1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * @file relay_periodic.c
9 * @brief Periodic functions for the relay subsystem
10 **/
11
12 #include "orconfig.h"
13 #include "core/or/or.h"
14
15 #include "app/config/resolve_addr.h"
16
17 #include "core/mainloop/periodic.h"
18 #include "core/mainloop/cpuworker.h" // XXXX use a pubsub event.
19 #include "core/mainloop/mainloop.h"
20 #include "core/mainloop/netstatus.h"
21 #include "core/or/circuituse.h" // XXXX move have_performed_bandwidth_test
22
23 #include "feature/relay/dns.h"
24 #include "feature/relay/relay_periodic.h"
25 #include "feature/relay/router.h"
26 #include "feature/relay/routerkeys.h"
27 #include "feature/relay/routermode.h"
28 #include "feature/relay/selftest.h"
29 #include "feature/stats/predict_ports.h"
30
31 #include "lib/crypt_ops/crypto_rand.h"
32
33 #include "feature/nodelist/routerinfo_st.h"
34 #include "feature/control/control_events.h"
35
36 #ifndef COCCI
37 #define DECLARE_EVENT(name, roles, flags) \
38 static periodic_event_item_t name ## _event = \
39 PERIODIC_EVENT(name, \
40 PERIODIC_EVENT_ROLE_##roles, \
41 flags)
42 #endif /* !defined(COCCI) */
43
44 #define FL(name) (PERIODIC_EVENT_FLAG_##name)
45
46 /**
47 * Periodic callback: If we're a server and initializing dns failed, retry.
48 */
49 static int
retry_dns_callback(time_t now,const or_options_t * options)50 retry_dns_callback(time_t now, const or_options_t *options)
51 {
52 (void)now;
53 #define RETRY_DNS_INTERVAL (10*60)
54 if (server_mode(options) && has_dns_init_failed())
55 dns_init();
56 return RETRY_DNS_INTERVAL;
57 }
58
59 DECLARE_EVENT(retry_dns, ROUTER, 0);
60
61 static int dns_honesty_first_time = 1;
62
63 /**
64 * Periodic event: if we're an exit, see if our DNS server is telling us
65 * obvious lies.
66 */
67 static int
check_dns_honesty_callback(time_t now,const or_options_t * options)68 check_dns_honesty_callback(time_t now, const or_options_t *options)
69 {
70 (void)now;
71 /* 9. and if we're an exit node, check whether our DNS is telling stories
72 * to us. */
73 if (net_is_disabled() ||
74 ! public_server_mode(options) ||
75 router_my_exit_policy_is_reject_star())
76 return PERIODIC_EVENT_NO_UPDATE;
77
78 if (dns_honesty_first_time) {
79 /* Don't launch right when we start */
80 dns_honesty_first_time = 0;
81 return crypto_rand_int_range(60, 180);
82 }
83
84 dns_launch_correctness_checks();
85 return 12*3600 + crypto_rand_int(12*3600);
86 }
87
88 DECLARE_EVENT(check_dns_honesty, RELAY, FL(NEED_NET));
89
90 /* Periodic callback: rotate the onion keys after the period defined by the
91 * "onion-key-rotation-days" consensus parameter, shut down and restart all
92 * cpuworkers, and update our descriptor if necessary.
93 */
94 static int
rotate_onion_key_callback(time_t now,const or_options_t * options)95 rotate_onion_key_callback(time_t now, const or_options_t *options)
96 {
97 if (server_mode(options)) {
98 int onion_key_lifetime = get_onion_key_lifetime();
99 time_t rotation_time = get_onion_key_set_at()+onion_key_lifetime;
100 if (rotation_time > now) {
101 return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
102 }
103
104 log_info(LD_GENERAL,"Rotating onion key.");
105 rotate_onion_key();
106 cpuworkers_rotate_keyinfo();
107 if (!router_rebuild_descriptor(1)) {
108 log_info(LD_CONFIG, "Couldn't rebuild router descriptor");
109 }
110 if (advertised_server_mode() && !net_is_disabled())
111 router_upload_dir_desc_to_dirservers(0);
112 return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
113 }
114 return PERIODIC_EVENT_NO_UPDATE;
115 }
116
117 DECLARE_EVENT(rotate_onion_key, ROUTER, 0);
118
119 /** Periodic callback: consider rebuilding or and re-uploading our descriptor
120 * (if we've passed our internal checks). */
121 static int
check_descriptor_callback(time_t now,const or_options_t * options)122 check_descriptor_callback(time_t now, const or_options_t *options)
123 {
124 /** How often do we check whether part of our router info has changed in a
125 * way that would require an upload? That includes checking whether our IP
126 * address has changed. */
127 #define CHECK_DESCRIPTOR_INTERVAL (60)
128
129 (void)options;
130
131 /* 2b. Once per minute, regenerate and upload the descriptor if the old
132 * one is inaccurate. */
133 if (!net_is_disabled()) {
134 check_descriptor_bandwidth_changed(now);
135 check_descriptor_ipaddress_changed(now);
136 mark_my_descriptor_dirty_if_too_old(now);
137 consider_publishable_server(0);
138 }
139
140 return CHECK_DESCRIPTOR_INTERVAL;
141 }
142
143 DECLARE_EVENT(check_descriptor, ROUTER, FL(NEED_NET));
144
145 static int dirport_reachability_count = 0;
146
147 /**
148 * Periodic callback: check whether we're reachable (as a relay), and
149 * whether our bandwidth has changed enough that we need to
150 * publish a new descriptor.
