.cdm_diff_status

 **/

typedef enum cdm_diff_status_t {

  CDM_DIFF_PRESENT=1,

  CDM_DIFF_IN_PROGRESS=2,

  CDM_DIFF_ERROR=3,

} cdm_diff_status_t;


/** Which methods do we use for precompressing diffs? */

static const compress_method_t compress_diffs_with[] = {

  NO_METHOD,

  GZIP_METHOD,

#ifdef HAVE_LZMA

  LZMA_METHOD,

#endif

#ifdef HAVE_ZSTD

  ZSTD_METHOD,

#endif

};


/**

 * Event for rescanning the cache.

 */

static mainloop_event_t *consdiffmgr_rescan_ev = NULL;


static void consdiffmgr_rescan_cb(mainloop_event_t *ev, void *arg);

static void mark_cdm_cache_dirty(void);


/** How many different methods will we try to use for diff compression? */

STATIC unsigned

n_diff_compression_methods(void)

{

  return ARRAY_LENGTH(compress_diffs_with);

}


/** Which methods do we use for precompressing consensuses? */

static const compress_method_t compress_consensus_with[] = {

  ZLIB_METHOD,

#ifdef HAVE_LZMA

  LZMA_METHOD,

#endif

#ifdef HAVE_ZSTD

  ZSTD_METHOD,

#endif

};


/** How many different methods will we try to use for diff compression? */

STATIC unsigned

n_consensus_compression_methods(void)

{

  return ARRAY_LENGTH(compress_consensus_with);

}


/** For which compression method do we retain old consensuses?  There's no

 * need to keep all of them, since we won't be serving them.  We'll

 * go with ZLIB_METHOD because it's pretty fast and everyone has it.

 */

#define RETAIN_CONSENSUS_COMPRESSED_WITH_METHOD ZLIB_METHOD


/** Handles pointing to the latest consensus entries as compressed and

 * stored. */

static consensus_cache_entry_handle_t *

                  latest_consensus[N_CONSENSUS_FLAVORS]

                                  [ARRAY_LENGTH(compress_consensus_with)];


/** Hashtable node used to remember the current status of the diff

 * from a given sha3 digest to the current consensus.  */

typedef struct cdm_diff_t {

  HT_ENTRY(cdm_diff_t) node;


  /** Consensus flavor for this diff (part of ht key) */

  consensus_flavor_t flavor;

  /** SHA3-256 digest of the consensus that this diff is _from_. (part of the

   * ht key) */

  uint8_t from_sha3[DIGEST256_LEN];

  /** Method by which the diff is compressed. (part of the ht key */

  compress_method_t compress_method;


  /** One of the CDM_DIFF_* values, depending on whether this diff

   * is available, in progress, or impossible to compute. */

  cdm_diff_status_t cdm_diff_status;

  /** SHA3-256 digest of the consensus that this diff is _to. */

  uint8_t target_sha3[DIGEST256_LEN];


  /** Handle to the cache entry for this diff, if any.  We use a handle here

   * to avoid thinking too hard about cache entry lifetime issues. */

  consensus_cache_entry_handle_t *entry;

} cdm_diff_t;


/** Hashtable mapping flavor and source consensus digest to status. */

static HT_HEAD(cdm_diff_ht, cdm_diff_t) cdm_diff_ht = HT_INITIALIZER();


/**

 * Configuration for this module

 */

static consdiff_cfg_t consdiff_cfg = {

  // XXXX I'd like to make this number bigger, but it interferes with the

  // XXXX seccomp2 syscall filter, which tops out at BPF_MAXINS (4096)

  // XXXX rules.

  /* .cache_max_num = */ 128

};


static int consdiffmgr_ensure_space_for_files(int n);

static int consensus_queue_compression_work(const char *consensus,

                                            size_t consensus_len,

                                            const networkstatus_t *as_parsed);

static int consensus_diff_queue_diff_work(consensus_cache_entry_t *diff_from,

                                          consensus_cache_entry_t *diff_to);

static void consdiffmgr_set_cache_flags(void);


/* =====

 * Hashtable setup

 * ===== */


/** Helper: hash the key of a cdm_diff_t. */

static unsigned

cdm_diff_hash(const cdm_diff_t *diff)

{

  uint8_t tmp[DIGEST256_LEN + 2];

  memcpy(tmp, diff->from_sha3, DIGEST256_LEN);

  tmp[DIGEST256_LEN] = (uint8_t) diff->flavor;

  tmp[DIGEST256_LEN+1] = (uint8_t) diff->compress_method;

  return (unsigned) siphash24g(tmp, sizeof(tmp));

}

/** Helper: compare two cdm_diff_t objects for key equality */

static int

cdm_diff_eq(const cdm_diff_t *diff1, const cdm_diff_t *diff2)

{

  return fast_memeq(diff1->from_sha3, diff2->from_sha3, DIGEST256_LEN) &&

    diff1->flavor == diff2->flavor &&

    diff1->compress_method == diff2->compress_method;

}


HT_PROTOTYPE(cdm_diff_ht, cdm_diff_t, node, cdm_diff_hash, cdm_diff_eq);

HT_GENERATE2(cdm_diff_ht, cdm_diff_t, node, cdm_diff_hash, cdm_diff_eq,

             0.6, tor_reallocarray, tor_free_);


#define cdm_diff_free(diff) \

  FREE_AND_NULL(cdm_diff_t, cdm_diff_free_, (diff))


/** Release all storage held in <b>diff</b>. */

static void

cdm_diff_free_(cdm_diff_t *diff)

{

  if (!diff)

    return;

  consensus_cache_entry_handle_free(diff->entry);

  tor_free(diff);

}


/** Create and return a new cdm_diff_t with the given values.  Does not

 * add it to the hashtable. */

static cdm_diff_t *

cdm_diff_new(consensus_flavor_t flav,

             const uint8_t *from_sha3,

             const uint8_t *target_sha3,

             compress_method_t method)

{

  cdm_diff_t *ent;

  ent = tor_malloc_zero(sizeof(cdm_diff_t));

  ent->flavor = flav;

  memcpy(ent->from_sha3, from_sha3, DIGEST256_LEN);

  memcpy(ent->target_sha3, target_sha3, DIGEST256_LEN);

  ent->compress_method = method;

  return ent;

}


/**

 * Examine the diff hashtable to see whether we know anything about computing

 * a diff of type <b>flav</b> between consensuses with the two provided

 * SHA3-256 digests.  If a computation is in progress, or if the computation

 * has already been tried and failed, return 1.  Otherwise, note the

 * computation as "in progress" so that we don't reattempt it later, and

 * return 0.

 */

static int

cdm_diff_ht_check_and_note_pending(consensus_flavor_t flav,

                                   const uint8_t *from_sha3,

                                   const uint8_t *target_sha3)

{

  struct cdm_diff_t search, *ent;

  unsigned u;

  int result = 0;

  for (u = 0; u < n_diff_compression_methods(); ++u) {

    compress_method_t method = compress_diffs_with[u];

    memset(&search, 0, sizeof(cdm_diff_t));

    search.flavor = flav;

    search.compress_method = method;

    memcpy(search.from_sha3, from_sha3, DIGEST256_LEN);

    ent = HT_FIND(cdm_diff_ht, &cdm_diff_ht, &search);

    if (ent) {

      tor_assert_nonfatal(ent->cdm_diff_status != CDM_DIFF_PRESENT);

      result = 1;

      continue;

    }

    ent = cdm_diff_new(flav, from_sha3, target_sha3, method);

    ent->cdm_diff_status = CDM_DIFF_IN_PROGRESS;

    HT_INSERT(cdm_diff_ht, &cdm_diff_ht, ent);

  }

  return result;

}


/**

 * Update the status of the diff of type <b>flav</b> between consensuses with

 * the two provided SHA3-256 digests, so that its status becomes

 * <b>status</b>, and its value becomes the <b>handle</b>.  If <b>handle</b>

 * is NULL, then the old handle (if any) is freed, and replaced with NULL.

 */

static void

cdm_diff_ht_set_status(consensus_flavor_t flav,

                       const uint8_t *from_sha3,

                       const uint8_t *to_sha3,

                       compress_method_t method,

                       int status,

                       consensus_cache_entry_handle_t *handle)

{

  if (handle == NULL) {

    tor_assert_nonfatal(status != CDM_DIFF_PRESENT);

  }


  struct cdm_diff_t search, *ent;

  memset(&search, 0, sizeof(cdm_diff_t));

  search.flavor = flav;

  search.compress_method = method,

  memcpy(search.from_sha3, from_sha3, DIGEST256_LEN);

  ent = HT_FIND(cdm_diff_ht, &cdm_diff_ht, &search);

  if (!ent) {

    ent = cdm_diff_new(flav, from_sha3, to_sha3, method);

    ent->cdm_diff_status = CDM_DIFF_IN_PROGRESS;

    HT_INSERT(cdm_diff_ht, &cdm_diff_ht, ent);

  } else if (fast_memneq(ent->target_sha3, to_sha3, DIGEST256_LEN)) {

    // This can happen under certain really pathological conditions

    // if we decide we don't care about a diff before it is actually

    // done computing.

    return;

  }


  tor_assert_nonfatal(ent->cdm_diff_status == CDM_DIFF_IN_PROGRESS);


  ent->cdm_diff_status = status;

  consensus_cache_entry_handle_free(ent->entry);

  ent->entry = handle;

}


/**

 * Helper: Remove from the hash table every present (actually computed) diff

 * of type <b>flav</b> whose target digest does not match

 * <b>unless_target_sha3_matches</b>.

