Commit Graph

20525 Commits

Author SHA1 Message Date
Nick Mathewson
4bb831e087 Improve fragile-hardening performance of consensus_split_lines.
For whatever reason, in my testing, using memchr() here improves
performance over strchr() by a great deal.

Fixes bug 24826; bugfix on 0.3.1.1-alpha.
2018-01-16 12:42:40 -05:00
Nick Mathewson
6b2e856122 Fix a (spurious) scan-build warning in test_introduce1_validation()
Since helper_create_introduce1_cell() checks "cell" for nullness,
scan-build is concerned that test_introduce1_validation()
dereferences it without checking it.  So, add a check.

Not backporting, since this is spurious, _and_ tests-only.
2018-01-16 08:36:34 -05:00
Roger Dingledine
af8cadf3a9 Remove false positives from channel_is_client()
Fix a set of false positives where relays would consider connections
to other relays as being client-only connections (and thus e.g.
deserving different link padding schemes) if those relays fell out
of the consensus briefly.

Now we look only at the initial handshake and whether the connection
authenticated as a relay.

Fixes bug 24898; bugfix on 0.3.1.1-alpha.
2018-01-15 22:33:40 -05:00
Roger Dingledine
7ce335c921 v3 onion services now obey MAX_REND_FAILURES
New-style (v3) onion services now obey the "max rendezvous circuit
attempts" logic.

Previously they would make as many rendezvous circuit attempts as they
could fit in the MAX_REND_TIMEOUT second window before giving up.

Fixes bug 24894; bugfix on 0.3.2.1-alpha.
2018-01-15 16:41:47 -05:00
Nick Mathewson
edc87b263f Merge remote-tracking branch 'ffmancera/bug24861' 2018-01-12 13:29:53 -05:00
Fernando Fernandez Mancera
06368e5310 Fix minGW compatibility issue with zu format specifier.
Define TOR_PRIuSZ as minGW compiler doesn't support zu format specifier for
size_t type.

Fixes #24861 on ac9eebd.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-12 17:44:30 +01:00
Nick Mathewson
4c651b8c04 Note contactinfo and myfamily as required in more places
Includes a sentence from cypherpunks; for ticket 24526.
2018-01-11 20:00:18 -05:00
Nick Mathewson
a3d1c38ea6 Merge branch 'bug24582' 2018-01-11 19:57:57 -05:00
Nick Mathewson
42751e2123 On shutdown, mark openssl as uninitialized.
This causes openssl to get completely reinitialized on startup,
which is probably a good idea.
2018-01-11 13:00:15 -05:00
Nick Mathewson
18ea91ee6b Make the warnings about restarting tor in-process more scary. 2018-01-11 12:46:50 -05:00
Nick Mathewson
05ac3d0458 Merge branch 'restart_nocrash' 2018-01-11 12:45:25 -05:00
Nick Mathewson
751595551a Merge branch 'simplify_transition_allowed' 2018-01-11 12:39:37 -05:00
Nick Mathewson
c349bfec36 Merge branch 'bug24526_squashed' 2018-01-11 12:33:52 -05:00
Nick Mathewson
ac0f819ce5 Note contactinfo and myfamily as required in more places
Includes a sentence from cypherpunks; for ticket 24526.
2018-01-11 12:33:30 -05:00
Nick Mathewson
e8bd806412 Add a blank line per dgoulet review. 2018-01-11 12:29:29 -05:00
Nick Mathewson
d0adf5ae95 Merge branch 'bug24584' 2018-01-11 12:28:29 -05:00
Nick Mathewson
81aec1449b Compute flavor name before dereference, to avoid a STACK warning.
(See 24423)
2018-01-11 11:31:03 -05:00
Nick Mathewson
7a60600411 Merge remote-tracking branch 'ffmancera/github/bug24573' 2018-01-11 08:31:25 -05:00
Nick Mathewson
c8c258a433 Merge branch 'bug24733_squashed_2' 2018-01-10 12:57:23 -05:00
Nick Mathewson
519fa1a3e6 Document the alignment limitation of tor_free() 2018-01-10 12:57:13 -05:00
Nick Mathewson
f71bbd20a4 Extract the raw_free() of ifc_buf into a new function.
Explain the problem more correctly.
2018-01-10 12:57:13 -05:00
teor
54899b404c Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
... in get_interface_addresses_ioctl().

This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist
elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have
8-byte ints.)

Fixes bug 24733; not in any released version of tor.
2018-01-10 12:57:13 -05:00
Nick Mathewson
ca1d1c382c Merge remote-tracking branch 'ffmancera/github/bug24501' 2018-01-10 12:46:39 -05:00
Nick Mathewson
d8c0c62c7b Remove needless parentheses 2018-01-10 09:39:13 -05:00
Nick Mathewson
4715d81809 Merge remote-tracking branch 'teor/Bug-23966' 2018-01-10 09:38:38 -05:00
Nick Mathewson
34c6034aa7 Increment version to 0.3.2.9-dev 2018-01-09 10:12:25 -05:00
Nick Mathewson
1f7f930f9e Increment version to 0.3.2.9 2018-01-08 11:39:24 -05:00
Nick Mathewson
9ba69be96c Merge branch 'maint-0.3.2'
There was a merge conflict on fallback_dirs.inc, which we resolve in
favor of the newly generated version for #24801.
2018-01-08 11:10:53 -05:00
Nick Mathewson
e3ab27001f Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-08 11:10:36 -05:00
Nick Mathewson
1c5c5f0e50 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-08 11:10:36 -05:00
Nick Mathewson
b85fa0bd5f Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-08 11:10:36 -05:00
Nick Mathewson
a42e52dded Add 7 other fallback dirs from teor's tests
These are from "fallback_dirs_2018_01_06_2323_UTC_44aa1adf35_AU.inc"
2018-01-08 11:03:44 -05:00
Nick Mathewson
491c09c19a Update the fallback_dirs.inc file: part 1
This takes the updated fallback_dirs_2018_01_06_CA.inc from
pastly's scan.
2018-01-08 10:57:06 -05:00
Nick Mathewson
d637468128 Merge remote-tracking branch 'arma/bug24555' 2018-01-08 10:45:40 -05:00
Nick Mathewson
748ad2124d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-08 09:35:55 -05:00
Nick Mathewson
942fa0c4a2 Merge branch 'maint-0.3.2' 2018-01-08 09:35:55 -05:00
Nick Mathewson
a1ce1ab201 Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-08 09:34:57 -05:00
Nick Mathewson
8042c356f4 Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-08 09:34:56 -05:00
Nick Mathewson
26e28829da Merge branch 'maint-0.2.5' into maint-0.2.9 2018-01-08 09:34:56 -05:00
Fernando Fernandez Mancera
7353c9496e Add free_openssl() to crypto_openssl module.
Add free_openssl() function to free the memory allocated for OpenSSL version
management variables. It is required since OpenSSL management has been isolated
from the crypto module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 15:31:41 +01:00
Fernando Fernandez Mancera
4022277272 Refactor crypto.[ch] into smaller OpenSSL module.
Add two new files (crypto_openssl.c, crypto_openssl.h) as new module of
crypto.[ch]. This new module includes all functions and dependencies related
to OpenSSL management. Those have been removed from crypto.[ch].

