Commit Graph

26317 Commits

Author SHA1 Message Date
teor
9a6186c267 relay: Refactor circuit_open_connection_for_extend()
Refactor circuit_open_connection_for_extend(), splitting out the IP
address choice code into a new function.

Adds unit tests. No behaviour changes in tor.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
cab05a84cd relay: Add IP version tests for circuit extends
Add IPv4-only and IPv6-only tests for
circuit_open_connection_for_extend().

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
c3e058dfac relay: Choose between IPv4 and IPv6 extends at random
When an EXTEND2 cell has an IPv4 and an IPv6 address, choose one of them
uniformly at random.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
a0b12f3cd4 relay/circuitbuild: Refactor open connection for extend
Re-use the newly created extend_info to launch the connection in
circuit_open_connection_for_extend().

No behaviour change.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
063505446f test/circuitbuild: Disable some tests when ALL_BUGS_ARE_FATAL
Some tests use IF_BUG_ONCE(), which is fatal when ALL_BUGS_ARE_FATAL,
after the fixes in 33917.

Also run "make autostyle" on these changes.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
6c458d2d6e log/util_bug: Make IF_BUG_ONCE() support ALL_BUGS_ARE_FATAL
... and DISABLE_ASSERTS_IN_UNIT_TESTS.

Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL and
DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes.

Implements these modes for IF_BUG_ONCE(). (It used to log a non-fatal
warning, regardless of the debugging mode.)

Fixes bug 33917; bugfix on 0.2.9.1-alpha.
2020-04-29 22:43:09 +10:00
teor
16f3f6a1af relay/circuitbuild: Re-use IPv6 connections for circuits
Search for existing connections using the remote IPv4 and IPv6
addresses.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
ec5f4f3c5a relay/circuitbuild: Report IPv6 addresses in a debug log
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
f8f688b309 channel: Make channel_matches_target_addr_for_extend() static
It isn't used outside channel.c.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
bad1181b5d relay/circuitbuild: Consider IPv6-only extends valid
Allow extend cells with IPv6-only link specifiers.
Warn and fail if both IPv4 and IPv6 are invalid.

Also warn if the IPv4 or IPv6 addresses are unexpectedly internal,
but continue with the valid address.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
7cef02ec1f test/circuitbuild: Show bad addresses in some logs
Disable SafeLogging for some extend tests, so we can check the actual
addresses.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
44f71e08c4 relay: Log the address in circuit protocol warnings
Always log the address family in extend protocol warnings.

If SafeLogging is 0, also log the address and port.

Diagnostics for 33817.
2020-04-29 22:43:09 +10:00
teor
a72e017e7f net: Add fmt_addrport_ap() and fmt_addr_family()
Add fmt_addrport_ap(), a macro that takes a tor_addr_port_t, and uses
it to call fmt_addrport().

Add fmt_addr_family(), a function that returns a string constant
describing the address family.

Utility functions for 33817.
2020-04-29 22:43:09 +10:00
teor
e9d04b05c6 net: Remove an extra space in address.h 2020-04-29 22:43:09 +10:00
teor
ffc2fd001a relay: Refactor address checks into a function
No behaviour change.

Part of 33817.
2020-04-29 22:43:09 +10:00
teor
07c008c672 relay: Refactor address and port checks
tor_addr_port_is_valid_ap(ap, 0) checks if the address or port are
zero, exactly like the previous code.

Preparation for 33817.
2020-04-29 22:43:09 +10:00
teor
587a7fbcf6 core/or: Check extends for zero addresses and ports
Check for invalid zero IPv4 addresses and ports, when sending and
receiving extend cells.

Fixes bug 33900; bugfix on 0.2.4.8-alpha.
2020-04-29 22:43:09 +10:00
teor
f6c8a8c538 test/cell_formats: Expand the IPv6-only EXTEND2 test
Part of 33901.
2020-04-29 22:43:09 +10:00
teor
bd6ab90ad4 core/or: Support IPv6 EXTEND2 cells
Allow clients and relays to send dual-stack and IPv6-only EXTEND2 cells.
Parse dual-stack and IPv6-only EXTEND2 cells on relays.

Relays do not make connections or extend circuits via IPv6: that's the
next step.

