tor

bridges.c (39316B)

---

/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
* \file bridges.c
* \brief Code to manage bridges and bridge selection.
*
* Bridges are fixed entry nodes, used for censorship circumvention.
**/

#define TOR_BRIDGES_PRIVATE

#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "core/or/circuitbuild.h"
#include "core/or/policies.h"
#include "feature/client/bridges.h"
#include "feature/client/entrynodes.h"
#include "feature/client/transports.h"
#include "feature/dirclient/dirclient.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"

#include "core/or/extend_info_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"
#include "feature/nodelist/microdesc_st.h"

/** Information about a configured bridge. Currently this just matches the
* ones in the torrc file, but one day we may be able to learn about new
* bridges on our own, and remember them in the state file. */
struct bridge_info_t {
 /** Address and port of the bridge, as configured by the user.*/
 tor_addr_port_t addrport_configured;
 /** Address of the bridge. */
 tor_addr_t addr;
 /** TLS port for the bridge. */
 uint16_t port;
 /** Boolean: We are re-parsing our bridge list, and we are going to remove
  * this one if we don't find it in the list of configured bridges. */
 unsigned marked_for_removal : 1;
 /** Expected identity digest, or all zero bytes if we don't know what the
  * digest should be. */
 char identity[DIGEST_LEN];

 /** Name of pluggable transport protocol taken from its config line. */
 char *transport_name;

 /** When should we next try to fetch a descriptor for this bridge? */
 download_status_t fetch_status;

 /** A smartlist of k=v values to be passed to the SOCKS proxy, if
     transports are used for this bridge. */
 smartlist_t *socks_args;
};

#define bridge_free(bridge) \
 FREE_AND_NULL(bridge_info_t, bridge_free_, (bridge))

static void bridge_free_(bridge_info_t *bridge);
static void rewrite_node_address_for_bridge(const bridge_info_t *bridge,
                                           node_t *node);

/** A list of configured bridges. Whenever we actually get a descriptor
* for one, we add it as an entry guard.  Note that the order of bridges
* in this list does not necessarily correspond to the order of bridges
* in the torrc. */
static smartlist_t *bridge_list = NULL;

/** Mark every entry of the bridge list to be removed on our next call to
* sweep_bridge_list unless it has first been un-marked. */
void
mark_bridge_list(void)
{
 if (!bridge_list)
   bridge_list = smartlist_new();
 SMARTLIST_FOREACH(bridge_list, bridge_info_t *, b,
                   b->marked_for_removal = 1);
}

/** Remove every entry of the bridge list that was marked with
* mark_bridge_list if it has not subsequently been un-marked. */
void
sweep_bridge_list(void)
{
 if (!bridge_list)
   bridge_list = smartlist_new();
 SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) {
   if (b->marked_for_removal) {
     SMARTLIST_DEL_CURRENT(bridge_list, b);
     bridge_free(b);
   }
 } SMARTLIST_FOREACH_END(b);
}

/** Initialize the bridge list to empty, creating it if needed. */
STATIC void
clear_bridge_list(void)
{
 if (!bridge_list)
   bridge_list = smartlist_new();
 SMARTLIST_FOREACH(bridge_list, bridge_info_t *, b, bridge_free(b));
 smartlist_clear(bridge_list);
}

/** Free the bridge <b>bridge</b>. */
static void
bridge_free_(bridge_info_t *bridge)
{
 if (!bridge)
   return;

 tor_free(bridge->transport_name);
 if (bridge->socks_args) {
   SMARTLIST_FOREACH(bridge->socks_args, char*, s, tor_free(s));
   smartlist_free(bridge->socks_args);
 }

 tor_free(bridge);
}

/** Return a list of all the configured bridges, as bridge_info_t pointers. */
const smartlist_t *
bridge_list_get(void)
{
 if (!bridge_list)
   bridge_list = smartlist_new();
 return bridge_list;
}

/**
* Returns true if there are enough bridges to make a conflux set
* without re-using the same bridge.
*/
bool
conflux_can_exclude_used_bridges(void)
{
 if (smartlist_len(bridge_list_get()) == 1) {
   static bool warned_once = false;
   bridge_info_t *bridge = smartlist_get(bridge_list_get(), 0);
   tor_assert(bridge);

   /* Snowflake is a special case. With one snowflake bridge,
    * you are load balanced among many back-end bridges.
    * So we do not need to warn the user for it. */
   if (bridge->transport_name &&
       strcasecmp(bridge->transport_name, "snowflake") == 0) {
     return false;
   }

   if (!warned_once) {
     log_warn(LD_CIRC, "Only one bridge (transport: '%s') is configured. "
                       "You should have at least two for conflux, "
                       "for any transport that is not 'snowflake'.",
                       bridge->transport_name ?
                         bridge->transport_name : "vanilla");
     warned_once = true;
   }

   return false;
 }

 return true;
}

/**
* Given a <b>bridge</b>, return a pointer to its RSA identity digest, or
* NULL if we don't know one for it.
*/
const uint8_t *
bridge_get_rsa_id_digest(const bridge_info_t *bridge)
{
 tor_assert(bridge);
 if (tor_digest_is_zero(bridge->identity))
   return NULL;
 else
   return (const uint8_t *) bridge->identity;
}