All new changes related to OpenSSL management must be done in these files.

Follows #24658

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 14:02:17 +01:00
Karsten Loesing
8efbeb0982 Update geoip and geoip6 to the January 5 2018 database. 2018-01-08 11:36:38 +01:00
Roger Dingledine
40cd992abb avoid calling format_iso_time() with TIME_MAX
If we tried to move a descriptor from routerlist->old_routers
back into the current routerlist, we were preparing a buffer with
format_iso_time() on ri->cert_expiration_time, and doing it preemptively
since router_add_to_routerlist() might free ri so we wouldn't be able
to get at it later in the function.

But if the descriptor we're moving doesn't have any ed signature, then
its cert will be marked to expire at TIME_MAX, and handing TIME_MAX
to format_iso_time() generates this log warning:

correct_tm(): Bug: gmtime(9223372036854775807) failed with error Value too large for defined data type: Rounding down to 2037

The fix is to preemptively remember the expiry time, but only prepare
the buffer if we know we're going to need it.

Bugfix on commit a1b0a0b9, which came about as part of a fix for bug
20020, and which is not yet in any released version of Tor (hence no
changes file).
2018-01-07 02:15:18 -05:00
Roger Dingledine
44aa1adf35 make a comment a bit more useful 2018-01-06 15:03:35 -05:00
Roger Dingledine
94ec5af5fe whitespace and typo fixes 2018-01-06 15:02:12 -05:00
Roger Dingledine
4f83d6d6ad Merge branch 'maint-0.3.2' 2018-01-05 18:44:08 -05:00
Roger Dingledine
5f2c7a8567 remove redundant "implement this" from log message 2018-01-05 18:23:07 -05:00
Nick Mathewson
143da73165 Merge remote-tracking branch 'teor/fallback-code-2018-01' 2018-01-05 16:47:28 -05:00
Nick Mathewson
0b6fe3c123 Merge branch 'maint-0.3.2' 2018-01-05 16:41:35 -05:00
Nick Mathewson
48d94e290d Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-05 16:41:34 -05:00
Nick Mathewson
16fd975a82 Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-05 16:41:34 -05:00
Nick Mathewson
3618bd6166 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-05 16:41:34 -05:00
Nick Mathewson
c52d4d9e34 Merge branch 'teor_ticket24681_028' into maint-0.2.9 2018-01-05 16:41:31 -05:00
Nick Mathewson
94d5523c7f fix a wide line 2018-01-05 11:28:23 -05:00
Nick Mathewson
2d92f4c19a Don't keep options in a local in run_main_loop_once.
The options value can change between the get_options() and its
second use, based on setconf callbacks in the event loop.
2018-01-05 09:24:34 -05:00
teor
ca1f808d93
Add a timestamp to the header of the current fallback list
This timestamp is based on the time that list was first committed.

Part of 24725.
2018-01-05 13:27:51 +11:00
teor
70490df76a
Remove an incorrect C comment in the current fallback list
Follow-up to #24725
2018-01-05 13:27:43 +11:00
teor
c8c0e9167d
Add delimiters at the end of every fallback entry in the current list
Using this script:
sed -i.bak $'s|^,$|/* ===== */\\\n,|' src/or/fallback_dirs.inc
(Due to embedded newlines, this script only works in bash.)

And manually add a delimiter to the end of the header, and the start of
the fallback list.

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format.

Follow-up to 24725.
2018-01-05 13:27:36 +11:00
teor
20b96cee64
Update the version header in the current fallback file to 2.0.0
The upcoming fallback rebuild will automatically generate this new format.

Follow-up to 24725, due to breaking changes in 24679, 24600, and 22759.
2018-01-05 13:27:25 +11:00
teor
c1be0cfdb4
Add all-zero extrainfo cache flags to the current fallback file
Using this script:
sed -i.bak $'s|^,$|/* extrainfo=0 */\\\n,|' src/or/fallback_dirs.inc
(Due to embedded newlines, this script only works in bash.)

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format,
with actual relay extrainfo cache flags.

Follow-up to 22759.
2018-01-05 13:27:18 +11:00
teor
067617608c
Add blank nicknames to the current fallback file
Using this script:
sed -i.bak $'s|^,$|/* nickname= */\\\n,|' src/or/fallback_dirs.inc
(Due to embedded newlines, this script only works in bash.)

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format,
with actual relay nicknames.

Follow-up to 24600.
2018-01-05 13:27:10 +11:00
teor
384a450a47
Remove weights from the current fallback file
Using this script:
sed -i.bak 's/" weight=10",/,/' src/or/fallback_dirs.inc

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format.

Follow-up to 24679.
2018-01-05 13:27:03 +11:00
teor
0e6fdbea8d
Add a version 1.0.0 header to the current fallback file
The upcoming fallback rebuild will automatically generate this new format,
with version 2.0.0.

Follow-up to 24725.
2018-01-05 13:26:48 +11:00
Nick Mathewson
68ca6d2e19 Don't treat a setrlimit failure as fatal.
Fixes bug 21074; bugfix on 4689243242 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
2018-01-04 13:21:29 -05:00
Nick Mathewson
1dab8bae21 smartlist.rs: The libc::c_char type is not the same as i8.
The code had been using c_char and i8 interchangeably, but it turns
out that c_char is only i8 on platforms where "char" is signed. On
other platforms, c_char is u8.

Fixes bug 24794; bug not on any released Tor.
2018-01-04 12:21:55 -05:00
Nick Mathewson
e0ccec219b Merge remote-tracking branch 'frewsxcv/frewsxcv-protover-heap' 2018-01-04 11:05:53 -05:00
Nick Mathewson
943134e886 Merge remote-tracking branch 'pastly2/ticket24531_033_01' 2018-01-03 11:56:35 -05:00
Nick Mathewson
b56ce79e63 In networkstatus_consensus_has_ipv6 test, use approx_time()
This may (or may not) fix up some reliability issues we've been
seeing with this test on windows.
2018-01-03 10:57:44 -05:00
Nick Mathewson
6b3c07648c Merge branch 'maint-0.3.2' 2018-01-03 10:09:20 -05:00
Nick Mathewson
1bc95633fb Fix some shadowed-global warnings.
These are all about local variables shadowing global
functions. That isn't normally a problem, but at least one
compiler we care about seems to treat this as a case of -Wshadow
violation, so let's fix it.

