1
//! Entry point of a Tor relay that is the [`TorRelay`] objects
2

            
3
use std::net::SocketAddr;
4
use std::path::{Path, PathBuf};
5
use std::sync::{Arc, Weak};
6

            
7
use anyhow::Context;
8
use tokio::task::JoinSet;
9
use tracing::debug;
10
#[cfg(unix)]
11
use tracing::warn;
12

            
13
use fs_mistrust::Mistrust;
14
use tor_basic_utils::iter_join;
15
use tor_cell::relaycell::RelayCmd;
16
use tor_chanmgr::{ChanMgr, ChanMgrConfig, Dormancy};
17
use tor_config_path::CfgPathResolver;
18
use tor_dirmgr::DirMgrConfig;
19
use tor_keymgr::{ArtiNativeKeystore, KeyMgr, KeyMgrBuilder};
20
use tor_memquota::MemoryQuotaTracker;
21
use tor_netdir::params::NetParameters;
22
use tor_persist::state_dir::StateDirectory;
23
use tor_persist::{FsStateMgr, StateMgr};
24
use tor_proto::relay::CreateRequestHandler;
25
use tor_rtcompat::{NetStreamProvider, Runtime};
26

            
27
use crate::client::RelayClient;
28
use crate::config::TorRelayConfig;
29
use crate::stream::RequestFilter;
30
use crate::tasks::channel::build_circ_net_params;
31
use crate::tasks::crypto::InitKeyMaterial;
32

            
33
/// An initialized but unbootstrapped relay.
34
///
35
/// This intentionally does not have access to the runtime to prevent it from doing network io.
36
///
37
/// The idea is that we can build up the relay's components in an `InertTorRelay` without a runtime,
38
/// and then call `init()` on it and provide a runtime to turn it into a network-capable relay.
39
/// This gives us two advantages:
40
///
41
/// - We can initialize the internal data structures in the `InertTorRelay` (load the keystores,
42
///   configure memquota, etc), which leaves `TorRelay` to just "running" the relay (bootstrapping,
43
///   setting up listening sockets, etc). We don't need to combine the initialization and "running
44
///   the relay" all within the same object.
45
/// - We will likely want to share some of arti's key management subcommands in the future.
46
///   arti-client has an `InertTorClient` which is used so that arti subcommands can access the
47
///   keystore. If we do a similar thing here in arti-relay in the future, it might be nice to have
48
///   an `InertTorRelay` which has these internal data structures, but doesn't need a runtime or
49
///   have any networking capabilities.
50
///
51
/// Time will tell if this ends up being a bad design decision in practice, and we can always change
52
/// it later.
53
pub(crate) struct InertTorRelay {
54
    /// The configuration options for the relay.
55
    config: TorRelayConfig,
56

            
57
    /// The configuration options for the client's directory manager.
58
    dirmgr_config: DirMgrConfig,
59

            
60
    /// Path resolver for expanding variables in [`CfgPath`](tor_config_path::CfgPath)s.
61
    #[expect(unused)] // TODO RELAY remove
62
    path_resolver: CfgPathResolver,
63

            
64
    /// State directory path.
65
    ///
66
    /// The [`StateDirectory`] stored in `state_dir` doesn't seem to have a way of getting the state
67
    /// directory path, so we need to store a copy of the path here.
68
    #[expect(unused)] // TODO RELAY remove
69
    state_path: PathBuf,
70

            
71
    /// Relay's state directory.
72
    #[expect(unused)] // TODO RELAY remove
73
    state_dir: StateDirectory,
74

            
75
    /// Location on disk where we store persistent data.
76
    state_mgr: FsStateMgr,
77

            
78
    /// Key manager. The ownership is shared between the crypto task and the main task
79
    /// [`TorRelay`].
80
    ///
81
    // NOTE: In a future world, would be great if this wouldn't be an Arc<> and we could move it to
82
    // the crypto task so nobody has access to it. For now, this is the compromise for simplicity.
83
    keymgr: Arc<KeyMgr>,
84
}
85

            
86
impl InertTorRelay {
87
    /// Create a new Tor relay with the given configuration.
88
    pub(crate) fn new(
89
        config: TorRelayConfig,
90
        path_resolver: CfgPathResolver,
91
    ) -> anyhow::Result<Self> {
92
        let state_path = config.storage.state_dir(&path_resolver)?;
93
        let cache_path = config.storage.cache_dir(&path_resolver)?;
94

