tor
master
|
Header file for dirserv.c. More...
#include "testsupport.h"
Go to the source code of this file.
Data Structures | |
struct | spooled_resource_t |
Macros | |
#define | REACHABILITY_MODULO_PER_TEST 128 |
#define | REACHABILITY_TEST_INTERVAL 10 |
#define | REACHABILITY_TEST_CYCLE_PERIOD (REACHABILITY_TEST_INTERVAL*REACHABILITY_MODULO_PER_TEST) |
#define | MAX_EXITPOLICY_SUMMARY_LEN 1000 |
#define | MAX_V_LINE_LEN 128 |
#define | dir_spool_source_bitfield_t ENUM_BF(dir_spool_source_t) |
#define | spooled_resource_free(sp) FREE_AND_NULL(spooled_resource_t, spooled_resource_free_, (sp)) |
Typedefs | |
typedef enum dir_spool_source_t | dir_spool_source_t |
typedef struct spooled_resource_t | spooled_resource_t |
Enumerations | |
enum | dir_spool_source_t { DIR_SPOOL_SERVER_BY_DIGEST =1, DIR_SPOOL_SERVER_BY_FP, DIR_SPOOL_EXTRA_BY_DIGEST, DIR_SPOOL_EXTRA_BY_FP, DIR_SPOOL_MICRODESC, DIR_SPOOL_NETWORKSTATUS, DIR_SPOOL_CONSENSUS_CACHE_ENTRY } |
Header file for dirserv.c.
#define MAX_EXITPOLICY_SUMMARY_LEN 1000 |
Maximum length of an exit policy summary.
#define MAX_V_LINE_LEN 128 |
Maximum allowable length of a version line in a networkstatus.
#define REACHABILITY_MODULO_PER_TEST 128 |
What fraction (1 over this number) of the relay ID space do we (as a directory authority) launch connections to at each reachability test?
#define REACHABILITY_TEST_CYCLE_PERIOD (REACHABILITY_TEST_INTERVAL*REACHABILITY_MODULO_PER_TEST) |
How many seconds apart are the reachability tests for a given relay?
#define REACHABILITY_TEST_INTERVAL 10 |
How often (in seconds) do we launch reachability tests?
typedef enum dir_spool_source_t dir_spool_source_t |
Ways to convert a spoolable_resource_t to a bunch of bytes.
typedef struct spooled_resource_t spooled_resource_t |
Object to remember the identity of an object that we are spooling, or about to spool, in response to a directory request.
(Why do we spool? Because some directory responses are very large, and we don't want to just shove the complete answer into the output buffer: that would take a ridiculous amount of RAM.)
If the spooled resource is relatively small (like microdescriptors, descriptors, etc), we look them up by ID as needed, and add the whole thing onto the output buffer at once. If the spooled reseource is big (like networkstatus documents), we reference-count it, and add it a few K at a time.
enum dir_spool_source_t |
Ways to convert a spoolable_resource_t to a bunch of bytes.
int authdir_wants_to_reject_router | ( | routerinfo_t * | ri, |
const char ** | msg, | ||
int | complain, | ||
int * | valid_out | ||
) |
Check whether we, as a directory server, want to accept ri. If so, set its is_valid,running fields and return 0. Otherwise, return -1.
If the router is rejected, set *msg to an explanation of why.
If complain then explain at log-level 'notice' why we refused a descriptor; else explain at log-level 'info'.
void cached_dir_decref | ( | cached_dir_t * | d | ) |
Decrement the reference count on d, and free it if it no longer has any references.
int connection_dirserv_flushed_some | ( | dir_connection_t * | conn | ) |
Called whenever we have flushed some directory data in state SERVER_WRITING, or whenever we want to fill the buffer with initial directory data (so that subsequent writes will occur, and trigger this function again.)
Return 0 on success, and -1 on failure.
void dir_conn_clear_spool | ( | dir_connection_t * | conn | ) |
Remove every element from conn's outgoing spool, and delete the spool.
int directory_caches_dir_info | ( | const or_options_t * | options | ) |
Return 1 if we want to fetch and serve descriptors, networkstatuses, etc Else return 0. Check options->DirPort_set and directory_permits_begindir_requests() to see if we are willing to serve these directory documents to others via the DirPort and begindir-over-ORPort, respectively.
To check if we should fetch documents, use we_want_to_fetch_flavor and we_want_to_fetch_unknown_auth_certs instead of this function.
int directory_caches_unknown_auth_certs | ( | const or_options_t * | options | ) |
Return true iff we want to serve certificates for authorities that we don't acknowledge as authorities ourself. Use we_want_to_fetch_unknown_auth_certs to check if we want to fetch and keep these certificates.
int directory_fetches_dir_info_early | ( | const or_options_t * | options | ) |
Return 1 if we should fetch new networkstatuses, descriptors, etc on the "mirror" schedule rather than the "client" schedule.
int directory_fetches_dir_info_later | ( | const or_options_t * | options | ) |
Return 1 if we should fetch new networkstatuses, descriptors, etc on a very passive schedule – waiting long enough for ordinary clients to probably have the info we want. These would include bridge users, and maybe others in the future e.g. if a Tor client uses another Tor client as a directory guard.
