Tor  0.4.3.0-alpha-dev
Macros | Functions | Variables
router.c File Reference

Miscellaneous relay functionality, including RSA key maintenance, generating and uploading server descriptors, picking an address to advertise, and so on. More...

#include "core/or/or.h"
#include "app/config/config.h"
#include "app/config/statefile.h"
#include "app/main/main.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/mainloop.h"
#include "core/mainloop/netstatus.h"
#include "core/or/policies.h"
#include "core/or/protover.h"
#include "feature/client/transports.h"
#include "feature/control/control_events.h"
#include "feature/dirauth/process_descs.h"
#include "feature/dircache/dirserv.h"
#include "feature/dirclient/dirclient.h"
#include "feature/dircommon/directory.h"
#include "feature/dirparse/authcert_parse.h"
#include "feature/dirparse/routerparse.h"
#include "feature/dirparse/signing.h"
#include "feature/hibernate/hibernate.h"
#include "feature/keymgt/loadkey.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nickname.h"
#include "feature/nodelist/nodefamily.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/dns.h"
#include "feature/relay/relay_config.h"
#include "feature/relay/router.h"
#include "feature/relay/routerkeys.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
#include "lib/geoip/geoip.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/rephist.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_init.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/osinfo/uname.h"
#include "lib/tls/tortls.h"
#include "lib/version/torversion.h"
#include "feature/dirauth/authmode.h"
#include "app/config/or_state_st.h"
#include "core/or/port_cfg_st.h"
#include "feature/dirclient/dir_server_st.h"
#include "feature/dircommon/dir_connection_st.h"
#include "feature/nodelist/authority_cert_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/networkstatus_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"

Go to the source code of this file.

Macros

#define ROUTER_PRIVATE
 
#define MIN_BW_TO_ADVERTISE_DIRSERVER   51200
 
#define FORCE_REGENERATE_DESCRIPTOR_INTERVAL   (18*60*60)
 
#define FAST_RETRY_DESCRIPTOR_INTERVAL   (90*60)
 
#define MAX_BANDWIDTH_CHANGE_FREQ   (3*60*60)
 
#define MAX_UPTIME_BANDWIDTH_CHANGE   (24*60*60)
 
#define BANDWIDTH_CHANGE_FACTOR   2
 
#define DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
 

Functions

const char * routerinfo_err_to_string (int err)
 
int routerinfo_err_is_transient (int err)
 
static void set_onion_key (crypto_pk_t *k)
 
crypto_pk_tget_onion_key (void)
 
void dup_onion_keys (crypto_pk_t **key, crypto_pk_t **last)
 
void expire_old_onion_keys (void)
 
STATIC const struct curve25519_keypair_tget_current_curve25519_keypair (void)
 
di_digest256_map_tconstruct_ntor_key_map (void)
 
static void ntor_key_map_free_helper (void *arg)
 
void ntor_key_map_free_ (di_digest256_map_t *map)
 
time_t get_onion_key_set_at (void)
 
void set_server_identity_key (crypto_pk_t *k)
 
static void assert_identity_keys_ok (void)
 
int server_identity_key_is_set (void)
 
void set_client_identity_key (crypto_pk_t *k)
 
crypto_pk_tget_tlsclient_identity_key (void)
 
int client_identity_key_is_set (void)
 
authority_cert_tget_my_v3_authority_cert (void)
 
crypto_pk_tget_my_v3_authority_signing_key (void)
 
authority_cert_tget_my_v3_legacy_cert (void)
 
crypto_pk_tget_my_v3_legacy_signing_key (void)
 
void rotate_onion_key (void)
 
static void log_new_relay_greeting (void)
 
static int init_curve25519_keypair_from_file (curve25519_keypair_t *keys_out, const char *fname, int generate, int severity, const char *tag)
 
static int load_authority_keyset (int legacy, crypto_pk_t **key_out, authority_cert_t **cert_out)
 
static int init_v3_authority_keys (void)
 
void v3_authority_check_key_expiry (void)
 
static int get_onion_key_rotation_days_ (void)
 
int get_onion_key_lifetime (void)
 
int get_onion_key_grace_period (void)
 
int router_initialize_tls_context (void)
 
STATIC int router_write_fingerprint (int hashed)
 
static int init_keys_common (void)
 
int init_keys_client (void)
 
int init_keys (void)
 
int router_has_bandwidth_to_be_dirserver (const or_options_t *options)
 
static int router_should_be_dirserver (const or_options_t *options, int dir_port)
 
static int decide_to_advertise_dir_impl (const or_options_t *options, uint16_t dir_port, int supports_tunnelled_dir_requests)
 
int router_should_advertise_dirport (const or_options_t *options, uint16_t dir_port)
 
static int router_should_advertise_begindir (const or_options_t *options, int supports_tunnelled_dir_requests)
 
int should_refuse_unknown_exits (const or_options_t *options)
 
static int decide_if_publishable_server (void)
 
void consider_publishable_server (int force)
 
uint16_t router_get_active_listener_port_by_type_af (int listener_type, sa_family_t family)
 
uint16_t router_get_advertised_or_port (const or_options_t *options)
 
uint16_t router_get_advertised_or_port_by_af (const or_options_t *options, sa_family_t family)
 
uint16_t router_get_advertised_dir_port (const or_options_t *options, uint16_t dirport)
 
void router_upload_dir_desc_to_dirservers (int force)
 
int router_compare_to_my_exit_policy (const tor_addr_t *addr, uint16_t port)
 
int router_my_exit_policy_is_reject_star (void)
 
int router_digest_is_me (const char *digest)
 
const uint8_t * router_get_my_id_digest (void)
 
int router_extrainfo_digest_is_me (const char *digest)
 
int router_is_me (const routerinfo_t *router)
 
const routerinfo_trouter_get_my_routerinfo (void)
 
const routerinfo_trouter_get_my_routerinfo_with_err (int *err)
 
const char * router_get_my_descriptor (void)
 
extrainfo_trouter_get_my_extrainfo (void)
 
const char * router_get_descriptor_gen_reason (void)
 
static int router_guess_address_from_dir_headers (uint32_t *guess)
 
int router_pick_published_address (const or_options_t *options, uint32_t *addr, int cache_only)
 
static void router_check_descriptor_address_port_consistency (uint32_t ipv4h_desc_addr, int listener_type)
 
static void router_check_descriptor_address_consistency (uint32_t ipv4h_desc_addr)
 
