tor

mainloop.c (85904B)

---

/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
* \file mainloop.c
* \brief Toplevel module. Handles signals, multiplexes between
*     connections, implements main loop, and drives scheduled events.
*
* For the main loop itself; see run_main_loop_once().  It invokes the rest of
* Tor mostly through Libevent callbacks.  Libevent callbacks can happen when
* a timer elapses, a signal is received, a socket is ready to read or write,
* or an event is manually activated.
*
* Most events in Tor are driven from these callbacks:
*  <ul>
*   <li>conn_read_callback() and conn_write_callback() here, which are
*     invoked when a socket is ready to read or write respectively.
*   <li>signal_callback(), which handles incoming signals.
*  </ul>
* Other events are used for specific purposes, or for building more complex
* control structures.  If you search for usage of tor_event_new(), you
* will find all the events that we construct in Tor.
*
* Tor has numerous housekeeping operations that need to happen
* regularly. They are handled in different ways:
* <ul>
*   <li>The most frequent operations are handled after every read or write
*    event, at the end of connection_handle_read() and
*    connection_handle_write().
*
*   <li>The next most frequent operations happen after each invocation of the
*     main loop, in run_main_loop_once().
*
*   <li>Once per second, we run all of the operations listed in
*     second_elapsed_callback(), and in its child, run_scheduled_events().
*
*   <li>Once-a-second operations are handled in second_elapsed_callback().
*
*   <li>More infrequent operations take place based on the periodic event
*     driver in periodic.c .  These are stored in the periodic_events[]
*     table.
* </ul>
*
**/

#define MAINLOOP_PRIVATE
#include "core/or/or.h"

#include "app/config/config.h"
#include "app/config/statefile.h"
#include "app/main/ntmain.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/cpuworker.h"
#include "core/mainloop/mainloop.h"
#include "core/mainloop/netstatus.h"
#include "core/mainloop/periodic.h"
#include "core/or/channel.h"
#include "core/or/channelpadding.h"
#include "core/or/channeltls.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "core/or/dos.h"
#include "core/or/status.h"
#include "feature/client/addressmap.h"
#include "feature/client/bridges.h"
#include "feature/client/dnsserv.h"
#include "feature/client/entrynodes.h"
#include "feature/client/proxymode.h"
#include "feature/client/transports.h"
#include "feature/control/control.h"
#include "feature/control/control_events.h"
#include "feature/dirauth/authmode.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/dirclient/dirclient_modes.h"
#include "feature/dircommon/directory.h"
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_cache.h"
#include "feature/hs/hs_client.h"
#include "feature/hs/hs_service.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/dns.h"
#include "feature/relay/routerkeys.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
#include "feature/stats/geoip_stats.h"
#include "feature/stats/predict_ports.h"
#include "feature/stats/connstats.h"
#include "feature/stats/rephist.h"
#include "lib/buf/buffers.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/err/backtrace.h"
#include "lib/tls/buffers_tls.h"

#include "lib/net/buffers_net.h"
#include "lib/evloop/compat_libevent.h"

#include <event2/event.h>

#include "core/or/cell_st.h"
#include "core/or/entry_connection_st.h"
#include "feature/nodelist/networkstatus_st.h"
#include "core/or/or_connection_st.h"
#include "app/config/or_state_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "core/or/socks_request_st.h"

#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif

#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
* Coverity. Here's a kludge to unconfuse it.
*/
#   define __INCLUDE_LEVEL__ 2
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
#include <systemd/sd-daemon.h>
#endif /* defined(HAVE_SYSTEMD) */

/* Token bucket for all traffic. */
token_bucket_rw_t global_bucket;

/* Token bucket for relayed traffic. */
token_bucket_rw_t global_relayed_bucket;

/* XXX we might want to keep stats about global_relayed_*_bucket too. Or not.*/
/** How many bytes have we read since we started the process? */
static uint64_t stats_n_bytes_read = 0;
/** How many bytes have we written since we started the process? */
static uint64_t stats_n_bytes_written = 0;
/** What time did this process start up? */
time_t time_of_process_start = 0;
/** How many seconds have we been running? */
static long stats_n_seconds_working = 0;
/** How many times have we returned from the main loop successfully? */
static uint64_t stats_n_main_loop_successes = 0;
/** How many times have we received an error from the main loop? */
static uint64_t stats_n_main_loop_errors = 0;
/** How many times have we returned from the main loop with no events. */
static uint64_t stats_n_main_loop_idle = 0;

/** How often will we honor SIGNEWNYM requests? */
#define MAX_SIGNEWNYM_RATE 10
/** When did we last process a SIGNEWNYM request? */
static time_t time_of_last_signewnym = 0;
/** Is there a signewnym request we're currently waiting to handle? */
static int signewnym_is_pending = 0;
/** Mainloop event for the deferred signewnym call. */
static mainloop_event_t *handle_deferred_signewnym_ev = NULL;
/** How many times have we called newnym? */
static unsigned newnym_epoch = 0;

/** Smartlist of all open connections. */
STATIC smartlist_t *connection_array = NULL;
/** List of connections that have been marked for close and need to be freed
* and removed from connection_array. */
static smartlist_t *closeable_connection_lst = NULL;
/** List of linked connections that are currently reading data into their
* inbuf from their partner's outbuf. */
static smartlist_t *active_linked_connection_lst = NULL;
/** Flag: Set to true iff we entered the current libevent main loop via
* <b>loop_once</b>. If so, there's no need to trigger a loopexit in order
* to handle linked connections. */
static int called_loop_once = 0;
/** Flag: if true, it's time to shut down, so the main loop should exit as
* soon as possible.
*/
static int main_loop_should_exit = 0;
/** The return value that the main loop should yield when it exits, if
* main_loop_should_exit is true.
*/
static int main_loop_exit_value = 0;

/** We set this to 1 when we've opened a circuit, so we can print a log
* entry to inform the user that Tor is working.  We set it to 0 when
* we think the fact that we once opened a circuit doesn't mean we can do so
* any longer (a big time jump happened, when we notice our directory is
* heinously out-of-date, etc.
*/
static int can_complete_circuits = 0;

/** How often do we check for router descriptors that we should download
* when we have too little directory info? */
#define GREEDY_DESCRIPTOR_RETRY_INTERVAL (10)
/** How often do we check for router descriptors that we should download
* when we have enough directory info? */
#define LAZY_DESCRIPTOR_RETRY_INTERVAL (60)

static int conn_close_if_marked(int i);
static void connection_start_reading_from_linked_conn(connection_t *conn);
static int connection_should_read_from_linked_conn(connection_t *conn);
static void conn_read_callback(evutil_socket_t fd, short event, void *_conn);
static void conn_write_callback(evutil_socket_t fd, short event, void *_conn);
static void shutdown_did_not_work_callback(evutil_socket_t fd, short event,
                                          void *arg) ATTR_NORETURN;

/****************************************************************************
*
* This section contains accessors and other methods on the connection_array
* variables (which are global within this file and unavailable outside it).
*
****************************************************************************/

/** Return 1 if we have successfully built a circuit, and nothing has changed
* to make us think that maybe we can't.
*/
int
have_completed_a_circuit(void)
{
 return can_complete_circuits;
}

/** Note that we have successfully built a circuit, so that reachability
* testing and introduction points and so on may be attempted. */
void
note_that_we_completed_a_circuit(void)
{
 can_complete_circuits = 1;
}

/** Note that something has happened (like a clock jump, or DisableNetwork) to
* make us think that maybe we can't complete circuits. */
void
note_that_we_maybe_cant_complete_circuits(void)
{
 can_complete_circuits = 0;
}

/** Add <b>conn</b> to the array of connections that we can poll on.  The
* connection's socket must be set; the connection starts out
* non-reading and non-writing.
*/
int
connection_add_impl(connection_t *conn, int is_connecting)
{
 tor_assert(conn);
 tor_assert(SOCKET_OK(conn->s) ||
            conn->linked ||
            (conn->type == CONN_TYPE_AP &&
             TO_EDGE_CONN(conn)->is_dns_request));

 tor_assert(conn->conn_array_index == -1); /* can only connection_add once */
 conn->conn_array_index = smartlist_len(connection_array);
 smartlist_add(connection_array, conn);

 (void) is_connecting;

 if (SOCKET_OK(conn->s) || conn->linked) {
   conn->read_event = tor_event_new(tor_libevent_get_base(),
        conn->s, EV_READ|EV_PERSIST, conn_read_callback, conn);
   conn->write_event = tor_event_new(tor_libevent_get_base(),
        conn->s, EV_WRITE|EV_PERSIST, conn_write_callback, conn);
   /* XXXX CHECK FOR NULL RETURN! */
 }

 log_debug(LD_NET,"new conn type %s, socket %d, address %s, n_conns %d.",
           conn_type_to_string(conn->type), (int)conn->s, conn->address,
           smartlist_len(connection_array));

 return 0;
}

/** Tell libevent that we don't care about <b>conn</b> any more. */
void
connection_unregister_events(connection_t *conn)
{
 tor_event_free(conn->read_event);
 tor_event_free(conn->write_event);
 if (conn->type == CONN_TYPE_AP_DNS_LISTENER) {
   dnsserv_close_listener(conn);
 }
}

/** Remove the connection from the global list, and remove the
* corresponding poll entry.  Calling this function will shift the last
* connection (if any) into the position occupied by conn.
*/
int
connection_remove(connection_t *conn)
{
 int current_index;
 connection_t *tmp;

 tor_assert(conn);

 log_debug(LD_NET,"removing socket %d (type %s), n_conns now %d",
           (int)conn->s, conn_type_to_string(conn->type),
           smartlist_len(connection_array));

 if (conn->type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
   log_info(LD_NET, "Closing SOCKS Unix socket connection");
 }

 control_event_conn_bandwidth(conn);

 tor_assert(conn->conn_array_index >= 0);
 current_index = conn->conn_array_index;
 connection_unregister_events(conn); /* This is redundant, but cheap. */
 if (current_index == smartlist_len(connection_array)-1) { /* at the end */
   smartlist_del(connection_array, current_index);
   return 0;
 }

