Grcov report - relay.rs

1

//! Entry point of a Tor relay that is the [`TorRelay`] objects

2

3

use std::net::SocketAddr;

4

use std::path::{Path, PathBuf};

5

use std::sync::{Arc, Weak};

6

7

use anyhow::Context;

8

use tokio::task::JoinSet;

9

use tor_proto::RelayChannelAuthMaterial;

10

use tracing::debug;

11

#[cfg(unix)]

12

use tracing::warn;

13

14

use fs_mistrust::Mistrust;

15

use tor_basic_utils::iter_join;

16

use tor_chanmgr::{ChanMgr, ChanMgrConfig, Dormancy};

17

use tor_config_path::CfgPathResolver;

18

use tor_dirmgr::DirMgrConfig;

19

use tor_keymgr::{ArtiNativeKeystore, KeyMgr, KeyMgrBuilder};

20

use tor_memquota::MemoryQuotaTracker;

21

use tor_netdir::params::NetParameters;

22

use tor_persist::state_dir::StateDirectory;

23

use tor_persist::{FsStateMgr, StateMgr};

24

use tor_proto::relay::CreateRequestHandler;

25

use tor_rtcompat::{NetStreamProvider, Runtime};

26

27

use crate::client::RelayClient;

28

use crate::config::TorRelayConfig;

29

use crate::tasks::channel::build_circ_net_params;

30

use crate::tasks::crypto::get_ntor_keys;

31

32

/// An initialized but unbootstrapped relay.

33

///

34

/// This intentionally does not have access to the runtime to prevent it from doing network io.

35

///

36

/// The idea is that we can build up the relay's components in an `InertTorRelay` without a runtime,

37

/// and then call `init()` on it and provide a runtime to turn it into a network-capable relay.

38

/// This gives us two advantages:

39

///

40

/// - We can initialize the internal data structures in the `InertTorRelay` (load the keystores,

41

///   configure memquota, etc), which leaves `TorRelay` to just "running" the relay (bootstrapping,

42

///   setting up listening sockets, etc). We don't need to combine the initialization and "running

43

///   the relay" all within the same object.

44

/// - We will likely want to share some of arti's key management subcommands in the future.

45

///   arti-client has an `InertTorClient` which is used so that arti subcommands can access the

46

///   keystore. If we do a similar thing here in arti-relay in the future, it might be nice to have

47

///   an `InertTorRelay` which has these internal data structures, but doesn't need a runtime or

48

///   have any networking capabilities.

49

///

50

/// Time will tell if this ends up being a bad design decision in practice, and we can always change

51

/// it later.

52

#[derive(Clone)]

53

pub(crate) struct InertTorRelay {

54

    /// The configuration options for the relay.

55

    config: TorRelayConfig,

56

57

    /// The configuration options for the client's directory manager.

58

    dirmgr_config: DirMgrConfig,

59

60

    /// Path resolver for expanding variables in [`CfgPath`](tor_config_path::CfgPath)s.

61

    #[expect(unused)] // TODO RELAY remove

62

    path_resolver: CfgPathResolver,

63

64

    /// State directory path.

65

///

66

    /// The [`StateDirectory`] stored in `state_dir` doesn't seem to have a way of getting the state

67

    /// directory path, so we need to store a copy of the path here.

68

    #[expect(unused)] // TODO RELAY remove

69

    state_path: PathBuf,

70

71

    /// Relay's state directory.

72

    #[expect(unused)] // TODO RELAY remove

73

    state_dir: StateDirectory,

74

75

    /// Location on disk where we store persistent data.

76

    state_mgr: FsStateMgr,

77

78

    /// Key manager holding all relay keys and certificates.

79

    keymgr: Arc<KeyMgr>,

80

81

82

impl InertTorRelay {

83

    /// Create a new Tor relay with the given configuration.

84

    pub(crate) fn new(

85

        config: TorRelayConfig,

86

        path_resolver: CfgPathResolver,

87

    ) -> anyhow::Result<Self> {

88

        let state_path = config.storage.state_dir(&path_resolver)?;

89

        let cache_path = config.storage.cache_dir(&path_resolver)?;

90

91

        let state_dir = StateDirectory::new(&state_path, config.storage.permissions())

92

            .context("Failed to create `StateDirectory`")?;

93

        let state_mgr =

94

            FsStateMgr::from_path_and_mistrust(&state_path, config.storage.permissions())

95

                .context("Failed to create `FsStateMgr`")?;

96

97

        // Try to take state ownership early, so we'll know if we have it.