 *

 * This function is used for the hash table to throw away references to diffs

 * that do not lead to the most given consensus of a given flavor.

 */

static void

cdm_diff_ht_purge(consensus_flavor_t flav,

                  const uint8_t *unless_target_sha3_matches)

{

  cdm_diff_t **diff, **next;

  for (diff = HT_START(cdm_diff_ht, &cdm_diff_ht); diff; diff = next) {

    cdm_diff_t *this = *diff;


    if ((*diff)->cdm_diff_status == CDM_DIFF_PRESENT &&

        flav == (*diff)->flavor) {


      if (BUG((*diff)->entry == NULL) ||

          consensus_cache_entry_handle_get((*diff)->entry) == NULL) {

        /* the underlying entry has gone away; drop this. */

        next = HT_NEXT_RMV(cdm_diff_ht, &cdm_diff_ht, diff);

        cdm_diff_free(this);

        continue;

      }


      if (unless_target_sha3_matches &&

          fast_memneq(unless_target_sha3_matches, (*diff)->target_sha3,

                      DIGEST256_LEN)) {

        /* target hash doesn't match; drop this. */

        next = HT_NEXT_RMV(cdm_diff_ht, &cdm_diff_ht, diff);

        cdm_diff_free(this);

        continue;

      }

    }

    next = HT_NEXT(cdm_diff_ht, &cdm_diff_ht, diff);

  }

}


/**

 * Helper: initialize <b>cons_diff_cache</b>.

 */

static void

cdm_cache_init(void)

{

  unsigned n_entries = consdiff_cfg.cache_max_num * 2;


  tor_assert(cons_diff_cache == NULL);

  cons_diff_cache = consensus_cache_open("diff-cache", n_entries);

  if (cons_diff_cache == NULL) {

    // LCOV_EXCL_START

    log_err(LD_FS, "Error: Couldn't open storage for consensus diffs.");

    tor_assert_unreached();

    // LCOV_EXCL_STOP

  } else {

    consdiffmgr_set_cache_flags();

  }

  consdiffmgr_rescan_ev =

    mainloop_event_postloop_new(consdiffmgr_rescan_cb, NULL);

  mark_cdm_cache_dirty();

  cdm_cache_loaded = 0;

}


/**

 * Helper: return the consensus_cache_t * that backs this manager,

 * initializing it if needed.

 */

STATIC consensus_cache_t *

cdm_cache_get(void)

{

  if (PREDICT_UNLIKELY(cons_diff_cache == NULL)) {

    cdm_cache_init();

  }

  return cons_diff_cache;

}


/**

 * Helper: given a list of labels, prepend the hex-encoded SHA3 digest

 * of the <b>bodylen</b>-byte object at <b>body</b> to those labels,

 * with <b>label</b> as its label.

 */

static void

cdm_labels_prepend_sha3(config_line_t **labels,

                        const char *label,

                        const uint8_t *body,

                        size_t bodylen)

{

  uint8_t sha3_digest[DIGEST256_LEN];

  char hexdigest[HEX_DIGEST256_LEN+1];

  crypto_digest256((char *)sha3_digest,

                   (const char *)body, bodylen, DIGEST_SHA3_256);

  base16_encode(hexdigest, sizeof(hexdigest),

                (const char *)sha3_digest, sizeof(sha3_digest));


  config_line_prepend(labels, label, hexdigest);

}


/** Helper: if there is a sha3-256 hex-encoded digest in <b>ent</b> with the

 * given label, set <b>digest_out</b> to that value (decoded), and return 0.

 *

 * Return -1 if there is no such label, and -2 if it is badly formatted. */

STATIC int

cdm_entry_get_sha3_value(uint8_t *digest_out,

                         consensus_cache_entry_t *ent,

                         const char *label)

{

  if (ent == NULL)

    return -1;


  const char *hex = consensus_cache_entry_get_value(ent, label);

  if (hex == NULL)

    return -1;


  int n = base16_decode((char*)digest_out, DIGEST256_LEN, hex, strlen(hex));

  if (n != DIGEST256_LEN)

    return -2;

  else

    return 0;

}


/**

 * Helper: look for a consensus with the given <b>flavor</b> and

 * <b>valid_after</b> time in the cache. Return that consensus if it's

 * present, or NULL if it's missing.

 */

STATIC consensus_cache_entry_t *

cdm_cache_lookup_consensus(consensus_flavor_t flavor, time_t valid_after)

{

  char formatted_time[ISO_TIME_LEN+1];

  format_iso_time_nospace(formatted_time, valid_after);

  const char *flavname = networkstatus_get_flavor_name(flavor);


  /* We'll filter by valid-after time first, since that should

   * match the fewest documents. */

  /* We could add an extra hashtable here, but since we only do this scan

   * when adding a new consensus, it probably doesn't matter much. */

  smartlist_t *matches = smartlist_new();

  consensus_cache_find_all(matches, cdm_cache_get(),

                           LABEL_VALID_AFTER, formatted_time);

  consensus_cache_filter_list(matches, LABEL_FLAVOR, flavname);

  consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS);


  consensus_cache_entry_t *result = NULL;

  if (smartlist_len(matches)) {

    result = smartlist_get(matches, 0);

  }

  smartlist_free(matches);


  return result;

}


/** Return the maximum age (in seconds) of consensuses that we should consider

 * storing. The available space in the directory may impose additional limits

 * on how much we store. */

static int32_t

get_max_age_to_cache(void)

{

  const int32_t DEFAULT_MAX_AGE_TO_CACHE = 8192;

  const int32_t MIN_MAX_AGE_TO_CACHE = 0;

  const int32_t MAX_MAX_AGE_TO_CACHE = 8192;

  const char MAX_AGE_TO_CACHE_NAME[] = "max-consensus-age-to-cache-for-diff";


  const or_options_t *options = get_options();


  if (options->MaxConsensusAgeForDiffs) {

    const int v = options->MaxConsensusAgeForDiffs;

    if (v >= MAX_MAX_AGE_TO_CACHE * 3600)

      return MAX_MAX_AGE_TO_CACHE;

    else

      return v;

  }


  /* The parameter is in hours, so we multiply */

  return 3600 * networkstatus_get_param(NULL,

                                        MAX_AGE_TO_CACHE_NAME,

                                        DEFAULT_MAX_AGE_TO_CACHE,

                                        MIN_MAX_AGE_TO_CACHE,

                                        MAX_MAX_AGE_TO_CACHE);

}


#ifdef TOR_UNIT_TESTS

/** As consdiffmgr_add_consensus, but requires a nul-terminated input. For

 * testing. */

int

consdiffmgr_add_consensus_nulterm(const char *consensus,

                                  const networkstatus_t *as_parsed)

{

  size_t len = strlen(consensus);

  /* make a non-nul-terminated copy so that we can have a better chance

   * of catching errors. */

  char *ctmp = tor_memdup(consensus, len);

  int r = consdiffmgr_add_consensus(ctmp, len, as_parsed);

  tor_free(ctmp);

  return r;

}

#endif /* defined(TOR_UNIT_TESTS) */


/**

 * Given a buffer containing a networkstatus consensus, and the results of

 * having parsed that consensus, add that consensus to the cache if it is not

 * already present and not too old.  Create new consensus diffs from or to

 * that consensus as appropriate.

 *

 * Return 0 on success and -1 on failure.

 */

int

consdiffmgr_add_consensus(const char *consensus,

                          size_t consensus_len,

                          const networkstatus_t *as_parsed)

{

  if (BUG(consensus == NULL) || BUG(as_parsed == NULL))

    return -1; // LCOV_EXCL_LINE

  if (BUG(as_parsed->type != NS_TYPE_CONSENSUS))

    return -1; // LCOV_EXCL_LINE


  const consensus_flavor_t flavor = as_parsed->flavor;

  const time_t valid_after = as_parsed->valid_after;


  if (valid_after < approx_time() - get_max_age_to_cache()) {

    log_info(LD_DIRSERV, "We don't care about this consensus document; it's "

             "too old.");

    return -1;

  }


  /* Do we already have this one? */

  consensus_cache_entry_t *entry =

    cdm_cache_lookup_consensus(flavor, valid_after);

  if (entry) {

    log_info(LD_DIRSERV, "We already have a copy of that consensus");

    return -1;

  }


  /* We don't have it. Add it to the cache. */

  return consensus_queue_compression_work(consensus, consensus_len, as_parsed);

}


/**

 * Helper: used to sort two smartlists of consensus_cache_entry_t by their

 * LABEL_VALID_AFTER labels.

