mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-27 16:45:53 +01:00
Code Issues Projects Releases Wiki Activity
tor/src/feature/relay/router.h

154 lines
6.6 KiB
C
Raw Normal View History

Create router.h
2010-07-21 16:17:10 +02:00
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
It's 2020. Update the copyright dates with "make update-copyright"
2020-01-08 18:39:17 -05:00
* Copyright (c) 2007-2020, The Tor Project, Inc. */
Create router.h
2010-07-21 16:17:10 +02:00
/* See LICENSE for licensing information */
/**
* \file router.h
Fix typos, make all \brief's conformant, end sentences with a period.
2010-07-28 17:42:33 +02:00
* \brief Header file for router.c.
Create router.h
2010-07-21 16:17:10 +02:00
**/
Convert all include-guard macros to avoid reserved identifiers. In C, we technically aren't supposed to define our own things that start with an underscore. This is a purely machine-generated commit. First, I ran this script on all the headers in src/{common,or,test,tools/*}/*.h : ============================== use strict; my %macros = (); my %skipped = (); FILE: for my $fn (@ARGV) { my $f = $fn; if ($fn !~ /^\.\//) { $f = "./$fn"; } $skipped{$fn} = 0; open(F, $fn); while (<F>) { if (/^#ifndef ([A-Za-z0-9_]+)/) { $macros{$fn} = $1; next FILE; } } } print "#!/usr/bin/perl -w -i -p\n\n"; for my $fn (@ARGV) { if (! exists $macros{$fn}) { print "# No macro known for $fn!\n" if (!$skipped{$fn}); next; } if ($macros{$fn} !~ /_H_?$/) { print "# Weird macro for $fn...\n"; } my $goodmacro = uc $fn; $goodmacro =~ s#.*/##; $goodmacro =~ s#[\/\-\.]#_#g; print "s/(?<![A-Za-z0-9_])$macros{$fn}(?![A-Za-z0-9_])/TOR_${goodmacro}/g;\n" } ============================== It produced the following output, which I then re-ran on those same files: ============================== s/(?<![A-Za-z0-9_])_TOR_ADDRESS_H(?![A-Za-z0-9_])/TOR_ADDRESS_H/g; s/(?<![A-Za-z0-9_])_TOR_AES_H(?![A-Za-z0-9_])/TOR_AES_H/g; s/(?<![A-Za-z0-9_])_TOR_COMPAT_H(?![A-Za-z0-9_])/TOR_COMPAT_H/g; s/(?<![A-Za-z0-9_])_TOR_COMPAT_LIBEVENT_H(?![A-Za-z0-9_])/TOR_COMPAT_LIBEVENT_H/g; s/(?<![A-Za-z0-9_])_TOR_CONTAINER_H(?![A-Za-z0-9_])/TOR_CONTAINER_H/g; s/(?<![A-Za-z0-9_])_TOR_CRYPTO_H(?![A-Za-z0-9_])/TOR_CRYPTO_H/g; s/(?<![A-Za-z0-9_])TOR_DI_OPS_H(?![A-Za-z0-9_])/TOR_DI_OPS_H/g; s/(?<![A-Za-z0-9_])_TOR_MEMAREA_H(?![A-Za-z0-9_])/TOR_MEMAREA_H/g; s/(?<![A-Za-z0-9_])_TOR_MEMPOOL_H(?![A-Za-z0-9_])/TOR_MEMPOOL_H/g; s/(?<![A-Za-z0-9_])TOR_PROCMON_H(?![A-Za-z0-9_])/TOR_PROCMON_H/g; s/(?<![A-Za-z0-9_])_TOR_TORGZIP_H(?![A-Za-z0-9_])/TOR_TORGZIP_H/g; s/(?<![A-Za-z0-9_])_TOR_TORINT_H(?![A-Za-z0-9_])/TOR_TORINT_H/g; s/(?<![A-Za-z0-9_])_TOR_LOG_H(?![A-Za-z0-9_])/TOR_TORLOG_H/g; s/(?<![A-Za-z0-9_])_TOR_TORTLS_H(?![A-Za-z0-9_])/TOR_TORTLS_H/g; s/(?<![A-Za-z0-9_])_TOR_UTIL_H(?![A-Za-z0-9_])/TOR_UTIL_H/g; s/(?<![A-Za-z0-9_])_TOR_BUFFERS_H(?![A-Za-z0-9_])/TOR_BUFFERS_H/g; s/(?<![A-Za-z0-9_])_TOR_CHANNEL_H(?![A-Za-z0-9_])/TOR_CHANNEL_H/g; s/(?<![A-Za-z0-9_])_TOR_CHANNEL_TLS_H(?![A-Za-z0-9_])/TOR_CHANNELTLS_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITBUILD_H(?![A-Za-z0-9_])/TOR_CIRCUITBUILD_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITLIST_H(?![A-Za-z0-9_])/TOR_CIRCUITLIST_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITUSE_H(?![A-Za-z0-9_])/TOR_CIRCUITUSE_H/g; s/(?<![A-Za-z0-9_])_TOR_COMMAND_H(?![A-Za-z0-9_])/TOR_COMMAND_H/g; s/(?