Header file for router.c. More...
#include "testsupport.h"
Go to the source code of this file.
Macros | |
| #define | TOR_ROUTERINFO_ERROR_NO_EXT_ADDR (-1) |
| #define | TOR_ROUTERINFO_ERROR_CANNOT_PARSE (-2) |
| #define | TOR_ROUTERINFO_ERROR_NOT_A_SERVER (-3) |
| #define | TOR_ROUTERINFO_ERROR_DIGEST_FAILED (-4) |
| #define | TOR_ROUTERINFO_ERROR_CANNOT_GENERATE (-5) |
| #define | TOR_ROUTERINFO_ERROR_DESC_REBUILDING (-6) |
| #define | ntor_key_map_free(map) FREE_AND_NULL(di_digest256_map_t, ntor_key_map_free_, (map)) |
Detailed Description
Header file for router.c.
Function Documentation
◆ authdir_mode()
| int authdir_mode | ( | const or_options_t * | options | ) |
Return true iff we believe ourselves to be an authoritative directory server.
◆ authdir_mode_bridge()
| int authdir_mode_bridge | ( | const or_options_t * | options | ) |
Return true iff we believe ourselves to be a bridge authoritative directory server.
◆ authdir_mode_handles_descs()
| int authdir_mode_handles_descs | ( | const or_options_t * | options, |
| int | purpose | ||
| ) |
Return true iff we are an authoritative directory server that is authoritative about receiving and serving descriptors of type purpose on its dirport.
◆ authdir_mode_publishes_statuses()
| int authdir_mode_publishes_statuses | ( | const or_options_t * | options | ) |
Return true iff we are an authoritative directory server that publishes its own network statuses.
◆ authdir_mode_tests_reachability()
| int authdir_mode_tests_reachability | ( | const or_options_t * | options | ) |
Return true iff we are an authoritative directory server that tests reachability of the descriptors it learns about.
◆ check_descriptor_bandwidth_changed()
| void check_descriptor_bandwidth_changed | ( | time_t | now | ) |
Check whether bandwidth has changed a lot since the last time we announced bandwidth. If so, mark our descriptor dirty.
◆ check_descriptor_ipaddress_changed()
| void check_descriptor_ipaddress_changed | ( | time_t | now | ) |
Check whether our own address as defined by the Address configuration has changed. This is for routers that get their address from a service like dyndns. If our address has changed, mark our descriptor dirty.
◆ check_whether_dirport_reachable()
| int check_whether_dirport_reachable | ( | const or_options_t * | options | ) |
Return 0 if we need to do a DirPort reachability check, because:
- no reachability check has been done yet, or
- we've initiated reachability checks, but none have succeeded. Return 1 if we don't need to do a DirPort reachability check, because:
- we've seen a successful reachability check, or
- there is no DirPort set, or
- AssumeReachable is set, or
- the network is disabled.
◆ check_whether_orport_reachable()
| int check_whether_orport_reachable | ( | const or_options_t * | options | ) |
Return 0 if we need to do an ORPort reachability check, because:
- no reachability check has been done yet, or
- we've initiated reachability checks, but none have succeeded. Return 1 if we don't need to do an ORPort reachability check, because:
- we've seen a successful reachability check, or
- AssumeReachable is set, or
- the network is disabled.
◆ client_identity_key_is_set()
| int client_identity_key_is_set | ( | void | ) |
Return true iff the client identity key has been set.
◆ consider_publishable_server()
| void consider_publishable_server | ( | int | force | ) |
Initiate server descriptor upload as reasonable (if server is publishable, etc). force is as for router_upload_dir_desc_to_dirservers.
We need to rebuild the descriptor if it's dirty even if we're not uploading, because our reachability testing uses our descriptor to determine what IP address and ports to test.
◆ construct_ntor_key_map()
| di_digest256_map_t* construct_ntor_key_map | ( | void | ) |
Return a map from KEYID (the key itself) to keypairs for use in the ntor handshake. Must only be called from the main thread.
