/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file selftest.c
* \brief Relay self-testing
*
* Relays need to make sure that their own ports are reachable, and estimate
* their own bandwidth, before publishing.
*/
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/mainloop.h"
#include "core/mainloop/netstatus.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "core/or/crypt_path_st.h"
#include "core/or/extendinfo.h"
#include "core/or/extend_info_st.h"
#include "core/or/origin_circuit_st.h"
#include "core/or/relay.h"
#include "feature/control/control_events.h"
#include "feature/dirauth/authmode.h"
#include "feature/dirclient/dirclient.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/authority_cert_st.h"
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerlist.h" // but...
#include "feature/nodelist/routerset.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/relay_periodic.h"
#include "feature/relay/router.h"
#include "feature/relay/selftest.h"
static bool have_orport_for_family(int family);
static void inform_testing_reachability(const tor_addr_t *addr,
uint16_t port);
/** Whether we can reach our IPv4 ORPort from the outside. */
static bool can_reach_or_port_ipv4 = false;
/** Whether we can reach our IPv6 ORPort from the outside. */
static bool can_reach_or_port_ipv6 = false;
/** Has informed_testing_reachable logged a message about testing our IPv4
* ORPort? */
static bool have_informed_testing_or_port_ipv4 = false;
/** Has informed_testing_reachable logged a message about testing our IPv6
* ORPort? */
static bool have_informed_testing_or_port_ipv6 = false;
/** Forget what we have learned about our reachability status. */
void
router_reset_reachability(void)
{
can_reach_or_port_ipv4 = can_reach_or_port_ipv6 = false;
have_informed_testing_or_port_ipv4 =
have_informed_testing_or_port_ipv6 = false;
}
/** Return 1 if we won't do reachability checks, because:
* - AssumeReachable is set, or
* - the network is disabled.
* Otherwise, return 0.
*/
static int
router_reachability_checks_disabled(const or_options_t *options)
{
return options->AssumeReachable ||
net_is_disabled();
}
/** Return 0 if we need to do an ORPort reachability check, because:
* - no reachability check has been done yet, or
* - we've initiated reachability checks, but none have succeeded.
* Return 1 if we don't need to do an ORPort reachability check, because:
* - we've seen a successful reachability check, or
* - AssumeReachable is set, or
* - the network is disabled.
* If `family'`is AF_INET or AF_INET6, return true only when we should skip
* the given family's orport check (Because it's been checked, or because we
* aren't checking it.) If `family` is 0, return true if we can skip _all_
* orport checks.
*/
int
router_orport_seems_reachable(const or_options_t *options,
int family)
{
tor_assert_nonfatal(family == AF_INET || family == AF_INET6 || family == 0);
int reach_checks_disabled = router_reachability_checks_disabled(options);
if (reach_checks_disabled) {
return true;
}
// Note that we do a == 1 here, not just a boolean check. This value
// is also an autobool, so CFG_AUTO does not mean that we should
// assume IPv6 ports are reachable.
const bool ipv6_assume_reachable = (options->AssumeReachableIPv6 == 1);
// Which reachability flags should we look at?
const bool checking_ipv4 = (family == AF_INET || family == 0);
const bool checking_ipv6 = (family == AF_INET6 || family == 0);
if (checking_ipv4) {
if (have_orport_for_family(AF_INET) && !can_reach_or_port_ipv4) {
return false;
}
}
if (checking_ipv6 && !ipv6_assume_reachable) {
if (have_orport_for_family(AF_INET6) && !can_reach_or_port_ipv6) {
return false;
}
}
return true;
}
/** Relay DirPorts are no longer used (though authorities are). In either case,
* reachability self test is done anymore, since network re-entry towards an
* authority DirPort is not allowed. Thus, consider it always reachable. */
int
router_dirport_seems_reachable(const or_options_t *options)
{
(void) options;
return 1;
}
/** See if we currently believe our ORPort to be unreachable. If so, return 1
* else return 0. */
static int
router_should_check_reachability(void)
{
const routerinfo_t *me = router_get_my_routerinfo();
const or_options_t *options = get_options();
if (!me)
return 0;
/* Doesn't check our IPv6 address, see #34065. */
if (routerset_contains_router(options->ExcludeNodes, me, -1) &&
options->StrictNodes) {
/* If we've excluded ourself, and StrictNodes is set, we can't test
* ourself. */
#define SELF_EXCLUDED_WARN_INTERVAL 3600
static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL);
log_fn_ratelim(&warning_limit, LOG_WARN, LD_CIRC,
"Can't perform self-tests for this relay: we have "
"listed ourself in ExcludeNodes, and StrictNodes is set. "
"We cannot learn whether we are usable, and will not "
"be able to advertise ourself.");
return 0;
}
return 1;
}
/**
* Return true if we have configured an ORPort for the given family that
* we would like to advertise.
