Commit Graph

852 Commits

Author SHA1 Message Date
George Kadianakis
92a8573d22 Merge branch 'tor-github/pr/1258' 2019-08-27 11:45:18 +03:00
George Kadianakis
0d7f76d7ca Merge branch 'tor-github/pr/1234' 2019-08-27 11:44:13 +03:00
Neel Chauhan
d9a7d47798 Check for private IPv6 addresses in dirserv_router_has_valid_address() 2019-08-26 18:21:56 -04:00
David Goulet
461d231289 hs-v3: Refactor DoS cell extension parameters validation
Move everything to its own function in order to better log, document and tests
the introduction point validation process.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
1c4607b132 hs-v3: Clarify comment in hs_dos.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
292e9b0c00 hs-v3: Log info INTRO2 DoS defenses service values
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
a98f5099c4 hs-v3: Missing intro circuit INTRO2 DoS enabled flag
When consensus changes, we also need to update the circuit INTRO2 defenses
enabled flag and not only the token bucket.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
94a2221708 hs-v3: Privatize access to HS DoS consensus param
Remove the public functions returning the HS DoS consensus param or default
values as it is exclusively used internally now.

Rename the param_* variables to consensus_param_* for better code semantic.

Finally, make some private functions available to unit tests.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
184c76e339 hs-v3: Cleanup usage of consensus param in hs_dos.c
This commit makes it that the hs_dos.c file only uses the consensus parameter
variables set when we initialize and when the consensus changes.

There is no need to call each time networkstatus_get_param(), which is
expensive, when we want access to a consensus value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
82639a8c7b hs-v3: Move to hs_dos.c INTRO2 defenses initialization
A bit cleaner especially that the next commit(s) will make the consensus param
interface private to hs_dos.c so we expose as little as we can outside of the
subsystem.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
dde073764c test: Build DoS cell extension
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
aee66c80bd hs-v3: Don't apply DoS defenses if circuit has not been flagged
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
724d9eb84b hs-v3: Parse ESTABLISH_INTRO cell extension
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
d692c5fd03 hs-v3: Encode DoS ESTABLISH_INTRO cell extension
This commit makes tor add the DoS cell extension to the ESTABLISH_INTRO cell
if the defense is enabled on the service side with a torrc option.

Furthermore, the cell extension is only added if the introduction point
supports it. The protover version HSIntro=5 is looked for.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
7faf10495f hs-v3: Rename INTRO2 consensus param getters
Make it clear that these functions return the consensus param only.
Introduction point can not set those values with a torrc option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
6c79172924 hs-v3: Add protover HSIntro=5
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
5419fd5d9f hs-v3: Implement torrc DoS defenses options
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
Neel Chauhan
14654d5c97 Remove the unused circuit_type field from hs_ident_circuit_t and hs_ident_circuit_new() 2019-08-23 14:04:05 -04:00
teor
55580d063d
hs: Remove an outdated comment 2019-08-23 16:26:44 +10:00
teor
65935f6da7
Merge branch 'bug23818_035' into bug23818_master 2019-08-23 16:26:32 +10:00
teor
e2e1c07fd2
hs: v3 single onion services fall back to 3-hop intro for unreachable nodes
Previously, v3 single onion services failed when all intro nodes were
unreachable via a 1-hop path. Now, we select intros that are only available
via a 3-hop path, and use a 3-hop path to connect to them.

Fixes bug 23507; bugfix on 0.3.2.1-alpha.
2019-08-23 16:22:49 +10:00
teor
229a982405
hs: Always use a 3-hop path when a v3 single onion intro fails
Previously, we always used a 1-hop path, no matter how many times a v3
single onion intro failed.

Fixes bug 23818; bugfix on 0.3.2.1-alpha.
2019-08-23 15:09:55 +10:00
teor
c94904b359
hs: Always use a 3-hop path when a v3 single onion rend fails
Previously, we used a 1-hop path when a single onion rend failed
immediately, and a 3-hop path when it failed after trying to build
a circuit.

Fixes bug 23818; bugfix on 0.3.2.1-alpha.
2019-08-23 15:09:43 +10:00
teor
14b5f40b54
Merge branch 'bug23818_029' into bug23818_035 2019-08-23 15:09:19 +10:00
Nick Mathewson
2780cbb9cb Merge branch 'ticket30935' into ticket30935_merged 2019-08-22 17:25:35 -04:00
teor
e8ba094c3e nodelist: Clear buffers and detect more caller errors in describe.c
Part of 21003.
2019-08-22 23:51:32 +10:00
Nick Mathewson
edf5a327c5 Merge branch 'ticket30914' into ticket30914_merged 2019-08-20 13:57:05 -04:00
Nick Mathewson
deccd3aa6a Merge remote-tracking branch 'tor-github/pr/1225' 2019-08-19 11:08:44 -04:00
George Kadianakis
4185ef29fd Merge branch 'tor-github/pr/1122' 2019-08-19 18:06:05 +03:00
teor
23844bc739 nodelist: Add support for multiple addresses in describe.c
Also prepare for unit tests.