Fixes bug 24634; bugfix on 0.3.2.1-alpha.
2018-01-03 09:13:00 -05:00
Nick Mathewson
b62b40a572 Merge branch 'maint-0.3.2' 2018-01-03 09:00:00 -05:00
Nick Mathewson
451c852a0f Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-03 09:00:00 -05:00
Nick Mathewson
c1d98c75e3 Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-03 08:59:59 -05:00
Nick Mathewson
bbc9ff160e Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-03 08:59:59 -05:00
Nick Mathewson
c9b3f6352f Merge branch 'bug24633_029' into maint-0.2.9 2018-01-03 08:59:52 -05:00
Nick Mathewson
bd9739bae6 Merge branch 'maint-0.3.2' 2018-01-02 14:42:31 -05:00
Nick Mathewson
2aa1767b25 Merge remote-tracking branch 'teor/bug24703_032' into maint-0.3.2 2018-01-02 14:42:27 -05:00
Nick Mathewson
fb5877b972 Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-02 10:10:28 -05:00
Nick Mathewson
8a7767603a Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-02 10:10:28 -05:00
Nick Mathewson
bc5ef83f8f Merge branch 'maint-0.3.2' 2018-01-02 10:10:28 -05:00
Nick Mathewson
707076002d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-02 10:10:28 -05:00
Nick Mathewson
6e5e4f92ab Merge remote-tracking branch 'teor/bug24736_028' into maint-0.2.9 2018-01-02 10:09:44 -05:00
Nick Mathewson
d53f779853 Merge remote-tracking branch 'teor/ticket24001' 2018-01-02 10:07:13 -05:00
Fernando Fernandez Mancera
525c1c493e Set IPv6 preferences for bridges even if there is no ri.
Tor now sets IPv6 preferences on rewrite_node_address_for_bridge() even if
there is only ri or rs. It always warns about them.

Also Tor now sets the IPv6 address in rs as well as it sets the one in ri.

Fixes #24572 on 9e9edf7 in 0.2.4.5-alpha.
Fixes #24573 on c213f27 in 0.2.8.2-alpha.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-02 15:28:15 +01:00
teor
d99ccf090f
Stop trying to remove NULL filenames on shutdown
Fixes bug 24762; bugfix on master.
(Not in any released version of Tor.)
2017-12-30 17:19:42 +11:00
ArunaMaurya221B
01efbe3bd3 node_has_curve25519_onion_key() is refactored and duplicate code removed 2017-12-29 20:11:06 +05:30
Corey Farwell
2529319f68 [fixup] this might be an improvement? 2017-12-28 18:17:45 -08:00
Corey Farwell
8ba5805bae Remove unneeded heap allocations in protover.rs. 2017-12-27 22:05:06 -08:00
teor
09b9a35c07
Clear the address when we can't choose a reachable address
When the fascist_firewall_choose_address_ functions don't find a
reachable address, set the returned address to the null address and port.

This is a precautionary measure, because some callers do not check the
return value.

Fixes bug 24736; bugfix on 0.2.8.2-alpha.
2017-12-25 01:55:28 +11:00
teor
53f350182e
Expand comments in node_get_ed25519_id() and put them near the relevant code
And add a changes file.

Follow-up to 24001.
2017-12-24 19:50:47 +11:00
ArunaMaurya221B
5865e56ec0
Conditional check added 2017-12-24 19:43:57 +11:00
teor
30e1371675
Make the default DirAuthorityFallbackRate 0.1
This makes clients on the public tor network prefer to bootstrap off fallback
directory mirrors.

This is a follow-up to 24679, which removed weights from the default fallbacks.

Implements ticket 24681.
2017-12-23 00:01:31 +11:00
teor
a8e8ce8602
Bump the dates and Tor versions on the sample torrcs 2017-12-22 11:22:48 +11:00
teor
d10c2d6668
Clarify the OutboundBindAddressOR documentation in the sample torrc
Part of 22145
2017-12-22 11:22:10 +11:00
teor
5fb26ba2d8
Document IPv6Exit in the sample torrcs
Sample config-only change.

Implements 24703.
2017-12-22 11:10:30 +11:00
Nick Mathewson
94c59851df Increment version to 0.3.2.8-rc-dev 2017-12-21 14:22:54 -05:00
Nick Mathewson
713a717022 scan-build: Replace some test-assertions with fatal assertions
Using tt_assert in these helpers was implying to scan-build that our
'new' functions might be returning NULL, which in turn would make it
warn about null-pointer use.
2017-12-21 13:26:57 -05:00
Nick Mathewson
1a77799665 Increment version to 0.3.2.8-rc 2017-12-21 12:42:00 -05:00
Nick Mathewson
2b8a06a2ef Merge branch 'maint-0.3.2' 2017-12-21 11:16:00 -05:00
Nick Mathewson
6cd567d797 Merge remote-tracking branch 'dgoulet/bug24671_032_01' into maint-0.3.2 2017-12-21 11:13:33 -05:00
Nick Mathewson
2f0d57db56 Fix a compilation error in the channel tests.
This would only show up on systems like windows where monotime_t and
monotime_coarse_t are different types.
2017-12-21 11:10:30 -05:00
Nick Mathewson
1eeb505e6f In 0.3.3, we use timestamps, not absolute milliseconds. 2017-12-21 10:57:45 -05:00
Nick Mathewson
b8a3602b2a Merge branch 'maint-0.3.2' 2017-12-21 10:54:05 -05:00
Nick Mathewson
84adb9fcca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-21 10:50:33 -05:00
Nick Mathewson
08469a338a Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-21 10:50:06 -05:00
Nick Mathewson
03b4dd92a4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-21 10:49:40 -05:00
Nick Mathewson
79a50afa0e Use monotime_coarse_absolute_msec() in destroy queue
This way it will match the insert queue in 029 and later.
2017-12-21 10:48:37 -05:00
Nick Mathewson
3b08184338 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-21 10:43:12 -05:00
Nick Mathewson
7d845976e3 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-21 10:43:06 -05:00
Nick Mathewson
9202087760 Merge branch 'bug24666_squashed_025' into maint-0.2.5 2017-12-21 10:40:10 -05:00
Nick Mathewson
cd1f708a7f Move free to end of test function so coverity won't complain. 2017-12-21 10:39:29 -05:00
Nick Mathewson
520cf21793 Move destroy cells into a separate queue type of their own, to save RAM
We've been seeing problems with destroy cells queues taking up a
huge amount of RAM.  We can mitigate this, since while a full packed
destroy cell takes 514 bytes, we only need 5 bytes to remember a
circuit ID and a reason.

Fixes bug 24666. Bugfix on 0.2.5.1-alpha, when destroy cell queues
were introduced.
2017-12-21 10:29:01 -05:00
Nick Mathewson
bcc96c77de Merge branch 'maint-0.3.2' 2017-12-21 10:27:39 -05:00
Nick Mathewson
c38157be9d clarify a comment 2017-12-21 10:27:37 -05:00
Nick Mathewson
d0c5fe257b Merge branch 'maint-0.3.2' 2017-12-21 10:20:35 -05:00
David Goulet
885ba513ff sched: Consider extra_space even if negative in KIST
With extra_space negative, it means that the "notsent" queue is quite large so
we must consider that value with the current computed tcp_space. If we end up
to have negative space, we should not add more data to the kernel since the
notsent queue is just too filled up.

Fixes #24665

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-21 09:32:04 -05:00
Nick Mathewson
5db94adac2 Fix a pair of memory leaks in tor_cleanup()
Spotted by coverity scan as 1426749 and 1426750

Bug not in any released Tor.
2017-12-21 08:50:41 -05:00
Nick Mathewson
bac0bcbba1 type error fix for monotime_coarse_add_msec on windows 2017-12-20 17:45:59 -05:00
David Goulet
fdfa4a5a14 sched: Use lower layer cell limit with KISTLite
Instead of using INT_MAX as a write limit for KISTLite, use the lower layer
limit which is using the specialized num_cells_writeable() of the channel that
will down the line check the connection's outbuf and limit it to 32KB
(OR_CONN_HIGHWATER).