*
* Like other self-testing functions, this function looks at our most
* recently built descriptor.
**/
static bool
have_orport_for_family(int family)
{
const routerinfo_t *me = router_get_my_routerinfo();
if (!me)
return false;
tor_addr_port_t ap;
if (router_get_orport(me, &ap, family) < 0) {
return false;
}
return true;
}
/** Allocate and return a new extend_info_t that can be used to build
* a circuit to or through the router r, using an address from
* family (if available).
*
* Clients don't have routerinfos, so this function should only be called on a
* server.
*
* If the requested address is not available, returns NULL. */
static extend_info_t *
extend_info_from_router(const routerinfo_t *r, int family)
{
crypto_pk_t *rsa_pubkey;
extend_info_t *info;
tor_addr_port_t ap;
if (BUG(!r)) {
return NULL;
}
/* Relays always assume that the first hop is reachable. They ignore
* ReachableAddresses. */
tor_assert_nonfatal(router_or_conn_should_skip_reachable_address_check(
get_options(), 0));
const ed25519_public_key_t *ed_id_key;
if (r->cache_info.signing_key_cert)
ed_id_key = &r->cache_info.signing_key_cert->signing_key;
else
ed_id_key = NULL;
if (router_get_orport(r, &ap, family) < 0) {
/* We don't have an ORPort for the requested family. */
return NULL;
}
rsa_pubkey = router_get_rsa_onion_pkey(r->onion_pkey, r->onion_pkey_len);
info = extend_info_new(r->nickname, r->cache_info.identity_digest,
ed_id_key,
rsa_pubkey, r->onion_curve25519_pkey,
&ap.addr, ap.port,
/* TODO-324: Should self-test circuits use
* congestion control? */
NULL, false);
crypto_pk_free(rsa_pubkey);
return info;
}
/** Launch a self-testing circuit to one of our ORPorts, using an address from
* family (if available). The circuit can be used to test reachability
* or bandwidth. me is our own routerinfo.
*
* Logs an info-level status message. If orport_reachable is false,
* call it a reachability circuit. Otherwise, call it a bandwidth circuit.
*
* See router_do_reachability_checks() for details. */
static void
router_do_orport_reachability_checks(const routerinfo_t *me,
int family,
int orport_reachable)
{
extend_info_t *ei = extend_info_from_router(me, family);
int ipv6_flags = (family == AF_INET6 ? CIRCLAUNCH_IS_IPV6_SELFTEST : 0);
/* If we're trying to test IPv6, but we don't have an IPv6 ORPort, ei will
* be NULL. */
if (ei) {
const char *family_name = fmt_af_family(family);
const tor_addr_port_t *ap = extend_info_get_orport(ei, family);
if (BUG(!ap)) {
/* Not much we can do here to recover apart from screaming loudly. */
extend_info_free(ei);
return;
}
log_info(LD_CIRC, "Testing %s of my %s ORPort: %s.",
!orport_reachable ? "reachability" : "bandwidth",
family_name, fmt_addrport_ap(ap));
if (!orport_reachable) {
/* Only log if we are actually doing a reachability test to learn if our
* ORPort is reachable. Else, this prints a log notice if we are simply
* opening a bandwidth testing circuit even though we are reachable. */
inform_testing_reachability(&ap->addr, ap->port);
}
circuit_launch_by_extend_info(CIRCUIT_PURPOSE_TESTING, ei,
CIRCLAUNCH_NEED_CAPACITY|
CIRCLAUNCH_IS_INTERNAL|
ipv6_flags);
extend_info_free(ei);
}
}
/** Some time has passed, or we just got new directory information. See if we
* currently believe our ORPort to be unreachable. If so, launch a new test
* for it.
*
* For ORPort, we simply try making a circuit that ends at ourselves. Success
* is noticed in onionskin_answer().
*/
void
router_do_reachability_checks(void)
{
const routerinfo_t *me = router_get_my_routerinfo();
const or_options_t *options = get_options();
int orport_reachable_v4 =
router_orport_seems_reachable(options, AF_INET);
int orport_reachable_v6 =
router_orport_seems_reachable(options, AF_INET6);
if (router_should_check_reachability()) {
bool need_testing = !circuit_enough_testing_circs();
/* At the moment, tor relays believe that they are reachable when they
* receive any create cell on an inbound connection, if the address
* family is correct.
