|
Tor 0.4.9.3-alpha-dev
|
Miscellaneous relay functionality, including RSA key maintenance, generating and uploading server descriptors, picking an address to advertise, and so on. More...
#include "core/or/or.h"#include "app/config/config.h"#include "app/config/resolve_addr.h"#include "app/config/statefile.h"#include "app/main/main.h"#include "core/mainloop/connection.h"#include "core/mainloop/mainloop.h"#include "core/mainloop/netstatus.h"#include "core/or/policies.h"#include "core/or/protover.h"#include "feature/client/transports.h"#include "feature/control/control_events.h"#include "feature/dirauth/process_descs.h"#include "feature/dircache/dirserv.h"#include "feature/dirclient/dirclient.h"#include "feature/dircommon/directory.h"#include "feature/dirparse/authcert_parse.h"#include "feature/dirparse/routerparse.h"#include "feature/dirparse/signing.h"#include "feature/hibernate/hibernate.h"#include "feature/keymgt/loadkey.h"#include "feature/nodelist/authcert.h"#include "feature/nodelist/dirlist.h"#include "feature/nodelist/networkstatus.h"#include "feature/nodelist/nickname.h"#include "feature/nodelist/nodefamily.h"#include "feature/nodelist/nodelist.h"#include "feature/nodelist/routerlist.h"#include "feature/nodelist/torcert.h"#include "feature/relay/dns.h"#include "feature/relay/relay_config.h"#include "feature/relay/relay_find_addr.h"#include "feature/relay/relay_periodic.h"#include "feature/relay/router.h"#include "feature/relay/routerkeys.h"#include "feature/relay/routermode.h"#include "feature/relay/selftest.h"#include "lib/geoip/geoip.h"#include "feature/stats/geoip_stats.h"#include "feature/stats/bwhist.h"#include "feature/stats/rephist.h"#include "lib/crypt_ops/crypto_ed25519.h"#include "lib/crypt_ops/crypto_format.h"#include "lib/crypt_ops/crypto_init.h"#include "lib/crypt_ops/crypto_rand.h"#include "lib/crypt_ops/crypto_util.h"#include "lib/encoding/confline.h"#include "lib/osinfo/uname.h"#include "lib/tls/tortls.h"#include "lib/version/torversion.h"#include "feature/dirauth/authmode.h"#include "app/config/or_state_st.h"#include "core/or/port_cfg_st.h"#include "feature/dirclient/dir_server_st.h"#include "feature/dircommon/dir_connection_st.h"#include "feature/nodelist/authority_cert_st.h"#include "feature/nodelist/extrainfo_st.h"#include "feature/nodelist/networkstatus_st.h"#include "feature/nodelist/node_st.h"#include "feature/nodelist/routerinfo_st.h"#include "feature/nodelist/routerstatus_st.h"Go to the source code of this file.
Macros | |
| #define | ROUTER_PRIVATE |
| #define | SHOULD_PUBLISH_TAP_MIN 0 |
| #define | SHOULD_PUBLISH_TAP_MAX 1 |
| #define | SHOULD_PUBLISH_TAP_DFLT 1 |
| #define | MIN_BW_TO_ADVERTISE_DIRSERVER 51200 |
| #define | FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60) |
| #define | FAST_RETRY_DESCRIPTOR_INTERVAL (90*60) |
| #define | MAX_BANDWIDTH_CHANGE_FREQ (3*60*60) |
| #define | MAX_UPTIME_BANDWIDTH_CHANGE (24*60*60) |
| #define | BANDWIDTH_CHANGE_FACTOR 2 |
| #define | DEBUG_ROUTER_DUMP_ROUTER_TO_STRING |
| #define | FAMILY_CERT_LIFETIME (30*86400) |
Miscellaneous relay functionality, including RSA key maintenance, generating and uploading server descriptors, picking an address to advertise, and so on.
This module handles the job of deciding whether we are a Tor relay, and if so what kind. (Mostly through functions like server_mode() that inspect an or_options_t, but in some cases based on our own capabilities, such as when we are deciding whether to be a directory cache in router_has_bandwidth_to_be_dirserver().)
Also in this module are the functions to generate our own routerinfo_t and extrainfo_t, and to encode those to signed strings for upload to the directory authorities.
This module also handles key maintenance for RSA and Curve25519-ntor keys, and for our TLS context. (These functions should eventually move to routerkeys.c along with the code that handles Ed25519 keys now.)
Definition in file router.c.
| #define BANDWIDTH_CHANGE_FACTOR 2 |
| #define FAST_RETRY_DESCRIPTOR_INTERVAL (90*60) |
| #define FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60) |
| #define MAX_BANDWIDTH_CHANGE_FREQ (3*60*60) |
| #define MAX_UPTIME_BANDWIDTH_CHANGE (24*60*60) |
| #define MIN_BW_TO_ADVERTISE_DIRSERVER 51200 |
|
static |
Make sure that we have set up our identity keys to match or not match as appropriate, and die with an assertion if we have not.
Definition at line 401 of file router.c.