◆ dir_server_mode()
| int dir_server_mode | ( | const or_options_t * | options | ) |
Return 1 if we are configured to accept either relay or directory requests from clients and we aren't at risk of exceeding our bandwidth limits, thus we should be a directory server. If not, return 0.
◆ dup_onion_keys()
| void dup_onion_keys | ( | crypto_pk_t ** | key, |
| crypto_pk_t ** | last | ||
| ) |
Store a full copy of the current onion key into *key, and a full copy of the most recent onion key into *last. Store NULL into a pointer if the corresponding key does not exist.
◆ expire_old_onion_keys()
| void expire_old_onion_keys | ( | void | ) |
Expire our old set of onion keys. This is done by setting last_curve25519_onion_key and lastonionkey to all zero's and NULL respectively.
This function does not perform any grace period checks for the old onion keys.
◆ extend_info_describe()
| const char* extend_info_describe | ( | const extend_info_t * | ei | ) |
Return a human-readable description of the extend_info_t ei.
This function is not thread-safe. Each call to this function invalidates previous values returned by this function.
◆ extrainfo_dump_to_string()
| int extrainfo_dump_to_string | ( | char ** | s_out, |
| extrainfo_t * | extrainfo, | ||
| crypto_pk_t * | ident_key, | ||
| const ed25519_keypair_t * | signing_keypair | ||
| ) |
Write the contents of extrainfo and aggregated statistics to *s_out, signing them with ident_key. Return 0 on success, negative on failure.
◆ get_my_v3_authority_signing_key()
| crypto_pk_t* get_my_v3_authority_signing_key | ( | void | ) |
Return the v3 signing key for this v3 (voting) authority, or NULL if we have no such key.
◆ get_my_v3_legacy_cert()
| authority_cert_t* get_my_v3_legacy_cert | ( | void | ) |
If we're an authority, and we're using a legacy authority identity key for emergency migration purposes, return the certificate associated with that key.
◆ get_my_v3_legacy_signing_key()
| crypto_pk_t* get_my_v3_legacy_signing_key | ( | void | ) |
If we're an authority, and we're using a legacy authority identity key for emergency migration purposes, return that key.
◆ get_onion_key()
| crypto_pk_t* get_onion_key | ( | void | ) |
Return the current onion key. Requires that the onion key has been loaded or generated.
◆ get_onion_key_grace_period()
| int get_onion_key_grace_period | ( | void | ) |
Get the grace period of an onion key in seconds. This value is defined by the network consesus parameter "onion-key-grace-period-days", but the value is converted to seconds.
◆ get_onion_key_lifetime()
| int get_onion_key_lifetime | ( | void | ) |
Get the current lifetime of an onion key in seconds. This value is defined by the network consesus parameter "onion-key-rotation-days", but the value is converted to seconds.
◆ get_onion_key_set_at()
| time_t get_onion_key_set_at | ( | void | ) |
Return the time when the onion key was last set. This is either the time when the process launched, or the time of the most recent key rotation since the process launched.
◆ get_server_identity_key()
| crypto_pk_t* get_server_identity_key | ( | void | ) |
Returns the current server identity key; requires that the key has been set, and that we are running as a Tor server.
◆ get_tlsclient_identity_key()
| crypto_pk_t* get_tlsclient_identity_key | ( | void | ) |
Returns the current client identity key for use on outgoing TLS connections; requires that the key has been set.
◆ init_key_from_file()
| crypto_pk_t* init_key_from_file | ( | const char * | fname, |
| int | generate, | ||
| int | severity, | ||
| int | log_greeting | ||
| ) |
Try to read an RSA key from fname. If fname doesn't exist and generate is true, create a new RSA key and save it in fname. Return the read/created key, or NULL on error. Log all errors at level severity. If log_greeting is non-zero and a new key was created, log_new_relay_greeting() is called.
◆ init_keys()
| int init_keys | ( | void | ) |
Initialize all OR private keys, and the TLS context, as necessary. On OPs, this only initializes the tls context. Return 0 on success, or -1 if Tor should die.
