Commit Graph

26131 Commits

Author SHA1 Message Date
Neel Chauhan
ef563a8fef Add an fingerprint-ed25519 file to the data directory 2020-06-25 13:35:15 -04:00
David Goulet
dc4f3a219f Merge branch 'tor-github/pr/1948' 2020-06-25 10:13:04 -04:00
Nick Mathewson
50abc06d84 Remove now-unused OPTIONS_DUMP_DEFAULTS. 2020-06-25 10:02:17 -04:00
Nick Mathewson
62e1d983cf Deprecate the "--dump-config non-builtin" option
When it works, "non-builtin" doesn't do anything different from
"short".  (When it doesn't work, it gives an assertion failure.)

Closes ticket #33398.
2020-06-25 10:01:40 -04:00
David Goulet
c370b4a049 Merge branch 'maint-0.4.4' 2020-06-25 07:36:56 -04:00
David Goulet
fd5b2d0f1c Merge branch 'tor-github/pr/1935' 2020-06-24 15:48:47 -04:00
Neel Chauhan
c8fd7b7040 Make HSFETCH take the decoded length into account, not the base32 one 2020-06-24 15:47:57 -04:00
Nick Mathewson
edb023b1e7 Add an AssumeReachableIPv6 autobool option.
This option tells Tor that our IPv6 orport is reachable, and doesn't
need to be checked.

Closes the rest of 33224.
2020-06-24 15:25:34 -04:00
Nick Mathewson
6edf7f6710 Add two new networkstatus parameters to emulate AssumeReachable.
These parameters do not suppress checks, but they tell relays that
it's okay to publish even when those checks fail.

I have chosen lowercase hyphenated names, since these seem to be
more common in networkstatus params.

Closes #33224 and part of #34064.
2020-06-24 15:25:26 -04:00
Nick Mathewson
f9de0affd3 Rename router_should_skip_orport_reachability_check.
This was supposed to happen in #40012, but the command line was wrong.

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        router_should_skip_orport_reachability_check router_all_orports_seem_reachable
2020-06-24 15:25:17 -04:00
Nick Mathewson
5c5fb0fcca Move code into notify_after_networkstatus_changes().
The purpose of having this function was to inform other code that
the consensus has changed, so it should go there.
2020-06-24 15:25:12 -04:00
Nick Mathewson
93ccb3294b Make a bunch of networkstatus_t parameters constant.
This is part of refactoring our "notify the rest of the code that we
have a new consensus" code.
2020-06-24 15:25:07 -04:00
Nick Mathewson
366c695020 Add a control event for launching IPv6 ORPort checks. 2020-06-24 14:00:34 -04:00
David Goulet
86da0cfd36 Merge branch 'tor-github/pr/1945' 2020-06-24 13:51:51 -04:00
David Goulet
29a35d262c addr: Rename resolved_addr_is_local()
Better function name.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
59f5c3d263 addr: Refactor find_my_address() to simplify it
Instead of a complex if/else block, use a table of functions that have the
same interface and each of them attempt to find the address one after the
other.

Pointed out by nickm's during review.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
25a451bac7 addr: Set out parameters to NULL in resolve_addr.c
By doing this, a memory leak was found with "hostname_used" that could have
been overwritten by another function.

This commit changes that by making it a NULL string instead.

Found by nickm's review.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
5895aafe7e addr: Safeguard last resolved address index access
The last resolved address cache uses an index that is mapped to an address
family (AF_INET and AF_INET6).

This commit adds a conversion function from af to index and change the code to
use that all the time only.

In the process, this commit fixes a bug that the last resolved address
accessors were using the af value insted of the index.

Spotted by nickm during review

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
5f62ae2577 test: Modernize find_my_address() unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
b76325190b addr: Remove resolve_my_address_v4()
Replace it by find_my_address() everywhere. This changes many parts of the
code that uses it to use a tor_addr_t instead of a plain uint32_t for IPv4.

Many changes to the unit test to also use the new interface.

Part #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
2f3b4e3888 addr: Refactor is_local_addr() to support IPv6
Series of changes:

  1. Rename function to reflect the namespace of the file.

  2. Use the new last resolved cache instead of the unused
     last_resolved_addr_v4 (which is also removed in this commit).