Referenced by get_tlsclient_identity_key().
| void check_descriptor_bandwidth_changed | ( | time_t | now | ) |
Check whether bandwidth has changed a lot since the last time we announced bandwidth while the uptime is smaller than MAX_UPTIME_BANDWIDTH_CHANGE. If so, mark our descriptor dirty.
Definition at line 2632 of file router.c.
Referenced by check_descriptor_callback().
| void check_descriptor_ipaddress_changed | ( | time_t | now | ) |
Check whether our own address has changed versus the one we have in our current descriptor.
If our address has changed, call ip_address_changed() which takes appropriate actions.
Definition at line 2710 of file router.c.
Referenced by check_descriptor_callback().
| int client_identity_key_is_set | ( | void | ) |
| void consider_publishable_server | ( | int | force | ) |
Initiate server descriptor upload as reasonable (if server is publishable, etc). force is as for router_upload_dir_desc_to_dirservers.
We need to rebuild the descriptor if it's dirty even if we're not uploading, because our reachability testing uses our descriptor to determine what IP address and ports to test.
Definition at line 1477 of file router.c.
Referenced by check_descriptor_callback().
| di_digest256_map_t * construct_ntor_key_map | ( | void | ) |
Return a map from KEYID (the key itself) to keypairs for use in the ntor handshake. Must only be called from the main thread.
Definition at line 324 of file router.c.
Referenced by server_onion_keys_new().
|
static |
Decide if we're a publishable server. We are a publishable server if:
Definition at line 1436 of file router.c.
Referenced by consider_publishable_server().
|
static |
Look at a variety of factors, and return 0 if we don't want to advertise the fact that we have begindir support, else return 1.
Log a helpful message if we change our mind about whether to publish.
Definition at line 1357 of file router.c.
Referenced by router_should_advertise_begindir().
| void dup_onion_keys | ( | crypto_pk_t ** | key, |
| crypto_pk_t ** | last | ||
| ) |
Store a full copy of the current onion key into *key, and a full copy of the most recent onion key into *last. Store NULL into a pointer if the corresponding key does not exist.
Definition at line 252 of file router.c.
Referenced by server_onion_keys_new().
| void expire_old_onion_keys | ( | void | ) |
| int extrainfo_dump_to_string | ( | char ** | s_out, |
| extrainfo_t * | extrainfo, | ||
| crypto_pk_t * | ident_key, | ||
| const ed25519_keypair_t * | signing_keypair | ||
| ) |
Write the contents of extrainfo, to * *s_out, signing them with ident_key.
If ExtraInfoStatistics is 1, also write aggregated statistics and related configuration data before signing. Most statistics also have an option that enables or disables that particular statistic.
Always write pluggable transport lines.
Return 0 on success, negative on failure.
Definition at line 3549 of file router.c.
Referenced by extrainfo_dump_to_string(), and router_dump_and_sign_extrainfo_descriptor_body().
|
static |
Add an ed25519 signature of chunks to chunks, using the ed25519 keypair signing_keypair. Helper for extrainfo_dump_to_string(). Returns 0 on success, negative on failure.
Definition at line 3472 of file router.c.
Referenced by extrainfo_dump_to_string().
|
static |
Add header strings to chunks, based on the extrainfo object extrainfo, and ed25519 keypair signing_keypair, if emit_ed_sigs is true. Helper for extrainfo_dump_to_string(). Returns 0 on success, negative on failure.
Definition at line 3313 of file router.c.
Referenced by extrainfo_dump_to_string().
|
static |
Add an RSA signature of extrainfo_string to chunks, using the RSA key ident_key. Helper for extrainfo_dump_to_string(). Returns 0 on success, negative on failure.
Definition at line 3509 of file router.c.
Referenced by extrainfo_dump_to_string().
|
static |
Add pluggable transport and statistics strings to chunks, skipping statistics if write_stats_to_extrainfo is false. Helper for extrainfo_dump_to_string(). Can not fail.
Definition at line 3377 of file router.c.
Referenced by extrainfo_dump_to_string().
| STATIC const struct curve25519_keypair_t * get_current_curve25519_keypair | ( | void | ) |
Return the current secret onion key for the ntor handshake. Must only be called from the main thread.
Definition at line 316 of file router.c.
Referenced by router_build_fresh_unsigned_routerinfo(), and router_dump_and_sign_routerinfo_descriptor_body().
| STATIC smartlist_t * get_my_declared_family | ( | const or_options_t * | options | ) |
Return a new smartlist containing the family members configured in options. Warn about invalid or missing entries. Return NULL if this relay should not declare a family.
Definition at line 1977 of file router.c.
Referenced by router_build_fresh_unsigned_routerinfo().
| authority_cert_t * get_my_v3_authority_cert | ( | void | ) |
Return the key certificate for this v3 (voting) authority, or NULL if we have no such certificate.
Definition at line 474 of file router.c.
Referenced by authority_cert_get_by_sk_digest(), dirvote_act(), dirvote_compute_consensuses(), dirvote_get_vote(), dirvote_perform_vote(), handle_get_keys(), init_keys(), new_protocol_run(), and sr_state_update().
| crypto_pk_t * get_my_v3_authority_signing_key | ( | void | ) |
Return the v3 signing key for this v3 (voting) authority, or NULL if we have no such key.