/**
* Given a <b>bridge</b>, return a pointer to its configured addr:port
* combination.
*/
const tor_addr_port_t *
bridge_get_addr_port(const bridge_info_t *bridge)
{
 tor_assert(bridge);
 return &bridge->addrport_configured;
}

/**
* Given a <b>bridge</b>, return the transport name. If none were configured,
* NULL is returned.
*/
const char *
bridget_get_transport_name(const bridge_info_t *bridge)
{
 tor_assert(bridge);
 return bridge->transport_name;
}

/**
* Return true if @a bridge has a transport name for which we don't actually
* know a transport.
*/
bool
bridge_has_invalid_transport(const bridge_info_t *bridge)
{
 const char *tname = bridget_get_transport_name(bridge);
 return tname && transport_get_by_name(tname) == NULL;
}

/** If we have a bridge configured whose digest matches <b>digest</b>, or a
* bridge with no known digest whose address matches any of the
* tor_addr_port_t's in <b>orports</b>, return that bridge.  Else return
* NULL. */
STATIC bridge_info_t *
get_configured_bridge_by_orports_digest(const char *digest,
                                       const smartlist_t *orports)
{
 if (!bridge_list)
   return NULL;
 SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge)
   {
     if (tor_digest_is_zero(bridge->identity)) {
       SMARTLIST_FOREACH_BEGIN(orports, tor_addr_port_t *, ap)
         {
           if (tor_addr_compare(&bridge->addr, &ap->addr, CMP_EXACT) == 0 &&
               bridge->port == ap->port)
             return bridge;
         }
       SMARTLIST_FOREACH_END(ap);
     }
     if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
       return bridge;
   }
 SMARTLIST_FOREACH_END(bridge);
 return NULL;
}

/** If we have a bridge configured whose digest matches <b>digest</b>, or a
* bridge with no known digest whose address matches <b>addr</b>:<b>port</b>,
* return that bridge.  Else return NULL. If <b>digest</b> is NULL, check for
* address/port matches only. */
bridge_info_t *
get_configured_bridge_by_addr_port_digest(const tor_addr_t *addr,
                                         uint16_t port,
                                         const char *digest)
{
 if (!bridge_list)
   return NULL;
 SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge)
   {
     if ((tor_digest_is_zero(bridge->identity) || digest == NULL) &&
         !tor_addr_compare(&bridge->addr, addr, CMP_EXACT) &&
         bridge->port == port)
       return bridge;
     if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
       return bridge;
   }
 SMARTLIST_FOREACH_END(bridge);
 return NULL;
}

/**
* As get_configured_bridge_by_addr_port, but require that the
* address match <b>addr</b>:<b>port</b>, and that the ID digest match
* <b>digest</b>.  (The other function will ignore the address if the
* digest matches.)
*/
bridge_info_t *
get_configured_bridge_by_exact_addr_port_digest(const tor_addr_t *addr,
                                               uint16_t port,
                                               const char *digest)
{
 if (!bridge_list)
   return NULL;
 SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge) {
   if (!tor_addr_compare(&bridge->addr, addr, CMP_EXACT) &&
       bridge->port == port) {

     if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
       return bridge;
     else if (!digest || tor_digest_is_zero(bridge->identity))
       return bridge;
   }

 } SMARTLIST_FOREACH_END(bridge);
 return NULL;
}

/** If we have a bridge configured whose digest matches <b>digest</b>, or a
* bridge with no known digest whose address matches <b>addr</b>:<b>port</b>,
* return 1.  Else return 0. If <b>digest</b> is NULL, check for
* address/port matches only. */
int
addr_is_a_configured_bridge(const tor_addr_t *addr,
                           uint16_t port,
                           const char *digest)
{
 tor_assert(addr);
 return get_configured_bridge_by_addr_port_digest(addr, port, digest) ? 1 : 0;
}

/** If we have a bridge configured whose digest matches
* <b>ei->identity_digest</b>, or a bridge with no known digest whose address
* matches <b>ei->addr</b>:<b>ei->port</b>, return 1.  Else return 0.
* If <b>ei</b> has no onion key configured, check for address/port matches
* only.
*
* Note that if the extend_info_t contains multiple addresses, we return true
* only if _every_ address is a bridge.
*/
int
extend_info_is_a_configured_bridge(const extend_info_t *ei)
{
 const char *digest = curve25519_public_key_is_ok(&ei->curve25519_onion_key)
   ? ei->identity_digest : NULL;
 const tor_addr_port_t *ap1 = NULL, *ap2 = NULL;
 if (! tor_addr_is_null(&ei->orports[0].addr))
   ap1 = &ei->orports[0];
 if (! tor_addr_is_null(&ei->orports[1].addr))
   ap2 = &ei->orports[1];
 IF_BUG_ONCE(ap1 == NULL) {
   return 0;
 }
 return addr_is_a_configured_bridge(&ap1->addr, ap1->port, digest) &&
   (ap2 == NULL ||
    addr_is_a_configured_bridge(&ap2->addr, ap2->port, digest));
}

