Single hop rejection (POST and GET) for HS v3 descriptor now return a 503 code
which is more accurate code from dir-spec.txt and from other rejection case in
the code.
For instance if you are not a relay and you get a POST request, a 503 code is
sent back with a rejection message.
Part of #31958
Signed-off-by: David Goulet <dgoulet@torproject.org>
First, remove the HSDir mention which should not be in that generic function.
Second, move them to debug() level since they are possible error case.
Part of #31958
Signed-off-by: David Goulet <dgoulet@torproject.org>
Before inspecting the p_chan, we must check if the circuit is marked for close
because if it is the case, the channels are nullified from the circuit.
Several valid cases can mark the circuit for close of the directory
connection.
Fixes#31958
Signed-off-by: David Goulet <dgoulet@torproject.org>
hs_client_purge_state() and hs_cache_clean_as_client() can remove a descriptor
from the client cache with a NEWNYM or simply when the descriptor expires.
Which means that for an INTRO circuit being established during that time, once
it opens, we lookup the descriptor to get the IP object but hey surprised, no
more descriptor.
The approach here is minimalist that is accept the race and close the circuit
since we can not continue. Before that, the circuit would stay opened and the
client wait the SockTimeout.
Fixers #28970.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Only use the HS circuit map to know if an introduction circuit is established
or not. No need for a flag to keep state of something we already have in the
circuit map. Furthermore, the circuit map gets cleaned up properly so it will
always have the "latest truth".
This commit also removes a unit test that was testing specifically that flag
but now we rely solely on the HS circuit map which is also tested few lines
below the removed test.
Fixes#32094
Signed-off-by: David Goulet <dgoulet@torproject.org>
There was one that it could not find because it was in a macro definition.
I used the following semantic patch:
@@
expression e1, e2, e3, e4, e5;
@@
options_validate(e1,
e2,
- e3,
- e4,
e5)
Conflicts:
src/feature/dirparse/authcert_parse.c
src/feature/dirparse/ns_parse.c
src/feature/hs/hs_service.c
src/lib/conf/conftesting.h
src/lib/log/log.h
src/lib/thread/threads.h
src/test/test_options.c
These conflicts were mostly related to autostyle improvements, with
one or two due to doxygen fixes.
Since each of these tests only applies to testing networks, put them
all into a single block that checks for testing networks.
(I recommend reviewing with the "diff -b" option, since the change
is mostly indentation.)
Two things needed to be changed. First, we used to set quiet_level
to the default (QUIET_NONE) when running tests, since we would not
call anything that acted based upon it. But since we sometimes call
options_init_logs(), we need to pre-set quiet_level to QUIET_SILENT
in the logs so that we don't add the default logs. This did not
cause test failure: just unwanted logs.
Second, we had a test that checked whether options_validate was
messing with options->Logs correctly. Since options_validate no
longer messes with the logs, we no longer want a test for this.
Formerly, we would use quiet_level as an excuse to rewrite the log
configuration, adding a default log line if none existed, and if
RunAsDaemon was not set, and if we were not being invoked via
setconf (!).
This is against our best practices for several reasons:
* We should not be changing configured options except when the
user tells us to do so.
* We should especially not be changing options in the options_validate
function.
* Distinguishing whether we are being called from setconf adds a
risky special-case.
Instead, this patch take a simpler approach: it changes the
interpretation of having no logging lines set to mean: If there is a
stdout, add a default log based on quiet_level.
Solves ticket 31999.
Since this code passes the same options to options_validate() more
than once, options_validate() needs to be prepared for that. (This
previously worked by accident, since the smartlist of schedulers
wasn't initialized.)
This finally became the empty string, since we no longer have to do
anything in individual test_options.c tests to make "" be a valid
set of options. Now we can remove it at last.
Now that ConnLimit is set to the default value in the
testing helper functions, the individual tests don't all need to
make sure it is set to something valid.
Several of our tests assumed that ConnLimit would be set to 0 by
default, causing the default options not to be parseable. These
tests had nothing to do with ConnLimit.
Now that MaxClientCircuitsPending is set to the default value in the
testing helper functions, the individual tests don't all need to
make sure it is set to something valid.
Several of our tests assumed that MaxClientCircuitsPending would be
set to 0 by default, causing the default options not to be
parseable. These tests had nothing to do with
MaxClientCircuitsPending.
Now that KeepalivePeriod is set to the default value in the testing
helper functions, the individual tests don't all need to make sure
it is set to something valid.
Several of our tests assumed that KeepalivePeriod would be set to 0
by default, causing the default options not to be parseable. These
tests had nothing to do with KeepalivePeriod.
This macro used to have a big list of "default" values that we
needed to set in the test_options tests in order to have reasonable
behavior. But now that we initialize options objects to the default
settings in these tests, we no longer need such a long list of
things to replace.
Previously, we just used options set to all 0s, but this causes some
pretty severe workarounds throughout the code, as our options fail
to validate, or count as "default" for the wrong reasons.
Note that in some places, we stop getting spurious warnings or
failures which the tests previously demanded. In these cases, I've
changed the test behavior.
Fixes 32175.
Relays now respect their AccountingMax bandwidth again. When relays
entered "soft" hibernation (which typically starts when we've hit
90% of our AccountingMax), we had stopped checking whether we should
enter hard hibernation. Soft hibernation refuses new connections and
new circuits, but the existing circuits can continue, meaning that
relays could have exceeded their configured AccountingMax.
This commit rolls back some of the cpu-saving fixes, where we tried
to avoid calling so many of our events while we're off the network.
That's because PERIODIC_EVENT_FLAG_NEED_NET checks net_is_disabled(),
which returns true even if we're only in soft hibernation.
Fixes bug 32108; bugfix on 0.4.0.1-alpha.
* actually sleep when tor has not logged anything
* log at debug level when waiting for tor to log something
* backslash-replace bad UTF-8 characters in logs
* format control messages as ASCII: tor does not accept UTF-8 control commands
Fixes bug 31837; bugfix on 0.3.5.1-alpha.