Tor  0.4.5.0-alpha-dev
reachability.c
Go to the documentation of this file.
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2020, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
6 /**
7  * \file reachability.c
8  * \brief Router reachability testing; run by authorities to tell who is
9  * running.
10  */
11 
12 #include "core/or/or.h"
14 
15 #include "app/config/config.h"
16 #include "core/or/channel.h"
17 #include "core/or/channeltls.h"
18 #include "core/or/command.h"
26 #include "feature/stats/rephist.h"
27 
32 
33 /** Called when a TLS handshake has completed successfully with a
34  * router listening at <b>address</b>:<b>or_port</b>, and has yielded
35  * a certificate with digest <b>digest_rcvd</b>.
36  *
37  * Inform the reachability checker that we could get to this relay.
38  */
39 void
41  uint16_t or_port,
42  const char *digest_rcvd,
43  const ed25519_public_key_t *ed_id_rcvd)
44 {
45  node_t *node = NULL;
46  tor_addr_port_t orport;
47  routerinfo_t *ri = NULL;
48  time_t now = time(NULL);
49  tor_assert(addr);
50  tor_assert(digest_rcvd);
51 
52  node = node_get_mutable_by_id(digest_rcvd);
53  if (node == NULL || node->ri == NULL)
54  return;
55 
56  ri = node->ri;
57 
58  if (dirauth_get_options()->AuthDirTestEd25519LinkKeys &&
60  ri->cache_info.signing_key_cert) {
61  /* We allow the node to have an ed25519 key if we haven't been told one in
62  * the routerinfo, but if we *HAVE* been told one in the routerinfo, it
63  * needs to match. */
64  const ed25519_public_key_t *expected_id =
65  &ri->cache_info.signing_key_cert->signing_key;
67  if (! ed_id_rcvd || ! ed25519_pubkey_eq(ed_id_rcvd, expected_id)) {
68  log_info(LD_DIRSERV, "Router at %s:%d with RSA ID %s "
69  "did not present expected Ed25519 ID.",
70  fmt_addr(addr), or_port, hex_str(digest_rcvd, DIGEST_LEN));
71  return; /* Don't mark it as reachable. */
72  }
73  }
74 
75  tor_addr_copy(&orport.addr, addr);
76  orport.port = or_port;
77  if (router_has_orport(ri, &orport)) {
78  /* Found the right router. */
81  char addrstr[TOR_ADDR_BUF_LEN];
82  /* This is a bridge or we're not a bridge authority --
83  mark it as reachable. */
84  log_info(LD_DIRSERV, "Found router %s to be reachable at %s:%d. Yay.",
85  router_describe(ri),
86  tor_addr_to_str(addrstr, addr, sizeof(addrstr), 1),
87  ri->ipv4_orport);
88  if (tor_addr_family(addr) == AF_INET) {
89  rep_hist_note_router_reachable(digest_rcvd, addr, or_port, now);
90  node->last_reachable = now;
91  } else if (tor_addr_family(addr) == AF_INET6) {
92  /* No rephist for IPv6. */
93  node->last_reachable6 = now;
94  }
95  }
96  }
97 }
98 
99 /** Called when we, as an authority, receive a new router descriptor either as
100  * an upload or a download. Used to decide whether to relaunch reachability
101  * testing for the server. */
102 int
104  const routerinfo_t *ri_old)
105 {
107  return 0;
108  if (! dirauth_get_options()->AuthDirTestReachability)
109  return 0;
110  if (!ri_old) {
111  /* New router: Launch an immediate reachability test, so we will have an
112  * opinion soon in case we're generating a consensus soon */
113  return 1;
114  }
115  if (ri_old->is_hibernating && !ri->is_hibernating) {
116  /* It just came out of hibernation; launch a reachability test */
117  return 1;
118  }
119  if (! routers_have_same_or_addrs(ri, ri_old)) {
120  /* Address or port changed; launch a reachability test */
121  return 1;
122  }
123  return 0;
124 }
125 
126 /** Helper function for dirserv_test_reachability(). Start a TLS
127  * connection to <b>router</b>, and annotate it with when we started
128  * the test. */
129 void
131 {
132  const dirauth_options_t *dirauth_options = dirauth_get_options();
133  channel_t *chan = NULL;
134  const node_t *node = NULL;
135  const ed25519_public_key_t *ed_id_key;