98

        // Note that this `try_lock()` may return `Ok` even if we can't acquire the lock.

99

        // (At this point we don't yet care if we have it.)

100

        let _ignore_status = state_mgr

101

            .try_lock()

102

            .context("Failed to try locking the state manager")?;

103

104

        let keymgr = Self::create_keymgr(&state_path, config.storage.permissions())

105

            .context("Failed to create key manager")?;

106

107

        let dirmgr_config = DirMgrConfig {

108

            cache_dir: cache_path,

109

            cache_trust: config.storage.permissions().clone(),

110

            network: config.tor_network.clone(),

111

            schedule: Default::default(),

112

            tolerance: Default::default(),

113

            override_net_params: Default::default(),

114

            extensions: Default::default(),

115

};

116

117

        Ok(Self {

118

            config,

119

            dirmgr_config,

120

            path_resolver,

121

            state_path,

122

            state_dir,

123

            state_mgr,

124

            keymgr,

125

})

126

127

128

    /// Connect the [`InertTorRelay`] to the Tor network.

129

    pub(crate) async fn init<R: Runtime>(self, runtime: R) -> anyhow::Result<TorRelay<R>> {

130

        // Attempt to generate any missing keys/cert from the KeyMgr.

131

        let auth_material = crate::tasks::crypto::try_generate_keys(&runtime, &self.keymgr)

132

            .context("Failed to generate keys")?;

133

134

        TorRelay::init(runtime, self, auth_material).await

135

136

137

    /// Create the [key manager](KeyMgr).

138

    fn create_keymgr(state_path: &Path, mistrust: &Mistrust) -> anyhow::Result<Arc<KeyMgr>> {

139

        let key_store_dir = state_path.join("keystore");

140

141

        let persistent_store = ArtiNativeKeystore::from_path_and_mistrust(&key_store_dir, mistrust)

142

            .context("Failed to construct the native keystore")?;

143

144

        // Should only log fs paths at debug level or lower,

145

        // unless they're part of a diagnostic message.

146

        debug!("Using relay keystore from {key_store_dir:?}");

147

148

        let keymgr = KeyMgrBuilder::default()

149

            .primary_store(Box::new(persistent_store))

150

            .build()

151

            .context("Failed to build the 'KeyMgr'")?;

152

        let keymgr = Arc::new(keymgr);

153

154

        // TODO: support C-tor keystore

155

156

        Ok(keymgr)

157

158

159

160

/// Represent an active Relay on the Tor network.

161

pub(crate) struct TorRelay<R: Runtime> {

162

    /// Asynchronous runtime object.

163

    runtime: R,

164

165

    /// Memory quota tracker.

166

    #[expect(unused)] // TODO RELAY remove

167

    memquota: Arc<MemoryQuotaTracker>,

168

169

    /// A "client" used by relays to construct circuits.

170

    client: RelayClient<R>,

171

172

    /// Channel manager, used by circuits etc.

173

    chanmgr: Arc<ChanMgr<R>>,

174

175

    /// Handles CREATE* requests on channels.

176

///

177

    /// Given to the [`ChanMgr`],

178

    /// which gives it to each channel.

179

    /// We can access this handler directly to update consensus parameters or keys.

180

    create_request_handler: Arc<CreateRequestHandler>,

181

182

    /// See [`InertTorRelay::keymgr`].

183

    keymgr: Arc<KeyMgr>,

184

185

    /// Listening OR ports.

186

    or_listeners: Vec<<R as NetStreamProvider<SocketAddr>>::Listener>,

187

188

189

impl<R: Runtime> TorRelay<R> {

190

    /// Create a new Tor relay with the given [`runtime`][tor_rtcompat].

191

///

192

    /// We use this to initialize components, open sockets, etc.

193

    /// Doing work with these components should happen in [`TorRelay::run()`].

194

///

195

    /// Expected to be called from [`InertTorRelay::init()`].