◆ is_legal_hexdigest()
| int is_legal_hexdigest | ( | const char * | s | ) |
Return true iff s is a valid hex-encoded identity-key digest. (That is, an optional $, followed by 40 hex characters, followed by either nothing, or = or ~ followed by a nickname, or a character other than =, ~, or a hex character.)
◆ is_legal_nickname()
| int is_legal_nickname | ( | const char * | s | ) |
Return true iff s is a valid server nickname. (That is, a string containing between 1 and MAX_NICKNAME_LEN characters from LEGAL_NICKNAME_CHARACTERS.)
◆ is_legal_nickname_or_hexdigest()
| int is_legal_nickname_or_hexdigest | ( | const char * | s | ) |
Return true iff s is a valid server nickname or hex-encoded identity-key digest.
◆ mark_my_descriptor_dirty()
| void mark_my_descriptor_dirty | ( | const char * | reason | ) |
Call when the current descriptor is out of date.
◆ mark_my_descriptor_dirty_if_too_old()
| void mark_my_descriptor_dirty_if_too_old | ( | time_t | now | ) |
Mark descriptor out of date if it's been "too long" since we last tried to upload one.
◆ net_is_completely_disabled()
| int net_is_completely_disabled | ( | void | ) |
Return true iff our network is in some sense "completely disabled" either we're fully hibernating or the network is turned off with DisableNetwork.
◆ net_is_disabled()
| int net_is_disabled | ( | void | ) |
Return true iff our network is in some sense disabled or shutting down: either we're hibernating, entering hibernation, or the network is turned off with DisableNetwork.
◆ node_describe()
| const char* node_describe | ( | const node_t * | node | ) |
Return a human-readable description of the node_t node.
This function is not thread-safe. Each call to this function invalidates previous values returned by this function.
◆ ntor_key_map_free_()
| void ntor_key_map_free_ | ( | di_digest256_map_t * | map | ) |
Release all storage from a keymap returned by construct_ntor_key_map.
◆ proxy_mode()
| int proxy_mode | ( | const or_options_t * | options | ) |
Return true iff we are trying to proxy client connections.
◆ rotate_onion_key()
| void rotate_onion_key | ( | void | ) |
Replace the previous onion key with the current onion key, and generate a new previous onion key. Immediately after calling this function, the OR should:
- schedule all previous cpuworkers to shut down after processing pending work. (This will cause fresh cpuworkers to be generated.)
- generate and upload a fresh routerinfo.
◆ router_build_fresh_descriptor()
| int router_build_fresh_descriptor | ( | routerinfo_t ** | r, |
| extrainfo_t ** | e | ||
| ) |
Build a fresh routerinfo, signed server descriptor, and extra-info document for this OR. Set r to the generated routerinfo, e to the generated extra-info document. Return 0 on success, -1 on temporary error. Failure to generate an extra-info document is not an error and is indicated by setting e to NULL. Caller is responsible for freeing generated documents if 0 is returned.
◆ router_compare_to_my_exit_policy()
| int router_compare_to_my_exit_policy | ( | const tor_addr_t * | addr, |
| uint16_t | port | ||
| ) |
OR only: Check whether my exit policy says to allow connection to conn. Return 0 if we accept; non-0 if we reject.
◆ router_describe()
| const char* router_describe | ( | const routerinfo_t * | ri | ) |
Return a human-readable description of the routerinfo_t ri.
This function is not thread-safe. Each call to this function invalidates previous values returned by this function.
◆ router_digest_is_me()
| int router_digest_is_me | ( | const char * | digest | ) |
Return true iff I'm a server and digest is equal to my server identity key digest.
◆ router_dirport_found_reachable()
| void router_dirport_found_reachable | ( | void | ) |
Annotate that we found our DirPort reachable.
◆ router_do_reachability_checks()
| void router_do_reachability_checks | ( | int | test_or, |
| int | test_dir | ||
| ) |
Some time has passed, or we just got new directory information. See if we currently believe our ORPort or DirPort to be unreachable. If so, launch a new test for it.
For ORPort, we simply try making a circuit that ends at ourselves. Success is noticed in onionskin_answer().