Part of 21003.
2019-08-19 16:41:35 +10:00
teor
03be44e216 nodelist: Remove support for is_named in describe.c
The Named flag is deprecated. Removing support from the formatting code
simplifies the unit tests.

Part of 21003.
2019-08-19 16:40:42 +10:00
teor
81256c079f nodelist: Move router_get_verbose_nickname() declaration
The declaration was in nodelist/routerinfo.h, but the implementation
was in nodelist/describe.h.

Part of 21003.
2019-08-19 16:40:41 +10:00
Roger Dingledine
9b1aa9a572 fix typo in keypin journal log entry (for dir auths) 2019-08-15 02:32:00 -04:00
teor
20943d00f1
Merge branch 'maint-0.3.5' into maint-0.4.0 2019-08-12 13:10:05 +10:00
teor
31fb2bceb5
Merge remote-tracking branch 'tor-github/pr/1066' into maint-0.3.5 2019-08-12 09:53:59 +10:00
teor
224825e7ee
Merge remote-tracking branch 'tor-github/pr/1039' into maint-0.3.5 2019-08-12 09:51:00 +10:00
teor
e5be039494
Merge remote-tracking branch 'tor-github/pr/1034' into maint-0.3.5 2019-08-12 09:50:42 +10:00
teor
f65f4b5c38
Merge remote-tracking branch 'tor-github/pr/1020' into maint-0.3.5 2019-08-12 09:49:53 +10:00
teor
8ea0903222
Merge remote-tracking branch 'tor-github/pr/987' into maint-0.3.5 2019-08-12 09:45:32 +10:00
teor
ef345ab56d
Merge remote-tracking branch 'tor-github/pr/937' into maint-0.3.5 2019-08-12 09:42:15 +10:00
teor
3287cae68c
Merge remote-tracking branch 'tor-github/pr/848' into maint-0.3.5 2019-08-12 09:38:46 +10:00
teor
8a4635a5fe
Merge remote-tracking branch 'tor-github/pr/1081' into maint-0.4.0 2019-08-09 14:05:46 +10:00
teor
654769bcec
Merge remote-tracking branch 'tor-github/pr/1080' into maint-0.3.5 2019-08-09 14:05:26 +10:00
David Goulet
2e5519da7c hs: Initialize the INTRO2 bucket for legacy intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-08 13:40:10 -04:00
Nick Mathewson
a8f936c817 Merge branch 'maint-0.4.1' 2019-08-08 11:24:08 -04:00
Nick Mathewson
0bc5b7ae95 Merge branch 'ticket31343_040' into maint-0.4.1 2019-08-08 11:23:59 -04:00
Nick Mathewson
7e32db478b Merge branch 'ticket31343_035' into ticket31343_040 2019-08-08 09:40:04 -04:00
Nick Mathewson
a4400a77a5 Merge branch 'ticket31343_029' into ticket31343_035 2019-08-08 09:39:48 -04:00
David Goulet
c45f0b4ec1 hs-v3: Rename HS DoS default defines
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
e537968548 dos: Update HS intro circuits if parameters change
In case the consensus parameters for the rate/burst changes, we need to update
all already established introduction circuits to the newest value.

This commit introduces a "get all intro circ" function from the HS circuitmap
(v2 and v3) so it can be used by the HS DoS module to go over all circuits and
adjust the INTRODUCE2 token bucket parameters.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
be8bd2a46e hs-v3: Add enable/disable HS DoS introduce parameter
Following prop305 values.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
c5b00c5a51 hs-v3: Add consensus parameters for DoS defenses
Part of #15516

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
9f738be893 hs: Limit the amount of relayed INTRODUCE2
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.

At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.

The rate per second is 25 and allowed burst to 200.