Definition at line 482 of file router.c.
Referenced by dirvote_compute_consensuses(), and dirvote_perform_vote().
| authority_cert_t * get_my_v3_legacy_cert | ( | void | ) |
If we're an authority, and we're using a legacy authority identity key for emergency migration purposes, return the certificate associated with that key.
Definition at line 491 of file router.c.
Referenced by authority_cert_get_by_sk_digest(), dirserv_generate_networkstatus_vote_obj(), and dirvote_compute_consensuses().
| crypto_pk_t * get_my_v3_legacy_signing_key | ( | void | ) |
If we're an authority, and we're using a legacy authority identity key for emergency migration purposes, return that key.
Definition at line 499 of file router.c.
Referenced by dirvote_compute_consensuses().
| crypto_pk_t * get_onion_key | ( | void | ) |
Return the current TAP onion key. Requires that the onion key has been loaded or generated.
Note that this key is no longer used for anything; we only keep it around because (as of June 2024) other Tor instances all expect to find it in our routerdescs.
Definition at line 222 of file router.c.
Referenced by router_build_fresh_unsigned_routerinfo(), and router_dump_and_sign_routerinfo_descriptor_body().
| int get_onion_key_grace_period | ( | void | ) |
| int get_onion_key_lifetime | ( | void | ) |
Get the current lifetime of an onion key in seconds. This value is defined by the network consensus parameter "onion-key-rotation-days", but the value is converted to seconds.
Definition at line 819 of file router.c.
Referenced by router_dump_router_to_string().
|
static |
Get the lifetime of an onion key in days. This value is defined by the network consensus parameter "onion-key-rotation-days". Always returns a value between MIN_ONION_KEY_LIFETIME_DAYS and MAX_ONION_KEY_LIFETIME_DAYS.
Definition at line 805 of file router.c.
Referenced by get_onion_key_grace_period(), and get_onion_key_lifetime().
| time_t get_onion_key_set_at | ( | void | ) |
| STATIC void get_platform_str | ( | char * | platform, |
| size_t | len | ||
| ) |
Set platform (max length len) to a NUL-terminated short string describing the version of Tor and the operating system we're currently running on.
Definition at line 2774 of file router.c.
Referenced by router_build_fresh_unsigned_routerinfo().
| crypto_pk_t * get_tlsclient_identity_key | ( | void | ) |
Returns the current client identity key for use on outgoing TLS connections; requires that the key has been set.
Definition at line 457 of file router.c.
Referenced by channel_set_circid_type(), and router_initialize_tls_context().
|
static |
Load a curve25519 keypair from the file fname, writing it into keys_out. If the file isn't found, or is empty, and generate is true, create a new keypair and write it into the file. If there are errors, log them at level severity. Generate files using tag in their ASCII wrapper.
Definition at line 610 of file router.c.
Referenced by init_keys().
| int init_keys | ( | void | ) |
Initialize all OR private keys, and the TLS context, as necessary. On OPs, this only initializes the tls context. Return 0 on success, or -1 if Tor should die.
Definition at line 994 of file router.c.
Referenced by accounting_set_wakeup_time(), do_list_fingerprint(), options_act_relay(), and tor_run_main().
|
static |
Load the v3 (voting) authority signing key and certificate, if they are present. Return -1 if anything is missing, mismatched, or unloadable; return 0 on success.
Definition at line 739 of file router.c.
Referenced by init_keys().
|
static |
Try to load the vote-signing private key and certificate for being a v3 directory authority, and make sure they match. If legacy, load a legacy key/cert set for emergency key migration; otherwise load the regular key/cert set. On success, store them into *key_out and *cert_out respectively, and return 0. On failure, return -1.
Definition at line 682 of file router.c.
Referenced by init_v3_authority_keys().
| STATIC int load_stats_file | ( | const char * | filename, |
| const char * | ts_tag, | ||
| time_t | now, | ||
| char ** | out | ||
| ) |
Load the contents of filename, find a line starting with timestamp tag ts_tag, ensure that its timestamp is not more than 25 hours in the past or more than 1 hour in the future with respect to now, and write the entire file contents into out.
The timestamp expected should be an ISO-formatted UTC time value which is parsed using our parse_iso_time() function.
In case more than one tag are found in the file, the very first one is used.
Return 1 for success, 0 if the file does not exist or is empty, or -1 if the file does not contain a line with the timestamp tag.
Definition at line 3248 of file router.c.
Referenced by extrainfo_dump_to_string_stats_helper().
| void log_addr_has_changed | ( | int | severity, |
| const tor_addr_t * | prev, | ||
| const tor_addr_t * | cur, | ||
| const char * | source | ||
| ) |
Note at log level severity that our best guess of address has changed from prev to cur.
Definition at line 2676 of file router.c.
Referenced by check_descriptor_ipaddress_changed().
|
static |
Log greeting message that points to new relay lifecycle document the first time this function has been called.
Definition at line 588 of file router.c.
Referenced by init_keys().
| void mark_my_descriptor_dirty | ( | const char * | reason | ) |
Call when the current descriptor is out of date.
Definition at line 2601 of file router.c.