151 */
152 static int
check_for_reachability_bw_callback(time_t now,const or_options_t * options)153 check_for_reachability_bw_callback(time_t now, const or_options_t *options)
154 {
155 /* XXXX This whole thing was stuck in the middle of what is now
156 * XXXX check_descriptor_callback. I'm not sure it's right. */
157 /** How often should we consider launching reachability tests in our first
158 * TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT seconds? */
159 #define EARLY_CHECK_REACHABILITY_INTERVAL (60)
160
161 /* also, check religiously for reachability, if it's within the first
162 * 20 minutes of our uptime. */
163 if (server_mode(options) &&
164 (have_completed_a_circuit() || !any_predicted_circuits(now)) &&
165 !net_is_disabled()) {
166 if (get_uptime() < TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
167 router_do_reachability_checks();
168 return EARLY_CHECK_REACHABILITY_INTERVAL;
169 } else {
170 /* If we haven't checked for 12 hours and our bandwidth estimate is
171 * low, do another bandwidth test. This is especially important for
172 * bridges, since they might go long periods without much use. */
173 const routerinfo_t *me = router_get_my_routerinfo();
174 static int first_time = 1;
175 if (!first_time && me &&
176 me->bandwidthcapacity < me->bandwidthrate &&
177 me->bandwidthcapacity < 51200) {
178 reset_bandwidth_test();
179 }
180 first_time = 0;
181 #define BANDWIDTH_RECHECK_INTERVAL (12*60*60)
182 return BANDWIDTH_RECHECK_INTERVAL;
183 }
184 }
185 return CHECK_DESCRIPTOR_INTERVAL;
186 }
187
188 DECLARE_EVENT(check_for_reachability_bw, ROUTER, FL(NEED_NET));
189
190 /**
191 * Callback: Send warnings if Tor doesn't find its ports reachable.
192 */
193 static int
reachability_warnings_callback(time_t now,const or_options_t * options)194 reachability_warnings_callback(time_t now, const or_options_t *options)
195 {
196 (void) now;
197
198 if (get_uptime() < TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
199 return (int)(TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT - get_uptime());
200 }
201
202 if (server_mode(options) &&
203 !net_is_disabled() &&
204 have_completed_a_circuit()) {
205 /* every 20 minutes, check and complain if necessary */
206 const routerinfo_t *me = router_get_my_routerinfo();
207 bool v4_ok =
208 router_orport_seems_reachable(options,AF_INET);
209 bool v6_ok =
210 router_orport_seems_reachable(options,AF_INET6);
211 if (me && !(v4_ok && v6_ok)) {
212 /* We need to warn that one or more of our ORPorts isn't reachable.