 */

static int

compare_by_valid_after_(const void **a, const void **b)

{

  const consensus_cache_entry_t *e1 = *a;

  const consensus_cache_entry_t *e2 = *b;

  /* We're in luck here: sorting UTC iso-encoded values lexically will work

   * fine (until 9999). */

  return strcmp_opt(consensus_cache_entry_get_value(e1, LABEL_VALID_AFTER),

                    consensus_cache_entry_get_value(e2, LABEL_VALID_AFTER));

}


/**

 * Helper: Sort <b>lst</b> by LABEL_VALID_AFTER and return the most recent

 * entry.

 */

static consensus_cache_entry_t *

sort_and_find_most_recent(smartlist_t *lst)

{

  smartlist_sort(lst, compare_by_valid_after_);

  if (smartlist_len(lst)) {

    return smartlist_get(lst, smartlist_len(lst) - 1);

  } else {

    return NULL;

  }

}


/** Return i such that compress_consensus_with[i] == method. Return

 * -1 if no such i exists. */

static int

consensus_compression_method_pos(compress_method_t method)

{

  unsigned i;

  for (i = 0; i < n_consensus_compression_methods(); ++i) {

    if (compress_consensus_with[i] == method) {

      return i;

    }

  }

  return -1;

}


/**

 * If we know a consensus with the flavor <b>flavor</b> compressed with

 * <b>method</b>, set *<b>entry_out</b> to that value.  Return values are as

 * for consdiffmgr_find_diff_from().

 */

consdiff_status_t

consdiffmgr_find_consensus(struct consensus_cache_entry_t **entry_out,

                           consensus_flavor_t flavor,

                           compress_method_t method)

{

  tor_assert(entry_out);

  tor_assert((int)flavor < N_CONSENSUS_FLAVORS);


  int pos = consensus_compression_method_pos(method);

  if (pos < 0) {

     // We don't compress consensuses with this method.

    return CONSDIFF_NOT_FOUND;

  }

  consensus_cache_entry_handle_t *handle = latest_consensus[flavor][pos];

  if (!handle)

    return CONSDIFF_NOT_FOUND;

  *entry_out = consensus_cache_entry_handle_get(handle);

  if (*entry_out)

    return CONSDIFF_AVAILABLE;

  else

    return CONSDIFF_NOT_FOUND;

}


/**

 * Look up consensus_cache_entry_t for the consensus of type <b>flavor</b>,

 * from the source consensus with the specified digest (which must be SHA3).

 *

 * If the diff is present, store it into *<b>entry_out</b> and return

 * CONSDIFF_AVAILABLE. Otherwise return CONSDIFF_NOT_FOUND or

 * CONSDIFF_IN_PROGRESS.

 */

consdiff_status_t

consdiffmgr_find_diff_from(consensus_cache_entry_t **entry_out,

                           consensus_flavor_t flavor,

                           int digest_type,

                           const uint8_t *digest,

                           size_t digestlen,

                           compress_method_t method)

{

  if (BUG(digest_type != DIGEST_SHA3_256) ||

      BUG(digestlen != DIGEST256_LEN)) {

    return CONSDIFF_NOT_FOUND; // LCOV_EXCL_LINE

  }


  // Try to look up the entry in the hashtable.

  cdm_diff_t search, *ent;

  memset(&search, 0, sizeof(search));

  search.flavor = flavor;

  search.compress_method = method;

  memcpy(search.from_sha3, digest, DIGEST256_LEN);

  ent = HT_FIND(cdm_diff_ht, &cdm_diff_ht, &search);


  if (ent == NULL ||

      ent->cdm_diff_status == CDM_DIFF_ERROR) {

    return CONSDIFF_NOT_FOUND;

  } else if (ent->cdm_diff_status == CDM_DIFF_IN_PROGRESS) {

    return CONSDIFF_IN_PROGRESS;

  } else if (BUG(ent->cdm_diff_status != CDM_DIFF_PRESENT)) {

    return CONSDIFF_IN_PROGRESS;

  }


  if (BUG(ent->entry == NULL)) {

    return CONSDIFF_NOT_FOUND;

  }

  *entry_out = consensus_cache_entry_handle_get(ent->entry);

  return (*entry_out) ? CONSDIFF_AVAILABLE : CONSDIFF_NOT_FOUND;


#if 0

  // XXXX Remove this.  I'm keeping it around for now in case we need to

  // XXXX debug issues in the hashtable.

  char hex[HEX_DIGEST256_LEN+1];

  base16_encode(hex, sizeof(hex), (const char *)digest, digestlen);

  const char *flavname = networkstatus_get_flavor_name(flavor);


  smartlist_t *matches = smartlist_new();

  consensus_cache_find_all(matches, cdm_cache_get(),

                           LABEL_FROM_SHA3_DIGEST, hex);

  consensus_cache_filter_list(matches, LABEL_FLAVOR, flavname);

  consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS_DIFF);


  *entry_out = sort_and_find_most_recent(matches);

  consdiff_status_t result =

    (*entry_out) ? CONSDIFF_AVAILABLE : CONSDIFF_NOT_FOUND;

  smartlist_free(matches);


  return result;

#endif /* 0 */

}


/**

 * Perform periodic cleanup tasks on the consensus diff cache.  Return

 * the number of objects marked for deletion.

 */

int

consdiffmgr_cleanup(void)

{

  smartlist_t *objects = smartlist_new();

  smartlist_t *consensuses = smartlist_new();

  smartlist_t *diffs = smartlist_new();

  int n_to_delete = 0;


  log_debug(LD_DIRSERV, "Looking for consdiffmgr entries to remove");


  // 1. Delete any consensus or diff or anything whose valid_after is too old.

  const time_t valid_after_cutoff = approx_time() - get_max_age_to_cache();


  consensus_cache_find_all(objects, cdm_cache_get(),

                           NULL, NULL);

  SMARTLIST_FOREACH_BEGIN(objects, consensus_cache_entry_t *, ent) {

    const char *lv_valid_after =

      consensus_cache_entry_get_value(ent, LABEL_VALID_AFTER);

    if (! lv_valid_after) {

      log_debug(LD_DIRSERV, "Ignoring entry because it had no %s label",

                LABEL_VALID_AFTER);

      continue;

    }

    time_t valid_after = 0;

    if (parse_iso_time_nospace(lv_valid_after, &valid_after) < 0) {

      log_debug(LD_DIRSERV, "Ignoring entry because its %s value (%s) was "

                "unparseable", LABEL_VALID_AFTER, escaped(lv_valid_after));

      continue;

    }

    if (valid_after < valid_after_cutoff) {

      log_debug(LD_DIRSERV, "Deleting entry because its %s value (%s) was "

                "too old", LABEL_VALID_AFTER, lv_valid_after);

      consensus_cache_entry_mark_for_removal(ent);

      ++n_to_delete;

    }

  } SMARTLIST_FOREACH_END(ent);


  // 2. Delete all diffs that lead to a consensus whose valid-after is not the

  // latest.

  for (int flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {

    const char *flavname = networkstatus_get_flavor_name(flav);

    /* Determine the most recent consensus of this flavor */

    consensus_cache_find_all(consensuses, cdm_cache_get(),

                             LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

    consensus_cache_filter_list(consensuses, LABEL_FLAVOR, flavname);

    consensus_cache_entry_t *most_recent =

      sort_and_find_most_recent(consensuses);

    if (most_recent == NULL)

      continue;

    const char *most_recent_sha3 =

      consensus_cache_entry_get_value(most_recent,

                                      LABEL_SHA3_DIGEST_UNCOMPRESSED);

    if (BUG(most_recent_sha3 == NULL))

      continue; // LCOV_EXCL_LINE


    /* consider all such-flavored diffs, and look to see if they match. */

    consensus_cache_find_all(diffs, cdm_cache_get(),

                             LABEL_DOCTYPE, DOCTYPE_CONSENSUS_DIFF);

    consensus_cache_filter_list(diffs, LABEL_FLAVOR, flavname);

    SMARTLIST_FOREACH_BEGIN(diffs, consensus_cache_entry_t *, diff) {

      const char *this_diff_target_sha3 =

        consensus_cache_entry_get_value(diff, LABEL_TARGET_SHA3_DIGEST);

      if (!this_diff_target_sha3)

        continue;

      if (strcmp(this_diff_target_sha3, most_recent_sha3)) {

        consensus_cache_entry_mark_for_removal(diff);

        ++n_to_delete;

      }

    } SMARTLIST_FOREACH_END(diff);

    smartlist_clear(consensuses);

    smartlist_clear(diffs);

  }


  // 3. Delete all consensuses except the most recent that are compressed with

  // an un-preferred method.

