Commit Graph

26131 Commits

Author SHA1 Message Date
George Kadianakis
baee2feddd Fix an enum comparison that was blowing up jenkins.
The warning was:
    11:23:10 ../tor/src/feature/hs/hs_service.c: In function 'log_cant_upload_desc':
    11:23:10 ../tor/src/feature/hs/hs_service.c:3118:3: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
See #34254 for more info.

I guess this means that gcc assigned an unsigned type to the
`log_desc_upload_reason_t` enum and it warned if we compared it against 0...

For now I think it's simpler to remove that check instead of turning the enum
to a signed type, or trying to hack it some other way.

From what it seems, enum is up to the compiler on whether it's signed/unsigned:
     https://stackoverflow.com/questions/159034/are-c-enums-signed-or-unsigned
2020-05-21 13:39:49 +03:00
Damon Harris
c4fb3bfed5 Add support for console control signals in Windows 2020-05-20 23:28:39 +05:30
David Goulet
ca13249dcc Merge branch 'tor-github/pr/1886' 2020-05-19 15:18:17 -04:00
David Goulet
ee0fb69fee Merge branch 'tor-github/pr/1897' 2020-05-19 15:17:08 -04:00
David Goulet
5d99985e43 Merge branch 'tor-github/pr/1894' 2020-05-19 15:14:38 -04:00
Nick Mathewson
400bc46d83 doxygen: add a link to src-ref on mainpage.md.
Closes 34246.
2020-05-19 09:44:36 -04:00
Nick Mathewson
9b55a62e73 Merge branch 'maint-0.4.3' 2020-05-19 09:39:12 -04:00
Nick Mathewson
68fe8826dd Doxygen: fix unbalanced groups.
Closes ticket 34255.
2020-05-19 09:18:39 -04:00
teor
8fbcc055e5 node: Clean up some outdated comments
Part of 34200.
2020-05-18 21:53:52 +10:00
teor
73ace125a9 routerlist: Choose bridges for direct bridge connections
When counting and choosing nodes on a client that uses bridges, only
choose bridges for direct connections.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
e46c3d95f4 circuitbuild: Do node checks when counting nodes
Use the node check function to check that there are enough nodes to
select a circuit path.

Adds these checks, which are implied by other code:
* supports EXTEND2 cells,
* does not allow single-hop exits,

Adds these extra checks:
* has a general-purpose routerinfo,
* if it is a direct connection, check reachable addresses.
These checks reduce the node count, but they will never under-count
nodes.

Bridge nodes aren't handled correctly, we'll fix that in the next
commit.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
766fc86df4 circuitbuild: Do node checks when choosing exits
And check that the correct flags are passed when choosing exits.

Adds the following checks for exits:
* must support EXTEND2 cells,
* must have an ntor circuit crypto key,
* can't require the guard flag,
* can't be a direct connection.

All these checks are already implied by other code.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
38c72400b7 routerlist: Split the node checks into their own function
Split the node choosing checks into their own function, so we can call
it independently of iterating through the nodelist.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
a3244c03fb nodelist: Replace int with bool
Make some interfaces and implementations consistent by replacing int
with bool.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
3f7f976d48 nodelist: Stop recursing in router_choose_random_node()
Instead, call out to a helper function, repeating the call if needed.

Avoids duplicating exclusions for:
  * the current relay's family, and
  * any exclusions specified by the caller.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
2ea1692c20 nodelist: Rewrite router_crn_flags_t
Re-order the flags in a logical order, and re-number them.
Add missing comments, fix comment typos.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
48413dc65f nodelist: Remove the unused CRN_WEIGHT_FOR_EXIT flag
Part of 34200.
2020-05-18 21:53:52 +10:00
teor
1ec604f0f9 nodelist: Move node flag checks
Move node flag checks to router_add_running_nodes_to_smartlist(), where
they are actually used.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
280195f414 nodelist: Move the v3 onion service rendezvous check
And delete a loop that is now empty. This change should improve tor's
performance, because we no longer iterate through the nodelist twice for
every node in every circuit path.

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
ce11e3bf69 nodelist: Move the single-hop exit check
Check for single-hop exits in router_add_running_nodes_to_smartlist(),
rather than router_choose_random_node().

Part of 34200.
2020-05-18 21:53:52 +10:00
teor
4bcec38fce test/protover: Add debug logs to some tests
Part of 33222.
2020-05-18 21:51:31 +10:00
teor
3efe53562f rust/protover: Fix protocol version support error handling
Make Rust protocol version support checks consistent with the
undocumented error behaviour of the corresponding C code.