*/
if (!orport_reachable_v4 || need_testing) {
router_do_orport_reachability_checks(me, AF_INET, orport_reachable_v4);
}
if (!orport_reachable_v6 || need_testing) {
router_do_orport_reachability_checks(me, AF_INET6, orport_reachable_v6);
}
}
}
/** Log a message informing the user that we are testing a port for
* reachability, if we have not already logged such a message.
*
* Calls to router_reset_reachability() will reset our view of whether we have
* logged this message for a given port. */
static void
inform_testing_reachability(const tor_addr_t *addr, uint16_t port)
{
if (!router_get_my_routerinfo())
return;
bool *have_informed_ptr;
if (tor_addr_family(addr) == AF_INET) {
have_informed_ptr = &have_informed_testing_or_port_ipv4;
} else {
have_informed_ptr = &have_informed_testing_or_port_ipv6;
}
if (*have_informed_ptr) {
/* We already told the user that we're testing this port; no need to
* do it again. */
return;
}
char addr_buf[TOR_ADDRPORT_BUF_LEN];
strlcpy(addr_buf, fmt_addrport(addr, port), sizeof(addr_buf));
const char *afname = fmt_af_family(tor_addr_family(addr));
control_event_server_status(LOG_NOTICE,
"CHECKING_REACHABILITY ORADDRESS=%s",
addr_buf);
log_notice(LD_OR, "Now checking whether %s ORPort %s is reachable... "
"(this may take up to %d minutes -- look for log "
"messages indicating success)",
afname, addr_buf,
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
*have_informed_ptr = true;
}
/**
* Return true if this module knows of no reason why we shouldn't publish
* a server descriptor.
**/
static bool
ready_to_publish(const or_options_t *options)
{
return options->PublishServerDescriptor_ != NO_DIRINFO &&
router_all_orports_seem_reachable(options);
}
/** Annotate that we found our ORPort reachable with a given address
* family. */
void
router_orport_found_reachable(int family)
{
const routerinfo_t *me = router_get_my_routerinfo();
const or_options_t *options = get_options();
const char *reachable_reason = "ORPort found reachable";
bool *can_reach_ptr;
if (family == AF_INET) {
can_reach_ptr = &can_reach_or_port_ipv4;
} else if (family == AF_INET6) {
can_reach_ptr = &can_reach_or_port_ipv6;
} else {
tor_assert_nonfatal_unreached();
return;
}
if (!*can_reach_ptr && me) {
tor_addr_port_t ap;
if (router_get_orport(me, &ap, family) < 0) {
return;
}
char *address = tor_strdup(fmt_addrport_ap(&ap));
*can_reach_ptr = true;
log_notice(LD_OR,"Self-testing indicates your ORPort %s is reachable from "
"the outside. Excellent.%s",
address,
ready_to_publish(options) ?
" Publishing server descriptor." : "");
/* Make sure our descriptor is marked to publish the IPv6 if it is now
* reachable. This can change at runtime. */
if (family == AF_INET6) {
mark_my_descriptor_if_omit_ipv6_changes(reachable_reason, false);
} else {
mark_my_descriptor_dirty(reachable_reason);
}
/* This is a significant enough change to upload immediately,
* at least in a test network */
if (options->TestingTorNetwork == 1) {
reschedule_descriptor_update_check();
}
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED ORADDRESS=%s",
address);
tor_free(address);
}
}
/** We have enough testing circuits open. Send a bunch of "drop"
* cells down each of them, to exercise our bandwidth.
*
* May use IPv4 and IPv6 testing circuits (if available). */
void
router_perform_bandwidth_test(int num_circs, time_t now)
{
int num_cells = (int)(get_options()->BandwidthRate * 10 /
CELL_MAX_NETWORK_SIZE);
int max_cells = num_cells < CIRCWINDOW_START ?
num_cells : CIRCWINDOW_START;
int cells_per_circuit = max_cells / num_circs;
origin_circuit_t *circ = NULL;
log_notice(LD_OR,"Performing bandwidth self-test...done.");
while ((circ = circuit_get_next_by_purpose(circ,
CIRCUIT_PURPOSE_TESTING))) {
/* dump cells_per_circuit drop cells onto this circ */
int i = cells_per_circuit;
if (circ->base_.state != CIRCUIT_STATE_OPEN)
continue;
circ->base_.timestamp_dirty = now;
while (i-- > 0) {
if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
RELAY_COMMAND_DROP,
NULL, 0, circ->cpath->prev)<0) {
return; /* stop if error */
}
}
}
}