STATIC smartlist_tget_my_declared_family (const or_options_t *options)
 
STATIC int router_build_fresh_unsigned_routerinfo (routerinfo_t **ri_out)
 
static extrainfo_trouter_build_fresh_unsigned_extrainfo (const routerinfo_t *ri)
 
static int router_dump_and_sign_extrainfo_descriptor_body (extrainfo_t *ei)
 
STATIC extrainfo_trouter_build_fresh_signed_extrainfo (const routerinfo_t *ri)
 
STATIC void router_update_routerinfo_from_extrainfo (routerinfo_t *ri, const extrainfo_t *ei)
 
STATIC int router_dump_and_sign_routerinfo_descriptor_body (routerinfo_t *ri)
 
int router_build_fresh_descriptor (routerinfo_t **r, extrainfo_t **e)
 
int router_rebuild_descriptor (int force)
 
void mark_my_descriptor_dirty_if_too_old (time_t now)
 
void mark_my_descriptor_dirty (const char *reason)
 
void check_descriptor_bandwidth_changed (time_t now)
 
static void log_addr_has_changed (int severity, const tor_addr_t *prev, const tor_addr_t *cur, const char *source)
 
void check_descriptor_ipaddress_changed (time_t now)
 
void router_new_address_suggestion (const char *suggestion, const dir_connection_t *d_conn)
 
STATIC void get_platform_str (char *platform, size_t len)
 
char * router_dump_router_to_string (routerinfo_t *router, const crypto_pk_t *ident_key, const crypto_pk_t *tap_key, const curve25519_keypair_t *ntor_keypair, const ed25519_keypair_t *signing_keypair)
 
char * router_dump_exit_policy_to_string (const routerinfo_t *router, int include_ipv4, int include_ipv6)
 
static int load_stats_file (const char *filename, const char *end_line, time_t now, char **out)
 
static int extrainfo_dump_to_string_header_helper (smartlist_t *chunks, const extrainfo_t *extrainfo, const ed25519_keypair_t *signing_keypair, int emit_ed_sigs)
 
static void extrainfo_dump_to_string_stats_helper (smartlist_t *chunks, int write_stats_to_extrainfo)
 
static int extrainfo_dump_to_string_ed_sig_helper (smartlist_t *chunks, const ed25519_keypair_t *signing_keypair)
 
static int extrainfo_dump_to_string_rsa_sig_helper (smartlist_t *chunks, crypto_pk_t *ident_key, const char *extrainfo_string)
 
int extrainfo_dump_to_string (char **s_out, extrainfo_t *extrainfo, crypto_pk_t *ident_key, const ed25519_keypair_t *signing_keypair)
 
void router_reset_warnings (void)
 
void router_free_all (void)
 
void router_set_rsa_onion_pkey (const crypto_pk_t *pk, char **onion_pkey_out, size_t *onion_pkey_len_out)
 
crypto_pk_trouter_get_rsa_onion_pkey (const char *pkey, size_t pkey_len)
 

Variables

static tor_mutex_tkey_lock =NULL
 
static time_t onionkey_set_at =0
 
static crypto_pk_tonionkey =NULL
 
static crypto_pk_tlastonionkey =NULL
 
static curve25519_keypair_t curve25519_onion_key
 
static curve25519_keypair_t last_curve25519_onion_key
 
static crypto_pk_tserver_identitykey =NULL
 
static char server_identitykey_digest [DIGEST_LEN]
 
static crypto_pk_tclient_identitykey =NULL
 
static crypto_pk_tauthority_signing_key = NULL
 
static authority_cert_tauthority_key_certificate = NULL
 
static crypto_pk_tlegacy_signing_key = NULL
 
static authority_cert_tlegacy_key_certificate = NULL
 
static routerinfo_tdesc_routerinfo = NULL
 
static extrainfo_tdesc_extrainfo = NULL
 
static const char * desc_gen_reason = "uninitialized reason"
 
STATIC time_t desc_clean_since = 0
 
STATIC const char * desc_dirty_reason = "Tor just started"
 
static int desc_needs_upload = 0
 
static smartlist_twarned_family = NULL
 
static tor_addr_t last_guessed_ip = TOR_ADDR_NULL
 

Detailed Description

Miscellaneous relay functionality, including RSA key maintenance, generating and uploading server descriptors, picking an address to advertise, and so on.

This module handles the job of deciding whether we are a Tor relay, and if so what kind. (Mostly through functions like server_mode() that inspect an or_options_t, but in some cases based on our own capabilities, such as when we are deciding whether to be a directory cache in router_has_bandwidth_to_be_dirserver().)

Also in this module are the functions to generate our own routerinfo_t and extrainfo_t, and to encode those to signed strings for upload to the directory authorities.

This module also handles key maintenance for RSA and Curve25519-ntor keys, and for our TLS context. (These functions should eventually move to routerkeys.c along with the code that handles Ed25519 keys now.)

Definition in file router.c.

Macro Definition Documentation

◆ BANDWIDTH_CHANGE_FACTOR

#define BANDWIDTH_CHANGE_FACTOR   2

By which factor bandwidth shifts have to change to be considered large.

Definition at line 2444 of file router.c.

◆ FAST_RETRY_DESCRIPTOR_INTERVAL

#define FAST_RETRY_DESCRIPTOR_INTERVAL   (90*60)

If our router descriptor seems to be missing or unacceptable according to the authorities, regenerate and reupload it this often.