Fixes bug 34251; bugfix on 0.3.3.5-rc.
2020-05-18 21:50:35 +10:00
teor
f05c144d7c rust: declare HSIntro=5
Declare support for the onion service introduction point denial of
service extensions, when building tor with Rust.

Fixes bug 34248; bugfix on 0.4.2.1-alpha.
2020-05-18 20:16:11 +10:00
Neel Chauhan
087b466fcf Declare variables in for loops in rend_service_dump_stats() 2020-05-17 15:19:39 -07:00
teor
c6bcc92c17 test/protover: Add tests for summarize flags
Part of 33222.
2020-05-17 22:51:43 +10:00
Neel Chauhan
32e791be09 Fix spacing in if statement in tor_version_parse() 2020-05-16 22:26:30 -07:00
Neel Chauhan
2e0d0360cd Fix spacing in if statement in port_parse_config() 2020-05-16 22:23:59 -07:00
teor
277baf676b versions: Improve the protover summary comments
Part of 33222.
2020-05-15 23:34:43 +10:00
Nick Mathewson
c0dd2a6e39 bump to 0.4.3.5-dev 2020-05-15 09:02:12 -04:00
teor
a702e92c82 protover: Add defines for recent protocol versions
Also update the protover/supported_protocols test.

Part of 33226.
2020-05-15 14:59:10 +10:00
teor
c39394afa2 test/circuitbuild: Tests for node selection flags
Part of 33222.
2020-05-15 12:22:34 +10:00
Nick Mathewson
75fc33f337 bump to 0.4.3.5 2020-05-14 10:37:42 -04:00
teor
5f577b0f25 circuitbuild: Refactor IPv6 extend node selection
Move this complex check into its own function.

Part of 33222.
2020-05-14 22:06:14 +10:00
teor
2e41d82cc5 circuitbuild: Refactor build state node selection flags
Move common build state to node selection flags conversion code into its
own function.

Part of 33222.
2020-05-14 22:05:46 +10:00
teor
6a0fdf381d circuitbuild: test relays sending IPv6 extend cells
Add tests for relays sending IPv6 extend cells in
circuit_send_next_onion_skin().

Clients also use this code, check that they can only extend over IPv4
(for now).

Part of 33222.
2020-05-14 21:15:16 +10:00
teor
d41d13ea73 test: Move the origin circuit function to test helpers
Part of 33222.
2020-05-14 10:44:56 +10:00
teor
9949b545c8 test/circuitstats: Refactor common code
Refactor common circuitstats test code into its own function.

Part of 33222.
2020-05-14 10:38:09 +10:00
teor
e9c9e171ae test/circuitstats: Fix a bunch of coding style issues
Part of 33222.
2020-05-14 10:23:14 +10:00
teor
115a453f04 test/circuitbuild: Add a test for origin_circuit_init()
Part of 33222.
2020-05-13 20:06:27 +10:00
Nick Mathewson
1557e73c82 Merge branch 'bug34130_035' 2020-05-12 12:58:19 -04:00
Daniel Pinto
2913dbd6d9 Fix crash when tor is compiled with NSS and seccomp sandbox is enabled
Adds seccomp rules for socket and getpeername used by NSS
2020-05-12 12:56:06 -04:00
teor
8829d2d644 nodelist: Fix a comment and a log message 2020-05-11 17:01:49 +10:00
teor
1c1faf586a routerlist: Choose nodes that can initiate IPv6 extends
Part of 33226.
2020-05-11 17:00:25 +10:00
teor
9e7f51e469 circuit: Add flags for IPv6 extends
But don't implement the actual node selection yet.

Part of 33226.
2020-05-11 16:54:01 +10:00
teor
c7f085d9bd protover: Add node functions for IPv6 extend support
Part of 33226.
2020-05-11 14:39:42 +10:00
teor
51f32140b4 protover: Sort version flags by their underlying protocols
Also fix some comment typos, mainly ">=" when the code says "=".

Part of 33226.
2020-05-11 12:24:06 +10:00
teor
e787e521af protover: Declare support for Relay=3
Declare support for the new Relay=3 IPv6 extend protocol,
in C and Rust.

Part of 33226.
2020-05-11 11:08:20 +10:00
Daniel Pinto
cce16a939c Improve logging of included config files 2020-05-08 01:10:59 +01:00
Nick Mathewson
b7a165228f Merge remote-tracking branch 'tor-github/pr/1880/head' 2020-05-07 08:19:11 -04:00
teor
492c512af4 relay: Improve docs on inform_testing_reachability()
Document race conditions that we'll resolve in 34067 and 34137.

