Macros | Functions | Variables
process_descs.c File Reference

Make decisions about uploaded descriptors. More...

#include "core/or/or.h"
#include "feature/dirauth/process_descs.h"
#include "app/config/config.h"
#include "core/or/policies.h"
#include "core/or/versions.h"
#include "feature/dirauth/dirauth_sys.h"
#include "feature/dirauth/keypin.h"
#include "feature/dirauth/reachability.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/dirparse/routerparse.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/router.h"
#include "core/or/tor_version_st.h"
#include "feature/dirauth/dirauth_options_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/microdesc_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"
#include "feature/nodelist/vote_routerstatus_st.h"
#include "lib/encoding/confline.h"
#include "lib/crypt_ops/crypto_format.h"

Go to the source code of this file.


#define ROUTER_ALLOW_SKEW   (60*60*12)


static void directory_remove_invalid (void)
static was_router_added_t dirserv_add_extrainfo (extrainfo_t *ei, const char **msg)
static uint32_t dirserv_get_status_impl (const char *id_digest, const ed25519_public_key_t *ed25519_public_key, const char *nickname, const tor_addr_t *ipv4_addr, uint16_t ipv4_orport, const char *platform, const char **msg, int severity)
static authdir_config_tauthdir_config_new (void)
int add_rsa_fingerprint_to_dir (const char *fp, authdir_config_t *list, rtr_flags_t add_status)
int add_ed25519_to_dir (const ed25519_public_key_t *edkey, authdir_config_t *list, rtr_flags_t add_status)
int dirserv_add_own_fingerprint (crypto_pk_t *pk, const ed25519_public_key_t *edkey)
int dirserv_load_fingerprint_file (void)
uint32_t dirserv_router_get_status (const routerinfo_t *router, const char **msg, int severity)
int dirserv_would_reject_router (const routerstatus_t *rs, const vote_routerstatus_t *vrs)
STATIC bool dirserv_rejects_tor_version (const char *platform, const char **msg)
void dirserv_free_fingerprint_list (void)
STATIC int dirserv_router_has_valid_address (routerinfo_t *ri)
int authdir_wants_to_reject_router (routerinfo_t *ri, const char **msg, int complain, int *valid_out)
void dirserv_set_node_flags_from_authoritative_status (node_t *node, uint32_t authstatus)
static int WRA_MORE_SEVERE (was_router_added_t a, was_router_added_t b)
was_router_added_t dirserv_add_multiple_descriptors (const char *desc, size_t desclen, uint8_t purpose, const char *source, const char **msg)
was_router_added_t dirserv_add_descriptor (routerinfo_t *ri, const char **msg, const char *source)


static authdir_config_tfingerprint_list = NULL

Detailed Description

Make decisions about uploaded descriptors.

Authorities use the code in this module to decide what to do with just- uploaded descriptors, and to manage the fingerprint file that helps them make those decisions.

Definition in file process_descs.c.

Macro Definition Documentation



Definition at line 279 of file process_descs.c.



Definition at line 15 of file process_descs.c.


#define ROUTER_ALLOW_SKEW   (60*60*12)

How far in the future do we allow a router to get? (seconds)

Definition at line 51 of file process_descs.c.

Function Documentation

◆ add_ed25519_to_dir()

int add_ed25519_to_dir ( const ed25519_public_key_t edkey,
authdir_config_t list,
rtr_flags_t  add_status 

Add the ed25519 key edkey to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status. Return -1 if we were unable to decode the key, else return 0.

Definition at line 135 of file process_descs.c.

◆ add_rsa_fingerprint_to_dir()

int add_rsa_fingerprint_to_dir ( const char *  fp,
authdir_config_t list,
rtr_flags_t  add_status 

Add the fingerprint fp to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status.

Definition at line 100 of file process_descs.c.

◆ authdir_config_new()

static authdir_config_t * authdir_config_new ( void  )

Allocate and return a new, empty, authdir_config_t.

Definition at line 68 of file process_descs.c.

Referenced by dirserv_get_status_impl().

◆ authdir_wants_to_reject_router()

int authdir_wants_to_reject_router ( routerinfo_t ri,
const char **  msg,
int  complain,
int *  valid_out 

Check whether we, as a directory server, want to accept ri. If so, set its is_valid,running fields and return 0. Otherwise, return -1.

If the router is rejected, set *msg to a string constant explining why.

If complain then explain at log-level 'notice' why we refused a descriptor; else explain at log-level 'info'.

Definition at line 571 of file process_descs.c.

◆ directory_remove_invalid()

static void directory_remove_invalid ( void  )

Remove all descriptors whose nicknames or fingerprints no longer are allowed by our fingerprint list. (Descriptors that used to be good can become bad when we reload the fingerprint list.)

Definition at line 932 of file process_descs.c.

