Commit Graph

27252 Commits

Author SHA1 Message Date
Nick Mathewson
7c5a67ccd9 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-03-15 08:52:29 -04:00
Nick Mathewson
b9f6539008 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-03-15 08:52:28 -04:00
Nick Mathewson
f46f4562cf Merge branch 'bug40286_disable_min_035' into maint-0.3.5 2021-03-15 08:41:03 -04:00
Nick Mathewson
8e4965aa36 Bump to 0.4.6.1-alpha 2021-03-15 07:42:47 -04:00
Nick Mathewson
be17a5a3cf Bump to 0.4.5.7 2021-03-15 07:41:54 -04:00
Nick Mathewson
fb2c889a38 Bump to 0.4.4.8 2021-03-15 07:40:48 -04:00
Nick Mathewson
1a0b5fd569 Bump to 0.3.5.14 2021-03-15 07:39:45 -04:00
Nick Mathewson
444233c15e Run "make autostyle" in advance of new series. 2021-03-12 11:40:48 -05:00
Nick Mathewson
b5d08ddc09 Update copyrights to 2021, using "make update-copyright" 2021-03-12 11:39:23 -05:00
Nick Mathewson
d7e827a754 Remove MMDB conversion tool.
It was made to convert Maxmind's "mmdb" files into the older format
that we used.  But now thanks to IPFire Location, we don't have to
touch Maxmind formats any more.  (See ticket #40224.)
2021-03-12 11:37:03 -05:00
Nick Mathewson
b014866f6a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-03-12 11:30:22 -05:00
Nick Mathewson
0b4a0c1a26 Merge branch 'maint-0.4.5' 2021-03-12 11:30:22 -05:00
Nick Mathewson
41796158e6 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-03-12 11:30:21 -05:00
Nick Mathewson
a7b3cb06f5 Update geoip files to match ipfire location db, 2021/03/12. 2021-03-12 11:26:07 -05:00
Nick Mathewson
7d9403b422 Merge remote-tracking branch 'tor-gitlab/mr/336' 2021-03-10 16:47:46 -05:00
Nick Mathewson
f98dbdb069 Merge branch 'maint-0.4.5' 2021-03-10 15:28:14 -05:00
Nick Mathewson
e8d224dfb1 Merge remote-tracking branch 'tor-gitlab/mr/335' into maint-0.4.5 2021-03-10 15:27:50 -05:00
David Goulet
fc080b4113 Merge branch 'maint-0.4.5' 2021-03-10 10:04:26 -05:00
David Goulet
9f9fed3fd1 vote: Add "stats" line
Closes #40314

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-03-10 09:51:30 -05:00
David Goulet
f93ccb8d24 hs: Remove hamrless BUG() that can happen
When reloading a service, we can re-register a service and thus end up again
in the metrics store initialization code path which is fine. No need to BUG()
anymore.

Fixes #40334

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-03-10 09:12:29 -05:00
Nick Mathewson
9409c7f2f5 Don't warn about missing guard state if controller picked first hop
See comments about why this needs a new flag and we can't just use
CIRCUIT_PURPOSE_CONTROLLER.

Fixes #40285; bugfix on 0.3.2.1-alpha.
2021-03-08 13:42:43 -05:00
Nick Mathewson
690c7be253 Fix parsing bug in linux get_total_system_memory().
Use find_str_at_start_of_line(), not strstr() here: we don't want
to match "MemTotal: " if it appears in the middle of a line.

Fixes #40315; bugfix on 0.2.5.4-alpha.
2021-03-03 14:52:15 -05:00
Alexander Færøy
80b6054bb0 Merge remote-tracking branch 'tor-gitlab/mr/213' 2021-03-03 15:16:20 +00:00
David Goulet
2eb015372b Merge branch 'tor-gitlab/mr/328' 2021-03-01 08:36:02 -05:00
Nick Mathewson
1b36e50fdd Correct documentation for lib_meminfo.md 2021-03-01 08:13:32 -05:00
Alexander Færøy
a497a97e4c Change %lu to %TOR_PRIuSZ in dos.c.
This patch unbreaks the Windows build on master that was introduced in
99703eaca0.
2021-02-26 18:16:08 +00:00
David Goulet
f75baf5ea5 Merge branch 'maint-0.4.5' 2021-02-24 13:55:30 -05:00
David Goulet
6ea7eb58c6 Merge branch 'tor-gitlab/mr/321' into maint-0.4.5 2021-02-24 13:55:21 -05:00
Nick Mathewson
db14801b04 Add tests for parsing and selecting directory ports. 2021-02-24 13:16:07 -05:00
Nick Mathewson
6e4b10cf67 Allow extra dirport URLs to be configured for authorities. 2021-02-24 13:15:36 -05:00
Nick Mathewson
ae0aff87ce Choose the correct dirport when contacting an authority.
This is part of an implementation for proposal 330.

This implementation doesn't handle authdirs' IPv6 dirports (yet).
2021-02-24 10:23:20 -05:00
Nick Mathewson
4e977cce40 Add support for knowing multiple HTTP DirPorts for an authority.
(These aren't yet set or used.)
2021-02-24 10:23:20 -05:00
George Kadianakis
830b0f8c62 Merge remote-tracking branch 'tor-gitlab/mr/306' 2021-02-24 12:35:55 +02:00
David Goulet
6edb648aa0 Merge branch 'maint-0.4.5' 2021-02-23 12:28:04 -05:00
David Goulet
97e51dd01b Merge branch 'tor-gitlab/mr/326' into maint-0.4.5 2021-02-23 12:27:59 -05:00
David Goulet
ad4f87ed3f Remove mallinfo() from codebase
Now deprecated in libc >= 2.33

Closes #40309

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-23 12:16:58 -05:00
David Goulet
296a557bfc Remove mallinfo() from codebase
Now deprecated in libc >= 2.33

Closes #40309

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-23 11:02:33 -05:00
David Goulet
39d0f69dfe relay: Avoid a directory early fetch
The directory_fetches_from_authorities() is used to know if a client or relay
should fetch data from an authority early in the boot process.

We had a condition in that function that made a relay trigger that fetch if it
didn't know its address (so we can learn it). However, when this is called,
the address discovery has not been done yet so it would always return true for
a relay.