int directory_fetches_from_authorities | ( | const or_options_t * | options | ) |
Return 1 if we fetch our directory material directly from the authorities, rather than from a mirror.
int directory_permits_begindir_requests | ( | const or_options_t * | options | ) |
Return 1 if we want to allow remote clients to ask us directory requests via the "begin_dir" interface, which doesn't require having any separate port open.
int directory_too_idle_to_fetch_descriptors | ( | const or_options_t * | options, |
time_t | now | ||
) |
Return 1 if we have no need to fetch new descriptors. This generally happens when we're not a dir cache and we haven't built any circuits lately.
enum was_router_added_t dirserv_add_descriptor | ( | routerinfo_t * | ri, |
const char ** | msg, | ||
const char * | source | ||
) |
Examine the parsed server descriptor in ri and maybe insert it into the list of server descriptors. Set *msg to a message that should be passed back to the origin of this descriptor, or NULL if there is no such message. Use source to produce better log messages.
If ri is not added to the list of server descriptors, free it. That means the caller must not access ri after this function returns, since it might have been freed.
Return the status of the operation.
This function is only called when fresh descriptors are posted, not when we re-load the cache.
enum was_router_added_t dirserv_add_multiple_descriptors | ( | const char * | desc, |
uint8_t | purpose, | ||
const char * | source, | ||
const char ** | msg | ||
) |
As for dirserv_add_descriptor(), but accepts multiple documents, and returns the most severe error that occurred for any one of them.
int dirserv_add_own_fingerprint | ( | crypto_pk_t * | pk | ) |
Add the fingerprint for this OR to the global list of recognized identity key fingerprints.
void dirserv_clear_measured_bw_cache | ( | void | ) |
Clear and free the measured bandwidth cache
void dirserv_compute_performance_thresholds | ( | digestmap_t * | omit_as_sybil | ) |
Look through the routerlist, the Mean Time Between Failure history, and the Weighted Fractional Uptime history, and use them to set thresholds for the Stable, Fast, and Guard flags. Update the fields stable_uptime, stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth, guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
Also, set the is_exit flag of each router appropriately.
void dirserv_count_measured_bws | ( | const smartlist_t * | routers | ) |
Look through the routerlist, and using the measured bandwidth cache count how many measured bandwidths we know. This is used to decide whether we ever trust advertised bandwidths for purposes of assigning flags.
void dirserv_free_all | ( | void | ) |
Release all storage used by the directory server.
void dirserv_free_fingerprint_list | ( | void | ) |
Clear the current fingerprint list.
cached_dir_t* dirserv_get_consensus | ( | const char * | flavor_name | ) |
Return the latest downloaded consensus networkstatus in encoded, signed, optionally compressed format, suitable for sending to clients.
char* dirserv_get_flag_thresholds_line | ( | void | ) |
Give a statement of our current performance thresholds for inclusion in a vote document.
int dirserv_get_measured_bw_cache_size | ( | void | ) |
Get the current size of the measured bandwidth cache
int dirserv_get_routerdesc_spool | ( | smartlist_t * | spool_out, |
const char * | key, | ||
dir_spool_source_t | source, | ||
int | conn_is_encrypted, | ||
const char ** | msg_out | ||
) |
As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t pointers, adds copies of digests to fps_out, and doesn't use the /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other requests, adds identity digests.
int dirserv_get_routerdescs | ( | smartlist_t * | descs_out, |
const char * | key, | ||
const char ** | msg | ||
) |
Add a signed_descriptor_t to descs_out for each router matching key. The key should be either
Return 0 if we found some matching descriptors, or -1 if we do not have any descriptors, no matching descriptors, or if we did not recognize the key (URL). If -1 is returned *msg will be set to an appropriate error message.
XXXX rename this function. It's only called from the controller. XXXX in fact, refactor this function, merging as much as possible.
int dirserv_has_measured_bw | ( | const char * | node_id | ) |
Predicate wrapper for dirserv_query_measured_bw_cache()
int dirserv_load_fingerprint_file | ( | void | ) |
Load the nickname->fingerprint mappings stored in the approved-routers file. The file format is line-based, with each non-blank holding one nickname, some space, and a fingerprint for that nickname. On success, replace the current fingerprint list with the new list and return 0. On failure, leave the current fingerprint list untouched, and return -1.
void dirserv_orconn_tls_done | ( | const tor_addr_t * | addr, |
uint16_t | or_port, | ||
const char * | digest_rcvd, | ||
const ed25519_public_key_t * | ed_id_rcvd | ||
) |
Called when a TLS handshake has completed successfully with a router listening at address:or_port, and has yielded a certificate with digest digest_rcvd.