/** Wrapper around get_configured_bridge_by_addr_port_digest() to look
* it up via router descriptor <b>ri</b>. */
static bridge_info_t *
get_configured_bridge_by_routerinfo(const routerinfo_t *ri)
{
 bridge_info_t *bi = NULL;
 smartlist_t *orports = router_get_all_orports(ri);
 bi = get_configured_bridge_by_orports_digest(ri->cache_info.identity_digest,
                                              orports);
 SMARTLIST_FOREACH(orports, tor_addr_port_t *, p, tor_free(p));
 smartlist_free(orports);
 return bi;
}

/** Return 1 if <b>ri</b> is one of our known bridges, else 0. */
int
routerinfo_is_a_configured_bridge(const routerinfo_t *ri)
{
 return get_configured_bridge_by_routerinfo(ri) ? 1 : 0;
}

/**
* Return 1 iff <b>bridge_list</b> contains entry matching given
* <b>addr</b> and <b>port</b> (and no identity digest) OR
* it contains an  entry whose identity matches <b>digest</b>.
* Otherwise, return 0.
*/
static int
bridge_exists_with_addr_and_port(const tor_addr_t *addr,
                                const uint16_t port,
                                const char *digest)
{
 if (!tor_addr_port_is_valid(addr, port, 0))
   return 0;

 bridge_info_t *bridge =
  get_configured_bridge_by_addr_port_digest(addr, port, digest);

 return (bridge != NULL);
}

/** Return 1 if <b>node</b> is one of our configured bridges, else 0.
* More specifically, return 1 iff: a bridge_info_t object exists in
* <b>bridge_list</b> such that: 1) It's identity is equal to node
* identity OR 2) It's identity digest is zero, but it matches
* address and port of any ORPort in the node.
*/
int
node_is_a_configured_bridge(const node_t *node)
{
 /* First, let's try searching for a bridge with matching identity. */
 if (BUG(fast_mem_is_zero(node->identity, DIGEST_LEN)))
   return 0;

 if (find_bridge_by_digest(node->identity) != NULL)
   return 1;

 /* At this point, we have established that no bridge exists with
  * matching identity digest. However, we still pass it into
  * bridge_exists_* functions because we want further code to
  * check for absence of identity digest in a bridge.
  */
 if (node->ri) {
   if (bridge_exists_with_addr_and_port(&node->ri->ipv4_addr,
                                        node->ri->ipv4_orport,
                                        node->identity))
     return 1;

   if (bridge_exists_with_addr_and_port(&node->ri->ipv6_addr,
                                        node->ri->ipv6_orport,
                                        node->identity))
     return 1;
 } else if (node->rs) {
   if (bridge_exists_with_addr_and_port(&node->rs->ipv4_addr,
                                        node->rs->ipv4_orport,
                                        node->identity))
     return 1;

   if (bridge_exists_with_addr_and_port(&node->rs->ipv6_addr,
                                        node->rs->ipv6_orport,
                                        node->identity))
     return 1;
 }  else if (node->md) {
   if (bridge_exists_with_addr_and_port(&node->md->ipv6_addr,
                                        node->md->ipv6_orport,
                                        node->identity))
     return 1;
 }

 return 0;
}

/** We made a connection to a router at <b>addr</b>:<b>port</b>
* without knowing its digest. Its digest turned out to be <b>digest</b>.
* If it was a bridge, and we still don't know its digest, record it.
*/
void
learned_router_identity(const tor_addr_t *addr, uint16_t port,
                       const char *digest,
                       const ed25519_public_key_t *ed_id)
{
 // XXXX prop220 use ed_id here, once there is some way to specify
 (void)ed_id;
 int learned = 0;
 bridge_info_t *bridge =
   get_configured_bridge_by_exact_addr_port_digest(addr, port, digest);
 if (bridge && tor_digest_is_zero(bridge->identity)) {
   memcpy(bridge->identity, digest, DIGEST_LEN);
   learned = 1;
 }
 /* XXXX prop220 remember bridge ed25519 identities -- add a field */
#if 0
 if (bridge && ed_id &&
     ed25519_public_key_is_zero(&bridge->ed25519_identity) &&
     !ed25519_public_key_is_zero(ed_id)) {
   memcpy(&bridge->ed25519_identity, ed_id, sizeof(*ed_id));
   learned = 1;
 }
#endif /* 0 */
 if (learned) {
   char *transport_info = NULL;
   const char *transport_name =
     find_transport_name_by_bridge_addrport(addr, port);
   if (transport_name)
     tor_asprintf(&transport_info, " (with transport '%s')", transport_name);