For DirPort, we make a connection via Tor to our DirPort and ask for our own server descriptor. Success is noticed in connection_dir_client_reached_eof().
◆ router_dump_exit_policy_to_string()
| char* router_dump_exit_policy_to_string | ( | const routerinfo_t * | router, |
| int | include_ipv4, | ||
| int | include_ipv6 | ||
| ) |
OR only: Given router, produce a string with its exit policy. If include_ipv4 is true, include IPv4 entries. If include_ipv6 is true, include IPv6 entries.
◆ router_dump_router_to_string()
| char* router_dump_router_to_string | ( | routerinfo_t * | router, |
| const crypto_pk_t * | ident_key, | ||
| const crypto_pk_t * | tap_key, | ||
| const curve25519_keypair_t * | ntor_keypair, | ||
| const ed25519_keypair_t * | signing_keypair | ||
| ) |
OR only: Given a routerinfo for this router, and an identity key to sign with, encode the routerinfo as a signed server descriptor and return a new string encoding the result, or NULL on failure.
◆ router_extrainfo_digest_is_me()
| int router_extrainfo_digest_is_me | ( | const char * | digest | ) |
Return true iff I'm a server and digest is equal to my identity digest.
◆ router_free_all()
| void router_free_all | ( | void | ) |
Release all static resources held in router.c
◆ router_get_active_listener_port_by_type_af()
| uint16_t router_get_active_listener_port_by_type_af | ( | int | listener_type, |
| sa_family_t | family | ||
| ) |
Return the port of the first active listener of type listener_type. XXX not a very good interface. it's not reliable when there are multiple listeners.
◆ router_get_advertised_dir_port()
| uint16_t router_get_advertised_dir_port | ( | const or_options_t * | options, |
| uint16_t | dirport | ||
| ) |
Return the port that we should advertise as our DirPort; this is one of three possibilities: The one that is passed as dirport if the DirPort option is 0, or the one configured in the DirPort option, or the one we actually bound to if DirPort is "auto".
◆ router_get_advertised_or_port()
| uint16_t router_get_advertised_or_port | ( | const or_options_t * | options | ) |
Return the port that we should advertise as our ORPort; this is either the one configured in the ORPort option, or the one we actually bound to if ORPort is "auto".
◆ router_get_advertised_or_port_by_af()
| uint16_t router_get_advertised_or_port_by_af | ( | const or_options_t * | options, |
| sa_family_t | family | ||
| ) |
As router_get_advertised_or_port(), but allows an address family argument.
◆ router_get_all_orports()
| smartlist_t* router_get_all_orports | ( | const routerinfo_t * | ri | ) |
Return a smartlist of tor_addr_port_t's with all the OR ports of ri. Note that freeing of the items in the list as well as the smartlist itself is the callers responsibility.
◆ router_get_descriptor_gen_reason()
| const char* router_get_descriptor_gen_reason | ( | void | ) |
Return a human-readable string describing what triggered us to generate our current descriptor, or NULL if we don't know.
◆ router_get_my_descriptor()
| const char* router_get_my_descriptor | ( | void | ) |
OR only: Return a signed server descriptor for this OR, rebuilding a fresh one if necessary. Return NULL on error.
◆ router_get_my_extrainfo()
| extrainfo_t* router_get_my_extrainfo | ( | void | ) |
Return the extrainfo document for this OR, or NULL if we have none. Rebuilt it (and the server descriptor) if necessary.
◆ router_get_my_id_digest()
| const uint8_t* router_get_my_id_digest | ( | void | ) |
Return my identity digest.
◆ router_get_prim_orport()
| void router_get_prim_orport | ( | const routerinfo_t * | router, |
| tor_addr_port_t * | ap_out | ||
| ) |
Copy the primary (IPv4) OR port (IP address and TCP port) for router into *ap_out.
◆ router_get_verbose_nickname()
| void router_get_verbose_nickname | ( | char * | buf, |
| const routerinfo_t * | router | ||
| ) |
Set buf (which must have MAX_VERBOSE_NICKNAME_LEN+1 bytes) to the verbose representation of the identity of router. The format is: A dollar sign. The upper-case hexadecimal encoding of the SHA1 hash of router's identity. A "=" if the router is named (no longer implemented); a "~" if it is not. The router's nickname.