  3. Make the entire code base use the new resolved_addr_is_local() function.

You will notice that this function uses /24 to differentiate subnets where the
rest of tor uses /16 (including documentation of EnforceDistinctSubnets).
Ticket #40009 has been opened for that.

But that the moment, the function keeps looking at /24.

Part of #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
7795dd7ef6 addr: Refactor last resolved address cache accessors
Series of things done in this commit:

  1. Rename the functions to better reflect the namespace of the file.

  2. Make both reset and get function to operate on the last_resolved_addrs
     cache that is per family.

  3. Make the get function to take a tor_addr_t.

  4. Change all callsite to use the new convention.

Part of #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
b8042c9d9a addr: Make resolve_my_address_v4() use find_my_address()
In order to transition smoothly, maek resolve_my_address_v4() call the new
fancy find_my_address() with AF_INET.

Next commits should remove the use of resolve_my_address_v4() accross the code
to use find_my_address().

This commit is so the unit tests would be more easily fixed and port to the
new find_my_address() internals.

Part of #33233.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
9e85056de9 addr: New find_my_address() to support multiple address families
resolve_my_address() was beyond repair in terms of refactoring. Way too
complex and doing too many things.

This commit implements find_my_address() which in theory does the same as
resolve_my_address() but in a more clean, concise and modern way using the
tor_addr_t interface and for multiple address family.

The caller needs to pass the address family (IPv4 or IPv6) which this
interface supports. For both, a last resolved cache is used as well.

Implements #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 13:51:37 -04:00
David Goulet
4af6e3b4dc Merge branch 'tor-github/pr/1947' 2020-06-24 13:49:03 -04:00
Nick Mathewson
fd3e0c561d Merge branch 'pr_1931_squashed' 2020-06-24 13:38:32 -04:00
Neel Chauhan
c3c7ef5125 Add routerset_contains_router() test 2020-06-24 13:38:27 -04:00
Neel Chauhan
0a3e6d81bb Make routerset_contains_router() support IPv6 2020-06-24 13:38:27 -04:00
Nick Mathewson
636cf9763a Replace router_should_skip_*() identifiers.
These identifiers are confusing and unreadable.  I think these
replacements should be better. Closes ticket #40012.

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        router_should_skip_orport_reachability_check_family router_orport_seems_reachable \
        router_should_skip_dirport_reachability_check router_dirport_seems_reachable \
        router_should_skip_dirport_reachability_check router_all_orports_seem_reachable
2020-06-24 13:25:49 -04:00
David Goulet
bc50f082bd Merge branch 'tor-github/pr/1944' 2020-06-24 10:48:14 -04:00
David Goulet
3adabaf3e9 tls: Make buf_read_from_tls() read at most bytes
The buf_read_from_tls() function was designed to read up to a certain number
of bytes a TLS socket using read_to_chunk_tls() which boils down to SSL_read()
(with OpenSSL, common case).

However, at the end of the loop, the returned number of bytes from
read_to_chunk_tls() was treated like the syscall read() for which if less
bytes than the total asked are returned, it signals EOF.

But, with SSL_read(), it returns up to a TLS record which can be less than
what was asked. The assumption that it was EOF was wrong which made the while
loop exiting before it was able to consume all requested bytes (at_most
parameter).

The general use case that Tor sees is that it will ask the network layer to
give it at most 16KB (that is roughly 32 cells) but because of KIST scheduler,
the highest possible TLS record we currently observe is 4096 bytes (4KB or 8
cells). Thus the loop would at best always return 8 cells even though much
more could be on the TLS socket. See ticket #40006 for more details.