   // XXXX prop220 log both fingerprints.
   log_notice(LD_DIR, "Learned fingerprint %s for bridge %s%s.",
              hex_str(digest, DIGEST_LEN), fmt_addrport(addr, port),
              transport_info ? transport_info : "");
   tor_free(transport_info);
   entry_guard_learned_bridge_identity(&bridge->addrport_configured,
                                       (const uint8_t *)digest);
 }
}

/** Return true if <b>bridge</b> has the same identity digest as
*  <b>digest</b>. If <b>digest</b> is NULL, it matches
*  bridges with unspecified identity digests. */
static int
bridge_has_digest(const bridge_info_t *bridge, const char *digest)
{
 if (digest)
   return tor_memeq(digest, bridge->identity, DIGEST_LEN);
 else
   return tor_digest_is_zero(bridge->identity);
}

/** We are about to add a new bridge at <b>addr</b>:<b>port</b>, with optional
* <b>digest</b> and <b>transport_name</b>. Mark for removal any previously
* existing bridge with the same address and port, and warn the user as
* appropriate.
*/
STATIC void
bridge_resolve_conflicts(const tor_addr_t *addr, uint16_t port,
                        const char *digest, const char *transport_name)
{
 /* Iterate the already-registered bridge list:

    If you find a bridge with the same address and port, mark it for
    removal. It doesn't make sense to have two active bridges with
    the same IP:PORT. If the bridge in question has a different
    digest or transport than <b>digest</b>/<b>transport_name</b>,
    it's probably a misconfiguration and we should warn the user.
 */
 SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge) {
   if (bridge->marked_for_removal)
     continue;

   if (tor_addr_eq(&bridge->addr, addr) && (bridge->port == port)) {

     bridge->marked_for_removal = 1;

     if (!bridge_has_digest(bridge, digest) ||
         strcmp_opt(bridge->transport_name, transport_name)) {
       /* warn the user */
       char *bridge_description_new, *bridge_description_old;
       tor_asprintf(&bridge_description_new, "%s:%s:%s",
                    fmt_addrport(addr, port),
                    digest ? hex_str(digest, DIGEST_LEN) : "",
                    transport_name ? transport_name : "");
       tor_asprintf(&bridge_description_old, "%s:%s:%s",
                    fmt_addrport(&bridge->addr, bridge->port),
                    tor_digest_is_zero(bridge->identity) ?
                    "" : hex_str(bridge->identity,DIGEST_LEN),
                    bridge->transport_name ? bridge->transport_name : "");

       log_warn(LD_GENERAL,"Tried to add bridge '%s', but we found a conflict"
                " with the already registered bridge '%s'. We will discard"
                " the old bridge and keep '%s'. If this is not what you"
                " wanted, please change your configuration file accordingly.",
                bridge_description_new, bridge_description_old,
                bridge_description_new);

       tor_free(bridge_description_new);
       tor_free(bridge_description_old);
     }
   }
 } SMARTLIST_FOREACH_END(bridge);
}

/** Return True if we have a bridge that uses a transport with name
*  <b>transport_name</b>. */
MOCK_IMPL(int,
transport_is_needed, (const char *transport_name))
{
 if (!bridge_list)
   return 0;

 SMARTLIST_FOREACH_BEGIN(bridge_list, const bridge_info_t *, bridge) {
   if (bridge->transport_name &&
       !strcmp(bridge->transport_name, transport_name))
     return 1;
 } SMARTLIST_FOREACH_END(bridge);

 return 0;
}

/** Register the bridge information in <b>bridge_line</b> to the
*  bridge subsystem. Steals reference of <b>bridge_line</b>. */
void
bridge_add_from_config(bridge_line_t *bridge_line)
{
 bridge_info_t *b;

 // XXXX prop220 add a way to specify ed25519 ID to bridge_line_t.

 { /* Log the bridge we are about to register: */
   log_debug(LD_GENERAL, "Registering bridge at %s (transport: %s) (%s)",
             fmt_addrport(&bridge_line->addr, bridge_line->port),
             bridge_line->transport_name ?
             bridge_line->transport_name : "no transport",
             tor_digest_is_zero(bridge_line->digest) ?
             "no key listed" : hex_str(bridge_line->digest, DIGEST_LEN));

   if (bridge_line->socks_args) { /* print socks arguments */
     int i = 0;

     tor_assert(smartlist_len(bridge_line->socks_args) > 0);

     log_debug(LD_GENERAL, "Bridge uses %d SOCKS arguments:",
               smartlist_len(bridge_line->socks_args));
     SMARTLIST_FOREACH(bridge_line->socks_args, const char *, arg,
                       log_debug(LD_CONFIG, "%d: %s", ++i, arg));
   }
 }