Definition at line 2375 of file router.c.

◆ FORCE_REGENERATE_DESCRIPTOR_INTERVAL

#define FORCE_REGENERATE_DESCRIPTOR_INTERVAL   (18*60*60)

If our router descriptor ever goes this long without being regenerated because something changed, we force an immediate regenerate-and-upload.

Definition at line 2371 of file router.c.

◆ MAX_BANDWIDTH_CHANGE_FREQ

#define MAX_BANDWIDTH_CHANGE_FREQ   (3*60*60)

How frequently will we republish our descriptor because of large (factor of 2) shifts in estimated bandwidth? Note: We don't use this constant if our previous bandwidth estimate was exactly 0.

Definition at line 2437 of file router.c.

◆ MAX_UPTIME_BANDWIDTH_CHANGE

#define MAX_UPTIME_BANDWIDTH_CHANGE   (24*60*60)

Maximum uptime to republish our descriptor because of large shifts in estimated bandwidth.

Definition at line 2441 of file router.c.

◆ MIN_BW_TO_ADVERTISE_DIRSERVER

#define MIN_BW_TO_ADVERTISE_DIRSERVER   51200

The lower threshold of remaining bandwidth required to advertise (or automatically provide) directory services

Definition at line 1177 of file router.c.

Function Documentation

◆ assert_identity_keys_ok()

static void assert_identity_keys_ok ( void  )
static

Make sure that we have set up our identity keys to match or not match as appropriate, and die with an assertion if we have not.

Definition at line 360 of file router.c.

Referenced by get_tlsclient_identity_key().

◆ check_descriptor_bandwidth_changed()

void check_descriptor_bandwidth_changed ( time_t  now)

Check whether bandwidth has changed a lot since the last time we announced bandwidth while the uptime is smaller than MAX_UPTIME_BANDWIDTH_CHANGE. If so, mark our descriptor dirty.

Definition at line 2450 of file router.c.

Referenced by check_descriptor_callback().

◆ check_descriptor_ipaddress_changed()

void check_descriptor_ipaddress_changed ( time_t  now)

Check whether our own address as defined by the Address configuration has changed. This is for routers that get their address from a service like dyndns. If our address has changed, mark our descriptor dirty.

Definition at line 2518 of file router.c.

Referenced by check_descriptor_callback().

◆ client_identity_key_is_set()

int client_identity_key_is_set ( void  )

Return true iff the client identity key has been set.

Definition at line 422 of file router.c.

◆ consider_publishable_server()

void consider_publishable_server ( int  force)

Initiate server descriptor upload as reasonable (if server is publishable, etc). force is as for router_upload_dir_desc_to_dirservers.

We need to rebuild the descriptor if it's dirty even if we're not uploading, because our reachability testing uses our descriptor to determine what IP address and ports to test.

Definition at line 1381 of file router.c.

Referenced by check_descriptor_callback().

◆ construct_ntor_key_map()

di_digest256_map_t* construct_ntor_key_map ( void  )

Return a map from KEYID (the key itself) to keypairs for use in the ntor handshake. Must only be called from the main thread.

Definition at line 284 of file router.c.

◆ decide_if_publishable_server()

static int decide_if_publishable_server ( void  )
static

Decide if we're a publishable server. We are a publishable server if:

  • We don't have the ClientOnly option set and
  • We have the PublishServerDescriptor option set to non-empty and
  • We have ORPort set and
  • We believe our ORPort and DirPort (if present) are reachable from the outside; or
  • We believe our ORPort is reachable from the outside, and we can't check our DirPort because the consensus has no exits; or
  • We are an authoritative directory server.

Definition at line 1348 of file router.c.

Referenced by consider_publishable_server().

◆ decide_to_advertise_dir_impl()

static int decide_to_advertise_dir_impl ( const or_options_t options,
uint16_t  dir_port,
int  supports_tunnelled_dir_requests 
)
static

Look at a variety of factors, and return 0 if we don't want to advertise the fact that we have a DirPort open or begindir support, else return 1.

Where dir_port or supports_tunnelled_dir_requests are not relevant, they must be 0.

Log a helpful message if we change our mind about whether to publish.

Definition at line 1272 of file router.c.

Referenced by router_should_advertise_begindir(), and router_should_advertise_dirport().

◆ dup_onion_keys()

void dup_onion_keys ( crypto_pk_t **  key,
crypto_pk_t **  last 
)

Store a full copy of the current onion key into *key, and a full copy of the most recent onion key into *last. Store NULL into a pointer if the corresponding key does not exist.

Definition at line 212 of file router.c.

◆ expire_old_onion_keys()

void expire_old_onion_keys ( void  )

Expire our old set of onion keys. This is done by setting last_curve25519_onion_key and lastonionkey to all zero's and NULL respectively.

This function does not perform any grace period checks for the old onion keys.

Definition at line 236 of file router.c.

◆ extrainfo_dump_to_string()

int extrainfo_dump_to_string ( char **  s_out,
extrainfo_t extrainfo,
crypto_pk_t ident_key,
const ed25519_keypair_t signing_keypair 
)

Write the contents of extrainfo, to * *s_out, signing them with ident_key.

If ExtraInfoStatistics is 1, also write aggregated statistics and related configuration data before signing. Most statistics also have an option that enables or disables that particular statistic.

Always write pluggable transport lines.

Return 0 on success, negative on failure.

Definition at line 3340 of file router.c.

◆ extrainfo_dump_to_string_ed_sig_helper()

static int extrainfo_dump_to_string_ed_sig_helper ( smartlist_t chunks,
const ed25519_keypair_t signing_keypair 
)
static

Add an ed25519 signature of chunks to chunks, using the ed25519 keypair signing_keypair. Helper for extrainfo_dump_to_string(). Returns 0 on success, negative on failure.