Referenced by add_wildcarded_test_address(), check_descriptor_bandwidth_changed(), configure_nameservers(), ip_address_changed(), mark_my_descriptor_dirty_if_too_old(), mark_my_descriptor_if_omit_ipv6_changes(), options_act_relay_desc(), pt_configure_remaining_proxies(), retry_all_listeners(), rotate_onion_key(), router_orport_found_reachable(), and set_onion_key().
| void mark_my_descriptor_dirty_if_too_old | ( | time_t | now | ) |
Mark descriptor out of date if it's been "too long" since we last tried to upload one.
Definition at line 2562 of file router.c.
Referenced by check_descriptor_callback().
| void mark_my_descriptor_if_omit_ipv6_changes | ( | const char * | reason, |
| bool | omit_ipv6 | ||
| ) |
Mark our descriptor out of data iff the IPv6 omit status flag is flipped it changes from its previous value.
This is used when our IPv6 port is found reachable or not.
Definition at line 2540 of file router.c.
Referenced by reachability_warnings_callback(), and router_orport_found_reachable().
| void ntor_key_map_free_ | ( | di_digest256_map_t * | map | ) |
|
static |
Helper used to deallocate a di_digest256_map_t returned by construct_ntor_key_map.
Definition at line 348 of file router.c.
Referenced by ntor_key_map_free_().
| bool rotate_onion_key | ( | void | ) |
Replace the previous onion key with the current onion key, and generate a new previous onion key. Immediately after calling this function, the OR should:
Return true on success, else false on error.
| bool router_addr_is_my_published_addr | ( | const tor_addr_t * | addr | ) |
Return true if we are a server, and if addr is an address we are currently publishing (or trying to publish) in our descriptor. Return false otherwise.
Definition at line 1795 of file router.c.
Referenced by onionskin_answer().
| STATIC void router_announce_bridge_status_page | ( | void | ) |
Announce URL to bridge status page.
Definition at line 878 of file router.c.
Referenced by init_keys().
| int router_build_fresh_descriptor | ( | routerinfo_t ** | r, |
| extrainfo_t ** | e | ||
| ) |
Build a fresh routerinfo, signed server descriptor, and signed extrainfo document for this OR.
Set r to the generated routerinfo, e to the generated extrainfo document. Failure to generate an extra-info document is not an error and is indicated by setting e to NULL. Return 0 on success, and a negative value on temporary error. Caller is responsible for freeing generated documents on success.
Definition at line 2407 of file router.c.
Referenced by getinfo_helper_events(), and router_rebuild_descriptor().
| STATIC extrainfo_t * router_build_fresh_signed_extrainfo | ( | const routerinfo_t * | ri | ) |
Allocate and return a fresh, signed extrainfo for this OR, based on the routerinfo ri.
If ri is NULL, logs a BUG() warning and returns NULL. Caller is responsible for freeing the generated extrainfo.
Definition at line 2313 of file router.c.
Referenced by router_build_fresh_descriptor().
|
static |
Allocate and return a fresh, unsigned extrainfo for this OR, based on the routerinfo ri.
Uses options->Nickname to set the nickname, and options->BridgeRelay to set ei->cache_info.send_unencrypted.
If ri is NULL, logs a BUG() warning and returns NULL. Caller is responsible for freeing the generated extrainfo.
Definition at line 2241 of file router.c.
Referenced by router_build_fresh_signed_extrainfo().
| STATIC int router_build_fresh_unsigned_routerinfo | ( | routerinfo_t ** | ri_out | ) |
Allocate a fresh, unsigned routerinfo for this OR, without any of the fields that depend on the corresponding extrainfo.
On success, set ri_out to the new routerinfo, and return 0. Caller is responsible for freeing the generated routerinfo.
Returns a negative value and sets ri_out to NULL on temporary error.
Definition at line 2102 of file router.c.
Referenced by router_build_fresh_descriptor().
| bool router_can_extend_over_ipv6 | ( | const or_options_t * | options | ) |
Returns true if this router can extend over IPv6.
This check should only be performed by relay extend code.
Clients should check if relays can initiate and accept IPv6 extends using node_supports_initiating_ipv6_extends() and node_supports_accepting_ipv6_extends().
As with other extends, relays should assume the client has already performed the relevant checks for the next hop. (Otherwise, relays that have just added IPv6 ORPorts won't be able to self-test those ORPorts.)
Accepting relays don't need to perform any IPv6-specific checks before accepting a connection, because having an IPv6 ORPort implies support for the relevant protocol version.
Definition at line 1610 of file router.c.
Referenced by extend_info_pick_orport().
|
static |
Tor relays only have one IPv4 or/and one IPv6 address in the descriptor, which is derived from the Address torrc option, or guessed using various methods in relay_find_addr_to_publish().
Warn the operator if there is no ORPort associated with the given address in addr.
Warn the operator if there is no DirPort on the descriptor address.
This catches a few common config errors:
If a listener is listening on all IPv4 addresses, it is assumed that it is listening on the configured Address, and no messages are logged.
If an operators has specified NoAdvertise ORPorts in a NAT setting, no messages are logged, unless they have specified other advertised addresses.
The message tells operators to configure an ORPort and DirPort that match the Address (using NoListen if needed).
