Commit Graph

32301 Commits

Author SHA1 Message Date
David Goulet
93f9fbbd34 prop289: Keep track of the last seen cell digests
This makes tor remember the last seen digest of a cell if that cell is the
last one before a SENDME on the Exit side.

Closes #26839

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
81706d8427 prop289: Support SENDME v1 cell parsing
This commit makes tor able to parse and handle a SENDME version 1. It will
look at the consensus parameter "sendme_accept_min_version" to know what is
the minimum version it should look at.

IMPORTANT: At this commit, the validation of the cell is not fully
implemented. For this, we need #26839 to be completed that is to match the
SENDME digest with the last cell digest.

Closes #26841

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
023a70da84 prop289: Support sending SENDME version 1
This code will obey the consensus parameter "sendme_emit_min_version" to know
which SENDME version it should send. For now, the default is 0 and the
parameter is not yet used in the consensus.

This commit adds the support to send version 1 SENDMEs but aren't sent on the
wire at this commit.

Closes #26840

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
eef78ac0b0 prop289: Add SENDME trunnel declaration
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
c38d46bf4a prop289: Add two consensus parameters
In order to be able to deploy the authenticated SENDMEs, these two consensus
parameters are needed to control the minimum version that we can emit and
accept.

See section 4 in prop289 for more details.

Note that at this commit, the functions that return the values aren't used so
compilation fails if warnings are set to errors.

Closes #26842

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
0e6e800c89 sendme: Always close stream if deliver window is negative
Previously, we would only close the stream when our deliver window was
negative at the circuit-level but _not_ at the stream-level when receiving a
DATA cell.

This commit adds an helper function connection_edge_end_close() which
sends an END and then mark the stream for close for a given reason.

That function is now used both in case the deliver window goes below zero for
both circuit and stream level.

Part of #26840

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
8e38791baf sendme: Add helper functions for DATA cell packaging
When we are about to send a DATA cell, we have to decrement the package window
for both the circuit and stream level.

This commit adds helper functions to handle the package window decrement.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
2d3c600915 sendme: Add helper functions for DATA cell delivery
When we get a relay DATA cell delivered, we have to decrement the deliver
window on both the circuit and stream level.

This commit adds helper functions to handle the deliver window decrement.

Part of #26840

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
9c42cc1eb2 sendme: Refactor SENDME cell processing
This is a bit of a complicated commit. It moves code but also refactors part
of it. No behavior change, the idea is to split things up so we can better
handle and understand how SENDME cells are processed where ultimately it will
be easier to handle authenticated SENDMEs (prop289) using the intermediate
functions added in this commit.

The entry point for the cell arriving at the edge (Client or Exit), is
connection_edge_process_relay_cell() for which we look if it is a circuit or
stream level SENDME. This commit refactors that part where two new functions
are introduced to process each of the SENDME types.

The sendme_process_circuit_level() has basically two code paths. If we are a
Client (the circuit is origin) or we are an Exit. Depending on which, the
package window is updated accordingly. Then finally, we resume the reading on
every edge streams on the circuit.

The sendme_process_stream_level() applies on the edge connection which will
update the package window if needed and then will try to empty the inbuf if
need be because we can now deliver more cells.

Again, no behavior change but in order to split that code properly into their
own functions and outside the relay.c file, code modification was needed.

Part of #26840.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
ed8593b9e0 sendme: Modernize and cleanup old moved code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
e5806dcea8 sendme: Move code to the new files sendme.{c|h}
Take apart the SENDME cell specific code and put it in sendme.{c|h}. This is
part of prop289 that implements authenticated SENDMEs.

Creating those new files allow for the already huge relay.c to not grow in LOC
and makes it easier to handle and test the SENDME cells in an isolated way.