<![A-Za-z0-9_])_TOR_CONFIG_H(?![A-Za-z0-9_])/TOR_CONFIG_H/g; s/(?<![A-Za-z0-9_])TOR_CONFPARSE_H(?![A-Za-z0-9_])/TOR_CONFPARSE_H/g; s/(?<![A-Za-z0-9_])_TOR_CONNECTION_EDGE_H(?![A-Za-z0-9_])/TOR_CONNECTION_EDGE_H/g; s/(?<![A-Za-z0-9_])_TOR_CONNECTION_H(?![A-Za-z0-9_])/TOR_CONNECTION_H/g; s/(?<![A-Za-z0-9_])_TOR_CONNECTION_OR_H(?![A-Za-z0-9_])/TOR_CONNECTION_OR_H/g; s/(?<![A-Za-z0-9_])_TOR_CONTROL_H(?![A-Za-z0-9_])/TOR_CONTROL_H/g; s/(?<![A-Za-z0-9_])_TOR_CPUWORKER_H(?![A-Za-z0-9_])/TOR_CPUWORKER_H/g; s/(?<![A-Za-z0-9_])_TOR_DIRECTORY_H(?![A-Za-z0-9_])/TOR_DIRECTORY_H/g; s/(?<![A-Za-z0-9_])_TOR_DIRSERV_H(?![A-Za-z0-9_])/TOR_DIRSERV_H/g; s/(?<![A-Za-z0-9_])_TOR_DIRVOTE_H(?![A-Za-z0-9_])/TOR_DIRVOTE_H/g; s/(?<![A-Za-z0-9_])_TOR_DNS_H(?![A-Za-z0-9_])/TOR_DNS_H/g; s/(?<![A-Za-z0-9_])_TOR_DNSSERV_H(?![A-Za-z0-9_])/TOR_DNSSERV_H/g; s/(?<![A-Za-z0-9_])TOR_EVENTDNS_TOR_H(?![A-Za-z0-9_])/TOR_EVENTDNS_TOR_H/g; s/(?<![A-Za-z0-9_])_TOR_GEOIP_H(?![A-Za-z0-9_])/TOR_GEOIP_H/g; s/(?<![A-Za-z0-9_])_TOR_HIBERNATE_H(?![A-Za-z0-9_])/TOR_HIBERNATE_H/g; s/(?<![A-Za-z0-9_])_TOR_MAIN_H(?![A-Za-z0-9_])/TOR_MAIN_H/g; s/(?<![A-Za-z0-9_])_TOR_MICRODESC_H(?![A-Za-z0-9_])/TOR_MICRODESC_H/g; s/(?<![A-Za-z0-9_])_TOR_NETWORKSTATUS_H(?![A-Za-z0-9_])/TOR_NETWORKSTATUS_H/g; s/(?<![A-Za-z0-9_])_TOR_NODELIST_H(?![A-Za-z0-9_])/TOR_NODELIST_H/g; s/(?<![A-Za-z0-9_])_TOR_NTMAIN_H(?![A-Za-z0-9_])/TOR_NTMAIN_H/g; s/(?<![A-Za-z0-9_])_TOR_ONION_H(?![A-Za-z0-9_])/TOR_ONION_H/g; s/(?<![A-Za-z0-9_])_TOR_OR_H(?![A-Za-z0-9_])/TOR_OR_H/g; s/(?<![A-Za-z0-9_])_TOR_POLICIES_H(?![A-Za-z0-9_])/TOR_POLICIES_H/g; s/(?<![A-Za-z0-9_])_TOR_REASONS_H(?![A-Za-z0-9_])/TOR_REASONS_H/g; s/(?<![A-Za-z0-9_])_TOR_RELAY_H(?![A-Za-z0-9_])/TOR_RELAY_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDCLIENT_H(?![A-Za-z0-9_])/TOR_RENDCLIENT_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDCOMMON_H(?![A-Za-z0-9_])/TOR_RENDCOMMON_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDMID_H(?![A-Za-z0-9_])/TOR_RENDMID_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDSERVICE_H(?![A-Za-z0-9_])/TOR_RENDSERVICE_H/g; s/(?<![A-Za-z0-9_])_TOR_REPHIST_H(?![A-Za-z0-9_])/TOR_REPHIST_H/g; s/(?<![A-Za-z0-9_])_TOR_REPLAYCACHE_H(?![A-Za-z0-9_])/TOR_REPLAYCACHE_H/g; s/(?<![A-Za-z0-9_])_TOR_ROUTER_H(?![A-Za-z0-9_])/TOR_ROUTER_H/g; s/(?<![A-Za-z0-9_])_TOR_ROUTERLIST_H(?![A-Za-z0-9_])/TOR_ROUTERLIST_H/g; s/(?<![A-Za-z0-9_])_TOR_ROUTERPARSE_H(?![A-Za-z0-9_])/TOR_ROUTERPARSE_H/g; s/(?<![A-Za-z0-9_])TOR_ROUTERSET_H(?![A-Za-z0-9_])/TOR_ROUTERSET_H/g; s/(?<![A-Za-z0-9_])TOR_STATEFILE_H(?![A-Za-z0-9_])/TOR_STATEFILE_H/g; s/(?<![A-Za-z0-9_])_TOR_STATUS_H(?![A-Za-z0-9_])/TOR_STATUS_H/g; s/(?<![A-Za-z0-9_])TOR_TRANSPORTS_H(?![A-Za-z0-9_])/TOR_TRANSPORTS_H/g; s/(?<![A-Za-z0-9_])_TOR_TEST_H(?![A-Za-z0-9_])/TOR_TEST_H/g; s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_H/g; s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_NATPMP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_NATPMP_H/g; s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_UPNP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_UPNP_H/g; ==============================
2012-10-12 12:13:10 -04:00
#ifndef TOR_ROUTER_H
#define TOR_ROUTER_H
Create router.h
2010-07-21 16:17:10 +02:00
Rectify include paths (automated). You have no idea how glad I am that this is automated.