Basic defenses on #15516.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
cfb15d513d Merge branch 'maint-0.4.1' 2019-07-25 09:03:01 -04:00
David Goulet
2a4b156978 Merge branch 'tor-github/pr/1171' into maint-0.4.1 2019-07-25 09:02:53 -04:00
Nick Mathewson
57e87cc86c Use config_new() to construct configuration objects.
We'll need to do it this way once the objects become more complex.
2019-07-24 15:21:56 -04:00
Nick Mathewson
f8b193a74a Make config_var and config_fmt const.
Now that we have a reasonable implementation for overriding the
default options for TestingTorNetwork, we don't need to modify
config_var_t structs any more.  And therefore, we can have constant
format options, like reasonable people.
2019-07-24 15:21:56 -04:00
Nick Mathewson
dde091ebc7 Add a "freeze" function for config_mgr_t objects.
It's important to make sure that we don't change a config_mgr_t
after we start using it to make objects, or we could get into
inconsistent states.  This feature is the start of a safety
mechanism to prevent this problem.
2019-07-24 15:21:56 -04:00
Nick Mathewson
e8dc513bd0 Add a config_mgr_t type to wrap config_format_t
Remember that our goal in the present refactoring is to allow each
subsystem to declare its own configuration structure and
variables.  To do this, each module will get its own
config_format_t, and so we'll want a different structure that wraps
several config_format_t objects.  This is a "config_mgr_t".
2019-07-24 15:21:56 -04:00
George Kadianakis
2944b091fc Merge branch 'maint-0.4.1' 2019-07-24 12:32:06 +03:00
George Kadianakis
bb33a2f290 Merge branch 'tor-github/pr/1181' into maint-0.4.1 2019-07-24 12:31:56 +03:00
Nick Mathewson
ab1f82ea2a Merge branch 'ticket24963_042_02' 2019-07-23 14:03:30 -04:00
Nick Mathewson
f14ce4bce6 Allow NULL circ->p_chan in circuit_is_suitable_for_introduce1()
This shouldn't be possible while Tor is running, but the tests can
hit this code.  Rather than force the tests to add a dummy channel
object, let's just tolerate their incompletely built circuits.
2019-07-23 12:36:40 -04:00
Nick Mathewson
a9379d6750 Set 'routerlist' global to NULL before freeing it.
There is other code that uses this value, and some of it is
apparently reachable from inside router_dir_info_changed(), which
routerlist_free() apparently calls.  (ouch!)  This is a minimal fix
to try to resolve the issue without causing other problems.

Fixes bug 31003. I'm calling this a bugfix on 0.1.2.2-alpha, where
the call to router_dir_info_changed() was added to routerlist_free().
2019-07-19 09:49:52 -04:00
Nick Mathewson
2e55fa9587 Adjust log callback type to use log_domain_mask_t 2019-07-08 14:11:02 -04:00
David Goulet
ef2123c7c7 hs-v3: Disallow single hop client to post/get a descriptor
Closes #24964

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-07-03 08:21:16 -04:00
Nick Mathewson
fdbd139495 Merge remote-tracking branch 'tor-github/pr/1136' 2019-07-02 13:33:50 -04:00
Nick Mathewson
cf92c096ad Merge remote-tracking branch 'tor-github/pr/1120' 2019-07-02 13:33:37 -04:00
Nick Mathewson
0fe9657c8c Merge remote-tracking branch 'tor-github/pr/1119' 2019-06-26 09:50:00 -04:00
Nick Mathewson
648d5df628 Merge remote-tracking branch 'tor-github/pr/1118' into maint-0.4.1 2019-06-26 09:49:40 -04:00
Nick Mathewson
b6457d4c08 Extend macros to allow flag arguments. 2019-06-25 12:51:25 -04:00
Nick Mathewson
c553750e32 Move responsibility for config var macros
The testing-only parts now live in a conftesting.h; the shared parts
of the macros live in confmacros.h
2019-06-25 12:51:25 -04:00
Nick Mathewson
59317c8a23 Use struct_magic_decl to verify magic numbers in config objects 2019-06-25 12:51:25 -04:00
Nick Mathewson
3a4d67cf45 Port confparse to use struct_var in place of typed_var.
This requires changes to config_var_t, causing corresponding changes
throughout its users.
2019-06-25 12:51:25 -04:00
Taylor Yu
5faf54970d Fix some onion helpers
Fix add_onion_helper_clientauth() and add_onion_helper_keyarg() to
explicitly call the appropriate control reply abstractions instead of
allocating a string to pass to their callers.

Part of ticket 30889.
2019-06-25 11:42:34 -05:00
Taylor Yu
e5e6953be7 Make control_write_reply() mockable
Part of ticket 30889.
2019-06-25 11:40:44 -05:00
Taylor Yu
0dd59fdb56 Clean up some uses of low-level control replies
Part of ticket 30889.
2019-06-25 11:39:59 -05:00
teor
c131b0763e
stats: add comments about the required chunk structure in extra info files
These comments should prevent future instances of 30958.

And allow a larger file in practracker.