Furthermore, it would always trigger a log notice that the IPv4 couldn't be
found which was inevitable because the address discovery process has not been
done yet (done when building our first descriptor).

It is also important to point out that starting in 0.4.5.1-alpha, asking an
authority for an address is done during address discovery time using a one-hop
circuit thus independent from the relay deciding to fetch or not documents
from an authority.

Small fix also is to reverse the "IPv(4|6)Only" flag in the notice so that if
we can't find IPv6 it would output to use IPv4Only.

Fixes #40300

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-23 09:49:45 -05:00
Nick Mathewson
bc799a1eaf Merge remote-tracking branch 'tor-gitlab/mr/320' 2021-02-23 09:29:49 -05:00
David Goulet
c96465259a dos: Change the DoS heartbeat line format
Fix a bug introduced in 94b56eaa75 which
overwrite the connection message line.

Furthermore, improve how we generate that line by using a smartlist and change
the format so it is clearer of what is being rejected/detected and, if
applicable, which option is disabled thus yielding no stats.

Closes #40308

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-23 08:54:45 -05:00
Nick Mathewson
100221baac Merge remote-tracking branch 'origin/master' 2021-02-23 08:43:19 -05:00
Nick Mathewson
4321755de7 Merge branch 'ticket40282_046_01_squashed' 2021-02-23 08:32:58 -05:00
Alexander Færøy
83ab6adb10 Merge remote-tracking branch 'tor-gitlab/mr/276' 2021-02-22 20:52:44 +00:00
David Goulet
45113b648b test: Add DoS connection rate unit test
Related to #40253

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 15:48:52 -05:00
David Goulet
99703eaca0 dos: Move concurrent count into conn_stats object
No behavior change except for logging. This is so the connection related
statistics are in the right object.

Related to #40253

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 15:48:43 -05:00
David Goulet
94b56eaa75 dos: New client connect rate detection
This is a new detection type which is that a relay can now control the rate of
client connections from a single address.

The mechanism is pretty simple, if the rate/burst is reached, the address is
marked for a period of time and any connection from that address is denied.

Closes #40253

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 15:48:42 -05:00
Nick Mathewson
8907800549 Merge remote-tracking branch 'tor-gitlab/mr/319' 2021-02-22 15:39:30 -05:00
Nick Mathewson
6e3a7c410f Merge branch 'maint-0.4.5' 2021-02-22 15:37:39 -05:00
Nick Mathewson
bc21ed3290 Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5 2021-02-22 15:37:31 -05:00
David Goulet
d98c77b78e relay: Reduce streaming compression ratio from HIGH to LOW
Fixes #40301

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 14:47:42 -05:00
Alexander Færøy
a4df1e8ea4 Merge branch 'maint-0.4.5' 2021-02-22 19:13:12 +00:00
Alexander Færøy
26c2e843f9 Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5 2021-02-22 19:12:53 +00:00
David Goulet
4d7f31b964 relay: Move log notice after suggested address lookup
When trying to find our address to publish, we would log notice if we couldn't
find it from the cache but then we would look at the suggested cache (which
contains the address from the authorities) in which we might actually have the
address.

Thus that log notice was misplaced. Move it down after the suggested address
cache lookup.

Closes #40300

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 09:13:54 -05:00
David Goulet
9541ed63a1 relay: Only authorities publish a DirPort
Relay will always publish 0 as DirPort value in their descriptor from now on
except authorities.

Related to #40282

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 08:52:15 -05:00
David Goulet
38649b4f95 relay: Remove dirport reachability self test
Regular relays are about to get their DirPort removed so that reachability
test is not useful anymore

Authorities will still use the DirPort but because network reentry towards
their DirPort is now denied network wide, this test is not useful anymore and
so it should simply be considered reachable at all time.

Part of #40282

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-22 08:52:06 -05:00
George Kadianakis
c0589d06be Fix a test failure in test_hs_control_add_onion_helper_add_service().
This bug made the pipeline fail. It basically tries to access a service we just
freed because it's still on the service list.

It only occurs about once every 10 tests and it looks like this:

$ ./src/test/test hs_control/hs_control_add_onion_helper_add_service
hs_control/hs_control_add_onion_helper_add_service: [forking] =================================================================
==354311==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000000940 at pc 0x55a159251b03 bp 0x7ffc6abb5b30 sp 0x7ffc6abb5b28
READ of size 8 at 0x613000000940 thread T0
^[[A
    #0 0x55a159251b02 in hs_service_ht_HT_FIND_P_ src/feature/hs/hs_service.c:153
    #1 0x55a159251b02 in hs_service_ht_HT_FIND src/feature/hs/hs_service.c:153
    #2 0x55a159251b02 in find_service src/feature/hs/hs_service.c:175
    #3 0x55a159251c2c in register_service src/feature/hs/hs_service.c:188
    #4 0x55a159262379 in hs_service_add_ephemeral src/feature/hs/hs_service.c:3811
    #5 0x55a158e865e6 in test_hs_control_add_onion_helper_add_service src/test/test_hs_control.c:847
    #6 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107
    #7 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201
    #8 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267
    #9 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454
    #10 0x55a158b1b1a4 in main src/test/testing_common.c:420
    #11 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308
    #12 0x55a158b21f69 in _start (/home/f/Computers/tor/mytor/src/test/test+0x372f69)

