nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clients do not request version 0 hidserv descs anymore.

Browse Source
This commit is contained in:
Karsten Loesing 2009-05-03 00:09:18 +02:00 committed by Nick Mathewson
parent 0d68da2381
commit f79688ddef
7 changed files with 43 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/or/circuituse.c
View File

@ -1110,12 +1110,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
log_info(LD_REND,
"No intro points for '%s': refetching service descriptor.",
safe_str(conn->rend_data->onion_address));
/* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
* arrives first. Exception: When using client authorization, only
* fetch v2 descriptors.*/
rend_client_refetch_v2_renddesc(conn->rend_data);
if (conn->rend_data->auth_type == REND_NO_AUTH)
rend_client_refetch_renddesc(conn->rend_data->onion_address);
conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
return 0;
}

14
src/or/connection.c
View File

@ -544,13 +544,6 @@ connection_about_to_close_connection(connection_t *conn)
* failed: forget about this router, and maybe try again. */
connection_dir_request_failed(dir_conn);
}
if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC && dir_conn->rend_data) {
/* Give it a try. However, there is no re-fetching for v0 rend
* descriptors; if the response is empty or the descriptor is
* unusable, close pending connections (unless a v2 request is
* still in progress). */
rend_client_desc_trynow(dir_conn->rend_data->onion_address, 0);
}
/* If we were trying to fetch a v2 rend desc and did not succeed,
* retry as needed. (If a fetch is successful, the connection state
* is changed to DIR_PURPOSE_HAS_FETCHED_RENDDESC to mark that
@ -2576,8 +2569,8 @@ connection_get_by_type_state(int type, int state)
/** Return a connection of type <b>type</b> that has rendquery equal
* to <b>rendquery</b>, and that is not marked for close. If state
* is non-zero, conn must be of that state too. If rendversion is
* nonnegative, conn must be fetching that rendversion, too.
* is non-zero, conn must be of that state too. (rendversion is
* ignored.)
*/
connection_t *
connection_get_by_type_state_rendquery(int type, int state,
@ -2585,6 +2578,7 @@ connection_get_by_type_state_rendquery(int type, int state,
int rendversion)
{
smartlist_t *conns = get_connection_array();
(void) rendversion;
tor_assert(type == CONN_TYPE_DIR ||
type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
@ -2597,8 +2591,6 @@ connection_get_by_type_state_rendquery(int type, int state,
(!state || state == conn->state)) {
if (type == CONN_TYPE_DIR &&
TO_DIR_CONN(conn)->rend_data &&
(rendversion < 0 ||
rendversion == TO_DIR_CONN(conn)->rend_data->rend_desc_version) &&
!rend_cmp_service_ids(rendquery,
TO_DIR_CONN(conn)->rend_data->onion_address))
return conn;

10
src/or/connection_edge.c
View File

@ -1675,12 +1675,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
log_info(LD_REND, "Unknown descriptor %s. Fetching.",
safe_str(conn->rend_data->onion_address));
/* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
* arrives first. Exception: When using client authorization, only
* fetch v2 descriptors.*/
rend_client_refetch_v2_renddesc(conn->rend_data);
if (conn->rend_data->auth_type == REND_NO_AUTH)
rend_client_refetch_renddesc(conn->rend_data->onion_address);
} else { /* r > 0 */
/** How long after we receive a hidden service descriptor do we consider
* it valid? */
@ -1697,12 +1692,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
log_info(LD_REND, "Stale descriptor %s. Refetching.",
safe_str(conn->rend_data->onion_address));
/* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
* arrives first. Exception: When using client authorization, only
* fetch v2 descriptors.*/
rend_client_refetch_v2_renddesc(conn->rend_data);
if (conn->rend_data->auth_type == REND_NO_AUTH)
rend_client_refetch_renddesc(conn->rend_data->onion_address);
}
}
return 0;