Part of 33222.
2020-05-07 22:06:13 +10:00
teor
504b16fb75 relay: Rewrite inform_testing_reachability()
Rewrite inform_testing_reachability() to use separate buffers for IPv4
ORPort, IPv6 ORPort, and IPv4 DirPort. And use consistent APIs to fill
those buffers.

Part of 33222.
2020-05-07 20:59:10 +10:00
teor
e887887cd3 relay: Clarify a comment in selftest.c 2020-05-07 20:57:14 +10:00
Neel Chauhan
0daa1da3ba Define and use TOR_ADDRPORT_BUF_LEN 2020-05-07 20:38:25 +10:00
teor
c76f310fe7 routerinfo: Make router_get_orport() return an error status
Part of 33222.
2020-05-07 20:25:36 +10:00
teor
e1eecac888 Replace several C identifiers.
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        client_or_conn_should_skip_reachable_address_check router_or_conn_should_skip_reachable_address_check \
        client_dir_conn_should_skip_reachable_address_check router_dir_conn_should_skip_reachable_address_check
2020-05-07 20:17:57 +10:00
teor
74902c8aca Wrap long lines 2020-05-07 20:16:56 +10:00
teor
05c56ae455 Replace several C identifiers.
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        router_skip_orport_reachability_check router_should_skip_orport_reachability_check \
        router_skip_dirport_reachability_check router_should_skip_dirport_reachability_check \
        router_connect_assume_or_reachable client_or_conn_should_skip_reachable_address_check \
        router_connect_assume_dir_reachable client_dir_conn_should_skip_reachable_address_check

It was generated with --no-verify, so it probably breaks some commit hooks.
The commiter should be sure to fix them up in a subsequent commit.
2020-05-07 20:07:13 +10:00
Nick Mathewson
3a785dd5be Merge branch 'maint-0.4.3' 2020-05-06 17:17:19 -04:00
Nick Mathewson
b444096be5 Fix a boolean logic error when logging about invalid hostnames.
Fixes bug 34131; bugfix on 0.4.3.1-alpha.
2020-05-06 17:15:37 -04:00
Nick Mathewson
b7fcbb28d4 connection_or_finished_flushing(): add a missing "break;"
This one is harmless like the others (so far)
2020-05-06 17:09:27 -04:00
Nick Mathewson
e8fdba198e Merge branch 'maint-0.4.2' into maint-0.4.3 2020-05-06 17:07:47 -04:00
Nick Mathewson
b16c1e4cf6 Merge branch 'maint-0.4.1' into maint-0.4.2 2020-05-06 17:07:27 -04:00
Nick Mathewson
d41f1cd3ed btrack_orconn_cevent.c: Add a missing "break;" 2020-05-06 17:07:12 -04:00
Nick Mathewson
4a2347d290 Merge branch 'maint-0.4.3'
Amazingly, this time we had no merge conflicts with "falls through" comments.
2020-05-06 16:55:41 -04:00
Nick Mathewson
c116728209 Use __attribute__((fallthrough)) rather than magic GCC comments.
GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;

(In order to avoid conflicts, I'm applying this script separately to
each maint branch. This is the 0.4.3 version.)
2020-05-06 16:55:25 -04:00
Nick Mathewson
28ac17f433 Use __attribute__((fallthrough)) rather than magic GCC comments.
GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;

(In order to avoid conflicts, I'm applying this script separately to
each maint branch. This is the 0.4.2 version.)
2020-05-06 16:53:40 -04:00
Nick Mathewson
79ff2b6aab Use __attribute__((fallthrough)) rather than magic GCC comments.
GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;