Fixes #40006

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-24 10:47:53 -04:00
George Kadianakis
2eae59e475 Merge branch 'tor-github/pr/1939' 2020-06-24 17:22:53 +03:00
Neel Chauhan
1bd0494f8c Make summarize_protover_flags() handle NULL and empty string the same 2020-06-24 17:22:45 +03:00
David Goulet
2d91960540 Merge branch 'tor-github/pr/1942' 2020-06-24 07:44:41 -04:00
George Kadianakis
a3b573b392 Merge branch 'tor-github/pr/1943' 2020-06-23 20:31:44 +03:00
Mike Perry
220ed863ce Relocate CBT event to control_events.c
Needed to satisfy practracker.
2020-06-23 20:31:26 +03:00
Mike Perry
ad1f8b70b7 Mark state file dirty upon DROPTIMEOUTS command 2020-06-23 20:31:26 +03:00
George Kadianakis
68d848e244 Reinstate support for GUARD NEW/UP/DOWN control port events. 2020-06-23 19:48:37 +03:00
Nick Mathewson
65328fd4e7 Merge branch 'maint-0.4.4' 2020-06-23 12:29:47 -04:00
Nick Mathewson
318753f502 Merge branch 'ticket34382' into maint-0.4.4 2020-06-23 12:29:39 -04:00
Nick Mathewson
ac648fa307 Clarify logic in router_should_skip_orport_reachability_check_family()
The '!=' checks were confusing the issue of what the code was really
doing.
2020-06-23 11:24:20 -04:00
Nick Mathewson
b365179ee0 reachability_warnings_callback: simplify v4/v6_ok logic
Since "skip orport check" is the "and" of v4_ok and v6_ok, we can
just compute v4_ok and v6_ok once, to clarify that we don't enter
this block of code if they're both true.
2020-06-23 11:20:05 -04:00
David Goulet
d08d7e1535 addr: Rename last_resolved_addr to be v4 specific
Part of #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-23 09:25:36 -04:00
David Goulet
6da8c0b4fa addr: Rename resolve_my_address to be v4 specific
Part of #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-23 09:25:36 -04:00
David Goulet
47f9edde69 config: Change Address to be a LINELIST
With prop312, we want to support IPv4 and IPv6 thus multiple Address statement
(up to 2) will be accepted.

For this, "Address" option becomes a LINELIST so we can properly process the
IPv4 or/and IPv6.

Part of #33233

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-23 09:25:36 -04:00
David Goulet
d3bcbccab9 Merge branch 'maint-0.4.4' 2020-06-23 08:52:33 -04:00
David Goulet
5232315168 Merge branch 'tor-github/pr/1937' into maint-0.4.4 2020-06-23 08:52:16 -04:00
Nick Mathewson
ceddc39c59 Merge branch 'pr_1930_squashed' 2020-06-22 15:33:27 -04:00
Neel Chauhan
3bb955a02f Add circuit_extend_add_ipv(4/6)_helper() test 2020-06-22 15:33:03 -04:00
Neel Chauhan
48310a0e76 Fill in missing IPv6 addresses in extend cells 2020-06-22 15:33:03 -04:00
David Goulet
c55e633f74 kist: Document a magic value in channel_should_write_to_kernel()
Closes #40008

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-22 15:28:47 -04:00
David Goulet
033f804429 Merge branch 'maint-0.4.4' 2020-06-22 14:57:50 -04:00
Miguel Jacq
3d0e1c42d9 Consistently use 'address' in Invalid v3 address responses to ONION_CLIENT_AUTH commands 2020-06-22 14:56:07 -04:00
Nick Mathewson
bc9979a670 Split "can reach ipv4 orport" from "can reach ipv6 orport".
I've managed to keep this change mainly contained to our
self-testing module.  The changes here are:

  * There are two different variables for tracking "is our orport
    reachable".

  * We have a new function that says whether we can skip a single
    family's orport reachability test; the old function for this now
    tells whether we can skip _all_ orport reachability testing.

    (The name, router_should_skip_orport_reachability_test, is not
    so good.  I will rename it later if I can think of a good
    replacement.)

  * The function that launches orport reachability tests now only
    launches the ones that haven't completed.

  * The function that notes that we're reachable on an ORPort now
    takes a family.

  * Various log messages are cleaned up.
2020-06-18 16:05:16 -04:00
Neel Chauhan
caebfa5f6f Fix typo in test_build_update_descriptors() comment 2020-06-17 20:12:13 -07:00
Nick Mathewson
6c3897826a selftest: turn can_reach_{dir,or}_port into bools 2020-06-17 16:29:24 -04:00
Nick Mathewson
b67f7d722d Update the list of recommended protocol versions to match >=0.3.5.
Since Tor 0.2.9 has been unsupported since January, 0.3.5 is the
oldest supported version, and its features constitute the oldest
recommended feature-set.