2018-06-21 13:12:23 -04:00
#include "lib/testsupport/testsupport.h"
Completely refactor how FILENAME_PRIVATE works We previously used FILENAME_PRIVATE identifiers mostly for identifiers exposed only to the unit tests... but also for identifiers exposed to the benchmarker, and sometimes for identifiers exposed to a similar module, and occasionally for no really good reason at all. Now, we use FILENAME_PRIVATE identifiers for identifiers shared by Tor and the unit tests. They should be defined static when we aren't building the unit test, and globally visible otherwise. (The STATIC macro will keep us honest here.) For identifiers used only by the unit tests and never by Tor at all, on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS. This is not the motivating use case for the split test/non-test build system; it's just a test example to see how it works, and to take a chance to clean up the code a little.
2013-06-06 17:58:28 -04:00
Minimize headers that include crypto_formats and x25519 stuff
2018-07-01 13:04:21 -04:00
struct curve25519_keypair_t;
struct ed25519_keypair_t;
Improve GETCONF exit-policy/* error handling This will yield different error codes for transient and permament errors. Furthermore, Tor will give human readable error messages to controller.
2018-05-03 17:07:29 +02:00
#define TOR_ROUTERINFO_ERROR_NO_EXT_ADDR (-1)
#define TOR_ROUTERINFO_ERROR_CANNOT_PARSE (-2)
#define TOR_ROUTERINFO_ERROR_NOT_A_SERVER (-3)
#define TOR_ROUTERINFO_ERROR_DIGEST_FAILED (-4)
#define TOR_ROUTERINFO_ERROR_CANNOT_GENERATE (-5)
Tweak error handling for #25852
2018-05-10 16:45:57 +03:00
#define TOR_ROUTERINFO_ERROR_DESC_REBUILDING (-6)
router: refactor router_build_fresh_descriptor() static function interfaces Tidy the arguments and return values of these functions, and clean up their memory management. Preparation for testing 29017 and 20918.
2019-01-10 19:47:24 +10:00
#define TOR_ROUTERINFO_ERROR_INTERNAL_BUG (-7)
Improve GETCONF exit-policy/* error handling This will yield different error codes for transient and permament errors. Furthermore, Tor will give human readable error messages to controller.
2018-05-03 17:07:29 +02:00
test_dir: Unit tests for RSA-only router and extrainfo descriptor creation Tests 29017 and 29018.
2019-02-18 15:24:26 +10:00
MOCK_DECL(crypto_pk_t *,get_onion_key,(void));
Create router.h
2010-07-21 16:17:10 +02:00
time_t get_onion_key_set_at(void);
Rename nonconformant identifiers. Fixes bug 4893. These changes are pure mechanical, and were generated with this perl script: /usr/bin/perl -w -i.bak -p s/crypto_pk_env_t/crypto_pk_t/g; s/crypto_dh_env_t/crypto_dh_t/g; s/crypto_cipher_env_t/crypto_cipher_t/g; s/crypto_digest_env_t/crypto_digest_t/g; s/aes_free_cipher/aes_cipher_free/g; s/crypto_free_cipher_env/crypto_cipher_free/g; s/crypto_free_digest_env/crypto_digest_free/g; s/crypto_free_pk_env/crypto_pk_free/g; s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g; s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g; s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g; s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g; s/crypto_new_cipher_env/crypto_cipher_new/g; s/crypto_new_digest_env/crypto_digest_new/g; s/crypto_new_digest256_env/crypto_digest256_new/g; s/crypto_new_pk_env/crypto_pk_new/g; s/crypto_create_crypto_env/crypto_cipher_new/g; s/connection_create_listener/connection_listener_new/g; s/smartlist_create/smartlist_new/g; s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
void set_server_identity_key(crypto_pk_t *k);
relay: Silence compiler warnings when relay mode is disabled Part of 32123.
2019-10-18 14:16:24 +10:00
/* Some compilers are clever enough to know that when relay mode is disabled,
* this function never returns. */
#ifdef HAVE_MODULE_RELAY
test_dir: Unit tests for RSA-only router and extrainfo descriptor creation Tests 29017 and 29018.
2019-02-18 15:24:26 +10:00
MOCK_DECL(crypto_pk_t *,get_server_identity_key,(void));
relay: Silence compiler warnings when relay mode is disabled Part of 32123.
2019-10-18 14:16:24 +10:00
#else
#define get_server_identity_key() (tor_abort_(),NULL)
#endif
Maintain separate server and client identity keys when appropriate. Fixes a bug described in ticket #988.