0x613000000940 is located 64 bytes inside of 344-byte region [0x613000000900,0x613000000a58)
freed by thread T0 here:
    #0 0x7f7f0774ab6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
    #1 0x55a158e86508 in test_hs_control_add_onion_helper_add_service src/test/test_hs_control.c:838
    #2 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107
    #3 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201
    #4 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267
    #5 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454
    #6 0x55a158b1b1a4 in main src/test/testing_common.c:420
    #7 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f7f0774ae8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55a15948b728 in tor_malloc_ src/lib/malloc/malloc.c:45
    #2 0x55a15948b7c0 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
    #3 0x55a159261bb5 in hs_service_new src/feature/hs/hs_service.c:4290
    #4 0x55a159261f49 in hs_service_add_ephemeral src/feature/hs/hs_service.c:3758
    #5 0x55a158e8619f in test_hs_control_add_onion_helper_add_service src/test/test_hs_control.c:832
    #6 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107
    #7 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201
    #8 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267
    #9 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454
    #10 0x55a158b1b1a4 in main src/test/testing_common.c:420
    #11 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free src/feature/hs/hs_service.c:153 in hs_service_ht_HT_FIND_P_
Shadow bytes around the buggy address:
  0x0c267fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c267fff80e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c267fff80f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8110: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
=>0x0c267fff8120: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
  0x0c267fff8130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c267fff8140: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c267fff8150: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c267fff8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==354311==ABORTING
[Lost connection!]
  [hs_control_add_onion_helper_add_service FAILED]
1/1 TESTS FAILED. (0 skipped)
2021-02-22 13:31:29 +02:00
George Kadianakis
428819f5dd Fix CID 1473232 in connection_ap_handle_onion().
Now that v2 is off the table, 'rend_cache_lookup_result' is useless in
connection_ap_handle_onion() because it can only take the ENOENT value.  Let's
remove that helper variable and handle the ENOENT case specifically when we
check the cache.

Also remove the 'onion_address' helper variable.
2021-02-22 12:58:23 +02:00
George Kadianakis
32fc8a116a Refactoring: Remove 'addresstype' from connection_ap_handle_onion().
It's all v3 now.

Preparation for fixing CID 1473232.
2021-02-22 12:58:18 +02:00
George Kadianakis
c0a2330314 Fix CID 1473233 in handle_control_hsfetch().
With v2 support for HSFETCH gone, we only support v3 addresses. We don't
support v2 descriptor IDs anymore and hence we can remove that code.

The code removed would ensure that if a v2 descriptor ID was provided, the user
also had to provide HSDirs explicitly.

In the v3 case, the code should work even if no HSDirs are provided, and Tor
would find the HSDirs itself.
2021-02-22 12:57:43 +02:00
Neel Chauhan
88559aca2d Make dirauths vote the Sybil flag when other flags are zeroed out 2021-02-19 10:44:11 -08:00
David Goulet
8ccfd4a51a hs-v2: Warn of v2 obsolete if configured
For a user using "HiddenServiceVersion 2", a log warning is emitted indicating
that v2 is now obsolete instead of a confusing message saying that the version
is not supported.

Also, if an introduction point gets a legacy (v2) ESTABLISH_INTRO, we'll
simply close the circuit without emitting a protocol warning log onto the
relay.

Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
8577243cd2 hs: Remove last artefact of HSv2 in the code
Closes #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
9782cd2c9b hs: Remove v2 code from HS circuitmap
Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
897ec8a34c hs: Remove v2 stats
We still keep v2 rendezvous stats since we will allow them until the network
has entirely phased out.

Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
9f2e74cac7 test: Change chutney test to use HSv3 only
Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
330aec798b man: Cleanup of v2 options and config
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
90c1a1f8b1 or: Cleanup or.h header of HSv2 code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
ca04e9b8ed hs: Remove introduction point v2 support
Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:49 -05:00
David Goulet
2c865542b6 hs-v2: Removal of service and relay support
This is unfortunately massive but both functionalities were extremely
intertwined and it would have required us to actually change the HSv2 code in
order to be able to split this into multiple commits.

After this commit, there are still artefacts of v2 in the code but there is no
more support for service, intro point and HSDir.

The v2 support for rendezvous circuit is still available since that code is
the same for the v3 and we will leave it in so if a client is able to
rendezvous on v2 then it can still transfer traffic. Once the entire network
has moved away from v2, we can remove v2 rendezvous point support.

Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:20:48 -05:00
David Goulet
a34885bc80 hs: Rename service config port object
Remove it from rendservice.c and move everything related to hs_common.{c|h}.

Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:19:08 -05:00
David Goulet
2444629c86 hs-v2: Remove client support
Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19 13:19:08 -05:00
Nick Mathewson
ede88c374c Disable the dump_desc() function.
It can be called with strings that should have been
length-delimited, but which in fact are not.  This can cause a
CPU-DoS bug or, in a worse case, a crash.

Since this function isn't essential, the best solution for older
Tors is to just turn it off.

Fixes bug 40286; bugfix on 0.2.2.1-alpha when dump_desc() was
introduced.
2021-02-19 12:31:19 -05:00
George Kadianakis
cf1f03fe1d Merge remote-tracking branch 'tor-gitlab/mr/308' 2021-02-19 13:25:47 +02:00
Mike Perry
b2f025cb56 Merge branch 'bug40168+34088-035-v3' into bug40168+34088-035-v3-master 2021-02-18 18:17:18 +00:00
Mike Perry
917f8beb54 Add CBT unit test for Xm and alpha estimation. 2021-02-18 11:21:25 -06:00
Mike Perry
a0690f079d Update documentation for the number of modes for Xm estimator. 2021-02-18 11:21:25 -06:00
Mike Perry
d16b3d12a1 Bug 34088: Remove max timeout calculation and warning.
With the maximum likelihood estimator for alpha from #40168, we no longer need
max_time to calculate alpha.
2021-02-18 11:21:25 -06:00
Mike Perry
ed9d60cb92 Fix Xm mode calculation to properly average N=10 modes.
This is still fast enough. ~100usec on my laptop with 1000 build times.
2021-02-18 11:21:25 -06:00
Mike Perry
406400a74d Lower circuit build time bin width to 10ms.
50ms is not enough resolution. CBT can be as low as 80ms in datacenter
clients close to their relays.
2021-02-18 11:21:25 -06:00
Mike Perry
86acd4d940 Log circuit timeout in milliseconds 2021-02-18 11:21:25 -06:00
Mike Perry
c90b0cb6fb Raise the circuit close time quantile to 99.
This should allow us to more accurately estimate pareto parameters
without relying on "right-censorship" of circuit build timeout values.
2021-02-18 11:21:25 -06:00
Mike Perry
761dd9f2ab Lower min circ timeout from 1.5s to bin width (10ms) 2021-02-18 11:21:25 -06:00
Mike Perry
37b2159150 Completely ignore abandoned circs from circ timeout calc
This prevents the timeout curve from getting spread out as much, resulting in
more accurate timeout values for quantiles from 60-80.
2021-02-18 11:21:25 -06:00
Roger Dingledine
8a8045c788 relay: No longer test dirport reachability for authorities
Now that exit relays don't allow exit connections to directory authority
DirPorts, the follow-up step is to make directory authorities stop doing
DirPort reachability checks.