 /* replace this one with the one at the end */
 smartlist_del(connection_array, current_index);
 tmp = smartlist_get(connection_array, current_index);
 tmp->conn_array_index = current_index;

 return 0;
}

/** If <b>conn</b> is an edge conn, remove it from the list
* of conn's on this circuit. If it's not on an edge,
* flush and send destroys for all circuits on this conn.
*
* Remove it from connection_array (if applicable) and
* from closeable_connection_list.
*
* Then free it.
*/
static void
connection_unlink(connection_t *conn)
{
 connection_about_to_close_connection(conn);
 if (conn->conn_array_index >= 0) {
   connection_remove(conn);
 }
 if (conn->linked_conn) {
   conn->linked_conn->linked_conn = NULL;
   if (! conn->linked_conn->marked_for_close &&
       conn->linked_conn->reading_from_linked_conn)
     connection_start_reading(conn->linked_conn);
   conn->linked_conn = NULL;
 }
 smartlist_remove(closeable_connection_lst, conn);
 smartlist_remove(active_linked_connection_lst, conn);
 if (conn->type == CONN_TYPE_EXIT) {
   assert_connection_edge_not_dns_pending(TO_EDGE_CONN(conn));
 }
 if (conn->type == CONN_TYPE_OR) {
   if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest))
     connection_or_clear_identity(TO_OR_CONN(conn));
   /* connection_unlink() can only get called if the connection
    * was already on the closeable list, and it got there by
    * connection_mark_for_close(), which was called from
    * connection_or_close_normally() or
    * connection_or_close_for_error(), so the channel should
    * already be in CHANNEL_STATE_CLOSING, and then the
    * connection_about_to_close_connection() goes to
    * connection_or_about_to_close(), which calls channel_closed()
    * to notify the channel_t layer, and closed the channel, so
    * nothing more to do here to deal with the channel associated
    * with an orconn.
    */
 }
 connection_free(conn);
}

/** Event that invokes schedule_active_linked_connections_cb. */
static mainloop_event_t *schedule_active_linked_connections_event = NULL;

/**
* Callback: used to activate read events for all linked connections, so
* libevent knows to call their read callbacks.  This callback run as a
* postloop event, so that the events _it_ activates don't happen until
* Libevent has a chance to check for other events.
*/
static void
schedule_active_linked_connections_cb(mainloop_event_t *event, void *arg)
{
 (void)event;
 (void)arg;

 /* All active linked conns should get their read events activated,
  * so that libevent knows to run their callbacks. */
 SMARTLIST_FOREACH(active_linked_connection_lst, connection_t *, conn,
                   event_active(conn->read_event, EV_READ, 1));

 /* Reactivate the event if we still have connections in the active list.
  *
  * A linked connection doesn't get woken up by I/O but rather artificially
  * by this event callback. It has directory data spooled in it and it is
  * sent incrementally by small chunks unless spool_eagerly is true. For that
  * to happen, we need to induce the activation of the read event so it can
  * be flushed. */
 if (smartlist_len(active_linked_connection_lst)) {
   mainloop_event_activate(schedule_active_linked_connections_event);
 }
}

/** Initialize the global connection list, closeable connection list,
* and active connection list. */
void
tor_init_connection_lists(void)
{
 if (!connection_array)
   connection_array = smartlist_new();
 if (!closeable_connection_lst)
   closeable_connection_lst = smartlist_new();
 if (!active_linked_connection_lst)
   active_linked_connection_lst = smartlist_new();
}

/** Schedule <b>conn</b> to be closed. **/
void
add_connection_to_closeable_list(connection_t *conn)
{
 tor_assert(!smartlist_contains(closeable_connection_lst, conn));
 tor_assert(conn->marked_for_close);
 assert_connection_ok(conn, time(NULL));
 smartlist_add(closeable_connection_lst, conn);
 mainloop_schedule_postloop_cleanup();
}

/** Return 1 if conn is on the closeable list, else return 0. */
int
connection_is_on_closeable_list(connection_t *conn)
{
 return smartlist_contains(closeable_connection_lst, conn);
}

/** Return true iff conn is in the current poll array. */
int
connection_in_array(connection_t *conn)
{
 return smartlist_contains(connection_array, conn);
}

/** Set <b>*array</b> to an array of all connections. <b>*array</b> must not
* be modified.
*/
MOCK_IMPL(smartlist_t *,
get_connection_array, (void))
{
 if (!connection_array)
   connection_array = smartlist_new();
 return connection_array;
}

/**
* Return the amount of network traffic read, in bytes, over the life of this
* process.
*/
MOCK_IMPL(uint64_t,
get_bytes_read,(void))
{
 return stats_n_bytes_read;
}

/**
* Return the amount of network traffic read, in bytes, over the life of this
* process.
*/
MOCK_IMPL(uint64_t,
get_bytes_written,(void))
{
 return stats_n_bytes_written;
}

/**
* Increment the amount of network traffic read and written, over the life of
* this process.
*/
void
stats_increment_bytes_read_and_written(uint64_t r, uint64_t w)
{
 stats_n_bytes_read += r;
 stats_n_bytes_written += w;
}

/** Set the event mask on <b>conn</b> to <b>events</b>.  (The event
* mask is a bitmask whose bits are READ_EVENT and WRITE_EVENT)
*/
void
connection_watch_events(connection_t *conn, watchable_events_t events)
{
 if (events & READ_EVENT)
   connection_start_reading(conn);
 else
   connection_stop_reading(conn);

 if (events & WRITE_EVENT)
   connection_start_writing(conn);
 else
   connection_stop_writing(conn);
}

/** Return true iff <b>conn</b> is listening for read events. */
int
connection_is_reading(const connection_t *conn)
{
 tor_assert(conn);

 return conn->reading_from_linked_conn ||
   (conn->read_event && event_pending(conn->read_event, EV_READ, NULL));
}

/** Reset our main loop counters. */
void
reset_main_loop_counters(void)
{
 stats_n_main_loop_successes = 0;
 stats_n_main_loop_errors = 0;
 stats_n_main_loop_idle = 0;
}

/** Increment the main loop success counter. */
static void
increment_main_loop_success_count(void)
{
 ++stats_n_main_loop_successes;
}

/** Get the main loop success counter. */
uint64_t
get_main_loop_success_count(void)
{
 return stats_n_main_loop_successes;
}

/** Increment the main loop error counter. */
static void
increment_main_loop_error_count(void)
{
 ++stats_n_main_loop_errors;
}

/** Get the main loop error counter. */
uint64_t
get_main_loop_error_count(void)
{
 return stats_n_main_loop_errors;
}

/** Increment the main loop idle counter. */
static void
increment_main_loop_idle_count(void)
{
 ++stats_n_main_loop_idle;
}

/** Get the main loop idle counter. */
uint64_t
get_main_loop_idle_count(void)
{
 return stats_n_main_loop_idle;
}

/** Check whether <b>conn</b> is correct in having (or not having) a
* read/write event (passed in <b>ev</b>). On success, return 0. On failure,
* log a warning and return -1. */
static int
connection_check_event(connection_t *conn, struct event *ev)
{
 int bad;

 if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) {
   /* DNS requests which we launch through the dnsserv.c module do not have
    * any underlying socket or any underlying linked connection, so they
    * shouldn't have any attached events either.
    */
   bad = ev != NULL;
 } else {
   /* Everything else should have an underlying socket, or a linked
    * connection (which is also tracked with a read_event/write_event pair).
    */
   bad = ev == NULL;
 }

 if (bad) {
   log_warn(LD_BUG, "Event missing on connection %p [%s;%s]. "
            "socket=%d. linked=%d. "
            "is_dns_request=%d. Marked_for_close=%s:%d",
            conn,
            conn_type_to_string(conn->type),
            conn_state_to_string(conn->type, conn->state),
            (int)conn->s, (int)conn->linked,
            (conn->type == CONN_TYPE_AP &&
                              TO_EDGE_CONN(conn)->is_dns_request),
            conn->marked_for_close_file ? conn->marked_for_close_file : "-",
            conn->marked_for_close
            );
   log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached.");
   return -1;
 }
 return 0;
}

/** Tell the main loop to stop notifying <b>conn</b> of any read events. */
MOCK_IMPL(void,
connection_stop_reading,(connection_t *conn))
{
 tor_assert(conn);

 if (connection_check_event(conn, conn->read_event) < 0) {
   return;
 }

 if (conn->linked) {
   conn->reading_from_linked_conn = 0;
   connection_stop_reading_from_linked_conn(conn);
 } else {
   if (event_del(conn->read_event))
     log_warn(LD_NET, "Error from libevent setting read event state for %d "
              "to unwatched: %s",
              (int)conn->s,
              tor_socket_strerror(tor_socket_errno(conn->s)));
 }
}

/** Tell the main loop to start notifying <b>conn</b> of any read events. */
MOCK_IMPL(void,
connection_start_reading,(connection_t *conn))
{
 tor_assert(conn);

 if (connection_check_event(conn, conn->read_event) < 0) {
   return;
 }

 if (conn->linked) {
   conn->reading_from_linked_conn = 1;
   if (connection_should_read_from_linked_conn(conn))
     connection_start_reading_from_linked_conn(conn);
 } else {
   if (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->xoff_received) {
     /* We should not get called here if we're waiting for an XON, but
      * belt-and-suspenders */
     log_info(LD_NET,
              "Request to start reading on an edgeconn blocked with XOFF");
     return;
   }
   if (event_add(conn->read_event, NULL))
     log_warn(LD_NET, "Error from libevent setting read event state for %d "
              "to watched: %s",
              (int)conn->s,
              tor_socket_strerror(tor_socket_errno(conn->s)));

   /* Process the inbuf if it is not empty because the only way to empty it is
    * through a read event or a SENDME which might not come if the package
    * window is proper or if the application has nothing more for us to read.
    *
    * If this is not done here, we risk having data lingering in the inbuf
    * forever. */
   if (conn->inbuf && buf_datalen(conn->inbuf) > 0) {
     connection_process_inbuf(conn, 1);
   }
 }
}

/** Return true iff <b>conn</b> is listening for write events. */
int
connection_is_writing(connection_t *conn)
{
 tor_assert(conn);

 return conn->writing_to_linked_conn ||
   (conn->write_event && event_pending(conn->write_event, EV_WRITE, NULL));
}

/** Tell the main loop to stop notifying <b>conn</b> of any write events. */
MOCK_IMPL(void,
connection_stop_writing,(connection_t *conn))
{
 tor_assert(conn);

 if (connection_check_event(conn, conn->write_event) < 0) {
   return;
 }

 if (conn->linked) {
   conn->writing_to_linked_conn = 0;
   if (conn->linked_conn)
     connection_stop_reading_from_linked_conn(conn->linked_conn);
 } else {
   if (event_del(conn->write_event))
     log_warn(LD_NET, "Error from libevent setting write event state for %d "
              "to unwatched: %s",
              (int)conn->s,
              tor_socket_strerror(tor_socket_errno(conn->s)));
 }
}