Follow up after 30958.
2019-06-25 12:30:59 +10:00
teor
2663bca392
Merge branch 'bug30958_041' into bug30958_master 2019-06-25 12:29:28 +10:00
Nick Mathewson
e16b90b88a Partially port routerset to being a full-fledged config type again. 2019-06-24 17:52:00 -04:00
teor
d9f49e9bc1
Merge branch 'bug30958_040' into bug30958_041 2019-06-24 21:31:27 +10:00
teor
e350dfc085
Merge branch 'bug30958_035' into bug30958_040 2019-06-24 21:31:10 +10:00
teor
b7dda83cfa
Merge branch 'bug30958_029' into bug30958_035 2019-06-24 21:30:47 +10:00
teor
45be44ed9c stats: Split extrainfo_dump_to_string() into smaller functions.
Closes ticket 30956.
2019-06-24 20:47:44 +10:00
teor
872b85e689
Merge branch 'bug30956_041' into bug30956_master 2019-06-24 19:47:34 +10:00
teor
8356cc5b51 stats: Always publish pluggable transports in extra info documents
Always publish bridge pluggable transport information in the extra info
descriptor, even if ExtraInfoStatistics is 0. This information is
needed by BridgeDB.

Fixes bug 30956; bugfix on 0.4.1.1-alpha.
2019-06-24 19:44:24 +10:00
David Goulet
f2b1eb1f05 hs: Disallow single hop client circuit when introducing
This will effectively also deny any bridge to be used as a single hop to the
introduction point since bridge do not authenticate like clients.

Fixes #24963

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 11:17:58 -04:00
David Goulet
8751176687 hs-v3: Close intro circuits when cleaning client cache
Fixes #30921

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 09:22:07 -04:00
David Goulet
16a0b7ed67 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:42:30 -04:00
David Goulet
6a0763cd66 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:41:45 -04:00
David Goulet
e3f3478032 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:40:05 -04:00
Nick Mathewson
ac5e44d9ce Renaming: CONFIG_TYPE_UINT -> CONFIG_TYPE_POSINT
This name has been a historical source of confusion, since "uint"
usually suggests "unsigned int" to people, when the real type is
"nonnegative int".
2019-06-15 11:28:19 -04:00
David Goulet
f7e8b3b68c Merge branch 'tor-github/pr/1040' 2019-06-11 11:59:39 -04:00
Taylor Yu
0bce0c339d Rework origin circuit tracking to use pubsub
Part of ticket 29976.
2019-06-11 11:59:30 -04:00
Taylor Yu
a8c0f4ddfe Rework orconn tracking to use pubsub
Part of ticket 29976.
2019-06-11 11:59:30 -04:00
David Goulet
8e112cecd8 Merge branch 'tor-github/pr/1031' 2019-06-11 11:46:38 -04:00
David Goulet
e9d99d2e15 Merge branch 'tor-github/pr/1083' 2019-06-11 11:43:15 -04:00
teor
19bf5806ad dirauth: Return a distinct status when formatting annotations fails
Adds ROUTER_AUTHDIR_BUG_ANNOTATIONS to was_router_added_t.

The out-of-order numbering is deliberate: it will be fixed by later commits
for 16564.

Fixes bug 30780; bugfix on 0.2.0.8-alpha.
2019-06-06 17:26:23 +10:00
teor
a4ea335a69 dirauth: Fix some comments in the router status processing code.
Fixes comments in dirserv_router_get_status() and was_router_added_t.

Preparation for 30780 and 16564.
2019-06-06 17:26:23 +10:00
teor
c7fc53c2e7
Merge branch 'bug30781_040' into bug30781_master 2019-06-06 09:57:31 +10:00
teor
fb3f461406
Merge branch 'bug30781_035' into bug30781_040 2019-06-06 09:56:50 +10:00
teor
c8c2e2b8fc
Merge branch 'bug30781_034' into bug30781_035
Moved fix from src/or/routerparse.c to src/feature/dirparse/routerparse.c.
2019-06-06 09:55:44 +10:00
Nick Mathewson
6a6f7eb671 Merge remote-tracking branch 'tor-github/pr/988' into maint-0.4.0 2019-06-05 16:22:52 -04:00
Nick Mathewson
2300a619a5 Merge remote-tracking branch 'tor-github/pr/1039' into maint-0.4.0 2019-06-05 16:13:53 -04:00
Nick Mathewson
a56d7e37aa Merge remote-tracking branch 'tor-github/pr/1020' into maint-0.4.0 2019-06-05 16:10:51 -04:00
Nick Mathewson
54eb3c043c Merge remote-tracking branch 'tor-github/pr/1076' 2019-06-05 15:35:43 -04:00
Mike Perry
31c34f6524 Revert "hs: Implement a helper to repurpose a circuit"
This reverts commit 3789f22bcb.
2019-06-05 11:38:01 -07:00
Neel Chauhan
27e067df4f Add missing newline after decode_intro_points() closing bracket 2019-06-05 12:50:01 -04:00
George Kadianakis
917e4e9eae Don't access rend data after a circuit has been marked for close.
This can cause issues if the circuit was repurposed into a padding circuit
instead of closing, since in that case we will wipe off the rend_data.
2019-06-05 18:19:44 +03:00
Nick Mathewson
60213a3621 Run "make autostyle." 2019-06-05 09:33:35 -04:00
Nick Mathewson
b39a8d315d Merge remote-tracking branch 'tor-github/pr/1053' 2019-06-05 09:04:09 -04:00
Nick Mathewson
fd8beab4dd Merge branch 'bug29875_035' into bug29875_master 2019-05-31 12:40:43 -04:00
Nick Mathewson
8015979eeb num_bridges_usable(): only count configured bridges.
When this function was implemented, it counted all the entry guards
in the bridge set.  But this included previously configured bridges,
as well as currently configured ones!  Instead, only count the
_filtered_ bridges (ones that are configured and possibly reachable)
as maybe usable.