Fixes #40287

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-17 10:28:18 -05:00
David Goulet
9f61d9238c metrics: Handle the connection finished flushing event
Turns out, we forgot to add the METRICS connection type fo the finished
flushing handler.

Fixes #40295

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-17 09:54:05 -05:00
Nick Mathewson
336c45f1a5 Bump to 0.4.5.6-dev 2021-02-15 13:00:14 -05:00
Nick Mathewson
18db584caf Bump to 0.4.5.6. 2021-02-15 09:55:09 -05:00
David Goulet
71e9c56578 Merge branch 'maint-0.4.5' 2021-02-12 13:13:57 -05:00
David Goulet
5887c1f1f3 Merge branch 'tor-gitlab/mr/304' into maint-0.4.5 2021-02-12 13:13:50 -05:00
David Goulet
d47e937a50 test: Fix duplicate ORPort test
The comment of that specific unit test wanted 4 ORPorts but for some reasons
we tested for 3 which before the previous commit related to #40289, test would
pass but it was in fact wrong.

Now the code is correct and 4 was in fact correct expected number of ports.

Related to #40289

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-12 13:13:43 -05:00
David Goulet
dfcb050bbf config: Do not compare for duplicate ORPorts with different addresses
We were just looking at the family which is not correct because it is possible
to have two explicit ORPort for the same family but different addresses. One
example is:

  ORPort 127.0.0.1:9001 NoAdvertise
  ORPort 1.2.3.4:9001 NoListen

Thus, this patch now ignores ports that have different addresses iff they are
both explicits. That is, if we have this example, also two different
addresses:

  ORPort 9001
  ORPort 127.0.0.1:9001 NoAdvertise

The first one is implicit and second one is explicit and thus we have to
consider them for removal which in this case would remove the "ORPort 9001" in
favor of the second port.

Fixes #40289

Signe-off-by: David Goulet <dgoulet@torproject.org>
2021-02-12 13:13:43 -05:00
David Goulet
c1b5e7fa1b Merge branch 'maint-0.4.5' 2021-02-12 12:57:18 -05:00
David Goulet
bdca475518 Merge branch 'tor-gitlab/mr/302' into maint-0.4.5 2021-02-12 12:56:15 -05:00
David Goulet
73bedcaf4d Merge branch 'tor-gitlab/mr/303' into maint-0.4.5 2021-02-12 12:54:52 -05:00
Alexander Færøy
e6caf7d8c7 Merge branch 'maint-0.4.5' 2021-02-12 15:23:34 +00:00
Alexander Færøy
d24a6b2f75 Merge remote-tracking branch 'tor-gitlab/mr/293' into maint-0.4.5 2021-02-12 15:23:02 +00:00
George Kadianakis
9b6b1aedcd Merge branch 'maint-0.4.5' 2021-02-12 13:54:18 +02:00
George Kadianakis
088a74aaab Merge remote-tracking branch 'tor-gitlab/mr/294' into maint-0.4.5 2021-02-12 13:53:45 +02:00
George Kadianakis
9fbedc74c3 Merge branch 'maint-0.4.5' 2021-02-12 13:50:36 +02:00
George Kadianakis
58b5300f44 Merge remote-tracking branch 'tor-gitlab/mr/295' into maint-0.4.5 2021-02-12 13:44:03 +02:00
David Goulet
80b33ae1ca config: Set flag for implicit port address
Fun bug where we thought we were using the default "false" value when an
implicit address was detected but if we had an explicit address before, the
flag was set to true and then we would only use that value.

And thus, for some configurations, implicit addresses would be flagged as
explicit and then configuring ports goes bad.

Related to #40289

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-11 16:12:59 -05:00
David Goulet
ae5800cd9f relay: Allow RFC1918 addresses for non public relays
In other words, if PublishServerDescriptor is set to 0 and AssumeReachable to
1, then allow a relay to hold a RFC1918 address.

Reasons for this are documented in #40208

Fixes #40208

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-10 13:24:21 -05:00
David Goulet
5138a9c3c2 relay: Don't look at omit flag when building descriptor
That comes from 685c4866ac which added that
check correctly except for when we build a descriptor.

We already omit the IPv6 address, if we need to, when we encode the descriptor
but we need to keep the actual discovered address in the descriptor so we can
notice future IP changes and be able to assess that we are not publishable as
long as we don't specifically set the omit flag.

This lead to also having tor noticing that our IP changed from <nothing> (no
IPv6 in the descriptor) to a discovered one which would trigger every minute.

Fixes #40279, #40288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-10 11:47:17 -05:00
George Kadianakis
b64fe4bf55 Fix coverity warnings 1472846 / 1472845. 2021-02-09 19:15:49 +02:00
Nick Mathewson
14e1c2fe0a Merge branch 'maint-0.4.5' 2021-02-08 14:31:13 -05:00
Nick Mathewson
758000aa98 Merge remote-tracking branch 'tor-gitlab/mr/296' into maint-0.4.5 2021-02-08 14:30:11 -05:00
Nick Mathewson
d6b82d79dc Merge branch 'maint-0.4.5' 2021-02-08 14:28:19 -05:00
David Goulet
01c4abc2d4 conn: Properly close MetricsPort socket on EOF
Handle the EOF situation for a metrics connection. Furthermore, if we failed
to fetch the data from the inbuf properly, mark the socket as closed because
the caller, connection_process_inbuf(), assumes that we did so on error.

Fixes #40257

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-08 14:26:45 -05:00
Nick Mathewson
0efc1e6372 40274: Add a changes file and make the same change with FD_CLOEXEC 2021-02-08 12:39:12 -05:00
Nick Mathewson
d21ad8a78d Merge remote-tracking branch 'tor-github/pr/2128/head' 2021-02-08 12:14:58 -05:00
Nick Mathewson
56f1cab9c1 Don't log supported-protover warnings if consensus is older than Tor.
Previously we would warn in this case... but there's really no
justification for doing so, and it can only cause confusion.