 bridge_resolve_conflicts(&bridge_line->addr,
                          bridge_line->port,
                          bridge_line->digest,
                          bridge_line->transport_name);

 b = tor_malloc_zero(sizeof(bridge_info_t));
 tor_addr_copy(&b->addrport_configured.addr, &bridge_line->addr);
 b->addrport_configured.port = bridge_line->port;
 tor_addr_copy(&b->addr, &bridge_line->addr);
 b->port = bridge_line->port;
 memcpy(b->identity, bridge_line->digest, DIGEST_LEN);
 if (bridge_line->transport_name)
   b->transport_name = bridge_line->transport_name;
 b->fetch_status.schedule = DL_SCHED_BRIDGE;
 b->fetch_status.increment_on = DL_SCHED_INCREMENT_ATTEMPT;
 /* We can't reset the bridge's download status here, because UseBridges
  * might be 0 now, and it might be changed to 1 much later. */
 b->socks_args = bridge_line->socks_args;
 if (!bridge_list)
   bridge_list = smartlist_new();

 tor_free(bridge_line); /* Deallocate bridge_line now. */

 smartlist_add(bridge_list, b);
}

/** If <b>digest</b> is one of our known bridges, return it. */
STATIC bridge_info_t *
find_bridge_by_digest(const char *digest)
{
 if (! bridge_list)
   return NULL;
 SMARTLIST_FOREACH(bridge_list, bridge_info_t *, bridge,
   {
     if (tor_memeq(bridge->identity, digest, DIGEST_LEN))
       return bridge;
   });
 return NULL;
}

/** Given the <b>addr</b> and <b>port</b> of a bridge, if that bridge
*  supports a pluggable transport, return its name. Otherwise, return
*  NULL. */
const char *
find_transport_name_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
{
 if (!bridge_list)
   return NULL;

 SMARTLIST_FOREACH_BEGIN(bridge_list, const bridge_info_t *, bridge) {
   if (tor_addr_eq(&bridge->addr, addr) &&
       (bridge->port == port))
     return bridge->transport_name;
 } SMARTLIST_FOREACH_END(bridge);

 return NULL;
}

/** If <b>addr</b> and <b>port</b> match the address and port of a
* bridge of ours that uses pluggable transports, place its transport
* in <b>transport</b>.
*
* Return 0 on success (found a transport, or found a bridge with no
* transport, or found no bridge); return -1 if we should be using a
* transport, but the transport could not be found.
*/
int
get_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port,
                                const transport_t **transport)
{
 *transport = NULL;
 if (!bridge_list)
   return 0;

 SMARTLIST_FOREACH_BEGIN(bridge_list, const bridge_info_t *, bridge) {
   if (tor_addr_eq(&bridge->addr, addr) &&
       (bridge->port == port)) { /* bridge matched */
     if (bridge->transport_name) { /* it also uses pluggable transports */
       *transport = transport_get_by_name(bridge->transport_name);
       if (*transport == NULL) { /* it uses pluggable transports, but
                                    the transport could not be found! */
         return -1;
       }
       return 0;
     } else { /* bridge matched, but it doesn't use transports. */
       break;
     }
   }
 } SMARTLIST_FOREACH_END(bridge);

 *transport = NULL;
 return 0;
}

/** Return a smartlist containing all the SOCKS arguments that we
*  should pass to the SOCKS proxy. */
const smartlist_t *
get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
{
 bridge_info_t *bridge = get_configured_bridge_by_addr_port_digest(addr,
                                                                   port,
                                                                   NULL);
 return bridge ? bridge->socks_args : NULL;
}

/** We need to ask <b>bridge</b> for its server descriptor. */
static void
launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
{
 const or_options_t *options = get_options();
 circuit_guard_state_t *guard_state = NULL;

 if (connection_get_by_type_addr_port_purpose(
     CONN_TYPE_DIR, &bridge->addr, bridge->port,
     DIR_PURPOSE_FETCH_SERVERDESC))
   return; /* it's already on the way */

 if (bridge_has_invalid_transport(bridge)) {
   download_status_mark_impossible(&bridge->fetch_status);
   log_warn(LD_CONFIG, "Can't use bridge at %s: there is no configured "
            "transport called \"%s\".",
            safe_str_client(fmt_and_decorate_addr(&bridge->addr)),
            bridget_get_transport_name(bridge));
   return; /* Can't use this bridge; it has not */
 }

 if (routerset_contains_bridge(options->ExcludeNodes, bridge)) {
   download_status_mark_impossible(&bridge->fetch_status);
   log_warn(LD_APP, "Not using bridge at %s: it is in ExcludeNodes.",
            safe_str_client(fmt_and_decorate_addr(&bridge->addr)));
   return;
 }