  for (int flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {

    const char *flavname = networkstatus_get_flavor_name(flav);

    /* Determine the most recent consensus of this flavor */

    consensus_cache_find_all(consensuses, cdm_cache_get(),

                             LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

    consensus_cache_filter_list(consensuses, LABEL_FLAVOR, flavname);

    consensus_cache_entry_t *most_recent =

      sort_and_find_most_recent(consensuses);

    if (most_recent == NULL)

      continue;

    const char *most_recent_sha3_uncompressed =

      consensus_cache_entry_get_value(most_recent,

                                      LABEL_SHA3_DIGEST_UNCOMPRESSED);

    const char *retain_methodname = compression_method_get_name(

                               RETAIN_CONSENSUS_COMPRESSED_WITH_METHOD);


    if (BUG(most_recent_sha3_uncompressed == NULL))

      continue;

    SMARTLIST_FOREACH_BEGIN(consensuses, consensus_cache_entry_t *, ent) {

      const char *lv_sha3_uncompressed =

        consensus_cache_entry_get_value(ent, LABEL_SHA3_DIGEST_UNCOMPRESSED);

      if (BUG(! lv_sha3_uncompressed))

        continue;

      if (!strcmp(lv_sha3_uncompressed, most_recent_sha3_uncompressed))

        continue; // This _is_ the most recent.

      const char *lv_methodname =

        consensus_cache_entry_get_value(ent, LABEL_COMPRESSION_TYPE);

      if (! lv_methodname || strcmp(lv_methodname, retain_methodname)) {

        consensus_cache_entry_mark_for_removal(ent);

        ++n_to_delete;

      }

    } SMARTLIST_FOREACH_END(ent);

  }


  smartlist_free(objects);

  smartlist_free(consensuses);

  smartlist_free(diffs);


  // Actually remove files, if they're not used.

  consensus_cache_delete_pending(cdm_cache_get(), 0);

  return n_to_delete;

}


/**

 * Initialize the consensus diff manager and its cache, and configure

 * its parameters based on the latest torrc and networkstatus parameters.

 */

void

consdiffmgr_configure(const consdiff_cfg_t *cfg)

{

  if (cfg)

    memcpy(&consdiff_cfg, cfg, sizeof(consdiff_cfg));


  (void) cdm_cache_get();

}


/**

 * Tell the sandbox (if any) configured by <b>cfg</b> to allow the

 * operations that the consensus diff manager will need.

 */

int

consdiffmgr_register_with_sandbox(struct sandbox_cfg_elem_t **cfg)

{

  return consensus_cache_register_with_sandbox(cdm_cache_get(), cfg);

}


/**

 * Scan the consensus diff manager's cache for any grossly malformed entries,

 * and mark them as deletable.  Return 0 if no problems were found; 1

 * if problems were found and fixed.

 */

int

consdiffmgr_validate(void)

{

  /* Right now, we only check for entries that have bad sha3 values */

  int problems = 0;


  smartlist_t *objects = smartlist_new();

  consensus_cache_find_all(objects, cdm_cache_get(),

                           NULL, NULL);

  SMARTLIST_FOREACH_BEGIN(objects, consensus_cache_entry_t *, obj) {

    uint8_t sha3_expected[DIGEST256_LEN];

    uint8_t sha3_received[DIGEST256_LEN];

    int r = cdm_entry_get_sha3_value(sha3_expected, obj, LABEL_SHA3_DIGEST);

    if (r == -1) {

      /* digest isn't there; that's allowed */

      continue;

    } else if (r == -2) {

      /* digest is malformed; that's not allowed */

      problems = 1;

      consensus_cache_entry_mark_for_removal(obj);

      continue;

    }

    const uint8_t *body;

    size_t bodylen;

    consensus_cache_entry_incref(obj);

    r = consensus_cache_entry_get_body(obj, &body, &bodylen);

    if (r == 0) {

      crypto_digest256((char *)sha3_received, (const char *)body, bodylen,

                       DIGEST_SHA3_256);

    }

    consensus_cache_entry_decref(obj);

    if (r < 0)

      continue;


    // Deconfuse coverity about the possibility of sha3_received being

    // uninitialized

    tor_assert(r <= 0);


    if (fast_memneq(sha3_received, sha3_expected, DIGEST256_LEN)) {

      problems = 1;

      consensus_cache_entry_mark_for_removal(obj);

      continue;

    }


  } SMARTLIST_FOREACH_END(obj);

  smartlist_free(objects);

  return problems;

}


/**

 * Helper: build new diffs of <b>flavor</b> as needed

 */

static void

consdiffmgr_rescan_flavor_(consensus_flavor_t flavor)

{

  smartlist_t *matches = NULL;

  smartlist_t *diffs = NULL;

  smartlist_t *compute_diffs_from = NULL;

  strmap_t *have_diff_from = NULL;


  // look for the most recent consensus, and for all previous in-range

  // consensuses.  Do they all have diffs to it?

  const char *flavname = networkstatus_get_flavor_name(flavor);


  // 1. find the most recent consensus, and the ones that we might want

  //    to diff to it.

  const char *methodname = compression_method_get_name(

                             RETAIN_CONSENSUS_COMPRESSED_WITH_METHOD);


  matches = smartlist_new();

  consensus_cache_find_all(matches, cdm_cache_get(),

                           LABEL_FLAVOR, flavname);

  consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

  consensus_cache_filter_list(matches, LABEL_COMPRESSION_TYPE, methodname);

  consensus_cache_entry_t *most_recent = sort_and_find_most_recent(matches);

  if (!most_recent) {

    log_info(LD_DIRSERV, "No 'most recent' %s consensus found; "

             "not making diffs", flavname);

    goto done;

  }

  tor_assert(smartlist_len(matches));

  smartlist_del(matches, smartlist_len(matches) - 1);


  const char *most_recent_valid_after =

    consensus_cache_entry_get_value(most_recent, LABEL_VALID_AFTER);

  if (BUG(most_recent_valid_after == NULL))

    goto done; //LCOV_EXCL_LINE

  uint8_t most_recent_sha3[DIGEST256_LEN];

  if (BUG(cdm_entry_get_sha3_value(most_recent_sha3, most_recent,

                                   LABEL_SHA3_DIGEST_UNCOMPRESSED) < 0))

    goto done; //LCOV_EXCL_LINE


  // 2. Find all the relevant diffs _to_ this consensus. These are ones

  //    that we don't need to compute.

  diffs = smartlist_new();

  consensus_cache_find_all(diffs, cdm_cache_get(),

                           LABEL_VALID_AFTER, most_recent_valid_after);

  consensus_cache_filter_list(diffs, LABEL_DOCTYPE, DOCTYPE_CONSENSUS_DIFF);

  consensus_cache_filter_list(diffs, LABEL_FLAVOR, flavname);

  have_diff_from = strmap_new();

  SMARTLIST_FOREACH_BEGIN(diffs, consensus_cache_entry_t *, diff) {

    const char *va = consensus_cache_entry_get_value(diff,

                                                     LABEL_FROM_VALID_AFTER);

    if (BUG(va == NULL))

      continue; // LCOV_EXCL_LINE

    strmap_set(have_diff_from, va, diff);

  } SMARTLIST_FOREACH_END(diff);


  // 3. See which consensuses in 'matches' don't have diffs yet.

  smartlist_reverse(matches); // from newest to oldest.

  compute_diffs_from = smartlist_new();

  SMARTLIST_FOREACH_BEGIN(matches, consensus_cache_entry_t *, ent) {

    const char *va = consensus_cache_entry_get_value(ent, LABEL_VALID_AFTER);

    if (BUG(va == NULL))

      continue; // LCOV_EXCL_LINE

    if (strmap_get(have_diff_from, va) != NULL)

      continue; /* we already have this one. */

    smartlist_add(compute_diffs_from, ent);

    /* Since we are not going to serve this as the most recent consensus

     * any more, we should stop keeping it mmap'd when it's not in use.

     */

    consensus_cache_entry_mark_for_aggressive_release(ent);

  } SMARTLIST_FOREACH_END(ent);


  log_info(LD_DIRSERV,

           "The most recent %s consensus is valid-after %s. We have diffs to "

           "this consensus for %d/%d older %s consensuses. Generating diffs "

           "for the other %d.",

           flavname,

           most_recent_valid_after,

           smartlist_len(matches) - smartlist_len(compute_diffs_from),

           smartlist_len(matches),

           flavname,

           smartlist_len(compute_diffs_from));


  // 4. Update the hashtable; remove entries in this flavor to other

  //    target consensuses.

  cdm_diff_ht_purge(flavor, most_recent_sha3);


  // 5. Actually launch the requests.