(In order to avoid conflicts, I'm applying this script separately to
each maint branch. This is the 0.4.1 version.)
2020-05-06 16:52:03 -04:00
Nick Mathewson
cc397449fc Use __attribute__((fallthrough)) rather than magic GCC comments.
GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
2020-05-06 16:51:11 -04:00
Nick Mathewson
42246f8c9a Merge branch 'maint-0.4.3' 2020-05-06 16:50:21 -04:00
Nick Mathewson
2cd1c07658 hs_dos.c: rewrite a comment not to say "fallthrough"
There's nothing wrong with the comment, but the script I'm about to
apply wouldn't like it.
2020-05-06 16:49:57 -04:00
Nick Mathewson
d04b708b4b Merge branch 'maint-0.4.1' into maint-0.4.2 2020-05-06 16:47:03 -04:00
Nick Mathewson
82effefb69 Merge branch 'maint-0.4.3' 2020-05-06 16:47:03 -04:00
Nick Mathewson
fecc5fd38d Merge branch 'maint-0.4.2' into maint-0.4.3 2020-05-06 16:47:03 -04:00
Nick Mathewson
3e42464f5a Merge branch 'bug34078_prelim_035' into bug34078_prelim_041 2020-05-06 15:18:36 -04:00
Nick Mathewson
3d3641152b Remove an incorrect "Fall through" comment. 2020-05-06 15:08:02 -04:00
Nick Mathewson
8798c0a94a address.c: add a single (harmless) missing break; 2020-05-06 15:08:02 -04:00
Nick Mathewson
37b8324ed3 include compat_compiler for ed25519_donna 2020-05-06 15:08:02 -04:00
Nick Mathewson
9fe23b8672 Replace some "fall through" comments not at the end of a case. 2020-05-06 15:08:02 -04:00
Nick Mathewson
75547c01a3 Replace a "fall through" comment that was outside a switch. 2020-05-06 15:08:02 -04:00
Nick Mathewson
6c3c94357c Add a fallthrough macro.
This macro defers to __attribute__((fallthrough)) on GCC (and
clang).  Previously we had been using GCC's magic /* fallthrough */
comments, but clang very sensibly doesn't accept those.

Since not all compiler recognize it, we only define it when our
configure script detects that it works.

Part of a fix for 34078.
2020-05-06 15:08:02 -04:00
David Goulet
c81c5a2646 relay: Rename relay_resolve_addr.{c|h} file
New name is more accurate semantically.

Closes #33789

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-05-05 15:34:58 -04:00
Alex Xu (Hello71)
42dfcd0ae3 core/or: Lift slow call out of loop, #33977 2020-05-05 15:07:42 -04:00
David Goulet
a25f167072 config: New file resolve_addr.{c|h}
Move a series of function from config.c into that new file which is related to
address resolving.

Part of #33789

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-05-05 14:24:04 -04:00
David Goulet
445df9e7b5 relay: New file relay_resolve_addr.{c|h}
This commit moves router_pick_published_address() and the related helper
functions into the new file.

The log_addr_has_changed() function has been made public in router.h so we can
use it in relay_resolve_addr.c.

This is a refactoring as part of Sponsor 55. Only code movement at this
commit.

Part of #33789

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-05-05 14:24:04 -04:00
Nick Mathewson
f96b6ccee1 Merge branch 'maint-0.4.3' 2020-05-04 10:25:53 -04:00
Nick Mathewson
bbfc498e21 Merge branch 'maint-0.4.1' into maint-0.4.2 2020-05-04 10:25:52 -04:00
Nick Mathewson
b1c383e3e6 Fix a GCC 10.0.1 compilation error.
Do not try to stuff "HS_DESC_DECODE_GENERIC_ERROR" (-1) into a
socks5_reply_status_t (enum).  It doesn't actually make sense, and
isn't one of our documented extensions.

(This can only happen on a nonfatal assertion that we haven't seen,
so it probably isn't happening in practice.)

Fixes another case of bug 34077; bugfix on 0.4.3.1-alpha.
2020-04-30 23:04:56 -04:00
Nick Mathewson
6aaee6133d Merge branch 'bug34077_042' into bug34077_043 2020-04-30 23:01:58 -04:00
Nick Mathewson
b4b1882da0 Merge branch 'bug34077_041' into bug34077_042 2020-04-30 22:59:08 -04:00
Nick Mathewson
d7e166bd95 Fix a GCC 10.0.1 compilation warning.
Fixes 34077 for 0.4.1; bugfix on 0.4.0.3-alpha. (Specifically, GCC
first gives this warning for 9eeff921ae)
2020-04-30 22:56:31 -04:00
teor
4a36dfebee circuitbuild: Allow relays to send IPv6 extend cells
Allow relays and bridges to send IPv4 or IPv6 extend cells.
But keep restricting clients to IPv4 extend cells, because sending IPv6
extend cells would be an obvious version distinguisher.

Part of 33222.
2020-04-30 23:27:48 +10:00
teor
4969dee102 relay: Update some self-test comments for IPv6
Part of 33222.
2020-04-30 23:27:38 +10:00
teor
aade9f31e7 relay: Log IPv4 and IPv6 ORPorts when testing reachability
When a relay starts testing reachability, log its IPv6 ORPort.
The existing code logs the IPv4 ORPort and DirPort.

The IPv4 ORPort is required. The other ports are only logged if they
are present.

Part of 33222.
2020-04-30 23:27:27 +10:00
teor
2a0e48385d relay: Launch IPv4 and IPv6 ORPort self-test circuits
When launching relay ORPort reachability self-tests, launch tests to the
IPv4 and IPv6 ORPorts (if available).

