Commit Graph

33150 Commits

Author SHA1 Message Date
Nick Mathewson
f557680aa9 Merge remote-tracking branch 'tor-github/pr/1203' 2019-08-06 13:12:42 -04:00
Nick Mathewson
484b654048 test_token_bucket: negate after casting to signed type.
Previously we tried multiplying by -1 before casting to int32_t,
which would cause us to cast the -1 to an unsigned before we
multiplied.  This gave us compiler warnings on windows.

Fixes bug 31353; bug not in any released Tor.
2019-08-06 11:42:04 -04:00
Nick Mathewson
66437710af test_util: Do not check for ENETUNREACH unless it exists.
Fixes bug 31352; bug not in any released Tor.
2019-08-06 11:35:50 -04:00
Nick Mathewson
79569d86b3 Merge branch 'ticket31343_035' into ticket31343_040 2019-08-06 11:18:40 -04:00
Nick Mathewson
bc9492a938 Merge branch 'ticket31343_029' into ticket31343_035 2019-08-06 11:15:20 -04:00
Nick Mathewson
0849d2a2fd Avoid using labs() on time_t in channeltls.c
On some windows builds, time_t is 64 bits but long is not.  This is
causing appveyor builds to fail.

Also, one of our uses of labs() on time_t was logically incorrect:
it was telling us to accept NETINFO cells up to three minutes
_before_ the message they were responding to, which doesn't make
sense.

This patch adds a time_abs() function that we should eventually move
to intmath.h or something.  For now, though, it will make merges
easier to have it file-local in channeltls.c.

Fixes bug 31343; bugfix on 0.2.4.4-alpha.
2019-08-06 11:11:06 -04:00
Nick Mathewson
88f9b123d6 Merge branch 'maint-0.4.1' 2019-08-06 09:19:11 -04:00
Nick Mathewson
21531f35f3 Merge branch 'ticket31311_041' into maint-0.4.1 2019-08-06 09:19:05 -04:00
David Goulet
2b225aaa77 practracker: Make it happy after rebase
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 08:01:26 -04:00
David Goulet
c45f0b4ec1 hs-v3: Rename HS DoS default defines
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
90b5422e8e test: Series of fixes for hs_dos.c unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
e537968548 dos: Update HS intro circuits if parameters change
In case the consensus parameters for the rate/burst changes, we need to update
all already established introduction circuits to the newest value.

This commit introduces a "get all intro circ" function from the HS circuitmap
(v2 and v3) so it can be used by the HS DoS module to go over all circuits and
adjust the INTRODUCE2 token bucket parameters.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
be8bd2a46e hs-v3: Add enable/disable HS DoS introduce parameter
Following prop305 values.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
c5b00c5a51 hs-v3: Add consensus parameters for DoS defenses
Part of #15516

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
fec0a7b7cb test: Add hs_dos.c unit tests
Currently test the only available function which is hs_dos_can_send_intro2()
within the HS anti-DoS subsystem.

Closes #15516

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
9f738be893 hs: Limit the amount of relayed INTRODUCE2
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.

At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.

The rate per second is 25 and allowed burst to 200.

Basic defenses on #15516.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
George Kadianakis
d7afdb3b0f Merge branch 'tor-github/pr/1195' 2019-08-06 14:51:47 +03:00
David Goulet
4ee65a6f87 Merge branch 'tor-github/pr/1193' 2019-08-06 07:42:20 -04:00
Nick Mathewson
0f4b245b20 update exceptions file for depencency violations 2019-08-05 17:48:06 -04:00
Nick Mathewson
d515b0f4ba changes file for ticket 31176 2019-08-05 17:48:06 -04:00
Nick Mathewson
a5971d732e Move include-violation checking into its own function. 2019-08-05 17:48:06 -04:00
Nick Mathewson
2a3c727dfe Make includes interface more like the rest of practracker
Everything else assumes that somebody else will open the file for it.
2019-08-05 17:48:06 -04:00
Nick Mathewson
6b26281b50 practracker: a violation of a .may_include rule is now a problem.
We treat "0" as the expected number, and warn about everything
else.  The problem type is "dependency-violation".
2019-08-05 17:48:06 -04:00
Nick Mathewson
720951f056 Teach include-checker about advisory rules
A .may_includes file can be "advisory", which means that some
violations of the rules are expected.  We will track these
violations with practracker, not as automatic errors.
2019-08-05 17:04:00 -04:00
Ali Raheem
57c34e80da #31320 Add IPv6 examples 2019-08-05 19:24:42 +01:00
Nick Mathewson
9abbde2c24 Update pre-commit hook to find checkIncludes in its new location
Also add a temporary script to redirect the hook, if people don't
upgrade for a bit.
2019-08-05 14:12:39 -04:00
Nick Mathewson
6fb74753c2 Move checkIncludes inside practracker
Update the makefile accordingly.
2019-08-05 14:10:40 -04:00
Nick Mathewson
9eb12dde18 checkIncludes: add a real main function and CLI 2019-08-05 13:40:59 -04:00
Nick Mathewson
3f4e89a7ab checkIncludes: refactor to use error-iteration style
This makes checkIncludes match practracker more closely, and lets us
eliminate a global.
2019-08-05 13:40:59 -04:00
Nick Mathewson
47d9bcfef8 checkIncludes: Separate file-handling from rule-handling
This is our shift from directory-at-a-time processing to
file-at-a-time processing.
2019-08-05 13:40:59 -04:00
Nick Mathewson
65a69f861e checkIncludes.py: extract topological sort code
Our topological sort code really deserves a function of its own.