136  (void) now;
137 
138  tor_assert(router);
139  node = node_get_by_id(router->cache_info.identity_digest);
140  tor_assert(node);
141 
142  if (dirauth_options->AuthDirTestEd25519LinkKeys &&
144  router->cache_info.signing_key_cert) {
145  ed_id_key = &router->cache_info.signing_key_cert->signing_key;
146  } else {
147  ed_id_key = NULL;
148  }
149 
150  /* IPv4. */
151  log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
152  router->nickname, fmt_addr(&router->ipv4_addr),
153  router->ipv4_orport);
154  chan = channel_tls_connect(&router->ipv4_addr, router->ipv4_orport,
155  router->cache_info.identity_digest,
156  ed_id_key);
157  if (chan) command_setup_channel(chan);
158 
159  /* Possible IPv6. */
160  if (dirauth_get_options()->AuthDirHasIPv6Connectivity == 1 &&
161  !tor_addr_is_null(&router->ipv6_addr)) {
162  char addrstr[TOR_ADDR_BUF_LEN];
163  log_debug(LD_OR, "Testing reachability of %s at %s:%u.",
164  router->nickname,
165  tor_addr_to_str(addrstr, &router->ipv6_addr, sizeof(addrstr), 1),
166  router->ipv6_orport);
167  chan = channel_tls_connect(&router->ipv6_addr, router->ipv6_orport,
168  router->cache_info.identity_digest,
169  ed_id_key);
170  if (chan) command_setup_channel(chan);
171  }
172 }
173 
174 /** Auth dir server only: load balance such that we only
175  * try a few connections per call.
176  *
177  * The load balancing is such that if we get called once every ten
178  * seconds, we will cycle through all the tests in
179  * REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
180  */
181 void
183 {
184  /* XXX decide what to do here; see or-talk thread "purging old router
185  * information, revocation." -NM
186  * We can't afford to mess with this in 0.1.2.x. The reason is that
187  * if we stop doing reachability tests on some of routerlist, then
188  * we'll for-sure think they're down, which may have unexpected
189  * effects in other parts of the code. It doesn't hurt much to do
190  * the testing, and directory authorities are easy to upgrade. Let's
191  * wait til 0.2.0. -RD */
192 // time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
193  if (! dirauth_get_options()->AuthDirTestReachability)
194  return;
195 
197  static char ctr = 0;
198  int bridge_auth = authdir_mode_bridge(get_options());
199 
201  const char *id_digest = router->cache_info.identity_digest;
202  if (router_is_me(router))
203  continue;
204  if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
205  continue; /* bridge authorities only test reachability on bridges */
206 // if (router->cache_info.published_on > cutoff)
207 // continue;
208  if ((((uint8_t)id_digest[0]) % REACHABILITY_MODULO_PER_TEST) == ctr) {
210  }
211  } SMARTLIST_FOREACH_END(router);
212  ctr = (ctr + 1) % REACHABILITY_MODULO_PER_TEST; /* increment ctr */
213 }
command_setup_channel
void command_setup_channel(channel_t *chan)
Definition: command.c:667
routerinfo_t::purpose
uint8_t purpose
Definition: routerinfo_st.h:115
routerinfo_t
Definition: routerinfo_st.h:20
authdir_mode_bridge
int authdir_mode_bridge(const or_options_t *options)
Definition: authmode.c:76
tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
hex_str
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
routerinfo.h
Header file for routerinfo.c.
tor_addr_t
Definition: address.h:69
tor_addr_to_str
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
routers_have_same_or_addrs
int routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2)
Definition: routerlist.c:508
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
dirauth_options_t::AuthDirTestEd25519LinkKeys
BOOL AuthDirTestEd25519LinkKeys
Definition: dirauth_options.inc:45
channel.h
Header file for channel.c.
describe.h
Header file for describe.c.
reachability.h
Header file for reachability.c.