Part of 33222.
2020-04-30 23:27:13 +10:00
teor
01d940e71b relay: Refactor dirport self-test circuit launch
Remove some redundant variables, and improve some comments.

Explain that there are no advertised IPv6 DirPorts.

Part of 33222.
2020-04-30 23:26:58 +10:00
teor
a250dd6042 relay: Refactor reachability circuit launches
Split OR and Dir reachability circuits into their own functions.

Part of 33222.
2020-04-30 23:26:45 +10:00
teor
900994e46a relay: Remove unused DirPort self-test code
DIRIND_ANON_DIRPORT never uses our ORPort, so we don't need to set it in
the directory request.

Part of 33222.
2020-04-30 23:26:35 +10:00
teor
18174fb82f relay: Add an address family to self-test launches
Add an address family argument to the functions that launch relay ORPort
self-test circuits.

Part of 33222.
2020-04-30 23:26:31 +10:00
teor
6dc9930d3a
Merge branch 'pr1870_squashed' 2020-04-30 22:22:09 +10:00
Neel Chauhan
7bf257b129
Define and use TOR_ADDRPORT_BUF_LEN 2020-04-30 22:21:48 +10:00
teor
42e765efad relay: Minor selftest comment updates
Part of 33222.
2020-04-30 15:58:59 +10:00
teor
d1c52e585b relay: Wrap long lines
Part of 33222.
2020-04-30 15:58:59 +10:00
teor
c5ee3d7eb8 relay: Clarify reachability status check functions
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        check_whether_orport_reachable router_skip_orport_reachability_check \
        check_whether_dirport_reachable router_skip_dirport_reachability_check

It was generated with --no-verify, so it probably breaks some commit hooks.
The commiter should be sure to fix them up in a subsequent commit.

Part of 33222.
2020-04-30 15:58:37 +10:00
teor
c32a8243cb nodelist: Wrap long lines, and improve comments
Part of 33222.
2020-04-30 15:12:35 +10:00
teor
caab67d0c2 nodelist: Distinguish client and relay reachability
Change some function names to distinguish between:
* client first hop reachability (ReachableAddresses)
* relay port reachability self-tests

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        router_skip_or_reachability router_connect_assume_or_reachable \
        router_skip_dir_reachability router_connect_assume_dir_reachable

It was generated with --no-verify, so it probably breaks some commit hooks.
The commiter should be sure to fix them up in a subsequent commit.

Part of 33222.
2020-04-30 15:12:27 +10:00
teor
3eca667ae4
relay: Fix a comment typo in the selftest.c header 2020-04-30 13:54:40 +10:00
Nick Mathewson
49800cf539 Merge remote-tracking branch 'tor-github/pr/1864/head' 2020-04-29 19:16:40 -04:00
teor
15a4180a7e relay: Refactor can extend over IPv6 checks
Split "can extend over IPv6" and "has advertised IPv6 ORPort" into
separate functions. They currently have the same result, but this may
change in 33818 with ExtendAllowIPv6Addresses.

Part of 33817.
2020-04-30 06:54:42 +10:00
teor
066d2deb3d channel: Refactor matches target address function
Refactor channel_matches_target_addr_for_extend() to return a boolean
result.

Part of 33817.
2020-04-30 06:54:42 +10:00
teor
496ddd2877 relay: Refactor extend address validity function
Rename the function, and give it a boolean return value.

No behaviour change.

Part of 33817.
2020-04-30 06:54:42 +10:00
teor
cd7e2fc210 net: Make all address bytes functions take uint8_t *
Part of 33817.
2020-04-30 06:54:42 +10:00
teor
f62b051e87 Rename tor_addr_get_ipv6_bytes to tor_addr_copy_ipv6_bytes
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        tor_addr_get_ipv6_bytes tor_addr_copy_ipv6_bytes
2020-04-30 05:54:39 +10:00
teor
bcec1ec071 relay: Refactor choosing extend IPs
Flatten the logic in circuit_choose_ip_ap_for_extend().

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
df5ea29775 relay: Add tests for choosing extend IPs
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
9a6186c267 relay: Refactor circuit_open_connection_for_extend()
Refactor circuit_open_connection_for_extend(), splitting out the IP
address choice code into a new function.

Adds unit tests. No behaviour changes in tor.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
cab05a84cd relay: Add IP version tests for circuit extends
Add IPv4-only and IPv6-only tests for
circuit_open_connection_for_extend().