Fixes bug 29875; bugfix on 0.3.0.1-alpha.
2019-05-31 12:28:42 -04:00
Nick Mathewson
2d66250d8a Remove want_cmddata from HSFETCH, which does not in fact want data
This looks a copy-and-paste error to me.  Fixes bug 30646; bugfix on
0.4.1.1-alpha.
2019-05-29 10:10:57 -04:00
David Goulet
3789f22bcb hs: Implement a helper to repurpose a circuit
When we repurpose a hidden service circuit, we need to clean up from the HS
circuit map and any HS related data structured contained in the circuit.

This commit adds an helper function that does it when repurposing a hidden
service circuit.

Fixes #29034

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-29 09:40:13 -04:00
George Kadianakis
0a86f14add Merge branch 'tor-github/pr/1042' 2019-05-27 14:22:01 +03:00
David Goulet
e13e2012b9 Merge branch 'tor-github/pr/1034' 2019-05-23 09:40:07 -04:00
David Goulet
327bb0e2ca Merge branch 'tor-github/pr/988' 2019-05-23 09:30:36 -04:00
Nick Mathewson
57ee0e3af9 Only reject POSTDESCRIPTOR purpose= when the purpose is unrecognized
Fixes bug 30580; bugfix on 0.4.1.1-alpha.
2019-05-23 08:24:29 -04:00
Nick Mathewson
24c2502070 Merge remote-tracking branch 'dgoulet/ticket30454_035_01' 2019-05-22 11:50:46 -04:00
David Goulet
245dccb77d Merge remote-tracking branch 'nickm/ticket30454_034_01_squashed' into ticket30454_035_01 2019-05-22 11:43:55 -04:00
rl1987
2845607f97 In microdesc_cache_reload(), set journal length to length of string we read
Hopefully this will fix CID 1444769.
2019-05-20 09:08:10 -04:00
Nick Mathewson
37aae23945 OOM-purge the DNS cache one part at a time
Previously we purged it in 1-hour increments -- but one-hour is the
maximum TTL for the cache!  Now we do it in 25%-TTL increments.

Fixes bug 29617; bugfix on 0.3.5.1-alpha.
2019-05-17 10:03:41 -04:00
Iain R. Learmonth
58cb98af32 Prop 301: No longer vote on RecommendedPackages
This is the first half of implementing proposal 301. The
RecommendedPackages torrc option is marked as obsolete and
the test cases for the option removed. Additionally, the code relating
to generating and formatting package lines in votes is removed.

These lines may still appear in votes from other directory authorities
running earlier versions of the code and so consensuses may still
contain package lines. A new consensus method will be needed to stop
including package lines in consensuses.

Fixes: #28465
2019-05-16 13:31:54 +01:00
Roger Dingledine
d86896b29c fix typos, whitespace, comments 2019-05-15 23:20:03 -04:00
George Kadianakis
338cfb3179 Merge branch 'tor-github/pr/1002' 2019-05-15 23:23:18 +03:00
David Goulet
39a14421b1 Merge branch 'tor-github/pr/1021'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-15 15:35:22 -04:00
George Kadianakis
d71fa707dd Merge branch 'bug28780-squashed3-rebased' into bug28780_rebase 2019-05-15 16:46:51 +03:00
Mike Perry
56738ff8c6 Add control port circuit ID to all pathbias bug messages.
To ease debugging of miscount issues, attach vanguards with --loglevel DEBUG
and obtain control port logs (or use any other control port CIRC and
CIRC_MINOR event logging mechanism).
2019-05-15 16:44:59 +03:00
Mike Perry
b98bcd789e Pathbias should continue to ignore previously ignored circs.
If circuit padding wants to keep a circuit open and pathbias used to ignore
it, pathbias should continue to ignore it.