This commit only moves code. No behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:33 -04:00
Nick Mathewson
206d28ff15 Merge branch 'maint-0.4.0' 2019-04-29 10:15:11 -04:00
Nick Mathewson
593d29920e Merge remote-tracking branch 'tor-github/pr/974' into maint-0.4.0 2019-04-29 10:15:03 -04:00
rl1987
6d347fe329 Remove obsolete OpenSUSE initscript 2019-04-27 10:33:33 +03:00
Nick Mathewson
806539b40a Use fast check for missing id in node_is_a_configured_bridge()
Fixes bug 30308; bugfix on 0.3.5.1-alpha.
2019-04-26 11:19:46 -04:00
Nick Mathewson
650b94ebc1 Use a linear algorithm to subtract two nodelists.
The nodelist_idx for each node_t serves as a unique identifier for
the node, so we can use a bitarray to hold all the excluded
nodes, and then remove them from the smartlist.

Previously use used smartlist_subtract(sl, excluded), which is
O(len(sl)*len(excluded)).

We can use this function in other places too, but this is the one
that showed up on the profiles of 30291.

Closes ticket 30307.
2019-04-26 11:04:44 -04:00
Nick Mathewson
1d44ac9acd Make nodelist_get_list() return a const pointer. 2019-04-26 10:36:49 -04:00
Nick Mathewson
efeb101b96 Merge remote-tracking branch 'tor-github/pr/889' 2019-04-25 20:25:34 -04:00
Nick Mathewson
36b4fc7437 Merge remote-tracking branch 'tor-github/pr/922' 2019-04-25 20:08:39 -04:00
Nick Mathewson
a5cced2b7a Extract keyword argument checking from argument parsing. 2019-04-25 14:13:03 -04:00
Nick Mathewson
a0299cd240 In control command api, rename "object" to "cmddata"
This makes it match control-spec.txt.
2019-04-25 14:13:03 -04:00
Nick Mathewson
3ed7ceeb85 changes file for ticket 30091 (controller parsing refactor) 2019-04-25 14:13:03 -04:00
Nick Mathewson
ff9ba7d6c4 expand CMD_FL_WIPE to wipe the parsed arguments too 2019-04-25 14:13:03 -04:00
Nick Mathewson
88d22b898e Simplify handler logic in control_cmd.c
Now that the legacy handlers are gone, we can simplify the
structures and macros here.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ddd33d39c7 Port the authenticate and authchallenge commands to the new parser
These two presented their own challenge, because of their use of
QString, and their distinguished handling of quoted versus
non-quoted values.
2019-04-25 14:13:03 -04:00
Nick Mathewson
8799b4e805 Add rudimentary qstring support to kvline.c 2019-04-25 14:13:03 -04:00
Nick Mathewson
ba05324242 Move and rename decode_escaped_string()
This function decodes something different from the usual c-escaped
format.

It is only used in controller authorization.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0c0b869ba4 Use the new controller command parser for EXTENDCIRCUIT.
This command does not fit perfectly with the others, since its
second argument is optional and may contain equal signs.  Still,
it's probably better to squeeze it into the new metaformat, since
doing so allows us to remove several pieces of the old
command-parsing machinery.
2019-04-25 14:13:03 -04:00
Nick Mathewson
95afdb005c Use new parser logic for SETCONF/RESETCONF code.
Here we get to throw away a LOT of unused code, since most of the
old parsing was redundant with kvline.
2019-04-25 14:13:03 -04:00
Nick Mathewson
d8b3ec865d Update more controller commands, now that we have kvline support 2019-04-25 14:13:03 -04:00
Nick Mathewson
dab35386ca Add a case-insensitive variant to config_line_find() 2019-04-25 14:13:03 -04:00
Nick Mathewson
9471391694 Add kvline support to controller command parser.
This should let us handle all (or nearly all) of the remaining
commands.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0841a69357 Allow kvlines in control commands. 2019-04-25 14:13:03 -04:00
Nick Mathewson
bb37ad6957 Add fuzzing support for several more groups of kvlines flags 2019-04-25 14:13:03 -04:00
Nick Mathewson
73df91bbb5 kvline: handle empty alues as well as empty keys
The two options are mutually exclusive, since otherwise an entry
like "Foo" would be ambiguous.  We want to have the ability to treat
entries like this as keys, though, since some controller commands
interpret them as flags.
2019-04-25 14:13:03 -04:00
Nick Mathewson
01b07c548b Use parsing code for the simpler controller commands.
(This should be all of the command that work nicely with positional
arguments only.)