Definition at line 3263 of file router.c.

Referenced by extrainfo_dump_to_string().

◆ extrainfo_dump_to_string_header_helper()

static int extrainfo_dump_to_string_header_helper ( smartlist_t chunks,
const extrainfo_t extrainfo,
const ed25519_keypair_t signing_keypair,
int  emit_ed_sigs 
)
static

Add header strings to chunks, based on the extrainfo object extrainfo, and ed25519 keypair signing_keypair, if emit_ed_sigs is true. Helper for extrainfo_dump_to_string(). Returns 0 on success, negative on failure.

Definition at line 3115 of file router.c.

Referenced by extrainfo_dump_to_string().

◆ extrainfo_dump_to_string_rsa_sig_helper()

static int extrainfo_dump_to_string_rsa_sig_helper ( smartlist_t chunks,
crypto_pk_t ident_key,
const char *  extrainfo_string 
)
static

Add an RSA signature of extrainfo_string to chunks, using the RSA key ident_key. Helper for extrainfo_dump_to_string(). Returns 0 on success, negative on failure.

Definition at line 3300 of file router.c.

◆ extrainfo_dump_to_string_stats_helper()

static void extrainfo_dump_to_string_stats_helper ( smartlist_t chunks,
int  write_stats_to_extrainfo 
)
static

Add pluggable transport and statistics strings to chunks, skipping statistics if write_stats_to_extrainfo is false. Helper for extrainfo_dump_to_string(). Can not fail.

Definition at line 3179 of file router.c.

Referenced by extrainfo_dump_to_string().

◆ get_current_curve25519_keypair()

STATIC const struct curve25519_keypair_t* get_current_curve25519_keypair ( void  )

Return the current secret onion key for the ntor handshake. Must only be called from the main thread.

Definition at line 276 of file router.c.

◆ get_my_declared_family()

STATIC smartlist_t* get_my_declared_family ( const or_options_t options)

Return a new smartlist containing the family members configured in options. Warn about invalid or missing entries. Return NULL if this relay should not declare a family.

Definition at line 1825 of file router.c.

◆ get_my_v3_authority_cert()

authority_cert_t* get_my_v3_authority_cert ( void  )

Return the key certificate for this v3 (voting) authority, or NULL if we have no such certificate.

Definition at line 430 of file router.c.

Referenced by authority_cert_get_by_sk_digest(), dirvote_perform_vote(), and handle_get_keys().

◆ get_my_v3_authority_signing_key()

crypto_pk_t* get_my_v3_authority_signing_key ( void  )

Return the v3 signing key for this v3 (voting) authority, or NULL if we have no such key.

Definition at line 438 of file router.c.

Referenced by dirvote_perform_vote().

◆ get_my_v3_legacy_cert()

authority_cert_t* get_my_v3_legacy_cert ( void  )

If we're an authority, and we're using a legacy authority identity key for emergency migration purposes, return the certificate associated with that key.

Definition at line 447 of file router.c.

Referenced by authority_cert_get_by_sk_digest().

◆ get_my_v3_legacy_signing_key()

crypto_pk_t* get_my_v3_legacy_signing_key ( void  )

If we're an authority, and we're using a legacy authority identity key for emergency migration purposes, return that key.

Definition at line 455 of file router.c.

◆ get_onion_key()

crypto_pk_t* get_onion_key ( void  )

Return the current onion key. Requires that the onion key has been loaded or generated.

Definition at line 201 of file router.c.

◆ get_onion_key_grace_period()

int get_onion_key_grace_period ( void  )

Get the grace period of an onion key in seconds. This value is defined by the network consesus parameter "onion-key-grace-period-days", but the value is converted to seconds.

Definition at line 780 of file router.c.

◆ get_onion_key_lifetime()

int get_onion_key_lifetime ( void  )

Get the current lifetime of an onion key in seconds. This value is defined by the network consesus parameter "onion-key-rotation-days", but the value is converted to seconds.

Definition at line 770 of file router.c.

◆ get_onion_key_rotation_days_()

static int get_onion_key_rotation_days_ ( void  )
static

Get the lifetime of an onion key in days. This value is defined by the network consesus parameter "onion-key-rotation-days". Always returns a value between MIN_ONION_KEY_LIFETIME_DAYS and MAX_ONION_KEY_LIFETIME_DAYS.

Definition at line 756 of file router.c.

Referenced by get_onion_key_grace_period(), and get_onion_key_lifetime().

◆ get_onion_key_set_at()

time_t get_onion_key_set_at ( void  )

Return the time when the onion key was last set. This is either the time when the process launched, or the time of the most recent key rotation since the process launched.

Definition at line 328 of file router.c.

◆ get_platform_str()

STATIC void get_platform_str ( char *  platform,
size_t  len 
)

Set platform (max length len) to a NUL-terminated short string describing the version of Tor and the operating system we're currently running on.

Definition at line 2643 of file router.c.

◆ get_tlsclient_identity_key()

crypto_pk_t* get_tlsclient_identity_key ( void  )

Returns the current client identity key for use on outgoing TLS connections; requires that the key has been set.

Definition at line 413 of file router.c.

Referenced by channel_set_circid_type().

◆ init_curve25519_keypair_from_file()

static int init_curve25519_keypair_from_file ( curve25519_keypair_t keys_out,
const char *  fname,
int  generate,
int  severity,
const char *  tag 
)
static

Load a curve25519 keypair from the file fname, writing it into keys_out. If the file isn't found, or is empty, and generate is true, create a new keypair and write it into the file. If there are errors, log them at level severity. Generate files using tag in their ASCII wrapper.

Definition at line 561 of file router.c.

◆ init_keys()

int init_keys ( void  )

Initialize all OR private keys, and the TLS context, as necessary. On OPs, this only initializes the tls context. Return 0 on success, or -1 if Tor should die.

Definition at line 920 of file router.c.

Referenced by accounting_set_wakeup_time().