That way we don't take the chance of bloating the connection's outbuf and we
keep the cells in the circuit queue which our OOM handler can take care of,
not the outbuf.

Finally, this commit adds a log_debug() in the update socket information
function of KIST so we can get the socket information in debug.

Fixes #24671

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-20 14:17:18 -05:00
Fernando Fernandez Mancera
ac9eebd636 Add some values to OOM log msg #24501
Exposing cell_queues_get_total_allocation(), buf_get_total_allocation(),
tor_compress_get_total_allocation(), tor_compress_get_total_allocation() when
hit MaxMemInQueues threshold.

Fixes #24501

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-20 18:31:30 +01:00
Nick Mathewson
5e92646715 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-20 12:15:24 -05:00
Nick Mathewson
08ed0d7930 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-20 12:15:24 -05:00
Nick Mathewson
7e45720cf4 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-20 12:15:24 -05:00
Nick Mathewson
0e790bb40d Merge branch 'maint-0.3.2' 2017-12-20 12:15:24 -05:00
Nick Mathewson
c604a76a53 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-20 12:15:23 -05:00
Nick Mathewson
877dd1d6c8 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-20 12:15:23 -05:00
Karsten Loesing
428f8a375b Update geoip and geoip6 to the December 6 2017 database. 2017-12-20 17:36:29 +01:00
Nick Mathewson
a499be33b8 Merge branch 'maint-0.3.2' 2017-12-20 11:19:23 -05:00
Nick Mathewson
565ec6100f Merge branch 'stack_again_032' into maint-0.3.2 2017-12-20 11:19:18 -05:00
Nick Mathewson
7ca0a9c4ae Merge remote-tracking branch 'ahf-oniongit/bugs/24605' 2017-12-20 11:16:17 -05:00
Nick Mathewson
c99ec36def expand documentation on tor_remove_file 2017-12-20 10:43:27 -05:00
Nick Mathewson
4b7b305bf0 Remove pre-unlink check tor_remove_file; check errno instead.
This removes a time-of-check/time-of-use issue, though in this case
it would probably be harmless.
2017-12-20 10:42:02 -05:00
Nick Mathewson
18543c2c9b Merge remote-tracking branch 'ffmancera/github/bug23271' 2017-12-20 10:40:32 -05:00
Nick Mathewson
3bc5806339 Merge branch 'maint-0.3.2' 2017-12-20 10:39:38 -05:00
Nick Mathewson
0a1b1430c8 Update the unit tests to reflect the change of 24425 2017-12-20 10:39:19 -05:00
Nick Mathewson
83ced3e7fe Merge branch 'maint-0.3.2' 2017-12-20 09:59:51 -05:00
Nick Mathewson
fc33caadae Merge remote-tracking branch 'dgoulet/ticket24425_032_01' into maint-0.3.2 2017-12-20 09:59:06 -05:00
Nick Mathewson
accd0ea65b Fix the clz32 and clz64 settings on MSVC.
Fixes bug 24633; bugfix on 0.2.9.1-alpha.
2017-12-20 09:37:18 -05:00
Nick Mathewson
28fbfa8712 whitespace fix 2017-12-20 09:17:13 -05:00
Nick Mathewson
69a320ce5d Merge branch 'xfer_time_coarse' 2017-12-20 09:15:30 -05:00
Nick Mathewson
60bf8f6cf6 Improve add_msec test to cover ms->sec rollover
Per mikeperry's suggestion, I'm making sure that the millisecond
part of the time will always roll over in this test.
2017-12-20 09:12:38 -05:00
Nick Mathewson
d43dc120e8 finish documentation on live_consensus_is_missing 2017-12-18 15:01:05 -05:00
Alexander Færøy
d4f4108601
Add MainloopStats option.
This patch adds support for MainloopStats that allow developers to get
main event loop statistics via Tor's heartbeat status messages. The new
status log message will show how many succesful, erroneous, and idle
event loop iterations we have had.

See: https://bugs.torproject.org/24605
2017-12-16 02:41:21 +01:00
Alexander Færøy
e44662a7f9
Fix additional whitespace in config module comment. 2017-12-16 02:22:37 +01:00
Nick Mathewson
93e7b837c8 Use same macros to simplify options_transition_affects_* 2017-12-15 15:33:29 -05:00
Nick Mathewson
376f97aaa1 Simplify the very repetitious options_transition_allowed() 2017-12-15 15:32:46 -05:00
Nick Mathewson
20f802ea3c Add an option to disable signal handler installation.
Closes ticket 24588.
2017-12-15 12:48:29 -05:00
Nick Mathewson
fdd5734875 Remove the unused is_parent==0 option from handle_signals. 2017-12-15 12:45:30 -05:00
Nick Mathewson
a61c36d53a indentation fix 2017-12-15 12:37:15 -05:00
Fernando Fernandez Mancera
61c721f145 Add remove file function and remove ephemeral files.
Adding tor_remove_file(filename) and refactoring tor_cleanup().

Removing CookieAuthFile and ExtORPortCookieAuthFile when tor_cleanup() is
called.

Fixes #23271.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-15 17:01:22 +01:00
Nick Mathewson
5c4da2cacd bump to 0.3.2.7-rc-dev 2017-12-14 14:12:31 -05:00
Nick Mathewson
93b3c4b844 update to 0.3.2.7-rc 2017-12-13 12:06:37 -05:00
Nick Mathewson
f7e393eb4c Another attempt at fixing the STACK warning in tortls.c
Patch suggestion from catalyst.

Related to 24423
2017-12-13 10:09:10 -05:00
Nick Mathewson
219c969d7b Use monotime_coarse for transfer times and padding times
Using absolute_msec requires a 64-bit division operation every time
we calculate it, which gets expensive on 32-bit architectures.
Instead, just use the lazy "monotime_coarse_get()" operation, and
don't convert to milliseconds until we absolutely must.

In this case, it seemed fine to use a full monotime_coarse_t rather
than a truncated "stamp" as we did to solve this problem for the
timerstamps in buf_t and packed_cell_t: There are vastly more cells
and buffer chunks than there are channels, and using 16 bytes per
channel in the worst case is not a big deal.

There are still more millisecond operations here than strictly
necessary; let's see any divisions show up in profiles.
2017-12-13 09:46:58 -05:00
Nick Mathewson
dd6dec2665 Add a function to add msec to a monotime.
We'll use this for the channel padding logic.
2017-12-13 08:54:29 -05:00
Nick Mathewson
4c877ae874 Add monotime functions for clearing monotonic times
We need this to replace some of our "msec" users with monotime
users.
2017-12-13 08:29:23 -05:00
Nick Mathewson
426110dfa2 Merge branch 'maint-0.3.2' 2017-12-12 19:46:53 -05:00
Nick Mathewson
15b41fa6ae Make sandbox.c compile when libseccomp-dev is installed on arm64
Fixes ticket 24424.  Patch from weasel.
2017-12-12 19:46:03 -05:00
Nick Mathewson
9abef516f6 Merge branch 'maint-0.3.2' 2017-12-12 19:27:14 -05:00
Nick Mathewson
bf89b08930 Merge branch 'bug24367_032_squashed' into maint-0.3.2 2017-12-12 19:17:38 -05:00
teor
19a4abf2a9 Make sure bridges are definitely running before delaying directory fetches
Retry directory downloads when we get our first bridge descriptor
during bootstrap or while reconnecting to the network. Keep retrying
every time we get a bridge descriptor, until we have a reachable bridge.