Definition at line 1959 of file router.c.
Referenced by router_build_fresh_unsigned_routerinfo().
|
static |
| int router_compare_to_my_exit_policy | ( | const tor_addr_t * | addr, |
| uint16_t | port | ||
| ) |
OR only: Check whether my exit policy says to allow connection to conn. Return 0 if we accept; non-0 if we reject.
Definition at line 1708 of file router.c.
Referenced by my_exit_policy_rejects(), and set_exitconn_info_from_resolve().
| int router_digest_is_me | ( | const char * | digest | ) |
Return true iff I'm a server and digest is equal to my server identity key digest.
Definition at line 1755 of file router.c.
Referenced by choose_good_exit_server_general(), connection_or_connect(), controller_get_routerdescs(), directory_get_from_all_authorities(), directory_post_to_dirservers(), get_signed_descriptor_by_fp(), node_is_me(), node_is_possible_guard(), router_digest_is_trusted_dir_type(), router_is_me(), router_pick_directory_server_impl(), and router_pick_trusteddirserver_impl().
|
static |
Dump the extrainfo descriptor body for ei, sign it, and add the body and signature to ei->cache_info. Note that the extrainfo body is determined by ei, and some additional config and statistics state: see extrainfo_dump_to_string() for details.
Return 0 on success, -1 on temporary error. If ei is NULL, logs a BUG() warning and returns -1. On error, ei->cache_info is not modified.
Definition at line 2280 of file router.c.
Referenced by router_build_fresh_signed_extrainfo().
| STATIC int router_dump_and_sign_routerinfo_descriptor_body | ( | routerinfo_t * | ri | ) |
Dump the descriptor body for ri, sign it, and add the body and signature to ri->cache_info. Note that the descriptor body is determined by ri, and some additional config and state: see router_dump_router_to_string() for details.
Return 0 on success, and a negative value on temporary error. If ri is NULL, logs a BUG() warning and returns a negative value. On error, ri->cache_info is not modified.
Definition at line 2373 of file router.c.
Referenced by router_build_fresh_descriptor().
| char * router_dump_exit_policy_to_string | ( | const routerinfo_t * | router, |
| int | include_ipv4, | ||
| int | include_ipv6 | ||
| ) |
OR only: Given router, produce a string with its exit policy. If include_ipv4 is true, include IPv4 entries. If include_ipv6 is true, include IPv6 entries.
Definition at line 3221 of file router.c.
Referenced by getinfo_helper_policies(), and router_dump_router_to_string().
| char * router_dump_router_to_string | ( | routerinfo_t * | router, |
| const crypto_pk_t * | ident_key, | ||
| const crypto_pk_t * | tap_key, | ||
| const curve25519_keypair_t * | ntor_keypair, | ||
| const ed25519_keypair_t * | signing_keypair | ||
| ) |
OR only: Given a routerinfo for this router, and an identity key to sign with, encode the routerinfo as a signed server descriptor and return a new string encoding the result, or NULL on failure.
In addition to the fields in router, this function calls onion_key_lifetime(), get_options(), and we_are_hibernating(), and uses the results to populate some fields in the descriptor.
Definition at line 2795 of file router.c.
Referenced by router_dump_and_sign_routerinfo_descriptor_body().
| int router_extrainfo_digest_is_me | ( | const char * | digest | ) |
Return true iff I'm a server and digest is equal to my identity digest.
Definition at line 1771 of file router.c.
Referenced by getinfo_helper_dir().
| void router_free_all | ( | void | ) |
| uint16_t router_get_active_listener_port_by_type_af | ( | int | listener_type, |
| sa_family_t | family | ||
| ) |
Return the port of the first active listener of type listener_type. Returns 0 if no port is found. XXX not a very good interface. it's not reliable when there are multiple listeners.
Definition at line 1498 of file router.c.
Referenced by get_first_listener_addrport_string(), routerconf_find_dir_port(), and routerconf_find_or_port().
| const char * router_get_descriptor_gen_reason | ( | void | ) |
Return a human-readable string describing what triggered us to generate our current descriptor, or NULL if we don't know.
Definition at line 1882 of file router.c.
Referenced by directory_send_command().
| const char * router_get_my_descriptor | ( | void | ) |
OR only: Return a signed server descriptor for this OR, rebuilding a fresh one if necessary. Return NULL on error.
Definition at line 1853 of file router.c.
Referenced by init_keys().
| extrainfo_t * router_get_my_extrainfo | ( | void | ) |
Return the extrainfo document for this OR, or NULL if we have none. Rebuilt it (and the server descriptor) if necessary.
Definition at line 1870 of file router.c.
Referenced by extrainfo_insert(), get_signed_descriptor_by_fp(), getinfo_helper_dir(), router_extrainfo_digest_is_me(), and router_upload_dir_desc_to_dirservers().
| const uint8_t * router_get_my_id_digest | ( | void | ) |
Return my identity digest.
Definition at line 1763 of file router.c.
Referenced by fill_relay_flags(), get_my_declared_family(), and server_onion_keys_new().
| const routerinfo_t * router_get_my_routerinfo | ( | void | ) |
Return a routerinfo for this OR, rebuilding a fresh one if necessary. Return NULL on error, or if called on an OP.