213 * Determine which, and give a reasonable warning. */
214 char *address4 = tor_addr_to_str_dup(&me->ipv4_addr);
215 char *address6 = tor_addr_to_str_dup(&me->ipv6_addr);
216 if (address4 || address6) {
217 char *where4=NULL, *where6=NULL;
218 if (!v4_ok)
219 tor_asprintf(&where4, "%s:%d", address4, me->ipv4_orport);
220 if (!v6_ok)
221 tor_asprintf(&where6, "[%s]:%d", address6, me->ipv6_orport);
222 const char *opt_and = (!v4_ok && !v6_ok) ? " and " : "";
223
224 /* IPv4 reachability test worked but not the IPv6. We will _not_
225 * publish the descriptor if our IPv6 was configured. We will if it
226 * was auto discovered. */
227 if (v4_ok && !v6_ok && !resolved_addr_is_configured(AF_INET6)) {
228 static ratelim_t rlim = RATELIM_INIT(3600);
229 log_fn_ratelim(&rlim, LOG_NOTICE, LD_CONFIG,
230 "Auto-discovered IPv6 address %s has not been found "
231 "reachable. However, IPv4 address is reachable. "
232 "Publishing server descriptor without IPv6 address.",
233 where6 ? where6 : "");
234 /* Indicate we want to publish even if reachability test failed. */
235 mark_my_descriptor_if_omit_ipv6_changes("IPv4 is reachable. "
236 "IPv6 is not but was "
237 "auto-discovered", true);
238 } else {
239 log_warn(LD_CONFIG,
240 "Your server has not managed to confirm reachability for "
241 "its ORPort(s) at %s%s%s. Relays do not publish "
242 "descriptors until their ORPort and DirPort are "
243 "reachable. Please check your firewalls, ports, address, "
244 "/etc/hosts file, etc.",
245 where4?where4:"",
246 opt_and,
247 where6?where6:"");
248 }
249 tor_free(where4);
250 tor_free(where6);
251 if (!v4_ok) {
252 control_event_server_status(LOG_WARN,
253 "REACHABILITY_FAILED ORADDRESS=%s:%d",
254 address4, me->ipv4_orport);
255 }
256 if (!v6_ok) {
257 control_event_server_status(LOG_WARN,
258 "REACHABILITY_FAILED ORADDRESS=[%s]:%d",
259 address6, me->ipv6_orport);
260 }
261 }
262 tor_free(address4);
263 tor_free(address6);
264 }
265 }
266
267 return TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT;
268 }
269
270 DECLARE_EVENT(reachability_warnings, ROUTER, FL(NEED_NET));
271
272 /* Periodic callback: Every 30 seconds, check whether it's time to make new
273 * Ed25519 subkeys.
274 */
275 static int
check_ed_keys_callback(time_t now,const or_options_t * options)276 check_ed_keys_callback(time_t now, const or_options_t *options)
277 {
278 if (server_mode(options)) {
279 if (should_make_new_ed_keys(options, now)) {
280 int new_signing_key = load_ed_keys(options, now);
281 if (new_signing_key < 0 ||
282 generate_ed_link_cert(options, now, new_signing_key > 0)) {
283 log_err(LD_OR, "Unable to update Ed25519 keys! Exiting.");
284 tor_shutdown_event_loop_and_exit(1);
285 }
286 }
287 return 30;
288 }
289 return PERIODIC_EVENT_NO_UPDATE;
290 }
291
292 DECLARE_EVENT(check_ed_keys, ROUTER, 0);
293
294 /* Period callback: Check if our old onion keys are still valid after the
295 * period of time defined by the consensus parameter
296 * "onion-key-grace-period-days", otherwise expire them by setting them to
297 * NULL.
298 */
299 static int
check_onion_keys_expiry_time_callback(time_t now,const or_options_t * options)300 check_onion_keys_expiry_time_callback(time_t now, const or_options_t *options)
301 {
302 if (server_mode(options)) {
303 int onion_key_grace_period = get_onion_key_grace_period();
304 time_t expiry_time = get_onion_key_set_at()+onion_key_grace_period;
305 if (expiry_time > now) {
306 return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
307 }
308
309 log_info(LD_GENERAL, "Expiring old onion keys.");
310 expire_old_onion_keys();
311 cpuworkers_rotate_keyinfo();
312 return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
313 }
314
315 return PERIODIC_EVENT_NO_UPDATE;
316 }
317
318 DECLARE_EVENT(check_onion_keys_expiry_time, ROUTER, 0);
319
320 void
relay_register_periodic_events(void)321 relay_register_periodic_events(void)
322 {
323 periodic_events_register(&retry_dns_event);
324 periodic_events_register(&check_dns_honesty_event);
325 periodic_events_register(&rotate_onion_key_event);
326 periodic_events_register(&check_descriptor_event);
327 periodic_events_register(&check_for_reachability_bw_event);
328 periodic_events_register(&reachability_warnings_event);
329 periodic_events_register(&check_ed_keys_event);
330 periodic_events_register(&check_onion_keys_expiry_time_event);
331
332 dns_honesty_first_time = 1;
333 dirport_reachability_count = 0;
334 }
335
336 /**
337 * Update our schedule so that we'll check whether we need to update our
338 * descriptor immediately, rather than after up to CHECK_DESCRIPTOR_INTERVAL
339 * seconds.
340 */
341 void
reschedule_descriptor_update_check(void)342 reschedule_descriptor_update_check(void)
343 {
344 periodic_event_reschedule(&check_descriptor_event);
345 }
346