21
src/or/directory.c
View File

@ -1050,31 +1050,10 @@ directory_send_command(dir_connection_t *conn,
httpcommand = "POST";
url = tor_strdup("/tor/post/consensus-signature");
break;
case DIR_PURPOSE_FETCH_RENDDESC:
tor_assert(resource);
tor_assert(!payload);
/* this must be true or we wouldn't be doing the lookup */
tor_assert(strlen(resource) <= REND_SERVICE_ID_LEN_BASE32);
/* This breaks the function abstraction. */
conn->rend_data = tor_malloc_zero(sizeof(rend_data_t));
strlcpy(conn->rend_data->onion_address, resource,
sizeof(conn->rend_data->onion_address));
conn->rend_data->rend_desc_version = 0;
httpcommand = "GET";
/* Request the most recent versioned descriptor. */
// (XXXX We were going to switch this to fetch rendezvous1 descriptors,
// but that never got testing, and it wasn't a good design.)
len = strlen(resource)+32;
url = tor_malloc(len);
tor_snprintf(url, len, "/tor/rendezvous/%s", resource);
break;
case DIR_PURPOSE_FETCH_RENDDESC_V2:
tor_assert(resource);
tor_assert(strlen(resource) <= REND_DESC_ID_V2_LEN_BASE32);
tor_assert(!payload);
conn->rend_data->rend_desc_version = 2;
httpcommand = "GET";
len = strlen(resource) + 32;
url = tor_malloc(len);

11
src/or/or.h
View File

@ -730,12 +730,6 @@ typedef struct rend_data_t {
/** Rendezvous cookie used by both, client and service. */
char rend_cookie[REND_COOKIE_LEN];
/** Rendezvous descriptor version that is used by a service. Used to
* distinguish introduction and rendezvous points belonging to the same
* rendezvous service ID, but different descriptor versions.
*/
uint8_t rend_desc_version;
} rend_data_t;
/** Time interval for tracking possible replays of INTRODUCE2 cells.
@ -4014,7 +4008,6 @@ void rend_client_introcirc_has_opened(origin_circuit_t *circ);
void rend_client_rendcirc_has_opened(origin_circuit_t *circ);
int rend_client_introduction_acked(origin_circuit_t *circ, const char *request,
size_t request_len);
void rend_client_refetch_renddesc(const char *query);
void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query);
int rend_client_remove_intro_point(extend_info_t *failed_intro,
const rend_data_t *rend_query);
@ -4089,10 +4082,6 @@ void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
int command, size_t length, const char *payload);
void rend_service_descriptor_free(rend_service_descriptor_t *desc);
int rend_encode_service_descriptor(rend_service_descriptor_t *desc,
crypto_pk_env_t *key,
char **str_out,
size_t *len_out);
rend_service_descriptor_t *rend_parse_service_descriptor(const char *str,
size_t len);
int rend_get_service_id(crypto_pk_env_t *pk, char *out);

