diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuituse.c | 6 | ||||
| -rw-r--r-- | src/or/control.c | 5 | ||||
| -rw-r--r-- | src/or/directory.c | 93 | ||||
| -rw-r--r-- | src/or/directory.h | 6 | ||||
| -rw-r--r-- | src/or/dirserv.c | 32 | ||||
| -rw-r--r-- | src/or/dirserv.h | 2 | ||||
| -rw-r--r-- | src/or/dnsserv.c | 4 | ||||
| -rw-r--r-- | src/or/fallback_dirs.inc | 516 | ||||
| -rw-r--r-- | src/or/networkstatus.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 15 | ||||
| -rw-r--r-- | src/or/router.c | 16 | ||||
| -rw-r--r-- | src/or/routerlist.c | 67 |
13 files changed, 401 insertions, 366 deletions
diff --git a/src/or/circuituse.c b/src/or/circuituse.c index f96a3b18f1..e43b24ca7d 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1675,7 +1675,11 @@ circuit_launch(uint8_t purpose, int flags) return circuit_launch_by_extend_info(purpose, NULL, flags); } -/* DOCDOC */ +/* Do we have enough descriptors to build paths? + * If need_exit is true, return 1 if we can build exit paths. + * (We need at least one Exit in the consensus to build exit paths.) + * If need_exit is false, return 1 if we can build internal paths. + */ static int have_enough_path_info(int need_exit) { diff --git a/src/or/control.c b/src/or/control.c index a2ae2e9f1d..e2ad8cc6dc 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2011,6 +2011,11 @@ getinfo_helper_dir(control_connection_t *control_conn, char *filename = get_datadir_fname("cached-consensus"); *answer = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL); tor_free(filename); + if (!*answer) { /* generate an error */ + *errmsg = "Could not open cached consensus. " + "Make sure FetchUselessDescriptors is set to 1."; + return -1; + } } } else if (!strcmp(question, "network-status")) { /* v1 */ routerlist_t *routerlist = router_get_routerlist(); diff --git a/src/or/directory.c b/src/or/directory.c index ab9f738e84..8dc018a662 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -630,7 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_assert(use_or_ap != NULL); tor_assert(use_dir_ap != NULL); - const int anonymized_connection = dirind_is_anon(indirection); + const or_options_t *options = get_options(); int have_or = 0, have_dir = 0; /* We expect status to have at least one reachable address if we're @@ -652,13 +652,16 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_addr_make_null(&use_dir_ap->addr, AF_UNSPEC); use_dir_ap->port = 0; - if (anonymized_connection) { - /* Use the primary (IPv4) OR address if we're making an indirect - * connection. */ - tor_addr_from_ipv4h(&use_or_ap->addr, status->addr); - use_or_ap->port = status->or_port; - have_or = 1; - } else { + /* ORPort connections */ + if (indirection == DIRIND_ANONYMOUS) { + if (status->addr) { + /* Since we're going to build a 3-hop circuit and ask the 2nd relay + * to extend to this address, always use the primary (IPv4) OR address */ + tor_addr_from_ipv4h(&use_or_ap->addr, status->addr); + use_or_ap->port = status->or_port; + have_or = 1; + } + } else if (indirection == DIRIND_ONEHOP) { /* We use an IPv6 address if we have one and we prefer it. * Use the preferred address and port if they are reachable, otherwise, * use the alternate address and port (if any). @@ -668,9 +671,16 @@ directory_choose_address_routerstatus(const routerstatus_t *status, use_or_ap); } - have_dir = fascist_firewall_choose_address_rs(status, - FIREWALL_DIR_CONNECTION, 0, - use_dir_ap); + /* DirPort connections + * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */ + if (indirection == DIRIND_DIRECT_CONN || + indirection == DIRIND_ANON_DIRPORT || + (indirection == DIRIND_ONEHOP + && !directory_must_use_begindir(options))) { + have_dir = fascist_firewall_choose_address_rs(status, + FIREWALL_DIR_CONNECTION, 0, + use_dir_ap); + } /* We rejected all addresses in the relay's status. This means we can't * connect to it. */ @@ -956,6 +966,16 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) update_certificate_downloads(time(NULL)); } +/* Should this tor instance only use begindir for all its directory requests? + */ +int +directory_must_use_begindir(const or_options_t *options) +{ + /* Clients, onion services, and bridges must use begindir, + * relays and authorities do not have to */ + return !public_server_mode(options); +} + /** Evaluate the situation and decide if we should use an encrypted * "begindir-style" connection for this directory request. * 1) If or_port is 0, or it's a direct conn and or_port is firewalled @@ -963,23 +983,48 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) * 2) If we prefer to avoid begindir conns, and we're not fetching or * publishing a bridge relay descriptor, no. * 3) Else yes. + * If returning 0, return in *reason why we can't use begindir. + * reason must not be NULL. */ static int directory_command_should_use_begindir(const or_options_t *options, const tor_addr_t *addr, int or_port, uint8_t router_purpose, - dir_indirection_t indirection) + dir_indirection_t indirection, + const char **reason) { (void) router_purpose; - if (!or_port) + tor_assert(reason); + *reason = NULL; + + /* Reasons why we can't possibly use begindir */ + if (!or_port) { + *reason = "directory with unknown ORPort"; return 0; /* We don't know an ORPort -- no chance. */ - if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT) + } + if (indirection == DIRIND_DIRECT_CONN || + indirection == DIRIND_ANON_DIRPORT) { + *reason = "DirPort connection"; return 0; - if (indirection == DIRIND_ONEHOP) + } + if (indirection == DIRIND_ONEHOP) { + /* We're firewalled and want a direct OR connection */ if (!fascist_firewall_allows_address_addr(addr, or_port, - FIREWALL_OR_CONNECTION, 0, 0) || - directory_fetches_from_authorities(options)) - return 0; /* We're firewalled or are acting like a relay -- also no. */ + FIREWALL_OR_CONNECTION, 0, 0)) { + *reason = "ORPort not reachable"; + return 0; + } + } + /* Reasons why we want to avoid using begindir */ + if (indirection == DIRIND_ONEHOP) { + if (!directory_must_use_begindir(options)) { + *reason = "in relay mode"; + return 0; + } + } + /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS + */ + *reason = "(using begindir)"; return 1; } @@ -1062,11 +1107,13 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, dir_connection_t *conn; const or_options_t *options = get_options(); int socket_error = 0; + const char *begindir_reason = NULL; /* Should the connection be to a relay's OR port (and inside that we will * send our directory request)? */ const int use_begindir = directory_command_should_use_begindir(options, &or_addr_port->addr, or_addr_port->port, - router_purpose, indirection); + router_purpose, indirection, + &begindir_reason); /* Will the connection go via a three-hop Tor circuit? Note that this * is separate from whether it will use_begindir. */ const int anonymized_connection = dirind_is_anon(indirection); @@ -1092,6 +1139,14 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, (void)is_sensitive_dir_purpose; #endif + /* use encrypted begindir connections for everything except relays + * this provides better protection for directory fetches */ + if (!use_begindir && directory_must_use_begindir(options)) { + log_warn(LD_BUG, "Client could not use begindir connection: %s", + begindir_reason ? begindir_reason : "(NULL)"); + return; + } + /* ensure that we don't make direct connections when a SOCKS server is * configured. */ if (!anonymized_connection && !use_begindir && !options->HTTPProxy && diff --git a/src/or/directory.h b/src/or/directory.h index 03c04c10c9..c4edbb5c0f 100644 --- a/src/or/directory.h +++ b/src/or/directory.h @@ -28,8 +28,8 @@ void directory_get_from_all_authorities(uint8_t dir_purpose, /** Enumeration of ways to connect to a directory server */ typedef enum { - /** Default: connect over a one-hop Tor circuit but fall back to direct - * connection */ + /** Default: connect over a one-hop Tor circuit. Relays fall back to direct + * DirPort connections, clients, onion services, and bridges do not */ DIRIND_ONEHOP=0, /** Connect over a multi-hop anonymizing Tor circuit */ DIRIND_ANONYMOUS=1, @@ -39,6 +39,8 @@ typedef enum { DIRIND_ANON_DIRPORT, } dir_indirection_t; +int directory_must_use_begindir(const or_options_t *options); + MOCK_DECL(void, directory_initiate_command_routerstatus, (const routerstatus_t *status, uint8_t dir_purpose, diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 846951c8ed..d38a024e14 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1427,13 +1427,13 @@ router_counts_toward_thresholds(const node_t *node, time_t now, * * Also, set the is_exit flag of each router appropriately. */ static void -dirserv_compute_performance_thresholds(const smartlist_t *routers, - digestmap_t *omit_as_sybil) +dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) { int n_active, n_active_nonexit, n_familiar; uint32_t *uptimes, *bandwidths_kb, *bandwidths_excluding_exits_kb; long *tks; double *mtbfs, *wfus; + smartlist_t *nodelist; time_t now = time(NULL); const or_options_t *options = get_options(); @@ -1451,27 +1451,28 @@ dirserv_compute_performance_thresholds(const smartlist_t *routers, guard_tk = 0; guard_wfu = 0; + nodelist_assert_ok(); + nodelist = nodelist_get_list(); + /* Initialize arrays that will hold values for each router. We'll * sort them and use that to compute thresholds. */ n_active = n_active_nonexit = 0; /* Uptime for every active router. */ - uptimes = tor_calloc(smartlist_len(routers), sizeof(uint32_t)); + uptimes = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t)); /* Bandwidth for every active router. */ - bandwidths_kb = tor_calloc(smartlist_len(routers), sizeof(uint32_t)); + bandwidths_kb = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t)); /* Bandwidth for every active non-exit router. */ bandwidths_excluding_exits_kb = - tor_calloc(smartlist_len(routers), sizeof(uint32_t)); + tor_calloc(smartlist_len(nodelist), sizeof(uint32_t)); /* Weighted mean time between failure for each active router. */ - mtbfs = tor_calloc(smartlist_len(routers), sizeof(double)); + mtbfs = tor_calloc(smartlist_len(nodelist), sizeof(double)); /* Time-known for each active router. */ - tks = tor_calloc(smartlist_len(routers), sizeof(long)); + tks = tor_calloc(smartlist_len(nodelist), sizeof(long)); /* Weighted fractional uptime for each active router. */ - wfus = tor_calloc(smartlist_len(routers), sizeof(double)); - - nodelist_assert_ok(); + wfus = tor_calloc(smartlist_len(nodelist), sizeof(double)); /* Now, fill in the arrays. */ - SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) { + SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) { if (options->BridgeAuthoritativeDir && node->ri && node->ri->purpose != ROUTER_PURPOSE_BRIDGE) @@ -1547,7 +1548,7 @@ dirserv_compute_performance_thresholds(const smartlist_t *routers, * fill wfus with the wfu of every such "familiar" router. */ n_familiar = 0; - SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) { + SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) { if (router_counts_toward_thresholds(node, now, omit_as_sybil, require_mbw)) { routerinfo_t *ri = node->ri; @@ -1601,11 +1602,10 @@ dirserv_compute_performance_thresholds(const smartlist_t *routers, * networkstatus_getinfo_by_purpose(). */ void -dirserv_compute_bridge_flag_thresholds(const smartlist_t *routers) +dirserv_compute_bridge_flag_thresholds(void) { - digestmap_t *omit_as_sybil = digestmap_new(); - dirserv_compute_performance_thresholds(routers, omit_as_sybil); + dirserv_compute_performance_thresholds(omit_as_sybil); digestmap_free(omit_as_sybil, NULL); } @@ -2876,7 +2876,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, * this must come before dirserv_compute_performance_thresholds() */ dirserv_count_measured_bws(routers); - dirserv_compute_performance_thresholds(routers, omit_as_sybil); + dirserv_compute_performance_thresholds(omit_as_sybil); routerstatuses = smartlist_new(); microdescriptors = smartlist_new(); diff --git a/src/or/dirserv.h b/src/or/dirserv.h index 3e735db071..9a9725ad6f 100644 --- a/src/or/dirserv.h +++ b/src/or/dirserv.h @@ -50,7 +50,7 @@ int list_server_status_v1(smartlist_t *routers, char **router_status_out, int dirserv_dump_directory_to_string(char **dir_out, crypto_pk_t *private_key); char *dirserv_get_flag_thresholds_line(void); -void dirserv_compute_bridge_flag_thresholds(const smartlist_t *routers); +void dirserv_compute_bridge_flag_thresholds(void); int directory_fetches_from_authorities(const or_options_t *options); int directory_fetches_dir_info_early(const or_options_t *options); diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c index 8ddb414fe5..74f17ce78c 100644 --- a/src/or/dnsserv.c +++ b/src/or/dnsserv.c @@ -88,8 +88,6 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) for (i = 0; i < req->nquestions; ++i) { if (req->questions[i]->dns_question_class != EVDNS_CLASS_INET) continue; - if (! q) - q = req->questions[i]; switch (req->questions[i]->type) { case EVDNS_TYPE_A: case EVDNS_TYPE_AAAA: @@ -97,7 +95,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) /* We always pick the first one of these questions, if there is one. */ if (! supported_q) - supported_q = q; + supported_q = req->questions[i]; break; default: break; diff --git a/src/or/fallback_dirs.inc b/src/or/fallback_dirs.inc index 45610fa605..8e82a3fb2f 100644 --- a/src/or/fallback_dirs.inc +++ b/src/or/fallback_dirs.inc @@ -1,298 +1,242 @@ -/* Trial fallbacks for 0.2.8.2-alpha with ADDRESS_AND_PORT_STABLE_DAYS = 7 - * This works around an issue where relays post a descriptor without a DirPort - * when restarted. The flag CUTOFFs ensure sufficient relay stability. -- teor - */ -/* Whitelist & blacklist excluded 1380 of 1412 candidates. */ +/* Whitelist & blacklist excluded 1273 of 1553 candidates. */ +/* Checked IPv4 DirPorts served a consensus within 15.0s. */ /* -Fallback Directory Summary -Final Count: 32 (Eligible 32, Usable 32, Target 335 (1679 * 0.200000), Clamped to 500) -*/ -/* Ignore low fallback numbers in alpha builds -- teor -#error Fallback Count 32 is too low. Must be at least 50 for diversity. Try adding entries to the whitelist, or setting INCLUDE_UNLISTED_ENTRIES = True. -*/ -/* -Final Weight: 704514 (Eligible 712270) -Max Weight: 56981 (8.088%) (Clamped to 10.000%) -Min Weight: 4450 (0.632%) (Clamped to 0.100%) -Clamped: 7755 (1.101%) Excess Weight, 3 High Weight Fallbacks (9.4%) +Final Count: 100 (Eligible 280, Target 356 (1781 * 0.20), Max 100) +Excluded: 180 (Same Operator 102, Failed/Skipped Download 40, Excess 38) +Bandwidth Range: 6.0 - 67.2 MB/s */ /* -Onionoo Source: details Date: 2016-02-27 07:00:00 Version: 3.1 -URL: https://onionoo.torproject.org/details?fields=fingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags&flag=V2Dir&type=relay&last_seen_days=-7&first_seen_days=7- +Onionoo Source: details Date: 2016-04-18 01:00:00 Version: 3.1 +URL: https:onionoo.torproject.orgdetails?fields=fingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family&flag=V2Dir&type=relay&last_seen_days=-7&first_seen_days=7- */ /* -Onionoo Source: uptime Date: 2016-02-27 07:00:00 Version: 3.1 -URL: https://onionoo.torproject.org/uptime?first_seen_days=7-&flag=V2Dir&type=relay&last_seen_days=-7 -*/ -/* -kitten1 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 56981 / 704514 (8.088%) -Consensus Weight: 61100 / 712270 (8.578%) -0xEFB74277ECE4E222 Aeris <aeris+tor AT imirhil DOT fr> - 1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd -*/ -"62.210.124.124:9030 orport=9001 id=86E78DD3720C78DA8673182EF96C54B162CD660C" -" ipv6=[2001:bc8:3f23:100::1]:9001" -" weight=56981", -/* -fluxe4 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 56981 / 704514 (8.088%) -Consensus Weight: 59800 / 712270 (8.396%) -Sebastian <tor@sebastianhahn.net> - 12NbRAjAG5U3LLWETSF7fSTcdaz32Mu5CN -*/ -"131.188.40.188:443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8" -" weight=56981", -/* -kitten2 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 56981 / 704514 (8.088%) -Consensus Weight: 57800 / 712270 (8.115%) -0xEFB74277ECE4E222 Aeris <aeris+tor AT imirhil DOT fr> - 1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd +Onionoo Source: uptime Date: 2016-04-18 01:00:00 Version: 3.1 +URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay&last_seen_days=-7 */ +"193.171.202.146:9030 orport=9001 id=01A9258A46E97FF8B2CAC7910577862C14F2C524" +" weight=10", +"5.9.110.236:9030 orport=9001 id=0756B7CD4DFC8182BE23143FAC0642F515182CEB" +" ipv6=[2a01:4f8:162:51e2::2]:9001" +" weight=10", +"37.187.1.149:9030 orport=9001 id=08DC0F3C6E3D9C527C1FC8745D35DD1B0DE1875D" +" ipv6=[2001:41d0:a:195::1]:9001" +" weight=10", +"5.39.92.199:80 orport=443 id=0BEA4A88D069753218EAAAD6D22EA87B9A1319D6" +" weight=10", +"5.196.88.122:9030 orport=9001 id=0C2C599AFCB26F5CFC2C7592435924C1D63D9484" +" weight=10", +"178.62.197.82:80 orport=443 id=0D3EBA17E1C78F1E9900BABDB23861D46FCAF163" +" weight=10", +"144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB" +" ipv6=[2a01:4f8:190:9490::dead]:443" +" weight=10", +"178.32.216.146:9030 orport=9001 id=17898F9A2EBC7D69DAF87C00A1BD2FABF3C9E1D2" +" weight=10", +"46.101.151.222:80 orport=443 id=1DBAED235E3957DE1ABD25B4206BE71406FB61F8" +" weight=10", +"91.219.237.229:80 orport=443 id=1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7" +" weight=10", +"212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68" +" weight=10", +"185.61.138.18:8080 orport=4443 id=2541759BEC04D37811C2209A88E863320271EC9C" +" weight=10", +"51.254.215.121:80 orport=443 id=262B66AD25C79588AD1FC8ED0E966395B47E5C1D" +" weight=10", +"194.150.168.79:11112 orport=11111 id=29F1020B94BE25E6BE1AD13E93CE19D2131B487C" +" weight=10", +"144.76.26.175:9012 orport=9011 id=2BA2C8E96B2590E1072AECE2BDB5C48921BF8510" +" weight=10", "62.210.124.124:9130 orport=9101 id=2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E" " ipv6=[2001:bc8:3f23:100::1]:9101" -" weight=56981", -/* -fluxe3 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 54800 / 704514 (7.778%) -Sebastian <tor@sebastianhahn.net> - 12NbRAjAG5U3LLWETSF7fSTcdaz32Mu5CN -*/ -"78.47.18.110:443 orport=80 id=F8D27B163B9247B232A2EEE68DD8B698695C28DE" -" weight=54800", -/* -tornoderdednl -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 50500 / 704514 (7.168%) -0x4871E82F Thom Wiggers <thom @AT@ RDED POINT NL> BTC 1DLyDFV13zhCWJYHMh5bk5C58yYvpxqxfQ -*/ +" weight=10", +"213.61.66.118:9031 orport=9001 id=30648BC64CEDB3020F4A405E4AB2A6347FB8FA22" +" weight=10", +"212.83.154.33:8080 orport=8443 id=322C6E3A973BC10FC36DE3037AD27BC89F14723B" +" weight=10", +"109.105.109.162:52860 orport=60784 id=32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F" +" ipv6=[2001:948:7:2::163]:5001" +" weight=10", +"146.0.32.144:9030 orport=9001 id=35E8B344F661F4F2E68B17648F35798B44672D7E" +" weight=10", +"217.79.190.25:9030 orport=9090 id=361D33C96D0F161275EE67E2C91EE10B276E778B" +" weight=10", +"62.210.92.11:9130 orport=9101 id=387B065A38E4DAA16D9D41C2964ECBC4B31D30FF" +" ipv6=[2001:bc8:338c::1]:9101" +" weight=10", +"198.50.191.95:80 orport=443 id=39F096961ED2576975C866D450373A9913AFDC92" +" weight=10", +"164.132.77.175:9030 orport=9001 id=3B33F6FCA645AD4E91428A3AF7DC736AD9FB727B" +" weight=10", +"176.10.107.180:9030 orport=9001 id=3D7E274A87D9A89AF064C13D1EE4CA1F184F2600" +" weight=10", +"37.187.102.186:9030 orport=9001 id=489D94333DF66D57FFE34D9D59CC2D97E2CB0053" +" ipv6=[2001:41d0:a:26ba::1]:9001" +" weight=10", +"188.165.194.195:9030 orport=9001 id=49E7AD01BB96F6FE3AB8C3B15BD2470B150354DF" +" weight=10", +"108.53.208.157:80 orport=443 id=4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2" +" weight=10", +"212.51.134.123:9030 orport=9001 id=50586E25BE067FD1F739998550EDDCB1A14CA5B2" +" ipv6=[2a02:168:6e00:0:3a60:77ff:fe9c:8bd1]:9001" +" weight=10", +"5.175.233.86:80 orport=443 id=5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33" +" weight=10", +"94.23.204.175:9030 orport=9001 id=5665A3904C89E22E971305EE8C1997BCA4123C69" +" weight=10", +"109.163.234.9:80 orport=443 id=5714542DCBEE1DD9864824723638FD44B2122CEA" +" weight=10", +"185.21.100.50:9030 orport=9001 id=58ED9C9C35E433EE58764D62892B4FFD518A3CD0" +" ipv6=[2a00:1158:2:cd00:0:74:6f:72]:443" +" weight=10", +"78.142.142.246:80 orport=443 id=5A5E03355C1908EBF424CAF1F3ED70782C0D2F74" +" weight=10", +"185.100.85.138:80 orport=46356 id=5C4DF16A0029CC4F67D3E127356E68F219269859" +" weight=10", +"178.16.208.62:80 orport=443 id=5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B" +" ipv6=[2a00:1c20:4089:1234:a6a4:2926:d0af:dfee]:443" +" weight=10", +"95.128.43.164:80 orport=443 id=616081EC829593AF4232550DE6FFAA1D75B37A90" +" ipv6=[2a02:ec0:209:10::4]:443" +" weight=10", +"89.187.142.208:80 orport=443 id=64186650FFE4469EBBE52B644AE543864D32F43C" +" weight=10", +"144.76.73.140:9030 orport=9001 id=6A640018EABF3DA9BAD9321AA37C2C87BBE1F907" +" weight=10", +"94.126.23.174:9030 orport=9001 id=6FC6F08270D565BE89B7C819DD8E2D487397C073" +" weight=10", +"176.31.191.26:9030 orport=9001 id=7350AB9ED7568F22745198359373C04AC783C37C" +" weight=10", +"46.101.237.246:9030 orport=9001 id=75F1992FD3F403E9C082A5815EB5D12934CDF46C" +" ipv6=[2a03:b0c0:3:d0::208:5001]:9050" +" weight=10", +"185.11.180.67:80 orport=9001 id=794D8EA8343A4E820320265D05D4FA83AB6D1778" +" weight=10", +"62.210.129.246:80 orport=443 id=79E169B25E4C7CE99584F6ED06F379478F23E2B8" +" weight=10", +"82.223.21.74:9030 orport=9001 id=7A32C9519D80CA458FC8B034A28F5F6815649A98" +" ipv6=[2001:470:53e0::cafe]:9050" +" weight=10", +"192.160.102.164:80 orport=9001 