This may catch other purpose-change related miscounts (such as timeout
measurement, cannibalization, onion service circuit transitions, and
vanguards).
2019-05-15 16:44:59 +03:00
George Kadianakis
1de11dc47a Merge branch 'maint-0.4.0' 2019-05-15 13:46:20 +03:00
George Kadianakis
cd264e145b Merge branch 'tor-github/pr/1013' into maint-0.4.0 2019-05-15 13:45:39 +03:00
Nick Mathewson
1c95bdb83b Merge branch 'ticket30452_035_v3' into ticket30452_041_v3 2019-05-14 19:20:53 -04:00
Nick Mathewson
1b16fcb70c Add a --list-modules command
Closes ticket 30452.
2019-05-14 19:19:53 -04:00
Nick Mathewson
ff55840343 Don't pass a NULL into a %s when logging client auth file load failure
Fortunately, in 0.3.5.1-alpha we improved logging for various
failure cases involved with onion service client auth.

Unfortunately, for this one, we freed the file right before logging
its name.

Fortunately, tor_free() sets its pointer to NULL, so we didn't have
a use-after-free bug.

Unfortunately, passing NULL to %s is not defined.

Fortunately, GCC 9.1.1 caught the issue!

Unfortunately, nobody has actually tried building Tor with GCC 9.1.1
before. Or if they had, they didn't report the warning.

Fixes bug 30475; bugfix on 0.3.5.1-alpha.
2019-05-10 17:47:43 -04:00
George Kadianakis
501d1ae0bd Merge branch 'tor-github/pr/973' 2019-05-10 12:49:01 +03:00
David Goulet
3885e7b44b Merge branch 'tor-github/pr/1000'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-08 08:02:28 -04:00
David Goulet
b72f5da03d Merge branch 'tor-github/pr/994'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-07 08:02:39 -04:00
Nick Mathewson
3c2648bbda Move "relay" and "router" periodic callbacks out of mainloop.c
(Some of these callbacks are specific to the OR module, so now it's
time to have an or_sys and or_periodic.)
2019-05-06 16:35:39 -04:00
Nick Mathewson
b394b5b2af Create a relay subsystem and move the shutdown functions there 2019-05-06 16:25:09 -04:00
George Kadianakis
4060b7623d Revert "Hiding crypt_path_t: Create a constructor for crypt_path_t."
This reverts commit ab8b80944967ee5a6a0c45dbf61839cf257bfe44.
2019-05-03 18:15:26 +03:00
George Kadianakis
58fbbc1409 Hiding crypt_path_t: Rename some functions to fit the crypt_path API.
Some of these functions are now public and cpath-specific so their name should
signify the fact they are part of the cpath module:

assert_cpath_layer_ok -> cpath_assert_layer_ok
assert_cpath_ok -> cpath_assert_ok
onion_append_hop -> cpath_append_hop
circuit_init_cpath_crypto -> cpath_init_circuit_crypto
circuit_free_cpath_node -> cpath_free
onion_append_to_cpath -> cpath_extend_linked_list
2019-05-03 18:15:26 +03:00
George Kadianakis
f5635989b0 Hiding crypt_path_t: Create a constructor for crypt_path_t.
We are using an opaque pointer so the structure needs to be allocated on the
heap. This means we now need a constructor for crypt_path_t.