  SMARTLIST_FOREACH_BEGIN(compute_diffs_from, consensus_cache_entry_t *, c) {

    if (BUG(c == most_recent))

      continue; // LCOV_EXCL_LINE


    uint8_t this_sha3[DIGEST256_LEN];

    if (cdm_entry_get_sha3_value(this_sha3, c,

                                 LABEL_SHA3_DIGEST_AS_SIGNED)<0) {

      // Not actually a bug, since we might be running with a directory

      // with stale files from before the #22143 fixes.

      continue;

    }

    if (cdm_diff_ht_check_and_note_pending(flavor,

                                           this_sha3, most_recent_sha3)) {

      // This is already pending, or we encountered an error.

      continue;

    }

    consensus_diff_queue_diff_work(c, most_recent);

  } SMARTLIST_FOREACH_END(c);


 done:

  smartlist_free(matches);

  smartlist_free(diffs);

  smartlist_free(compute_diffs_from);

  strmap_free(have_diff_from, NULL);

}


/**

 * Scan the cache for the latest consensuses and add their handles to

 * latest_consensus

 */

static void

consdiffmgr_consensus_load(void)

{

  smartlist_t *matches = smartlist_new();

  for (int flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {

    const char *flavname = networkstatus_get_flavor_name(flav);

    smartlist_clear(matches);

    consensus_cache_find_all(matches, cdm_cache_get(),

                             LABEL_FLAVOR, flavname);

    consensus_cache_filter_list(matches, LABEL_DOCTYPE, DOCTYPE_CONSENSUS);

    consensus_cache_entry_t *most_recent = sort_and_find_most_recent(matches);

    if (! most_recent)

      continue; // no consensuses.

    const char *most_recent_sha3 =

      consensus_cache_entry_get_value(most_recent,

                                      LABEL_SHA3_DIGEST_UNCOMPRESSED);

    if (BUG(most_recent_sha3 == NULL))

      continue; // LCOV_EXCL_LINE

    consensus_cache_filter_list(matches, LABEL_SHA3_DIGEST_UNCOMPRESSED,

                                most_recent_sha3);


    // Everything that remains matches the most recent consensus of this

    // flavor.

    SMARTLIST_FOREACH_BEGIN(matches, consensus_cache_entry_t *, ent) {

      const char *lv_compression =

        consensus_cache_entry_get_value(ent, LABEL_COMPRESSION_TYPE);

      compress_method_t method =

        compression_method_get_by_name(lv_compression);

      int pos = consensus_compression_method_pos(method);

      if (pos < 0)

        continue;

      consensus_cache_entry_handle_free(latest_consensus[flav][pos]);

      latest_consensus[flav][pos] = consensus_cache_entry_handle_new(ent);

    } SMARTLIST_FOREACH_END(ent);

  }

  smartlist_free(matches);

}


/**

 * Scan the cache for diffs, and add them to the hashtable.

 */

static void

consdiffmgr_diffs_load(void)

{

  smartlist_t *diffs = smartlist_new();

  consensus_cache_find_all(diffs, cdm_cache_get(),

                           LABEL_DOCTYPE, DOCTYPE_CONSENSUS_DIFF);

  SMARTLIST_FOREACH_BEGIN(diffs, consensus_cache_entry_t *, diff) {

    const char *lv_flavor =

      consensus_cache_entry_get_value(diff, LABEL_FLAVOR);

    if (!lv_flavor)

      continue;

    int flavor = networkstatus_parse_flavor_name(lv_flavor);

    if (flavor < 0)

      continue;

    const char *lv_compression =

      consensus_cache_entry_get_value(diff, LABEL_COMPRESSION_TYPE);

    compress_method_t method = NO_METHOD;

    if (lv_compression) {

      method = compression_method_get_by_name(lv_compression);

      if (method == UNKNOWN_METHOD) {

        continue;

      }

    }


    uint8_t from_sha3[DIGEST256_LEN];

    uint8_t to_sha3[DIGEST256_LEN];

    if (cdm_entry_get_sha3_value(from_sha3, diff, LABEL_FROM_SHA3_DIGEST)<0)

      continue;

    if (cdm_entry_get_sha3_value(to_sha3, diff, LABEL_TARGET_SHA3_DIGEST)<0)

      continue;


    cdm_diff_ht_set_status(flavor, from_sha3, to_sha3,

                           method,

                           CDM_DIFF_PRESENT,

                           consensus_cache_entry_handle_new(diff));

  } SMARTLIST_FOREACH_END(diff);

  smartlist_free(diffs);

}


/**

 * Build new diffs as needed.

 */

void

consdiffmgr_rescan(void)

{

  if (cdm_cache_dirty == 0)

    return;


  // Clean up here to make room for new diffs, and to ensure that older

  // consensuses do not have any entries.

  consdiffmgr_cleanup();


  if (cdm_cache_loaded == 0) {

    consdiffmgr_diffs_load();

    consdiffmgr_consensus_load();

    cdm_cache_loaded = 1;

  }


  for (int flav = 0; flav < N_CONSENSUS_FLAVORS; ++flav) {

    consdiffmgr_rescan_flavor_((consensus_flavor_t) flav);

  }


  cdm_cache_dirty = 0;

}


/** Callback wrapper for consdiffmgr_rescan */

static void

consdiffmgr_rescan_cb(mainloop_event_t *ev, void *arg)

{

  (void)ev;

  (void)arg;

  consdiffmgr_rescan();

}


/** Mark the cache as dirty, and schedule a rescan event. */

static void

mark_cdm_cache_dirty(void)

{

  cdm_cache_dirty = 1;

  tor_assert(consdiffmgr_rescan_ev);

  mainloop_event_activate(consdiffmgr_rescan_ev);

}


/**

 * Helper: compare two files by their from-valid-after and valid-after labels,

 * trying to sort in ascending order by from-valid-after (when present) and

 * valid-after (when not).  Place everything that has neither label first in

 * the list.

 */

static int

compare_by_staleness_(const void **a, const void **b)

{

  const consensus_cache_entry_t *e1 = *a;

  const consensus_cache_entry_t *e2 = *b;

  const char *va1, *fva1, *va2, *fva2;

  va1 = consensus_cache_entry_get_value(e1, LABEL_VALID_AFTER);

  va2 = consensus_cache_entry_get_value(e2, LABEL_VALID_AFTER);

  fva1 = consensus_cache_entry_get_value(e1, LABEL_FROM_VALID_AFTER);

  fva2 = consensus_cache_entry_get_value(e2, LABEL_FROM_VALID_AFTER);


  if (fva1)

    va1 = fva1;

  if (fva2)

    va2 = fva2;


  /* See note about iso-encoded values in compare_by_valid_after_.  Also note

   * that missing dates will get placed first. */

  return strcmp_opt(va1, va2);

}


/** If there are not enough unused filenames to store <b>n</b> files, then

 * delete old consensuses until there are.  (We have to keep track of the

 * number of filenames because of the way that the seccomp2 cache works.)

 *

 * Return 0 on success, -1 on failure.

 **/

static int

consdiffmgr_ensure_space_for_files(int n)

{

  consensus_cache_t *cache = cdm_cache_get();

  if (consensus_cache_get_n_filenames_available(cache) >= n) {

    // there are already enough unused filenames.

    return 0;

  }

  // Try a cheap deletion of stuff that's waiting to get deleted.

  consensus_cache_delete_pending(cache, 0);

  if (consensus_cache_get_n_filenames_available(cache) >= n) {

    // okay, _that_ made enough filenames available.

    return 0;

  }

  // Let's get more assertive: clean out unused stuff, and force-remove

  // the files that we can.

  consdiffmgr_cleanup();

  consensus_cache_delete_pending(cache, 1);

  const int n_to_remove = n - consensus_cache_get_n_filenames_available(cache);

  if (n_to_remove <= 0) {

    // okay, finally!

    return 0;

  }


  // At this point, we're going to have to throw out objects that will be

  // missed.  Too bad!

  smartlist_t *objects = smartlist_new();

  consensus_cache_find_all(objects, cache, NULL, NULL);

  smartlist_sort(objects, compare_by_staleness_);

  int n_marked = 0;

  SMARTLIST_FOREACH_BEGIN(objects, consensus_cache_entry_t *, ent) {

    consensus_cache_entry_mark_for_removal(ent);

    if (++n_marked >= n_to_remove)

      break;

  } SMARTLIST_FOREACH_END(ent);

  smartlist_free(objects);


  consensus_cache_delete_pending(cache, 1);


  if (consensus_cache_may_overallocate(cache)) {

    /* If we're allowed to throw extra files into the cache, let's do so

     * rather getting upset.

     */

    return 0;

  }


  if (BUG(n_marked < n_to_remove))

    return -1;

  else

    return 0;

}


/**

 * Set consensus cache flags on the objects in this consdiffmgr.