Definition at line 1817 of file router.c.
Referenced by bridgeauth_dump_bridge_status_to_file(), channel_tls_process_netinfo_cell(), check_descriptor_bandwidth_changed(), check_descriptor_ipaddress_changed(), check_for_reachability_bw_callback(), connection_or_send_netinfo(), controller_get_routerdescs(), dirclient_fetches_from_authorities(), dirserv_get_routerdesc_spool(), get_signed_descriptor_by_fp(), have_orport_for_family(), inform_testing_reachability(), log_heartbeat(), reachability_warnings_callback(), router_addr_is_my_published_addr(), router_choose_random_node(), router_compare_to_my_exit_policy(), router_do_reachability_checks(), router_get_my_descriptor(), router_my_exit_policy_is_reject_star(), router_orport_found_reachable(), router_pick_trusteddirserver_impl(), router_should_check_reachability(), router_upload_dir_desc_to_dirservers(), routerlist_insert(), routerlist_insert_old(), and routerlist_replace().
| const routerinfo_t * router_get_my_routerinfo_with_err | ( | int * | err | ) |
Return routerinfo of this OR. Rebuild it from scratch if needed. Set *err to 0 on success or to appropriate TOR_ROUTERINFO_ERROR_* value on failure.
Definition at line 1827 of file router.c.
Referenced by getinfo_helper_policies(), and router_get_my_routerinfo().
| crypto_pk_t * router_get_rsa_onion_pkey | ( | const char * | pkey, |
| size_t | pkey_len | ||
| ) |
| int router_has_bandwidth_to_be_dirserver | ( | const or_options_t * | options | ) |
Return true iff we have enough configured bandwidth to advertise or automatically provide directory services from cache directory information.
Definition at line 1275 of file router.c.
Referenced by dir_server_mode(), and router_should_be_dirserver().
| int router_initialize_tls_context | ( | void | ) |
Set up Tor's TLS contexts, based on our configuration and keys. Return 0 on success, and -1 on failure.
Definition at line 843 of file router.c.
Referenced by init_keys(), and rotate_x509_certificate_callback().
| int router_is_me | ( | const routerinfo_t * | router | ) |
A wrapper around router_digest_is_me().
Definition at line 1784 of file router.c.
Referenced by dirserv_add_descriptor(), dirserv_set_router_is_running(), dirserv_test_reachability(), and router_load_single_router().
| int router_my_exit_policy_is_reject_star | ( | void | ) |
Return true iff my exit policy is reject *:*. Return -1 if we don't have a descriptor
Definition at line 1743 of file router.c.
Referenced by check_dns_honesty_callback(), dirclient_fetches_from_authorities(), directory_caches_dir_info(), and dns_resolve_impl().
| void router_new_consensus_params | ( | const networkstatus_t * | ns | ) |
| bool router_rebuild_descriptor | ( | int | force | ) |
If force is true, or our descriptor is out-of-date, rebuild a fresh routerinfo, signed server descriptor, and extra-info document for this OR.
Return true on success, else false on temporary error.
Definition at line 2470 of file router.c.
Referenced by consider_publishable_server(), and router_get_my_extrainfo().
| void router_reset_warnings | ( | void | ) |
| void router_set_rsa_onion_pkey | ( | const crypto_pk_t * | pk, |
| char ** | onion_pkey_out, | ||
| size_t * | onion_pkey_len_out | ||
| ) |
|
static |
Front-end to decide_to_advertise_dir_impl(): return 0 if we don't want to advertise the fact that we support begindir requests, else return 1.
Definition at line 1394 of file router.c.
Referenced by router_dump_router_to_string().
| int router_should_advertise_dirport | ( | const or_options_t * | options, |
| uint16_t | dir_port | ||
| ) |
Return 0 if we don't want to advertise the fact that we have a DirPort open, else return the DirPort we want to advertise.
Definition at line 1384 of file router.c.
Referenced by router_dump_router_to_string().
|
static |
Helper: Return 1 if we have sufficient resources for serving directory requests, return 0 otherwise. If AccountingMax is set less than our advertised bandwidth, then don't serve requests. Likewise, if our advertised bandwidth is less than MIN_BW_TO_ADVERTISE_DIRSERVER, don't bother trying to serve requests.
Definition at line 1294 of file router.c.
Referenced by decide_to_advertise_dir_impl().
| STATIC void router_update_routerinfo_from_extrainfo | ( | routerinfo_t * | ri, |
| const extrainfo_t * | ei | ||
| ) |
Set the fields in ri that depend on ei.
If ei is NULL, logs a BUG() warning and zeroes the relevant fields.
Definition at line 2345 of file router.c.
Referenced by router_build_fresh_descriptor().
| void router_upload_dir_desc_to_dirservers | ( | int | force | ) |
OR only: If force is true, or we haven't uploaded this descriptor successfully yet, try to upload our signed descriptor to all the directory servers we know about.
Definition at line 1662 of file router.c.
Referenced by consider_publishable_server().
| STATIC int router_write_fingerprint | ( | int | hashed, |
| int | ed25519_identity | ||
| ) |
Compute fingerprint (or hashed fingerprint if hashed is 1) and write it to 'fingerprint' (or 'hashed-fingerprint'). Return 0 on success, or -1 if Tor should die,
Definition at line 902 of file router.c.