2010-10-03 22:38:53 -07:00
int server_identity_key_is_set(void);
Rename nonconformant identifiers. Fixes bug 4893. These changes are pure mechanical, and were generated with this perl script: /usr/bin/perl -w -i.bak -p s/crypto_pk_env_t/crypto_pk_t/g; s/crypto_dh_env_t/crypto_dh_t/g; s/crypto_cipher_env_t/crypto_cipher_t/g; s/crypto_digest_env_t/crypto_digest_t/g; s/aes_free_cipher/aes_cipher_free/g; s/crypto_free_cipher_env/crypto_cipher_free/g; s/crypto_free_digest_env/crypto_digest_free/g; s/crypto_free_pk_env/crypto_pk_free/g; s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g; s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g; s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g; s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g; s/crypto_new_cipher_env/crypto_cipher_new/g; s/crypto_new_digest_env/crypto_digest_new/g; s/crypto_new_digest256_env/crypto_digest256_new/g; s/crypto_new_pk_env/crypto_pk_new/g; s/crypto_create_crypto_env/crypto_cipher_new/g; s/connection_create_listener/connection_listener_new/g; s/smartlist_create/smartlist_new/g; s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
void set_client_identity_key(crypto_pk_t *k);
crypto_pk_t *get_tlsclient_identity_key(void);
Maintain separate server and client identity keys when appropriate. Fixes a bug described in ticket #988.
2010-10-03 22:38:53 -07:00
int client_identity_key_is_set(void);
Add tests for directory_handle_command_get
2015-09-07 12:22:33 -05:00
MOCK_DECL(authority_cert_t *, get_my_v3_authority_cert, (void));
Rename nonconformant identifiers. Fixes bug 4893. These changes are pure mechanical, and were generated with this perl script: /usr/bin/perl -w -i.bak -p s/crypto_pk_env_t/crypto_pk_t/g; s/crypto_dh_env_t/crypto_dh_t/g; s/crypto_cipher_env_t/crypto_cipher_t/g; s/crypto_digest_env_t/crypto_digest_t/g; s/aes_free_cipher/aes_cipher_free/g; s/crypto_free_cipher_env/crypto_cipher_free/g; s/crypto_free_digest_env/crypto_digest_free/g; s/crypto_free_pk_env/crypto_pk_free/g; s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g; s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g; s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g; s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g; s/crypto_new_cipher_env/crypto_cipher_new/g; s/crypto_new_digest_env/crypto_digest_new/g; s/crypto_new_digest256_env/crypto_digest256_new/g; s/crypto_new_pk_env/crypto_pk_new/g; s/crypto_create_crypto_env/crypto_cipher_new/g; s/connection_create_listener/connection_listener_new/g; s/smartlist_create/smartlist_new/g; s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
crypto_pk_t *get_my_v3_authority_signing_key(void);
Create router.h
2010-07-21 16:17:10 +02:00
authority_cert_t *get_my_v3_legacy_cert(void);
Rename nonconformant identifiers. Fixes bug 4893. These changes are pure mechanical, and were generated with this perl script: /usr/bin/perl -w -i.bak -p s/crypto_pk_env_t/crypto_pk_t/g; s/crypto_dh_env_t/crypto_dh_t/g; s/crypto_cipher_env_t/crypto_cipher_t/g; s/crypto_digest_env_t/crypto_digest_t/g; s/aes_free_cipher/aes_cipher_free/g; s/crypto_free_cipher_env/crypto_cipher_free/g; s/crypto_free_digest_env/crypto_digest_free/g; s/crypto_free_pk_env/crypto_pk_free/g; s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g; s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g; s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g; s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g; s/crypto_new_cipher_env/crypto_cipher_new/g; s/crypto_new_digest_env/crypto_digest_new/g; s/crypto_new_digest256_env/crypto_digest256_new/g; s/crypto_new_pk_env/crypto_pk_new/g; s/crypto_create_crypto_env/crypto_cipher_new/g; s/connection_create_listener/connection_listener_new/g; s/smartlist_create/smartlist_new/g; s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
crypto_pk_t *get_my_v3_legacy_signing_key(void);
void dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last);
Add periodic timer for expiring old onion keys. This patch adds a new timer that is executed when it is time to expire our current set of old onion keys. Because of proposal #274 this can no longer be assumed to be at the same time we rotate our onion keys since they will be updated less frequently. See: https://bugs.torproject.org/21641
2017-03-10 13:00:20 +01:00
void expire_old_onion_keys(void);
Create router.h
2010-07-21 16:17:10 +02:00
void rotate_onion_key(void);
void v3_authority_check_key_expiry(void);
Make MIN_ONION_KEY_LIFETIME a consensus parameter defined value. This patch turns `MIN_ONION_KEY_LIFETIME` into a new function `get_onion_key_lifetime()` which gets its value from a network consensus parameter named "onion-key-rotation-days". This allows us to tune the value at a later point in time with no code modifications. We also bump the default onion key lifetime from 7 to 28 days as per proposal #274. See: https://bugs.torproject.org/21641
2017-03-10 12:18:52 +01:00
int get_onion_key_lifetime(void);
Add API to query the current onion key grace period. This patch adds an API to get the current grace period, in days, defined as the consensus parameter "onion-key-grace-period-days". As per proposal #274 the values for "onion-key-grace-period-days" is a default value of 7 days, a minimum value of 1 day, and a maximum value defined by other consensus parameter "onion-key-rotation-days" also defined in days. See: https://bugs.torproject.org/21641