 */

static void

consdiffmgr_set_cache_flags(void)

{

  /* Right now, we just mark the consensus objects for aggressive release,

   * so that they get mmapped for as little time as possible. */

  smartlist_t *objects = smartlist_new();

  consensus_cache_find_all(objects, cdm_cache_get(), LABEL_DOCTYPE,

                           DOCTYPE_CONSENSUS);

  SMARTLIST_FOREACH_BEGIN(objects, consensus_cache_entry_t *, ent) {

    consensus_cache_entry_mark_for_aggressive_release(ent);

  } SMARTLIST_FOREACH_END(ent);

  smartlist_free(objects);

}


/**

 * Called before shutdown: drop all storage held by the consdiffmgr.c module.

 */

void

consdiffmgr_free_all(void)

{

  cdm_diff_t **diff, **next;

  for (diff = HT_START(cdm_diff_ht, &cdm_diff_ht); diff; diff = next) {

    cdm_diff_t *this = *diff;

    next = HT_NEXT_RMV(cdm_diff_ht, &cdm_diff_ht, diff);

    cdm_diff_free(this);

  }

  int i;

  unsigned j;

  for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {

    for (j = 0; j < n_consensus_compression_methods(); ++j) {

      consensus_cache_entry_handle_free(latest_consensus[i][j]);

    }

  }

  memset(latest_consensus, 0, sizeof(latest_consensus));

  consensus_cache_free(cons_diff_cache);

  cons_diff_cache = NULL;

  mainloop_event_free(consdiffmgr_rescan_ev);

}


/* =====

   Thread workers

   =====*/


typedef struct compressed_result_t {

  config_line_t *labels;

  /**

   * Output: Body of the diff, as compressed.

   */

  uint8_t *body;

  /**

   * Output: length of body_out

   */

  size_t bodylen;

} compressed_result_t;


/**

 * Compress the bytestring <b>input</b> of length <b>len</b> using the

 * <b>n_methods</b> compression methods listed in the array <b>methods</b>.

 *

 * For each successful compression, set the fields in the <b>results_out</b>

 * array in the position corresponding to the compression method. Use

 * <b>labels_in</b> as a basis for the labels of the result.

 *

 * Return 0 if all compression succeeded; -1 if any failed.

 */

static int

compress_multiple(compressed_result_t *results_out, int n_methods,

                  const compress_method_t *methods,

                  const uint8_t *input, size_t len,

                  const config_line_t *labels_in)

{

  int rv = 0;

  int i;

  for (i = 0; i < n_methods; ++i) {

    compress_method_t method = methods[i];

    const char *methodname = compression_method_get_name(method);

    char *result;

    size_t sz;

    if (0 == tor_compress(&result, &sz, (const char*)input, len, method)) {

      results_out[i].body = (uint8_t*)result;

      results_out[i].bodylen = sz;

      results_out[i].labels = config_lines_dup(labels_in);

      cdm_labels_prepend_sha3(&results_out[i].labels, LABEL_SHA3_DIGEST,

                              results_out[i].body,

                              results_out[i].bodylen);

      config_line_prepend(&results_out[i].labels,

                          LABEL_COMPRESSION_TYPE,

                          methodname);

    } else {

      rv = -1;

    }

  }

  return rv;

}


/**

 * Given an array of <b>n</b> compressed_result_t in <b>results</b>,

 * as produced by compress_multiple, store them all into the

 * consdiffmgr, and store handles to them in the <b>handles_out</b>

 * array.

 *

 * Return CDM_DIFF_PRESENT if any was stored, and CDM_DIFF_ERROR if none

 * was stored.

 */

static cdm_diff_status_t

store_multiple(consensus_cache_entry_handle_t **handles_out,

               int n,

               const compress_method_t *methods,

               const compressed_result_t *results,

               const char *description)

{

  cdm_diff_status_t status = CDM_DIFF_ERROR;

  consdiffmgr_ensure_space_for_files(n);


  int i;

  for (i = 0; i < n; ++i) {

    compress_method_t method = methods[i];

    uint8_t *body_out = results[i].body;

    size_t bodylen_out = results[i].bodylen;

    config_line_t *labels = results[i].labels;

    const char *methodname = compression_method_get_name(method);

    if (body_out && bodylen_out && labels) {

      /* Success! Store the results */

      log_info(LD_DIRSERV, "Adding %s, compressed with %s",

               description, methodname);


      consensus_cache_entry_t *ent =

        consensus_cache_add(cdm_cache_get(),

                            labels,

                            body_out,

                            bodylen_out);

      if (ent == NULL) {

        static ratelim_t cant_store_ratelim = RATELIM_INIT(5*60);

        log_fn_ratelim(&cant_store_ratelim, LOG_WARN, LD_FS,

                       "Unable to store object %s compressed with %s.",

                       description, methodname);

        continue;

      }


      status = CDM_DIFF_PRESENT;

      handles_out[i] = consensus_cache_entry_handle_new(ent);

      consensus_cache_entry_decref(ent);

    }

  }

  return status;

}


/**

 * An object passed to a worker thread that will try to produce a consensus

 * diff.

 */

typedef struct consensus_diff_worker_job_t {

  /**

   * Input: The consensus to compute the diff from.  Holds a reference to the

   * cache entry, which must not be released until the job is passed back to

   * the main thread. The body must be mapped into memory in the main thread.

   */

  consensus_cache_entry_t *diff_from;

  /**

   * Input: The consensus to compute the diff to.  Holds a reference to the

   * cache entry, which must not be released until the job is passed back to

   * the main thread. The body must be mapped into memory in the main thread.

   */

  consensus_cache_entry_t *diff_to;


  /** Output: labels and bodies */

  compressed_result_t out[ARRAY_LENGTH(compress_diffs_with)];

} consensus_diff_worker_job_t;


/** Given a consensus_cache_entry_t, check whether it has a label claiming

 * that it was compressed.  If so, uncompress its contents into *<b>out</b> and

 * set <b>outlen</b> to hold their size, and set *<b>owned_out</b> to a pointer

 * that the caller will need to free.  If not, just set *<b>out</b> and

 * <b>outlen</b> to its extent in memory.  Return 0 on success, -1 on failure.

 **/

STATIC int

uncompress_or_set_ptr(const char **out, size_t *outlen,

                      char **owned_out,

                      consensus_cache_entry_t *ent)

{

  const uint8_t *body;

  size_t bodylen;


  *owned_out = NULL;


  if (consensus_cache_entry_get_body(ent, &body, &bodylen) < 0)

    return -1;


  const char *lv_compression =

    consensus_cache_entry_get_value(ent, LABEL_COMPRESSION_TYPE);

  compress_method_t method = NO_METHOD;


  if (lv_compression)

    method = compression_method_get_by_name(lv_compression);


  int rv;

  if (method == NO_METHOD) {

    *out = (const char *)body;

    *outlen = bodylen;

    rv = 0;

  } else {

    rv = tor_uncompress(owned_out, outlen, (const char *)body, bodylen,

                        method, 1, LOG_WARN);

    *out = *owned_out;

  }

  return rv;

}


/**

 * Worker function. This function runs inside a worker thread and receives

 * a consensus_diff_worker_job_t as its input.

 */

static workqueue_reply_t

consensus_diff_worker_threadfn(void *state_, void *work_)

{

  (void)state_;

  consensus_diff_worker_job_t *job = work_;

  const uint8_t *diff_from, *diff_to;

  size_t len_from, len_to;

  int r;

  /* We need to have the body already mapped into RAM here.

   */

  r = consensus_cache_entry_get_body(job->diff_from, &diff_from, &len_from);

  if (BUG(r < 0))

    return WQ_RPL_REPLY; // LCOV_EXCL_LINE

  r = consensus_cache_entry_get_body(job->diff_to, &diff_to, &len_to);

  if (BUG(r < 0))

    return WQ_RPL_REPLY; // LCOV_EXCL_LINE


  const char *lv_to_valid_after =

    consensus_cache_entry_get_value(job->diff_to, LABEL_VALID_AFTER);

  const char *lv_to_fresh_until =

    consensus_cache_entry_get_value(job->diff_to, LABEL_FRESH_UNTIL);

  const char *lv_to_valid_until =

    consensus_cache_entry_get_value(job->diff_to, LABEL_VALID_UNTIL);

  const char *lv_to_signatories =

    consensus_cache_entry_get_value(job->diff_to, LABEL_SIGNATORIES);

  const char *lv_from_valid_after =

    consensus_cache_entry_get_value(job->diff_from, LABEL_VALID_AFTER);

  const char *lv_from_digest =

    consensus_cache_entry_get_value(job->diff_from,

                                    LABEL_SHA3_DIGEST_AS_SIGNED);

  const char *lv_from_flavor =

    consensus_cache_entry_get_value(job->diff_from, LABEL_FLAVOR);

  const char *lv_to_flavor =

    consensus_cache_entry_get_value(job->diff_to, LABEL_FLAVOR);

  const char *lv_to_digest =

    consensus_cache_entry_get_value(job->diff_to,

                                    LABEL_SHA3_DIGEST_UNCOMPRESSED);


  if (! lv_from_digest) {

    /* This isn't a bug right now, since it can happen if you're migrating

     * from an older version of master to a newer one.  The older ones didn't

     * annotate their stored consensus objects with sha3-digest-as-signed.