Also modify all places initializing a crypt_path_t to use the constructor.
2019-05-03 18:15:11 +03:00
George Kadianakis
f74a80dc3b Hiding crypt_path_t: Move init functions to crypt_path.c.
This commit only moves code.
2019-05-03 18:15:00 +03:00
David Goulet
b3492d53c3 Merge branch 'tor-github/pr/984'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-03 10:56:12 -04:00
Nick Mathewson
9c3aa22740 Remove some now-needless dirauth includes 2019-05-02 09:22:13 -04:00
Nick Mathewson
a45413e7d5 Make keypin.c dirauth-only 2019-05-02 09:22:13 -04:00
Nick Mathewson
31fb4a7845 Make the bwauth.c module dirauth-only. 2019-05-02 09:22:13 -04:00
Nick Mathewson
6f42efaa59 Move voteflags.[ch] to become dirauth only.
For various reasons, this was a nontrivial movement.  There are
several places in the code where we do something like "update the
flags on this routerstatus or node if we're an authority", and at
least one where we pretended to be an authority when we weren't.
2019-05-02 09:22:13 -04:00
Nick Mathewson
996f7c75ba Make the reachability.c module dirauth-only. 2019-04-30 15:00:08 -04:00
Nick Mathewson
857bfc7033 Make the process_descs.c module dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
853942b71e Make the recommend_pkg file dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
295feeb093 Replace all remaining tor_mem_is_zero() with fast_mem_is_zero() 2019-04-30 14:49:05 -04:00
Nick Mathewson
0034f10956 Use safe_mem_is_zero in a few more places.
I don't believe any of these represent a real timing vulnerability
(remote timing against memcmp() on a modern CPU is not easy), but
these are the ones where I believe we should be more careful.
2019-04-30 14:45:58 -04:00
Taylor Yu
68caca58a8 Clean up formatting after Coccinelle
Clean up some minor formatting quirks after the Coccinelle run.
2019-04-30 13:18:46 -05:00
Taylor Yu
983452e221 Run Coccinelle for control.c refactor 2019-04-30 13:18:46 -05:00
Taylor Yu
769eb07a7a Manually fix some control replies
Manually fix up some reply-generating code that the Coccinelle scripts
won't match.  Some more complicated ones remain -- these are mostly
ones that accumulate data to send, and then call connection_buf_add()
or connection_write_str_to_buf() directly.
2019-04-30 13:18:46 -05:00
Taylor Yu
61976a4b1c Factor out control reply output
Create a set of abstractions for controller commands and events to
output replies to the control channel.  The control protocol has a
relatively consistent SMTP-like structure, so it's helpful when code
that implements control commands and events doesn't explicitly format
everything on its own.
2019-04-30 13:18:46 -05:00
Taylor Yu
482437754a Add clarifying comments to control_proto.c
Refer to control-spec.txt grammar productions in comments in
control_proto.c for clarity.
2019-04-30 13:18:46 -05:00
Taylor Yu
8e7316bae4 Split reply formatting out of control_fmt.c
Split the core reply formatting code out of control_fmt.c into
control_proto.c.  The remaining code in control_format.c deals with
specific subsystems and will eventually move to join those subsystems.
2019-04-30 13:18:46 -05:00
Taylor Yu
965c2064da Correct file name in doxygen comment 2019-04-30 13:18:46 -05:00
George Kadianakis
847fc3280d Merge branch 'maint-0.4.0' 2019-04-30 19:26:30 +03:00
George Kadianakis
e1d4e2badb Merge branch 'tor-github/pr/978' into maint-0.4.0 2019-04-30 19:26:14 +03:00
George Kadianakis
d885ed867f Merge branch 'tor-github/pr/937' 2019-04-30 19:21:46 +03:00
George Kadianakis
9084a90b00 Merge branch 'tor-github/pr/936' 2019-04-30 19:21:15 +03:00
George Kadianakis
a44aca5453 Merge branch 'tor-github/pr/993' 2019-04-30 19:13:57 +03:00
George Kadianakis
86f8dfe419 Merge branch 'tor-github/pr/983' 2019-04-30 19:13:30 +03:00
David Goulet
43c119fedb Merge branch 'tor-github/pr/980'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-30 11:50:36 -04:00
Nick Mathewson
b7cc631d23 Rename and clarify some functions for periodic events
When we tell the periodic event manager about an event, we are
"registering" that event.  The event sits around without being
usable, however, until we "connect" the event to libevent.  In the
end, we "disconnect" the event and remove its libevent parts.

Previously, we called these operations "add", "setup", and
"destroy", which led to confusion.
2019-04-30 11:14:59 -04:00
Nick Mathewson
b5a62b1ef5 Move dirauth periodic events into dirauth module.
Closes ticket 30294.
2019-04-30 11:14:59 -04:00
Nick Mathewson
821dd54586 Merge branch 'bug30316_035' into bug30316_040
Fixes conflicts and also moves bandwidth-file-digest.
2019-04-29 14:34:03 -04:00
Nick Mathewson
0ab4dc7ef7 Move bandwidth-file-headers line to appear in the correct vote section
Fixes bug 30316; bugfix on 0.3.5.1-alpha.
2019-04-29 14:31:09 -04:00
Nick Mathewson
806539b40a Use fast check for missing id in node_is_a_configured_bridge()
Fixes bug 30308; bugfix on 0.3.5.1-alpha.
2019-04-26 11:19:46 -04:00
Nick Mathewson
650b94ebc1 Use a linear algorithm to subtract two nodelists.
The nodelist_idx for each node_t serves as a unique identifier for
the node, so we can use a bitarray to hold all the excluded
nodes, and then remove them from the smartlist.

Previously use used smartlist_subtract(sl, excluded), which is
O(len(sl)*len(excluded)).

We can use this function in other places too, but this is the one
that showed up on the profiles of 30291.

Closes ticket 30307.
2019-04-26 11:04:44 -04:00
Nick Mathewson
1d44ac9acd Make nodelist_get_list() return a const pointer. 2019-04-26 10:36:49 -04:00
Nick Mathewson
efeb101b96 Merge remote-tracking branch 'tor-github/pr/889' 2019-04-25 20:25:34 -04:00
Nick Mathewson
36b4fc7437 Merge remote-tracking branch 'tor-github/pr/922' 2019-04-25 20:08:39 -04:00
Nick Mathewson
a5cced2b7a Extract keyword argument checking from argument parsing. 2019-04-25 14:13:03 -04:00
Nick Mathewson
a0299cd240 In control command api, rename "object" to "cmddata"
This makes it match control-spec.txt.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ff9ba7d6c4 expand CMD_FL_WIPE to wipe the parsed arguments too 2019-04-25 14:13:03 -04:00
Nick Mathewson
88d22b898e Simplify handler logic in control_cmd.c
Now that the legacy handlers are gone, we can simplify the
structures and macros here.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ddd33d39c7 Port the authenticate and authchallenge commands to the new parser
These two presented their own challenge, because of their use of
QString, and their distinguished handling of quoted versus
non-quoted values.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ba05324242 Move and rename decode_escaped_string()
This function decodes something different from the usual c-escaped
format.