◆ init_v3_authority_keys()

static int init_v3_authority_keys ( void  )
static

Load the v3 (voting) authority signing key and certificate, if they are present. Return -1 if anything is missing, mismatched, or unloadable; return 0 on success.

Definition at line 690 of file router.c.

◆ load_authority_keyset()

static int load_authority_keyset ( int  legacy,
crypto_pk_t **  key_out,
authority_cert_t **  cert_out 
)
static

Try to load the vote-signing private key and certificate for being a v3 directory authority, and make sure they match. If legacy, load a legacy key/cert set for emergency key migration; otherwise load the regular key/cert set. On success, store them into *key_out and *cert_out respectively, and return 0. On failure, return -1.

Definition at line 633 of file router.c.

Referenced by init_v3_authority_keys().

◆ load_stats_file()

static int load_stats_file ( const char *  filename,
const char *  end_line,
time_t  now,
char **  out 
)
static

Load the contents of filename, find the last line starting with end_line, ensure that its timestamp is not more than 25 hours in the past or more than 1 hour in the future with respect to now, and write the file contents starting with that line to *out. Return 1 for success, 0 if the file does not exist or is empty, or -1 if the file does not contain a line matching these criteria or other failure.

Definition at line 3064 of file router.c.

◆ log_addr_has_changed()

static void log_addr_has_changed ( int  severity,
const tor_addr_t prev,
const tor_addr_t cur,
const char *  source 
)
static

Note at log level severity that our best guess of address has changed from prev to cur.

Definition at line 2487 of file router.c.

◆ log_new_relay_greeting()

static void log_new_relay_greeting ( void  )
static

Log greeting message that points to new relay lifecycle document the first time this function has been called.

Definition at line 539 of file router.c.

◆ mark_my_descriptor_dirty()

void mark_my_descriptor_dirty ( const char *  reason)

Call when the current descriptor is out of date.

Definition at line 2421 of file router.c.

Referenced by mark_my_descriptor_dirty_if_too_old(), and options_act_relay_desc().

◆ mark_my_descriptor_dirty_if_too_old()

void mark_my_descriptor_dirty_if_too_old ( time_t  now)

Mark descriptor out of date if it's been "too long" since we last tried to upload one.

Definition at line 2380 of file router.c.

Referenced by check_descriptor_callback().

◆ ntor_key_map_free_()

void ntor_key_map_free_ ( di_digest256_map_t map)

Release all storage from a keymap returned by construct_ntor_key_map.

Definition at line 316 of file router.c.

◆ ntor_key_map_free_helper()

static void ntor_key_map_free_helper ( void *  arg)
static

Helper used to deallocate a di_digest256_map_t returned by construct_ntor_key_map.

Definition at line 308 of file router.c.

Referenced by ntor_key_map_free_().

◆ rotate_onion_key()

void rotate_onion_key ( void  )

Replace the previous onion key with the current onion key, and generate a new previous onion key. Immediately after calling this function, the OR should:

  • schedule all previous cpuworkers to shut down after processing pending work. (This will cause fresh cpuworkers to be generated.)
  • generate and upload a fresh routerinfo.

Definition at line 468 of file router.c.

◆ router_build_fresh_descriptor()

int router_build_fresh_descriptor ( routerinfo_t **  r,
extrainfo_t **  e 
)

Build a fresh routerinfo, signed server descriptor, and signed extrainfo document for this OR.

Set r to the generated routerinfo, e to the generated extrainfo document. Failure to generate an extra-info document is not an error and is indicated by setting e to NULL. Return 0 on success, and a negative value on temporary error. Caller is responsible for freeing generated documents on success.

Definition at line 2264 of file router.c.

◆ router_build_fresh_signed_extrainfo()

STATIC extrainfo_t* router_build_fresh_signed_extrainfo ( const routerinfo_t ri)

Allocate and return a fresh, signed extrainfo for this OR, based on the routerinfo ri.

If ri is NULL, logs a BUG() warning and returns NULL. Caller is responsible for freeing the generated extrainfo.

Definition at line 2170 of file router.c.

◆ router_build_fresh_unsigned_extrainfo()

static extrainfo_t* router_build_fresh_unsigned_extrainfo ( const routerinfo_t ri)
static

Allocate and return a fresh, unsigned extrainfo for this OR, based on the routerinfo ri.

Uses options->Nickname to set the nickname, and options->BridgeRelay to set ei->cache_info.send_unencrypted.

If ri is NULL, logs a BUG() warning and returns NULL. Caller is responsible for freeing the generated extrainfo.

Definition at line 2098 of file router.c.

◆ router_build_fresh_unsigned_routerinfo()

STATIC int router_build_fresh_unsigned_routerinfo ( routerinfo_t **  ri_out)

Allocate a fresh, unsigned routerinfo for this OR, without any of the fields that depend on the corresponding extrainfo.

On success, set ri_out to the new routerinfo, and return 0. Caller is responsible for freeing the generated routerinfo.

Returns a negative value and sets ri_out to NULL on temporary error.

Definition at line 1950 of file router.c.

◆ router_compare_to_my_exit_policy()

int router_compare_to_my_exit_policy ( const tor_addr_t addr,
uint16_t  port 
)

OR only: Check whether my exit policy says to allow connection to conn. Return 0 if we accept; non-0 if we reject.

Definition at line 1539 of file router.c.

Referenced by my_exit_policy_rejects().

◆ router_digest_is_me()

int router_digest_is_me ( const char *  digest)

Return true iff I'm a server and digest is equal to my server identity key digest.

Definition at line 1586 of file router.c.

Referenced by connection_or_connect(), directory_conn_is_self_reachability_test(), get_signed_descriptor_by_fp(), node_is_me(), node_is_possible_guard(), and router_is_me().

