nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 14:23:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve v3 onion service logging for intro and rend points

Browse Source 
Diagnostics for #23820.
This commit is contained in:
teor 2017-10-26 16:48:02 +11:00 committed by Nick Mathewson
parent 77ed99b1a7
commit a4f34c1106
2 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/or/hs_circuit.c
View File

@ -343,6 +343,17 @@ send_establish_intro(const hs_service_t *service,
memwipe(payload, 0, sizeof(payload)); memwipe(payload, 0, sizeof(payload));
} }
/* Return a string constant describing the anonymity of service. */
static const char *
get_service_anonymity_string(const hs_service_t *service)
{
if (service->config.is_single_onion) {
return "single onion";
} else {
return "hidden";
}
}
/* For a given service, the ntor onion key and a rendezvous cookie, launch a /* For a given service, the ntor onion key and a rendezvous cookie, launch a
* circuit to the rendezvous point specified by the link specifiers. On * circuit to the rendezvous point specified by the link specifiers. On
* success, a circuit identifier is attached to the circuit with the needed * success, a circuit identifier is attached to the circuit with the needed
@ -370,7 +381,15 @@ launch_rendezvous_point_circuit(const hs_service_t *service,
&data->onion_pk, &data->onion_pk,
service->config.is_single_onion); service->config.is_single_onion);
if (info == NULL) { if (info == NULL) {
/* We are done here, we can't extend to the rendezvous point. */ /* We are done here, we can't extend to the rendezvous point.
* If you're running an IPv6-only v3 single onion service on 0.3.2 or with
* 0.3.2 clients, and somehow disable the option check, it will fail here.
*/
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Not enough info to open a circuit to a rendezvous point for "
"%s service %s.",
get_service_anonymity_string(service),
safe_str_client(service->onion_address));
goto end; goto end;
} }
@ -392,17 +411,19 @@ launch_rendezvous_point_circuit(const hs_service_t *service,
} }
} }
if (circ == NULL) { if (circ == NULL) {
log_warn(LD_REND, "Giving up on launching rendezvous circuit to %s " log_warn(LD_REND, "Giving up on launching a rendezvous circuit to %s "
"for service %s", "for %s service %s",
safe_str_client(extend_info_describe(info)), safe_str_client(extend_info_describe(info)),
get_service_anonymity_string(service),
safe_str_client(service->onion_address)); safe_str_client(service->onion_address));
goto end; goto end;
} }
log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s " log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
"for service %s", "for %s service %s",
safe_str_client(extend_info_describe(info)), safe_str_client(extend_info_describe(info)),
safe_str_client(hex_str((const char *) data->rendezvous_cookie, safe_str_client(hex_str((const char *) data->rendezvous_cookie,
REND_COOKIE_LEN)), REND_COOKIE_LEN)),
get_service_anonymity_string(service),
safe_str_client(service->onion_address)); safe_str_client(service->onion_address));
tor_assert(circ->build_state); tor_assert(circ->build_state);
/* Rendezvous circuit have a specific timeout for the time spent on trying /* Rendezvous circuit have a specific timeout for the time spent on trying

27
src/or/hs_client.c
View File

@ -727,15 +727,24 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
const hs_descriptor_t *desc; const hs_descriptor_t *desc;
const hs_desc_encrypted_data_t *enc_data; const hs_desc_encrypted_data_t *enc_data;
const or_options_t *options = get_options(); const or_options_t *options = get_options();
/* Calculate the onion address for logging purposes */
char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
tor_assert(service_pk); tor_assert(service_pk);
desc = hs_cache_lookup_as_client(service_pk); desc = hs_cache_lookup_as_client(service_pk);
/* Assume the service is v3 if the descriptor is missing. This is ok,
* because we only use the address in log messages */
hs_build_address(service_pk,
desc ? desc->plaintext_data.version : HS_VERSION_THREE,
onion_address);
if (desc == NULL || !hs_client_any_intro_points_usable(service_pk, if (desc == NULL || !hs_client_any_intro_points_usable(service_pk,
desc)) { desc)) {
log_info(LD_REND, "Unable to randomly select an introduction point " log_info(LD_REND, "Unable to randomly select an introduction point "
"because descriptor %s.", "for service %s because descriptor %s. We can't connect.",
(desc) ? "doesn't have usable intro point" : "is missing"); safe_str_client(onion_address),
(desc) ? "doesn't have any usable intro points"
: "is missing (assuming v3 onion address)");
goto end; goto end;
} }
@ -763,6 +772,10 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
if (ei == NULL) { if (ei == NULL) {
/* We can get here for instance if the intro point is a private address /* We can get here for instance if the intro point is a private address
* and we aren't allowed to extend to those. */ * and we aren't allowed to extend to those. */
log_info(LD_REND, "Unable to select introduction point with auth key %s "
"for service %s, because we could not extend to it.",
safe_str_client(ed25519_fmt(&ip->auth_key_cert->signed_key)),
safe_str_client(onion_address));
continue; continue;
} }
@ -791,14 +804,20 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
* set, we are forced to not use anything. */ * set, we are forced to not use anything. */
ei = ei_excluded; ei = ei_excluded;
if (options->StrictNodes) { if (options->StrictNodes) {
log_warn(LD_REND, "Every introduction points are in the ExcludeNodes set " log_warn(LD_REND, "Every introduction point for service %s is in the "
"and StrictNodes is set. We can't connect."); "ExcludeNodes set and StrictNodes is set. We can't connect.",
safe_str_client(onion_address));
extend_info_free(ei); extend_info_free(ei);
ei = NULL; ei = NULL;
} else {
log_fn(LOG_PROTOCOL_WARN, LD_REND, "Every introduction point for service "
"%s is unusable or we can't extend to it. We can't connect.",
safe_str_client(onion_address));
} }
end: end:
smartlist_free(usable_ips); smartlist_free(usable_ips);
memwipe(onion_address, 0, sizeof(onion_address));
return ei; return ei;
} }