Fixes bug #40281; bugfix on 0.4.0.1-alpha.
2021-02-08 11:52:53 -05:00
David Goulet
685c4866ac relay: Look at the omit IPv6 flag when publishing
In two instances we must look at this flag:

1. When we build the descriptor so the IPv6 is NOT added to the descriptor in
   case we judge that we need to omit the address but still publish.

2. When we are deciding if the descriptor is publishable. This flags tells us
   that the IPv6 was not found reachable but we should still publish.

Fixes #40279

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-08 11:51:45 -05:00
Nick Mathewson
8d80126eee Remove DirCache=1 from list of supported versions.
Closes #40221
2021-02-08 11:40:35 -05:00
David Goulet
841ee4641e relay: Fix Coverity warning for unchecked returned value
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-08 11:09:29 -05:00
Nick Mathewson
576e248bc2 Merge remote-tracking branch 'tor-gitlab/mr/278' 2021-02-08 10:44:58 -05:00
Nick Mathewson
90add50550 Merge branch 'bug40249_squashed' 2021-02-08 10:31:30 -05:00
Neel Chauhan
2391c60c5c Add stream ID to ADDRMAP control event 2021-02-08 10:23:41 -05:00
George Kadianakis
177b535e72 Another round of unittest massaging for tor!212. 2021-02-08 15:58:06 +02:00
George Kadianakis
16915ec515 Fix broken unittest from tor!212 .
Be more careful with memory management in the test.
2021-02-08 15:30:50 +02:00
George Kadianakis
d4255253b0 Merge remote-tracking branch 'tor-gitlab/mr/212' 2021-02-08 13:03:07 +02:00
Alexander Færøy
07ca2a8ee9 Merge branch 'maint-0.4.5' 2021-02-05 17:17:05 +00:00
Alexander Færøy
3496804827 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-05 17:17:05 +00:00
Alexander Færøy
af9107aff2 Fix Windows build.
While trying to resolve our CI issues, the Windows build broke with an
unused function error:

   src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
   defined but not used [-Werror=unused-function]

We solve this by moving the `#if !defined(_WIN32)` test above the
`unprivileged_port_range_start()` function defintion such that it is
included in its body.

This is an unreviewed commit.

See: tor#40275
2021-02-05 17:12:52 +00:00
Alexander Færøy
7a152997fe Merge branch 'maint-0.4.5' 2021-02-05 16:05:57 +00:00
Alexander Færøy
0a40892e8c Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-05 16:05:57 +00:00
Alexander Færøy
6578a3e865 Merge branch 'tor-gitlab/mr/292_squashed' into maint-0.4.4 2021-02-05 16:04:53 +00:00
Alexander Færøy
67aefd5520 Only check for bindable ports if we are unsure if it will fail.
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.

See: tor#40275
2021-02-05 16:04:21 +00:00
Neel Chauhan
d103466282 Add missing newline between get_all_possible_sybil() and version_from_platform() 2021-02-03 14:07:01 -08:00
Nick Mathewson
f3ba71bbee bump to 0.4.4.7-dev 2021-02-03 13:39:03 -05:00
Nick Mathewson
21317c9229 Bump to 0.3.5.13-dev. 2021-02-03 13:37:28 -05:00
Neel Chauhan
22f55fdb2a Document REND_V3_AUTH flag 2021-02-03 10:25:46 -08:00
David Goulet
22941c5299 Merge branch 'maint-0.4.5' 2021-02-03 09:35:50 -05:00
David Goulet
44b4aa82aa nodelist: Remove merge artefact
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 09:35:45 -05:00
David Goulet
970d49f11b Merge branch 'maint-0.4.5' 2021-02-03 09:11:15 -05:00
David Goulet
9e91bb31cc Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-03 09:11:15 -05:00
David Goulet
61e38deb56 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 09:11:14 -05:00
David Goulet
890a9e89ba Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 09:11:14 -05:00
David Goulet
f322ea3fa8 Merge branch 'ticket40269_035_01' into maint-0.3.5 2021-02-03 09:11:09 -05:00
David Goulet
6f95cdf87e Remove unused addr_port_set code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 09:11:01 -05:00
David Goulet
1b298e1863 Merge branch 'maint-0.4.5' 2021-02-03 08:58:17 -05:00
David Goulet
a0b3e9116d Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-03 08:58:02 -05:00
David Goulet
eda81ea27e Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 08:56:38 -05:00
David Goulet
cc5d5a5d1e Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 08:56:38 -05:00
David Goulet
a3cef41fc3 Merge branch 'ticket40270_035_01' into maint-0.3.5 2021-02-03 08:56:30 -05:00
David Goulet
903bfc4eca Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 08:54:40 -05:00
David Goulet
e50648582b Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 08:54:40 -05:00
David Goulet
c2cee6c780 node: Move reentry set to use a digestmap_t
Any lookup now will be certain and not probabilistic as the bloomfilter.

Closes #40269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:54:02 -05:00
David Goulet
59f1a41a7f relay: Send back CONNECTION_REFUSED on reentry
The TORPROTOCOL reason causes the client to close the circuit which is not
what we want because other valid streams might be on it.

Instead, CONNECTION_REFUSED will leave it open but will not allow more streams
to be attached to it. The client then open a new circuit to the destination.

Closes #40270

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:52:48 -05:00
David Goulet
36b51a1c71 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 08:51:37 -05:00
David Goulet
0f8195406e Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 08:51:36 -05:00
David Goulet
98590621bb relay: Double the size of the relay reentry set
This is to minimize false positive and thus deny reentry to Exit connections
that were in reality not re-entering. Helps with overall UX.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:51:00 -05:00
David Goulet
ce3af5dd59 relay: Follow consensus parameter for network reentry
Obey the "allow-network-reentry" consensus parameters in order to decide to
allow it or not at the Exit.

Closes #40268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:50:56 -05:00
George Kadianakis
0ba0d738a8 Merge remote-tracking branch 'tor-gitlab/mr/279' 2021-02-02 15:25:22 +02:00
Helge Deller
8ea00c85cb Fix testcases regarding O_NONBLOCK on parisc/hppa architecture
On the parisc/hppa architecture, the O_NONBLOCK constant can be either
000200000 or 000200004, depending on the Linux kernel and glibc version
on which the binary is running.
Background of this can be read in this upstream Linux kernel patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75ae04206a4d0e4f541c1d692b7febd1c0fdb814

The tor testcases fail because of this, because function
fd_is_nonblocking() checks hard against the O_NONBLOCK value, while it's
sufficient if it would only check if one of the bits is set.