59
src/or/rendclient.c
View File

@ -63,7 +63,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
rend_cache_entry_t *entry;
crypt_path_t *cpath;
off_t dh_offset;
crypto_pk_env_t *intro_key; /* either Bob's public key or an intro key. */
crypto_pk_env_t *intro_key = NULL;
tor_assert(introcirc->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
tor_assert(rendcirc->_base.purpose == CIRCUIT_PURPOSE_C_REND_READY);
@ -80,10 +80,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
goto err;
}
/* first 20 bytes of payload are the hash of bob's pk */
if (entry->parsed->version == 0) { /* unversioned descriptor */
intro_key = entry->parsed->pk;
} else { /* versioned descriptor */
/* first 20 bytes of payload are the hash of the intro key */
intro_key = NULL;
SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
intro, {
@ -97,7 +94,6 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
log_warn(LD_BUG, "Internal error: could not find intro key.");
goto err;
}
}
if (crypto_pk_get_digest(intro_key, payload)<0) {
log_warn(LD_BUG, "Internal error: couldn't hash public key.");
goto err;
@ -451,28 +447,6 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
return 1;
}
/** If we are not currently fetching a rendezvous service descriptor
* for the service ID <b>query</b>, start a directory connection to fetch a
* new one.
*/
void
rend_client_refetch_renddesc(const char *query)
{
if (!get_options()->FetchHidServDescriptors)
return;
log_info(LD_REND, "Fetching rendezvous descriptor for service %s",
escaped_safe_str(query));
if (connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query, 0)) {
log_info(LD_REND,"Would fetch a new renddesc here (for %s), but one is "
"already in progress.", escaped_safe_str(query));
} else {
/* not one already; initiate a dir rend desc lookup */
directory_get_from_dirserver(DIR_PURPOSE_FETCH_RENDDESC,
ROUTER_PURPOSE_GENERAL, query,
PDS_RETRY_IF_NO_SERVERS);
}
}
/** Start a connection to a hidden service directory to fetch a v2
* rendezvous service descriptor for the base32-encoded service ID
* <b>query</b>.
@ -552,12 +526,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
if (r==0) {
log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
escaped_safe_str(rend_query->onion_address));
/* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
* arrives first. Exception: When using client authorization, only
* fetch v2 descriptors.*/
rend_client_refetch_v2_renddesc(rend_query);
if (rend_query->auth_type == REND_NO_AUTH)
rend_client_refetch_renddesc(rend_query->onion_address);
return 0;
}
@ -575,12 +544,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
log_info(LD_REND,
"No more intro points remain for %s. Re-fetching descriptor.",
escaped_safe_str(rend_query->onion_address));
/* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
* arrives first. Exception: When using client authorization, only
* fetch v2 descriptors.*/
rend_client_refetch_v2_renddesc(rend_query);
if (rend_query->auth_type == REND_NO_AUTH)
rend_client_refetch_renddesc(rend_query->onion_address);
/* move all pending streams back to renddesc_wait */
while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
@ -696,11 +660,11 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
/** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that
* are waiting on query. If there's a working cache entry here
* with at least one intro point, move them to the next state. If
* <b>rend_version</b> is non-negative, fail connections that have
* requested <b>query</b> unless there are still descriptor fetch
* requests in progress for other descriptor versions than
* <b>rend_version</b>.
* with at least one intro point, move them to the next state.
* (<b>rend_version</b> was used to keep the connection open when
* there were still descriptor fetch requests in progress for other
* descriptor versions than <b>rend_version</b>, but this is obsolete
* now that we support only version 2.)
*/
void
rend_client_desc_trynow(const char *query, int rend_version)
@ -708,8 +672,9 @@ rend_client_desc_trynow(const char *query, int rend_version)
edge_connection_t *conn;
rend_cache_entry_t *entry;
time_t now = time(NULL);
smartlist_t *conns = get_connection_array();
(void) rend_version;
SMARTLIST_FOREACH(conns, connection_t *, _conn,
{
if (_conn->type != CONN_TYPE_AP ||
@ -743,16 +708,10 @@ rend_client_desc_trynow(const char *query, int rend_version)
connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
}
} else { /* 404, or fetch didn't get that far */
/* Unless there are requests for another descriptor version pending,
* close the connection. */
if (rend_version >= 0 &&
!connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query,
rend_version == 0 ? 2 : 0)) {
log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
"unavailable (try again later).", safe_str(query));
connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
}
}
});
}

