nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 05:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removed getter abstraction and moved from rephist to relay_metrics.

Browse Source
This commit is contained in:
friendly73 2023-03-21 14:25:57 +00:00 committed by David Goulet
parent 2f8a88448d
commit 1899b6230d
6 changed files with 118 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/feature/hs/hs_intropoint.c
View File

@ -15,6 +15,7 @@
#include "core/or/circuituse.h"
#include "core/or/relay.h"
#include "feature/rend/rendmid.h"
#include "feature/relay/relay_metrics.h"
#include "feature/stats/rephist.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/time/compat_time.h"
@ -419,7 +420,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
/* Check that the circuit is in shape to become an intro point */
if (!hs_intro_circuit_is_suitable_for_establish_intro(circ)) {
rep_hist_note_est_intro_action(EST_INTRO_UNSUITABLE_CIRCUIT);
increment_est_intro_action(EST_INTRO_UNSUITABLE_CIRCUIT);
goto err;
}
@ -427,7 +428,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
ssize_t parsing_result = trn_cell_establish_intro_parse(&parsed_cell,
request, request_len);
if (parsing_result < 0) {
rep_hist_note_est_intro_action(EST_INTRO_MALFORMED);
increment_est_intro_action(EST_INTRO_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Rejecting %s ESTABLISH_INTRO cell.",
parsing_result == -1 ? "invalid" : "truncated");
@ -438,7 +439,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
(uint8_t *) circ->rend_circ_nonce,
sizeof(circ->rend_circ_nonce));
if (cell_ok < 0) {
rep_hist_note_est_intro_action(EST_INTRO_MALFORMED);
increment_est_intro_action(EST_INTRO_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Failed to verify ESTABLISH_INTRO cell.");
goto err;
@ -447,11 +448,11 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
/* This cell is legit. Take the appropriate actions. */
cell_ok = handle_verified_establish_intro_cell(circ, parsed_cell);
if (cell_ok < 0) {
rep_hist_note_est_intro_action(EST_INTRO_CIRCUIT_DEAD);
increment_est_intro_action(EST_INTRO_CIRCUIT_DEAD);
goto err;
}
rep_hist_note_est_intro_action(EST_INTRO_SUCCESS);
increment_est_intro_action(EST_INTRO_SUCCESS);
/* We are done! */
retval = 0;
goto done;
@ -510,7 +511,7 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
tor_assert(request);
if (request_len == 0) {
rep_hist_note_est_intro_action(EST_INTRO_MALFORMED);
increment_est_intro_action(EST_INTRO_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Empty ESTABLISH_INTRO cell.");
goto err;
}
@ -523,12 +524,12 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1:
/* Likely version 2 onion service which is now obsolete. Avoid a
* protocol warning considering they still exists on the network. */
rep_hist_note_est_intro_action(EST_INTRO_MALFORMED);
increment_est_intro_action(EST_INTRO_MALFORMED);
goto err;
case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519:
return handle_establish_intro(circ, request, request_len);
default:
rep_hist_note_est_intro_action(EST_INTRO_MALFORMED);
increment_est_intro_action(EST_INTRO_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Unrecognized AUTH_KEY_TYPE %u.", first_byte);
goto err;
@ -652,7 +653,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
ssize_t cell_size = trn_cell_introduce1_parse(&parsed_cell, request,
request_len);
if (cell_size < 0) {
rep_hist_note_intro1_action(INTRO1_MALFORMED);