Closes ticket 33901.
2020-04-29 22:43:09 +10:00
Nick Mathewson
cbe9e56590 Merge remote-tracking branch 'tor-github/pr/1868/head' 2020-04-29 08:32:44 -04:00
teor
3253c357ee
Run "make autostyle" 2020-04-29 22:08:33 +10:00
teor
6eec43161a
rand: Clarify the crypto_rand_uint() range 2020-04-29 21:50:37 +10:00
teor
398e0e0247
nodelist: Remove an outdated comment
Part of 33817.
2020-04-29 21:50:26 +10:00
teor
7517e1b5d3
channeltls: Clarify a relay impersonation defence
Clarify the comments in channel_tls_matches_target_method(), and make
it clear that the attack is a covert attack.
2020-04-28 21:11:10 +10:00
Nick Mathewson
4dd4dbf046 Merge remote-tracking branch 'onionk/inbufoverflow1-043' into ticket33131_044 2020-04-24 08:15:53 -04:00
Nick Mathewson
7f9eaec538 Merge remote-tracking branch 'tor-github/pr/1862/head' 2020-04-24 08:14:59 -04:00
Nick Mathewson
b2849f449b Merge branch 'maint-0.4.3' 2020-04-21 12:22:37 -04:00
teor
42507429ce channeltls: Stop truncating IPv6 in logs
Stop truncating IPv6 addresses and ports in channel and connection logs.

Fixes bug 33918; bugfix on 0.2.4.4-alpha.
2020-04-21 12:22:30 -04:00
teor
e3b1e617ae
test/channel: Fix a comment typo 2020-04-15 19:45:56 +10:00
Nick Mathewson
77e65076ab Merge remote-tracking branch 'tor-github/pr/1860/head' 2020-04-14 11:52:00 -04:00
teor
a2daca594b
core/or: Update file comment in connection_or.c
Fix a typo, and say "v3 (and later) handshake".

Comment-only change.
2020-04-14 14:55:37 +10:00
teor
8c55d34e0a core/or: Accurately log remote relay IPv6 addresses
Log IPv6 addresses on connections where this relay is the responder.

Previously, responding relays would replace the remote IPv6 address with
the IPv4 address from the consensus.

(The port is replaced with the IPv6 ORPort from the consensus, we will
resolve this issue in 33898.)

Fixes bug 33899; bugfix on 0.3.1.1-alpha.
2020-04-14 12:21:49 +10:00
teor
41fa07f751 core/or: Allow IPv6 connections to be canonical
Consider IPv6 addresses when checking if a connection is canonical.

In 17604, relays assumed that a remote relay could consider an IPv6
connection canonical, but did not set the canonical flag on their side
of the connection.

Fixes bug 33899; bugfix on 0.3.1.1-alpha.
2020-04-14 12:16:48 +10:00
teor
ab8ff32bec core/or: Remove unused function prototype
Remove the unused function prototype for connection_or_get_for_extend().

There is no function implementation.

Part of 33817.
2020-04-14 10:37:20 +10:00
Nick Mathewson
2e80d7f193 bump to 0.4.3.4-rc-dev 2020-04-13 17:02:20 -04:00
Nick Mathewson
e22a8d9c95 Merge branch 'maint-0.4.3' 2020-04-13 14:14:41 -04:00
Nick Mathewson
55cb6c3fcd Merge branch 'bug33545_043_squashed' into maint-0.4.3 2020-04-13 14:13:44 -04:00
George Kadianakis
f2f718bca5 hs-v3: Change all-zeroes hard-assert to a BUG-and-err.
And also disallow all-zeroes keys from the filesystem; add a test for it too.
2020-04-13 14:13:33 -04:00
George Kadianakis
37bcc9f3d2 hs-v3: Don't allow registration of an all-zeroes client auth key.
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().

We fixed that by making sure that an all-zeroes client auth key will not be
used.

There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
2020-04-13 14:13:33 -04:00
Neel Chauhan
8e59b8560a Return a descriptive error for 'GETINFO status/fresh-relay-descs' 2020-04-12 13:13:50 -07:00
Neel Chauhan
a638514783 Fix typo in router_build_fresh_unsigned_routerinfo() comment 2020-04-12 12:43:21 -07:00
Nick Mathewson
80031db32a Merge remote-tracking branch 'tor-github/pr/1801/head' 2020-04-09 11:50:20 -04:00
Nick Mathewson
bfea7a7326 bump to 0.4.3.4-rc 2020-04-09 08:38:41 -04:00
Nick Mathewson
25729910af Merge branch 'maint-0.4.3' 2020-04-09 08:33:36 -04:00
Nick Mathewson
c4da0a5094 Add fsync to list of syscalls permitted by sandbox
(Our fix for 33087 requires this, I believe.)
2020-04-09 08:33:19 -04:00
Nick Mathewson
c2aea6134a Merge remote-tracking branch 'tor-github/pr/1723/head' into maint-0.4.3 2020-04-09 08:30:14 -04:00
Nick Mathewson
29693b83bc Make sure that we free 'addr' at the end of a pair of addr tests
Fixes a couple of Coverity warnings about possible memory leaks.
Bug not in any released Tor.
2020-04-09 07:54:23 -04:00
David Goulet
cca9e1c803 hs-v3: Several fixes after #32542 review
asn: Accidentally left this commit out when merging #32542, so cherry-picking
it now.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-09 13:59:18 +03:00
teor
f6efb3a184
Merge branch 'pr1854_squashed' into maint-0.4.3
Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6).
2020-04-09 11:05:59 +10:00
David Goulet
cd2121a126
client: Revert setting PreferIPv6 on by default
This change broke torsocks that by default is expecting an IPv4 for hostname
resolution because it can't ask tor for a specific IP version with the SOCKS5
extension.

PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that
was expecting an IPv4.

Torsocks is probably a very unique case because the runtime flow is that it
hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back
for the connect() to happen.

The libc has DNS resolution functions that allows the caller to request a
specific INET family but torsocks can't tell tor to resolve the hostname only
to an IPv4 or IPv6 and thus by default fallsback to IPv4.

Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x
series in the hope that we add this SOCKS5 extension to tor for DNS resolution
and then change torsocks to use that.

Fixes #33804

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-09 11:05:32 +10:00
teor
2d6f00e45b
Merge branch 'maint-0.4.2' into maint-0.4.3 2020-04-09 11:03:34 +10:00
teor
2d7e08d57e
Merge branch 'maint-0.4.1' into maint-0.4.2 2020-04-09 11:03:27 +10:00
teor
987f2fa50a
Merge branch 'maint-0.3.5' into maint-0.4.1 2020-04-09 11:03:20 +10:00
teor
d380acaeca
Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 2020-04-09 11:02:49 +10:00
teor
cb262930f5 relay: Run "make autostyle"
But only take the changes from the relay module.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
00a45a900e test/circuitbuild: Add a test for onionskin_answer()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
d79e5d52bc relay/circuitbuild: Refactor circuit_extend()
Make the "else" case explicit at the end of the function.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
6d75f3244f test/circuitbuild: Add tests for circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2b66429fcf core/or: Make some functions mockable
Preparation for testing circuit_extend().

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
8f3cbe755b channel: Rewrite the channel_get_for_extend() comments
Explain what the function does now.
Fix some typos.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
7bc3413322 test/circuitbuild: Add tests for open_connection_for_extend
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
42fdbbb50b circuitbuild: Make some functions mockable
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
46980d767d test/circuitbuild: Add tests for extend_lspec_valid
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
327688b968 test/circuitbuild: Make some tests fork
Since we're testing IF_BUG_ONCE(), we need to fork.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
cbfb826513 test/circuitbuild: Tests for adding ed25519 keys
Add tests for circuit_extend_add_ed25519_helper().

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
f8fef609f6 nodelist: Make some functions mockable
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
eb11c9d07c test/circuitbuild: Add a test for extend_state_valid
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
7261078566 test/circuitbuid: Fix new_route_len_unhandled_exit
Make test_new_route_len_unhandled_exit more robust, by always tearing
down logs. (Rather than just tearing them down on success.)
2020-04-09 11:00:04 +10:00
teor
3334f63516 test/circuitbuild: Refactor test case array
Avoid repeating test names.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
ec632b01db relay: End circuitbuild logs with "."
Consistent logs make testing easier.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
4f9f56be47 relay: Check for NULL arguments in circuitbuild
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
b10b287589 relay: Make circuitbuild functions STATIC
Allow the circuitbuild_relay functions to be accessed by the unit tests.

Part of 33633.
2020-04-09 11:00:04 +10:00
teor
44f634d0be relay: Remove a redundant function return value
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
ca9565b9f7 relay: Split out opening a connection for an extend
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2640030b10 relay: Refactor some long lines from circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
5cb2bbea7d relay: Split link specifier checks from circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2563d74a5c relay: Split state checks out of circuit_extend()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
beee9ca608 relay: Improve the comments on onionskin_answer()
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
c9b674d511 relay: Protocol warn when a client gets an extend
circuit_extend() may be called when a client receives an extend cell,
even if the relay module is disabled.

Log a protocol warning when the relay module is disabled.