41
src/or/rendservice.c
View File

@ -458,10 +458,9 @@ rend_config_services(or_options_t *options, int validate_only)
});
if (keep_it)
continue;
log_info(LD_REND, "Closing intro point %s for service %s version %d.",
log_info(LD_REND, "Closing intro point %s for service %s.",
safe_str(oc->build_state->chosen_exit->nickname),
oc->rend_data->onion_address,
oc->rend_data->rend_desc_version);
oc->rend_data->onion_address);
circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
/* XXXX Is there another reason we should use here? */
}
@ -889,8 +888,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
/* look up service depending on circuit. */
service = rend_service_get_by_pk_digest_and_version(
circuit->rend_data->rend_pk_digest,
circuit->rend_data->rend_desc_version);
circuit->rend_data->rend_pk_digest, -1);
if (!service) {
log_warn(LD_REND, "Got an INTRODUCE2 cell for an unrecognized service %s.",
escaped(serviceid));
@ -1269,12 +1267,14 @@ rend_service_launch_establish_intro(rend_service_t *service,
}
/** Return the number of introduction points that are or have been
* established for the given service address and rendezvous version. */
* established for the given service address in <b>query</b>.
* (<b>rend_version</b> is ignored.) */
static int
count_established_intro_points(const char *query, int rend_version)
{
int num_ipos = 0;
circuit_t *circ;
(void) rend_version;
for (circ = _circuit_get_global_list(); circ; circ = circ->next) {
if (!circ->marked_for_close &&
circ->state == CIRCUIT_STATE_OPEN &&
@ -1282,7 +1282,6 @@ count_established_intro_points(const char *query, int rend_version)
circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
if (oc->rend_data &&
oc->rend_data->rend_desc_version == rend_version &&
!rend_cmp_service_ids(query, oc->rend_data->onion_address))
num_ipos++;
}
@ -1313,8 +1312,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
service = rend_service_get_by_pk_digest_and_version(
circuit->rend_data->rend_pk_digest,
circuit->rend_data->rend_desc_version);
circuit->rend_data->rend_pk_digest, -1);
if (!service) {
log_warn(LD_REND, "Unrecognized service ID %s on introduction circuit %d.",
serviceid, circuit->_base.n_circ_id);
@ -1324,8 +1322,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
/* If we already have enough introduction circuits for this service,
* redefine this one as a general circuit. */
if (count_established_intro_points(serviceid,
circuit->rend_data->rend_desc_version) > NUM_INTRO_POINTS) {
if (count_established_intro_points(serviceid, -1) > NUM_INTRO_POINTS) {
log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
"circuit, but we already have enough. Redefining purpose to "
"general.");
@ -1399,8 +1396,7 @@ rend_service_intro_established(origin_circuit_t *circuit, const char *request,
}
tor_assert(circuit->rend_data);
service = rend_service_get_by_pk_digest_and_version(
circuit->rend_data->rend_pk_digest,
circuit->rend_data->rend_desc_version);
circuit->rend_data->rend_pk_digest, -1);
if (!service) {
log_warn(LD_REND, "Unknown service on introduction circuit %d.",
circuit->_base.n_circ_id);
@ -1451,8 +1447,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
circuit->_base.n_circ_id, hexcookie, serviceid);
service = rend_service_get_by_pk_digest_and_version(
circuit->rend_data->rend_pk_digest,
circuit->rend_data->rend_desc_version);
circuit->rend_data->rend_pk_digest, -1);
if (!service) {
log_warn(LD_GENERAL, "Internal error: unrecognized service ID on "
"introduction circuit.");
@ -1508,23 +1503,23 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
*/
/** Return the (possibly non-open) introduction circuit ending at
* <b>intro</b> for the service whose public key is <b>pk_digest</b> and
* which publishes descriptor of version <b>desc_version</b>. Return
* NULL if no such service is found.
* <b>intro</b> for the service whose public key is <b>pk_digest</b>.
* (<b>desc_version</b> is ignored). Return NULL if no such service is
* found.
*/
static origin_circuit_t *
find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest,
int desc_version)
{
origin_circuit_t *circ = NULL;
(void) desc_version;
tor_assert(intro);
while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest,
CIRCUIT_PURPOSE_S_INTRO))) {
if (!memcmp(circ->build_state->chosen_exit->identity_digest,
intro->extend_info->identity_digest, DIGEST_LEN) &&
circ->rend_data &&
circ->rend_data->rend_desc_version == desc_version) {
circ->rend_data) {
return circ;
}
}
@ -1534,8 +1529,7 @@ find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest,
CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) {
if (!memcmp(circ->build_state->chosen_exit->identity_digest,
intro->extend_info->identity_digest, DIGEST_LEN) &&
circ->rend_data &&
circ->rend_data->rend_desc_version == desc_version) {
circ->rend_data) {
return circ;
}
}
@ -1998,8 +1992,7 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
circ->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
service = rend_service_get_by_pk_digest_and_version(
circ->rend_data->rend_pk_digest,
circ->rend_data->rend_desc_version);
circ->rend_data->rend_pk_digest, -1);
if (!service) {
log_warn(LD_REND, "Couldn't find any service associated with pk %s on "
"rendezvous circuit %d; closing.",