Some of these commands should probably treat extra arguments as
incorrect, but for now I'm trying to be careful not to break
any existing users.
2019-04-25 14:13:03 -04:00
Nick Mathewson
cbd1a7e053 Unit tests for current control-command parser logic 2019-04-25 14:13:03 -04:00
Nick Mathewson
dbfe1a14e4 When parsing a multiline controller command, be careful with linebreaks
The first line break in particular was mishandled: it was discarded
if no arguments came before it, which made it impossible to
distinguish arguments from the first line of the body.

To solve this, we need to allocate a copy of the command rather than
using NUL to separate it, since we might have "COMMAND\n" as our input.

Fixes ticket 29984.
2019-04-25 14:13:03 -04:00
Nick Mathewson
f18b7dc473 Extract the argument-splitting part of control.c's parser
This is preliminary work for fixing 29984; no behavior has changed.
2019-04-25 14:13:03 -04:00
Nick Mathewson
de70eebc65 Start on a command-parsing tool for controller commands.
There _is_ an underlying logic to these commands, but it isn't
wholly uniform, given years of tweaks and changes.  Fortunately I
think there is a superset that will work.

This commit adds a parser for some of the most basic cases -- the
ones currently handled by getargs_helper() and some of the
object-taking ones.  Soon will come initial tests; then I'll start using
the parser.

After that, I'll expand the parser to handle the other cases that come
up in the controller protocol.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0d650e7958 Move responsibility for checking if events are setup into periodic.c
We have checks in various places in mainlook.c to make sure that
events are initialized before we invoke any periodic_foo() functions
on them.  But now that each subsystem will own its own periodic
events, it will be cleaner if we don't assume that they are all
setup or not.
2019-04-25 13:23:18 -04:00
Nick Mathewson
233835e14f Move the responsibility for listing periodic events to periodic.c
The end goal here is to move the periodic callback to their
respective modules, so that mainloop.c doesn't have to include so
many other things.

This patch doesn't actually move any of the callbacks out of
mainloop.c yet.
2019-04-25 10:09:36 -04:00
George Kadianakis
974c2674eb Merge branch 'maint-0.4.0' 2019-04-25 15:47:07 +03:00
George Kadianakis
a39789a02c Merge branch 'tor-github/pr/960' into maint-0.4.0 2019-04-25 15:46:45 +03:00
George Kadianakis
811a93f803 Merge branch 'tor-github/pr/953' 2019-04-25 15:43:47 +03:00
Alexander Færøy
0429072495 Lower log level of unlink() errors in networkstatus_set_current_consensus().
In this patch we lower the log level of the failures for the three calls
to unlink() in networkstatus_set_current_consensus(). These errors might
trigger on Windows because the memory mapped consensus file keeps the
file in open state even after we have close()'d it. Windows will then
error on the unlink() call with a "Permission denied" error.

The consequences of ignoring these errors is that we leave an unused
file around on the file-system, which is an easier way to fix this
problem right now than refactoring networkstatus_set_current_consensus().

See: https://bugs.torproject.org/29930
2019-04-25 01:59:37 +02:00
Nick Mathewson
6320b2988c Merge remote-tracking branch 'tor-github/pr/942' 2019-04-24 17:06:56 -04:00
Nick Mathewson
0cbe0f9cab Merge remote-tracking branch 'tor-github/pr/964' 2019-04-24 17:05:20 -04:00
Nick Mathewson
d0a0f3e8cd Allow do_resolve() to be longer. 2019-04-24 14:15:18 -04:00
David Goulet
f39dd0a700 Merge branch 'tor-github/pr/951' 2019-04-24 09:53:15 -04:00