This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
get_dirportfrontpage relay_get_dirportfrontpage \
parse_port_config port_parse_config \
count_real_listeners port_count_real_listeners \
parse_transport_line pt_parse_transport_line \
ensure_bandwidth_cap config_ensure_bandwidth_cap \
get_effective_bwrate relay_get_effective_bwrate \
get_effective_bwburst relay_get_effective_bwburst \
warn_nonlocal_ext_orports port_warn_nonlocal_ext_orports \
parse_ports_relay port_parse_ports_relay \
update_port_set_relay port_update_port_set_relay \
get_transport_bindaddr_from_config pt_get_bindaddr_from_config \
get_options_for_server_transport pt_get_options_for_server_transport
It was generated with --no-verify, because it has some long lines.
Part of 32213.
This commit:
* disables the ORPort, DirPort, DirCache, and BridgeRelay options,
* sets ClientOnly 1,
* disables relay_config.c and relay/transport_config.c,
* disables test_rebind.sh, and
* modifies the expected results for test_parseconf.sh,
when the relay module is disabled.
Part of 32213.
Minor simplification and refactoring.
Make the dirauth tests focus on testing the intention of the code,
rather than option processing order.
Part of 32213.
This commit:
* moves relay config actions into relay_config,
* moves get_dirportfrontpage() into relay_config,
* adds thin wrappers to make the moved code compile.
No functional changes: the moved code is still enabled,
even if the relay module is disabled. (Some of the checks
are re-ordered, so the order of some warnings may change.)
Part of 32213.
This commit:
* creates feature/relay/transport_config.[ch],
* moves server transport config checks into them,
* exposes some code from src/app/config.c
(we'll refactor it later in 29211), and
* adds thin wrappers to make the moved code compile.
No functional changes: the moved code is still enabled,
even if the relay module is disabled. (Some of the checks
are re-ordered, so the order of some warnings may change.)
Part of 32213.
This commit:
* moves relay config checks into relay_config.[ch],
* exposes some code from src/app/config.c
(we'll refactor it later in 29211), and
* adds thin wrappers to make the moved code compile.
No functional changes: the moved code is still enabled,
even if the relay module is disabled. (Some of the checks
are re-ordered, so the order of some warnings may change.)
Part of 32213.
Fake circuits are created everywhere in the unit tests. This is an attempt at
centralizing a "fake circuit creation" API like fakechans.c does for channel.
This commit introduces fakecircs.c and changes test_relay.c and
test_circpadding.c which were using roughly the same code.
This will allow easier OR circuit creation for the future tests in
test_circuitmux.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
Also remove a scheduler_init() from a test and MOCK the appropriate function
so the test can pass.
This is done in order to minimize initialization functions in the unit test
and try to only go through the testcase setup object.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Before, when parsing memunits, if overflow occured it failed silently.
Use nowrap u64 math to detect overflow, compare to INT64_MAX and if
greater tell user and fail accordingly.
15000000.5 TB fails double check as it a greater floating number than
(double)INT64_MAX
8388608.1 TB passes double check because it falls in the same value as
(double)INT64_MAX (which is 2^63), but will fail the int check because
(uint64_t)d, which is 2^63, is strictly greater than 2^63-1 (INT64_MAX).
Fixes#30920
Signed-off-by: José M. Guisado <guigom@riseup.net>
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
confparse.h confmgt.h \
confparse.c confmgt.c \
CONFPARSE_PRIVATE CONFMGT_PRIVATE \
TOR_CONFPARSE_H TOR_CONFMGT_H
options_validate_cb() derives DataDirectory (which we use) from
DataDirectory_option (which the user sets). I want to add a test
that will call options_validate_cb(), but it will fail unless it
derives the same value.
The current API of this callback mixes responsibilities, including:
* validation
* transition checking
* processing (modifying) the configuration object.
These will have to be disentangled piece by piece, so for now, we'll
have "legacy" validate functions as well.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
validate_fn_t legacy_validate_fn_t \
validate_fn legacy_validate_fn
This input was inessential, and none of the tests actually depended
on it or tested anything about it (as can be seen from the fact that
tests all still pass when it's removed).
I tried to generate this commit with a coccinelle script, but it had
trouble parsing a lot of options_validate as it stands. Instead, I
did a search-and-replace to replace "tdata->old_opt," with "NULL,".
Only use the HS circuit map to know if an introduction circuit is established
or not. No need for a flag to keep state of something we already have in the
circuit map. Furthermore, the circuit map gets cleaned up properly so it will
always have the "latest truth".
This commit also removes a unit test that was testing specifically that flag
but now we rely solely on the HS circuit map which is also tested few lines
below the removed test.
Fixes#32094
Signed-off-by: David Goulet <dgoulet@torproject.org>
There was one that it could not find because it was in a macro definition.