Stop delaying bridge descriptor fetches when we have cached bridge
descriptors. Instead, only delay bridge descriptor fetches when we
have at least one reachable bridge.

Fixes bug 24367; bugfix on 0.2.0.3-alpha.
2017-12-12 19:17:25 -05:00
teor
6b5c70670b Simplify some conditionals in circuit_get_open_circ_or_launch()
When entry_list_is_constrained() is true, guards_retry_optimistic()
always returns true.

When entry_list_is_constrained() is false,
options->UseBridges is always false,
therefore !options->UseBridges is always true,
therefore (!options->UseBridges || ...) is always true.

Cleanup after #24367.
2017-12-12 19:17:25 -05:00
Nick Mathewson
13455c0f1a Merge branch 'maint-0.3.2' 2017-12-12 09:32:29 -05:00
Nick Mathewson
e622f208a3 Merge remote-tracking branch 'teor/bug23827-v2' 2017-12-12 09:27:03 -05:00
George Kadianakis
b6fd78ea30 hs-v3: Don't lookup an intro point while cleaning it up
Commit e80893e51b made tor call
hs_service_intro_circ_has_closed() when we mark for close a circuit.

When we cleanup intro points, we iterate over the descriptor's map of intro
points and we can possibly mark for close a circuit. This was problematic
because we would MAP_DEL_CURRENT() the intro point then free it and finally
mark for close the circuit which would lookup the intro point that we just
free in the map we are iterating over.

This can't be done and leads to a use-after-free because the intro point will
be returned successfully due to the fact that we are still in the loop
iterating. In other words, MAP_DEL_CURRENT() followed by a digest256map_get()
of the same object should never be done in the same loop.

Fixes #24595

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-12 09:21:25 -05:00
Nick Mathewson
9c604e2bbb Fix compilation: logfile_is_external() must accept const* 2017-12-12 09:21:12 -05:00
Nick Mathewson
6c5a73f87a Merge remote-tracking branch 'ahf-oniongit/bugs/24362' 2017-12-12 09:18:52 -05:00
Alexander Færøy
cbc465a3d1 Simplify explicit conditional checks into an inlined function.
This patch lifts the check for whether a given log file (`logfile_t`) is
an "external logfile" (handled by an external logging system such as
syslog, android's logging subsystem, or as an external C callback
function) into a function on its own.

See: https://bugs.torproject.org/24362
2017-12-12 01:17:57 +00:00
Nick Mathewson
eecfed0cd2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-11 16:56:31 -05:00
Nick Mathewson
f7151387d9 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-11 16:56:31 -05:00
Nick Mathewson
cdee62da9e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:56:31 -05:00
Nick Mathewson
da38904efb Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:56:31 -05:00
Nick Mathewson
1deda2106b Merge branch 'bug24167_025' into maint-0.2.5 2017-12-11 16:56:28 -05:00
Nick Mathewson
eaaa1108a3 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-11 16:54:14 -05:00
Nick Mathewson
04524443d0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:54:14 -05:00
Nick Mathewson
2ea573ece8 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:54:14 -05:00
Nick Mathewson
bc1ea4f470 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-11 16:54:11 -05:00
Nick Mathewson
f5d4bdf305 Merge remote-tracking branch 'public/ticket23856_025_01' into maint-0.2.5 2017-12-11 16:53:02 -05:00
Nick Mathewson
736e7299ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:51:58 -05:00
Nick Mathewson
7fcb222ab7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:51:58 -05:00
Nick Mathewson
7e486dd6f7 Merge remote-tracking branch 'public/bug23985_029' into maint-0.2.9 2017-12-11 16:51:54 -05:00
Nick Mathewson
f7b41bcdf0 Merge branch 'bug24086_031' into maint-0.3.1 2017-12-11 16:49:01 -05:00
Nick Mathewson
828333e38c Merge remote-tracking branch 'public/bug24099_031' into maint-0.3.1 2017-12-11 16:48:44 -05:00
Nick Mathewson
d2031f2c60 Merge remote-tracking branch 'public/bug23817_031' into maint-0.3.1 2017-12-11 16:45:54 -05:00
Nick Mathewson
d5400d50e7 Merge branch 'maint-0.3.2' 2017-12-11 16:43:51 -05:00
Nick Mathewson
ae608408e9 Merge remote-tracking branch 'asn/bug23862_031' into maint-0.3.1 2017-12-11 16:43:41 -05:00
Nick Mathewson
c55a054236 Merge remote-tracking branch 'asn/bug23862_030' into maint-0.3.0 2017-12-11 16:41:28 -05:00
Nick Mathewson
418d8bbe92 Merge branch 'stack_fixes_032_v2' into maint-0.3.2 2017-12-11 16:25:04 -05:00
Nick Mathewson
f539d89fd9 Move subtraction in rephist to try to avoid STACK warning
(I do not know why this one is happening)
2017-12-11 16:23:11 -05:00
Nick Mathewson
3da15bcbe8 Stop checking for sandbox:new_element() failures: it can't fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK
2017-12-11 16:06:25 -05:00
Nick Mathewson
472473ec5d transport_new() cannot fail; do not check for it to fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK.
2017-12-11 16:06:00 -05:00
Nick Mathewson
252db6ad26 Merge branch 'maint-0.3.2' 2017-12-11 16:02:10 -05:00
David Goulet
057139d383 sched: Avoid integer overflow when computing tcp_space
In KIST, we could have a small congestion window value than the unacked
packets leading to a integer overflow which leaves the tcp_space value to be
humongous.

This has no security implications but it results in KIST scheduler allowing to
send cells on a potentially saturated connection.

Found by #24423. Fixes #24590.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-11 15:45:19 -05:00
Nick Mathewson
f205dabf7a Stop using event_base_once().
This function leaks memory when the event_base is freed before the
event itself fires.  That's not harmful, but it's annoying when
trying to debug other memory leaks.

Fixes bug 24584; bugfix on 0.2.8.1-alpha.
2017-12-11 12:23:02 -05:00
Nick Mathewson
3b465ebf2e Changes file and tor_api.h tweaks for 24581. 2017-12-11 11:55:41 -05:00
Nick Mathewson
06ffafcb9d Set DH parameters to NULL on shutdown
If we don't do this, we will use freed memory on restart.

Part of 24581.
2017-12-11 11:52:19 -05:00
Nick Mathewson
474ca13d6a Mark libevent unitialized on shutdown.
This is necessary so that we will reinitialize it on startup.
2017-12-11 11:52:19 -05:00
Nick Mathewson
322abc030e On exit, free the event_base and set its pointer to NULL.
When we didn't do this before, we'd have some still-reachable memory
warnings, and we'd find ourselves crashing when we tried to
reinitialize libevent.

Part of 24581 (don't crash when restarting Tor in-process)
2017-12-11 11:52:19 -05:00
Nick Mathewson
e18840f619 Fix the log-severities memory-leak in tor-resolve.c
Also, rename the variable to have a more manageable name, and make
its scope more clear.