increment_intro1_action(INTRO1_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Rejecting %s INTRODUCE1 cell. Responding with NACK.",
cell_size == -1 ? "invalid" : "truncated");
@ -663,7 +664,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
/* Once parsed validate the cell format. */
if (validate_introduce1_parsed_cell(parsed_cell) < 0) {
rep_hist_note_intro1_action(INTRO1_MALFORMED);
increment_intro1_action(INTRO1_MALFORMED);
/* Inform client that the INTRODUCE1 has bad format. */
status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT;
goto send_ack;
@ -675,7 +676,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
get_auth_key_from_cell(&auth_key, RELAY_COMMAND_INTRODUCE1, parsed_cell);
service_circ = hs_circuitmap_get_intro_circ_v3_relay_side(&auth_key);
if (service_circ == NULL) {
rep_hist_note_intro1_action(INTRO1_UNKNOWN_SERVICE);
increment_intro1_action(INTRO1_UNKNOWN_SERVICE);
char b64_key[ED25519_BASE64_LEN + 1];
ed25519_public_to_base64(b64_key, &auth_key);
log_info(LD_REND, "No intro circuit found for INTRODUCE1 cell "
@ -691,7 +692,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
/* Before sending, lets make sure this cell can be sent on the service
* circuit asking the DoS defenses. */
if (!hs_dos_can_send_intro2(service_circ)) {
rep_hist_note_intro1_action(INTRO1_RATE_LIMITED);
increment_intro1_action(INTRO1_RATE_LIMITED);
char *msg;
static ratelim_t rlimit = RATELIM_INIT(5 * 60);
if ((msg = rate_limit_log(&rlimit, approx_time()))) {
@ -708,7 +709,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(service_circ),
RELAY_COMMAND_INTRODUCE2,
(char *) request, request_len, NULL)) {
rep_hist_note_intro1_action(INTRO1_CIRCUIT_DEAD);
increment_intro1_action(INTRO1_CIRCUIT_DEAD);
log_warn(LD_PROTOCOL, "Unable to send INTRODUCE2 cell to the service.");
/* Inform the client that we can't relay the cell. Use the unknown ID
* status code since it means that we do not know the service. */
@ -716,7 +717,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
goto send_ack;
}
rep_hist_note_intro1_action(INTRO1_SUCCESS);
increment_intro1_action(INTRO1_SUCCESS);
/* Success! Send an INTRODUCE_ACK success status onto the client circuit. */
status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
ret = 0;
@ -747,7 +748,7 @@ circuit_is_suitable_for_introduce1(const or_circuit_t *circ)
}
if (circ->already_received_introduce1) {
rep_hist_note_intro1_action(INTRO1_CIRCUIT_REUSED);
increment_intro1_action(INTRO1_CIRCUIT_REUSED);
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Blocking multiple introductions on the same circuit. "
"Someone might be trying to attack a hidden service through "
@ -757,7 +758,7 @@ circuit_is_suitable_for_introduce1(const or_circuit_t *circ)
/* Disallow single hop client circuit. */
if (circ->p_chan && channel_is_client(circ->p_chan)) {
rep_hist_note_intro1_action(INTRO1_SINGLE_HOP);
increment_intro1_action(INTRO1_SINGLE_HOP);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Single hop client was rejected while trying to introduce. "
"Closing circuit.");
@ -779,7 +780,7 @@ hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request,
/* A cell that can't hold a DIGEST_LEN is invalid. */
if (request_len < DIGEST_LEN) {
rep_hist_note_intro1_action(INTRO1_MALFORMED);
increment_intro1_action(INTRO1_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Invalid INTRODUCE1 cell length.");
goto err;
}