Part of 33633.
2020-04-09 10:59:51 +10:00
Roger Dingledine
9bd73da7cf fix typos from #32542 2020-04-08 19:13:52 -04:00
George Kadianakis
7a82c972ef Merge branch 'tor-github/pr/1857' 2020-04-08 18:15:37 +03:00
David Goulet
9b72a561f5 test: Unit test for missing ExtendedErrors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 18:15:21 +03:00
David Goulet
c1bf819a31 Merge branch 'maint-0.4.3' 2020-04-08 09:42:13 -04:00
Mrigyen Sawant
34faee0600 Correct 'was not internal' to 'was internal' in test_external_ip() 2020-04-08 09:41:58 -04:00
George Kadianakis
0b0b8a5b6d Merge branch 'tor-github/pr/1855' 2020-04-08 16:31:37 +03:00
David Goulet
6ab11bbf30 hs-v3: Report SOCKS ExtendedErrors when all intro timed out
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00
David Goulet
cf39276f78 hs-v3: Report rendezvous circuit failure SOCKS ExtendedErrors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00
David Goulet
fdd6352506 hs-v3: Report introduction failure SOCKS ExtendedErrors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00
teor
1720a2191d
address: Simplify tor_addr_is_valid()
And rewrite the function comment.

Part of 33679.
2020-04-07 23:11:17 +05:30
MrSquanchee
cbd3f88831
Added tests for tor_addr_is_null/valid()
Added tests for tor_addr_is_valid(),
and added tests for tor_addr_is_null(),
which is not modfied.
Ticket 33679
2020-04-07 23:11:17 +05:30
David Goulet
6fbf624b50 hs-v3: Fix typo in log info when PublishHidServDescriptors is set to 0
Fixes #33779

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-07 13:17:21 -04:00
teor
065ccda4f6
Merge branch 'pr1838_squashed' 2020-04-07 17:36:17 +10:00
Nick Mathewson
9b434b79ce
Add a test script to check subsystem order as part of make check. 2020-04-07 17:35:51 +10:00
teor
00ce25a720
channel: Fix a comment typo 2020-04-06 19:10:30 +10:00
teor
6df16022a1
channel: Remove a newline at the start of the file 2020-04-06 19:08:33 +10:00
teor
1e75974362
core/or: Fix a comment typo in onion.h
Comment-only change.
2020-04-04 15:05:34 +10:00
teor
a84fd949ed
Merge branch 'maint-0.4.3' 2020-04-04 13:23:56 +10:00
Putta Khunchalee
f43a841d94 Change starting file descriptor for tests. 2020-04-03 16:47:38 +07:00
David Goulet
eecf6c5199 hs-v3: Move to log notice the registration of an OB instance
This is to allow a visual feedback in the logs for operators setting up Onion
Balance so they can confirm they properly configured the instances.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-01 08:31:20 -04:00
David Goulet
b5412d12f9 Merge branch 'tor-github/pr/1844' 2020-04-01 08:22:36 -04:00
Steven Engler
cc5319bf8e Updated the TestingTorNetwork man page options
Updated 'doc/tor.1.txt' to match 'src/app/config/testnet.inc'.
2020-04-01 01:00:09 -04:00
teor
f863954f1e Move LOG_PROTOCOL_WARN to app/config.h
LOG_PROTOCOL_WARN was in core/or.h, but the function it depends on is in
app/config.h. Put them in the same header, to reduce dependencies.

Part of 33633.
2020-04-01 09:17:18 +10:00
George Kadianakis
8fda94f944 hs-v3: Move ob_subcreds to hs_service_state_t.
It's more natural there since it's runtime state.
2020-03-30 23:37:26 +03:00
George Kadianakis
0667a5af8d hs-v3: Don't crash after SIGHUP in Onionbalance backend mode.
The ob_subcreds array was not copied after SIGHUP, and that left the
post-SIGHUP service with a NULL ob_subcreds pointer (until the next descriptor
gets build where we regenerate ob_subcreds in hs_ob_refresh_keys()).

Fixes bug #33762; not in any released tor version.
2020-03-30 23:35:19 +03:00
David Goulet
ca8e6451f2 Merge branch 'maint-0.4.3' 2020-03-30 13:38:58 -04:00
George Kadianakis
42e56f5bac hs-v3: Relax severity of a log message when decoding descriptors.
Make it LOG_PROTOCOL_WARN and also add the expiration timestamp in there to
ease debugging in the future.
2020-03-30 13:38:29 -04:00
David Goulet
27e2989fe9 Merge branch 'tor-github/pr/1775' 2020-03-30 13:31:56 -04:00
Nick Mathewson
0dc25a4b66 Use a macro to make our hs_opts checking terser. 2020-03-30 13:31:44 -04:00
Nick Mathewson
84868109d2 Use SECTION_HEADER, not "HiddenServiceDir".
Add a nonfatal assertion about a branch that should be unreachable.
2020-03-30 13:31:44 -04:00
Nick Mathewson
8aacd78e14 Update expected log messages in tests to new format. 2020-03-30 13:31:44 -04:00
Nick Mathewson
d421050f3a Derive hidden service configuration from hs_opts_t.
This simplifies our parsing code by about 150 lines, and makes the
functions more straightforward.
2020-03-30 13:31:44 -04:00
Nick Mathewson
cfaf1bca98 Start using confmgt logic to parse HS configuration.
This patch doesn't actually use the results of the parsed object to
create the service configuration: subsequent patches will do
that. This patch just introduces the necessary configuration tables
and starts using them to validate the configuration.