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
c3e058dfac relay: Choose between IPv4 and IPv6 extends at random
When an EXTEND2 cell has an IPv4 and an IPv6 address, choose one of them
uniformly at random.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
a0b12f3cd4 relay/circuitbuild: Refactor open connection for extend
Re-use the newly created extend_info to launch the connection in
circuit_open_connection_for_extend().

No behaviour change.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
063505446f test/circuitbuild: Disable some tests when ALL_BUGS_ARE_FATAL
Some tests use IF_BUG_ONCE(), which is fatal when ALL_BUGS_ARE_FATAL,
after the fixes in 33917.

Also run "make autostyle" on these changes.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
6c458d2d6e log/util_bug: Make IF_BUG_ONCE() support ALL_BUGS_ARE_FATAL
... and DISABLE_ASSERTS_IN_UNIT_TESTS.

Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL and
DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes.

Implements these modes for IF_BUG_ONCE(). (It used to log a non-fatal
warning, regardless of the debugging mode.)

Fixes bug 33917; bugfix on 0.2.9.1-alpha.
2020-04-29 22:43:09 +10:00
teor
16f3f6a1af relay/circuitbuild: Re-use IPv6 connections for circuits
Search for existing connections using the remote IPv4 and IPv6
addresses.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
ec5f4f3c5a relay/circuitbuild: Report IPv6 addresses in a debug log
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
f8f688b309 channel: Make channel_matches_target_addr_for_extend() static
It isn't used outside channel.c.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
bad1181b5d relay/circuitbuild: Consider IPv6-only extends valid
Allow extend cells with IPv6-only link specifiers.
Warn and fail if both IPv4 and IPv6 are invalid.

Also warn if the IPv4 or IPv6 addresses are unexpectedly internal,
but continue with the valid address.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
7cef02ec1f test/circuitbuild: Show bad addresses in some logs
Disable SafeLogging for some extend tests, so we can check the actual
addresses.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
44f71e08c4 relay: Log the address in circuit protocol warnings
Always log the address family in extend protocol warnings.

If SafeLogging is 0, also log the address and port.

Diagnostics for 33817.
2020-04-29 22:43:09 +10:00
teor
a72e017e7f net: Add fmt_addrport_ap() and fmt_addr_family()
Add fmt_addrport_ap(), a macro that takes a tor_addr_port_t, and uses
it to call fmt_addrport().

Add fmt_addr_family(), a function that returns a string constant
describing the address family.

Utility functions for 33817.
2020-04-29 22:43:09 +10:00
teor
e9d04b05c6 net: Remove an extra space in address.h 2020-04-29 22:43:09 +10:00
teor
ffc2fd001a relay: Refactor address checks into a function
No behaviour change.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
07c008c672 relay: Refactor address and port checks
tor_addr_port_is_valid_ap(ap, 0) checks if the address or port are
zero, exactly like the previous code.

Preparation for 33817.
2020-04-29 22:43:09 +10:00
teor
587a7fbcf6 core/or: Check extends for zero addresses and ports
Check for invalid zero IPv4 addresses and ports, when sending and
receiving extend cells.

Fixes bug 33900; bugfix on 0.2.4.8-alpha.
2020-04-29 22:43:09 +10:00
teor
f6c8a8c538 test/cell_formats: Expand the IPv6-only EXTEND2 test
Part of 33901.
2020-04-29 22:43:09 +10:00
teor
bd6ab90ad4 core/or: Support IPv6 EXTEND2 cells
Allow clients and relays to send dual-stack and IPv6-only EXTEND2 cells.
Parse dual-stack and IPv6-only EXTEND2 cells on relays.

Relays do not make connections or extend circuits via IPv6: that's the
next step.

Closes ticket 33901.
2020-04-29 22:43:09 +10:00
Nick Mathewson
cbe9e56590 Merge remote-tracking branch 'tor-github/pr/1868/head' 2020-04-29 08:32:44 -04:00
teor
3253c357ee
Run "make autostyle" 2020-04-29 22:08:33 +10:00
teor
6eec43161a
rand: Clarify the crypto_rand_uint() range 2020-04-29 21:50:37 +10:00
teor
398e0e0247
nodelist: Remove an outdated comment
Part of 33817.
2020-04-29 21:50:26 +10:00
teor
7517e1b5d3
channeltls: Clarify a relay impersonation defence
Clarify the comments in channel_tls_matches_target_method(), and make
it clear that the attack is a covert attack.
2020-04-28 21:11:10 +10:00
Nick Mathewson
4dd4dbf046 Merge remote-tracking branch 'onionk/inbufoverflow1-043' into ticket33131_044 2020-04-24 08:15:53 -04:00
Nick Mathewson
7f9eaec538 Merge remote-tracking branch 'tor-github/pr/1862/head' 2020-04-24 08:14:59 -04:00
Nick Mathewson
b2849f449b Merge branch 'maint-0.4.3' 2020-04-21 12:22:37 -04:00
teor
42507429ce channeltls: Stop truncating IPv6 in logs
Stop truncating IPv6 addresses and ports in channel and connection logs.