2017-03-10 12:56:36 +01:00
int get_onion_key_grace_period(void);
Create router.h
2010-07-21 16:17:10 +02:00
router: Keep RSA onion public key in ASN.1 format The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding which is 140 for a 1024 RSA key. We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor (microdesc_t). Scaling this to 6000 relays, and considering client usually only have microdescriptors, we save 1.608 MB of RAM which is considerable for mobile client. This commit makes it that we keep the RSA onion public key (used for TAP handshake) in ASN.1 format instead of an OpenSSL RSA object. Changes is done in both routerinfo_t and microdesc_t. Closes #27246 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-23 14:05:42 -04:00
crypto_pk_t *router_get_rsa_onion_pkey(const char *pkey, size_t pkey_len);
void router_set_rsa_onion_pkey(const crypto_pk_t *pk, char **onion_pkey_out,
size_t *onion_pkey_len);
Wrangle curve25519 onion keys: generate, store, load, publish, republish Here we try to handle curve25519 onion keys from generating them, loading and storing them, publishing them in our descriptors, putting them in microdescriptors, and so on. This commit is untested and probably buggy like whoa
2012-12-04 15:58:18 -05:00
di_digest256_map_t *construct_ntor_key_map(void);
Change the free macro convention in the rest of src/or/*.h
2017-11-21 09:37:47 -05:00
void ntor_key_map_free_(di_digest256_map_t *map);
Switch to a safer FREE_AND_NULL implementation This one only evaluates the input once, so it cannot mess up even if there are side effects.
2017-12-04 15:09:18 -05:00
#define ntor_key_map_free(map) \
Replace all FREE_AND_NULL* uses to take a type and a free function. This commit was made mechanically by this perl script: \#!/usr/bin/perl -w -i -p next if /^#define FREE_AND_NULL/; s/\bFREE_AND_NULL\((\w+),/FREE_AND_NULL\(${1}_t, ${1}_free_,/; s/\bFREE_AND_NULL_UNMATCHED\(/FREE_AND_NULL\(/;
2017-12-07 10:44:04 -05:00
FREE_AND_NULL(di_digest256_map_t, ntor_key_map_free_, (map))
Wrangle curve25519 onion keys: generate, store, load, publish, republish Here we try to handle curve25519 onion keys from generating them, loading and storing them, publishing them in our descriptors, putting them in microdescriptors, and so on. This commit is untested and probably buggy like whoa
2012-12-04 15:58:18 -05:00
Simply initialize TLS context if DynamicDHGroups change. We used to do init_keys() if DynamicDHGroups changed after a HUP, so that the dynamic DH modulus was stored on the disk. Since we are now doing dynamic DH modulus storing in crypto.c, we can simply initialize the TLS context and be good with it. Introduce a new function router_initialize_tls_context() which initializes the TLS context and use it appropriately.
2011-11-24 06:40:02 +01:00
int router_initialize_tls_context(void);
Create router.h
2010-07-21 16:17:10 +02:00
int init_keys(void);
Split the client-only parts of init_keys() into a separate function This should simplify the callgraph a little more.
2015-08-11 10:35:10 -04:00
int init_keys_client(void);
Create router.h
2010-07-21 16:17:10 +02:00
Treat a changed IPv6 ORPort like an IPv4 one in retry_all_listeners() Fix for bug 6026
2013-03-11 17:20:43 -04:00
uint16_t router_get_active_listener_port_by_type_af(int listener_type,
sa_family_t family);
Rename router_get_advertised_*() functions. These now (or_port and dir_port) now have "find" names, since they look at the portcfg first, then at the actual ports from the listeners. This is an automated commit, generated by this command: ./scripts/maint/rename_c_identifier.py \ router_get_advertised_or_port routerconf_find_or_port \ router_get_advertised_ipv6_or_ap routerconf_find_ipv6_or_ap \ router_has_advertised_ipv6_orport routerconf_has_ipv6_orport \ router_get_advertised_dir_port routerconf_find_dir_port
2020-07-21 12:59:03 -04:00
void routerconf_find_ipv6_or_ap(const or_options_t *options,
router: Stop advertising incorrect auto IPv6 ORPorts When IPv6 ORPorts are set to "auto", tor relays and bridges would advertise an incorrect port in their descriptor. This may be a low-severity memory safety issue, because the published port number may be derived from uninitialised or out-of-bounds memory reads. Fixes bug 32588; bugfix on 0.2.3.9-alpha.
2019-12-20 14:30:51 +10:00
tor_addr_port_t *ipv6_ap_out);
Rename router_get_advertised_*() functions. These now (or_port and dir_port) now have "find" names, since they look at the portcfg first, then at the actual ports from the listeners. This is an automated commit, generated by this command: ./scripts/maint/rename_c_identifier.py \ router_get_advertised_or_port routerconf_find_or_port \ router_get_advertised_ipv6_or_ap routerconf_find_ipv6_or_ap \ router_has_advertised_ipv6_orport routerconf_has_ipv6_orport \ router_get_advertised_dir_port routerconf_find_dir_port
2020-07-21 12:59:03 -04:00
bool routerconf_has_ipv6_orport(const or_options_t *options);
relay: Refactor can extend over IPv6 checks Split "can extend over IPv6" and "has advertised IPv6 ORPort" into separate functions. They currently have the same result, but this may change in 33818 with ExtendAllowIPv6Addresses. Part of 33817.