/** Tell the main loop to start notifying <b>conn</b> of any write events. */
MOCK_IMPL(void,
connection_start_writing,(connection_t *conn))
{
 tor_assert(conn);

 if (connection_check_event(conn, conn->write_event) < 0) {
   return;
 }

 if (conn->linked) {
   conn->writing_to_linked_conn = 1;
   if (conn->linked_conn &&
       connection_should_read_from_linked_conn(conn->linked_conn))
     connection_start_reading_from_linked_conn(conn->linked_conn);
 } else {
   if (event_add(conn->write_event, NULL))
     log_warn(LD_NET, "Error from libevent setting write event state for %d "
              "to watched: %s",
              (int)conn->s,
              tor_socket_strerror(tor_socket_errno(conn->s)));
 }
}

/** Return true iff <b>conn</b> is linked conn, and reading from the conn
* linked to it would be good and feasible.  (Reading is "feasible" if the
* other conn exists and has data in its outbuf, and is "good" if we have our
* reading_from_linked_conn flag set and the other conn has its
* writing_to_linked_conn flag set.)*/
static int
connection_should_read_from_linked_conn(connection_t *conn)
{
 if (conn->linked && conn->reading_from_linked_conn) {
   if (! conn->linked_conn ||
       (conn->linked_conn->writing_to_linked_conn &&
        buf_datalen(conn->linked_conn->outbuf)))
     return 1;
 }
 return 0;
}

/** Event to run 'shutdown did not work callback'. */
static struct event *shutdown_did_not_work_event = NULL;

/** Failsafe measure that should never actually be necessary: If
* tor_shutdown_event_loop_and_exit() somehow doesn't successfully exit the
* event loop, then this callback will kill Tor with an assertion failure
* seconds later
*/
static void
shutdown_did_not_work_callback(evutil_socket_t fd, short event, void *arg)
{
 // LCOV_EXCL_START
 (void) fd;
 (void) event;
 (void) arg;
 tor_assert_unreached();
 // LCOV_EXCL_STOP
}

#ifdef ENABLE_RESTART_DEBUGGING
static struct event *tor_shutdown_event_loop_for_restart_event = NULL;
static void
tor_shutdown_event_loop_for_restart_cb(
                     evutil_socket_t fd, short event, void *arg)
{
 (void)fd;
 (void)event;
 (void)arg;
 tor_event_free(tor_shutdown_event_loop_for_restart_event);
 tor_shutdown_event_loop_and_exit(0);
}
#endif /* defined(ENABLE_RESTART_DEBUGGING) */

/**
* After finishing the current callback (if any), shut down the main loop,
* clean up the process, and exit with <b>exitcode</b>.
*/
void
tor_shutdown_event_loop_and_exit(int exitcode)
{
 if (main_loop_should_exit)
   return; /* Ignore multiple calls to this function. */

 main_loop_should_exit = 1;
 main_loop_exit_value = exitcode;

 if (! tor_libevent_is_initialized()) {
   return; /* No event loop to shut down. */
 }

 /* Die with an assertion failure in ten seconds, if for some reason we don't
  * exit normally. */
 /* XXXX We should consider this code if it's never used. */
 struct timeval ten_seconds = { 10, 0 };
 shutdown_did_not_work_event = tor_evtimer_new(
                 tor_libevent_get_base(),
                 shutdown_did_not_work_callback, NULL);
 event_add(shutdown_did_not_work_event, &ten_seconds);

 /* Unlike exit_loop_after_delay(), exit_loop_after_callback
  * prevents other callbacks from running. */
 tor_libevent_exit_loop_after_callback(tor_libevent_get_base());
}

/** Return true iff tor_shutdown_event_loop_and_exit() has been called. */
int
tor_event_loop_shutdown_is_pending(void)
{
 return main_loop_should_exit;
}

/** Helper: Tell the main loop to begin reading bytes into <b>conn</b> from
* its linked connection, if it is not doing so already.  Called by
* connection_start_reading and connection_start_writing as appropriate. */
static void
connection_start_reading_from_linked_conn(connection_t *conn)
{
 tor_assert(conn);
 tor_assert(conn->linked == 1);

 if (!conn->active_on_link) {
   conn->active_on_link = 1;
   smartlist_add(active_linked_connection_lst, conn);
   mainloop_event_activate(schedule_active_linked_connections_event);
 } else {
   tor_assert(smartlist_contains(active_linked_connection_lst, conn));
 }
}

/** Tell the main loop to stop reading bytes into <b>conn</b> from its linked
* connection, if is currently doing so.  Called by connection_stop_reading,
* connection_stop_writing, and connection_read. */
void
connection_stop_reading_from_linked_conn(connection_t *conn)
{
 tor_assert(conn);
 tor_assert(conn->linked == 1);

 if (conn->active_on_link) {
   conn->active_on_link = 0;
   /* FFFF We could keep an index here so we can smartlist_del
    * cleanly.  On the other hand, this doesn't show up on profiles,
    * so let's leave it alone for now. */
   smartlist_remove(active_linked_connection_lst, conn);
 } else {
   tor_assert(!smartlist_contains(active_linked_connection_lst, conn));
 }
}

/** Close all connections that have been scheduled to get closed. */
STATIC void
close_closeable_connections(void)
{
 int i;
 for (i = 0; i < smartlist_len(closeable_connection_lst); ) {
   connection_t *conn = smartlist_get(closeable_connection_lst, i);
   if (conn->conn_array_index < 0) {
     connection_unlink(conn); /* blow it away right now */
   } else {
     if (!conn_close_if_marked(conn->conn_array_index))
       ++i;
   }
 }
}

/** Count moribund connections for the OOS handler */
MOCK_IMPL(int,
connection_count_moribund, (void))
{
 int moribund = 0;

 /*
  * Count things we'll try to kill when close_closeable_connections()
  * runs next.
  */
 SMARTLIST_FOREACH_BEGIN(closeable_connection_lst, connection_t *, conn) {
   if (SOCKET_OK(conn->s) && connection_is_moribund(conn)) ++moribund;
 } SMARTLIST_FOREACH_END(conn);

 return moribund;
}

/** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
* some data to read. */
static void
conn_read_callback(evutil_socket_t fd, short event, void *_conn)
{
 connection_t *conn = _conn;
 (void)fd;
 (void)event;

 log_debug(LD_NET,"socket %d wants to read.",(int)conn->s);

 /* assert_connection_ok(conn, time(NULL)); */

 /* Handle marked for close connections early */
 if (conn->marked_for_close && connection_is_reading(conn)) {
   /* Libevent says we can read, but we are marked for close so we will never
    * try to read again. We will try to close the connection below inside of
    * close_closeable_connections(), but let's make sure not to cause Libevent
    * to spin on conn_read_callback() while we wait for the socket to let us
    * flush to it.*/
   connection_stop_reading(conn);
 }

 if (connection_handle_read(conn) < 0) {
   if (!conn->marked_for_close) {
#ifndef _WIN32
     log_warn(LD_BUG,"Unhandled error on read for %s connection "
              "(fd %d); removing",
              conn_type_to_string(conn->type), (int)conn->s);
     tor_fragile_assert();
#endif /* !defined(_WIN32) */
     if (CONN_IS_EDGE(conn))
       connection_edge_end_errno(TO_EDGE_CONN(conn));
     connection_mark_for_close(conn);
   }
 }
 assert_connection_ok(conn, time(NULL));

 if (smartlist_len(closeable_connection_lst))
   close_closeable_connections();
}

/** Libevent callback: this gets invoked when (connection_t*)<b>conn</b> has
* some data to write. */
static void
conn_write_callback(evutil_socket_t fd, short events, void *_conn)
{
 connection_t *conn = _conn;
 (void)fd;
 (void)events;

 LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "socket %d wants to write.",
                    (int)conn->s));

 /* assert_connection_ok(conn, time(NULL)); */

 if (connection_handle_write(conn, 0) < 0) {
   if (!conn->marked_for_close) {
     /* this connection is broken. remove it. */
     log_fn(LOG_WARN,LD_BUG,
            "unhandled error on write for %s connection (fd %d); removing",
            conn_type_to_string(conn->type), (int)conn->s);
     tor_fragile_assert();
     if (CONN_IS_EDGE(conn)) {
       /* otherwise we cry wolf about duplicate close */
       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
       if (!edge_conn->end_reason)
         edge_conn->end_reason = END_STREAM_REASON_INTERNAL;
       edge_conn->edge_has_sent_end = 1;
     }
     connection_close_immediate(conn); /* So we don't try to flush. */
     connection_mark_for_close(conn);
   }
 }
 assert_connection_ok(conn, time(NULL));

 if (smartlist_len(closeable_connection_lst))
   close_closeable_connections();
}

/** If the connection at connection_array[i] is marked for close, then:
*    - If it has data that it wants to flush, try to flush it.
*    - If it _still_ has data to flush, and conn->hold_open_until_flushed is
*      true, then leave the connection open and return.
*    - Otherwise, remove the connection from connection_array and from
*      all other lists, close it, and free it.
* Returns 1 if the connection was closed, 0 otherwise.
*/
static int
conn_close_if_marked(int i)
{
 connection_t *conn;
 int retval;
 time_t now;

 conn = smartlist_get(connection_array, i);
 if (!conn->marked_for_close)
   return 0; /* nothing to see here, move along */
 now = time(NULL);
 assert_connection_ok(conn, now);

 log_debug(LD_NET,"Cleaning up connection (fd "TOR_SOCKET_T_FORMAT").",
           conn->s);

 /* If the connection we are about to close was trying to connect to
 a proxy server and failed, the client won't be able to use that
 proxy. We should warn the user about this. */
 if (conn->proxy_state == PROXY_INFANT)
   log_failed_proxy_connection(conn);

 if ((SOCKET_OK(conn->s) || conn->linked_conn) &&
     connection_wants_to_flush(conn)) {
   /* s == -1 means it's an incomplete edge connection, or that the socket
    * has already been closed as unflushable. */
   ssize_t sz = connection_bucket_write_limit(conn, now);
   if (!conn->hold_open_until_flushed)
     log_info(LD_NET,
              "Conn (addr %s, fd %d, type %s, state %d) marked, but wants "
              "to flush %"TOR_PRIuSZ" bytes. (Marked at %s:%d)",
              escaped_safe_str_client(conn->address),
              (int)conn->s, conn_type_to_string(conn->type), conn->state,
              connection_get_outbuf_len(conn),
              conn->marked_for_close_file, conn->marked_for_close);
   if (conn->linked_conn) {
     retval = (int) buf_move_all(conn->linked_conn->inbuf, conn->outbuf);
     if (retval >= 0) {
       /* The linked conn will notice that it has data when it notices that
        * we're gone. */
       connection_start_reading_from_linked_conn(conn->linked_conn);
     }
     log_debug(LD_GENERAL, "Flushed last %d bytes from a linked conn; "
              "%d left; wants-to-flush==%d", retval,
               (int)connection_get_outbuf_len(conn),
               connection_wants_to_flush(conn));
   } else if (connection_speaks_cells(conn)) {
     if (conn->state == OR_CONN_STATE_OPEN) {
       retval = buf_flush_to_tls(conn->outbuf, TO_OR_CONN(conn)->tls, sz);
     } else
       retval = -1; /* never flush non-open broken tls connections */
   } else {
     retval = buf_flush_to_socket(conn->outbuf, conn->s, sz);
   }
   if (retval >= 0 && /* Technically, we could survive things like
                         TLS_WANT_WRITE here. But don't bother for now. */
       conn->hold_open_until_flushed && connection_wants_to_flush(conn)) {
     if (retval > 0) {
       LOG_FN_CONN(conn, (LOG_INFO,LD_NET,
                          "Holding conn (fd %d) open for more flushing.",
                          (int)conn->s));
       conn->timestamp_last_write_allowed = now; /* reset so we can flush
                                                  * more */
     } else if (sz == 0) {
       /* Also, retval==0.  If we get here, we didn't want to write anything
        * (because of rate-limiting) and we didn't. */

