Data Structures | Macros | Typedefs | Functions | Variables
process_descs.c File Reference
#include "core/or/or.h"
#include "feature/dirauth/process_descs.h"
#include "app/config/config.h"
#include "core/or/policies.h"
#include "core/or/versions.h"
#include "feature/dirauth/keypin.h"
#include "feature/dirauth/reachability.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/dirparse/routerparse.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/router.h"
#include "core/or/tor_version_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"
#include "lib/encoding/confline.h"

Go to the source code of this file.

Data Structures

struct  authdir_config_t


#define ROUTER_ALLOW_SKEW   (60*60*12)
#define FP_INVALID   2
#define FP_REJECT   4
#define FP_BADEXIT   16


typedef uint32_t router_status_t
typedef struct authdir_config_t authdir_config_t


static void directory_remove_invalid (void)
static was_router_added_t dirserv_add_extrainfo (extrainfo_t *ei, const char **msg)
static uint32_t dirserv_get_status_impl (const char *fp, const char *nickname, uint32_t addr, uint16_t or_port, const char *platform, const char **msg, int severity)
static void add_fingerprint_to_dir (const char *fp, struct authdir_config_t *list, router_status_t add_status)
static authdir_config_tauthdir_config_new (void)
int dirserv_add_own_fingerprint (crypto_pk_t *pk)
int dirserv_load_fingerprint_file (void)
uint32_t dirserv_router_get_status (const routerinfo_t *router, const char **msg, int severity)
int dirserv_would_reject_router (const routerstatus_t *rs)
void dirserv_free_fingerprint_list (void)
STATIC int dirserv_router_has_valid_address (routerinfo_t *ri)
int authdir_wants_to_reject_router (routerinfo_t *ri, const char **msg, int complain, int *valid_out)
void dirserv_set_node_flags_from_authoritative_status (node_t *node, uint32_t authstatus)
static int WRA_MORE_SEVERE (was_router_added_t a, was_router_added_t b)
was_router_added_t dirserv_add_multiple_descriptors (const char *desc, size_t desclen, uint8_t purpose, const char *source, const char **msg)
was_router_added_t dirserv_add_descriptor (routerinfo_t *ri, const char **msg, const char *source)


static authdir_config_tfingerprint_list = NULL

Detailed Description

Make decisions about uploaded descriptors.

Authorities use the code in this module to decide what to do with just- uploaded descriptors, and to manage the fingerprint file that helps them make those decisions.

Definition in file process_descs.c.

Macro Definition Documentation


#define FP_BADEXIT   16

We'll tell clients not to use this as an exit.

Definition at line 59 of file process_descs.c.


#define FP_INVALID   2

Believed invalid.

Definition at line 56 of file process_descs.c.


#define FP_REJECT   4

We will not publish this router.

Definition at line 57 of file process_descs.c.


#define ROUTER_ALLOW_SKEW   (60*60*12)

How far in the future do we allow a router to get? (seconds)

Definition at line 43 of file process_descs.c.

Typedef Documentation

◆ authdir_config_t

List of nickname->identity fingerprint mappings for all the routers that we name. Used to prevent router impersonation.

◆ router_status_t

typedef uint32_t router_status_t

Target of status_by_digest map.

Definition at line 63 of file process_descs.c.

Function Documentation

◆ add_fingerprint_to_dir()

void add_fingerprint_to_dir ( const char *  fp,
authdir_config_t list,
router_status_t  add_status 

Add the fingerprint fp to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status.

Definition at line 94 of file process_descs.c.

References DIGEST_LEN.

◆ authdir_config_new()

static authdir_config_t* authdir_config_new ( void  )

Allocate and return a new, empty, authdir_config_t.

Definition at line 81 of file process_descs.c.

Referenced by dirserv_get_status_impl().

◆ authdir_wants_to_reject_router()

int authdir_wants_to_reject_router ( routerinfo_t ri,
const char **  msg,
int  complain,
int *  valid_out 

Check whether we, as a directory server, want to accept ri. If so, set its is_valid,running fields and return 0. Otherwise, return -1.

If the router is rejected, set *msg to an explanation of why.

If complain then explain at log-level 'notice' why we refused a descriptor; else explain at log-level 'info'.

Definition at line 467 of file process_descs.c.

References routerinfo_t::contact_info, LOG_INFO, and LOG_NOTICE.

◆ directory_remove_invalid()

static void directory_remove_invalid ( void  )

Remove all descriptors whose nicknames or fingerprints no longer are allowed by our fingerprint list. (Descriptors that used to be good can become bad when we reload the fingerprint list.)

Definition at line 823 of file process_descs.c.

References dirserv_router_get_status(), FP_REJECT, LOG_INFO, router_describe(), router_get_routerlist(), smartlist_add_all(), and SMARTLIST_FOREACH_BEGIN.

◆ dirserv_add_descriptor()

was_router_added_t dirserv_add_descriptor ( routerinfo_t ri,
const char **  msg,
const char *  source 

Examine the parsed server descriptor in ri and maybe insert it into the list of server descriptors. Set *msg to a message that should be passed back to the origin of this descriptor, or NULL if there is no such message. Use source to produce better log messages.

