It turns out that circuit_package_relay_cell() returns 0 in order to drop a
cell but there is a code path, if the circuit queue is full, that also silently
closes the circuit and returns 0.
This lead to Conflux thinking a cell was sent but actually the cell was not and
the circuit was closed leading to the hard assert.
And so this function makes sure that circuit_package_relay_cell() and
append_cell_to_circuit_queue() returns a value that indicate what happened with
the cell and circuit so the caller can make an informed decision with it.
This change makes it that we do NOT enter the Conflux subsystem if the cell is
not queued on the circuit.
Fixes#40921
Signed-off-by: David Goulet <dgoulet@torproject.org>
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes#40891
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.
This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.
This fixes TROVE-2023-006 for which its severity is considered high.
Signed-off-by: David Goulet <dgoulet@torproject.org>
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha. Fixes bug 40869.
This commit is a backport of b9b0abd6c2 to 0.4.8.
This patch causes `tor_compress_is_compression_bomb()` to emit a
warning-level log message that lets us learn the potential ratio of the
input to output buffer sizes. Hopefully, this will give us a bit of a
better idea whether the compression bomb ratio needs some tuning.
See: tpo/core/tor#40739.
This patch removes a call to `tor_assert_nonfatal_unreached()` in
`relay_key_is_unavailable_()` that is only called when Tor is compiled
without relay support.
Unfortunately, the non-fatal assertion causes a BUG log
message to appear for clients when they start up without relay support
for each CPU worker we spawn. This makes it spotting issues during
bootstrap harder particularly for our iOS developers.
Since the call sites to `get_master_identity_key()` handles `NULL`
values already, we do not think this will be an issue later on.
Reported by Benjamin Erhart (@tla) from Guardian Project.
Fixes tpo/core/tor#40848.
When we implemented prop275 in 0.4.8.1-alpha, we changed the
behavior of networkstatus_getinfo_helper_single to omit meaningful
published_on times, replacing them with "2038-01-01". This is
necessary when we're formatting a routerstatus with no additional
info, since routerstatus objects no longer include a published_on.
But in networkstatus_getinfo_by_purpose, we do have a routerinfo
that does have a published_on. This patch uses that information
to report published_on times in our output when we're making a
"virtual" networkstatus for a big file of routerinfo_t objects.
This is mostly important for bridge authorities, since when
they dump a secret list of the bridges, they want to include
published_on times.
Closes#40855. Bugfix on 0.4.8.1-alpha.