2020-04-30 06:47:46 +10:00
MOCK_DECL(bool, router_can_extend_over_ipv6,(const or_options_t *options));
Rename router_get_advertised_*() functions. These now (or_port and dir_port) now have "find" names, since they look at the portcfg first, then at the actual ports from the listeners. This is an automated commit, generated by this command: ./scripts/maint/rename_c_identifier.py \ router_get_advertised_or_port routerconf_find_or_port \ router_get_advertised_ipv6_or_ap routerconf_find_ipv6_or_ap \ router_has_advertised_ipv6_orport routerconf_has_ipv6_orport \ router_get_advertised_dir_port routerconf_find_dir_port
2020-07-21 12:59:03 -04:00
uint16_t routerconf_find_or_port(const or_options_t *options,
Combine router_get_advertised_or_port{,by_af_}() functions
2020-07-21 12:34:56 -04:00
sa_family_t family);
Rename router_get_advertised_*() functions. These now (or_port and dir_port) now have "find" names, since they look at the portcfg first, then at the actual ports from the listeners. This is an automated commit, generated by this command: ./scripts/maint/rename_c_identifier.py \ router_get_advertised_or_port routerconf_find_or_port \ router_get_advertised_ipv6_or_ap routerconf_find_ipv6_or_ap \ router_has_advertised_ipv6_orport routerconf_has_ipv6_orport \ router_get_advertised_dir_port routerconf_find_dir_port
2020-07-21 12:59:03 -04:00
uint16_t routerconf_find_dir_port(const or_options_t *options,
Fix unit test failure in dir/formats options->DirPort is 0 in the unit tests, so router_get_advertised_dir_port() would return 0 so we wouldn't pick a dirport. This isn't what we want for the unit tests. Fixes bug introduced in 95ac3ea5946.
2011-06-02 13:30:32 +02:00
uint16_t dirport);
Advertise correct DirPort/ORPort when configured with "auto" We'll eventually want to do more work here to make sure that the ports are stable over multiple invocations. Otherwise, turning your node on and off will get you a new DirPort/ORPort needlessly.
2011-05-02 15:51:30 -04:00
Move self-test functionality into its own file.
2018-09-25 15:10:11 -04:00
int router_should_advertise_dirport(const or_options_t *options,
uint16_t dir_port);
Create router.h
2010-07-21 16:17:10 +02:00
void consider_publishable_server(int force);
Make the get_options() return const This lets us make a lot of other stuff const, allows the compiler to generate (slightly) better code, and will make me get slightly fewer patches from folks who stick mutable stuff into or_options_t. const: because not every input is an output!
2011-06-14 13:01:38 -04:00
int should_refuse_unknown_exits(const or_options_t *options);
Create router.h
2010-07-21 16:17:10 +02:00
Add two new networkstatus parameters to emulate AssumeReachable. These parameters do not suppress checks, but they tell relays that it's okay to publish even when those checks fail. I have chosen lowercase hyphenated names, since these seem to be more common in networkstatus params. Closes #33224 and part of #34064.
2020-06-24 14:52:44 -04:00
void router_new_consensus_params(const networkstatus_t *);
Create router.h
2010-07-21 16:17:10 +02:00
void router_upload_dir_desc_to_dirservers(int force);
Upload descriptors more often when recent desc is unlisted Right now we only force a new descriptor upload every 18 hours. This can make servers become unlisted if they upload a descriptor at time T which the authorities reject as being "too similar" to one they uploaded before. Nothing will actually make the server upload a new descriptor later on, until another 18 hours have passed. This patch changes the upload behavior so that the 18 hour interval applies only when we're listed in a live consensus with a descriptor published within the last 18 hours. Otherwise--if we're not listed in the live consensus, or if we're listed with a publication time over 18 hours in the past--we upload a new descriptor every 90 minutes. This is an attempted bugfix for #3327. If we merge it, it should obsolete #535.
2011-06-22 12:27:27 -04:00
void mark_my_descriptor_dirty_if_too_old(time_t now);
log the reason for publishing a new relay descriptor now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:36:20 -04:00
void mark_my_descriptor_dirty(const char *reason);
relay: Publish IPv4 descriptor on guessed IPv6 reachability failure On an IPv6 reachability failure test, if the address was configured, don't publish the descriptor and log warn. If the address was auto discovered, still publish the descriptor. Closes #33247. Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-24 09:11:16 -04:00
void mark_my_descriptor_if_omit_ipv6_changes(const char *reason,
bool omit_ipv6);
Create router.h
2010-07-21 16:17:10 +02:00
void check_descriptor_bandwidth_changed(time_t now);
void check_descriptor_ipaddress_changed(time_t now);
Extract all the "am I a server" functions from router.c
2018-09-25 16:00:50 -04:00
int router_has_bandwidth_to_be_dirserver(const or_options_t *options);
Change signature of router_compare_to_my_exit_policy so dns can use it Also, fix the function so it actually looks at our ipv6 exit policy.