This patch updates these recommendations:

   DirCache=2

      Support for consensus diffs.
      New in 0.3.1.1-alpha.

   HSDir=2

      Support for v3 onion service descriptors.
      New in 0.3.0.4-alpha.

   HSIntro=4

      Support for Ed25519 intropoint authentication keys.
      New in 0.3.0-4-alpha.

   HSRend=2

      Support for rendezvous cells longer than 20 bytes.
      New in 0.2.9.4-alpha.

   Link=5

      Link padding and link padding negotiation.
      New in 0.3.3.2-alpha.

   LinkAuth=3

       Ed25519 link authentication.
       New in 0.3.0.1-alpha.
2020-06-17 11:07:43 -04:00
Nick Mathewson
a82c0cdfcf Spelling fix: "RECCOMEND" => "RECOMMEND". 2020-06-17 10:37:47 -04:00
Nick Mathewson
93d582b8e9 Bump to 0.4.4.1-alpha-dev 2020-06-16 19:38:38 -04:00
Nick Mathewson
148291a52e Bump to 0.4.4.1-alpha 2020-06-15 16:45:18 -04:00
Nick Mathewson
9fdaede3f7 Remove AssumeReachable from TestingTorNetwork.
Closes ticket 34446.
2020-06-15 14:08:42 -04:00
David Goulet
8361e3c4ab core: Remove unused files
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-06-12 14:40:49 -04:00
George Kadianakis
3cb77a9cca Merge branch 'maint-0.4.4' 2020-06-11 17:29:54 +03:00
George Kadianakis
755b8252a4 Fix and update unittests.
Co-authored-by: Florentin Rochet <florentin.rochet@uclouvain.be>
2020-06-11 16:13:20 +03:00
George Kadianakis
714e235a3c Update functions that load and write the guard state file.
Co-authored-by: Florentin Rochet <florentin.rochet@uclouvain.be>
2020-06-11 16:13:13 +03:00
George Kadianakis
d2c3b6ea1e Pick guards on the order they were sampled (prop310).
Co-authored-by: Florentin Rochet <florentin.rochet@uclouvain.be>
2020-06-11 16:13:09 +03:00
Florentin Rochet
7bf0587ef1 Refactor some guard state file parsing code into functions.
Co-authored-by: Florentin Rochet <florentin.rochet@uclouvain.be>
2020-06-11 16:12:31 +03:00
George Kadianakis
1797d05165 Merge branch 'tor-github/pr/1925' 2020-06-10 15:37:59 +03:00
Mike Perry
1300e6a512 Bug 30992: Update tests 2020-06-10 15:37:44 +03:00
Mike Perry
0a4bc8fe90 Bug 30992: Track a padding machine ctr to reduce race issues.
This tracking of the instantiation count should eliminate race conditions due
to starting and stopping machines rapidly. Now, we should no longer obey
STOP commands for previous machines.
2020-06-10 15:37:44 +03:00
Nick Mathewson
354f085e5f Merge remote-tracking branch 'tor-github/pr/1888/head' 2020-06-09 15:44:58 -04:00
Nick Mathewson
d2f136aab1 Bump version to 0.4.5.0-alpha-dev 2020-06-09 14:14:43 -04:00
Mike Perry
9eb0eeb68e Update Trunnel for new machine_ctr field.
This field area was memset to 0 in old versions, which the code treats as
"match any machine instance", for backward compatibility without a protover
bump.
2020-06-08 18:05:34 -05:00
Mike Perry
6ec01c5f72 Provide a DROPTIMEOUTS command to drop CBT times
This allows us to reset CBT when we change guards in fixed-guards onionperf
instances (#33325 and children).
2020-06-07 22:16:25 -05:00
Nick Mathewson
1fb9be5396 Merge remote-tracking branch 'tor-github/pr/1902/head' 2020-06-05 10:08:27 -04:00
rl1987
3e4814edeb Fix some checks of tor_inet_ntoa() return value
Also, fix a format string.
2020-06-05 11:49:24 +03:00
Nick Mathewson
1e98d56617 sandbox: Do not require M_SYSCALL.
M_SYSCALL is used to report information about a sandbox violation,
but when we don't have a definition for it, it still makes sense to
compile.