       /* Connection must flush before closing, but it's being rate-limited.
        * Let's remove from Libevent, and mark it as blocked on bandwidth
        * so it will be re-added on next token bucket refill. Prevents
        * busy Libevent loops where we keep ending up here and returning
        * 0 until we are no longer blocked on bandwidth.
        */
       connection_consider_empty_write_buckets(conn);
       /* Make sure that consider_empty_buckets really disabled the
        * connection: */
       if (BUG(connection_is_writing(conn))) {
         connection_write_bw_exhausted(conn, true);
       }

       /* The connection is being held due to write rate limit and thus will
        * flush its data later. We need to stop reading because this
        * connection is about to be closed once flushed. It should not
        * process anything more coming in at this stage. */
       connection_stop_reading(conn);
     }
     return 0;
   }
   if (connection_wants_to_flush(conn)) {
     log_fn(LOG_INFO, LD_NET, "We stalled too much while trying to write %d "
            "bytes to address %s.  If this happens a lot, either "
            "something is wrong with your network connection, or "
            "something is wrong with theirs. "
            "(fd %d, type %s, state %d, marked at %s:%d).",
            (int)connection_get_outbuf_len(conn),
            escaped_safe_str_client(conn->address),
            (int)conn->s, conn_type_to_string(conn->type), conn->state,
            conn->marked_for_close_file,
            conn->marked_for_close);
   }
 }

 connection_unlink(conn); /* unlink, remove, free */
 return 1;
}

/** Implementation for directory_all_unreachable.  This is done in a callback,
* since otherwise it would complicate Tor's control-flow graph beyond all
* reason.
*/
static void
directory_all_unreachable_cb(mainloop_event_t *event, void *arg)
{
 (void)event;
 (void)arg;

 connection_t *conn;

 while ((conn = connection_get_by_type_state(CONN_TYPE_AP,
                                             AP_CONN_STATE_CIRCUIT_WAIT))) {
   entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
   log_notice(LD_NET,
              "Is your network connection down? "
              "Failing connection to '%s:%d'.",
              safe_str_client(entry_conn->socks_request->address),
              entry_conn->socks_request->port);
   connection_mark_unattached_ap(entry_conn,
                                 END_STREAM_REASON_NET_UNREACHABLE);
 }
 control_event_general_error("DIR_ALL_UNREACHABLE");
}

static mainloop_event_t *directory_all_unreachable_cb_event = NULL;

/** We've just tried every dirserver we know about, and none of
* them were reachable. Assume the network is down. Change state
* so next time an application connection arrives we'll delay it
* and try another directory fetch. Kill off all the circuit_wait
* streams that are waiting now, since they will all timeout anyway.
*/
void
directory_all_unreachable(time_t now)
{
 (void)now;

 reset_uptime(); /* reset it */

 if (!directory_all_unreachable_cb_event) {
   directory_all_unreachable_cb_event =
     mainloop_event_new(directory_all_unreachable_cb, NULL);
   tor_assert(directory_all_unreachable_cb_event);
 }

 mainloop_event_activate(directory_all_unreachable_cb_event);
}

/** This function is called whenever we successfully pull down some new
* network statuses or server descriptors. */
void
directory_info_has_arrived(time_t now, int from_cache, int suppress_logs)
{
 const or_options_t *options = get_options();

 /* if we have enough dir info, then update our guard status with
  * whatever we just learned. */
 int invalidate_circs = guards_update_all();

 if (invalidate_circs) {
   circuit_mark_all_unused_circs();
   circuit_mark_all_dirty_circs_as_unusable();
 }

 if (!router_have_minimum_dir_info()) {
   int quiet = suppress_logs || from_cache ||
               dirclient_too_idle_to_fetch_descriptors(options, now);
   tor_log(quiet ? LOG_INFO : LOG_NOTICE, LD_DIR,
       "I learned some more directory information, but not enough to "
       "build a circuit: %s", get_dir_info_status_string());
   update_all_descriptor_downloads(now);
   return;
 } else {
   if (dirclient_fetches_from_authorities(options)) {
     update_all_descriptor_downloads(now);
   }

   /* Don't even bother trying to get extrainfo until the rest of our
    * directory info is up-to-date */
   if (options->DownloadExtraInfo)
     update_extrainfo_downloads(now);
 }

 if (server_mode(options) && !net_is_disabled() && !from_cache &&
     (have_completed_a_circuit() || !any_predicted_circuits(now)))
  router_do_reachability_checks();
}

/** Perform regular maintenance tasks for a single connection.  This
* function gets run once per second per connection by run_scheduled_events.
*/
static void
run_connection_housekeeping(int i, time_t now)
{
 cell_t cell;
 connection_t *conn = smartlist_get(connection_array, i);
 const or_options_t *options = get_options();
 or_connection_t *or_conn;
 channel_t *chan = NULL;
 int have_any_circuits;
 int past_keepalive =
   now >= conn->timestamp_last_write_allowed + options->KeepalivePeriod;

 if (conn->outbuf && !connection_get_outbuf_len(conn) &&
     conn->type == CONN_TYPE_OR)
   TO_OR_CONN(conn)->timestamp_lastempty = now;

 if (conn->marked_for_close) {
   /* nothing to do here */
   return;
 }

 /* Expire any directory connections that haven't been active (sent
  * if a server or received if a client) for 5 min */
 if (conn->type == CONN_TYPE_DIR &&
     ((DIR_CONN_IS_SERVER(conn) &&
       conn->timestamp_last_write_allowed
           + options->TestingDirConnectionMaxStall < now) ||
      (!DIR_CONN_IS_SERVER(conn) &&
       conn->timestamp_last_read_allowed
           + options->TestingDirConnectionMaxStall < now))) {
   log_info(LD_DIR,"Expiring wedged directory conn (fd %d, purpose %d)",
            (int)conn->s, conn->purpose);
   /* This check is temporary; it's to let us know whether we should consider
    * parsing partial serverdesc responses. */
   if (conn->purpose == DIR_PURPOSE_FETCH_SERVERDESC &&
       connection_get_inbuf_len(conn) >= 1024) {
     log_info(LD_DIR,"Trying to extract information from wedged server desc "
              "download.");
     connection_dir_reached_eof(TO_DIR_CONN(conn));
   } else {
     connection_mark_for_close(conn);
   }
   return;
 }

 if (!connection_speaks_cells(conn))
   return; /* we're all done here, the rest is just for OR conns */

 /* If we haven't flushed to an OR connection for a while, then either nuke
    the connection or send a keepalive, depending. */

 or_conn = TO_OR_CONN(conn);
 tor_assert(conn->outbuf);

 chan = TLS_CHAN_TO_BASE(or_conn->chan);
 tor_assert(chan);

 if (channel_num_circuits(chan) != 0) {
   have_any_circuits = 1;
   chan->timestamp_last_had_circuits = now;
 } else {
   have_any_circuits = 0;
 }

 if (channel_is_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan)) &&
     ! have_any_circuits) {
   /* It's bad for new circuits, and has no unmarked circuits on it:
    * mark it now. */
   log_info(LD_OR,
            "Expiring non-used OR connection to fd %d (%s:%d) [Too old].",
            (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port);
   if (conn->state == OR_CONN_STATE_CONNECTING)
     connection_or_connect_failed(TO_OR_CONN(conn),
                                  END_OR_CONN_REASON_TIMEOUT,
                                  "Tor gave up on the connection");
   connection_or_close_normally(TO_OR_CONN(conn), 1);
 } else if (!connection_state_is_open(conn)) {
   if (past_keepalive) {
     /* We never managed to actually get this connection open and happy. */
     log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
              (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port);
     connection_or_close_normally(TO_OR_CONN(conn), 0);
   }
 } else if (we_are_hibernating() &&
            ! have_any_circuits &&
            !connection_get_outbuf_len(conn)) {
   /* We're hibernating or shutting down, there's no circuits, and nothing to
    * flush.*/
   log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
            "[Hibernating or exiting].",
            (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port);
   connection_or_close_normally(TO_OR_CONN(conn), 1);
 } else if (!have_any_circuits &&
            now - or_conn->idle_timeout >=
                                        chan->timestamp_last_had_circuits) {
   log_info(LD_OR,"Expiring non-used OR connection %"PRIu64" to fd %d "
            "(%s:%d) [no circuits for %d; timeout %d; %scanonical].",
            (chan->global_identifier),
            (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port,
            (int)(now - chan->timestamp_last_had_circuits),
            or_conn->idle_timeout,
            or_conn->is_canonical ? "" : "non");
   connection_or_close_normally(TO_OR_CONN(conn), 0);
 } else if (
     now >= or_conn->timestamp_lastempty + options->KeepalivePeriod*10 &&
     now >=
         conn->timestamp_last_write_allowed + options->KeepalivePeriod*10) {
   log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,
          "Expiring stuck OR connection to fd %d (%s:%d). (%d bytes to "
          "flush; %d seconds since last write)",
          (int)conn->s, safe_str(fmt_and_decorate_addr(&conn->addr)),
          conn->port, (int)connection_get_outbuf_len(conn),
          (int)(now-conn->timestamp_last_write_allowed));
   connection_or_close_normally(TO_OR_CONN(conn), 0);
 } else if (past_keepalive && !connection_get_outbuf_len(conn)) {
   /* send a padding cell */
   log_fn(LOG_DEBUG,LD_OR,"Sending keepalive to (%s:%d)",
          fmt_and_decorate_addr(&conn->addr), conn->port);
   memset(&cell,0,sizeof(cell_t));
   cell.command = CELL_PADDING;
   connection_or_write_cell_to_buf(&cell, or_conn);
 } else {
   channelpadding_decide_to_pad_channel(chan);
 }
}

