result = -1;
}
- if (options->ORPort) {
- if (options->Nickname == NULL) {
- if (!(options->Nickname = get_default_nickname()))
- return -1;
- log_fn(LOG_INFO, "Choosing default nickname %s", options->Nickname);
- } else {
- if (strspn(options->Nickname, LEGAL_NICKNAME_CHARACTERS) !=
- strlen(options->Nickname)) {
- log_fn(LOG_WARN, "Nickname '%s' contains illegal characters.", options->Nickname);
- result = -1;
- }
- if (strlen(options->Nickname) > MAX_NICKNAME_LEN) {
- log_fn(LOG_WARN, "Nickname '%s' has more than %d characters.",
- options->Nickname, MAX_NICKNAME_LEN);
- result = -1;
- }
+ if (options->Nickname == NULL) {
+ if (!(options->Nickname = get_default_nickname()))
+ return -1;
+ log_fn(LOG_INFO, "Choosing default nickname %s", options->Nickname);
+ } else {
+ if (strspn(options->Nickname, LEGAL_NICKNAME_CHARACTERS) !=
+ strlen(options->Nickname)) {
+ log_fn(LOG_WARN, "Nickname '%s' contains illegal characters.", options->Nickname);
+ result = -1;
+ }
+ if (strlen(options->Nickname) > MAX_NICKNAME_LEN) {
+ log_fn(LOG_WARN, "Nickname '%s' has more than %d characters.",
+ options->Nickname, MAX_NICKNAME_LEN);
+ result = -1;
}
}
/* XXX008 if AuthDir and ClientOnly then fail */
- if(options->SocksPort > 1 &&
+ if(options->SocksPort >= 1 &&
(options->PathlenCoinWeight < 0.0 || options->PathlenCoinWeight >= 1.0)) {
log(LOG_WARN,"PathlenCoinWeight option must be >=0.0 and <1.0.");
result = -1;
has_fetched_directory=1;
- if(options.ORPort) { /* connect to them all */
+ if(clique_mode()) { /* connect to them all */
router_retry_connections();
}
}
the connection or send a keepalive, depending. */
if(connection_speaks_cells(conn) &&
now >= conn->timestamp_lastwritten + options.KeepalivePeriod) {
- if((!options.ORPort && !circuit_get_by_conn(conn)) ||
+ if((!clique_mode() && !circuit_get_by_conn(conn)) ||
(!connection_state_is_open(conn))) {
/* we're an onion proxy, with no circuits;
* or our handshake has expired. kill it. */
connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1;
} else {
- /* either a full router, or we've got a circuit. send a padding cell. */
+ /* either in clique mode, or we've got a circuit. send a padding cell. */
log_fn(LOG_DEBUG,"Sending keepalive to (%s:%d)",
conn->address, conn->port);
memset(&cell,0,sizeof(cell_t));
#define MIN_BW_TO_PUBLISH_DESC 5000 /* 5000 bytes/s sustained */
#define MIN_UPTIME_TO_PUBLISH_DESC (30*60) /* half an hour */
-/** Decide if we're a server or just a client. We are a server if:
+/** Decide if we're a publishable server or just a client. We are a server if:
* - We have the AuthoritativeDirectory option set.
* or
* - We don't have the ClientOnly option set; and
* - We have processed some suitable minimum bandwidth recently; and
* - We believe we are reachable from the outside.
*/
-static int decide_if_server(time_t now) {
+static int decide_if_publishable_server(time_t now) {
if(options.AuthoritativeDir)
return 1;
return 1;
}
+/** Return true iff we try to stay connected to all ORs at once. This
+ * option should go away as Tor becomes more P2P.
+ */
+int clique_mode(void) {
+ return (options.ORPort != 0);
+}
+
+/** Return true iff we are trying to be a server.
+ */
+int server_mode(void) {
+ return (options.ORPort != 0);
+}
+
+/** Return true iff we are trying to be an exit server.