Closes ticket 34382.
2020-06-04 12:08:02 -04:00
Nick Mathewson
2b98df3c74 Merge remote-tracking branch 'tor-github/pr/1910/head' 2020-06-04 10:33:36 -04:00
c
8b568b50a5
config: Styling fix + use fmt_addr()
Conform to C99 as suggested by nickm on #32888 and use fmt_addr() rather
than tor_addr_to_str_dup()
2020-06-04 13:15:27 +00:00
c
1934e399af
config: Add interface address debug logging
Add logging for "the local network interface addresses" as requested by
ticket #32888.
2020-06-03 14:42:53 +00:00
Nick Mathewson
b4ccafd175 remove a period from a doxygen heading
The other headings don't have periods.
2020-06-02 11:47:20 -04:00
George Kadianakis
6b05d447bb Merge branch 'tor-github/pr/1909' into maint-0.4.3 2020-06-02 14:05:33 +03:00
George Kadianakis
22a26a273e Merge branch 'tor-github/pr/1909' 2020-06-02 14:01:49 +03:00
c
7640a95602
config: Add IPv4 Address config debug logging
Per ticket #32888 this should address logging "the Address torrc
option", "and whether it is an IP address, or a DNS name"; or the
detected "local hostname", "and whether it is an IP address, or a DNS
name". Some of these details already seem to be logged, so just add
what's missing.
2020-06-01 13:02:21 +00:00
Roger Dingledine
39f2411b3f Preemptive circs should work with UseEntryGuards 0
Resume being willing to use preemptively-built circuits when
UseEntryGuards is set to 0. We accidentally disabled this feature with
that config setting (in our fix for #24469), leading to slower load times.

Fixes bug 34303; bugfix on 0.3.3.2-alpha.
2020-05-30 02:20:48 -04:00
David Goulet
5922087ea8 Merge branch 'tor-github/pr/1901' 2020-05-28 09:52:29 -04:00
George Kadianakis
6891d1bbcb Merge branch 'tor-github/pr/1792' into maint-0.4.3 2020-05-28 12:25:57 +03:00
David Goulet
1810771799 hs-v3: Improve accessor semantic of client cached object
Add an inline helper function that indicates if the cached object contains a
decrypted descriptor or not.

The descriptor object is NULL if tor is unable to decrypt it (lacking client
authorization) and some actions need to be done only when we have a decrypted
object.

This improves code semantic.

Fixes #33458

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-05-28 12:25:42 +03:00
George Kadianakis
8d8a9d7f1d Merge branch 'tor-github/pr/1898' 2020-05-27 15:17:55 +03:00
Neel Chauhan
fd5ea48c27 Add HS v3 status to the SIGUSR1 dumpstats() 2020-05-27 15:16:39 +03:00
Nick Mathewson
43f4324e29 Merge remote-tracking branch 'tor-github/pr/1899/head' 2020-05-21 10:08:48 -04:00
George Kadianakis
3121e5c103 Merge branch 'tor-github/pr/1850' 2020-05-21 16:24:32 +03:00
George Kadianakis
fb281daf29 Merge branch 'tor-github/pr/1861' 2020-05-21 16:22:47 +03:00
rl1987
7a004fce8d Tweak format string 2020-05-21 14:26:08 +03:00
rl1987
a5d28bf88f Check for NULL from tor_dup_ip() 2020-05-21 14:17:15 +03:00
rl1987
ded99992b8 Bail out of format_networkstatus_vote if fmt_addr32() failed.
Something is fishy if we cannot put IP address string into dir-vote line.
2020-05-21 13:43:45 +03:00
rl1987
38cbfda119 Actually, bail out of routerstatus_format_entry() if fmt_addr32() fails 2020-05-21 13:43:41 +03:00
rl1987
8ab7e30484 Check that fmt_addr32() returned non-empty string before putting it into documents 2020-05-21 13:41:19 +03:00
rl1987
d8e24684b6 Check for possible failures of tor_inet_ntop/tor_inet_ntoa in fmt_addr32 and tor_dup_ip 2020-05-21 13:41:15 +03:00
rl1987
b5bfdbfd41 Check output value of tor_inet_ntop/tor_inet_ntoa in dns.c 2020-05-21 13:41:11 +03:00