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
ed25519_public_key_is_zero
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:227
routerlist_t::routers
smartlist_t * routers
Definition: routerlist_st.h:32
TOR_ADDR_BUF_LEN
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
rep_hist_note_router_reachable
void rep_hist_note_router_reachable(const char *id, const tor_addr_t *at_addr, const uint16_t at_port, time_t when)
Definition: rephist.c:228
routerinfo_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:30
authdir_mode_handles_descs
int authdir_mode_handles_descs(const or_options_t *options, int purpose)
Definition: authmode.c:43
channel_tls_connect
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
Definition: channeltls.c:191
signed_descriptor_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: signed_descriptor_st.h:31
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
ROUTER_PURPOSE_BRIDGE
#define ROUTER_PURPOSE_BRIDGE
Definition: routerinfo_st.h:106
node_get_mutable_by_id
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:194
command.h
Header file for command.c.
routerlist_t
Definition: routerlist_st.h:18
routerinfo_t::ipv4_addr
tor_addr_t ipv4_addr
Definition: routerinfo_st.h:25
tor_addr_port_t
Definition: address.h:81
node_t
Definition: node_st.h:34
LD_OR
#define LD_OR
Definition: log.h:92
dirauth_options_st.h
Structure dirauth_options_t to hold directory authority options.
torcert.h
Header for torcert.c.
ed25519_public_key_t
Definition: crypto_ed25519.h:23
dirserv_test_reachability
void dirserv_test_reachability(time_t now)
Definition: reachability.c:182
routerlist_st.h
Router descriptor list structure.
authmode.h
Header file for directory authority mode.
nodelist.h
Header file for nodelist.c.
routerlist.h
Header file for routerlist.c.
dirauth_options_t
Definition: dirauth_options.inc:13
routerinfo_st.h
Router descriptor structure.
channel_t
Definition: channel.h:181
dirserv_orconn_tls_done
void dirserv_orconn_tls_done(const tor_addr_t *addr, uint16_t or_port, const char *digest_rcvd, const ed25519_public_key_t *ed_id_rcvd)
Definition: reachability.c:40
fmt_addr
#define fmt_addr(a)
Definition: address.h:239
get_options
const or_options_t * get_options(void)
Definition: config.c:928
dirserv_single_reachability_test
void dirserv_single_reachability_test(time_t now, routerinfo_t *router)
Definition: reachability.c:130
node_t::last_reachable
time_t last_reachable
Definition: node_st.h:98
signed_descriptor_t::signing_key_cert
struct tor_cert_st * signing_key_cert
Definition: signed_descriptor_st.h:39
channeltls.h
Header file for channeltls.c.
node_supports_ed25519_link_authentication
bool node_supports_ed25519_link_authentication(const node_t *node, bool compatible_with_us)
Definition: nodelist.c:1154
tor_addr_is_null
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
router_get_routerlist
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:894
node_st.h
Node information structure.
router_describe
const char * router_describe(const routerinfo_t *ri)
Definition: describe.c:122
config.h
Header file for config.c.
router_is_me
int router_is_me(const routerinfo_t *router)
Definition: router.c:1727
LD_DIRSERV
#define LD_DIRSERV
Definition: log.h:90
dirauth_sys.h
Header for dirauth_sys.c.
routerinfo_t::is_hibernating
unsigned int is_hibernating
Definition: routerinfo_st.h:68
dirserv_should_launch_reachability_test
int dirserv_should_launch_reachability_test(const routerinfo_t *ri, const routerinfo_t *ri_old)
Definition: reachability.c:103
routerinfo_t::nickname
char * nickname
Definition: routerinfo_st.h:22
rephist.h
Header file for rephist.c.
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
REACHABILITY_MODULO_PER_TEST
#define REACHABILITY_MODULO_PER_TEST
Definition: reachability.h:18
or.h
Master header file for Tor-specific functionality.