196

    async fn init(

197

        runtime: R,

198

        inert: InertTorRelay,

199

        auth_material: RelayChannelAuthMaterial,

200

    ) -> anyhow::Result<Self> {

201

        let memquota = MemoryQuotaTracker::new(&runtime, inert.config.system.memory.clone())

202

            .context("Failed to initialize memquota tracker")?;

203

204

        // Init the channel manager.

205

        let config = ChanMgrConfig::new(inert.config.channel.clone())

206

            .with_my_addrs(inert.config.relay.advertise.all_addr())

207

            .with_auth_material(Arc::new(auth_material));

208

        let chanmgr = Arc::new(

209

            ChanMgr::new(

210

                runtime.clone(),

211

                config,

212

                Dormancy::Active,

213

                // TODO: It seems wrong to start with the compiled-in defaults when we might have

214

                // a newer network status on disk that would provide a better initial value,

215

                // but `TorClient` does this too so let's not worry about it.

216

                &NetParameters::default(),

217

                memquota.clone(),

218

219

            .context("Failed to build chan manager")?,

220

);

221

222

        // Init the relay's client.

223

        let client = RelayClient::new(

224

            runtime.clone(),

225

            Arc::clone(&chanmgr),

226

            &inert.config,

227

            &inert.config,

228

            inert.dirmgr_config,

229

            inert.state_mgr,

230

231

        .context("Failed to construct the relay's client")?;

232

233

        // Circuit-related network status parameters.

234

        let circ_net_params = build_circ_net_params(client.dirmgr().params().as_ref().as_ref())

235

            .context("Failed to build circuit parameters for CREATE* request handler")?;

236

237

        // A handler that will process CREATE* requests on channels.

238

        let ntor_keys = get_ntor_keys(&inert.keymgr)

239

            .context("Failed to get ntor keys for CREATE* request handler")?;

240

        let create_request_handler = CreateRequestHandler::new(

241

            Arc::downgrade(&chanmgr) as Weak<_>,

242

            circ_net_params,

243

            ntor_keys,

244

);

245

        let create_request_handler = Arc::new(create_request_handler);

246

247

        // Configure the channel manager to handle CREATE* requests.

248

//

249

        // We do this once, and can later update its network parameters and keys using the

250

        // `Arc` handle that we store.

251

        // The `ChanMgr` will hold an `Arc<CreateRequestHandler>` and

252

        // the `CreateRequestHandler` will hold a `Weak<ChanMgr>`.

253

//

254

        // We could technically do something fancier by creating the `ChanMgr` and handler

255

        // inside an `Arc::new_cyclic()` and pass the handler as part of the `ChanMgrConfig`,

256

        // but the code becomes a mess.

257

        chanmgr

258

            .set_create_request_handler(Arc::clone(&create_request_handler))

259

            .context("Failed to set the CREATE* request handler")?;

260

261

        // An iterator of `listen()` futures with some extra error handling.

262

        let or_listeners = inert.config.relay.listen.addrs().map(async |addr| {

263

            match runtime.listen(addr).await {

264

                Ok(x) => Some(Ok(x)),

265

                // If we don't support the address family (typically IPv6), only warn.

266

                #[cfg(unix)]

267

                Err(ref e) if e.raw_os_error() == Some(libc::EAFNOSUPPORT) => {

268

                    let message =

269

                        format!("Could not listen at {addr}: address family not supported");

270

                    if addr.is_ipv6() {

271

                        warn!("{message}");

272

                    } else {

273

                        // If we got `EAFNOSUPPORT` for a non-IPv6 address, then warn louder.

274

                        tor_error::warn_report!(e, "{message}");

275

276

                    None

277

278

                Err(e) => {

279

                    Some(Err(e).with_context(|| format!("Failed to listen at address {addr}")))

280

281

282

});

283

284

        // We await the futures sequentially rather than with something like `join_all` to make

285

        // errors more reproducible.

286

        let or_listeners = {

287

            let mut awaited_listeners = vec![];

288

            for listener in or_listeners {

289

                match listener.await {

290

                    Some(Ok(x)) => awaited_listeners.push(x),

291

                    Some(Err(e)) => return Err(e),

292

                    None => {}

293

};

294

295

            awaited_listeners

296

};

297

298

        // Typically we would have returned with an error if we failed to listen on an address,

299

        // but we ignore `EAFNOSUPPORT` errors above, so it's possible that all failed with

300

        // `EAFNOSUPPORT` and we ended up here.