id=823AA81E277F366505545522CEDC2F529CE4DC3F" +" weight=10", +"192.87.28.82:9030 orport=9001 id=844AE9CAD04325E955E2BE1521563B79FE7094B7" +" weight=10", +"84.219.173.60:9030 orport=443 id=855BC2DABE24C861CD887DB9B2E950424B49FC34" +" weight=10", +"163.172.138.22:80 orport=443 id=8664DC892540F3C789DB37008236C096C871734D" +" weight=10", +"185.96.88.29:80 orport=443 id=86C281AD135058238D7A337D546C902BE8505DDE" +" weight=10", +"93.180.156.84:9030 orport=9001 id=8844D87E9B038BE3270938F05AF797E1D3C74C0F" +" weight=10", +"178.217.184.32:9030 orport=443 id=8B7F47AE1A5D954A3E58ACDE0865D09DBA5B738D" +" weight=10", +"151.80.42.103:9030 orport=9001 id=9007C1D8E4F03D506A4A011B907A9E8D04E3C605" +" ipv6=[2001:41d0:e:f67::114]:9001" +" weight=10", +"5.79.68.161:81 orport=443 id=9030DCF419F6E2FBF84F63CBACBA0097B06F557E" +" ipv6=[2001:1af8:4700:a012:1::1]:443" +" weight=10", +"51.255.41.65:9030 orport=9001 id=9231DF741915AA1630031A93026D88726877E93A" +" weight=10", +"91.219.237.244:80 orport=443 id=92ECC9E0E2AF81BB954719B189AC362E254AD4A5" +" weight=10", +"46.101.102.71:80 orport=443 id=9504CB22EEB25D344DE63CB7A6F2C46F895C3686" +" ipv6=[2a03:b0c0:3:d0::2ed:7001]:9050" +" weight=10", +"85.214.206.219:9030 orport=9001 id=98F8D5F359949E41DE8DF3DBB1975A86E96A84A0" +" weight=10", +"81.7.10.93:31336 orport=31337 id=99E246DB480B313A3012BC3363093CC26CD209C7" +" weight=10", +"46.28.110.244:80 orport=443 id=9F7D6E6420183C2B76D3CE99624EBC98A21A967E" +" weight=10", +"46.165.230.5:80 orport=443 id=A0F06C2FADF88D3A39AA3072B406F09D7095AC9E" +" weight=10", +"171.25.193.77:80 orport=443 id=A10C4F666D27364036B562823E5830BC448E046A" +" ipv6=[2001:67c:289c:3::77]:443" +" weight=10", +"176.9.5.116:9030 orport=9001 id=A1EB8D8F1EE28DB98BBB1EAA3B4BEDD303BAB911" +" weight=10", +"192.34.63.137:9030 orport=443 id=ABCB4965F1FEE193602B50A365425105C889D3F8" +" weight=10", +"195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C" +" ipv6=[2001:bc8:399f:f000::1]:993" +" weight=10", +"86.59.119.88:80 orport=443 id=ACD889D86E02EDDAB1AFD81F598C0936238DC6D0" +" weight=10", +"163.172.131.88:80 orport=443 id=AD253B49E303C6AB1E048B014392AC569E8A7DAE" +" ipv6=[2001:bc8:4400:2100::2:1009]:443" +" weight=10", +"178.254.44.135:80 orport=443 id=AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2" +" weight=10", +"37.187.7.74:80 orport=443 id=AEA43CB1E47BE5F8051711B2BF01683DB1568E05" +" ipv6=[2001:41d0:a:74a::1]:443" +" weight=10", +"212.129.62.232:80 orport=443 id=B143D439B72D239A419F8DCE07B8A8EB1B486FA7" +" weight=10", +"185.66.250.141:9030 orport=9001 id=B1726B94885CE3AC3910CA8B60622B97B98E2529" +" weight=10", +"193.11.114.46:9032 orport=9003 id=B83DC1558F0D34353BB992EF93AFEAFDB226A73E" +" weight=10", +"178.62.36.64:9030 orport=9001 id=B87C84E38DAECFFFFDE98E5AEE5786AFDC748F2C" +" weight=10", +"197.231.221.211:9030 orport=9001 id=BC630CBBB518BE7E9F4E09712AB0269E9DC7D626" +" weight=10", +"198.96.155.3:8080 orport=5001 id=BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E" +" weight=10", +"148.251.190.229:9030 orport=9010 id=BF0FB582E37F738CD33C3651125F2772705BB8E8" +" ipv6=[2a01:4f8:211:c68::2]:9010" +" weight=10", +"188.138.112.60:1433 orport=1521 id=C414F28FD2BEC1553024299B31D4E726BEB8E788" +" weight=10", +"195.154.79.128:80 orport=443 id=C697612CA5AED06B8D829FCC6065B9287212CB2F" +" weight=10", +"37.59.46.159:9030 orport=9001 id=CBD0D1BD110EC52963082D839AC6A89D0AE243E7" +" weight=10", +"91.121.54.8:9030 orport=9001 id=CBEE0F3303C8C50462A12107CA2AE061831931BC" +" weight=10", "178.62.199.226:80 orport=443 id=CBEFF7BA4A4062045133C053F2D70524D8BBE5BE" " ipv6=[2a03:b0c0:2:d0::b7:5001]:443" -" weight=50500", -/* -pixelminer -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 44800 / 704514 (6.359%) -Christian Sturm <reezer AT pixelminers dot net> - 1Q3PQJTELv33S1nruGcTUMQ7CuWxXmnjkZ -*/ -"81.7.14.246:80 orport=443 id=CE75BF0972ADD52AF8807602374E495C815DB304" -" ipv6=[2a02:180:a:51::dead]:443" -" weight=44800", -/* -bakunin -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 41800 / 704514 (5.933%) -GTor <contact _AT_ gtor _DOT_ org> -*/ -"178.16.208.57:80 orport=443 id=92CFD9565B24646CAC2D172D3DB503D69E777B8A" -" ipv6=[2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f]:443" -" weight=41800", -/* -kili -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 23800 / 704514 (3.378%) -0x49CBC553 Joost Rijneveld <joost AT joostrijneveld dot nl> -*/ +" weight=10", +"81.7.17.171:80 orport=443 id=CFECDDCA990E3EF7B7EC958B22441386B6B8D820" +" ipv6=[2a02:180:1:1::517:11ab]:443" +" weight=10", +"134.119.3.164:9030 orport=9001 id=D1B8AAA98C65F3DF7D8BB3AF881CAEB84A33D8EE" +" weight=10", +"185.13.38.75:9030 orport=9001 id=D2A1703758A0FBBA026988B92C2F88BAB59F9361" +" weight=10", +"37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A" +" weight=10", +"185.14.185.240:9030 orport=443 id=D62FB817B0288085FAC38A6DC8B36DCD85B70260" +" weight=10", +"37.221.162.226:9030 orport=9001 id=D64366987CB39F61AD21DBCF8142FA0577B92811" +" weight=10", +"193.35.52.53:9030 orport=9001 id=DAA39FC00B196B353C2A271459C305C429AF09E4" +" weight=10", "178.62.173.203:9030 orport=9001 id=DD85503F2D1F52EF9EAD621E942298F46CD2FC10" " ipv6=[2a03:b0c0:0:1010::a4:b001]:9001" -" weight=23800", -/* -PedicaboMundi -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 23000 / 704514 (3.265%) -0x43DE8191 - 12LiRiasTEL346ZFjgCh5e3nBexQuvDBTg -*/ -"144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB" -" ipv6=[2a01:4f8:190:9490::dead]:443" -" weight=23000", -/* -Doedel26 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 22600 / 704514 (3.208%) -Felix <zwiebel ta quantentunnel tod de> -*/ -"178.254.20.134:80 orport=443 id=9F5068310818ED7C70B0BC4087AB55CB12CB4377" -" weight=22600", -/* -Doedel24 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 20800 / 704514 (2.952%) -Felix <zwiebel ta quantentunnel tod de> -*/ -"178.254.20.134:9030 orport=9001 id=2CE96A8A1DA032664C90F574AFFBECE18A6E8DFC" -" weight=20800", -/* -Freebird31 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 20500 / 704514 (2.910%) -Felix <zwiebel ta quantentunnel tod de> -*/ -"178.254.13.126:80 orport=443 id=F9246DEF2B653807236DA134F2AEAB103D58ABFE" -" weight=20500", -/* -rueckgrat -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 19200 / 704514 (2.725%) -Paul Staroch <paulchen AT rueckgr DOT at> - BTC 1G8pF66fnHc4n4oksY87pCN4TRXAV2Nqhh -*/ -"5.9.110.236:9030 orport=9001 id=0756B7CD4DFC8182BE23143FAC0642F515182CEB" -" ipv6=[2a01:4f8:162:51e2::2]:9001" -" weight=19200", -/* -coby -Flags: Fast Guard Running Stable V2Dir Valid -Fallback Weight: 16700 / 704514 (2.370%) -c0by <coby AT 127001 dot ovh> -*/ -"51.255.33.237:9091 orport=9001 id=A360C21FA87FFA2046D92C17086A6B47E5C68109" -" weight=16700", -/* -Logforme -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 16000 / 704514 (2.271%) -Logforme <m7527 AT abc dot se> -*/ -"84.219.173.60:9030 orport=443 id=855BC2DABE24C861CD887DB9B2E950424B49FC34" -" weight=16000", -/* -12xBTME1 -Flags: Exit Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 15300 / 704514 (2.172%) -12xBTM@gmail.com - 12xBTMNArLvKXqvbsbyVhpPQfzUDuUaPGP -*/ -"81.7.17.171:80 orport=443 id=00C4B4731658D3B4987132A3F77100CFCB190D97" -" ipv6=[2a02:180:1:1::517:11ab]:443" -" weight=15300", -/* -Doedel21 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 14800 / 704514 (2.101%) -Felix <zwiebel ta quantentunnel tod de> -*/ -"178.254.44.135:80 orport=443 id=AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2" -" weight=14800", -/* -Binnacle -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 13700 / 704514 (1.945%) -starlight dot YYYYqQ at binnacle dot cx -*/ -"108.53.208.157:80 orport=443 id=4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2" -" weight=13700", -/* -Freebird32 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 13200 / 704514 (1.874%) -Felix <zwiebel ta quantentunnel tod de> -*/ -"178.254.13.126:9030 orport=9001 id=0C475BA4D3AA3C289B716F95954CAD616E50C4E5" -" weight=13200", -/* -eriador -Flags: Fast Guard Running Stable V2Dir Valid -Fallback Weight: 12400 / 704514 (1.760%) -hwertiout695@safe-mail.net -*/ -"85.25.138.93:9030 orport=4029 id=6DE61A6F72C1E5418A66BFED80DFB63E4C77668F" -" weight=12400", -/* -Nurnberg04 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 11600 / 704514 (1.647%) -Please Donate <tor AT use.startmail dot com> - 1GuD8FxCnTqYGeRbx4MceYPhMLNTKDTsTT -*/ -"88.198.38.226:22 orport=443 id=4B9E2C56FB42B891794FE2CD2FCAD08A320CC3BB" -" ipv6=[2a01:4f8:a0:1351::2]:80" -" weight=11600", -/* -Nurnberg03 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 11000 / 704514 (1.561%) -Please Donate <tor AT use.startmail dot com> - 1GuD8FxCnTqYGeRbx4MceYPhMLNTKDTsTT -*/ -"85.10.201.38:22 orport=443 id=F6279A203C1950ACF592322A235647A05BFBCF91" -" ipv6=[2a01:4f8:a0:43cc::2]:80" -" weight=11000", -/* -Doedel22 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 10600 / 704514 (1.505%) -Felix <zwiebel ta quantentunnel tod de> -*/ -"178.254.44.135:9030 orport=9001 id=8FA37B93397015B2BC5A525C908485260BE9F422" -" weight=10600", -/* -Nurnberg01 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 10500 / 704514 (1.490%) -Please Donate <tor AT use.startmail dot com> - 1GuD8FxCnTqYGeRbx4MceYPhMLNTKDTsTT -*/ -"213.239.210.204:22 orport=443 id=5BFDECCE9B4A23AE14EC767C5A2C1E10558B00B9" -" ipv6=[2a01:4f8:a0:9474::2]:80" -" weight=10500", -/* -kitten4 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 10400 / 704514 (1.476%) -0xEFB74277ECE4E222 Aeris <aeris+tor AT imirhil DOT fr> - 1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd -*/ -"212.47.237.95:9130 orport=9101 id=6FB38EB22E57EF7ED5EF00238F6A48E553735D88" -" weight=10400", -/* -Unnamed -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 9780 / 704514 (1.388%) -monitor0penmailbox0rg -*/ -"217.12.210.214:80 orport=443 id=943C0C6841C1E914B9FCA796C6846620A5AF9BC7" -" weight=9780", -/* -Nurnberg02 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 9490 / 704514 (1.347%) -Please Donate <tor AT use.startmail dot com> - 1GuD8FxCnTqYGeRbx4MceYPhMLNTKDTsTT -*/ -"213.239.220.25:22 orport=443 id=BEE2317AE127EB681C5AE1551C1EA0630580638A" -" ipv6=[2a01:4f8:a0:710c::2]:80" -" weight=9490", -/* -kitten3 -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 8640 / 704514 (1.226%) -0xEFB74277ECE4E222 Aeris <aeris+tor AT imirhil DOT fr> - 1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd -*/ -"212.47.237.95:9030 orport=9001 id=3F5D8A879C58961BB45A3D26AC41B543B40236D6" -" weight=8640", -/* -horizons -Flags: Fast Guard Running Stable V2Dir Valid -Fallback Weight: 7860 / 704514 (1.116%) -kbesig@socal.rr.com -*/ -"167.114.35.28:9030 orport=9001 id=E65D300F11E1DB12C534B0146BDAB6972F1A8A48" -" weight=7860", -/* -wagner -Flags: Fast Guard Running Stable V2Dir Valid -Fallback Weight: 7700 / 704514 (1.093%) -Rarely used email <trff914 AT gmail DOT com> -*/ -"5.175.233.86:80 orport=443 id=5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33" -" weight=7700", -/* -Unnamed -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 7650 / 704514 (1.086%) -monitor0penmailbox0rg -*/ -"217.12.199.208:80 orport=443 id=DF3AED4322B1824BF5539AE54B2D1B38E080FF05" -" weight=7650", -/* -ratchet -Flags: Fast Guard HSDir Running Stable V2Dir Valid -Fallback Weight: 4450 / 704514 (0.632%) -0x1EB4B68F Sam Lanning <sam AT samlanning dot com> -*/ -"170.130.1.7:9030 orport=9001 id=FA3415659444AE006E7E9E5375E82F29700CFDFD" -" weight=4450", +" weight=10", +"5.34.183.205:80 orport=443 id=DDD7871C1B7FA32CB55061E08869A236E61BDDF8" +" weight=10", +"195.191.233.221:80 orport=443 id=DE134FC8E5CC4EC8A5DE66934E70AC9D70267197" +" weight=10", +"46.252.26.2:45212 orport=49991 id=E589316576A399C511A9781A73DA4545640B479D" +" weight=10", +"176.31.180.157:143 orport=22 id=E781F4EC69671B3F1864AE2753E0890351506329" +" ipv6=[2001:41d0:8:eb9d::1]:22" +" weight=10", +"131.188.40.188:443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8" +" weight=10", +"91.219.236.222:80 orport=443 id=EC413181CEB1C8EDC17608BBB177CD5FD8535E99" +" weight=10", +"94.242.246.23:443 orport=9001 id=F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0" +" ipv6=[2a01:608:ffff:ff07::1:23]:9003" +" weight=10", +"46.101.143.173:80 orport=443 id=F960DF50F0FD4075AC9B505C1D4FFC8384C490FB" +" weight=10", +"195.154.8.111:80 orport=443 id=FCB6695F8F2DC240E974510A4B3A0F2B12AB5B64" +" weight=10", +"192.187.124.98:9030 orport=9001 id=FD1871854BFC06D7B02F10742073069F0528B5CC" +" weight=10", +"193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07" +" ipv6=[2001:6b0:7:125::243]:9001" +" weight=10", diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 3967f56edd..185708a0c1 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -2043,11 +2043,10 @@ networkstatus_dump_bridge_status_to_file(time_t now) char *fname = NULL; char *thresholds = NULL; char *published_thresholds_and_status = NULL; - routerlist_t *rl = router_get_routerlist(); char published[ISO_TIME_LEN+1]; format_iso_time(published, now); - dirserv_compute_bridge_flag_thresholds(rl->routers); + dirserv_compute_bridge_flag_thresholds(); thresholds = dirserv_get_flag_thresholds_line(); tor_asprintf(&published_thresholds_and_status, "published %s\nflag-thresholds %s\n%s", diff --git a/src/or/or.h b/src/or/or.h index 592f29502e..6694bb4ece 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2215,7 +2215,7 @@ typedef struct routerstatus_t { /** Digest of the router's most recent descriptor or microdescriptor. * If it's a descriptor, we only use the first DIGEST_LEN bytes. */ char descriptor_digest[DIGEST256_LEN]; - uint32_t addr; /**< IPv4 address for this router. */ + uint32_t addr; /**< IPv4 address for this router, in host order. */ uint16_t or_port; /**< OR port for this router. */ uint16_t dir_port; /**< Directory port for this router. */ tor_addr_t ipv6_addr; /**< IPv6 address for this router. */ diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 39e5831589..6f41f3b968 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1445,6 +1445,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit, int status = 0, result; const or_options_t *options = get_options(); char *err_msg = NULL; + int err_msg_severity = LOG_WARN; const char *stage_descr = NULL; int reason = END_CIRC_REASON_TORPROTOCOL; /* Service/circuit/key stuff we can learn before parsing */ @@ -1596,8 +1597,10 @@ rend_service_receive_introduction(origin_circuit_t *circuit, /* Find the rendezvous point */ rp = find_rp_for_intro(parsed_req, &err_msg); - if (!rp) + if (!rp) { + err_msg_severity = LOG_PROTOCOL_WARN; goto log_error; + } /* Check if we'd refuse to talk to this router */ if (options->StrictNodes && @@ -1735,7 +1738,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit, } } - log_warn(LD_REND, "%s on circ %u", err_msg, + log_fn(err_msg_severity, LD_REND, "%s on circ %u", err_msg, (unsigned)circuit->base_.n_circ_id); err: status = -1; @@ -1797,7 +1800,7 @@ find_rp_for_intro(const rend_intro_cell_t *intro, if (!rp) { if (err_msg_out) { tor_asprintf(&err_msg, - "Could build extend_info_t for router %s named " + "Couldn't build extend_info_t for router %s named " "in INTRODUCE2 cell", escaped_safe_str_client(rp_nickname)); } @@ -1833,8 +1836,10 @@ find_rp_for_intro(const rend_intro_cell_t *intro, goto done; err: - if (err_msg_out) *err_msg_out = err_msg; - else tor_free(err_msg); + if (err_msg_out) + *err_msg_out = err_msg; + else + tor_free(err_msg); done: return rp; diff --git a/src/or/router.c b/src/or/router.c index 57c0618bfb..d70756fdbf 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1606,8 +1606,10 @@ proxy_mode(const or_options_t *options) * and * - We have ORPort set * and - * - We believe both our ORPort and DirPort (if present) are reachable from + * - We believe our ORPort and DirPort (if present) are reachable from * the outside; or + * - We believe our ORPort is reachable from the outside, and we can't + * check our DirPort because the consensus has no exits; or * - We are an authoritative directory server. */ static int @@ -1625,9 +1627,15 @@ decide_if_publishable_server(void) return 1; if (!router_get_advertised_or_port(options)) return 0; - - return