2010-07-22 12:09:49 +02:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2020-01-08 18:39:17 -05:00
|
|
|
* Copyright (c) 2007-2020, The Tor Project, Inc. */
|
2010-07-22 12:09:49 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
|
|
/**
|
2011-03-16 14:47:27 -04:00
|
|
|
* \file routerparse.h
|
2010-07-28 17:42:33 +02:00
|
|
|
* \brief Header file for routerparse.c.
|
2010-07-22 12:09:49 +02:00
|
|
|
**/
|
|
|
|
|
|
2012-10-12 12:13:10 -04:00
|
|
|
#ifndef TOR_ROUTERPARSE_H
|
|
|
|
|
#define TOR_ROUTERPARSE_H
|
2010-07-22 12:09:49 +02:00
|
|
|
|
|
|
|
|
int router_get_router_hash(const char *s, size_t s_len, char *digest);
|
2012-05-10 17:27:16 -04:00
|
|
|
int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest);
|
2018-09-30 23:08:25 -05:00
|
|
|
|
2010-07-22 12:09:49 +02:00
|
|
|
int router_parse_list_from_string(const char **s, const char *eos,
|
|
|
|
|
smartlist_t *dest,
|
|
|
|
|
saved_location_t saved_location,
|
|
|
|
|
int is_extrainfo,
|
|
|
|
|
int allow_annotations,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 10:55:50 -04:00
|
|
|
const char *prepend_annotations,
|
|
|
|
|
smartlist_t *invalid_digests_out);
|
2010-07-22 12:09:49 +02:00
|
|
|
|
|
|
|
|
routerinfo_t *router_parse_entry_from_string(const char *s, const char *end,
|
|
|
|
|
int cache_copy,
|
|
|
|
|
int allow_annotations,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 10:55:50 -04:00
|
|
|
const char *prepend_annotations,
|
|
|
|
|
int *can_dl_again_out);
|
2018-06-15 14:07:17 -04:00
|
|
|
struct digest_ri_map_t;
|
2010-07-22 12:09:49 +02:00
|
|
|
extrainfo_t *extrainfo_parse_entry_from_string(const char *s, const char *end,
|
Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum. This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)
This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest. (This excludes RSA signature problems: RSA signatures
aren't included in the digest. This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures. But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)
We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.
Unit tests to follow in another patch.
Closes ticket #11243.
2014-10-03 10:55:50 -04:00
|
|
|
int cache_copy, struct digest_ri_map_t *routermap,
|
|
|
|
|
int *can_dl_again_out);
|
2018-09-30 18:27:23 -05:00
|
|
|
|
2018-09-30 23:51:47 -05:00
|
|
|
int find_single_ipv6_orport(const smartlist_t *list,
|
|
|
|
|
tor_addr_t *addr_out,
|
|
|
|
|
uint16_t *port_out);
|
2010-07-22 12:09:49 +02:00
|
|
|
|
2016-06-30 00:39:29 +00:00
|
|
|
void routerparse_init(void);
|
2016-06-17 22:35:58 +00:00
|
|
|
void routerparse_free_all(void);
|
|
|
|
|
|
2019-12-20 13:27:58 +10:00
|
|
|
#ifdef ROUTERDESC_TOKEN_TABLE_PRIVATE
|
2019-12-16 13:13:13 -05:00
|
|
|
#include "feature/dirparse/parsecommon.h"
|
2018-10-01 11:08:09 -05:00
|
|
|
extern const struct token_rule_t routerdesc_token_table[];
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-09-30 23:36:47 -04:00
|
|
|
#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"
|
|
|
|
|
|
2017-09-15 16:24:44 -04:00
|
|
|
#endif /* !defined(TOR_ROUTERPARSE_H) */
|