◆ router_dump_and_sign_extrainfo_descriptor_body()

static int router_dump_and_sign_extrainfo_descriptor_body ( extrainfo_t ei)
static

Dump the extrainfo descriptor body for ei, sign it, and add the body and signature to ei->cache_info. Note that the extrainfo body is determined by ei, and some additional config and statistics state: see extrainfo_dump_to_string() for details.

Return 0 on success, -1 on temporary error. If ei is NULL, logs a BUG() warning and returns -1. On error, ei->cache_info is not modified.

Definition at line 2137 of file router.c.

◆ router_dump_and_sign_routerinfo_descriptor_body()

STATIC int router_dump_and_sign_routerinfo_descriptor_body ( routerinfo_t ri)

Dump the descriptor body for ri, sign it, and add the body and signature to ri->cache_info. Note that the descriptor body is determined by ri, and some additional config and state: see router_dump_router_to_string() for details.

Return 0 on success, and a negative value on temporary error. If ri is NULL, logs a BUG() warning and returns a negative value. On error, ri->cache_info is not modified.

Definition at line 2230 of file router.c.

◆ router_dump_exit_policy_to_string()

char* router_dump_exit_policy_to_string ( const routerinfo_t router,
int  include_ipv4,
int  include_ipv6 
)

OR only: Given router, produce a string with its exit policy. If include_ipv4 is true, include IPv4 entries. If include_ipv6 is true, include IPv6 entries.

Definition at line 3043 of file router.c.

◆ router_dump_router_to_string()

char* router_dump_router_to_string ( routerinfo_t router,
const crypto_pk_t ident_key,
const crypto_pk_t tap_key,
const curve25519_keypair_t ntor_keypair,
const ed25519_keypair_t signing_keypair 
)

OR only: Given a routerinfo for this router, and an identity key to sign with, encode the routerinfo as a signed server descriptor and return a new string encoding the result, or NULL on failure.

In addition to the fields in router, this function calls onion_key_lifetime(), get_options(), and we_are_hibernating(), and uses the results to populate some fields in the descriptor.

Definition at line 2664 of file router.c.

◆ router_extrainfo_digest_is_me()

int router_extrainfo_digest_is_me ( const char *  digest)

Return true iff I'm a server and digest is equal to my identity digest.

Definition at line 1602 of file router.c.

◆ router_free_all()

void router_free_all ( void  )

Release all static resources held in router.c

Definition at line 3455 of file router.c.

◆ router_get_active_listener_port_by_type_af()

uint16_t router_get_active_listener_port_by_type_af ( int  listener_type,
sa_family_t  family 
)

Return the port of the first active listener of type listener_type. XXX not a very good interface. it's not reliable when there are multiple listeners.

Definition at line 1403 of file router.c.

Referenced by get_first_listener_addrport_string(), and router_get_advertised_or_port_by_af().

◆ router_get_advertised_dir_port()

uint16_t router_get_advertised_dir_port ( const or_options_t options,
uint16_t  dirport 
)

Return the port that we should advertise as our DirPort; this is one of three possibilities: The one that is passed as dirport if the DirPort option is 0, or the one configured in the DirPort option, or the one we actually bound to if DirPort is "auto".

Definition at line 1454 of file router.c.

Referenced by decide_to_advertise_dir_impl(), and retry_all_listeners().

◆ router_get_advertised_or_port()

uint16_t router_get_advertised_or_port ( const or_options_t options)

Return the port that we should advertise as our ORPort; this is either the one configured in the ORPort option, or the one we actually bound to if ORPort is "auto".

Definition at line 1424 of file router.c.

Referenced by decide_to_advertise_dir_impl(), retry_all_listeners(), and router_rebuild_descriptor().

◆ router_get_advertised_or_port_by_af()

uint16_t router_get_advertised_or_port_by_af ( const or_options_t options,
sa_family_t  family 
)

As router_get_advertised_or_port(), but allows an address family argument.

Definition at line 1432 of file router.c.

Referenced by retry_all_listeners(), and router_get_advertised_or_port().

◆ router_get_descriptor_gen_reason()

const char* router_get_descriptor_gen_reason ( void  )

Return a human-readable string describing what triggered us to generate our current descriptor, or NULL if we don't know.

Definition at line 1698 of file router.c.

◆ router_get_my_descriptor()

const char* router_get_my_descriptor ( void  )

OR only: Return a signed server descriptor for this OR, rebuilding a fresh one if necessary. Return NULL on error.

Definition at line 1669 of file router.c.

◆ router_get_my_extrainfo()

extrainfo_t* router_get_my_extrainfo ( void  )

Return the extrainfo document for this OR, or NULL if we have none. Rebuilt it (and the server descriptor) if necessary.

Definition at line 1686 of file router.c.

Referenced by extrainfo_insert(), get_signed_descriptor_by_fp(), and router_extrainfo_digest_is_me().

◆ router_get_my_id_digest()

const uint8_t* router_get_my_id_digest ( void  )

Return my identity digest.

Definition at line 1594 of file router.c.

◆ router_get_my_routerinfo()

const routerinfo_t* router_get_my_routerinfo ( void  )

◆ router_get_my_routerinfo_with_err()

const routerinfo_t* router_get_my_routerinfo_with_err ( int *  err)

Return routerinfo of this OR. Rebuild it from scratch if needed. Set *err to 0 on success or to appropriate TOR_ROUTERINFO_ERROR_* value on failure.

Definition at line 1633 of file router.c.

Referenced by router_get_my_routerinfo().

◆ router_guess_address_from_dir_headers()

static int router_guess_address_from_dir_headers ( uint32_t *  guess)
static

We failed to resolve our address locally, but we'd like to build a descriptor and publish / test reachability. If we have a guess about our address based on directory headers, answer it and return 0; else return -1.

Definition at line 2629 of file router.c.

◆ router_has_bandwidth_to_be_dirserver()

int router_has_bandwidth_to_be_dirserver ( const or_options_t options)

Return true iff we have enough configured bandwidth to advertise or automatically provide directory services from cache directory information.