I used the following semantic patch:
@@
expression e1, e2, e3, e4, e5;
@@
options_validate(e1,
e2,
- e3,
- e4,
e5)
Conflicts:
src/feature/dirparse/authcert_parse.c
src/feature/dirparse/ns_parse.c
src/feature/hs/hs_service.c
src/lib/conf/conftesting.h
src/lib/log/log.h
src/lib/thread/threads.h
src/test/test_options.c
These conflicts were mostly related to autostyle improvements, with
one or two due to doxygen fixes.
Two things needed to be changed. First, we used to set quiet_level
to the default (QUIET_NONE) when running tests, since we would not
call anything that acted based upon it. But since we sometimes call
options_init_logs(), we need to pre-set quiet_level to QUIET_SILENT
in the logs so that we don't add the default logs. This did not
cause test failure: just unwanted logs.
Second, we had a test that checked whether options_validate was
messing with options->Logs correctly. Since options_validate no
longer messes with the logs, we no longer want a test for this.
This finally became the empty string, since we no longer have to do
anything in individual test_options.c tests to make "" be a valid
set of options. Now we can remove it at last.
Now that ConnLimit is set to the default value in the
testing helper functions, the individual tests don't all need to
make sure it is set to something valid.
Several of our tests assumed that ConnLimit would be set to 0 by
default, causing the default options not to be parseable. These
tests had nothing to do with ConnLimit.
Now that MaxClientCircuitsPending is set to the default value in the
testing helper functions, the individual tests don't all need to
make sure it is set to something valid.
Several of our tests assumed that MaxClientCircuitsPending would be
set to 0 by default, causing the default options not to be
parseable. These tests had nothing to do with
MaxClientCircuitsPending.
Now that KeepalivePeriod is set to the default value in the testing
helper functions, the individual tests don't all need to make sure
it is set to something valid.
Several of our tests assumed that KeepalivePeriod would be set to 0
by default, causing the default options not to be parseable. These
tests had nothing to do with KeepalivePeriod.
This macro used to have a big list of "default" values that we
needed to set in the test_options tests in order to have reasonable
behavior. But now that we initialize options objects to the default
settings in these tests, we no longer need such a long list of
things to replace.
Previously, we just used options set to all 0s, but this causes some
pretty severe workarounds throughout the code, as our options fail
to validate, or count as "default" for the wrong reasons.
Note that in some places, we stop getting spurious warnings or
failures which the tests previously demanded. In these cases, I've
changed the test behavior.
Fixes 32175.
* actually sleep when tor has not logged anything
* log at debug level when waiting for tor to log something
* backslash-replace bad UTF-8 characters in logs
* format control messages as ASCII: tor does not accept UTF-8 control commands
Fixes bug 31837; bugfix on 0.3.5.1-alpha.
This patch adds a test to check for whether the exit callback is always
called when process_exec() fails, both on Windows and Unix.
See: https://bugs.torproject.org/31810
This commit introduces the hs_desc_decode_status_t enum which aims at having
more fine grained error code when decoding a descriptor.
This will be useful in later commits when we support keeping a descriptor that
can't be decrypted due to missing or bad client authorization creds.
No behavior change.
Part of #30382.
Signed-off-by: David Goulet <dgoulet@torproject.org>
This patch adds a test to check for whether the exit callback is always
called when process_exec() fails, both on Windows and Unix.
See: https://bugs.torproject.org/31810
When considering introduction point of a service's descriptor, do not remove
an intro point that has an established or pending circuit.
Fixes#31652
Signed-off-by: David Goulet <dgoulet@torproject.org>
These tests all invoke the hostname resolver in one way or another,
and therefore potentially block if our DNS server is missing,
absent, or extremely slow. Closes ticket 31841.
This test failure happened due to a signed/unsigned integer
comparison.
This bug occurred on SunOS, it may also occur on other systems that
use signed char as the default. (And cast 1-byte integer constants
to an unsigned integer.)
Fixes bug 31897; bugfix on 0.4.1.1-alpha.
- The function `decrypt_desc_layer` has a cleaner interface.
- `is_superencrypted_layer` changed from `int` -> `bool`
[ticket details](https://trac.torproject.org/projects/tor/ticket/31589)
add(changes/*): changes file
fix(src/features/hs): is_superencrypted changed from `int` -> `bool`
fix(changes/ticket31589): header
add(changes/ticket31589): subsystem(onion services) to change
When processing a %included folder, a bug caused the pointer to
the last element of the options list to be set to NULL when
processing a file with only comments or whitepace. This could
cause options from other files on the same folder to be
discarded depending on the lines after the affected %include.
There seems to be some unreliability issue with this test on
appveyor.
Addresses ticket 31757; This isn't a final fix for this issue, but
it should make CI pass.