Referenced by init_keys().
| uint16_t routerconf_find_dir_port | ( | const or_options_t * | options, |
| uint16_t | dirport | ||
| ) |
Return the port that we should advertise as our DirPort; this is one of three possibilities: The one that is passed as dirport if the DirPort option is 0, or the one configured in the DirPort option, or the one we actually bound to if DirPort is "auto".
Definition at line 1623 of file router.c.
Referenced by dirserv_generate_networkstatus_vote_obj(), init_keys(), retry_all_listeners(), and router_build_fresh_unsigned_routerinfo().
| void routerconf_find_ipv6_or_ap | ( | const or_options_t * | options, |
| tor_addr_port_t * | ipv6_ap_out | ||
| ) |
As routerconf_find_or_port(), but returns the IPv6 address and port in ipv6_ap_out, which must not be NULL. Returns a null address and zero port, if no ORPort is found.
Definition at line 1538 of file router.c.
Referenced by init_keys().
| uint16_t routerconf_find_or_port | ( | const or_options_t * | options, |
| sa_family_t | family | ||
| ) |
Return the port that we should advertise as our ORPort in a given address family; this is either the one configured in the ORPort option, or the one we actually bound to if ORPort is "auto". Returns 0 if no port is found.
Definition at line 1518 of file router.c.
Referenced by decide_if_publishable_server(), decide_to_advertise_dir_impl(), dirserv_generate_networkstatus_vote_obj(), init_keys(), relay_find_addr_to_publish(), retry_all_listeners(), router_build_fresh_unsigned_routerinfo(), routerconf_find_ipv6_or_ap(), and routerconf_has_ipv6_orport().
| bool routerconf_has_ipv6_orport | ( | const or_options_t * | options | ) |
Returns true if this router has an advertised IPv6 ORPort.
Definition at line 1579 of file router.c.
Referenced by router_can_extend_over_ipv6().
| int routerinfo_err_is_transient | ( | int | err | ) |
Return true if we expect given error to be transient. Return false otherwise.
For simplicity, we consider all errors other than "not a server" transient - see discussion on https://bugs.torproject.org/tpo/core/tor/27034.
Definition at line 186 of file router.c.
Referenced by getinfo_helper_policies().
| const char * routerinfo_err_to_string | ( | int | err | ) |
Return a readonly string with human readable description of err.
Definition at line 157 of file router.c.
Referenced by getinfo_helper_policies().
| int server_identity_key_is_set | ( | void | ) |
Return true iff we are a server and the server identity key has been set.
Definition at line 437 of file router.c.
Referenced by accounting_set_wakeup_time(), log_master_signing_key_cert_expiration(), and pt_update_bridge_lines().
| void set_client_identity_key | ( | crypto_pk_t * | k | ) |
Set the current client identity key to k.
Definition at line 447 of file router.c.
Referenced by init_keys().
|
static |
Replace the current onion key with k. Does not affect lastonionkey; to update lastonionkey correctly, call rotate_onion_key().
Definition at line 200 of file router.c.
Referenced by init_keys().
| void set_server_identity_key | ( | crypto_pk_t * | k | ) |
Set the current server identity key to k.
Definition at line 376 of file router.c.
Referenced by init_keys().
| bool should_publish_family_list | ( | const networkstatus_t * | ns | ) |
Return true if the parameters in ns say that we should publish a legacy family list.
Use the latest networkstatus (or returns the default) if ns is NULL.
Definition at line 2529 of file router.c.
Referenced by warn_about_family_id_config().
|
static |
Return true iff we should include our TAP onion key in our router descriptor.
Definition at line 233 of file router.c.
Referenced by router_build_fresh_unsigned_routerinfo().
| int should_refuse_unknown_exits | ( | const or_options_t * | options | ) |
Return true iff the combination of options in options and parameters in the consensus mean that we don't want to allow exits from circuits we got from addresses not known to be servers.
Definition at line 1405 of file router.c.
Referenced by connection_exit_begin_conn(), dirclient_fetches_from_authorities(), and directory_caches_dir_info().
| void v3_authority_check_key_expiry | ( | void | ) |
If we're a v3 authority, check whether we have a certificate that's likely to expire soon. Warn if we do, but not too often.
Definition at line 756 of file router.c.
Referenced by check_authority_cert_callback().
|
static |
Key certificate to authenticate v3 directory material; only set for authorities.
Definition at line 127 of file router.c.
Referenced by get_my_v3_authority_cert(), init_v3_authority_keys(), router_free_all(), and v3_authority_check_key_expiry().
|
static |
Signing key used for v3 directory material; only set for authorities.
Definition at line 124 of file router.c.
Referenced by get_my_v3_authority_signing_key(), init_v3_authority_keys(), and router_free_all().
|
static |
Private client "identity key": used to sign bridges' and clients' outbound TLS certificates. Regenerated on startup and on IP address change.
Definition at line 122 of file router.c.