/** Honor a NEWNYM request: make future requests unlinkable to past
* requests. */
static void
signewnym_impl(time_t now)
{
 const or_options_t *options = get_options();
 if (!proxy_mode(options)) {
   log_info(LD_CONTROL, "Ignoring SIGNAL NEWNYM because client functionality "
            "is disabled.");
   return;
 }

 circuit_mark_all_dirty_circs_as_unusable();
 addressmap_clear_transient();
 hs_client_purge_state();
 purge_vanguards_lite();
 time_of_last_signewnym = now;
 signewnym_is_pending = 0;

 ++newnym_epoch;

 control_event_signal(SIGNEWNYM);
}

/** Callback: run a deferred signewnym. */
static void
handle_deferred_signewnym_cb(mainloop_event_t *event, void *arg)
{
 (void)event;
 (void)arg;
 log_info(LD_CONTROL, "Honoring delayed NEWNYM request");
 do_signewnym(time(NULL));
}

/** Either perform a signewnym or schedule one, depending on rate limiting. */
void
do_signewnym(time_t now)
{
 if (time_of_last_signewnym + MAX_SIGNEWNYM_RATE > now) {
   const time_t delay_sec =
     time_of_last_signewnym + MAX_SIGNEWNYM_RATE - now;
   if (! signewnym_is_pending) {
     signewnym_is_pending = 1;
     if (!handle_deferred_signewnym_ev) {
       handle_deferred_signewnym_ev =
         mainloop_event_postloop_new(handle_deferred_signewnym_cb, NULL);
     }
     const struct timeval delay_tv = { delay_sec, 0 };
     mainloop_event_schedule(handle_deferred_signewnym_ev, &delay_tv);
   }
   log_notice(LD_CONTROL,
              "Rate limiting NEWNYM request: delaying by %d second(s)",
              (int)(delay_sec));
 } else {
   signewnym_impl(now);
 }
}

/** Return the number of times that signewnym has been called. */
unsigned
get_signewnym_epoch(void)
{
 return newnym_epoch;
}

/** True iff we have initialized all the members of <b>periodic_events</b>.
* Used to prevent double-initialization. */
static int periodic_events_initialized = 0;

/* Declare all the timer callback functions... */
#ifndef COCCI
#undef CALLBACK
#define CALLBACK(name) \
 static int name ## _callback(time_t, const or_options_t *)

CALLBACK(add_entropy);
CALLBACK(check_expired_networkstatus);
CALLBACK(clean_caches);
CALLBACK(clean_consdiffmgr);
CALLBACK(fetch_networkstatus);
CALLBACK(heartbeat);
CALLBACK(hs_service);
CALLBACK(launch_descriptor_fetches);
CALLBACK(prune_old_routers);
CALLBACK(record_bridge_stats);
CALLBACK(rend_cache_failure_clean);
CALLBACK(reset_padding_counts);
CALLBACK(retry_listeners);
CALLBACK(rotate_x509_certificate);
CALLBACK(save_state);
CALLBACK(write_stats_file);
CALLBACK(control_per_second_events);
CALLBACK(second_elapsed);
CALLBACK(manage_vglite);

#undef CALLBACK

/* Now we declare an array of periodic_event_item_t for each periodic event */
#define CALLBACK(name, r, f)                            \
 PERIODIC_EVENT(name, PERIODIC_EVENT_ROLE_ ## r, f)
#define FL(name) (PERIODIC_EVENT_FLAG_ ## name)
#endif /* !defined(COCCI) */

STATIC periodic_event_item_t mainloop_periodic_events[] = {

 /* Everyone needs to run these. They need to have very long timeouts for
  * that to be safe. */
 CALLBACK(add_entropy, ALL, 0),
 CALLBACK(heartbeat, ALL, 0),
 CALLBACK(reset_padding_counts, ALL, 0),

 /* This is a legacy catch-all callback that runs once per second if
  * we are online and active. */
 CALLBACK(second_elapsed, NET_PARTICIPANT,
          FL(RUN_ON_DISABLE)),

 /* Update vanguards-lite once per hour, if we have networking */
 CALLBACK(manage_vglite, NET_PARTICIPANT, FL(NEED_NET)),

 /* XXXX Do we have a reason to do this on a callback? Does it do any good at
  * all?  For now, if we're dormant, we can let our listeners decay. */
 CALLBACK(retry_listeners, NET_PARTICIPANT, FL(NEED_NET)),

 /* We need to do these if we're participating in the Tor network. */
 CALLBACK(check_expired_networkstatus, NET_PARTICIPANT, 0),
 CALLBACK(fetch_networkstatus, NET_PARTICIPANT, 0),
 CALLBACK(launch_descriptor_fetches, NET_PARTICIPANT, FL(NEED_NET)),
 CALLBACK(rotate_x509_certificate, NET_PARTICIPANT, 0),
 CALLBACK(check_network_participation, NET_PARTICIPANT, 0),

 /* We need to do these if we're participating in the Tor network, and
  * immediately before we stop. */
 CALLBACK(clean_caches, NET_PARTICIPANT, FL(RUN_ON_DISABLE)),
 CALLBACK(save_state, NET_PARTICIPANT, FL(RUN_ON_DISABLE)),
 CALLBACK(write_stats_file, NET_PARTICIPANT, FL(RUN_ON_DISABLE)),
 CALLBACK(prune_old_routers, NET_PARTICIPANT, FL(RUN_ON_DISABLE)),

 /* Hidden Service service only. */
 CALLBACK(hs_service, HS_SERVICE, FL(NEED_NET)), // XXXX break this down more

 /* Bridge only. */
 CALLBACK(record_bridge_stats, BRIDGE, 0),

 /* Client only. */
 /* XXXX this could be restricted to CLIENT+NET_PARTICIPANT */
 CALLBACK(rend_cache_failure_clean, NET_PARTICIPANT, FL(RUN_ON_DISABLE)),

 /* Directory server only. */
 CALLBACK(clean_consdiffmgr, DIRSERVER, 0),

 /* Controller with per-second events only. */
 CALLBACK(control_per_second_events, CONTROLEV, 0),

 END_OF_PERIODIC_EVENTS
};
#ifndef COCCI
#undef CALLBACK
#undef FL
#endif

/* These are pointers to members of periodic_events[] that are used to
* implement particular callbacks.  We keep them separate here so that we
* can access them by name.  We also keep them inside periodic_events[]
* so that we can implement "reset all timers" in a reasonable way. */
static periodic_event_item_t *fetch_networkstatus_event=NULL;
static periodic_event_item_t *launch_descriptor_fetches_event=NULL;
static periodic_event_item_t *check_dns_honesty_event=NULL;
static periodic_event_item_t *save_state_event=NULL;
static periodic_event_item_t *prune_old_routers_event=NULL;

/** Reset all the periodic events so we'll do all our actions again as if we
* just started up.
* Useful if our clock just moved back a long time from the future,
* so we don't wait until that future arrives again before acting.
*/
void
reset_all_main_loop_timers(void)
{
 periodic_events_reset_all();
}

/** Return a bitmask of the roles this tor instance is configured for using
* the given options. */
STATIC int
get_my_roles(const or_options_t *options)
{
 tor_assert(options);

 int roles = PERIODIC_EVENT_ROLE_ALL;
 int is_bridge = options->BridgeRelay;
 int is_relay = server_mode(options);
 int is_dirauth = authdir_mode_v3(options);
 int is_bridgeauth = authdir_mode_bridge(options);
 int is_hidden_service = !!hs_service_get_num_services();
 int is_dirserver = dir_server_mode(options);
 int sending_control_events = control_any_per_second_event_enabled();

 /* We also consider tor to have the role of a client if the ControlPort is
  * set because a lot of things can be done over the control port which
  * requires tor to have basic functionalities. */
 int is_client = options_any_client_port_set(options) ||
                 options->ControlPort_set ||
                 options->OwningControllerFD != UINT64_MAX;

 int is_net_participant = is_participating_on_network() ||
   is_relay || is_hidden_service;

 if (is_bridge) roles |= PERIODIC_EVENT_ROLE_BRIDGE;
 if (is_client) roles |= PERIODIC_EVENT_ROLE_CLIENT;
 if (is_relay) roles |= PERIODIC_EVENT_ROLE_RELAY;
 if (is_dirauth) roles |= PERIODIC_EVENT_ROLE_DIRAUTH;
 if (is_bridgeauth) roles |= PERIODIC_EVENT_ROLE_BRIDGEAUTH;
 if (is_hidden_service) roles |= PERIODIC_EVENT_ROLE_HS_SERVICE;
 if (is_dirserver) roles |= PERIODIC_EVENT_ROLE_DIRSERVER;
 if (is_net_participant) roles |= PERIODIC_EVENT_ROLE_NET_PARTICIPANT;
 if (sending_control_events) roles |= PERIODIC_EVENT_ROLE_CONTROLEV;

 return roles;
}

/** Event to run initialize_periodic_events_cb */
static struct event *initialize_periodic_events_event = NULL;

/** Helper, run one second after setup:
* Initializes all members of periodic_events and starts them running.
*
* (We do this one second after setup for backward-compatibility reasons;
* it might not actually be necessary.) */
static void
initialize_periodic_events_cb(evutil_socket_t fd, short events, void *data)
{
 (void) fd;
 (void) events;
 (void) data;

 tor_event_free(initialize_periodic_events_event);

 rescan_periodic_events(get_options());
}

/** Set up all the members of mainloop_periodic_events[], and configure them
* all to be launched from a callback. */
void
initialize_periodic_events(void)
{
 if (periodic_events_initialized)
   return;

 periodic_events_initialized = 1;

 for (int i = 0; mainloop_periodic_events[i].name; ++i) {
   periodic_events_register(&mainloop_periodic_events[i]);
 }

 /* Set up all periodic events. We'll launch them by roles. */

#ifndef COCCI
#define NAMED_CALLBACK(name) \
 STMT_BEGIN name ## _event = periodic_events_find( #name ); STMT_END
#endif

 NAMED_CALLBACK(prune_old_routers);
 NAMED_CALLBACK(fetch_networkstatus);
 NAMED_CALLBACK(launch_descriptor_fetches);
 NAMED_CALLBACK(check_dns_honesty);
 NAMED_CALLBACK(save_state);
}

STATIC void
teardown_periodic_events(void)
{
 periodic_events_disconnect_all();
 fetch_networkstatus_event = NULL;
 launch_descriptor_fetches_event = NULL;
 check_dns_honesty_event = NULL;
 save_state_event = NULL;
 prune_old_routers_event = NULL;
 periodic_events_initialized = 0;
}

static mainloop_event_t *rescan_periodic_events_ev = NULL;

/** Callback: rescan the periodic event list. */
static void
rescan_periodic_events_cb(mainloop_event_t *event, void *arg)
{
 (void)event;
 (void)arg;
 rescan_periodic_events(get_options());
}