As of this writing, this patch breaks tests.  I'll likely fix that
in a rebase later on: the current error messages for failures to
parse options are a regression, so I've opened #33640 for that.
2020-03-30 13:31:44 -04:00
Nick Mathewson
43b578e099 Use config_lines_partition() to parse hs config sections. 2020-03-30 13:31:44 -04:00
Roger Dingledine
3a0f200505 fix typo in struct addr_policy_t comment 2020-03-27 03:48:15 -04:00
Roger Dingledine
46f4f82ac9 correct tor_addr_family() function comment
kind of a losing game to remember to update that comment when
we add another possible family, but hey, maybe it will be a while
until we add one more.
2020-03-27 03:46:54 -04:00
Roger Dingledine
f8ecf01cc1 spell consensus more right in comments 2020-03-27 02:56:59 -04:00
Roger Dingledine
a4304c6031 fix typo in log message 2020-03-27 02:51:01 -04:00
Nick Mathewson
ac72ecd581 Add --dbg-dump-subsystem-list command to list the subsystems.
I'm prefixing this with --dbg-* because it is not meant to be used
externally.
2020-03-26 12:17:28 -04:00
Nick Mathewson
8f49943459 Implement a function to list the subsystems to stdout. 2020-03-26 11:20:20 -04:00
Nick Mathewson
3f6e37b1bc Add a SUBSYS_DECLARE_LOCATION() to every subsystem. 2020-03-26 11:20:20 -04:00
Nick Mathewson
53d74c0954 Add a "location" field for subsystems to declare which file they are in. 2020-03-26 11:20:20 -04:00
Nick Mathewson
e7290dc8c0 Merge remote-tracking branch 'tor-github/pr/1780/head' 2020-03-26 10:38:08 -04:00
David Goulet
cf58b0b369 Merge branch 'maint-0.4.3' 2020-03-26 09:15:01 -04:00
David Goulet
e472737297 Merge branch 'tor-github/pr/1794' into maint-0.4.3 2020-03-26 09:14:25 -04:00
Nick Mathewson
2eb78e2061 Merge branch 'bug33651' 2020-03-25 10:38:01 -04:00
cypherpunks
64a934ff05 buf: use BUF_MAX_LEN 2020-03-24 05:56:43 +00:00
cypherpunks
9e988406c7 net, tls: use BUF_MAX_LEN 2020-03-24 05:56:15 +00:00
cypherpunks
9ce9513898 buf: use INT_MAX - 1 in checks
No functionality change.
2020-03-24 05:55:34 +00:00
cypherpunks
bb3eda8617 net, tls: use INT_MAX - 1 in checks for buf_t
No functionality change.
2020-03-24 05:54:37 +00:00
cypherpunks
f46b9320ae buf: add BUF_MAX_LEN 2020-03-24 05:53:01 +00:00
cypherpunks
d3ded1cc1c Merge branch 'maint-0.4.3' 2020-03-24 05:51:12 +00:00
cypherpunks
84fe1c891b core/mainloop: remove noisy logging 2020-03-24 05:19:27 +00:00
cypherpunks
fd3e0c1542 core/mainloop: Limit growth of conn->inbuf
If the buf_t's length could potentially become greater than INT_MAX - 1,
it sets off an IF_BUG_ONCE in buf_read_from_tls().

All of the rest of the buffers.c code has similar BUG/asserts for this
invariant.
2020-03-24 05:19:24 +00:00
George Kadianakis
a4d60ff854 Merge branch 'maint-0.4.3' 2020-03-23 16:57:27 +02:00
George Kadianakis
29420ab396 Merge branch 'tor-github/pr/1788' into maint-0.4.3 2020-03-23 16:56:59 +02:00
Nick Mathewson
a0efba9bd0 Merge remote-tracking branch 'tor-github/pr/1797/head' 2020-03-23 09:05:45 -04:00
teor
1d22411cea
Add some comments about future relay IPv6 work
Comments about 33681.
2020-03-21 04:07:17 +10:00
teor
e0eec3bf29
parseconf: Add ORPort and DirPort auto tests
These tests don't actually trigger bug 32588, but they do increase
the coverage of the auto port config code.