 /* Until we get a descriptor for the bridge, we only know one address for
  * it. */
 if (!reachable_addr_allows_addr(&bridge->addr, bridge->port,
                                           FIREWALL_OR_CONNECTION, 0, 0)) {
   log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a "
              "bridge, but that bridge is not reachable through our "
              "firewall.");
   return;
 }

 /* If we already have a node_t for this bridge, rewrite its address now. */
 node_t *node = node_get_mutable_by_id(bridge->identity);
 if (node) {
   rewrite_node_address_for_bridge(bridge, node);
 }

 tor_addr_port_t bridge_addrport;
 memcpy(&bridge_addrport.addr, &bridge->addr, sizeof(tor_addr_t));
 bridge_addrport.port = bridge->port;

 guard_state = get_guard_state_for_bridge_desc_fetch(bridge->identity);

 directory_request_t *req =
   directory_request_new(DIR_PURPOSE_FETCH_SERVERDESC);
 directory_request_set_or_addr_port(req, &bridge_addrport);
 directory_request_set_directory_id_digest(req, bridge->identity);
 directory_request_set_router_purpose(req, ROUTER_PURPOSE_BRIDGE);
 directory_request_set_resource(req, "authority.z");
 if (guard_state) {
   directory_request_set_guard_state(req, guard_state);
 }
 directory_initiate_request(req);
 directory_request_free(req);
}

/** Fetching the bridge descriptor from the bridge authority returned a
* "not found". Fall back to trying a direct fetch. */
void
retry_bridge_descriptor_fetch_directly(const char *digest)
{
 bridge_info_t *bridge = find_bridge_by_digest(digest);
 if (!bridge)
   return; /* not found? oh well. */

 launch_direct_bridge_descriptor_fetch(bridge);
}

/** For each bridge in our list for which we don't currently have a
* descriptor, fetch a new copy of its descriptor -- either directly
* from the bridge or via a bridge authority. */
void
fetch_bridge_descriptors(const or_options_t *options, time_t now)
{
 int num_bridge_auths = get_n_authorities(BRIDGE_DIRINFO);
 int ask_bridge_directly;
 int can_use_bridge_authority;

 if (!bridge_list)
   return;

 /* If we still have unconfigured managed proxies, don't go and
    connect to a bridge. */
 if (pt_proxies_configuration_pending())
   return;

 SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge)
   {
     /* This resets the download status on first use */
     if (!download_status_is_ready(&bridge->fetch_status, now))
       continue; /* don't bother, no need to retry yet */
     if (routerset_contains_bridge(options->ExcludeNodes, bridge)) {
       download_status_mark_impossible(&bridge->fetch_status);
       log_warn(LD_APP, "Not using bridge at %s: it is in ExcludeNodes.",
                safe_str_client(fmt_and_decorate_addr(&bridge->addr)));
       continue;
     }

     /* schedule the next attempt
      * we can't increment after a failure, because sometimes we use the
      * bridge authority, and sometimes we use the bridge direct */
     download_status_increment_attempt(
                       &bridge->fetch_status,
                       safe_str_client(fmt_and_decorate_addr(&bridge->addr)),
                       now);

     can_use_bridge_authority = !tor_digest_is_zero(bridge->identity) &&
                                num_bridge_auths;
     ask_bridge_directly = !can_use_bridge_authority ||
                           !options->UpdateBridgesFromAuthority;
     log_debug(LD_DIR, "ask_bridge_directly=%d (%d, %d, %d)",
               ask_bridge_directly, tor_digest_is_zero(bridge->identity),
               !options->UpdateBridgesFromAuthority, !num_bridge_auths);

     if (ask_bridge_directly &&
         !reachable_addr_allows_addr(&bridge->addr, bridge->port,
                                               FIREWALL_OR_CONNECTION, 0,
                                               0)) {
       log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our "
                  "firewall policy. %s.",
                  fmt_addrport(&bridge->addr, bridge->port),
                  can_use_bridge_authority ?
                    "Asking bridge authority instead" : "Skipping");
       if (can_use_bridge_authority)
         ask_bridge_directly = 0;
       else
         continue;
     }

     if (ask_bridge_directly) {
       /* we need to ask the bridge itself for its descriptor. */
       launch_direct_bridge_descriptor_fetch(bridge);
     } else {
       /* We have a digest and we want to ask an authority. We could
        * combine all the requests into one, but that may give more
        * hints to the bridge authority than we want to give. */
       char resource[10 + HEX_DIGEST_LEN];
       memcpy(resource, "fp/", 3);
       base16_encode(resource+3, HEX_DIGEST_LEN+1,
                     bridge->identity, DIGEST_LEN);
       memcpy(resource+3+HEX_DIGEST_LEN, ".z", 3);
       log_info(LD_DIR, "Fetching bridge info '%s' from bridge authority.",
                resource);
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC,
               ROUTER_PURPOSE_BRIDGE, resource, 0, DL_WANT_AUTHORITY);
     }
   }
 SMARTLIST_FOREACH_END(bridge);
}