Fix this trivial issue by just comparing if the returned file descriptor flag
and'ed with O_NONBLOCK is non-zero.

As reference, a failing build on parisc/hppa can be seen here:
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=hppa&ver=0.4.4.6-1%2Bb1&stamp=1612225628&raw=0
2021-02-02 12:20:13 +01:00
Nick Mathewson
40eeb63b5e bump to 0.4.5.5-rc-dev 2021-02-01 16:14:07 -05:00
David Goulet
6bde42b4de Merge branch 'maint-0.4.5' 2021-02-01 14:10:06 -05:00
David Goulet
ed373eaa8d Merge branch 'tor-gitlab/mr/289' into maint-0.4.5 2021-02-01 14:09:58 -05:00
David Goulet
387d1d8835 relay: Send back CONNECTION_REFUSED on reentry
The TORPROTOCOL reason causes the client to close the circuit which is not
what we want because other valid streams might be on it.

Instead, CONNECTION_REFUSED will leave it open but will not allow more streams
to be attached to it. The client then open a new circuit to the destination.

Closes #40270

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 12:45:32 -05:00
David Goulet
627e7d6625 Remove unused addr_port_set code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 12:28:29 -05:00
David Goulet
bd4a3f64a1 node: Move reentry set to use a digestmap_t
Any lookup now will be certain and not probabilistic as the bloomfilter.

Closes #40269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 12:22:23 -05:00
David Goulet
385fda038f Merge branch 'maint-0.4.5' 2021-02-01 09:24:38 -05:00
David Goulet
838e07be9d relay: Double the size of the relay reentry set
This is to minimize false positive and thus deny reentry to Exit connections
that were in reality not re-entering. Helps with overall UX.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 09:04:50 -05:00
David Goulet
2c3c30e58f relay: Follow consensus parameter for network reentry
Obey the "allow-network-reentry" consensus parameters in order to decide to
allow it or not at the Exit.

Closes #40268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 08:56:27 -05:00
David Goulet
b2434d30d2 Merge branch 'tor-gitlab/mr/285' into ticket2667_044_01 2021-01-29 14:54:21 -05:00
David Goulet
705fd37875 Merge branch 'tor-gitlab/mr/284' into ticket2667_043_01 2021-01-29 14:51:38 -05:00
David Goulet
ec9575944a Merge branch 'maint-0.4.5' 2021-01-29 14:40:56 -05:00
George Kadianakis
46efbcb116 test: Add test for exits blocking reentry to the network
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:28:56 -05:00
Roger Dingledine
632688c797 exit: Deny re-entry into the network
Exit relays now reject exit attempts to known relay addresses + ORPort and
also to authorities on the ORPort and DirPort.

Closes #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:28:54 -05:00
David Goulet
8dda7bfdb8 relay: Add bloomfiter of relay address + {OR|Dir}Port
In order to deny re-entry in the network, we now keep a bloomfilter of relay
ORPort + address and authorities ORPort + address and DirPort + address
combinations.

So when an Exit stream is handled, we deny anything connecting back into the
network on the ORPorts for relays and on the ORPort+DirPort for the
authorities.

Related to #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:28:51 -05:00
George Kadianakis
9eba65bd8b test: Add test for exits blocking reentry to the network
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
Roger Dingledine
93ac6ec4d3 exit: Deny re-entry into the network
Exit relays now reject exit attempts to known relay addresses + ORPort and
also to authorities on the ORPort and DirPort.

Closes #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
David Goulet
f26950fa7a relay: Add bloomfiter of relay address + {OR|Dir}Port
In order to deny re-entry in the network, we now keep a bloomfilter of relay
ORPort + address and authorities ORPort + address and DirPort + address
combinations.

So when an Exit stream is handled, we deny anything connecting back into the
network on the ORPorts for relays and on the ORPort+DirPort for the
authorities.

Related to #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
David Goulet
ea38016202 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:46:31 -05:00
David Goulet
79cb47cfc2 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:46:31 -05:00
David Goulet
9556276f07 Merge branch 'tor-gitlab/mr/50' into maint-0.3.5 2021-01-28 12:46:24 -05:00
David Goulet
be81ecba3a Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:42:31 -05:00
David Goulet
f058db1f3d Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:42:31 -05:00
David Goulet
290007e3c4 Merge branch 'tor-gitlab/mr/239' into maint-0.3.5 2021-01-28 12:42:26 -05:00
David Goulet
a3f2bc8f13 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:36:42 -05:00
David Goulet
f3da5f88d7 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:36:42 -05:00
David Goulet
02bd135cb1 Merge branch 'tor-gitlab/mr/243' into maint-0.3.5 2021-01-28 12:36:35 -05:00
David Goulet
1887231afb Merge branch 'tor-gitlab/mr/256' into maint-0.4.4 2021-01-28 12:12:01 -05:00
David Goulet
5c89197c9f Merge branch 'tor-gitlab/mr/255' into maint-0.4.3 2021-01-28 12:11:33 -05:00
David Goulet
1bdccc03a9 Merge branch 'tor-gitlab/mr/254' into maint-0.3.5 2021-01-28 12:10:39 -05:00
David Goulet
6186288eb6 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:08:20 -05:00
David Goulet
045db909c2 Merge remote-tracking branch 'tor-gitlab/mr/140' into maint-0.3.5 2021-01-28 12:08:14 -05:00
David Goulet
737cd79c42 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:04:42 -05:00
David Goulet
a17be1b5b6 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:04:42 -05:00
David Goulet
c6fb26695b Merge remote-tracking branch 'tor-gitlab/mr/186' into maint-0.3.5 2021-01-28 12:04:37 -05:00
Nick Mathewson
26a07287a4 Bump to 0.4.5.5-rc 2021-01-28 11:20:01 -05:00
Nick Mathewson
f8fea8b979 Bump to 0.4.4.7 2021-01-28 11:19:00 -05:00
Nick Mathewson
c3ed4b2e56 Bump to 0.4.3.8. 2021-01-28 11:18:13 -05:00
Nick Mathewson
3ebf75993f Bump to 0.3.5.13. 2021-01-28 11:17:32 -05:00
Neel Chauhan
a82b4eb305 src/core/mainloop: Put brackets around IPv6 addresses in log messages 2021-01-27 08:23:39 -08:00
David Goulet
a634f6b64c dos: Move config options within the subsystem
Closes #40261