Fixes bug 33918; bugfix on 0.2.4.4-alpha.
2020-04-21 12:22:30 -04:00
teor
e3b1e617ae
test/channel: Fix a comment typo 2020-04-15 19:45:56 +10:00
Nick Mathewson
77e65076ab Merge remote-tracking branch 'tor-github/pr/1860/head' 2020-04-14 11:52:00 -04:00
teor
a2daca594b
core/or: Update file comment in connection_or.c
Fix a typo, and say "v3 (and later) handshake".

Comment-only change.
2020-04-14 14:55:37 +10:00
teor
8c55d34e0a core/or: Accurately log remote relay IPv6 addresses
Log IPv6 addresses on connections where this relay is the responder.

Previously, responding relays would replace the remote IPv6 address with
the IPv4 address from the consensus.

(The port is replaced with the IPv6 ORPort from the consensus, we will
resolve this issue in 33898.)

Fixes bug 33899; bugfix on 0.3.1.1-alpha.
2020-04-14 12:21:49 +10:00
teor
41fa07f751 core/or: Allow IPv6 connections to be canonical
Consider IPv6 addresses when checking if a connection is canonical.

In 17604, relays assumed that a remote relay could consider an IPv6
connection canonical, but did not set the canonical flag on their side
of the connection.

Fixes bug 33899; bugfix on 0.3.1.1-alpha.
2020-04-14 12:16:48 +10:00
teor
ab8ff32bec core/or: Remove unused function prototype
Remove the unused function prototype for connection_or_get_for_extend().

There is no function implementation.

Part of 33817.
2020-04-14 10:37:20 +10:00
Nick Mathewson
2e80d7f193 bump to 0.4.3.4-rc-dev 2020-04-13 17:02:20 -04:00
Nick Mathewson
e22a8d9c95 Merge branch 'maint-0.4.3' 2020-04-13 14:14:41 -04:00
Nick Mathewson
55cb6c3fcd Merge branch 'bug33545_043_squashed' into maint-0.4.3 2020-04-13 14:13:44 -04:00
George Kadianakis
f2f718bca5 hs-v3: Change all-zeroes hard-assert to a BUG-and-err.
And also disallow all-zeroes keys from the filesystem; add a test for it too.
2020-04-13 14:13:33 -04:00
George Kadianakis
37bcc9f3d2 hs-v3: Don't allow registration of an all-zeroes client auth key.
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().

We fixed that by making sure that an all-zeroes client auth key will not be
used.

There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
2020-04-13 14:13:33 -04:00
Neel Chauhan
8e59b8560a Return a descriptive error for 'GETINFO status/fresh-relay-descs' 2020-04-12 13:13:50 -07:00
Neel Chauhan
a638514783 Fix typo in router_build_fresh_unsigned_routerinfo() comment 2020-04-12 12:43:21 -07:00
Nick Mathewson
80031db32a Merge remote-tracking branch 'tor-github/pr/1801/head' 2020-04-09 11:50:20 -04:00
Nick Mathewson
bfea7a7326 bump to 0.4.3.4-rc 2020-04-09 08:38:41 -04:00
Nick Mathewson
25729910af Merge branch 'maint-0.4.3' 2020-04-09 08:33:36 -04:00
Nick Mathewson
c4da0a5094 Add fsync to list of syscalls permitted by sandbox
(Our fix for 33087 requires this, I believe.)
2020-04-09 08:33:19 -04:00
Nick Mathewson
c2aea6134a Merge remote-tracking branch 'tor-github/pr/1723/head' into maint-0.4.3 2020-04-09 08:30:14 -04:00
Nick Mathewson
29693b83bc Make sure that we free 'addr' at the end of a pair of addr tests
Fixes a couple of Coverity warnings about possible memory leaks.
Bug not in any released Tor.
2020-04-09 07:54:23 -04:00
David Goulet
cca9e1c803 hs-v3: Several fixes after #32542 review
asn: Accidentally left this commit out when merging #32542, so cherry-picking
it now.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-09 13:59:18 +03:00
teor
f6efb3a184
Merge branch 'pr1854_squashed' into maint-0.4.3
Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6).
2020-04-09 11:05:59 +10:00
David Goulet
cd2121a126
client: Revert setting PreferIPv6 on by default
This change broke torsocks that by default is expecting an IPv4 for hostname
resolution because it can't ask tor for a specific IP version with the SOCKS5
extension.

PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that
was expecting an IPv4.

Torsocks is probably a very unique case because the runtime flow is that it
hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back
for the connect() to happen.

The libc has DNS resolution functions that allows the caller to request a
specific INET family but torsocks can't tell tor to resolve the hostname only
to an IPv4 or IPv6 and thus by default fallsback to IPv4.

Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x
series in the hope that we add this SOCKS5 extension to tor for DNS resolution
and then change torsocks to use that.

Fixes #33804

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-09 11:05:32 +10:00
teor
2d6f00e45b
Merge branch 'maint-0.4.2' into maint-0.4.3 2020-04-09 11:03:34 +10:00
teor
2d7e08d57e
Merge branch 'maint-0.4.1' into maint-0.4.2 2020-04-09 11:03:27 +10:00
teor
987f2fa50a
Merge branch 'maint-0.3.5' into maint-0.4.1 2020-04-09 11:03:20 +10:00
teor
d380acaeca
Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 2020-04-09 11:02:49 +10:00
teor
cb262930f5 relay: Run "make autostyle"
But only take the changes from the relay module.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
00a45a900e test/circuitbuild: Add a test for onionskin_answer()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
d79e5d52bc relay/circuitbuild: Refactor circuit_extend()
Make the "else" case explicit at the end of the function.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
6d75f3244f test/circuitbuild: Add tests for circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2b66429fcf core/or: Make some functions mockable
Preparation for testing circuit_extend().

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
8f3cbe755b channel: Rewrite the channel_get_for_extend() comments
Explain what the function does now.
Fix some typos.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
7bc3413322 test/circuitbuild: Add tests for open_connection_for_extend
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
42fdbbb50b circuitbuild: Make some functions mockable
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
46980d767d test/circuitbuild: Add tests for extend_lspec_valid
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
327688b968 test/circuitbuild: Make some tests fork
Since we're testing IF_BUG_ONCE(), we need to fork.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
cbfb826513 test/circuitbuild: Tests for adding ed25519 keys
Add tests for circuit_extend_add_ed25519_helper().

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
f8fef609f6 nodelist: Make some functions mockable
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
eb11c9d07c test/circuitbuild: Add a test for extend_state_valid
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
7261078566 test/circuitbuid: Fix new_route_len_unhandled_exit
Make test_new_route_len_unhandled_exit more robust, by always tearing
down logs. (Rather than just tearing them down on success.)
2020-04-09 11:00:04 +10:00
teor
3334f63516 test/circuitbuild: Refactor test case array
Avoid repeating test names.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
ec632b01db relay: End circuitbuild logs with "."
Consistent logs make testing easier.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
4f9f56be47 relay: Check for NULL arguments in circuitbuild
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
b10b287589 relay: Make circuitbuild functions STATIC
Allow the circuitbuild_relay functions to be accessed by the unit tests.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
44f634d0be relay: Remove a redundant function return value
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
ca9565b9f7 relay: Split out opening a connection for an extend
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2640030b10 relay: Refactor some long lines from circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
5cb2bbea7d relay: Split link specifier checks from circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2563d74a5c relay: Split state checks out of circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
beee9ca608 relay: Improve the comments on onionskin_answer()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
c9b674d511 relay: Protocol warn when a client gets an extend
circuit_extend() may be called when a client receives an extend cell,
even if the relay module is disabled.

Log a protocol warning when the relay module is disabled.

Part of 33633.
2020-04-09 10:59:51 +10:00
Roger Dingledine
9bd73da7cf fix typos from #32542 2020-04-08 19:13:52 -04:00
George Kadianakis
7a82c972ef Merge branch 'tor-github/pr/1857' 2020-04-08 18:15:37 +03:00
David Goulet
9b72a561f5 test: Unit test for missing ExtendedErrors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 18:15:21 +03:00
David Goulet
c1bf819a31 Merge branch 'maint-0.4.3' 2020-04-08 09:42:13 -04:00
Mrigyen Sawant
34faee0600 Correct 'was not internal' to 'was internal' in test_external_ip() 2020-04-08 09:41:58 -04:00
George Kadianakis
0b0b8a5b6d Merge branch 'tor-github/pr/1855' 2020-04-08 16:31:37 +03:00
David Goulet
6ab11bbf30 hs-v3: Report SOCKS ExtendedErrors when all intro timed out
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00