mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 20:33:31 +01:00
Improve v3 onion service logging for intro and rend points
Diagnostics for #23820.
This commit is contained in:
parent
77ed99b1a7
commit
a4f34c1106
@ -343,6 +343,17 @@ send_establish_intro(const hs_service_t *service,
|
||||
memwipe(payload, 0, sizeof(payload));
|
||||
}
|
||||
|
||||
/* Return a string constant describing the anonymity of service. */
|
||||
static const char *
|
||||
get_service_anonymity_string(const hs_service_t *service)
|
||||
{
|
||||
if (service->config.is_single_onion) {
|
||||
return "single onion";
|
||||
} else {
|
||||
return "hidden";
|
||||
}
|
||||
}
|
||||
|
||||
/* For a given service, the ntor onion key and a rendezvous cookie, launch a
|
||||
* circuit to the rendezvous point specified by the link specifiers. On
|
||||
* success, a circuit identifier is attached to the circuit with the needed
|
||||
@ -370,7 +381,15 @@ launch_rendezvous_point_circuit(const hs_service_t *service,
|
||||
&data->onion_pk,
|
||||
service->config.is_single_onion);
|
||||
if (info == NULL) {
|
||||
/* We are done here, we can't extend to the rendezvous point. */
|
||||
/* We are done here, we can't extend to the rendezvous point.
|
||||
* If you're running an IPv6-only v3 single onion service on 0.3.2 or with
|
||||
* 0.3.2 clients, and somehow disable the option check, it will fail here.
|
||||
*/
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_REND,
|
||||
"Not enough info to open a circuit to a rendezvous point for "
|
||||
"%s service %s.",
|
||||
get_service_anonymity_string(service),
|
||||
safe_str_client(service->onion_address));
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -392,17 +411,19 @@ launch_rendezvous_point_circuit(const hs_service_t *service,
|
||||
}
|
||||
}
|
||||
if (circ == NULL) {
|
||||
log_warn(LD_REND, "Giving up on launching rendezvous circuit to %s "
|
||||
"for service %s",
|
||||
log_warn(LD_REND, "Giving up on launching a rendezvous circuit to %s "
|
||||
"for %s service %s",
|
||||
safe_str_client(extend_info_describe(info)),
|
||||
get_service_anonymity_string(service),
|
||||
safe_str_client(service->onion_address));
|
||||
goto end;
|
||||
}
|
||||
log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
|
||||
"for service %s",
|
||||
"for %s service %s",
|
||||
safe_str_client(extend_info_describe(info)),
|
||||
safe_str_client(hex_str((const char *) data->rendezvous_cookie,
|
||||
REND_COOKIE_LEN)),
|
||||
get_service_anonymity_string(service),
|
||||
safe_str_client(service->onion_address));
|
||||
tor_assert(circ->build_state);
|
||||
/* Rendezvous circuit have a specific timeout for the time spent on trying
|
||||
|
@ -727,15 +727,24 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
|
||||
const hs_descriptor_t *desc;
|
||||
const hs_desc_encrypted_data_t *enc_data;
|
||||
const or_options_t *options = get_options();
|
||||
/* Calculate the onion address for logging purposes */
|
||||
char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
|
||||
|
||||
tor_assert(service_pk);
|
||||
|
||||
desc = hs_cache_lookup_as_client(service_pk);
|
||||
/* Assume the service is v3 if the descriptor is missing. This is ok,
|
||||
* because we only use the address in log messages */
|
||||
hs_build_address(service_pk,
|
||||
desc ? desc->plaintext_data.version : HS_VERSION_THREE,
|
||||
onion_address);
|
||||
if (desc == NULL || !hs_client_any_intro_points_usable(service_pk,
|
||||
desc)) {
|
||||
log_info(LD_REND, "Unable to randomly select an introduction point "
|
||||
"because descriptor %s.",
|
||||
(desc) ? "doesn't have usable intro point" : "is missing");
|
||||
"for service %s because descriptor %s. We can't connect.",
|
||||
safe_str_client(onion_address),
|
||||
(desc) ? "doesn't have any usable intro points"
|
||||
: "is missing (assuming v3 onion address)");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -763,6 +772,10 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
|
||||
if (ei == NULL) {
|
||||
/* We can get here for instance if the intro point is a private address
|
||||
* and we aren't allowed to extend to those. */
|
||||
log_info(LD_REND, "Unable to select introduction point with auth key %s "
|
||||
"for service %s, because we could not extend to it.",
|
||||
safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)),
|
||||
safe_str_client(onion_address));
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -791,14 +804,20 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
|
||||
* set, we are forced to not use anything. */
|
||||
ei = ei_excluded;
|
||||
if (options->StrictNodes) {
|
||||
log_warn(LD_REND, "Every introduction points are in the ExcludeNodes set "
|
||||
"and StrictNodes is set. We can't connect.");
|
||||
log_warn(LD_REND, "Every introduction point for service %s is in the "
|
||||
"ExcludeNodes set and StrictNodes is set. We can't connect.",
|
||||
safe_str_client(onion_address));
|
||||
extend_info_free(ei);
|
||||
ei = NULL;
|
||||
} else {
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_REND, "Every introduction point for service "
|
||||
"%s is unusable or we can't extend to it. We can't connect.",
|
||||
safe_str_client(onion_address));
|
||||
}
|
||||
|
||||
end:
|
||||
smartlist_free(usable_ips);
|
||||
memwipe(onion_address, 0, sizeof(onion_address));
|
||||
return ei;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user