Fixes bug 24582; bugfix on 0.2.1.1-alpha.
2017-12-11 11:49:57 -05:00
Nick Mathewson
ea929e8456 Merge remote-tracking branch 'public/feature24427' 2017-12-11 09:59:46 -05:00
Nick Mathewson
c2822bbc63 Fix compilation of 23459 patch.
The free() changes of 23447 had broken the pending 23459 patch.
2017-12-11 09:55:38 -05:00
Nick Mathewson
7803b19c43 Merge remote-tracking branch 'ffmancera/github/bug23459' 2017-12-11 09:53:39 -05:00
Nick Mathewson
030d3d52f5 Merge remote-tracking branch 'teor/comment24575' 2017-12-11 09:46:23 -05:00
Nick Mathewson
98682f689b Merge branch 'maint-0.3.2' 2017-12-11 09:45:17 -05:00
Matt Traudt
265b8e8645 Function declaration whitespace 2017-12-11 09:43:09 -05:00
Matt Traudt
67793b615b One more missed chance to use get_scheduler_state_string 2017-12-11 09:43:09 -05:00
Matt Traudt
667f931177 Make get_scheduler_state_string available to scheduler*.c 2017-12-11 09:43:09 -05:00
Matt Traudt
8797c8fbd3 Remove now-duplicate log_debug lines 2017-12-11 09:43:09 -05:00
Matt Traudt
07898fb2a6 Helper to log chan scheduler_states as strings not ints 2017-12-11 09:43:09 -05:00
Matt Traudt
273325e216 Add all the missed scheduler_state assignments 2017-12-11 09:43:08 -05:00
Matt Traudt
5e7fdb8b3f Fix cosmetic issues around scheduler_set_channel_state
Whitespace issues

Line length

Unused variable
2017-12-11 09:43:04 -05:00
Nick Mathewson
d68abbe358 Merge remote-tracking branch 'dgoulet/bug23603_032_02' into maint-0.3.2 2017-12-11 09:42:12 -05:00
ArunaMaurya221B
ad5cfa3039 Bug:24531 Function to change channel scheduler state for easy debugging added. 2017-12-11 08:46:43 -05:00
ArunaMaurya221B
d77cacb7ab Bug:24531 Add function to change scheduler state and always use it 2017-12-11 08:46:39 -05:00
Alexander Færøy
b0b8f7c30c Add support for Android's logging subsystem.
This patch adds support for Android's logging subsystem in Tor. When
debugging Android applications it is useful to be able to collect
information about the application running on the platform via the
various system services that is available on the platform.

This patch allows you to add "Log notice android" to your torrc and have
Tor send everything above and including the notice severity to Android's
ring buffer which can be inspected using the 'adb logcat' program.

See: https://bugs.torproject.org/24362
2017-12-11 13:22:39 +00:00
Nick Mathewson
58e8094816 Fix compilation with --disable-memory-sentinels
We'd broken this with the recent _free() rewrite.
2017-12-11 08:01:54 -05:00
Alexander Færøy
78a582ed88 Restructure log initilization function to allow multiple backends without arguments.
This patch ensures that we more easily can extend our log backends that
does not take any additional argument other than a single keyword. This
patch is mostly reindentation of some code which is why it is split out
into its own patch.

See: https://bugs.torproject.org/24362
2017-12-11 13:00:48 +00:00
teor
35055cfa7f
Update the comment in options_transition_affects_guards()
It referred to the an old function name.

Fixes #24575, bugfix on 0.3.0.
2017-12-11 03:18:48 +11:00
Nick Mathewson
6f3a862966
Run the download_status_increment test in a forked process.
It messes with global state somehow in a way that makes several of
the entryconn tests fail now.
2017-12-11 00:57:04 +11:00
teor
bbc781885d
fixup! Add networkstatus_consensus_has_ipv6() and unit tests
This is what happens when you don't run:
make check-spaces
make check-changes
2017-12-11 00:53:03 +11:00
teor
b66b62fb75
Stop waiting for microdescs if the consensus supports IPv6 ORPorts
Also make IPv6-only clients wait for microdescs for relays, even if we were
previously using descriptors (or were using them as a bridge) and have
a cached descriptor for them.

But if node_is_a_configured_bridge(), stop waiting for its IPv6 address in
a microdescriptor, because we'll never use it.

Implements #23827.
2017-12-11 00:34:31 +11:00
teor
28d4355a6e
Add networkstatus_consensus_has_ipv6() and unit tests
networkstatus_consensus_has_ipv6() tells us whether the consensus method of
our current consensus supports IPv6 ORPorts in the consensus.

Part of #23827.
2017-12-11 00:34:19 +11:00
Nick Mathewson
241b676638 Fix up test_circuitstats to use the new circuit_free macro 2017-12-08 17:52:45 -05:00
Nick Mathewson
0340c02975 Merge remote-tracking branch 'mikeperry/bug23114_squashed2' 2017-12-08 17:50:34 -05:00
Nick Mathewson
b189c613bb move a macro; fix a build? 2017-12-08 15:11:18 -05:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
Nick Mathewson
17dcce3fe1 Fix wide lines introduced by previous patch. 2017-12-08 14:47:19 -05:00
Nick Mathewson
285632a61b Replace all FREE_AND_NULL* uses to take a type and a free function.
This commit was made mechanically by this perl script:

\#!/usr/bin/perl -w -i -p

next if /^#define FREE_AND_NULL/;
s/\bFREE_AND_NULL\((\w+),/FREE_AND_NULL\(${1}_t, ${1}_free_,/;
s/\bFREE_AND_NULL_UNMATCHED\(/FREE_AND_NULL\(/;
2017-12-08 14:47:19 -05:00
Nick Mathewson
95531ddfbf Let's have only one FREE_AND_NULL variant.
This commit removes the old FREE_AND_NULL, and renames the old
FREE_AND_NULL_UNMATCHED so that it is now called FREE_AND_NULL.

This will break all the FREE_AND_NULL_* users; the next commit will
fix them.
2017-12-08 14:47:19 -05:00
Nick Mathewson
1d348989b0 Make tor_free only evaluate its input once (at least on gcc and clang) 2017-12-08 14:47:19 -05:00
Nick Mathewson
db024adc90 Switch to a safer FREE_AND_NULL implementation
This one only evaluates the input once, so it cannot mess up even if
there are side effects.
2017-12-08 14:47:19 -05:00
Nick Mathewson
176ad729d9 Change the free macro convention in the rest of src/or/*.h 2017-12-08 14:47:19 -05:00
Nick Mathewson
0792cc107e Convert connection_free to a nulling macro. 2017-12-08 14:47:19 -05:00
Nick Mathewson
a48ba072a9 Rename connection_free_ to connection_free_minimal. 2017-12-08 14:47:19 -05:00
Nick Mathewson
b0cc9856ee Update free functions into macros: src/or/ part 1
This covers addressmap.h (no change needed) through confparse.h
2017-12-08 14:47:19 -05:00
Nick Mathewson
c92ac9f5cb Convert the rest of src/common's headers to use FREE_AND_NULL 2017-12-08 14:47:19 -05:00
Nick Mathewson
44010c6fc1 Merge branch 'dgoulet_ticket23709_033_01_squashed' 2017-12-08 14:44:09 -05:00
David Goulet
e96c577ed2 test: Make older GCC happy and thus our oniongit pipeline
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
David Goulet
6120efd771 chan: Do not re-queue after a fail cell write
Couple things happen in this commit. First, we do not re-queue a cell back in
the circuit queue if the write packed cell failed. Currently, it is close to
impossible to have it failed but just in case, the channel is mark as closed
and we move on.