45
src/feature/relay/relay_metrics.c
View File

@ -1053,6 +1053,14 @@ fill_signing_cert_expiry(void)
}
}
static uint64_t est_intro_actions[EST_INTRO_ACTION_COUNT] = {0};
void
increment_est_intro_action(est_intro_action_t action)
{
est_intro_actions[action]++;
}
static void
fill_est_intro_cells(void)
{
@ -1076,11 +1084,19 @@ fill_est_intro_cells(void)
metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
metrics_store_entry_add_label(
sentry, metrics_format_label("action", actions[i].name));
metrics_store_entry_update(
sentry, (long)rep_hist_get_est_intro_action_count(actions[i].key));
metrics_store_entry_update(sentry,
(long)est_intro_actions[actions[i].key]);
}
}
static uint64_t est_rend_actions[EST_REND_ACTION_COUNT] = {0};
void
increment_est_rend_action(est_rend_action_t action)
{
est_rend_actions[action]++;
}
static void
fill_est_rend_cells(void)
{
@ -1106,11 +1122,18 @@ fill_est_rend_cells(void)
metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
metrics_store_entry_add_label(
sentry, metrics_format_label("action", actions[i].name));
metrics_store_entry_update(
sentry, (long)rep_hist_get_est_rend_action_count(actions[i].key));
metrics_store_entry_update(sentry, (long)est_rend_actions[actions[i].key]);
}
}
static uint64_t intro1_actions[INTRO1_ACTION_COUNT] = {0};
void
increment_intro1_action(intro1_action_t action)
{
intro1_actions[action]++;
}
static void
fill_intro1_cells(void)
{
@ -1137,11 +1160,18 @@ fill_intro1_cells(void)
metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
metrics_store_entry_add_label(
sentry, metrics_format_label("action", actions[i].name));
metrics_store_entry_update(
sentry, (long)rep_hist_get_intro1_action_count(actions[i].key));
metrics_store_entry_update(sentry, (long)intro1_actions[actions[i].key]);
}
}
static uint64_t rend1_actions[REND1_ACTION_COUNT] = {0};
void
increment_rend1_action(rend1_action_t action)
{
rend1_actions[action]++;
}
static void
fill_rend1_cells(void)
{
@ -1166,8 +1196,7 @@ fill_rend1_cells(void)
metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
metrics_store_entry_add_label(
sentry, metrics_format_label("action", actions[i].name));
metrics_store_entry_update(
sentry, (long)rep_hist_get_rend1_action_count(actions[i].key));
metrics_store_entry_update(sentry, (long)rend1_actions[actions[i].key]);
}
}

50
src/feature/relay/relay_metrics.h
View File

@ -80,4 +80,54 @@ void relay_metrics_free(void);
/* Accessors. */
const smartlist_t *relay_metrics_get_stores(void);
typedef enum {
EST_INTRO_SUCCESS,
EST_INTRO_MALFORMED,
EST_INTRO_UNSUITABLE_CIRCUIT,
EST_INTRO_CIRCUIT_DEAD,
EST_INTRO_ACTION_COUNT
} est_intro_action_t;
void increment_est_intro_action(est_intro_action_t);
typedef enum {
EST_REND_SUCCESS,
EST_REND_UNSUITABLE_CIRCUIT,
EST_REND_SINGLE_HOP,
EST_REND_MALFORMED,
EST_REND_DUPLICATE_COOKIE,
EST_REND_CIRCUIT_DEAD,
EST_REND_ACTION_COUNT
} est_rend_action_t;
void increment_est_rend_action(est_rend_action_t);
typedef enum {
INTRO1_SUCCESS,
INTRO1_CIRCUIT_DEAD,
INTRO1_MALFORMED,
INTRO1_UNKNOWN_SERVICE,
INTRO1_RATE_LIMITED,
INTRO1_CIRCUIT_REUSED,
INTRO1_SINGLE_HOP,
INTRO1_ACTION_COUNT
} intro1_action_t;
void increment_intro1_action(intro1_action_t);
typedef enum {
REND1_SUCCESS,
REND1_UNSUITABLE_CIRCUIT,
REND1_MALFORMED,
REND1_UNKNOWN_COOKIE,
REND1_CIRCUIT_DEAD,
REND1_ACTION_COUNT
} rend1_action_t;
void increment_rend1_action(rend1_action_t);
#endif /* !defined(TOR_FEATURE_RELAY_RELAY_METRICS_H) */