Tests for 32588.
2020-03-21 04:07:03 +10:00
teor
4b914dea02
Merge branch 'bug32588_043' into bug32588_master 2020-03-21 04:02:08 +10:00
teor
52f61ec83e
Merge branch 'bug32588_042' into bug32588_043
Merge static function declaration deletions from bug32588_042 and
maint-0.4.3 in app/config/config.c.
2020-03-21 04:01:00 +10:00
teor
5e2f31f177
Merge branch 'bug32588_041' into bug32588_042 2020-03-21 03:52:32 +10:00
teor
2962c32b7a
Merge branch 'bug32588_035' into bug32588_041
Merge tests from maint-0.4.1 with new tests from bug32588_035
in test_router.c.
2020-03-21 03:50:36 +10:00
Nick Mathewson
96ca14d989
Add a test for the localhost case. 2020-03-21 03:44:01 +10:00
Nick Mathewson
1251265a0f
Extend test to handle router_get_advertised_ipv6_or_ap 2020-03-21 03:43:58 +10:00
Nick Mathewson
1ba79d4567
Add a test for router_get_advertised_or_port_by_af(). 2020-03-21 03:43:55 +10:00
Nick Mathewson
6ffe073db7
Add tests for get_first_advertised_{addr,port}_by_type_af() 2020-03-21 03:43:52 +10:00
teor
bac8bc0ff1
router: Refactor IPv6 ORPort function logic
Return early when there is no suitable IPv6 ORPort.
Show the address and port on error, using a convenience function.

Code simplification and refactoring.

Cleanup after 32588.
2020-03-21 03:43:48 +10:00
teor
861337fd6d
router: Stop advertising incorrect auto IPv6 ORPorts
When IPv6 ORPorts are set to "auto", tor relays and bridges would
advertise an incorrect port in their descriptor.

This may be a low-severity memory safety issue, because the published
port number may be derived from uninitialised or out-of-bounds memory
reads.

Fixes bug 32588; bugfix on 0.2.3.9-alpha.
2020-03-21 03:36:39 +10:00
teor
f9fef2633f
relay: Set some output arguments in stubs
Fixes part of bug 33674; not in any released version of tor.
2020-03-21 02:48:40 +10:00
Nick Mathewson
3e24bd5557 Merge branch 'maint-0.4.3' 2020-03-20 07:56:42 -04:00
teor
d4a74021e5 relay/dirauth: Set some output arguments in stubs
And document how some functions set their output arguments.

Fixes bug 33674; bugfix on 0.4.3.1-alpha.
2020-03-20 07:56:26 -04:00
Nick Mathewson
c478dc9b2f Set *have_low_ports_out from stub port_parse_ports_relay().
Previously we just ignored this option, which would leave it unset,
and cause an assertion failure later on when running with the User
option.

Fixes bug 33668; bugfix on 0.4.3.1-alpha.
2020-03-20 07:56:26 -04:00
teor
81687f5bc9 relay: Split out relay-only circuit building
Move the relay-only circuit building functions into a new file.

Part of 33633.
2020-03-20 18:05:10 +10:00
teor
fdba6ff0c0 relay: Move inform_testing_rechability() to relay
Move inform_testing_rechability() to the relay module, and disable it
when the relay module is disabled.

Part of 33633.
2020-03-20 18:05:10 +10:00
teor
07280c567e relay: Re-order selftest header
The selftest header declares functions, and stubs for when the relay
module is disabled. Put the functions and stubs in the same order.

Part of 33633.
2020-03-20 18:05:10 +10:00
teor
2f1f3b1702
Merge branch 'maint-0.4.3' 2020-03-20 15:40:39 +10:00
teor
250b8499b8
dirauth: Remove a duplicate macro definition
Obviously correct changes to already-reviewed code.
2020-03-20 15:39:55 +10:00
teor
4bb06cae26
Merge branch 'maint-0.4.3' 2020-03-20 11:25:04 +10:00
teor
eb2d08a72c
Merge branch 'maint-0.4.2' into maint-0.4.3 2020-03-20 11:24:57 +10:00
teor
3aa855dc68
Merge branch 'maint-0.4.1' into maint-0.4.2 2020-03-20 11:24:51 +10:00
Nick Mathewson
42ea03eb7f Merge branch 'ticket33643_skip_035' into ticket33643_skip_041 2020-03-19 18:38:18 -04:00
Nick Mathewson
6bafe97bc1 Add a TOR_SKIP_TESTCASES environment variable for suppressing tests.
For example, "TOR_SKIP_TESTCASES=crypto/.. ./src/test/test" will run
the tests and suppress all the "crypto/" tests.  You could get the
same effect by running "./src/test/test :crypto/..", but that can be
harder to arrange from CI.