This script takes a set of example torrcs and command-lines from
src/test/conf_examples. If a success is expected, it runs "tor
--dump-config" and compares the result with the one we expect. If a
failure is expected, it runs "tor --verify-config" and greps for the
error we expect.
GCC complains that we are using too many variables here, probably
because of the sheer number of locals used for our tinytest macros.
Eventually we should fix that (see 30968), but this commit just
makes the "note" go away by splitting the test function into two.
Coccinelle doesn't understand it when we use "==" and "!=" and so on as
arguments to macros. To solve this, we prefer OP_EQ, OP_NE, and so
on.
This commit is automatically generated by running
./scripts/coccinelle/test_operator_cleanup over all of the source
code in src.
This test makes sure that we parse ed25519 identities to get the
correct data from them. It also tests:
* That a microdescriptor may not have two ed25519 identities.
* That a microdescriptor may not have an ed25519 identity that is
not a valid base64-encoded ed25519 key.
* That a microdescriptor may have an unrecognized identity type.
It will help test the refactoring of ticket31675.
When tor is missing descriptors for some primary entry guards, make the
log message less alarming. It's normal for descriptors to expire, as long
as tor fetches new ones soon after.
Fixes bug 31657; bugfix on 0.3.3.1-alpha.
The right way to free a config object is now to wrap config_free(),
always. Instead of creating an alternative free function, objects
should provide an alternative clear callback to free any fields that
the configuration manager doesn't manage.
This lets us simplify our code a little, and lets us extend the
confparse.c code to manage additional fields in config_free.
Every time we finalize a config manager, we now generate a new magic
number for it, so that we'll get an assertion failure if we ever try
to use an object with a different configuration manager than the one
that generated it.
It's good style to always add parentheses when using macro
arguments, in case somebody someday provides an argument that
contains an operator you don't expect, or causes the expression to
parse differently.
In Tor's tests, the tt_*() macros can call "goto done" on failure.
When that happens, we need to make sure that all of our allocated
memory still gets freed, or else Coverity will complain.
Move everything to its own function in order to better log, document and tests
the introduction point validation process.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Remove the public functions returning the HS DoS consensus param or default
values as it is exclusively used internally now.
Rename the param_* variables to consensus_param_* for better code semantic.
Finally, make some private functions available to unit tests.
Signed-off-by: David Goulet <dgoulet@torproject.org>
We added a flag on the circuit to know if the DoS defenses are enabled or not.
Before, it was solely the consensus parameter.
Part of #30924
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit makes tor add the DoS cell extension to the ESTABLISH_INTRO cell
if the defense is enabled on the service side with a torrc option.
Furthermore, the cell extension is only added if the introduction point
supports it. The protover version HSIntro=5 is looked for.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Make it clear that these functions return the consensus param only.
Introduction point can not set those values with a torrc option.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Coverity wants us to free everything that we are potentially
allocating, even stuff where allocating it would be a bug. Adding
a smartlist_free() here will fix the warning.
Fixes bug 31452; bugfix on 16a0b7ed67, which is not in
any released Tor. This is CID 1447292.
Previously we tried multiplying by -1 before casting to int32_t,
which would cause us to cast the -1 to an unsigned before we
multiplied. This gave us compiler warnings on windows.
Fixes bug 31353; bug not in any released Tor.
Currently test the only available function which is hs_dos_can_send_intro2()
within the HS anti-DoS subsystem.
Closes#15516
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.
At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.
The rate per second is 25 and allowed burst to 200.
Basic defenses on #15516.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Now that we have a reasonable implementation for overriding the
default options for TestingTorNetwork, we don't need to modify
config_var_t structs any more. And therefore, we can have constant
format options, like reasonable people.
It's important to make sure that we don't change a config_mgr_t
after we start using it to make objects, or we could get into
inconsistent states. This feature is the start of a safety
mechanism to prevent this problem.
Remember that our goal in the present refactoring is to allow each
subsystem to declare its own configuration structure and
variables. To do this, each module will get its own
config_format_t, and so we'll want a different structure that wraps
several config_format_t objects. This is a "config_mgr_t".
The function make_intro_from_plaintext() in test_introduce.c would
leak memory if we ever hit a failure from our underlying crypto
functions. This kind of failure should be impossible, but it's best
to be safe here.
Bugfix on 0.2.4.1-alpha.
Coverity is worried that we check "service" at the end of these test
functions, since it doesn't see any way to reach the cleanup code
without having first dereferenced the variable.
Removing the check would be unwise in this case: instead we add a
tt_assert check before using "service" so that coverity thinks that
the check is doing something useful.
Bugfix on 0.3.2.1-alpha.
Coverity can't see that it is not in fact going to read
uninitialized memory here, so we initialize these values
unconditionally.
Bugfix on 0.4.0.1-alpha.