If ri is not added to the list of server descriptors, free it. That means the caller must not access ri after this function returns, since it might have been freed.

Return the status of the operation.

This function is only called when fresh descriptors are posted, not when we re-load the cache.

Definition at line 633 of file process_descs.c.

References signed_descriptor_t::annotations_len, MAX_DESCRIPTOR_UPLOAD_SIZE, and signed_descriptor_t::signed_descriptor_len.

◆ dirserv_add_extrainfo()

static was_router_added_t dirserv_add_extrainfo ( extrainfo_t ei,
const char **  msg 

As dirserv_add_descriptor, but for an extrainfo_t ei.

Definition at line 762 of file process_descs.c.

References signed_descriptor_t::identity_digest, router_get_mutable_by_digest(), and tor_assert().

◆ dirserv_add_multiple_descriptors()

was_router_added_t dirserv_add_multiple_descriptors ( const char *  desc,
size_t  desclen,
uint8_t  purpose,
const char *  source,
const char **  msg 

As for dirserv_add_descriptor(), but accepts multiple documents, and returns the most severe error that occurred for any one of them.

Definition at line 537 of file process_descs.c.


◆ dirserv_add_own_fingerprint()

int dirserv_add_own_fingerprint ( crypto_pk_t pk)

Add the fingerprint for this OR to the global list of recognized identity key fingerprints.

Definition at line 127 of file process_descs.c.

References crypto_pk_get_fingerprint(), and FINGERPRINT_LEN.

◆ dirserv_free_fingerprint_list()

void dirserv_free_fingerprint_list ( void  )

Clear the current fingerprint list.

Definition at line 415 of file process_descs.c.

References fingerprint_list.

◆ dirserv_get_status_impl()

static uint32_t dirserv_get_status_impl ( const char *  id_digest,
const char *  nickname,
uint32_t  addr,
uint16_t  or_port,
const char *  platform,
const char **  msg,
int  severity 

Helper: As dirserv_router_get_status, but takes the router fingerprint (hex, no spaces), nickname, address (used for logging only), IP address, OR port and platform (logging only) as arguments.

Log messages at 'severity'. (There's not much point in logging that we're rejecting servers we'll not download.)

Definition at line 326 of file process_descs.c.

References authdir_config_new(), and fingerprint_list.

Referenced by dirserv_would_reject_router().

◆ dirserv_load_fingerprint_file()

int dirserv_load_fingerprint_file ( void  )

Load the nickname->fingerprint mappings stored in the approved-routers file. The file format is line-based, with each non-blank holding one nickname, some space, and a fingerprint for that nickname. On success, replace the current fingerprint list with the new list and return 0. On failure, leave the current fingerprint list untouched, and return -1.

Definition at line 146 of file process_descs.c.

◆ dirserv_router_get_status()

uint32_t dirserv_router_get_status ( const routerinfo_t router,
const char **  msg,
int  severity 

Check whether router has:

  • a nickname/identity key combination that we recognize from the fingerprint list,
  • an IP we automatically act on according to our configuration,
  • an appropriate version, and
  • matching pinned keys.

Return the appropriate router status.

If the status is 'FP_REJECT' and msg is provided, set *msg to an explanation of why.

Definition at line 231 of file process_descs.c.

References crypto_pk_get_digest(), DIGEST_LEN, and routerinfo_t::identity_pkey.

Referenced by directory_remove_invalid().

◆ dirserv_router_has_valid_address()

STATIC int dirserv_router_has_valid_address ( routerinfo_t ri)

Return -1 if ri has a private or otherwise bad address, unless we're configured to not care. Return 0 if all ok.

Definition at line 432 of file process_descs.c.

References routerinfo_t::addr, and tor_addr_from_ipv4h.

◆ dirserv_set_node_flags_from_authoritative_status()

void dirserv_set_node_flags_from_authoritative_status ( node_t node,
uint32_t  authstatus 

Update the relevant flags of node based on our opinion as a directory authority in authstatus, as returned by dirserv_router_get_status or equivalent.

Definition at line 520 of file process_descs.c.

References FP_BADEXIT, FP_INVALID, node_t::is_bad_exit, and node_t::is_valid.

◆ dirserv_would_reject_router()

int dirserv_would_reject_router ( const routerstatus_t rs)

Return true if there is no point in downloading the router described by rs because this directory would reject it.

Definition at line 307 of file process_descs.c.

References routerstatus_t::addr, dirserv_get_status_impl(), FP_REJECT, routerstatus_t::identity_digest, LOG_DEBUG, routerstatus_t::nickname, and routerstatus_t::or_port.


static int WRA_MORE_SEVERE ( was_router_added_t  a,
was_router_added_t  b 

True iff a is more severe than b.

Definition at line 529 of file process_descs.c.

Variable Documentation

◆ fingerprint_list

authdir_config_t* fingerprint_list = NULL

Should be static; exposed for testing.

Definition at line 77 of file process_descs.c.

Referenced by dirserv_free_fingerprint_list(), and dirserv_get_status_impl().