301

        if or_listeners.is_empty() {

302

            return Err(anyhow::anyhow!(

303

                "Could not listen at any OR port addresses: {}",

304

                iter_join(", ", inert.config.relay.listen.addrs()),

305

));

306

307

308

        Ok(Self {

309

            runtime,

310

            memquota,

311

            client,

312

            chanmgr,

313

            create_request_handler,

314

            keymgr: inert.keymgr,

315

            or_listeners,

316

})

317

318

319

    /// Run the actual relay.

320

///

321

    /// This only returns if something has gone wrong.

322

    /// Otherwise it runs forever.

323

    pub(crate) async fn run(self) -> anyhow::Result<void::Void> {

324

        let mut task_handles = JoinSet::new();

325

326

        // Channel housekeeping task.

327

        task_handles.spawn({

328

            let mut t = crate::tasks::ChannelHouseKeepingTask::new(&self.chanmgr);

329

            async move {

330

                t.start()

331

                    .await

332

                    .context("Failed to run channel house keeping task")

333

334

});

335

336

        // Update the CREATE* request handler when there are new network parameters.

337

        task_handles.spawn({

338

            let create_request_handler = Arc::clone(&self.create_request_handler);

339

            let dir_provider = Arc::clone(self.client.dirmgr());

340

            async {

341

                crate::tasks::channel::update_create_request_handler_netparams(

342

                    create_request_handler,

343

                    dir_provider as Arc<_>,

344

345

                .await

346

                .context("Failed to run create request handler update task")

347

348

});

349

350

        // Listen for new Tor (OR) connections.

351

        task_handles.spawn({

352

            let runtime = self.runtime.clone();

353

            let chanmgr = Arc::clone(&self.chanmgr);

354

            async {

355

                // TODO: Should we give all tasks a `start` method?

356

                crate::tasks::listeners::or_listener(runtime, chanmgr, self.or_listeners)

357

                    .await

358

                    .context("Failed to run OR listener task")

359

360

});

361

362

        // Start the key rotation tasks.

363

        task_handles.spawn({

364

            let runtime = self.runtime.clone();

365

            let keymgr = self.keymgr.clone();

366

            let chanmgr = self.chanmgr.clone();

367

            let create_request_handler = Arc::clone(&self.create_request_handler);

368

            async {

369

                crate::tasks::crypto::rotate_keys_task(

370

                    runtime,

371

                    keymgr,

372

                    chanmgr,

373

                    create_request_handler,

374

375

                .await

376

                .context("Failed to run key rotation task")

377

378

});

379

380

        // Launch client tasks.

381

//

382

        // We need to hold on to these handles until the relay stops, otherwise dropping these

383

        // handles would stop the background tasks.

384

//

385

        // These are `tor_rtcompat::scheduler::TaskHandle`s, which don't notify us if they

386

        // stop/crash.

387

//

388

        // TODO: Whose responsibility is it to ensure that these background tasks don't crash?

389

        // Should we have a way of monitoring these tasks? Or should the circuit manager re-launch

390

        // crashed tasks?

391

        let _client_task_handles = self.client.launch_background_tasks();

392

393

        // TODO: More tasks will be spawned here.

394

395

        // Now that background tasks are started, bootstrap the client.

396

        self.client

397

            .bootstrap()

398

            .await

399

            .context("Failed to bootstrap the relay's client")?;

400

401

        // We block until facism is erradicated or a task ends which means the relay will shutdown

402

        // and facism will have one more chance.

403

        let void = task_handles

404

            .join_next()

405

            .await

406

            .context("Relay task set is empty")?

407

            .context("Relay task join failed")?

408

            .context("Relay task stopped unexpectedly")?;

409

410

        // We can never get here since a `Void` cannot be constructed.

411

        void::unreachable(void);

412

413

414

    /// Access the relay's key manager.

415

    pub(crate) fn keymgr(&self) -> &Arc<KeyMgr> {

416

        &self.keymgr

417

418