/**
* Schedule an event that will rescan which periodic events should run.
**/
MOCK_IMPL(void,
schedule_rescan_periodic_events,(void))
{
 if (!rescan_periodic_events_ev) {
   rescan_periodic_events_ev =
     mainloop_event_new(rescan_periodic_events_cb, NULL);
 }
 mainloop_event_activate(rescan_periodic_events_ev);
}

/** Do a pass at all our periodic events, disable those we don't need anymore
* and enable those we need now using the given options. */
void
rescan_periodic_events(const or_options_t *options)
{
 tor_assert(options);

 periodic_events_rescan_by_roles(get_my_roles(options), net_is_disabled());
}

/* We just got new options globally set, see if we need to enabled or disable
* periodic events. */
void
periodic_events_on_new_options(const or_options_t *options)
{
 rescan_periodic_events(options);
}

/**
* Update our schedule so that we'll check whether we need to fetch directory
* info immediately.
*/
void
reschedule_directory_downloads(void)
{
 tor_assert(fetch_networkstatus_event);
 tor_assert(launch_descriptor_fetches_event);

 periodic_event_reschedule(fetch_networkstatus_event);
 periodic_event_reschedule(launch_descriptor_fetches_event);
}

/** Mainloop callback: clean up circuits, channels, and connections
* that are pending close. */
static void
postloop_cleanup_cb(mainloop_event_t *ev, void *arg)
{
 (void)ev;
 (void)arg;
 circuit_close_all_marked();
 close_closeable_connections();
 channel_run_cleanup();
 channel_listener_run_cleanup();
}

/** Event to run postloop_cleanup_cb */
static mainloop_event_t *postloop_cleanup_ev=NULL;

/** Schedule a post-loop event to clean up marked channels, connections, and
* circuits. */
void
mainloop_schedule_postloop_cleanup(void)
{
 if (PREDICT_UNLIKELY(postloop_cleanup_ev == NULL)) {
   // (It's possible that we can get here if we decide to close a connection
   // in the earliest stages of our configuration, before we create events.)
   return;
 }
 mainloop_event_activate(postloop_cleanup_ev);
}

/** Event to run 'scheduled_shutdown_cb' */
static mainloop_event_t *scheduled_shutdown_ev=NULL;

/** Callback: run a scheduled shutdown */
static void
scheduled_shutdown_cb(mainloop_event_t *ev, void *arg)
{
 (void)ev;
 (void)arg;
 log_notice(LD_GENERAL, "Clean shutdown finished. Exiting.");
 tor_shutdown_event_loop_and_exit(0);
}

/** Schedule the mainloop to exit after <b>delay_sec</b> seconds. */
void
mainloop_schedule_shutdown(int delay_sec)
{
 const struct timeval delay_tv = { delay_sec, 0 };
 if (! scheduled_shutdown_ev) {
   scheduled_shutdown_ev = mainloop_event_new(scheduled_shutdown_cb, NULL);
 }
 mainloop_event_schedule(scheduled_shutdown_ev, &delay_tv);
}

/**
* Update vanguards-lite layer2 nodes, once every 15 minutes
*/
static int
manage_vglite_callback(time_t now, const or_options_t *options)
{
(void)now;
(void)options;
#define VANGUARDS_LITE_INTERVAL (15*60)

 maintain_layer2_guards();

 return VANGUARDS_LITE_INTERVAL;
}

/** Perform regular maintenance tasks.  This function gets run once per
* second.
*/
static int
second_elapsed_callback(time_t now, const or_options_t *options)
{
 /* 0. See if our bandwidth limits are exhausted and we should hibernate
  *
  * Note: we have redundant mechanisms to handle the case where it's
  * time to wake up from hibernation; or where we have a scheduled
  * shutdown and it's time to run it, but this will also handle those.
  */
 consider_hibernation(now);

 /* Maybe enough time elapsed for us to reconsider a circuit. */
 circuit_upgrade_circuits_from_guard_wait();

 if (options->UseBridges && !net_is_disabled()) {
   /* Note: this check uses net_is_disabled(), not should_delay_dir_fetches()
    * -- the latter is only for fetching consensus-derived directory info. */
   // TODO: client
   //     Also, schedule this rather than probing 1x / sec
   fetch_bridge_descriptors(options, now);
 }

 if (accounting_is_enabled(options)) {
   // TODO: refactor or rewrite?
   accounting_run_housekeeping(now);
 }

 /* 3a. Every second, we examine pending circuits and prune the
  *    ones which have been pending for more than a few seconds.
  *    We do this before step 4, so it can try building more if
  *    it's not comfortable with the number of available circuits.
  */
 /* (If our circuit build timeout can ever become lower than a second (which
  * it can't, currently), we should do this more often.) */
 // TODO: All expire stuff can become NET_PARTICIPANT, RUN_ON_DISABLE
 circuit_expire_building();
 circuit_expire_waiting_for_better_guard();

 /* 3b. Also look at pending streams and prune the ones that 'began'
  *     a long time ago but haven't gotten a 'connected' yet.
  *     Do this before step 4, so we can put them back into pending
  *     state to be picked up by the new circuit.
  */
 connection_ap_expire_beginning();

 /* 3c. And expire connections that we've held open for too long.
  */
 connection_expire_held_open();

 /* 4. Every second, we try a new circuit if there are no valid
  *    circuits. Every NewCircuitPeriod seconds, we expire circuits
  *    that became dirty more than MaxCircuitDirtiness seconds ago,
  *    and we make a new circ if there are no clean circuits.
  */
 const int have_dir_info = router_have_minimum_dir_info();
 if (have_dir_info && !net_is_disabled()) {
   circuit_build_needed_circs(now);
 } else {
   circuit_expire_old_circs_as_needed(now);
 }

 /* 5. We do housekeeping for each connection... */
 channel_update_bad_for_new_circs(NULL, 0);
 int i;
 for (i=0;i<smartlist_len(connection_array);i++) {
   run_connection_housekeeping(i, now);
 }

 /* Run again in a second. */
 return 1;
}

/**
* Periodic callback: Every {LAZY,GREEDY}_DESCRIPTOR_RETRY_INTERVAL,
* see about fetching descriptors, microdescriptors, and extrainfo
* documents.
*/
static int
launch_descriptor_fetches_callback(time_t now, const or_options_t *options)
{
 if (should_delay_dir_fetches(options, NULL))
     return PERIODIC_EVENT_NO_UPDATE;

 update_all_descriptor_downloads(now);
 update_extrainfo_downloads(now);
 if (router_have_minimum_dir_info())
   return LAZY_DESCRIPTOR_RETRY_INTERVAL;
 else
   return GREEDY_DESCRIPTOR_RETRY_INTERVAL;
}

/**
* Periodic event: Rotate our X.509 certificates and TLS keys once every
* MAX_SSL_KEY_LIFETIME_INTERNAL.
*/
static int
rotate_x509_certificate_callback(time_t now, const or_options_t *options)
{
 static int first = 1;
 (void)now;
 (void)options;
 if (first) {
   first = 0;
   return MAX_SSL_KEY_LIFETIME_INTERNAL;
 }

 /* 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
  * TLS context. */
 log_info(LD_GENERAL,"Rotating tls context.");
 if (router_initialize_tls_context() < 0) {
   log_err(LD_BUG, "Error reinitializing TLS context");
   tor_assert_unreached();
 }
 if (generate_ed_link_cert(options, now, 1)) {
   log_err(LD_OR, "Unable to update Ed25519->TLS link certificate for "
           "new TLS context.");
   tor_assert_unreached();
 }

 /* We also make sure to rotate the TLS connections themselves if they've
  * been up for too long -- but that's done via is_bad_for_new_circs in
  * run_connection_housekeeping() above. */
 return MAX_SSL_KEY_LIFETIME_INTERNAL;
}

/**
* Periodic callback: once an hour, grab some more entropy from the
* kernel and feed it to our CSPRNG.
**/
static int
add_entropy_callback(time_t now, const or_options_t *options)
{
 (void)now;
 (void)options;
 /* We already seeded once, so don't die on failure. */
 if (crypto_seed_rng() < 0) {
   log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
            "seeded once, though, so we won't exit here.");
 }

 /** How often do we add more entropy to OpenSSL's RNG pool? */
#define ENTROPY_INTERVAL (60*60)
 return ENTROPY_INTERVAL;
}

/** Periodic callback: if there has been no network usage in a while,
* enter a dormant state. */
STATIC int
check_network_participation_callback(time_t now, const or_options_t *options)
{
 /* If we're a server, we can't become dormant. */
 if (server_mode(options)) {
   goto found_activity;
 }

 /* If we aren't allowed to become dormant, then participation doesn't
    matter */
 if (! options->DormantTimeoutEnabled) {
   goto found_activity;
 }

 /* If we're running an onion service, we can't become dormant. */
 /* XXXX this would be nice to change, so that we can be dormant with a
  * service. */
 if (hs_service_get_num_services()) {
   goto found_activity;
 }

 /* If we have any currently open entry streams other than "linked"
  * connections used for directory requests, those count as user activity.
  */
 if (options->DormantTimeoutDisabledByIdleStreams) {
   if (connection_get_by_type_nonlinked(CONN_TYPE_AP) != NULL) {
     goto found_activity;
   }
 }

 /* XXXX Make this configurable? */
/** How often do we check whether we have had network activity? */
#define CHECK_PARTICIPATION_INTERVAL (5*60)

 /* Become dormant if there has been no user activity in a long time.
  * (The funny checks below are in order to prevent overflow.) */
 time_t time_since_last_activity = 0;
 if (get_last_user_activity_time() < now)
   time_since_last_activity = now - get_last_user_activity_time();
 if (time_since_last_activity >= options->DormantClientTimeout) {
   log_notice(LD_GENERAL, "No user activity in a long time: becoming"
              " dormant.");
   set_network_participation(false);
   rescan_periodic_events(options);
 }

 return CHECK_PARTICIPATION_INTERVAL;

found_activity:
 note_user_activity(now);
 return CHECK_PARTICIPATION_INTERVAL;
}

/**
* Periodic callback: If our consensus is too old, recalculate whether
* we can actually use it.
*/
static int
check_expired_networkstatus_callback(time_t now, const or_options_t *options)
{
 (void)options;
 /* Check whether our networkstatus has expired. */
 networkstatus_t *ns = networkstatus_get_latest_consensus();
 /* Use reasonably live consensuses until they are no longer reasonably live.
  */
 if (ns && !networkstatus_consensus_reasonably_live(ns, now) &&
     router_have_minimum_dir_info()) {
   router_dir_info_changed();
 }
#define CHECK_EXPIRED_NS_INTERVAL (2*60)
 return CHECK_EXPIRED_NS_INTERVAL;
}