    */

    return WQ_RPL_REPLY; // LCOV_EXCL_LINE

  }


  /* All these values are mandatory on the input */

  if (BUG(!lv_to_valid_after) ||

      BUG(!lv_from_valid_after) ||

      BUG(!lv_from_flavor) ||

      BUG(!lv_to_flavor)) {

    return WQ_RPL_REPLY; // LCOV_EXCL_LINE

  }

  /* The flavors need to match */

  if (BUG(strcmp(lv_from_flavor, lv_to_flavor))) {

    return WQ_RPL_REPLY; // LCOV_EXCL_LINE

  }


  char *consensus_diff;

  {

    const char *diff_from_nt = NULL, *diff_to_nt = NULL;

    char *owned1 = NULL, *owned2 = NULL;

    size_t diff_from_nt_len, diff_to_nt_len;


    if (uncompress_or_set_ptr(&diff_from_nt, &diff_from_nt_len, &owned1,

                              job->diff_from) < 0) {

      return WQ_RPL_REPLY;

    }

    if (uncompress_or_set_ptr(&diff_to_nt, &diff_to_nt_len, &owned2,

                              job->diff_to) < 0) {

      tor_free(owned1);

      return WQ_RPL_REPLY;

    }

    tor_assert(diff_from_nt);

    tor_assert(diff_to_nt);


    // XXXX ugh; this is going to calculate the SHA3 of both its

    // XXXX inputs again, even though we already have that. Maybe it's time

    // XXXX to change the API here?

    consensus_diff = consensus_diff_generate(diff_from_nt,

                                             diff_from_nt_len,

                                             diff_to_nt,

                                             diff_to_nt_len);

    tor_free(owned1);

    tor_free(owned2);

  }

  if (!consensus_diff) {

    /* Couldn't generate consensus; we'll leave the reply blank. */

    return WQ_RPL_REPLY;

  }


  /* Compress the results and send the reply */

  tor_assert(compress_diffs_with[0] == NO_METHOD);

  size_t difflen = strlen(consensus_diff);

  job->out[0].body = (uint8_t *) consensus_diff;

  job->out[0].bodylen = difflen;


  config_line_t *common_labels = NULL;

  if (lv_to_valid_until)

    config_line_prepend(&common_labels, LABEL_VALID_UNTIL, lv_to_valid_until);

  if (lv_to_fresh_until)

    config_line_prepend(&common_labels, LABEL_FRESH_UNTIL, lv_to_fresh_until);

  if (lv_to_signatories)

    config_line_prepend(&common_labels, LABEL_SIGNATORIES, lv_to_signatories);

  cdm_labels_prepend_sha3(&common_labels,

                          LABEL_SHA3_DIGEST_UNCOMPRESSED,

                          job->out[0].body,

                          job->out[0].bodylen);

  config_line_prepend(&common_labels, LABEL_FROM_VALID_AFTER,

                      lv_from_valid_after);

  config_line_prepend(&common_labels, LABEL_VALID_AFTER,

                      lv_to_valid_after);

  config_line_prepend(&common_labels, LABEL_FLAVOR, lv_from_flavor);

  config_line_prepend(&common_labels, LABEL_FROM_SHA3_DIGEST,

                      lv_from_digest);

  config_line_prepend(&common_labels, LABEL_TARGET_SHA3_DIGEST,

                      lv_to_digest);

  config_line_prepend(&common_labels, LABEL_DOCTYPE,

                      DOCTYPE_CONSENSUS_DIFF);


  job->out[0].labels = config_lines_dup(common_labels);

  cdm_labels_prepend_sha3(&job->out[0].labels,

                          LABEL_SHA3_DIGEST,

                          job->out[0].body,

                          job->out[0].bodylen);


  compress_multiple(job->out+1,

                    n_diff_compression_methods()-1,

                    compress_diffs_with+1,

                    (const uint8_t*)consensus_diff, difflen, common_labels);


  config_free_lines(common_labels);

  return WQ_RPL_REPLY;

}


#define consensus_diff_worker_job_free(job)             \

  FREE_AND_NULL(consensus_diff_worker_job_t,            \

                consensus_diff_worker_job_free_, (job))


/**

 * Helper: release all storage held in <b>job</b>.

 */

static void

consensus_diff_worker_job_free_(consensus_diff_worker_job_t *job)

{

  if (!job)

    return;

  unsigned u;

  for (u = 0; u < n_diff_compression_methods(); ++u) {

    config_free_lines(job->out[u].labels);

    tor_free(job->out[u].body);

  }

  consensus_cache_entry_decref(job->diff_from);

  consensus_cache_entry_decref(job->diff_to);

  tor_free(job);

}


/**

 * Worker function: This function runs in the main thread, and receives

 * a consensus_diff_worker_job_t that the worker thread has already

 * processed.

 */

static void

consensus_diff_worker_replyfn(void *work_)

{

  tor_assert(in_main_thread());

  tor_assert(work_);


  consensus_diff_worker_job_t *job = work_;


  const char *lv_from_digest =

    consensus_cache_entry_get_value(job->diff_from,

                                    LABEL_SHA3_DIGEST_AS_SIGNED);

  const char *lv_to_digest =

    consensus_cache_entry_get_value(job->diff_to,

                                    LABEL_SHA3_DIGEST_UNCOMPRESSED);

  const char *lv_flavor =

    consensus_cache_entry_get_value(job->diff_to, LABEL_FLAVOR);

  if (BUG(lv_from_digest == NULL))

    lv_from_digest = "???"; // LCOV_EXCL_LINE

  if (BUG(lv_to_digest == NULL))

    lv_to_digest = "???"; // LCOV_EXCL_LINE


  uint8_t from_sha3[DIGEST256_LEN];

  uint8_t to_sha3[DIGEST256_LEN];

  int flav = -1;

  int cache = 1;

  if (BUG(cdm_entry_get_sha3_value(from_sha3, job->diff_from,

                                   LABEL_SHA3_DIGEST_AS_SIGNED) < 0))

    cache = 0;

  if (BUG(cdm_entry_get_sha3_value(to_sha3, job->diff_to,

                                   LABEL_SHA3_DIGEST_UNCOMPRESSED) < 0))

    cache = 0;

  if (BUG(lv_flavor == NULL)) {

    cache = 0;

  } else if ((flav = networkstatus_parse_flavor_name(lv_flavor)) < 0) {

    cache = 0;

  }


  consensus_cache_entry_handle_t *handles[ARRAY_LENGTH(compress_diffs_with)];

  memset(handles, 0, sizeof(handles));


  char description[128];

  tor_snprintf(description, sizeof(description),

               "consensus diff from %s to %s",

               lv_from_digest, lv_to_digest);


  int status = store_multiple(handles,

                              n_diff_compression_methods(),

                              compress_diffs_with,

                              job->out,

                              description);


  if (status != CDM_DIFF_PRESENT) {

    /* Failure! Nothing to do but complain */

    log_warn(LD_DIRSERV,

             "Worker was unable to compute consensus diff "

             "from %s to %s", lv_from_digest, lv_to_digest);

    /* Cache this error so we don't try to compute this one again. */

    status = CDM_DIFF_ERROR;

  }


  unsigned u;

  for (u = 0; u < ARRAY_LENGTH(handles); ++u) {

    compress_method_t method = compress_diffs_with[u];

    if (cache) {

      consensus_cache_entry_handle_t *h = handles[u];

      int this_status = status;

      if (h == NULL) {

        this_status = CDM_DIFF_ERROR;

      }

      tor_assert_nonfatal(h != NULL || this_status == CDM_DIFF_ERROR);

      cdm_diff_ht_set_status(flav, from_sha3, to_sha3, method, this_status, h);

    } else {

      consensus_cache_entry_handle_free(handles[u]);

    }

  }


  consensus_diff_worker_job_free(job);

}


/**

 * Queue the job of computing the diff from <b>diff_from</b> to <b>diff_to</b>

 * in a worker thread.

 */

static int

consensus_diff_queue_diff_work(consensus_cache_entry_t *diff_from,

                               consensus_cache_entry_t *diff_to)

{

  tor_assert(in_main_thread());


  consensus_cache_entry_incref(diff_from);

  consensus_cache_entry_incref(diff_to);


  consensus_diff_worker_job_t *job = tor_malloc_zero(sizeof(*job));

  job->diff_from = diff_from;

  job->diff_to = diff_to;


  /* Make sure body is mapped. */

  const uint8_t *body;

  size_t bodylen;

  int r1 = consensus_cache_entry_get_body(diff_from, &body, &bodylen);

  int r2 = consensus_cache_entry_get_body(diff_to, &body, &bodylen);

  if (r1 < 0 || r2 < 0)

    goto err;


  workqueue_entry_t *work;

  work = cpuworker_queue_work(WQ_PRI_LOW,

                              consensus_diff_worker_threadfn,

                              consensus_diff_worker_replyfn,

                              job);

  if (!work)

    goto err;


  return 0;

 err:

  consensus_diff_worker_job_free(job); // includes decrefs.

  return -1;

}


/**

 * Holds requests and replies for consensus_compress_workers.