◆ router_has_addr()
| int router_has_addr | ( | const routerinfo_t * | router, |
| const tor_addr_t * | addr | ||
| ) |
Return 1 if any of router's addresses are addr. Otherwise return 0.
◆ router_initialize_tls_context()
| int router_initialize_tls_context | ( | void | ) |
Set up Tor's TLS contexts, based on our configuration and keys. Return 0 on success, and -1 on failure.
◆ router_is_me()
| int router_is_me | ( | const routerinfo_t * | router | ) |
A wrapper around router_digest_is_me().
◆ router_new_address_suggestion()
| void router_new_address_suggestion | ( | const char * | suggestion, |
| const dir_connection_t * | d_conn | ||
| ) |
A directory server d_conn told us our IP address is suggestion. If this address is different from the one we think we are now, and if our computer doesn't actually know its IP address, then switch.
◆ router_orport_found_reachable()
| void router_orport_found_reachable | ( | void | ) |
Annotate that we found our ORPort reachable.
◆ router_perform_bandwidth_test()
| void router_perform_bandwidth_test | ( | int | num_circs, |
| time_t | now | ||
| ) |
We have enough testing circuits open. Send a bunch of "drop" cells down each of them, to exercise our bandwidth.
◆ router_purpose_from_string()
| uint8_t router_purpose_from_string | ( | const char * | s | ) |
Given a string, convert it to a router purpose.
◆ router_purpose_to_string()
| const char* router_purpose_to_string | ( | uint8_t | p | ) |
Given a router purpose, convert it to a string. Don't call this on ROUTER_PURPOSE_UNKNOWN: The whole point of that value is that we don't know its string representation.
◆ router_rebuild_descriptor()
| int router_rebuild_descriptor | ( | int | force | ) |
If force is true, or our descriptor is out-of-date, rebuild a fresh routerinfo, signed server descriptor, and extra-info document for this OR. Return 0 on success, -1 on temporary error.
◆ router_reset_reachability()
| void router_reset_reachability | ( | void | ) |
Forget what we have learned about our reachability status.
◆ router_reset_warnings()
| void router_reset_warnings | ( | void | ) |
Forget that we have issued any router-related warnings, so that we'll warn again if we see the same errors.
◆ router_upload_dir_desc_to_dirservers()
| void router_upload_dir_desc_to_dirservers | ( | int | force | ) |
OR only: If force is true, or we haven't uploaded this descriptor successfully yet, try to upload our signed descriptor to all the directory servers we know about.
◆ routerinfo_err_is_transient()
| int routerinfo_err_is_transient | ( | int | err | ) |
Return true if we expect given error to be transient. Return false otherwise.
◆ routerinfo_err_to_string()
| const char* routerinfo_err_to_string | ( | int | err | ) |
Return a readonly string with human readable description of err.
◆ routerstatus_describe()
| const char* routerstatus_describe | ( | const routerstatus_t * | rs | ) |
Return a human-readable description of the routerstatus_t rs.
This function is not thread-safe. Each call to this function invalidates previous values returned by this function.
◆ server_identity_key_is_set()
| int server_identity_key_is_set | ( | void | ) |
Return true iff we are a server and the server identity key has been set.
◆ set_client_identity_key()
| void set_client_identity_key | ( | crypto_pk_t * | k | ) |
Set the current client identity key to k.
◆ set_server_identity_key()
| void set_server_identity_key | ( | crypto_pk_t * | k | ) |
Set the current server identity key to k.
◆ should_refuse_unknown_exits()
| int should_refuse_unknown_exits | ( | const or_options_t * | options | ) |
Return true iff the combination of options in options and parameters in the consensus mean that we don't want to allow exits from circuits we got from addresses not known to be servers.
◆ v3_authority_check_key_expiry()
| void v3_authority_check_key_expiry | ( | void | ) |
If we're a v3 authority, check whether we have a certificate that's likely to expire soon. Warn if we do, but not too often.