            
95
        let state_dir = StateDirectory::new(&state_path, config.storage.permissions())
96
            .context("Failed to create `StateDirectory`")?;
97
        let state_mgr =
98
            FsStateMgr::from_path_and_mistrust(&state_path, config.storage.permissions())
99
                .context("Failed to create `FsStateMgr`")?;
100

            
101
        // Try to take state ownership early, so we'll know if we have it.
102
        // Note that this `try_lock()` may return `Ok` even if we can't acquire the lock.
103
        // (At this point we don't yet care if we have it.)
104
        let _ignore_status = state_mgr
105
            .try_lock()
106
            .context("Failed to try locking the state manager")?;
107

            
108
        let keymgr = Self::create_keymgr(&state_path, config.storage.permissions())
109
            .context("Failed to create key manager")?;
110

            
111
        let dirmgr_config = DirMgrConfig {
112
            cache_dir: cache_path,
113
            cache_trust: config.storage.permissions().clone(),
114
            network: config.tor_network.clone(),
115
            schedule: Default::default(),
116
            tolerance: Default::default(),
117
            override_net_params: Default::default(),
118
            extensions: Default::default(),
119
        };
120

            
121
        Ok(Self {
122
            config,
123
            dirmgr_config,
124
            path_resolver,
125
            state_path,
126
            state_dir,
127
            state_mgr,
128
            keymgr,
129
        })
130
    }
131

            
132
    /// Connect the [`InertTorRelay`] to the Tor network.
133
    pub(crate) async fn init<R: Runtime>(self, runtime: R) -> anyhow::Result<TorRelay<R>> {
134
        // Attempt to generate any missing keys/cert from the KeyMgr.
135
        let init_key_material = crate::tasks::crypto::init_keys(&runtime, Arc::clone(&self.keymgr))
136
            .context("Failed to generate keys")?;
137

            
138
        TorRelay::init(runtime, self, init_key_material).await
139
    }
140

            
141
    /// Create the [key manager](KeyMgr).
142
    fn create_keymgr(state_path: &Path, mistrust: &Mistrust) -> anyhow::Result<Arc<KeyMgr>> {
143
        let key_store_dir = state_path.join("keystore");
144

            
145
        let persistent_store = ArtiNativeKeystore::from_path_and_mistrust(&key_store_dir, mistrust)
146
            .context("Failed to construct the native keystore")?;
147

            
148
        // Should only log fs paths at debug level or lower,
149
        // unless they're part of a diagnostic message.
150
        debug!("Using relay keystore from {key_store_dir:?}");
151

            
152
        let keymgr = KeyMgrBuilder::default()
153
            .primary_store(Box::new(persistent_store))
154
            .build()
155
            .context("Failed to build the 'KeyMgr'")?;
156
        let keymgr = Arc::new(keymgr);
157

            
158
        // TODO: support C-tor keystore
159

            
160
        Ok(keymgr)
161
    }
162
}
163

            
164
/// Represent an active Relay on the Tor network.
165
pub(crate) struct TorRelay<R: Runtime> {
166
    /// Asynchronous runtime object.
167
    runtime: R,
168

            
169
    /// Memory quota tracker.
170
    #[expect(unused)] // TODO RELAY remove
171
    memquota: Arc<MemoryQuotaTracker>,
172

            
173
    /// A "client" used by relays to construct circuits.
174
    client: RelayClient<R>,
175

            
176
    /// Channel manager, used by circuits etc.
177
    chanmgr: Arc<ChanMgr<R>>,
178

            
179
    /// Handles CREATE* requests on channels.
180
    ///
181
    /// Given to the [`ChanMgr`],
182
    /// which gives it to each channel.
183
    /// We can access this handler directly to update consensus parameters or keys.
184
    create_request_handler: Arc<CreateRequestHandler>,
185

            
186
    /// See [`InertTorRelay::keymgr`].
187
    keymgr: Arc<KeyMgr>,
188

            
189
    /// Listening OR ports.
190
    or_listeners: Vec<<R as NetStreamProvider<SocketAddr>>::Listener>,
191
}
192