◆ dirserv_add_descriptor()

was_router_added_t dirserv_add_descriptor ( routerinfo_t ri,
const char **  msg,
const char *  source 

Examine the parsed server descriptor in ri and maybe insert it into the list of server descriptors. Set *msg to a message that should be passed back to the origin of this descriptor, or NULL if there is no such message. Use source to produce better log messages.

If ri is not added to the list of server descriptors, free it. That means the caller must not access ri after this function returns, since it might have been freed.

Return the status of the operation, and set *msg to a string constant describing the status.

This function is only called when fresh descriptors are posted, not when we re-load the cache.

Definition at line 739 of file process_descs.c.

◆ dirserv_add_extrainfo()

static was_router_added_t dirserv_add_extrainfo ( extrainfo_t ei,
const char **  msg 

As dirserv_add_descriptor, but for an extrainfo_t ei.

Definition at line 871 of file process_descs.c.

◆ dirserv_add_multiple_descriptors()

was_router_added_t dirserv_add_multiple_descriptors ( const char *  desc,
size_t  desclen,
uint8_t  purpose,
const char *  source,
const char **  msg 

As for dirserv_add_descriptor(), but accepts multiple documents, and returns the most severe error that occurred for any one of them.

Definition at line 642 of file process_descs.c.

◆ dirserv_add_own_fingerprint()

int dirserv_add_own_fingerprint ( crypto_pk_t pk,
const ed25519_public_key_t edkey 

Add the fingerprint for this OR to the global list of recognized identity key fingerprints.

Definition at line 161 of file process_descs.c.

◆ dirserv_free_fingerprint_list()

void dirserv_free_fingerprint_list ( void  )

Clear the current fingerprint list.

Definition at line 517 of file process_descs.c.

◆ dirserv_get_status_impl()

static uint32_t dirserv_get_status_impl ( const char *  id_digest,
const ed25519_public_key_t ed25519_public_key,
const char *  nickname,
const tor_addr_t ipv4_addr,
uint16_t  ipv4_orport,
const char *  platform,
const char **  msg,
int  severity 

Helper: As dirserv_router_get_status, but takes the router fingerprint (hex, no spaces), ed25519 key, nickname, address (used for logging only), IP address, OR port and platform (logging only) as arguments.

Log messages at 'severity'. (There's not much point in logging that we're rejecting servers we'll not download.)

Definition at line 426 of file process_descs.c.

Referenced by dirserv_would_reject_router().

◆ dirserv_load_fingerprint_file()

int dirserv_load_fingerprint_file ( void  )

Load the nickname->fingerprint mappings stored in the approved-routers file. The file format is line-based, with each non-blank holding one nickname, some space, and a fingerprint for that nickname. On success, replace the current fingerprint list with the new list and return 0. On failure, leave the current fingerprint list untouched, and return -1.

Definition at line 187 of file process_descs.c.

◆ dirserv_rejects_tor_version()

STATIC bool dirserv_rejects_tor_version ( const char *  platform,
const char **  msg 

Check whether the platform string in platform describes a platform that, as a directory authority, we want to reject. If it does, return true, and set *msg (if present) to a rejection message. Otherwise return false.

Definition at line 398 of file process_descs.c.

◆ dirserv_router_get_status()

uint32_t dirserv_router_get_status ( const routerinfo_t router,
const char **  msg,
int  severity 

Check whether router has:

  • a nickname/identity key combination that we recognize from the fingerprint list,
  • an IP we automatically act on according to our configuration,
  • an appropriate version, and
  • matching pinned keys.

Return the appropriate router status.

If the status is 'RTR_REJECT' and msg is provided, set *msg to a string constant explaining why.

Definition at line 293 of file process_descs.c.

Referenced by directory_remove_invalid().

◆ dirserv_router_has_valid_address()

STATIC int dirserv_router_has_valid_address ( routerinfo_t ri)

Return -1 if ri has a private or otherwise bad address, unless we're configured to not care. Return 0 if all ok.

Definition at line 535 of file process_descs.c.

◆ dirserv_set_node_flags_from_authoritative_status()

void dirserv_set_node_flags_from_authoritative_status ( node_t node,
uint32_t  authstatus 

Update the relevant flags of node based on our opinion as a directory authority in authstatus, as returned by dirserv_router_get_status or equivalent.

Definition at line 624 of file process_descs.c.

◆ dirserv_would_reject_router()

int dirserv_would_reject_router ( const routerstatus_t rs,
const vote_routerstatus_t vrs 

Return true if there is no point in downloading the router described by rs because this directory would reject it.

Definition at line 377 of file process_descs.c.


static int WRA_MORE_SEVERE ( was_router_added_t  a,
was_router_added_t  b 

True iff a is more severe than b.

Definition at line 634 of file process_descs.c.

Variable Documentation

◆ fingerprint_list

authdir_config_t* fingerprint_list = NULL

Should be static; exposed for testing.

Definition at line 64 of file process_descs.c.

Referenced by dirserv_free_fingerprint_list(), and dirserv_get_status_impl().