When I made time parsing more strict, I broke the
EntryGuardDownSince line, which relied on two concatenated ISO times
being parsed as a single time.
Fixes bug 14136. Bugfix on 7984fc1531. Bug not in any released
version of Tor.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.
Fixes bug 14129. Bugfix on 0d20fee2fb, which was in 0.0.7rc1.
jowr found the bug. cypherpunks wrote the fix. I added the log
message and removed the assert.
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."
Closes 12485.
If we decide not to use a new guard because we want to retry older
guards, only close the locally-originating circuits passing through
that guard. Previously we would close all the circuits.
Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in. But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.
Fixes bug 9286.
If we're not a relay, we ignore it.
If it's set to 1, we obey ExitPolicy.
If it's set to 0, we force ExitPolicy to 'reject *:*'
And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.
Fixes ticket 10067
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them. That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.
Fixes bug 13397; bugfix on 0.2.3.11-alpha.
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything." But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.
Instead, let "." remain ".", and treat it specially when we're
checking for a match.
Fixes bug 12509; bugfix on 0.2.0.1-alpha.
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit. With this option set, only
a RELAY_DONE cell is sent.
Closes ticket #14084.
Supposedly there are a decent number of applications that "support"
IPv6 and SOCKS5 using the FQDN address type. While said applications
should be using the IPv6 address type, allow the connection if
SafeSocks is not set.
Bug not in any released version.
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13924.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.
If a future consensus contains Exits, exit circuits may become available.
Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.
Consequential change from #13718.
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.
The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.
Exit Circuits:
Predicted Exit Circuits
User Traffic Circuits
Most AP Streams
Circuits Marked Exit
Build Timeout Circuits (with exits)
Internal Circuits:
Hidden Service Server Circuits
Hidden Service Client Circuits
Hidden Service AP Streams
Hidden Service Intro Point Streams
Circuits Marked Internal
Build Timeout Circuits (with no exits)
Other Circuits?
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.
When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)
This assists in bootstrapping a testing Tor network.
Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.
Used by #13718 and #13814.
count_usable_descriptors now uses named exit_only values:
USABLE_DESCRIPTOR_ALL
USABLE_DESCRIPTOR_EXIT_ONLY
Add debug logging code for descriptor counts.
This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.
This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *
This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).
Discovered as part of #13718.
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.
This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.
Fixes#13667.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it. Let's make sure that doesn't happen.
Closes ticket 14041
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13963.
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)
Fix code that assumes larger interval values.
This assists in quickly bootstrapping a testing
Tor network.
Fixes bugs 13718 & 13823.
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.
This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
Document why we divide it by two.
Check for > 0 instead of nonzero for success, since that's what the
manpage says.
Allow watchdog timers greater than 1 second.
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.
This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.
This patch is released under the same license as the original file as
long as the author is credited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.
This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.
Prevents any fallout from bug 14013.
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.
Fixes bug 14001.
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.
A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.
A log buffer is sized 10024 rather than 10240.
Fixes bug 14001.
The two statistics are:
1. number of RELAY cells observed on successfully established
rendezvous circuits; and
2. number of .onion addresses observed as hidden-service
directory.
Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.
Notably, no statistics will be gathered on clients or services, but
only on relays.
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.
Furthermore, a controller event is triggered where the former did not.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
1) Set them to the values that (according to Rob) avoided performance
regressions. This means that the scheduler won't get much exercise
until we implement KIST or something like it.
2) Rename the options to end with a __, since I think they might be
going away, and nobody should mess with them.
3) Use the correct types for the option variables. MEMUNIT needs to be a
uint64_t; UINT needs to be (I know, I know!) an int.
4) Validate the values in options_validate(); do the switch in
options_act(). This way, setting the option to an invalid value on
a running Tor will get backed out.
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object. We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.
Closes ticket 11791.
When closing parallel introduction points, the given reason (timeout)
was actually changed to "no reason" thus when the circuit purpose was
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, we were reporting an introduction
point failure and flagging it "unreachable". After three times, that
intro point gets removed from the rend cache object.
In the case of CIRCUIT_PURPOSE_C_INTRODUCING, the intro point was
flagged has "timed out" and thus not used until the connection to the HS
is closed where that flag gets reset.
This commit adds an internal circuit reason called
END_CIRC_REASON_IP_NOW_REDUNDANT which tells the closing circuit
mechanism to not report any intro point failure.
This has been observed while opening hundreds of connections to an HS on
different circuit for each connection. This fix makes this use case to
work like a charm.
Fixes#13698.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.
Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
Stop crashing when a NULL filename is passed to file_status(),
instead, return FN_ERROR.
Also return FN_ERROR when a zero-length filename is passed to file_status().
Fixed as part of bug 13111.