 */

typedef struct consensus_compress_worker_job_t {

  char *consensus;

  size_t consensus_len;

  consensus_flavor_t flavor;

  config_line_t *labels_in;

  compressed_result_t out[ARRAY_LENGTH(compress_consensus_with)];

} consensus_compress_worker_job_t;


#define consensus_compress_worker_job_free(job) \

  FREE_AND_NULL(consensus_compress_worker_job_t, \

                consensus_compress_worker_job_free_, (job))


/**

 * Free all resources held in <b>job</b>

 */

static void

consensus_compress_worker_job_free_(consensus_compress_worker_job_t *job)

{

  if (!job)

    return;

  tor_free(job->consensus);

  config_free_lines(job->labels_in);

  unsigned u;

  for (u = 0; u < n_consensus_compression_methods(); ++u) {

    config_free_lines(job->out[u].labels);

    tor_free(job->out[u].body);

  }

  tor_free(job);

}

/**

 * Worker function. This function runs inside a worker thread and receives

 * a consensus_compress_worker_job_t as its input.

 */

static workqueue_reply_t

consensus_compress_worker_threadfn(void *state_, void *work_)

{

  (void)state_;

  consensus_compress_worker_job_t *job = work_;

  consensus_flavor_t flavor = job->flavor;

  const char *consensus = job->consensus;

  size_t bodylen = job->consensus_len;


  config_line_t *labels = config_lines_dup(job->labels_in);

  const char *flavname = networkstatus_get_flavor_name(flavor);


  cdm_labels_prepend_sha3(&labels, LABEL_SHA3_DIGEST_UNCOMPRESSED,

                          (const uint8_t *)consensus, bodylen);

  {

    const char *start, *end;

    if (router_get_networkstatus_v3_signed_boundaries(consensus, bodylen,

                                                      &start, &end) < 0) {

      start = consensus;

      end = consensus+bodylen;

    }

    cdm_labels_prepend_sha3(&labels, LABEL_SHA3_DIGEST_AS_SIGNED,

                            (const uint8_t *)start,

                            end - start);

  }

  config_line_prepend(&labels, LABEL_FLAVOR, flavname);

  config_line_prepend(&labels, LABEL_DOCTYPE, DOCTYPE_CONSENSUS);


  compress_multiple(job->out,

                    n_consensus_compression_methods(),

                    compress_consensus_with,

                    (const uint8_t*)consensus, bodylen, labels);

  config_free_lines(labels);

  return WQ_RPL_REPLY;

}


/**

 * Worker function: This function runs in the main thread, and receives

 * a consensus_diff_compress_job_t that the worker thread has already

 * processed.

 */

static void

consensus_compress_worker_replyfn(void *work_)

{

  consensus_compress_worker_job_t *job = work_;


  consensus_cache_entry_handle_t *handles[

                               ARRAY_LENGTH(compress_consensus_with)];

  memset(handles, 0, sizeof(handles));


  store_multiple(handles,

                 n_consensus_compression_methods(),

                 compress_consensus_with,

                 job->out,

                 "consensus");

  mark_cdm_cache_dirty();


  unsigned u;

  consensus_flavor_t f = job->flavor;

  tor_assert((int)f < N_CONSENSUS_FLAVORS);

  for (u = 0; u < ARRAY_LENGTH(handles); ++u) {

    if (handles[u] == NULL)

      continue;

    consensus_cache_entry_handle_free(latest_consensus[f][u]);

    latest_consensus[f][u] = handles[u];

  }


  consensus_compress_worker_job_free(job);

}


/**

 * If true, we compress in worker threads.

 */

static int background_compression = 0;


/**

 * Queue a job to compress <b>consensus</b> and store its compressed

 * text in the cache.

 */

static int

consensus_queue_compression_work(const char *consensus,

                                 size_t consensus_len,

                                 const networkstatus_t *as_parsed)

{

  tor_assert(consensus);

  tor_assert(as_parsed);


  consensus_compress_worker_job_t *job = tor_malloc_zero(sizeof(*job));

  job->consensus = tor_memdup_nulterm(consensus, consensus_len);

  job->consensus_len = strlen(job->consensus);

  job->flavor = as_parsed->flavor;


  char va_str[ISO_TIME_LEN+1];

  char vu_str[ISO_TIME_LEN+1];

  char fu_str[ISO_TIME_LEN+1];

  format_iso_time_nospace(va_str, as_parsed->valid_after);

  format_iso_time_nospace(fu_str, as_parsed->fresh_until);

  format_iso_time_nospace(vu_str, as_parsed->valid_until);

  config_line_append(&job->labels_in, LABEL_VALID_AFTER, va_str);

  config_line_append(&job->labels_in, LABEL_FRESH_UNTIL, fu_str);

  config_line_append(&job->labels_in, LABEL_VALID_UNTIL, vu_str);

  if (as_parsed->voters) {

    smartlist_t *hexvoters = smartlist_new();

    SMARTLIST_FOREACH_BEGIN(as_parsed->voters,

                            networkstatus_voter_info_t *, vi) {

      if (smartlist_len(vi->sigs) == 0)

        continue; // didn't sign.

      char d[HEX_DIGEST_LEN+1];

      base16_encode(d, sizeof(d), vi->identity_digest, DIGEST_LEN);

      smartlist_add_strdup(hexvoters, d);

    } SMARTLIST_FOREACH_END(vi);

    char *signers = smartlist_join_strings(hexvoters, ",", 0, NULL);

    config_line_prepend(&job->labels_in, LABEL_SIGNATORIES, signers);

    tor_free(signers);

    SMARTLIST_FOREACH(hexvoters, char *, cp, tor_free(cp));

    smartlist_free(hexvoters);

  }


  if (background_compression) {

    workqueue_entry_t *work;

    work = cpuworker_queue_work(WQ_PRI_LOW,

                                consensus_compress_worker_threadfn,

                                consensus_compress_worker_replyfn,

                                job);

    if (!work) {

      consensus_compress_worker_job_free(job);

      return -1;

    }


    return 0;

  } else {

    consensus_compress_worker_threadfn(NULL, job);

    consensus_compress_worker_replyfn(job);

    return 0;

  }

}


/**

 * Tell the consdiffmgr backend to compress consensuses in worker threads.

 */

void

consdiffmgr_enable_background_compression(void)

{

  // This isn't the default behavior because it would break unit tests.

  background_compression = 1;

}


/** Read the set of voters from the cached object <b>ent</b> into

 * <b>out</b>, as a list of hex-encoded digests. Return 0 on success,

 * -1 if no signatories were recorded. */

int

consensus_cache_entry_get_voter_id_digests(const consensus_cache_entry_t *ent,

                                           smartlist_t *out)

{

  tor_assert(ent);

  tor_assert(out);

  const char *s;

  s = consensus_cache_entry_get_value(ent, LABEL_SIGNATORIES);

  if (s == NULL)

    return -1;

  smartlist_split_string(out, s, ",", SPLIT_SKIP_SPACE|SPLIT_STRIP_SPACE, 0);

  return 0;

}


/** Read the fresh-until time of cached object <b>ent</b> into *<b>out</b>

 * and return 0, or return -1 if no such time was recorded. */

int

consensus_cache_entry_get_fresh_until(const consensus_cache_entry_t *ent,

                                      time_t *out)

{

  tor_assert(ent);

  tor_assert(out);

  const char *s;

  s = consensus_cache_entry_get_value(ent, LABEL_FRESH_UNTIL);

  if (s == NULL || parse_iso_time_nospace(s, out) < 0)

    return -1;

  else

    return 0;

}


/** Read the valid until timestamp from the cached object <b>ent</b> into

 * *<b>out</b> and return 0, or return -1 if no such time was recorded. */

int

consensus_cache_entry_get_valid_until(const consensus_cache_entry_t *ent,

                                      time_t *out)

{

  tor_assert(ent);

  tor_assert(out);


  const char *s;

  s = consensus_cache_entry_get_value(ent, LABEL_VALID_UNTIL);

  if (s == NULL || parse_iso_time_nospace(s, out) < 0)

    return -1;

  else

    return 0;

}


/** Read the valid after timestamp from the cached object <b>ent</b> into

 * *<b>out</b> and return 0, or return -1 if no such time was recorded. */

int

consensus_cache_entry_get_valid_after(const consensus_cache_entry_t *ent,

                                      time_t *out)

{

  tor_assert(ent);

  tor_assert(out);


  const char *s;

  s = consensus_cache_entry_get_value(ent, LABEL_VALID_AFTER);


  if (s == NULL || parse_iso_time_nospace(s, out) < 0)

    return -1;

  else

    return 0;

}