The second thing is that the channel_write_packed_cell() always took ownership
of the cell whatever the outcome. This means, on success or failure, it needs
to free it.

It turns out that that we were using the wrong free function in one case and
not freeing it in an other possible code path. So, this commit makes sure we
only free it in one place that is at the very end of
channel_write_packed_cell() which is the top layer of the channel abstraction.
This makes also channel_tls_write_packed_cell_method() return a negative value
on error.

Two unit tests had to be fixed (quite trivial) due to a double free of the
packed cell in the test since now we do free it in all cases correctly.

Part of #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
Fernando Fernandez Mancera
8559827280 Split client-side get_rend_circ into two functions.
Split hs_circuitmap_get_rend_circ_client_side(). One returns only established
circuits (hs_circuitmap_get_established_rend_circ_client_side()) and the other
returns all kinds of circuits.

Fixes #23459

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-08 18:14:08 +01:00
Nick Mathewson
021fdd39e4 Use mach_approximate_time() for coarse time where available.
This lets us have a coarse-time implementation with reasonable
performance characteristics on OSX and iOS.

Implements 24427.
2017-12-08 09:24:02 -05:00
teor
bb7c5b431d
Move a comment to relay_send_end_cell_from_edge()
It looks like it was left behind in a refactor.

Fixes 24559.
2017-12-08 12:49:33 +11:00
Nick Mathewson
afceb431ed add a missing windows underscore 2017-12-07 15:14:49 -05:00
Nick Mathewson
45b9b2245f Merge branch 'maint-0.3.2' 2017-12-07 08:42:56 -05:00
Nick Mathewson
4b41ffa64d Merge branch 'arthuredelstein_18859+1_031' into maint-0.3.2 2017-12-07 08:42:49 -05:00
Nick Mathewson
c2c0f83c23 Revert accidentally-committed code from 046acf208b 2017-12-07 08:28:57 -05:00
Mike Perry
050bb67974 Add tests for circuitstats.c
These tests primarily test the relaxed and measured behavior of
circuitstats.c, to make sure we did not break it with #23100 or #23114.
2017-12-07 00:04:39 +00:00
Mike Perry
125df07d60 Report close and timeout rates since uptime, not based on data.
Bug #23114 was harder to see because we were just reporting our math,
rather than reporting behavior.
2017-12-07 00:04:39 +00:00
Mike Perry
ed89588c4f Bug #23114: Time out circuits immediately.
This changes the purpose of circuits that are past the timeout to measurement
*as they are built*, ensuring accurate application of the timeout logic.
2017-12-07 00:04:38 +00:00
Mike Perry
b5d4cd1b41 Bug #23100: Count all 3 hop circuits for CBT.
This change causes us to count anything once it reaches 3 hops (but not
after).
2017-12-07 00:04:33 +00:00
Arthur Edelstein
2bd91dbd34 Don't consider a port "handled" by an isolated circuit.
Previously, circuit_stream_is_being_handled incorrectly reported
that (1) an exit port was "handled" by a circuit regardless of
whether the circuit was already isolated in some way, and
(2) that a stream could be "handled" by a circuit even if their
isolation settings were incompatible.

As a result of (1), in Tor Browser, circuit_get_unhandled_ports was
reporting that all ports were handled even though all non-internal
circuits had already been isolated by a SOCKS username+password.

Therefore, circuit_predict_and_launch_new was declining to launch
new exit circuits. Then, when the user visited a new site in Tor
Browser, a stream with new SOCKS credentials would be initiated,
and the stream would have to wait while a new circuit with those
credentials could be built. That wait was making the
time-to-first-byte longer than it needed to be.

Now, clean, not-yet-isolated circuit(s) will be automatically
launched ahead of time and be ready for use whenever a new stream
with new SOCKS credentials (or other isolation criteria) is
initiated.

Fixes bug 18859. Thanks to Nick Mathewson for improvements.
2017-12-06 14:18:41 -08:00
Nick Mathewson
046acf208b Fix a compiler warning 2017-12-06 15:46:54 -05:00
Nick Mathewson
5f518c69aa Merge remote-tracking branch 'public/monotime_coarse_stamps' 2017-12-06 15:43:50 -05:00
Nick Mathewson
c470a6d278 Merge remote-tracking branch 'teor/bug24488' 2017-12-06 14:44:03 -05:00
Nick Mathewson
d4ca18573c Merge remote-tracking branch 'dgoulet/bug24502_032_01' into maint-0.3.2 2017-12-06 14:37:53 -05:00
Nick Mathewson
91f72bbb6c Merge remote-tracking branch 'teor/bug24489' 2017-12-06 14:37:15 -05:00
Nick Mathewson
aa6212a858 Merge remote-tracking branch 'dgoulet/bug24502_032_01' 2017-12-06 14:31:33 -05:00
David Goulet
1a55a5ff06 test: Add a KIST test for a non opened channel
This makes sure that a non opened channel is never put back in the channel
pending list and that its state is consistent with what we expect that is
IDLE.

Test the fixes in #24502.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-06 11:33:01 -05:00
Alexander Færøy
9fa38bd996
Check the return value of hs_parse_address().
This patch adds a check for the return value of `hs_parse_address()` in
`hs_control_hspost_command()`. Since it should not be possible for
`hs_parse_address()` to fail in this context we wrap the error check
with the `BUG()` macro.

See: https://bugs.torproject.org/24543
2017-12-06 14:56:52 +01:00
Nick Mathewson
01700d779c Initialize pk so that older gcc versions don't freak out. 2017-12-05 20:00:49 -05:00
Nick Mathewson
a7a0cebb59 Merge branch 'more_directories_squashed' 2017-12-05 19:49:45 -05:00
Nick Mathewson
a57bcffcc7 Implement the various get_foodir_*() functions. 2017-12-05 19:49:29 -05:00
Nick Mathewson
a9806af261 Create a CacheDirectory and KeyDirectory options.
They work the same as DataDirectory, but default slightly different.

Tor is not actually updated to use them yet.
2017-12-05 19:49:28 -05:00
Nick Mathewson
39a780e85a Clean up a needlessly complex get_datadir_fname use 2017-12-05 19:49:28 -05:00
Nick Mathewson
3907faf2fd New accessors for keydir/cachedir access
This patch is a result of auditing all of our uses of
get_datadir_fname() and its kin, and dividing them into cache vs
keys vs other data.