/** If our <b>bridge</b> is configured to be a different address than
* the bridge gives in <b>node</b>, rewrite the routerinfo
* we received to use the address we meant to use. Now we handle
* multihomed bridges better.
*/
static void
rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
{
 /* XXXX move this function. */
 /* XXXX overridden addresses should really live in the node_t, so that the
  *   routerinfo_t and the microdesc_t can be immutable.  But we can only
  *   do that safely if we know that no function that connects to an OR
  *   does so through an address from any source other than node_get_addr().
  */
 const or_options_t *options = get_options();

 if (node->ri) {
   routerinfo_t *ri = node->ri;
   if ((!tor_addr_compare(&bridge->addr, &ri->ipv4_addr, CMP_EXACT) &&
        bridge->port == ri->ipv4_orport) ||
       (!tor_addr_compare(&bridge->addr, &ri->ipv6_addr, CMP_EXACT) &&
        bridge->port == ri->ipv6_orport)) {
     /* they match, so no need to do anything */
   } else {
     if (tor_addr_family(&bridge->addr) == AF_INET) {
       tor_addr_copy(&ri->ipv4_addr, &bridge->addr);
       ri->ipv4_orport = bridge->port;
       log_info(LD_DIR,
                "Adjusted bridge routerinfo for '%s' to match configured "
                "address %s:%d.",
                ri->nickname, fmt_addr(&ri->ipv4_addr), ri->ipv4_orport);
     } else if (tor_addr_family(&bridge->addr) == AF_INET6) {
       tor_addr_copy(&ri->ipv6_addr, &bridge->addr);
       ri->ipv6_orport = bridge->port;
       log_info(LD_DIR,
                "Adjusted bridge routerinfo for '%s' to match configured "
                "address %s.",
                ri->nickname, fmt_addrport(&ri->ipv6_addr, ri->ipv6_orport));
     } else {
       log_err(LD_BUG, "Address family not supported: %d.",
               tor_addr_family(&bridge->addr));
       return;
     }
   }

   if (options->ClientPreferIPv6ORPort == -1) {
     /* Mark which address to use based on which bridge_t we got. */
     node->ipv6_preferred = (tor_addr_family(&bridge->addr) == AF_INET6 &&
                             !tor_addr_is_null(&node->ri->ipv6_addr));
   } else {
     /* Mark which address to use based on user preference */
     node->ipv6_preferred = (reachable_addr_prefer_ipv6_orport(options) &&
                             !tor_addr_is_null(&node->ri->ipv6_addr));
   }

   /* XXXipv6 we lack support for falling back to another address for
      the same relay, warn the user */
   if (!tor_addr_is_null(&ri->ipv6_addr)) {
     tor_addr_port_t ap;
     node_get_pref_orport(node, &ap);
     log_notice(LD_CONFIG,
                "Bridge '%s' has both an IPv4 and an IPv6 address.  "
                "Will prefer using its %s address (%s) based on %s.",
                ri->nickname,
                node->ipv6_preferred ? "IPv6" : "IPv4",
                fmt_addrport(&ap.addr, ap.port),
                options->ClientPreferIPv6ORPort == -1 ?
                "the configured Bridge address" :
                "ClientPreferIPv6ORPort");
   }
 }
 if (node->rs) {
   routerstatus_t *rs = node->rs;

   if ((!tor_addr_compare(&bridge->addr, &rs->ipv4_addr, CMP_EXACT) &&
       bridge->port == rs->ipv4_orport) ||
      (!tor_addr_compare(&bridge->addr, &rs->ipv6_addr, CMP_EXACT) &&
       bridge->port == rs->ipv6_orport)) {
     /* they match, so no need to do anything */
   } else {
     if (tor_addr_family(&bridge->addr) == AF_INET) {
       tor_addr_copy(&rs->ipv4_addr, &bridge->addr);
       rs->ipv4_orport = bridge->port;
       log_info(LD_DIR,
                "Adjusted bridge routerstatus for '%s' to match "
                "configured address %s.",
                rs->nickname, fmt_addrport(&bridge->addr, rs->ipv4_orport));
     /* set IPv6 preferences even if there is no ri */
     } else if (tor_addr_family(&bridge->addr) == AF_INET6) {
       tor_addr_copy(&rs->ipv6_addr, &bridge->addr);
       rs->ipv6_orport = bridge->port;
       log_info(LD_DIR,
                "Adjusted bridge routerstatus for '%s' to match configured"
                " address %s.",
                rs->nickname, fmt_addrport(&rs->ipv6_addr, rs->ipv6_orport));
     } else {
       log_err(LD_BUG, "Address family not supported: %d.",
               tor_addr_family(&bridge->addr));
       return;
     }
   }

   if (options->ClientPreferIPv6ORPort == -1) {
     /* Mark which address to use based on which bridge_t we got. */
     node->ipv6_preferred = (tor_addr_family(&bridge->addr) == AF_INET6 &&
                             !tor_addr_is_null(&node->rs->ipv6_addr));
   } else {
     /* Mark which address to use based on user preference */
     node->ipv6_preferred = (reachable_addr_prefer_ipv6_orport(options) &&
                             !tor_addr_is_null(&node->rs->ipv6_addr));
   }