Additionally, don't print from inside the topological sort code:
instead, return a result, and let the caller print it.
2019-08-05 13:40:59 -04:00
Nick Mathewson
3f35ac772b checkIncludes: introduce rules-file caching.
We'll want this so that we can have each file evaluated
independently, rather than a directory at a time.
2019-08-05 11:35:13 -04:00
Nick Mathewson
475749351d Move the executable part of checkIncludes.py inside an if block.
I'll want to make this block into a series of functions in a
subsequent commit, but I'm doing this separately to get the
indentation change out of the way.

This branch will end up with making checkIncludes.py an integrated
part of practracker, for ticket 31176.
2019-08-05 11:30:22 -04:00
George Kadianakis
8248812188 Rename handle_relay_command to handle_relay_cell_command .
As per David's review.
2019-08-05 18:03:23 +03:00
George Kadianakis
1e970d17b8 Test that regular cells get ignored in padding circuits. 2019-08-05 18:03:23 +03:00
George Kadianakis
ce477da8a7 Ignore regular cells in padding circuits.
Padding circuits were regular cells that got closed before their padding
machine could finish. This means that they can still receive regular cells from
their past life, but they have no way or reason to answer them anymore. Hence
let's ignore them before they even get to the proper subsystems.
2019-08-05 18:03:23 +03:00
George Kadianakis
7a032c5e48 Split connection_edge_process_relay_cell() in two functions.
One function does the validation, the other does the handling.
2019-08-05 18:02:33 +03:00
Nick Mathewson
d5ccd0fa84 Add exceptions for current .h practracker problems. 2019-08-05 10:32:39 -04:00
Nick Mathewson
9a1e9b1d6c Teach practracker about .h files
I'm using 500 as a file size limit, and 15 as an include limit.
This affects comparatively few files, but I think they are the worst
ones.

Closes ticket 31175.
2019-08-05 10:31:02 -04:00
Nick Mathewson
54ad92a240 Merge branch 'maint-0.4.1' 2019-08-05 09:59:40 -04:00
George Kadianakis
74c0595965 Ignore regular cells in padding circuits.
Padding circuits were regular cells that got closed before their padding
machine could finish. This means that they can still receive regular cells from
their past life, but they have no way or reason to answer them anymore. Hence
let's ignore them before they even get to the proper subsystems.
2019-08-05 13:48:58 +03:00
Nick Mathewson
1440c2cb34 Adjust test_practracker.sh to work on windows
The required change is to ignore trailing CRs when diffing files.
2019-08-01 15:43:54 -04:00
Nick Mathewson
fa60fee8d5 practracker: Add unit tests to test script, and test script to makefile
This makes all of the practracker tests get run by make check, and
hence by our CI.

Closes ticket 31304.
2019-08-01 14:01:43 -04:00
Nick Mathewson
5d98b54725 Port practracker unit tests to python 3 2019-08-01 14:00:48 -04:00
Nick Mathewson
30da1b61c6 Distribute practracker unit and integration tests. 2019-08-01 13:59:26 -04:00
Nick Mathewson
49c696fb46 Merge branch 'ticket31311_041' into ticket31304 2019-08-01 13:48:58 -04:00
Nick Mathewson
3945282419 make dist: only include files from practracker dir intentionally.
Previously, we included temporary files and whatnot, which is not
good.

Fixes bug 31311; bugfix on 0.4.1.1-alpha.
2019-08-01 13:47:05 -04:00
Nick Mathewson
223afc2d8f practracker: add envvar TOR_PRACTRACKER_OPTIONS
We have Makefile.am use this to decide how to invoke practracker on
the Tor source.
2019-08-01 12:57:26 -04:00
Nick Mathewson
e57209dc32 Regenerate the practracker exceptions.txt file 2019-08-01 10:25:42 -04:00
Nick Mathewson
a4e4896e66 practracker: restore exceptions.txt header when running --regen 2019-08-01 10:25:20 -04:00