26
src/feature/rend/rendmid.c
View File

@ -19,7 +19,7 @@
#include "feature/hs/hs_circuitmap.h"
#include "feature/hs/hs_dos.h"
#include "feature/hs/hs_intropoint.h"
#include "feature/stats/rephist.h"
#include "feature/relay/relay_metrics.h"
#include "core/or/or_circuit_st.h"
@ -37,7 +37,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
(unsigned)circ->p_circ_id);
if (circ->base_.purpose != CIRCUIT_PURPOSE_OR) {
rep_hist_note_est_rend_action(EST_REND_UNSUITABLE_CIRCUIT);
increment_est_rend_action(EST_REND_UNSUITABLE_CIRCUIT);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Tried to establish rendezvous on non-OR circuit with purpose %s",
circuit_purpose_to_string(circ->base_.purpose));
@ -48,7 +48,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
* attempt to establish rendezvous points directly to us. */
if (channel_is_client(circ->p_chan) &&
dos_should_refuse_single_hop_client()) {
rep_hist_note_est_rend_action(EST_REND_SINGLE_HOP);
increment_est_rend_action(EST_REND_SINGLE_HOP);
/* Note it down for the heartbeat log purposes. */
dos_note_refuse_single_hop_client();
/* Silent drop so the client has to time out before moving on. */
@ -56,21 +56,21 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
}
if (circ->base_.n_chan) {
rep_hist_note_est_rend_action(EST_REND_UNSUITABLE_CIRCUIT);
increment_est_rend_action(EST_REND_UNSUITABLE_CIRCUIT);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Tried to establish rendezvous on non-edge circuit");
goto err;
}
if (request_len != REND_COOKIE_LEN) {
rep_hist_note_est_rend_action(EST_REND_MALFORMED);
increment_est_rend_action(EST_REND_MALFORMED);
log_fn(LOG_PROTOCOL_WARN,
LD_PROTOCOL, "Invalid length on ESTABLISH_RENDEZVOUS.");
goto err;
}
if (hs_circuitmap_get_rend_circ_relay_side(request)) {
rep_hist_note_est_rend_action(EST_REND_DUPLICATE_COOKIE);
increment_est_rend_action(EST_REND_DUPLICATE_COOKIE);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.");
goto err;
@ -80,13 +80,13 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
RELAY_COMMAND_RENDEZVOUS_ESTABLISHED,
"", 0, NULL)<0) {
rep_hist_note_est_rend_action(EST_REND_CIRCUIT_DEAD);
increment_est_rend_action(EST_REND_CIRCUIT_DEAD);
log_warn(LD_PROTOCOL, "Couldn't send RENDEZVOUS_ESTABLISHED cell.");
/* Stop right now, the circuit has been closed. */
return -1;
}
rep_hist_note_est_rend_action(EST_REND_SUCCESS);
increment_est_rend_action(EST_REND_SUCCESS);
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_REND_POINT_WAITING);
hs_circuitmap_register_rend_circ_relay_side(circ, request);
@ -116,7 +116,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
int reason = END_CIRC_REASON_INTERNAL;
if (circ->base_.purpose != CIRCUIT_PURPOSE_OR || circ->base_.n_chan) {
rep_hist_note_rend1_action(REND1_UNSUITABLE_CIRCUIT);
increment_rend1_action(REND1_UNSUITABLE_CIRCUIT);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Tried to complete rendezvous on non-OR or non-edge circuit %u.",
(unsigned)circ->p_circ_id);
@ -125,7 +125,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
}
if (request_len < REND_COOKIE_LEN) {
rep_hist_note_rend1_action(REND1_MALFORMED);
increment_rend1_action(REND1_MALFORMED);
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Rejecting RENDEZVOUS1 cell with bad length (%d) on circuit %u.",
(int)request_len, (unsigned)circ->p_circ_id);
@ -145,7 +145,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
* client gives up on a rendezvous circuit after sending INTRODUCE1, but
* before the onion service sends the RENDEZVOUS1 cell.
*/
rep_hist_note_rend1_action(REND1_UNKNOWN_COOKIE);
increment_rend1_action(REND1_UNKNOWN_COOKIE);
log_fn(LOG_DEBUG, LD_PROTOCOL,
"Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.",
hexid);
@ -166,7 +166,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
RELAY_COMMAND_RENDEZVOUS2,
(char*)(request+REND_COOKIE_LEN),
request_len-REND_COOKIE_LEN, NULL)) {
rep_hist_note_rend1_action(REND1_CIRCUIT_DEAD);
increment_rend1_action(REND1_CIRCUIT_DEAD);
log_warn(LD_GENERAL,
"Unable to send RENDEZVOUS2 cell to client on circuit %u.",
(unsigned)rend_circ->p_circ_id);
@ -174,7 +174,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
return -1;
}
rep_hist_note_rend1_action(REND1_SUCCESS);
increment_rend1_action(REND1_SUCCESS);
/* Join the circuits. */
log_info(LD_REND,
"Completing rendezvous: circuit %u joins circuit %u (cookie %s)",