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 10:37:36 -05:00
David Goulet
fd5a72078c dos: Add DoS subsystem to manager list
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:50:27 -05:00
Nick Mathewson
b019c83853 Merge branch 'maint-0.4.5' 2021-01-27 09:36:39 -05:00
Nick Mathewson
3c0d398847 Merge branch 'mr_274_squashed' into maint-0.4.5 2021-01-27 09:36:29 -05:00
David Goulet
f03047332c relay: Log if we can't find an address for configured ORPort
Everytime we try to discover an address we want to publish, emit a log notice
if we are unable to find it even though an ORPort was configured for it.

Because the function can be called quite often, we rate limit that notice to
every hour so it gets annoying just enough so the operator fixes that.

Related to #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
David Goulet
2e600019ea relay: Don't trigger an address discovery without an ORPort
We would before do an address discovery and then a lookup in the cache if not
found which is now simplified by calling relay_find_addr_to_publish() directly
which does all those combined.

Furthermore, by doing so, we won't trigger an address discovery every minute
if we have no ORPort configured for the family.

Fixes #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
David Goulet
b4220a09b7 relay: Simplify IPv6 discovery when building descriptor
Now that relay_find_addr_to_publish() checks if we actually have an ORPort, we
can simplify the descriptor building phase for IPv6.

This also avoid triggering an IPv6 discovery if the IPv4 can't be found in the
first place.

Related to #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
David Goulet
b4f4af6ec5 relay: Skip address discovery if no ORPort is found
In other words, if we don't have an ORPort configured for a specific family
(IPv4/v6), we don't bother doing address discovery.

Related to #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
George Kadianakis
05a7624266 Merge remote-tracking branch 'tor-gitlab/mr/272' 2021-01-27 15:47:10 +02:00
George Kadianakis
dbbd603313 Merge remote-tracking branch 'tor-gitlab/mr/248' 2021-01-27 15:43:01 +02:00
George Kadianakis
a7ca089343 Merge remote-tracking branch 'tor-gitlab/mr/247' 2021-01-27 15:39:29 +02:00
Nick Mathewson
37ea6cd9eb Fix a subtle memory leak in test_exorport.c
This is a _subtle_ bug introduced by d1494d14, which resolved
connections that was allocated in the extorport/handshake test.  So
how did the connection get freed?  Our test was set up so that every
extorport connection would get the same ext_or_id.  Two connections
couldn't have the same ext_or_id, and if they did, one would get
freed.  This meant that the _next_ connection to be constructed in
the test would cause the previous connection to become closeable,
even if it hadn't been closeable before.

But when we applied d149d14, we stopped making it so our code
enforced this uniqueness, and thereby make it so we _weren't_
freeing this connection in the tests.

Closes #40260; bug not in any released version of Tor.
2021-01-26 16:58:27 -05:00
Roger Dingledine
01a5b41be0 New ReconfigDropsBridgeDescs config option
Let external bridge reachability testing tools discard cached
bridge descriptors when setting new bridges, so they can be sure
to get a clean reachability test.

Implements ticket 40209.
2021-01-25 02:16:44 -05:00
Nick Mathewson
af5250b1df bump to 0.4.5.4-rc-dev 2021-01-22 11:55:17 -05:00
Nick Mathewson
5eef63aa71 Bump to 0.4.5.4-rc 2021-01-22 09:49:09 -05:00
Hello71
2e76b02401 path: fix directory special case 2021-01-22 13:19:52 +00:00
MarkusK
62f5114c09 Add IPv6 to mdfnet fallbackdirs 2021-01-22 07:50:47 +01:00
George Kadianakis
74cfe3611f Merge branch 'maint-0.4.5' 2021-01-22 00:21:21 +02:00
George Kadianakis
4cbd22f1a7 Merge branch 'mr/251' into maint-0.4.5 2021-01-22 00:21:09 +02:00
David Goulet
9be33755ef Merge branch 'maint-0.4.5' 2021-01-21 14:58:39 -05:00
David Goulet
c54f4b81da Merge branch 'tor-gitlab/mr/270' into maint-0.4.5 2021-01-21 14:58:31 -05:00
Roger Dingledine
633b68bfe2 log more during consensus voting process
Give more visibility to directory authority operators during the consensus
voting process.

Closes ticket 40245.
2021-01-21 13:46:56 -05:00
Roger Dingledine
9e6064ec35 dir auths write consensuses to disk after creation
This step happens after we make each consensus flavor, and before we
worry about sigs or anything. That way if Tor crashes, or if we fail to
get enough sigs, we still have a chance to know what consensus we wanted
to make.
2021-01-21 13:46:56 -05:00
Nick Mathewson
b2536c97f9 Merge branch 'maint-0.4.5' 2021-01-21 13:40:46 -05:00
Roger Dingledine
0b00f79c82 log more about testing incoming relay descriptors 2021-01-21 13:39:13 -05:00
Nick Mathewson
3d952b461d Merge remote-tracking branch 'tor-gitlab/mr/269' into maint-0.4.5 2021-01-21 13:37:21 -05:00
Nick Mathewson
2243fc3ad1 Merge branch 'maint-0.4.5' 2021-01-21 13:19:49 -05:00
Nick Mathewson
71fd30b75a Introduce a new bridge_has_invalid_transport() function.
In addition to simplifying callsites a little, this function gives
correct behavior for bridges without a configured transport.
2021-01-21 13:17:16 -05:00
Nick Mathewson
9390e2bf83 Merge remote-tracking branch 'tor-gitlab/mr/268' into maint-0.4.5 2021-01-21 13:10:16 -05:00
David Goulet
8a27860720 Merge branch 'maint-0.4.5' 2021-01-21 12:27:34 -05:00
David Goulet
7b102d53e3 Merge branch 'tor-gitlab/mr/265' into maint-0.4.5 2021-01-21 12:27:27 -05:00
David Goulet
7692f443d4 config: Remove Bridge <-> ClientTransportPlugin validation
This validation was only done if DisableNetwork was off because we would use
the global list of transports/bridges and DisableNetwork would not populate
it.