Part of a fix/workaround for 33643.
2020-03-19 18:36:36 -04:00
Neel Chauhan
52b4b7e492 Fix erroneous spaces in circuitmux_ewma.c 2020-03-19 13:18:26 -07:00
George Kadianakis
dccac40e69 Merge branch 'tor-github/pr/1778' 2020-03-19 17:16:00 +02:00
Nick Mathewson
9bcd7e5939 Actually log post-bootstrap directory dl totals.
Fixes bug 33651; bug not in any released Tor.
2020-03-19 08:08:58 -04:00
Nick Mathewson
4f596b3edf Merge remote-tracking branch 'tor-github/pr/1807/head' 2020-03-19 08:02:09 -04:00
George Kadianakis
e8f0860557 Merge branch 'tor-github/pr/1792' 2020-03-19 13:43:49 +02:00
David Goulet
4dbbe47d86 hs-v3: Improve accessor semantic of client cached object
Add an inline helper function that indicates if the cached object contains a
decrypted descriptor or not.

The descriptor object is NULL if tor is unable to decrypt it (lacking client
authorization) and some actions need to be done only when we have a decrypted
object.

This improves code semantic.

Fixes #33458

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-19 13:43:39 +02:00
teor
c862205ba5
coverity: Silence spurious unreachable warning
Closes bug 33641; not in any released version of tor.
2020-03-19 17:11:13 +10:00
teor
fe5ecaa270
Merge branch 'maint-0.4.3' 2020-03-19 17:02:02 +10:00
teor
259fad5877
Merge remote-tracking branch 'tor-github/pr/1806' into maint-0.4.3 2020-03-19 16:56:49 +10:00
Roger Dingledine
987247bd76 fix typo in comment 2020-03-19 00:41:57 -04:00
Nick Mathewson
a17f4b11b4 Bump version to 0.4.2.7-dev 2020-03-18 12:16:11 -04:00
Nick Mathewson
efdbf42432 Bump version to 0.4.1.9-dev 2020-03-18 12:15:53 -04:00
Nick Mathewson
3150c30351 Bump version to 0.3.5.10-dev 2020-03-18 12:15:32 -04:00
Nick Mathewson
7059c32968 Merge branch 'maint-0.4.3' 2020-03-18 08:20:38 -04:00
Nick Mathewson
84f57b69f3 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-03-18 08:20:16 -04:00
Nick Mathewson
758deaa472 Merge branch 'maint-0.4.1' into maint-0.4.2 2020-03-18 08:20:16 -04:00
Nick Mathewson
4ad3f17c26 Merge branch 'maint-0.3.5' into maint-0.4.1 2020-03-18 08:20:16 -04:00
Nick Mathewson
0526801ed4 Port rsa_private_key_too_long() to work on OpenSSL 1.1.0. 2020-03-18 08:19:48 -04:00
Nick Mathewson
3d8c97a988 Merge branch 'maint-0.4.3' 2020-03-17 15:22:36 -04:00
Nick Mathewson
e0d68ce84f Merge branch 'maint-0.4.2' into maint-0.4.3 2020-03-17 15:22:36 -04:00
Nick Mathewson
85141a3a74 Merge branch 'maint-0.4.1' into maint-0.4.2 2020-03-17 15:22:36 -04:00
Nick Mathewson
3c8a4b8fbd Merge branch 'trove_2020_002_041' into maint-0.4.1 2020-03-17 15:22:02 -04:00
Nick Mathewson
fe3d8ec38e Merge branch 'trove_2020_002_035' into maint-0.3.5 2020-03-17 15:21:48 -04:00
Nick Mathewson
d4595b344a Merge branch 'maint-0.4.3' 2020-03-17 13:56:10 -04:00
Nick Mathewson
6803373aab Merge branch 'maint-0.4.2' into maint-0.4.3 2020-03-17 13:56:10 -04:00
Nick Mathewson
4ee2699416 Merge branch 'maint-0.4.1' into maint-0.4.2 2020-03-17 13:56:10 -04:00
Nick Mathewson
cec647ff3e Merge branch 'trove_2020_004_041_v2' into maint-0.4.1 2020-03-17 13:56:03 -04:00
Nick Mathewson
d3c4ed08f1 Merge branch 'maint-0.4.3' 2020-03-17 11:53:24 -04:00
Nick Mathewson
bc4c89eb2f Split a wide line. 2020-03-17 11:53:01 -04:00
Nick Mathewson
7cd4dcf5a6 Merge branch 'maint-0.4.3' 2020-03-17 11:48:45 -04:00
George Kadianakis
5ff8757aa8 Add unittest for TROVE-2020-003.
This unittest currently fails on purpose (to demonstrate the bug) but it will
stop failing after the next commit (the bugfix).
2020-03-17 11:48:36 -04:00
Nick Mathewson
270fe01557 Merge branch 'maint-0.4.3' 2020-03-17 11:47:35 -04:00
Nick Mathewson
e15a621ac8 Merge branch 'maint-0.4.1' into maint-0.4.2 2020-03-17 11:45:16 -04:00
Nick Mathewson
5f4e14b8c8 Merge branch 'maint-0.3.5' into maint-0.4.1 2020-03-17 11:45:16 -04:00
Nick Mathewson
bbc80ea042 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-03-17 11:45:16 -04:00
George Kadianakis
089e57d22f Fix TROVE-2020-003.
Given that ed25519 public key validity checks are usually not needed
and (so far) they are only necessary for onion addesses in the Tor
protocol, we decided to fix this specific bug instance without
modifying the rest of the codebase (see below for other fix
approaches).