Definition at line 1183 of file router.c.

Referenced by dir_server_mode().

◆ router_initialize_tls_context()

int router_initialize_tls_context ( void  )

Set up Tor's TLS contexts, based on our configuration and keys. Return 0 on success, and -1 on failure.

Definition at line 794 of file router.c.

◆ router_is_me()

int router_is_me ( const routerinfo_t router)

A wrapper around router_digest_is_me().

Definition at line 1615 of file router.c.

Referenced by dirserv_set_router_is_running(), and dirserv_test_reachability().

◆ router_my_exit_policy_is_reject_star()

int router_my_exit_policy_is_reject_star ( void  )

Return true iff my exit policy is reject *:*. Return -1 if we don't have a descriptor

Definition at line 1574 of file router.c.

Referenced by check_dns_honesty_callback(), directory_caches_dir_info(), and directory_fetches_from_authorities().

◆ router_new_address_suggestion()

void router_new_address_suggestion ( const char *  suggestion,
const dir_connection_t d_conn 
)

A directory server d_conn told us our IP address is suggestion. If this address is different from the one we think we are now, and if our computer doesn't actually know its IP address, then switch.

Definition at line 2567 of file router.c.

◆ router_pick_published_address()

int router_pick_published_address ( const or_options_t options,
uint32_t *  addr,
int  cache_only 
)

Make a current best guess at our address, either because it's configured in torrc, or because we've learned it from dirserver headers. Place the answer in *addr and return 0 on success, else return -1 if we have no guess.

If cache_only is true, just return any cached answers, and don't try to get any new answers.

Definition at line 1715 of file router.c.

Referenced by directory_fetches_from_authorities(), pt_get_extra_info_descriptor_string(), and router_rebuild_descriptor().

◆ router_rebuild_descriptor()

int router_rebuild_descriptor ( int  force)

If force is true, or our descriptor is out-of-date, rebuild a fresh routerinfo, signed server descriptor, and extra-info document for this OR. Return 0 on success, -1 on temporary error.

Definition at line 2326 of file router.c.

Referenced by consider_publishable_server(), and router_get_my_extrainfo().

◆ router_reset_warnings()

void router_reset_warnings ( void  )

Forget that we have issued any router-related warnings, so that we'll warn again if we see the same errors.

Definition at line 3445 of file router.c.

◆ router_should_advertise_begindir()

static int router_should_advertise_begindir ( const or_options_t options,
int  supports_tunnelled_dir_requests 
)
static

Front-end to decide_to_advertise_dir_impl(): return 0 if we don't want to advertise the fact that we support begindir requests, else return 1.

Definition at line 1313 of file router.c.

◆ router_should_advertise_dirport()

int router_should_advertise_dirport ( const or_options_t options,
uint16_t  dir_port 
)

Front-end to decide_to_advertise_dir_impl(): return 0 if we don't want to advertise the fact that we have a DirPort open, else return the DirPort we want to advertise.

Definition at line 1303 of file router.c.

◆ router_should_be_dirserver()

static int router_should_be_dirserver ( const or_options_t options,
int  dir_port 
)
static

Helper: Return 1 if we have sufficient resources for serving directory requests, return 0 otherwise. dir_port is either 0 or the configured DirPort number. If AccountingMax is set less than our advertised bandwidth, then don't serve requests. Likewise, if our advertised bandwidth is less than MIN_BW_TO_ADVERTISE_DIRSERVER, don't bother trying to serve requests.

Definition at line 1203 of file router.c.

Referenced by decide_to_advertise_dir_impl().

◆ router_update_routerinfo_from_extrainfo()

STATIC void router_update_routerinfo_from_extrainfo ( routerinfo_t ri,
const extrainfo_t ei 
)

Set the fields in ri that depend on ei.

If ei is NULL, logs a BUG() warning and zeroes the relevant fields.

Definition at line 2202 of file router.c.

◆ router_upload_dir_desc_to_dirservers()

void router_upload_dir_desc_to_dirservers ( int  force)

OR only: If force is true, or we haven't uploaded this descriptor successfully yet, try to upload our signed descriptor to all the directory servers we know about.

Definition at line 1493 of file router.c.

Referenced by consider_publishable_server().

◆ router_write_fingerprint()

STATIC int router_write_fingerprint ( int  hashed)

Compute fingerprint (or hashed fingerprint if hashed is 1) and write it to 'fingerprint' (or 'hashed-fingerprint'). Return 0 on success, or -1 if Tor should die,

Definition at line 832 of file router.c.

◆ routerinfo_err_is_transient()

int routerinfo_err_is_transient ( int  err)

Return true if we expect given error to be transient. Return false otherwise.

For simplicity, we consider all errors other than "not a server" transient - see discussion on https://trac.torproject.org/projects/tor/ticket/27034

Definition at line 170 of file router.c.

◆ routerinfo_err_to_string()

const char* routerinfo_err_to_string ( int  err)

Return a readonly string with human readable description of err.

Definition at line 141 of file router.c.

◆ server_identity_key_is_set()

int server_identity_key_is_set ( void  )

Return true iff we are a server and the server identity key has been set.

Definition at line 395 of file router.c.

Referenced by accounting_set_wakeup_time().

◆ set_client_identity_key()

void set_client_identity_key ( crypto_pk_t k)

Set the current client identity key to k.

Definition at line 403 of file router.c.

◆ set_onion_key()

static void set_onion_key ( crypto_pk_t k)
static

Replace the current onion key with k. Does not affect lastonionkey; to update lastonionkey correctly, call rotate_onion_key().

Definition at line 184 of file router.c.

◆ set_server_identity_key()

void set_server_identity_key ( crypto_pk_t k)

Set the current server identity key to k.

Definition at line 336 of file router.c.