2012-11-05 13:11:53 -05:00
int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port);
A second test case for dns_resolve_impl.
2015-10-08 21:47:52 +03:00
MOCK_DECL(int, router_my_exit_policy_is_reject_star,(void));
Uplift status.c unit test coverage with new test cases and macros. A new set of unit test cases are provided, as well as introducing an alternative paradigm and macros to support it. Primarily, each test case is given its own namespace, in order to isolate tests from each other. We do this by in the usual fashion, by appending module and submodule names to our symbols. New macros assist by reducing friction for this and other tasks, like overriding a function in the global namespace with one in the current namespace, or declaring integer variables to assist tracking how many times a mock has been called. A set of tests for a small-scale module has been included in this commit, in order to highlight how the paradigm can be used. This suite gives 100% coverage to status.c in test execution.
2014-04-15 22:20:34 +10:00
MOCK_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
Make _with_err return routerinfo, like old function does
2018-05-10 16:13:16 +03:00
MOCK_DECL(const routerinfo_t *, router_get_my_routerinfo_with_err,(int *err));
Create router.h
2010-07-21 16:17:10 +02:00
extrainfo_t *router_get_my_extrainfo(void);
const char *router_get_my_descriptor(void);
Report reason for generating descriptor in an HTTP header Suggested by arma; based on 3327.
2011-06-24 16:43:08 -04:00
const char *router_get_descriptor_gen_reason(void);
Create router.h
2010-07-21 16:17:10 +02:00
int router_digest_is_me(const char *digest);
Massive refactoring of the various handshake types The three handshake types are now accessed from a unified interface; their state is abstracted from the rest of the cpath state, and so on.
2012-12-04 21:27:07 -05:00
const uint8_t *router_get_my_id_digest(void);
Create router.h
2010-07-21 16:17:10 +02:00
int router_extrainfo_digest_is_me(const char *digest);
Try to make most routerinfo_t interfaces const
2010-09-29 00:38:32 -04:00
int router_is_me(const routerinfo_t *router);
Validate address more carefully when checking self-reachability Previously, we would treat *any* incoming circuit on a non-local channel as meaning that our ORPort was reachable. With this patch, we make sure that the address that the peer _says_ we have is the same as the one we're trying to advertise right now. Closes 20165. Bugfix on 4f5192b2803c706 in 0.1.0.1-rc, when reachability self-tests were first introduced.
2020-08-06 11:21:00 -04:00
bool router_addr_is_my_published_addr(const tor_addr_t *addr);
Refactor router_rebuild_descriptor Allow building a router descriptor without storing it to global state. This is in preparation of a patch to export the created descriptors via the control port.
2015-02-07 13:29:26 +01:00
int router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e);
Create router.h
2010-07-21 16:17:10 +02:00
int router_rebuild_descriptor(int force);
Use chunks, not buffers, for router descriptors
2013-02-22 12:17:23 -05:00
char *router_dump_router_to_string(routerinfo_t *router,
Minimize headers that include crypto_formats and x25519 stuff
2018-07-01 13:04:21 -04:00
const crypto_pk_t *ident_key,
const crypto_pk_t *tap_key,
const struct curve25519_keypair_t *ntor_keypair,
const struct ed25519_keypair_t *signing_keypair);
Making entire exit policy available to Tor controller.
2013-08-23 21:06:42 +03:00
char *router_dump_exit_policy_to_string(const routerinfo_t *router,
int include_ipv4,
int include_ipv6);
Fix make check-spaces in circuitbuild.c and router.h
2012-08-01 02:38:43 -07:00
int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo,
Sign extrainfo documents with ed25519 Extrainfo documents are now ed-signed just as are router descriptors, according to proposal 220. This patch also includes some more tests for successful/failing parsing, and fixes a crash bug in ed25519 descriptor parsing.
2015-05-28 10:42:22 -04:00
crypto_pk_t *ident_key,
Minimize headers that include crypto_formats and x25519 stuff
2018-07-01 13:04:21 -04:00
const struct ed25519_keypair_t *signing_keypair);
Log descriptions of nodes, not just nicknames. This patch introduces a few new functions in router.c to produce a more helpful description of a node than its nickame, and then tweaks nearly all log messages taking a nickname as an argument to call these functions instead. There are a few cases where I left the old log messages alone: in these cases, the nickname was that of an authority (whose nicknames are useful and unique), or the message already included an identity and/or an address. I might have missed a couple more too. This is a fix for bug 3045.
2011-05-15 21:58:46 -04:00
Avoid confusion with errno from libc
2018-05-10 16:33:08 +03:00
const char *routerinfo_err_to_string(int err);
Improve GETCONF exit-policy/* error handling This will yield different error codes for transient and permament errors. Furthermore, Tor will give human readable error messages to controller.