Referenced by assert_identity_keys_ok(), client_identity_key_is_set(), get_tlsclient_identity_key(), router_free_all(), and set_client_identity_key().
|
static |
Current private ntor secret key: used to perform the ntor handshake.
Definition at line 110 of file router.c.
Referenced by construct_ntor_key_map(), get_current_curve25519_keypair(), init_keys(), rotate_onion_key(), and router_free_all().
| STATIC time_t desc_clean_since = 0 |
Since when has our descriptor been "clean"? 0 if we need to regenerate it now.
Definition at line 1651 of file router.c.
Referenced by mark_my_descriptor_dirty(), mark_my_descriptor_dirty_if_too_old(), and router_rebuild_descriptor().
| STATIC const char* desc_dirty_reason = "Tor just started" |
Why did we mark the descriptor dirty?
Definition at line 1653 of file router.c.
Referenced by mark_my_descriptor_dirty(), and router_rebuild_descriptor().
|
static |
My extrainfo
Definition at line 1645 of file router.c.
Referenced by router_free_all(), router_get_my_extrainfo(), and router_rebuild_descriptor().
|
static |
Why did we most recently decide to regenerate our descriptor? Used to tell the authorities why we're sending it to them.
Definition at line 1648 of file router.c.
Referenced by router_get_descriptor_gen_reason(), and router_rebuild_descriptor().
|
static |
Boolean: do we need to regenerate the above?
Definition at line 1655 of file router.c.
Referenced by router_rebuild_descriptor(), and router_upload_dir_desc_to_dirservers().
|
static |
My routerinfo.
Definition at line 1643 of file router.c.
Referenced by router_compare_to_my_exit_policy(), router_free_all(), router_get_my_routerinfo_with_err(), and router_rebuild_descriptor().
|
static |
Private keys for this OR. There is also an SSL key managed by tortls.c.
Definition at line 102 of file router.c.
Referenced by dup_onion_keys(), expire_old_onion_keys(), rotate_onion_key(), router_free_all(), and set_onion_key().
|
static |
Previous private ntor secret key: used to perform the ntor handshake with clients that have an older version of our descriptor.
Definition at line 113 of file router.c.
Referenced by construct_ntor_key_map(), expire_old_onion_keys(), init_keys(), rotate_onion_key(), and router_free_all().
|
static |
Previous private onionskin decryption key: used to decode CREATE cells generated by clients that have an older version of our descriptor.
Definition at line 108 of file router.c.
Referenced by dup_onion_keys(), expire_old_onion_keys(), init_keys(), rotate_onion_key(), and router_free_all().
|
static |
For emergency V3 authority key migration: An extra certificate to authenticate legacy_signing_key with our obsolete identity key.
Definition at line 134 of file router.c.
Referenced by get_my_v3_legacy_cert(), init_v3_authority_keys(), and router_free_all().
|
static |
For emergency V3 authority key migration: An extra signing key that we use with our old (obsolete) identity key for a while.
Definition at line 131 of file router.c.
Referenced by get_my_v3_legacy_signing_key(), init_v3_authority_keys(), networkstatus_compute_consensus(), and router_free_all().
|
static |
Indicate if the IPv6 address should be omitted from the descriptor when publishing it. This can happen if the IPv4 is reachable but the auto-discovered IPv6 is not. We still publish the descriptor.
Only relays should look at this and only for their descriptor.
XXX: The real harder fix is to never put in the routerinfo_t a non reachable address and instead use the last resolved address cache to do reachability test or anything that has to do with what address tor thinks it has.
Definition at line 151 of file router.c.
Referenced by decide_if_publishable_server(), mark_my_descriptor_if_omit_ipv6_changes(), and router_dump_router_to_string().
|
static |
Current private onionskin decryption key: used to decode CREATE cells.
Definition at line 105 of file router.c.
Referenced by dup_onion_keys(), get_onion_key(), handle_control_add_onion(), rotate_onion_key(), router_free_all(), and set_onion_key().
|
static |
When was onionkey last changed?
Definition at line 103 of file router.c.
Referenced by get_onion_key_set_at(), init_keys(), and rotate_onion_key().
|
static |
If true, then we will publish our descriptor even if our own IPv4 ORPort seems to be unreachable.
Definition at line 1418 of file router.c.
Referenced by decide_if_publishable_server(), and router_new_consensus_params().
|
static |
If true, then we will publish our descriptor even if our own IPv6 ORPort seems to be unreachable.
Definition at line 1423 of file router.c.
Referenced by decide_if_publishable_server(), and router_new_consensus_params().
|
static |
Private server "identity key": used to sign directory info and TLS certificates. Never changes.
Definition at line 116 of file router.c.
Referenced by assert_identity_keys_ok(), router_digest_is_me(), router_free_all(), server_identity_key_is_set(), and set_server_identity_key().
|
static |
Digest of server_identitykey.
Definition at line 118 of file router.c.
Referenced by mark_my_descriptor_dirty_if_too_old(), router_digest_is_me(), router_get_my_id_digest(), and set_server_identity_key().
|
static |
A list of nicknames that we've warned about including in our family, for one reason or another.
Definition at line 1969 of file router.c.
Referenced by get_my_declared_family(), router_free_all(), and router_reset_warnings().
1.9.8