            
193
impl<R: Runtime> TorRelay<R> {
194
    /// Create a new Tor relay with the given [`runtime`][tor_rtcompat].
195
    ///
196
    /// We use this to initialize components, open sockets, etc.
197
    /// Doing work with these components should happen in [`TorRelay::run()`].
198
    ///
199
    /// Expected to be called from [`InertTorRelay::init()`].
200
    async fn init(
201
        runtime: R,
202
        inert: InertTorRelay,
203
        init_key_material: InitKeyMaterial,
204
    ) -> anyhow::Result<Self> {
205
        let memquota = MemoryQuotaTracker::new(&runtime, inert.config.system.memory.clone())
206
            .context("Failed to initialize memquota tracker")?;
207

            
208
        // Init the channel manager.
209
        let config = ChanMgrConfig::new(inert.config.channel.clone())
210
            .with_my_addrs(inert.config.relay.advertise.all_addr())
211
            .with_auth_material(Arc::new(init_key_material.chan_auth_keys));
212
        let chanmgr = Arc::new(
213
            ChanMgr::new(
214
                runtime.clone(),
215
                config,
216
                Dormancy::Active,
217
                // TODO: It seems wrong to start with the compiled-in defaults when we might have
218
                // a newer network status on disk that would provide a better initial value,
219
                // but `TorClient` does this too so let's not worry about it.
220
                &NetParameters::default(),
221
                memquota.clone(),
222
            )
223
            .context("Failed to build chan manager")?,
224
        );
225

            
226
        // Init the relay's client.
227
        let client = RelayClient::new(
228
            runtime.clone(),
229
            Arc::clone(&chanmgr),
230
            &inert.config,
231
            &inert.config,
232
            inert.dirmgr_config,
233
            inert.state_mgr,
234
        )
235
        .context("Failed to construct the relay's client")?;
236

            
237
        // Circuit-related network status parameters.
238
        let circ_net_params = build_circ_net_params(client.dirmgr().params().as_ref().as_ref())
239
            .context("Failed to build circuit parameters for CREATE* request handler")?;
240

            
241
        // TODO(relay): add exit configuration, and update this to reject BEGIN and RESOLVE
242
        // if we are not configured to run as an exit
243
        let allow_incoming = &[RelayCmd::BEGIN, RelayCmd::BEGIN_DIR, RelayCmd::RESOLVE];
244

            
245
        // A handler that will process CREATE* requests on channels.
246
        let create_request_handler = CreateRequestHandler::new(
247
            Arc::downgrade(&chanmgr) as Weak<_>,
248
            circ_net_params,
249
            init_key_material.ntor_keys,
250
            Box::new(|| Box::new(RequestFilter::default()) as Box<_>),
251
            allow_incoming,
252
        );
253
        let create_request_handler = Arc::new(create_request_handler);
254

            
255
        // Configure the channel manager to handle CREATE* requests.
256
        //
257
        // We do this once, and can later update its network parameters and keys using the
258
        // `Arc` handle that we store.
259
        // The `ChanMgr` will hold an `Arc<CreateRequestHandler>` and
260
        // the `CreateRequestHandler` will hold a `Weak<ChanMgr>`.
261
        //
262
        // We could technically do something fancier by creating the `ChanMgr` and handler
263
        // inside an `Arc::new_cyclic()` and pass the handler as part of the `ChanMgrConfig`,
264
        // but the code becomes a mess.
265
        chanmgr
266
            .set_create_request_handler(Arc::clone(&create_request_handler))
267
            .context("Failed to set the CREATE* request handler")?;
268

            
269
        // We don't use any custom options on the listening socket.
270
        let listen_options = Default::default();
271

            
272
        // An iterator of `listen()` futures with some extra error handling.
273
        let or_listeners = inert.config.relay.listen.addrs().map(async |addr| {
274
            match runtime.listen(addr, &listen_options).await {
275
                Ok(x) => Some(Ok(x)),
276
                // If we don't support the address family (typically IPv6), only warn.
277
                #[cfg(unix)]
278
                Err(ref e) if e.raw_os_error() == Some(libc::EAFNOSUPPORT) => {
279
                    let message =
280
                        format!("Could not listen at {addr}: address family not supported");
281
                    if addr.is_ipv6() {
282
                        warn!("{message}");
283
                    } else {
284
                        // If we got `EAFNOSUPPORT` for a non-IPv6 address, then warn louder.
285
                        tor_error::warn_report!(e, "{message}");
286
                    }
287
                    None
288
                }
289
                Err(e) => {
290
                    Some(Err(e).with_context(|| format!("Failed to listen at address {addr}")))
291
                }
292
            }
293
        });
294