/**
* Scheduled callback: Save the state file to disk if appropriate.
*/
static int
save_state_callback(time_t now, const or_options_t *options)
{
 (void) options;
 (void) or_state_save(now); // only saves if appropriate
 const time_t next_write = get_or_state()->next_write;
 if (next_write == TIME_MAX) {
   return 86400;
 }
 return safe_timer_diff(now, next_write);
}

/** Reschedule the event for saving the state file.
*
* Run this when the state becomes dirty. */
void
reschedule_or_state_save(void)
{
 if (save_state_event == NULL) {
   /* This can happen early on during startup. */
   return;
 }
 periodic_event_reschedule(save_state_event);
}

/**
* Periodic callback: Write statistics to disk if appropriate.
*/
static int
write_stats_file_callback(time_t now, const or_options_t *options)
{
 /* 1g. Check whether we should write statistics to disk.
  */
#define CHECK_WRITE_STATS_INTERVAL (60*60)
 time_t next_time_to_write_stats_files = now + CHECK_WRITE_STATS_INTERVAL;
 if (options->CellStatistics) {
   time_t next_write =
     rep_hist_buffer_stats_write(now);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }
 if (options->DirReqStatistics) {
   time_t next_write = geoip_dirreq_stats_write(now);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }
 if (options->EntryStatistics) {
   time_t next_write = geoip_entry_stats_write(now);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }
 if (options->HiddenServiceStatistics) {
   time_t next_write = rep_hist_hs_stats_write(now, false);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;

   next_write = rep_hist_hs_stats_write(now, true);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }
 if (options->ExitPortStatistics) {
   time_t next_write = rep_hist_exit_stats_write(now);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }
 if (options->ConnDirectionStatistics) {
   time_t next_write = conn_stats_save(now);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }
 if (options->BridgeAuthoritativeDir) {
   time_t next_write = rep_hist_desc_stats_write(now);
   if (next_write && next_write < next_time_to_write_stats_files)
     next_time_to_write_stats_files = next_write;
 }

 return safe_timer_diff(now, next_time_to_write_stats_files);
}

static int
reset_padding_counts_callback(time_t now, const or_options_t *options)
{
 if (options->PaddingStatistics) {
   rep_hist_prep_published_padding_counts(now);
 }

 rep_hist_reset_padding_counts();
 return REPHIST_CELL_PADDING_COUNTS_INTERVAL;
}

static int should_init_bridge_stats = 1;

/**
* Periodic callback: Write bridge statistics to disk if appropriate.
*/
static int
record_bridge_stats_callback(time_t now, const or_options_t *options)
{
 /* 1h. Check whether we should write bridge statistics to disk.
  */
 if (should_record_bridge_info(options)) {
   if (should_init_bridge_stats) {
     /* (Re-)initialize bridge statistics. */
       geoip_bridge_stats_init(now);
       should_init_bridge_stats = 0;
       return WRITE_STATS_INTERVAL;
   } else {
     /* Possibly write bridge statistics to disk and ask when to write
      * them next time. */
     time_t next = geoip_bridge_stats_write(now);
     return safe_timer_diff(now, next);
   }
 } else if (!should_init_bridge_stats) {
   /* Bridge mode was turned off. Ensure that stats are re-initialized
    * next time bridge mode is turned on. */
   should_init_bridge_stats = 1;
 }
 return PERIODIC_EVENT_NO_UPDATE;
}

/**
* Periodic callback: Clean in-memory caches every once in a while
*/
static int
clean_caches_callback(time_t now, const or_options_t *options)
{
 /* Remove old information from rephist and the rend cache. */
 rep_history_clean(now - options->RephistTrackTime);
 hs_cache_clean_as_client(now);
 hs_cache_clean_as_dir(now);
 microdesc_cache_rebuild(NULL, 0);
#define CLEAN_CACHES_INTERVAL (30*60)
 return CLEAN_CACHES_INTERVAL;
}

/**
* Periodic callback: Clean the cache of failed hidden service lookups
* frequently.
*/
static int
rend_cache_failure_clean_callback(time_t now, const or_options_t *options)
{
 (void)options;
 /* We don't keep entries that are more than five minutes old so we try to
  * clean it as soon as we can since we want to make sure the client waits
  * as little as possible for reachability reasons. */
 hs_cache_client_intro_state_clean(now);
 return 30;
}

/**
* Periodic callback: prune routerlist of old information about Tor network.
*/
static int
prune_old_routers_callback(time_t now, const or_options_t *options)
{
#define ROUTERLIST_PRUNING_INTERVAL (60*60) // 1 hour.
 (void)now;
 (void)options;

 if (!net_is_disabled()) {
   /* If any networkstatus documents are no longer recent, we need to
    * update all the descriptors' running status. */
   /* Remove dead routers. */
   log_debug(LD_GENERAL, "Pruning routerlist...");
   routerlist_remove_old_routers();
 }

 return ROUTERLIST_PRUNING_INTERVAL;
}

/**
* Periodic event: once a minute, (or every second if TestingTorNetwork, or
* during client bootstrap), check whether we want to download any
* networkstatus documents. */
static int
fetch_networkstatus_callback(time_t now, const or_options_t *options)
{
 /* How often do we check whether we should download network status
  * documents? */
 const int we_are_bootstrapping = networkstatus_consensus_is_bootstrapping(
                                                                       now);
 const int prefer_mirrors = !dirclient_fetches_from_authorities(
                                                             get_options());
 int networkstatus_dl_check_interval = 60;
 /* check more often when testing, or when bootstrapping from mirrors
  * (connection limits prevent too many connections being made) */
 if (options->TestingTorNetwork
     || (we_are_bootstrapping && prefer_mirrors)) {
   networkstatus_dl_check_interval = 1;
 }

 if (should_delay_dir_fetches(options, NULL))
   return PERIODIC_EVENT_NO_UPDATE;

 update_networkstatus_downloads(now);
 return networkstatus_dl_check_interval;
}

/**
* Periodic callback: Every 60 seconds, we relaunch listeners if any died. */
static int
retry_listeners_callback(time_t now, const or_options_t *options)
{
 (void)now;
 (void)options;
 if (!net_is_disabled()) {
   retry_all_listeners(NULL, 0);
   return 60;
 }
 return PERIODIC_EVENT_NO_UPDATE;
}

static int heartbeat_callback_first_time = 1;

/**
* Periodic callback: write the heartbeat message in the logs.
*
* If writing the heartbeat message to the logs fails for some reason, retry
* again after <b>MIN_HEARTBEAT_PERIOD</b> seconds.
*/
static int
heartbeat_callback(time_t now, const or_options_t *options)
{
 /* Check if heartbeat is disabled */
 if (!options->HeartbeatPeriod) {
   return PERIODIC_EVENT_NO_UPDATE;
 }

 /* Skip the first one. */
 if (heartbeat_callback_first_time) {
   heartbeat_callback_first_time = 0;
   return options->HeartbeatPeriod;
 }

 /* Write the heartbeat message */
 if (log_heartbeat(now) == 0) {
   return options->HeartbeatPeriod;
 } else {
   /* If we couldn't write the heartbeat log message, try again in the minimum
    * interval of time. */
   return MIN_HEARTBEAT_PERIOD;
 }
}

#define CDM_CLEAN_CALLBACK_INTERVAL 600
static int
clean_consdiffmgr_callback(time_t now, const or_options_t *options)
{
 (void)now;
 if (dir_server_mode(options)) {
   consdiffmgr_cleanup();
 }
 return CDM_CLEAN_CALLBACK_INTERVAL;
}

/*
* Periodic callback: Run scheduled events for HS service. This is called
* every second.
*/
static int
hs_service_callback(time_t now, const or_options_t *options)
{
 (void) options;

 /* We need to at least be able to build circuits and that we actually have
  * a working network. */
 if (!have_completed_a_circuit() || net_is_disabled() ||
     !networkstatus_get_reasonably_live_consensus(now,
                                        usable_consensus_flavor())) {
   goto end;
 }

 hs_service_run_scheduled_events(now);

end:
 /* Every 1 second. */
 return 1;
}

/*
* Periodic callback: Send once-per-second events to the controller(s).
* This is called every second.
*/
static int
control_per_second_events_callback(time_t now, const or_options_t *options)
{
 (void) options;
 (void) now;

 control_per_second_events();

 return 1;
}

/** Last time that update_current_time was called. */
static time_t current_second = 0;
/** Last time that update_current_time updated current_second. */
static monotime_coarse_t current_second_last_changed;

/**
* Set the current time to "now", which should be the value returned by
* time().  Check for clock jumps and track the total number of seconds we
* have been running.
*/
void
update_current_time(time_t now)
{
 if (PREDICT_LIKELY(now == current_second)) {
   /* We call this function a lot.  Most frequently, the current second
    * will not have changed, so we just return. */
   return;
 }

 const time_t seconds_elapsed = current_second ? (now - current_second) : 0;

 /* Check the wall clock against the monotonic clock, so we can
  * better tell idleness from clock jumps and/or other shenanigans. */
 monotime_coarse_t last_updated;
 memcpy(&last_updated, &current_second_last_changed, sizeof(last_updated));
 monotime_coarse_get(&current_second_last_changed);

 /** How much clock jumping means that we should adjust our idea of when
  * to go dormant? */
#define NUM_JUMPED_SECONDS_BEFORE_NETSTATUS_UPDATE 20

 /* Don't go dormant early or late just because we jumped in time. */
 if (ABS(seconds_elapsed) >= NUM_JUMPED_SECONDS_BEFORE_NETSTATUS_UPDATE) {
   if (is_participating_on_network()) {
     netstatus_note_clock_jumped(seconds_elapsed);
   }
 }

 /** How much clock jumping do we tolerate? */
#define NUM_JUMPED_SECONDS_BEFORE_WARN 100

 /** How much idleness do we tolerate? */
#define NUM_IDLE_SECONDS_BEFORE_WARN 3600

 if (seconds_elapsed < -NUM_JUMPED_SECONDS_BEFORE_WARN) {
   // moving back in time is always a bad sign.
   circuit_note_clock_jumped(seconds_elapsed, false);