◆ should_refuse_unknown_exits()

int should_refuse_unknown_exits ( const or_options_t options)

Return true iff the combination of options in options and parameters in the consensus mean that we don't want to allow exits from circuits we got from addresses not known to be servers.

Definition at line 1325 of file router.c.

Referenced by directory_caches_dir_info(), and directory_fetches_from_authorities().

◆ v3_authority_check_key_expiry()

void v3_authority_check_key_expiry ( void  )

If we're a v3 authority, check whether we have a certificate that's likely to expire soon. Warn if we do, but not too often.

Definition at line 707 of file router.c.

Referenced by check_authority_cert_callback().

Variable Documentation

◆ authority_key_certificate

authority_cert_t* authority_key_certificate = NULL
static

Key certificate to authenticate v3 directory material; only set for authorities.

Definition at line 123 of file router.c.

Referenced by get_my_v3_authority_cert(), and init_v3_authority_keys().

◆ authority_signing_key

crypto_pk_t* authority_signing_key = NULL
static

Signing key used for v3 directory material; only set for authorities.

Definition at line 120 of file router.c.

Referenced by get_my_v3_authority_signing_key(), and init_v3_authority_keys().

◆ client_identitykey

crypto_pk_t* client_identitykey =NULL
static

Private client "identity key": used to sign bridges' and clients' outbound TLS certificates. Regenerated on startup and on IP address change.

Definition at line 118 of file router.c.

Referenced by assert_identity_keys_ok(), client_identity_key_is_set(), and get_tlsclient_identity_key().

◆ curve25519_onion_key

curve25519_keypair_t curve25519_onion_key
static

Current private ntor secret key: used to perform the ntor handshake.

Definition at line 106 of file router.c.

Referenced by construct_ntor_key_map(), and get_current_curve25519_keypair().

◆ desc_clean_since

STATIC time_t desc_clean_since = 0

Since when has our descriptor been "clean"? 0 if we need to regenerate it now.

Definition at line 1482 of file router.c.

Referenced by mark_my_descriptor_dirty_if_too_old(), and router_rebuild_descriptor().

◆ desc_dirty_reason

STATIC const char* desc_dirty_reason = "Tor just started"

Why did we mark the descriptor dirty?

Definition at line 1484 of file router.c.

◆ desc_extrainfo

extrainfo_t* desc_extrainfo = NULL
static

My extrainfo

Definition at line 1476 of file router.c.

Referenced by router_get_my_extrainfo().

◆ desc_gen_reason

const char* desc_gen_reason = "uninitialized reason"
static

Why did we most recently decide to regenerate our descriptor? Used to tell the authorities why we're sending it to them.

Definition at line 1479 of file router.c.

Referenced by router_get_descriptor_gen_reason().

◆ desc_needs_upload

int desc_needs_upload = 0
static

Boolean: do we need to regenerate the above?

Definition at line 1486 of file router.c.

◆ desc_routerinfo

routerinfo_t* desc_routerinfo = NULL
static

My routerinfo.

Definition at line 1474 of file router.c.

Referenced by router_compare_to_my_exit_policy().

◆ key_lock

tor_mutex_t* key_lock =NULL
static

Private keys for this OR. There is also an SSL key managed by tortls.c.

Definition at line 98 of file router.c.

Referenced by dup_onion_keys(), and expire_old_onion_keys().

◆ last_curve25519_onion_key

curve25519_keypair_t last_curve25519_onion_key
static

Previous private ntor secret key: used to perform the ntor handshake with clients that have an older version of our descriptor.

Definition at line 109 of file router.c.

Referenced by construct_ntor_key_map().

◆ last_guessed_ip

tor_addr_t last_guessed_ip = TOR_ADDR_NULL
static

The most recently guessed value of our IP address, based on directory headers.

Definition at line 2560 of file router.c.

Referenced by router_guess_address_from_dir_headers().

◆ lastonionkey

crypto_pk_t* lastonionkey =NULL
static

Previous private onionskin decryption key: used to decode CREATE cells generated by clients that have an older version of our descriptor.

Definition at line 104 of file router.c.

Referenced by dup_onion_keys(), and expire_old_onion_keys().

◆ legacy_key_certificate

authority_cert_t* legacy_key_certificate = NULL
static

For emergency V3 authority key migration: An extra certificate to authenticate legacy_signing_key with our obsolete identity key.

Definition at line 130 of file router.c.

Referenced by get_my_v3_legacy_cert(), and init_v3_authority_keys().

◆ legacy_signing_key

crypto_pk_t* legacy_signing_key = NULL
static

For emergency V3 authority key migration: An extra signing key that we use with our old (obsolete) identity key for a while.

Definition at line 127 of file router.c.

Referenced by get_my_v3_legacy_signing_key(), and init_v3_authority_keys().

◆ onionkey

crypto_pk_t* onionkey =NULL
static

Current private onionskin decryption key: used to decode CREATE cells.

Definition at line 101 of file router.c.

Referenced by dup_onion_keys(), and get_onion_key().

◆ onionkey_set_at

time_t onionkey_set_at =0
static

When was onionkey last changed?

Definition at line 99 of file router.c.

Referenced by get_onion_key_set_at().

◆ server_identitykey

crypto_pk_t* server_identitykey =NULL
static

Private server "identity key": used to sign directory info and TLS certificates. Never changes.

Definition at line 112 of file router.c.

Referenced by assert_identity_keys_ok(), router_digest_is_me(), and server_identity_key_is_set().

◆ server_identitykey_digest

char server_identitykey_digest[DIGEST_LEN]
static

Digest of server_identitykey.

Definition at line 114 of file router.c.

Referenced by mark_my_descriptor_dirty_if_too_old(), router_digest_is_me(), and router_get_my_id_digest().

◆ warned_family

smartlist_t* warned_family = NULL
static

A list of nicknames that we've warned about including in our family, for one reason or another.

Definition at line 1817 of file router.c.

Referenced by get_my_declared_family(), and router_reset_warnings().