This was a problem for any user using DisableNetwork which includes Tor
Browser and thus leading to the Bug() warning.

Without a more in depth refactoring, we can't do this validation without the
global list.

The previous commit makes it that any connection to a bridge without a
transport won't happen thus we keep the security feature of not connecting to
a bridge without its corresponding transport.

Related to #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-20 15:56:19 -05:00
David Goulet
09c6d03246 bridge: Don't initiate connection without a transport
Don't pick the bridge as the guard or launch descriptor fetch if no transport
is found.

Fixes #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-20 15:55:50 -05:00
Alexander Færøy
c38c36e5f1 Limit the number of items in the consdiffmgr on Windows.
This patch limits the number of items in the consensus diff cache to 64
on the Windows platform. Hopefully, this will allow us to investigate a
smarter fix while avoiding the situation reported in tor#24857 where
Windows relay operators report Tor using 100% CPU.

See: tor#24857
2021-01-20 16:33:17 +00:00
Nick Mathewson
9a0a91dc23 Merge branch 'maint-0.4.5' 2021-01-19 15:21:07 -05:00
Nick Mathewson
18654b629f Merge remote-tracking branch 'tor-gitlab/mr/266' into maint-0.4.5 2021-01-19 15:20:54 -05:00
Nick Mathewson
b0af4ddc7c Merge branch 'maint-0.4.5' 2021-01-19 13:20:43 -05:00
Nick Mathewson
27ee12836d Merge remote-tracking branch 'tor-gitlab/mr/261' into maint-0.4.5 2021-01-19 13:20:31 -05:00
David Goulet
9321ddf3a1 config: Prioritize port with explicit address
When selecting the first advertised port, we always prefer the one with an
explicit address.

Closes #40246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-19 13:07:49 -05:00
David Goulet
938623004b relay: Keep all ORPorts that are on different ports
We used to actually discard ORPorts that were the same port and same family
but they could have different address.

Instead, we need to keep all different ORPorts so we can bind a listener on
each of them. We will publish only one of these in our descriptor though.

Related to #40246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-19 13:07:49 -05:00
Nick Mathewson
b7f886beb4 Merge remote-tracking branch 'tor-gitlab/mr/163' into maint-0.4.3 2021-01-19 12:53:44 -05:00
Nick Mathewson
faf7b550e7 Merge remote-tracking branch 'tor-gitlab/mr/143' into maint-0.3.5 2021-01-19 12:53:30 -05:00
Nick Mathewson
5f53e013cd Merge branch 'maint-0.4.5' 2021-01-19 12:49:31 -05:00
Nick Mathewson
6c1bc570cf Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-19 12:49:31 -05:00
Nick Mathewson
4c82c2d1d4 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-19 12:49:22 -05:00
Nick Mathewson
a22bfe04bc Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-19 12:45:07 -05:00
Alexander Færøy
13cf964453 Remove unnecessary non-fatal assertion.
This patch removes a call to `tor_assert_nonfatal()` if
`extend_info_from_node()` returns NULL. This is unnecessary as we
already handle the case where `info` is NULL in the next `if (!info) {
... }` block in the code.

See: tor#32666.
2021-01-19 17:08:01 +00:00
Nick Mathewson
4961645254 Merge branch 'maint-0.4.5' 2021-01-19 12:02:28 -05:00
David Goulet
691c717187 Revert "IPv6 sybil: consider addresses in the same /64 to be equal."
This reverts commit d07f17f676.

We don't want to consider an entire routable IPv6 network as sybil if more
than 2 relays happen to be on it. For path selection it is very important but
not for selecting relays in the consensus.

Fixes #40243
2021-01-15 12:57:57 -05:00
David Goulet
f0c29f0883 relay: Don't BUG() if we can't find authority descriptor
We can end up trying to find our address from an authority while we don't have
yet its descriptor.

In this case, don't BUG() and just come back later.

Closes #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 10:02:03 -05:00
David Goulet
743a5ef2b3 relay: Don't flag that we published if descriptor build fails
In case building the descriptor would fail, we could still flag that we did in
fact publish the descriptors leading to no more attempt at publishing it which
in turn makes the relay silent for some hours and not try to rebuild the
descriptor later.

This has been spotted with #40231 because the operator used a localhost
address for the ORPort and "AssumeReachable 1" leading to this code path where
the descriptor failed to build but all conditions to "can I publish" were met.

Related to #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 09:42:56 -05:00
Nick Mathewson
fa8ecf8820 Better fix for #40241 (--enable-all-bugs-are-fatal and fallthrough)
This one should work on GCC _and_ on Clang.  The previous version
made Clang happier by not having unreachable "fallthrough"
statements, but made GCC sad because GCC didn't think that the
unconditional failures were really unconditional, and therefore
_wanted_ a FALLTHROUGH.

This patch adds a FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL macro that
seems to please both GCC and Clang in this case: ordinarily it is a
FALLTHROUGH, but when ALL_BUGS_ARE_FATAL is defined, it's an
abort().

Fixes bug 40241 again.  Bugfix on earlier fix for 40241, which was
merged into maint-0.3.5 and forward, and released in 0.4.5.3-rc.
2021-01-13 09:54:43 -05:00
George Kadianakis
cd1468d56b Merge branch 'maint-0.4.5' 2021-01-13 16:01:41 +02:00
George Kadianakis
c931eae981 Merge branch 'mr/252' into maint-0.4.5 2021-01-13 16:01:11 +02:00
Nick Mathewson
4d6d3b3c05 Remove BUG() when checking TOO_MANY_OUTDATED_DIRSERVERS.
Fixes bug #40234; bugfix on 0.3.2.5-alpha.
2021-01-13 16:00:54 +02:00
George Kadianakis
cc30c09f7c Merge branch 'mr/236' 2021-01-13 15:23:54 +02:00