 } else if (seconds_elapsed >= NUM_JUMPED_SECONDS_BEFORE_WARN) {
   /* Compare the monotonic clock to the result of time(). */
   const int32_t monotime_msec_passed =
     monotime_coarse_diff_msec32(&last_updated,
                                 &current_second_last_changed);
   const int monotime_sec_passed = monotime_msec_passed / 1000;
   const int discrepancy = monotime_sec_passed - (int)seconds_elapsed;
   /* If the monotonic clock deviates from time(NULL), we have a couple of
    * possibilities.  On some systems, this means we have been suspended or
    * sleeping.  Everywhere, it can mean that the wall-clock time has
    * been changed -- for example, with settimeofday().
    *
    * On the other hand, if the monotonic time matches with the wall-clock
    * time, we've probably just been idle for a while, with no events firing.
    * we tolerate much more of that.
    */
   const bool clock_jumped = abs(discrepancy) > 2;

   if (clock_jumped || seconds_elapsed >= NUM_IDLE_SECONDS_BEFORE_WARN) {
     circuit_note_clock_jumped(seconds_elapsed, ! clock_jumped);
   }
 } else if (seconds_elapsed > 0) {
   stats_n_seconds_working += seconds_elapsed;
 }

 update_approx_time(now);
 current_second = now;
}

#ifdef HAVE_SYSTEMD_209
static periodic_timer_t *systemd_watchdog_timer = NULL;

/** Libevent callback: invoked to reset systemd watchdog. */
static void
systemd_watchdog_callback(periodic_timer_t *timer, void *arg)
{
 (void)timer;
 (void)arg;
 sd_notify(0, "WATCHDOG=1");
}
#endif /* defined(HAVE_SYSTEMD_209) */

#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)

/** Called when our IP address seems to have changed. <b>on_client_conn</b>
* should be true if:
*   - we detected a change in our interface address, using an outbound
*     connection, and therefore
*   - our client TLS keys need to be rotated.
* Otherwise, it should be false, and:
*   - we detected a change in our published address
*     (using some other method), and therefore
*   - the published addresses in our descriptor need to change.
*/
void
ip_address_changed(int on_client_conn)
{
 const or_options_t *options = get_options();
 int server = server_mode(options);

 if (on_client_conn) {
   if (! server) {
     /* Okay, change our keys. */
     if (init_keys_client() < 0)
       log_warn(LD_GENERAL, "Unable to rotate keys after IP change!");
   }
 } else {
   if (server) {
     if (get_uptime() > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST)
       reset_bandwidth_test();
     reset_uptime();
     router_reset_reachability();
     pt_update_bridge_lines();
     /* All relays include their IP addresses as their ORPort addresses in
      * their descriptor.
      * Exit relays also incorporate interface addresses in their exit
      * policies, when ExitPolicyRejectLocalInterfaces is set. */
     mark_my_descriptor_dirty("IP address changed");
   }
 }

 dns_servers_relaunch_checks();
}

/** Forget what we've learned about the correctness of our DNS servers, and
* start learning again. */
void
dns_servers_relaunch_checks(void)
{
 if (server_mode(get_options())) {
   dns_reset_correctness_checks();
   if (check_dns_honesty_event) {
     periodic_event_reschedule(check_dns_honesty_event);
   }
 }
}

/** Initialize some mainloop_event_t objects that we require. */
void
initialize_mainloop_events(void)
{
 if (!schedule_active_linked_connections_event) {
   schedule_active_linked_connections_event =
     mainloop_event_postloop_new(schedule_active_linked_connections_cb, NULL);
 }
 if (!postloop_cleanup_ev) {
   postloop_cleanup_ev =
     mainloop_event_postloop_new(postloop_cleanup_cb, NULL);
 }
}

/** Tor main loop. */
int
do_main_loop(void)
{
 /* initialize the periodic events first, so that code that depends on the
  * events being present does not assert.
  */
 tor_assert(periodic_events_initialized);
 initialize_mainloop_events();

 periodic_events_connect_all();

 struct timeval one_second = { 1, 0 };
 initialize_periodic_events_event = tor_evtimer_new(
                 tor_libevent_get_base(),
                 initialize_periodic_events_cb, NULL);
 event_add(initialize_periodic_events_event, &one_second);

#ifdef HAVE_SYSTEMD_209
 uint64_t watchdog_delay;
 /* set up systemd watchdog notification. */
 if (sd_watchdog_enabled(1, &watchdog_delay) > 0) {
   if (! systemd_watchdog_timer) {
     struct timeval watchdog;
     /* The manager will "act on" us if we don't send them a notification
      * every 'watchdog_delay' microseconds.  So, send notifications twice
      * that often.  */
     watchdog_delay /= 2;
     watchdog.tv_sec = watchdog_delay  / 1000000;
     watchdog.tv_usec = watchdog_delay % 1000000;

     systemd_watchdog_timer = periodic_timer_new(tor_libevent_get_base(),
                                                 &watchdog,
                                                 systemd_watchdog_callback,
                                                 NULL);
     tor_assert(systemd_watchdog_timer);
   }
 }
#endif /* defined(HAVE_SYSTEMD_209) */
#ifdef ENABLE_RESTART_DEBUGGING
 {
   static int first_time = 1;

   if (first_time && getenv("TOR_DEBUG_RESTART")) {
     first_time = 0;
     const char *sec_str = getenv("TOR_DEBUG_RESTART_AFTER_SECONDS");
     long sec;
     int sec_ok=0;
     if (sec_str &&
         (sec = tor_parse_long(sec_str, 10, 0, INT_MAX, &sec_ok, NULL)) &&
         sec_ok) {
       /* Okay, we parsed the seconds. */
     } else {
       sec = 5;
     }
     struct timeval restart_after = { (time_t) sec, 0 };
     tor_shutdown_event_loop_for_restart_event =
       tor_evtimer_new(tor_libevent_get_base(),
                       tor_shutdown_event_loop_for_restart_cb, NULL);
     event_add(tor_shutdown_event_loop_for_restart_event, &restart_after);
   }
 }
#endif /* defined(ENABLE_RESTART_DEBUGGING) */

 return run_main_loop_until_done();
}

#ifndef _WIN32
/** Rate-limiter for EINVAL-type libevent warnings. */
static ratelim_t libevent_error_ratelim = RATELIM_INIT(10);
#endif

/**
* Run the main loop a single time. Return 0 for "exit"; -1 for "exit with
* error", and 1 for "run this again."
*/
static int
run_main_loop_once(void)
{
 int loop_result;

 if (nt_service_is_stopping())
   return 0;

 if (main_loop_should_exit)
   return 0;

#ifndef _WIN32
 /* Make it easier to tell whether libevent failure is our fault or not. */
 errno = 0;
#endif

 if (get_options()->MainloopStats) {
   /* We always enforce that EVLOOP_ONCE is passed to event_base_loop() if we
    * are collecting main loop statistics. */
   called_loop_once = 1;
 } else {
   called_loop_once = 0;
 }

 /* Make sure we know (about) what time it is. */
 update_approx_time(time(NULL));

 /* Here it is: the main loop.  Here we tell Libevent to poll until we have
  * an event, or the second ends, or until we have some active linked
  * connections to trigger events for.  Libevent will wait till one
  * of these happens, then run all the appropriate callbacks. */
 loop_result = tor_libevent_run_event_loop(tor_libevent_get_base(),
                                           called_loop_once);

 if (get_options()->MainloopStats) {
   /* Update our main loop counters. */
   if (loop_result == 0) {
     // The call was successful.
     increment_main_loop_success_count();
   } else if (loop_result == -1) {
     // The call was erroneous.
     increment_main_loop_error_count();
   } else if (loop_result == 1) {
     // The call didn't have any active or pending events
     // to handle.
     increment_main_loop_idle_count();
   }
 }

 /* Oh, the loop failed.  That might be an error that we need to
  * catch, but more likely, it's just an interrupted poll() call or something,
  * and we should try again. */
 if (loop_result < 0) {
   int e = tor_socket_errno(-1);
   /* let the program survive things like ^z */
   if (e != EINTR && !ERRNO_IS_EINPROGRESS(e)) {
     log_err(LD_NET,"libevent call with %s failed: %s [%d]",
             tor_libevent_get_method(), tor_socket_strerror(e), e);
     return -1;
#ifndef _WIN32
   } else if (e == EINVAL) {
     log_fn_ratelim(&libevent_error_ratelim, LOG_WARN, LD_NET,
                    "EINVAL from libevent: should you upgrade libevent?");
     if (libevent_error_ratelim.n_calls_since_last_time > 8) {
       log_err(LD_NET, "Too many libevent errors, too fast: dying");
       return -1;
     }
#endif /* !defined(_WIN32) */
   } else {
     tor_assert_nonfatal_once(! ERRNO_IS_EINPROGRESS(e));
     log_debug(LD_NET,"libevent call interrupted.");
     /* You can't trust the results of this poll(). Go back to the
      * top of the big for loop. */
     return 1;
   }
 }

 if (main_loop_should_exit)
   return 0;

 return 1;
}

/** Run the run_main_loop_once() function until it declares itself done,
* and return its final return value.
*
* Shadow won't invoke this function, so don't fill it up with things.
*/
STATIC int
run_main_loop_until_done(void)
{
 int loop_result = 1;

 main_loop_should_exit = 0;
 main_loop_exit_value = 0;

 do {
   loop_result = run_main_loop_once();
 } while (loop_result == 1);

 if (main_loop_should_exit)
   return main_loop_exit_value;
 else
   return loop_result;
}

/** Returns Tor's uptime. */
MOCK_IMPL(long,
get_uptime,(void))
{
 return stats_n_seconds_working;
}

/** Reset Tor's uptime. */
MOCK_IMPL(void,
reset_uptime,(void))
{
 stats_n_seconds_working = 0;
}

void
tor_mainloop_free_all(void)
{
 smartlist_free(connection_array);
 smartlist_free(closeable_connection_lst);
 smartlist_free(active_linked_connection_lst);
 teardown_periodic_events();
 tor_event_free(shutdown_did_not_work_event);
 tor_event_free(initialize_periodic_events_event);
 mainloop_event_free(directory_all_unreachable_cb_event);
 mainloop_event_free(schedule_active_linked_connections_event);
 mainloop_event_free(postloop_cleanup_ev);
 mainloop_event_free(handle_deferred_signewnym_ev);
 mainloop_event_free(scheduled_shutdown_ev);
 mainloop_event_free(rescan_periodic_events_ev);

#ifdef HAVE_SYSTEMD_209
 periodic_timer_free(systemd_watchdog_timer);
#endif

 stats_n_bytes_read = stats_n_bytes_written = 0;

 memset(&global_bucket, 0, sizeof(global_bucket));
 memset(&global_relayed_bucket, 0, sizeof(global_relayed_bucket));
 time_of_process_start = 0;
 time_of_last_signewnym = 0;
 signewnym_is_pending = 0;
 newnym_epoch = 0;
 called_loop_once = 0;
 main_loop_should_exit = 0;
 main_loop_exit_value = 0;
 can_complete_circuits = 0;
 quiet_level = 0;
 should_init_bridge_stats = 1;
 heartbeat_callback_first_time = 1;
 current_second = 0;
 memset(&current_second_last_changed, 0,
        sizeof(current_second_last_changed));
}