check_whether_orport_reachable(options) && - check_whether_dirport_reachable(options); + if (!check_whether_orport_reachable(options)) + return 0; + if (router_have_consensus_path() == CONSENSUS_PATH_INTERNAL) { + /* All set: there are no exits in the consensus (maybe this is a tiny + * test network), so we can't check our DirPort reachability. */ + return 1; + } else { + return check_whether_dirport_reachable(options); + } } /** Initiate server descriptor upload as reasonable (if server is publishable, diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e8f0..d40d704a1d 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -148,6 +148,22 @@ get_n_authorities(dirinfo_type_t type) return n; } +/** Initialise schedule, want_authority, and increment on in the download + * status dlstatus, then call download_status_reset() on it. + * It is safe to call this function or download_status_reset() multiple times + * on a new dlstatus. But it should *not* be called after a dlstatus has been + * used to count download attempts or failures. */ +static void +download_status_cert_init(download_status_t *dlstatus) +{ + dlstatus->schedule = DL_SCHED_CONSENSUS; + dlstatus->want_authority = DL_WANT_ANY_DIRSERVER; + dlstatus->increment_on = DL_SCHED_INCREMENT_FAILURE; + + /* Use the new schedule to set next_attempt_at */ + download_status_reset(dlstatus); +} + /** Reset the download status of a specified element in a dsmap */ static void download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest) @@ -168,6 +184,7 @@ download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest) /* Insert before we reset */ dlstatus = tor_malloc_zero(sizeof(*dlstatus)); dsmap_set(cl->dl_status_map, digest, dlstatus); + download_status_cert_init(dlstatus); } tor_assert(dlstatus); /* Go ahead and reset it */ @@ -206,7 +223,7 @@ download_status_is_ready_by_sk_in_cl(cert_list_t *cl, * too. */ dlstatus = tor_malloc_zero(sizeof(*dlstatus)); - download_status_reset(dlstatus); + download_status_cert_init(dlstatus); dsmap_set(cl->dl_status_map, digest, dlstatus); rv = 1; } @@ -225,7 +242,7 @@ get_cert_list(const char *id_digest) cl = digestmap_get(trusted_dir_certs, id_digest); if (!cl) { cl = tor_malloc_zero(sizeof(cert_list_t)); - cl->dl_status_by_id.schedule = DL_SCHED_CONSENSUS; + download_status_cert_init(&cl->dl_status_by_id); cl->certs = smartlist_new(); cl->dl_status_map = dsmap_new(); digestmap_set(trusted_dir_certs, id_digest, cl); @@ -896,7 +913,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now) if (smartlist_len(fps) > 1) { resource = smartlist_join_strings(fps, "", 0, NULL); - /* XXX - do we want certs from authorities or mirrors? - teor */ + /* We want certs from mirrors, because they will almost always succeed. + */ directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0, resource, PDS_RETRY_IF_NO_SERVERS, DL_WANT_ANY_DIRSERVER); @@ -942,7 +960,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now) if (smartlist_len(fp_pairs) > 1) { resource = smartlist_join_strings(fp_pairs, "", 0, NULL); - /* XXX - do we want certs from authorities or mirrors? - teor */ + /* We want certs from mirrors, because they will almost always succeed. + */ directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0, resource, PDS_RETRY_IF_NO_SERVERS, DL_WANT_ANY_DIRSERVER); @@ -1597,11 +1616,10 @@ router_picked_poor_directory_log(const routerstatus_t *rs) STMT_BEGIN \ if (result == NULL && try_ip_pref && options->ClientUseIPv4 \ && fascist_firewall_use_ipv6(options) && !server_mode(options) \ - && n_not_preferred && !n_busy) { \ + && !n_busy) { \ n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 0; \ - n_not_preferred = 0; \ goto retry_label; \ } \ STMT_END \ @@ -1620,7 +1638,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs) n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 1; \ - n_not_preferred = 0; \ goto retry_label; \ } \ STMT_END @@ -1673,7 +1690,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH); const int for_guard = (flags & PDS_FOR_GUARD); int try_excluding = 1, n_excluded = 0, n_busy = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!consensus) return NULL; @@ -1687,8 +1704,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) { @@ -1740,18 +1758,16 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ - if (!fascistfirewall || skip_or || - fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, - try_ip_pref)) + if (!fascistfirewall || skip_or_fw || + fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, + try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); - else if (skip_dir || - fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + else if (!must_have_or && (skip_dir_fw || + fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION, + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); - else if (!tor_addr_is_null(&status->ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@ -1839,7 +1855,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, smartlist_t *pick_from; int n_busy = 0; int try_excluding = 1, n_excluded = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!sourcelist) return NULL; @@ -1851,8 +1867,9 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) { @@ -1888,16 +1905,14 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ - if (!fascistfirewall || skip_or || + if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(&d->ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(d); |