2018-05-03 17:07:29 +02:00
int routerinfo_err_is_transient(int err);
relay: New file relay_resolve_addr.{c|h} This commit moves router_pick_published_address() and the related helper functions into the new file. The log_addr_has_changed() function has been made public in router.h so we can use it in relay_resolve_addr.c. This is a refactoring as part of Sponsor 55. Only code movement at this commit. Part of #33789 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-05-05 13:24:03 -04:00
void log_addr_has_changed(int severity, const tor_addr_t *prev,
const tor_addr_t *cur, const char *source);
Create router.h
2010-07-21 16:17:10 +02:00
void router_reset_warnings(void);
void router_free_all(void);
#ifdef ROUTER_PRIVATE
router: Document the additional config and state used to dump descriptors Also, explicitly state when routerinfos and extra-infos are signed. And tidy up some other comments. Preparation for testing 29017 and 20918.
2019-01-10 20:47:37 +10:00
/* Used only by router.c and the unit tests */
Completely refactor how FILENAME_PRIVATE works We previously used FILENAME_PRIVATE identifiers mostly for identifiers exposed only to the unit tests... but also for identifiers exposed to the benchmarker, and sometimes for identifiers exposed to a similar module, and occasionally for no really good reason at all. Now, we use FILENAME_PRIVATE identifiers for identifiers shared by Tor and the unit tests. They should be defined static when we aren't building the unit test, and globally visible otherwise. (The STATIC macro will keep us honest here.) For identifiers used only by the unit tests and never by Tor at all, on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS. This is not the motivating use case for the split test/non-test build system; it's just a test example to see how it works, and to take a chance to clean up the code a little.
2013-06-06 17:58:28 -04:00
STATIC void get_platform_str(char *platform, size_t len);
Add an fingerprint-ed25519 file to the data directory
2020-01-10 20:58:21 -08:00
STATIC int router_write_fingerprint(int hashed, int ed25519_identity);
Emit router families in canonical form This patch has routers use the same canonicalization logic as authorities when encoding their family lists. Additionally, they now warn if any router in their list is given by nickname, since that's error-prone. This patch also adds some long-overdue tests for family formatting.
2018-11-24 16:35:58 -05:00
STATIC smartlist_t *get_my_declared_family(const or_options_t *options);
relay: Report the entire content of a stats file It turns out that 9 years ago, we stopped appending data into stats file and rather overwrite everytime we have new stats (see commit a6a127c833eace1100aca7ab8ad118862bb8a8b9) The load_stats_file() function was still thinking that we could have the same line many times in the file which turns out to be false since 9 years ago. However, that did not cause problem until IPv6 connection stats came along which introduced a new line in conn-stats: "ipv6-conn-bi-direct ...". Before, that file contained a single line starting with the tag "conn-bi-direct". That very tag appears also in the IPv6 tag (see above) so the load_stats_file() function would consider that the IPv6 line as the last tag to be appeneded to the file and fail to report the line above (for IPv4). It would actually truncate the IPv6 line and report it (removing the "ipv6-" part). In other words, "conn-bi-direct" was not reported and instead "ipv6-conn-bi-direct" was used without the "ipv6-" part. This commit refactors the entire function so that now it looks for a "timestamp tag" to validate and then if everything is fine, returns the entire content of the file. The refactor simplifies the function, adds logging in case of failures and modernize it in terms of coding standard. Unit tests are also added that makes sure the loaded content matches the entire file if timestamp validation passes. Fixes #40226 Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-15 11:41:42 -05:00
STATIC int load_stats_file(const char *filename, const char *ts_tag,
time_t now, char **out);
Merge remote-tracking branch 'public/prop298'
2018-12-05 09:43:03 -05:00
Write tests for mark_my_descriptor_dirty_if_too_old()
2018-12-03 14:06:53 -05:00
#ifdef TOR_UNIT_TESTS
extern time_t desc_clean_since;
extern const char *desc_dirty_reason;
Emit router families in canonical form This patch has routers use the same canonicalization logic as authorities when encoding their family lists. Additionally, they now warn if any router in their list is given by nickname, since that's error-prone. This patch also adds some long-overdue tests for family formatting.
2018-11-24 16:35:58 -05:00
void set_server_identity_key_digest_testing(const uint8_t *digest);
test_dir: Test rsa + ed25519 extrainfo creation and parsing Also fix a missing mock in rsa-only parsing.
2019-02-18 17:37:47 +10:00
MOCK_DECL(STATIC const struct curve25519_keypair_t *,
get_current_curve25519_keypair,(void));
test_dir: Unit tests for RSA-only router and extrainfo descriptor creation Tests 29017 and 29018.
2019-02-18 15:24:26 +10:00
MOCK_DECL(STATIC int,
router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out));
STATIC extrainfo_t *router_build_fresh_signed_extrainfo(
const routerinfo_t *ri);
STATIC void router_update_routerinfo_from_extrainfo(routerinfo_t *ri,
const extrainfo_t *ei);
STATIC int router_dump_and_sign_routerinfo_descriptor_body(routerinfo_t *ri);
router: Add some missing #endif comments
2019-02-19 21:23:27 +10:00
#endif /* defined(TOR_UNIT_TESTS) */
Merge remote-tracking branch 'public/prop298'
2018-12-05 09:43:03 -05:00
router: Add some missing #endif comments
2019-02-19 21:23:27 +10:00
#endif /* defined(ROUTER_PRIVATE) */
Create router.h
2010-07-21 16:17:10 +02:00
Run our #else/#endif annotator on our source code.
2017-09-15 16:24:44 -04:00
#endif /* !defined(TOR_ROUTER_H) */
Reference in a new issue Copy permalink