+ */
+int exit_server_mode(void) {
+ return (options.ORPort != 0);
+}
+
+/** Return true iff we are trying to be a socks proxy. */
+int proxy_mode(void) {
+ return (options.SocksPort != 0);
+}
+
/** Perform regular maintenance tasks. This function gets run once per
* second by prepare_for_poll.
*/
* shut down and restart all cpuworkers, and update the directory if
* necessary.
*/
- if (options.ORPort && get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) {
+ if (server_mode() && get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) {
log_fn(LOG_INFO,"Rotating onion key.");
rotate_onion_key();
cpuworkers_rotate();
/** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */
if (!last_rotated_certificate)
last_rotated_certificate = now;
- if (options.ORPort && last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) {
+ /*XXXX008 we should remove the server_mode() check once OPs also use
+ * identity keys (which they can't do until the known-router check in
+ * connection_or.c is removed. */
+ if (server_mode() && last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) {
log_fn(LOG_INFO,"Rotating tls context.");
if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
MAX_SSL_KEY_LIFETIME) < 0) {
* our descriptor (if we've passed our internal checks). */
if(time_to_fetch_directory < now) {
- if(decide_if_server(now)) {
+ if(decide_if_publishable_server(now)) {
router_rebuild_descriptor();
router_upload_dir_desc_to_dirservers();
}
/* fetch a new directory */
directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 0);
}
- if(options.ORPort) {
+ if(server_mode()) {
/* Restart cpuworker and dnsworker processes, so they get up-to-date
* configuration options. */
cpuworkers_rotate();
- dnsworkers_rotate();
+ if (exit_server_mode())
+ dnsworkers_rotate();
/* Rebuild fresh descriptor as needed. */
router_rebuild_descriptor();
sprintf(keydir,"%s/router.desc", get_data_directory(&options));
directory_has_arrived();
}
- if(options.ORPort) {
+ if(server_mode()) {
cpu_init(); /* launch cpuworkers. Need to do this *after* we've read the onion key. */
}
log_fn(LOG_WARN,"You are running Tor as root. You don't need to, and you probably shouldn't.");
#endif
- if(options.ORPort) { /* only spawn dns handlers if we're a router */
+ if(exit_server_mode()) { /* only spawn dns handlers if we're a router */
dns_init(); /* initialize the dns resolve tree, and spawn workers */
}
- if(options.SocksPort) {
+ if(proxy_mode()) {
client_dns_init(); /* init the client dns cache */
}
if (!key_lock)
key_lock = tor_mutex_new();
- /* OP's don't need keys. Just initialize the TLS context.*/
- if (!options.ORPort) {
+ /* OP's don't need persistant keys; just make up an identity and
+ * initialize the TLS context. */
+ if (!server_mode()) {
tor_assert(!options.DirPort);
- if (tor_tls_context_new(NULL, 0, NULL, 0)<0) {
+#if 0
+ /* XXXX008 enable this once we make ORs tolerate unknown routers. */
+ if (!(prkey = crypto_new_pk_env()))
+ return -1;
+ if (crypto_pk_generate_key(prkey))
+ return -1;
+ set_identity_key(prkey);
+ if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
+ MAX_SSL_KEY_LIFETIME) < 0) {
+ log_fn(LOG_ERR, "Error creating TLS context for OP.");
+ return -1;
+ }
+#endif
+ if (tor_tls_context_new(NULL, 0, NULL, MAX_SSL_KEY_LIFETIME)<0) {
log_fn(LOG_ERR, "Error creating TLS context for OP.");
return -1;
}
* necessary. Return NULL on error, or if called on an OP. */
routerinfo_t *router_get_my_routerinfo(void)
{
- if (!options.ORPort)
+ if (!server_mode())
return NULL;
if (!desc_routerinfo) {
projects / thirdparty / tor.git / commitdiff