The new get_keydir_fname() and get_cachedir_fname() functions don't
actually do anything new yet.
2017-12-05 19:49:28 -05:00
Nick Mathewson
7b34ab3e38 Extract common code for creating the keys directory.
This had somehow gotten duplicated between router.c and routerkeys.c
2017-12-05 19:49:28 -05:00
Nick Mathewson
2e872f6b32 Use get_datadir_fname() accessor in networkstatus.c 2017-12-05 19:49:28 -05:00
Nick Mathewson
36779df4c4 Extract the code that creates the datadir into a separate function. 2017-12-05 19:49:28 -05:00
Nick Mathewson
e8a6a6635b Merge branch 'dgoulet_ticket20699_033_01' 2017-12-05 19:43:23 -05:00
David Goulet
c094802697 control: Improve ADD_ONION helper function comments
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
8c02fc15ae control: Don't use void pointer for ADD_ONION secret key
Make this a bit more safe with at least type checking of the pointers
depending on the version.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
9c6560fe29 test: Add HS_DESC v3 unit tests
This introduces the test_hs_control.c file which at this commit contains basic
unit test for the HS_DESC event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
ace42acff0 control: HSPOST command support for v3
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
475d8d1a3d control: Don't check if Server is an HSDir for HSPOST
This is removed for two reasons. First, HSDir accepts descriptor even though
they don't think they are in fact an HSDir. This is to avoid consensus desync
between client/service and directories.

Second, our malicious HSDir scanner uses the HSPOST command to post on all
relays in order to test them before they could become HSDir. We had to remove
that check from the tor code that the scanner uses.

Thus, this check should not be enforced by the control port for the above use
cases. It is also a bit more complex with v3 support for which not all HSDir
support it so basically irrelevant check.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
683fccba8f hs-v3: Add an handler for the HSPOST command
It is not used yet at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e71c6199dd hs-v3: Add a public function to upload a descriptor to an HSDir
This is groundwork for the HSPOST control port command that needs a way in the
HS subsystem to upload a service descriptor to a specific HSDir.

To do so, we add a public function that takes a series of parameters including
a fully encoded descriptor and initiate a directory request to a specific
routerstatut_t object.

It is for now not used but should be, in future commit, by the HSPOST command.
This commit has no behavior change, only refactoring.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
2c8e97db58 hs-v3: Implement HS_DESC_CONTENT event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
cc26d4fa21 control: Support HS v3 for CIRC and CIRC_MINOR event
"REND_QUERY=" can now output a v3 address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
13bb4f60f0 hs-v3: Support HS_DESC UPLOAD failed
When failing to upload a descriptor, signal the control port with a FAILED
event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
427b247c8d hs-v3: Implement HS_DESC UPLOADED event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
c7050eaa16 hs-v3: Implement HS_DESC UPLOAD event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
b71a9b60cc hs-v3: Implement HS_DESC CREATED event
This makes the REPLICA= field optional for the control port event. A v2
service will always pass it and v3 is ignored.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
3b436d495f hs-v3: Implement HS_DESC RECEIVED event
Adds a v3 specific function to handle a received event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
8365de1da3 hs-v3: Implement HS_DESC FAILED event
A new v3 specific function has been added named
control_event_hsv3_descriptor_failed().

The HS v3 subsystem now uses it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
743d0b9d91 hs-v3: Implement HS_DESC REQUESTED event
This changes the control_event_hs_descriptor_requested() call to add the hsdir
index optional value. v2 passes NULL all the time.

This commit creates hs_control.{c|h} that contains wrappers for the HS
subsystem to interact with the control port subsystem.

The descriptor REQUESTED event is implemented following proposal 284 extension
for v3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e7d606900e control: Rename two HS v2 specific functions
Make control_event_hs_descriptor_received() and
control_event_hs_descriptor_failed() v2 specific because they take a
rend_data_t object and v3 will need to pass a different object.

No behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
beacbbe210 control: Refactor control_event_hs_descriptor_receive_end
First, rename and make that function static because it is internal to
control.c and called by two HS_DESC events.

Second, make it take more basic parameters and thus not a rend_data_t object
so we can still use the function for v3 HS that doesn't use that object.

Third, move the descriptor ID lookup to the two specific events (yes little
code duplication there) because they get a rend_data_t object which won't be
the case for v3.

Finally, through this refactoring, change the pointer check to BUG() and
change some parameter names to reflect what they really are.

No behavior change at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
242ddc85c8 control: Refactor HS_DESC events functions to not be v2 specific
This is a naming refactor mostly _except_ for a the events' function that take
a rend_data_t which will require much more refactoring.

No behavior change at this commit, cleanup and renaming stuff to not be only
v2 specific.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
4633a93ca8 hs-v3: Downgrade warning log when an intro circuit has closed
When an intro circuit has closed, do not warn anymore when we can't find the
service. It is possible to hit that condition if the service is removed before
the circuits were fully closed. This happens in the case of deleting an
ephemeral service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
f0e3331f3c hs-v3: Add ephemeral service support
The functions are now used by the ADD_ONION/DEL_ONION control port command as
well. This commits makes them fully functionnal with hidden service v3.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
Nick Mathewson
1969d57363 Change our build process to run Cargo from inside the build tree
Instead of using the cwd to specify the location of Cargo.toml, we
use the --manifest-path option to specify its location explicitly.

This works around the bug that isis diagnosed on our jenkins builds.
2017-12-05 14:23:55 -05:00
Nick Mathewson
a798ba6e9b Merge branch 'maint-0.3.2' 2017-12-05 12:10:06 -05:00
Nick Mathewson
779e4b9dcf Tweaks to strings in 24500 2017-12-05 12:09:57 -05:00
Fernando Fernandez Mancera
313360e6e6 Make errno error log more useful for getrandom()
Making errno error log more useful for getrandom() call. Adding if statement to
make difference between ENOSYS and other errors.

Fixes #24500

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-05 12:05:09 -05:00
David Goulet
68601a85ca test: Add HSv3 unit test for expiring intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
e80893e51b hs-v3: Cleanup HS circuits when marking as closed
First, hs_service_intro_circ_has_closed() is now called in circuit_mark_for
close() because the HS subsystem needs to learn when an intro point is
actually not established anymore as soon as possible. There is a time window
between a close and a free.

Second, when we mark for close, we also remove it from the circuitmap because
between the close and the free, a service can launch an new circuit to that
same intro point and thus register it which only succeeds if the intro point
authentication key is not already in the map.

However, we still do a remove from the circuitmap in circuit_free() in order
to also cleanup the circuit if it wasn't marked for close prior to the free.

Fixes #23603

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
ba63c4099a hs-v3: Don't cleanup intro point in has_closed()
The hs_service_intro_circ_has_closed() was removing intro point objects if too
many retries.

We shouldn't cleanup those objects in that function at all but rather let
cleanup_intro_points() do its job and clean it properly.

This was causing an issue in #23603.

Furthermore, this moves the logic of remembering failing intro points in the
cleanup_intro_points() function which should really be the only function to
know when to cleanup and thus when an introduction point should be remembered
as a failed one.

Fixes #23603

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
97702c69b0 sched: Set channel scheduler state to IDLE when not opened
In the KIST main loop, if the channel happens to be not opened, set its state
to IDLE so we can release it properly later on. Prior to this fix, the channel
was in PENDING state, removed from the channel pending list and then kept in
that state because it is not opened.

This bug was introduced in commit dcabf801e5 for
which we made the scheduler loop not consider unopened channel.

This has no consequences on tor except for an annoying but harmless BUG()
warning.

Fixes #24502

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-04 14:48:15 -05:00
Nick Mathewson
0694a6dc01 Don't pass --quiet to cargo for now
Fixes bug 24518.
2017-12-04 14:19:22 -05:00