            
295
        // We await the futures sequentially rather than with something like `join_all` to make
296
        // errors more reproducible.
297
        let or_listeners = {
298
            let mut awaited_listeners = vec![];
299
            for listener in or_listeners {
300
                match listener.await {
301
                    Some(Ok(x)) => awaited_listeners.push(x),
302
                    Some(Err(e)) => return Err(e),
303
                    None => {}
304
                };
305
            }
306
            awaited_listeners
307
        };
308

            
309
        // Typically we would have returned with an error if we failed to listen on an address,
310
        // but we ignore `EAFNOSUPPORT` errors above, so it's possible that all failed with
311
        // `EAFNOSUPPORT` and we ended up here.
312
        if or_listeners.is_empty() {
313
            return Err(anyhow::anyhow!(
314
                "Could not listen at any OR port addresses: {}",
315
                iter_join(", ", inert.config.relay.listen.addrs()),
316
            ));
317
        }
318

            
319
        Ok(Self {
320
            runtime,
321
            memquota,
322
            client,
323
            chanmgr,
324
            create_request_handler,
325
            keymgr: inert.keymgr,
326
            or_listeners,
327
        })
328
    }
329

            
330
    /// Run the actual relay.
331
    ///
332
    /// This only returns if something has gone wrong.
333
    /// Otherwise it runs forever.
334
    pub(crate) async fn run(self) -> anyhow::Result<void::Void> {
335
        let mut task_handles = JoinSet::new();
336

            
337
        // Channel housekeeping task.
338
        task_handles.spawn({
339
            let mut t = crate::tasks::ChannelHouseKeepingTask::new(&self.chanmgr);
340
            async move {
341
                t.start()
342
                    .await
343
                    .context("Failed to run channel house keeping task")
344
            }
345
        });
346

            
347
        // Update the CREATE* request handler when there are new network parameters.
348
        task_handles.spawn({
349
            let create_request_handler = Arc::clone(&self.create_request_handler);
350
            let dir_provider = Arc::clone(self.client.dirmgr());
351
            async {
352
                crate::tasks::channel::update_create_request_handler_netparams(
353
                    create_request_handler,
354
                    dir_provider as Arc<_>,
355
                )
356
                .await
357
                .context("Failed to run create request handler update task")
358
            }
359
        });
360

            
361
        // Listen for new Tor (OR) connections.
362
        task_handles.spawn({
363
            let runtime = self.runtime.clone();
364
            let chanmgr = Arc::clone(&self.chanmgr);
365
            async {
366
                // TODO: Should we give all tasks a `start` method?
367
                crate::tasks::listeners::or_listener(runtime, chanmgr, self.or_listeners)
368
                    .await
369
                    .context("Failed to run OR listener task")
370
            }
371
        });
372

            
373
        // Start the crypto task.
374
        task_handles.spawn({
375
            let reactor = crate::tasks::crypto::Reactor::new(
376
                self.runtime.clone(),
377
                self.chanmgr.clone(),
378
                self.create_request_handler.clone(),
379
                self.keymgr,
380
                self.client.dirmgr().clone(),
381
            )?;
382
            async {
383
                reactor
384
                    .run()
385
                    .await
386
                    .context("Failed to run key rotation task")
387
            }
388
        });
389

            
390
        // Launch client tasks.
391
        //
392
        // We need to hold on to these handles until the relay stops, otherwise dropping these
393
        // handles would stop the background tasks.
394
        //
395
        // These are `tor_rtcompat::scheduler::TaskHandle`s, which don't notify us if they
396
        // stop/crash.
397
        //
398
        // TODO: Whose responsibility is it to ensure that these background tasks don't crash?
399
        // Should we have a way of monitoring these tasks? Or should the circuit manager re-launch
400
        // crashed tasks?
401
        let _client_task_handles = self.client.launch_background_tasks();
402

            
403
        // TODO: More tasks will be spawned here.
404

            
405
        // Now that background tasks are started, bootstrap the client.
406
        self.client
407
            .bootstrap()
408
            .await
409
            .context("Failed to bootstrap the relay's client")?;
410

            
411
        // We block until facism is erradicated or a task ends which means the relay will shutdown
412
        // and facism will have one more chance.
413
        let void = task_handles
414
            .join_next()
415
            .await
416
            .context("Relay task set is empty")?
417
            .context("Relay task join failed")?
418
            .context("Relay task stopped unexpectedly")?;
419

            
420
        // We can never get here since a `Void` cannot be constructed.
421
        void::unreachable(void);
422
    }
423
}