It is only used in controller authorization.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0c0b869ba4 Use the new controller command parser for EXTENDCIRCUIT.
This command does not fit perfectly with the others, since its
second argument is optional and may contain equal signs.  Still,
it's probably better to squeeze it into the new metaformat, since
doing so allows us to remove several pieces of the old
command-parsing machinery.
2019-04-25 14:13:03 -04:00
Nick Mathewson
95afdb005c Use new parser logic for SETCONF/RESETCONF code.
Here we get to throw away a LOT of unused code, since most of the
old parsing was redundant with kvline.
2019-04-25 14:13:03 -04:00
Nick Mathewson
d8b3ec865d Update more controller commands, now that we have kvline support 2019-04-25 14:13:03 -04:00
Nick Mathewson
9471391694 Add kvline support to controller command parser.
This should let us handle all (or nearly all) of the remaining
commands.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0841a69357 Allow kvlines in control commands. 2019-04-25 14:13:03 -04:00
Nick Mathewson
01b07c548b Use parsing code for the simpler controller commands.
(This should be all of the command that work nicely with positional
arguments only.)

Some of these commands should probably treat extra arguments as
incorrect, but for now I'm trying to be careful not to break
any existing users.
2019-04-25 14:13:03 -04:00
Nick Mathewson
dbfe1a14e4 When parsing a multiline controller command, be careful with linebreaks
The first line break in particular was mishandled: it was discarded
if no arguments came before it, which made it impossible to
distinguish arguments from the first line of the body.

To solve this, we need to allocate a copy of the command rather than
using NUL to separate it, since we might have "COMMAND\n" as our input.

Fixes ticket 29984.
2019-04-25 14:13:03 -04:00
Nick Mathewson
f18b7dc473 Extract the argument-splitting part of control.c's parser
This is preliminary work for fixing 29984; no behavior has changed.
2019-04-25 14:13:03 -04:00
Nick Mathewson
de70eebc65 Start on a command-parsing tool for controller commands.
There _is_ an underlying logic to these commands, but it isn't
wholly uniform, given years of tweaks and changes.  Fortunately I
think there is a superset that will work.

This commit adds a parser for some of the most basic cases -- the
ones currently handled by getargs_helper() and some of the
object-taking ones.  Soon will come initial tests; then I'll start using
the parser.

After that, I'll expand the parser to handle the other cases that come
up in the controller protocol.
2019-04-25 14:13:03 -04:00
George Kadianakis
974c2674eb Merge branch 'maint-0.4.0' 2019-04-25 15:47:07 +03:00
George Kadianakis
a39789a02c Merge branch 'tor-github/pr/960' into maint-0.4.0 2019-04-25 15:46:45 +03:00
Alexander Færøy
0429072495 Lower log level of unlink() errors in networkstatus_set_current_consensus().
In this patch we lower the log level of the failures for the three calls
to unlink() in networkstatus_set_current_consensus(). These errors might
trigger on Windows because the memory mapped consensus file keeps the
file in open state even after we have close()'d it. Windows will then
error on the unlink() call with a "Permission denied" error.

The consequences of ignoring these errors is that we leave an unused
file around on the file-system, which is an easier way to fix this
problem right now than refactoring networkstatus_set_current_consensus().

See: https://bugs.torproject.org/29930
2019-04-25 01:59:37 +02:00
teor
3d89f0374a
hs_config: Allow Tor to be configured as an IPv6-only v3 single onion service
Part of #23588.
2019-04-24 17:29:18 +10:00
Neel Chauhan
b65f8c419a
Add firewall_choose_address_ls() and hs_get_extend_info_from_lspecs() tests 2019-04-24 17:28:38 +10:00
Neel Chauhan
2618347657
Use fascist_firewall_choose_address_ls() in hs_get_extend_info_from_lspecs() 2019-04-24 17:28:34 +10:00
Nick Mathewson
8bea0c2fa3 Rename outvar to follow _out convention. 2019-04-23 14:14:17 -04:00
Nick Mathewson
475ac11bc1 Merge remote-tracking branch 'tor-github/pr/935' 2019-04-23 14:11:04 -04:00