53
src/feature/stats/rephist.c
View File

@ -3038,56 +3038,3 @@ rep_hist_get_hs_v3_stats(void)
return hs_v3_stats;
}
#endif /* defined(TOR_UNIT_TESTS) */
static uint64_t est_intro_actions[EST_INTRO_ACTION_COUNT] = {0};
static uint64_t est_rend_actions[EST_REND_ACTION_COUNT] = {0};
static uint64_t intro1_actions[INTRO1_ACTION_COUNT] = {0};
static uint64_t rend1_actions[REND1_ACTION_COUNT] = {0};
void
rep_hist_note_est_intro_action(est_intro_action_t action)
{
est_intro_actions[action]++;
}
uint64_t
rep_hist_get_est_intro_action_count(est_intro_action_t action)
{
return est_intro_actions[action];
}
void
rep_hist_note_est_rend_action(est_rend_action_t action)
{
est_rend_actions[action]++;
}
uint64_t
rep_hist_get_est_rend_action_count(est_rend_action_t action)
{
return est_rend_actions[action];
}
void
rep_hist_note_intro1_action(intro1_action_t action)
{
intro1_actions[action]++;
}
uint64_t
rep_hist_get_intro1_action_count(intro1_action_t action)
{
return intro1_actions[action];
}
void
rep_hist_note_rend1_action(rend1_action_t action)
{
rend1_actions[action]++;
}
uint64_t
rep_hist_get_rend1_action_count(rend1_action_t action)
{
return rend1_actions[action];
}

54
src/feature/stats/rephist.h
View File

@ -200,57 +200,3 @@ const struct hs_v3_stats_t *rep_hist_get_hs_v3_stats(void);
#endif /* defined(TOR_UNIT_TESTS) */
#endif /* !defined(TOR_REPHIST_H) */
typedef enum {
EST_INTRO_SUCCESS,
EST_INTRO_MALFORMED,
EST_INTRO_UNSUITABLE_CIRCUIT,
EST_INTRO_CIRCUIT_DEAD,
EST_INTRO_ACTION_COUNT
} est_intro_action_t;
void rep_hist_note_est_intro_action(est_intro_action_t);
uint64_t rep_hist_get_est_intro_action_count(est_intro_action_t);
typedef enum {
EST_REND_SUCCESS,
EST_REND_UNSUITABLE_CIRCUIT,
EST_REND_SINGLE_HOP,
EST_REND_MALFORMED,
EST_REND_DUPLICATE_COOKIE,
EST_REND_CIRCUIT_DEAD,
EST_REND_ACTION_COUNT
} est_rend_action_t;
void rep_hist_note_est_rend_action(est_rend_action_t);
uint64_t rep_hist_get_est_rend_action_count(est_rend_action_t);
typedef enum {
INTRO1_SUCCESS,
INTRO1_CIRCUIT_DEAD,
INTRO1_MALFORMED,
INTRO1_UNKNOWN_SERVICE,
INTRO1_RATE_LIMITED,
INTRO1_CIRCUIT_REUSED,
INTRO1_SINGLE_HOP,
INTRO1_ACTION_COUNT
} intro1_action_t;
void rep_hist_note_intro1_action(intro1_action_t);
uint64_t rep_hist_get_intro1_action_count(intro1_action_t);
typedef enum {
REND1_SUCCESS,
REND1_UNSUITABLE_CIRCUIT,
REND1_MALFORMED,
REND1_UNKNOWN_COOKIE,
REND1_CIRCUIT_DEAD,
REND1_ACTION_COUNT
} rend1_action_t;
void rep_hist_note_rend1_action(rend1_action_t);
uint64_t rep_hist_get_rend1_action_count(rend1_action_t);