Inform the reachability checker that we could get to this relay.
int dirserv_query_measured_bw_cache_kb | ( | const char * | node_id, |
long * | bw_kb_out, | ||
time_t * | as_of_out | ||
) |
Query the cache by identity digest, return value indicates whether we found it. The bw_out and as_of_out pointers receive the cached bandwidth value and the time it was cached if not NULL.
int dirserv_read_guardfraction_file | ( | const char * | fname, |
smartlist_t * | vote_routerstatuses | ||
) |
Read a guardfraction file at fname and load all its information to vote_routerstatuses.
int dirserv_read_measured_bandwidths | ( | const char * | from_file, |
smartlist_t * | routerstatuses | ||
) |
Read the measured bandwidth file and apply it to the list of vote_routerstatus_t. Returns -1 on error, 0 otherwise.
uint32_t dirserv_router_get_status | ( | const routerinfo_t * | router, |
const char ** | msg, | ||
int | severity | ||
) |
Check whether router has a nickname/identity key combination that we recognize from the fingerprint list, or an IP we automatically act on according to our configuration. Return the appropriate router status.
If the status is 'FP_REJECT' and msg is provided, set *msg to an explanation of why.
void dirserv_set_cached_consensus_networkstatus | ( | const char * | networkstatus, |
const char * | flavor_name, | ||
const common_digests_t * | digests, | ||
const uint8_t * | sha3_as_signed, | ||
time_t | published | ||
) |
Replace the v3 consensus networkstatus of type flavor_name that we're serving with networkstatus, published at published. No validation is performed.
void dirserv_set_node_flags_from_authoritative_status | ( | node_t * | node, |
uint32_t | authstatus | ||
) |
Update the relevant flags of node based on our opinion as a directory authority in authstatus, as returned by dirserv_router_get_status or equivalent.
void dirserv_set_router_is_running | ( | routerinfo_t * | router, |
time_t | now | ||
) |
Treat a router as alive if
int dirserv_should_launch_reachability_test | ( | const routerinfo_t * | ri, |
const routerinfo_t * | ri_old | ||
) |
Called when we, as an authority, receive a new router descriptor either as an upload or a download. Used to decide whether to relaunch reachability testing for the server.
void dirserv_single_reachability_test | ( | time_t | now, |
routerinfo_t * | router | ||
) |
Helper function for dirserv_test_reachability(). Start a TLS connection to router, and annotate it with when we started the test.
void dirserv_spool_remove_missing_and_guess_size | ( | dir_connection_t * | conn, |
time_t | cutoff, | ||
int | compression, | ||
size_t * | size_out, | ||
int * | n_expired_out | ||
) |
Try to guess the number of bytes that will be needed to send the spooled objects for conn's outgoing spool. In the process, remove every element of the spool that refers to an absent object, or which was published earlier than cutoff. Set *size_out to the number of bytes, and *n_expired_out to the number of objects removed for being too old.
void dirserv_spool_sort | ( | dir_connection_t * | conn | ) |
Sort all the entries in conn by digest.
void dirserv_test_reachability | ( | time_t | now | ) |
Auth dir server only: load balance such that we only try a few connections per call.
The load balancing is such that if we get called once every ten seconds, we will cycle through all the tests in REACHABILITY_TEST_CYCLE_PERIOD seconds (a bit over 20 minutes).
int dirserv_would_reject_router | ( | const routerstatus_t * | rs | ) |
Return true if there is no point in downloading the router described by rs because this directory would reject it.
int list_server_status_v1 | ( | smartlist_t * | routers, |
char ** | router_status_out, | ||
int | for_controller | ||
) |
Based on the routerinfo_ts in routers, allocate the contents of a v1-style router-status line, and store it in *router_status_out. Return 0 on success, -1 on failure.
If for_controller is true, include the routers with very old descriptors.
This is deprecated: it's only used for controllers that want outputs in the old format.
cached_dir_t* new_cached_dir | ( | char * | s, |
time_t | published | ||
) |
Allocate and return a new cached_dir_t containing the string s, published at published.
char* routerstatus_format_entry | ( | const routerstatus_t * | rs, |
const char * | version, | ||
const char * | protocols, | ||
routerstatus_format_type_t | format, | ||
int | consensus_method, | ||
const vote_routerstatus_t * | vrs | ||
) |
Helper: write the router-status information in rs into a newly allocated character buffer. Use the same format as in network-status documents. If version is non-NULL, add a "v" line for the platform.
consensus_method is the current consensus method when format is NS_V3_CONSENSUS or NS_V3_CONSENSUS_MICRODESC. It is ignored for other formats: pass ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD.
Return 0 on success, -1 on failure.
The format argument has one of the following values: NS_V2 - Output an entry suitable for a V2 NS opinion document NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry for consensus_method. NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc consensus entry for consensus_method. NS_V3_VOTE - Output a complete V3 NS vote. If vrs is present, it contains additional information for the vote. NS_CONTROL_PORT - Output a NS document for the control port.
void spooled_resource_free_ | ( | spooled_resource_t * | spooled | ) |
Release all storage held by spooled.
spooled_resource_t* spooled_resource_new_from_cache_entry | ( | consensus_cache_entry_t * | entry | ) |
Create a new spooled_resource_t to spool the contents of entry to the user. Return the spooled object on success, or NULL on failure (which is probably caused by a failure to map the body of the item from disk).
Adds a reference to entry's reference counter.
int validate_recommended_package_line | ( | const char * | line | ) |
Return true iff line is a valid RecommendedPackages line.