   /* XXXipv6 we lack support for falling back to another address for
   the same relay, warn the user */
   if (!tor_addr_is_null(&rs->ipv6_addr)) {
     tor_addr_port_t ap;
     node_get_pref_orport(node, &ap);
     log_notice(LD_CONFIG,
                "Bridge '%s' has both an IPv4 and an IPv6 address.  "
                "Will prefer using its %s address (%s) based on %s.",
                rs->nickname,
                node->ipv6_preferred ? "IPv6" : "IPv4",
                fmt_addrport(&ap.addr, ap.port),
                options->ClientPreferIPv6ORPort == -1 ?
                "the configured Bridge address" :
                "ClientPreferIPv6ORPort");
   }
 }
}

/** We just learned a descriptor for a bridge. See if that
* digest is in our entry guard list, and add it if not. Schedule the
* next fetch for a long time from now, and initiate any follow-up
* activities like continuing to bootstrap.
*
* <b>from_cache</b> * tells us whether we fetched it from disk (else
* the network)
*
* <b>desc_is_new</b> tells us if we preferred it to the old version we
* had, if any. */
void
learned_bridge_descriptor(routerinfo_t *ri, int from_cache, int desc_is_new)
{
 tor_assert(ri);
 tor_assert(ri->purpose == ROUTER_PURPOSE_BRIDGE);
 if (get_options()->UseBridges) {
   /* Retry directory downloads whenever we get a bridge descriptor:
    * - when bootstrapping, and
    * - when we aren't sure if any of our bridges are reachable.
    * Keep on retrying until we have at least one reachable bridge. */
   int first = num_bridges_usable(0) < 1;
   bridge_info_t *bridge = get_configured_bridge_by_routerinfo(ri);
   time_t now = time(NULL);
   router_set_status(ri->cache_info.identity_digest, 1);

   if (bridge) { /* if we actually want to use this one */
     node_t *node;
     if (!from_cache) {
       /* This schedules the re-fetch at a constant interval, which produces
        * a pattern of bridge traffic. But it's better than trying all
        * configured bridges several times in the first few minutes. */
       download_status_reset(&bridge->fetch_status);
       /* it's here; schedule its re-fetch for a long time from now. */
       bridge->fetch_status.next_attempt_at +=
         get_options()->TestingBridgeDownloadInitialDelay;
     }

     node = node_get_mutable_by_id(ri->cache_info.identity_digest);
     tor_assert(node);
     rewrite_node_address_for_bridge(bridge, node);
     if (tor_digest_is_zero(bridge->identity)) {
       memcpy(bridge->identity,ri->cache_info.identity_digest, DIGEST_LEN);
       log_notice(LD_DIR, "Learned identity %s for bridge at %s:%d",
                  hex_str(bridge->identity, DIGEST_LEN),
                  fmt_and_decorate_addr(&bridge->addr),
                  (int) bridge->port);
     }
     entry_guard_learned_bridge_identity(&bridge->addrport_configured,
                             (const uint8_t*)ri->cache_info.identity_digest);

     if (desc_is_new)
       log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s",
                  ri->nickname,
                  from_cache ? "cached" : "fresh", router_describe(ri));
     /* If we didn't have a reachable bridge before this one, try directory
      * documents again. */
     if (first) {
       routerlist_retry_directory_downloads(now);
     }
   }
 }
}

/** Return a smartlist containing all bridge identity digests */
MOCK_IMPL(smartlist_t *,
list_bridge_identities, (void))
{
 smartlist_t *result = NULL;
 char *digest_tmp;

 if (get_options()->UseBridges && bridge_list) {
   result = smartlist_new();

   SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) {
     digest_tmp = tor_malloc(DIGEST_LEN);
     memcpy(digest_tmp, b->identity, DIGEST_LEN);
     smartlist_add(result, digest_tmp);
   } SMARTLIST_FOREACH_END(b);
 }

 return result;
}

/** Get the download status for a bridge descriptor given its identity */
MOCK_IMPL(download_status_t *,
get_bridge_dl_status_by_id, (const char *digest))
{
 download_status_t *dl = NULL;

 if (digest && get_options()->UseBridges && bridge_list) {
   SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) {
     if (tor_memeq(digest, b->identity, DIGEST_LEN)) {
       dl = &(b->fetch_status);
       break;
     }
   } SMARTLIST_FOREACH_END(b);
 }

 return dl;
}

/** Release all storage held in bridges.c */
void
bridges_free_all(void)
{
 clear_bridge_list();
 smartlist_free(bridge_list);
 bridge_list = NULL;
}