In our minimal fix we check that the pubkey in
hs_service_add_ephemeral() is valid and error out otherwise.
2020-03-17 11:44:45 -04:00
George Kadianakis
c940b7cf13 Trivial bugfixes found during TROVE investigation. 2020-03-17 11:43:03 -04:00
Nick Mathewson
9163781039 Merge branch 'trove_2020_002_035' into trove_2020_002_041 2020-03-17 10:45:03 -04:00
Nick Mathewson
f958b537ab Use >= consistently with max_bits. 2020-03-17 10:44:38 -04:00
Nick Mathewson
2328c79a5f Add off-by-one checks for key length. 2020-03-17 10:44:38 -04:00
Nick Mathewson
8abdb39489 Extract key length check into a new function, and check more fields.
In the openssl that I have, it should be safe to only check the size
of n.  But if I'm wrong, or if other openssls work differently, we
should check whether any of the fields are too large.

Issue spotted by Teor.
2020-03-17 10:44:38 -04:00
David Goulet
ee3e987898 sendme: Emit version 1 by default
Closes #33623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-17 10:14:57 -04:00
teor
44f92e8e42
Merge remote-tracking branch 'tor-github/pr/1784' 2020-03-17 23:11:31 +10:00
teor
0fa1d8ef92
Merge branch 'pr1777_squashed' 2020-03-17 21:08:45 +10:00
rl1987
5675cbd4c7
Conditionally disable part of hs_intropoint/introduce1_validation
This makes it not fail when ALL_BUGS_ARE_FATAL is enabled. Fixes bug 33546.
2020-03-17 21:08:16 +10:00
rl1987
4ab20b4f63
Conditionally disable part of dir/param_voting_lookup that expects soft asserts to happen 2020-03-17 21:08:13 +10:00
rl1987
752122b2e9
Try fixing Windows build to work with ALL_BUGS_ARE_FATAL 2020-03-17 21:08:10 +10:00
teor
9c73f5adc4 Run "make autostyle" 2020-03-17 18:19:04 +10:00
Nick Mathewson
78bcfc1280 circpad_setup_machine_on_circ(): exit early on error.
This function does a nonfatal assertion to make sure that a machine
is not registered twice, but Tobias Pulls found a case where it
happens.  Instead, make the function exit early so that it doesn't
cause a remotely triggered memory leak.

Fixes bug 33619; bugfix on 0.4.0.1-alpha.  This is also tracked as
TROVE-2020-004.
2020-03-16 17:59:57 -04:00
Nick Mathewson
49eec76c5e Merge branch 'maint-0.4.3' 2020-03-16 12:21:57 -04:00
Nick Mathewson
855cd533e1 Merge branch 'ticket32672_042_squashed_w_test' into maint-0.4.3 2020-03-16 12:21:49 -04:00
Nick Mathewson
612c40bc39 Adjust unit tests for patch for 32672 (rejecting old version)
Patch by Neel Chauhan.
2020-03-16 10:42:40 -04:00
Nick Mathewson
452398913a Merge branch 'ticket32672_041_squashed' into ticket32672_042_squashed_w_test 2020-03-16 10:40:55 -04:00
Neel Chauhan
460b97380b Reject 0.2.9 and 0.4.0 in dirserv_rejects_tor_version() 2020-03-16 10:40:14 -04:00
Nick Mathewson
dd6e2277e0 Merge branch 'trove_2020_002_035' into trove_2020_002_041 2020-03-14 14:20:51 -04:00
Nick Mathewson
29c9675bde Fix memory leak in crypto_pk_asn1_decode_private.
(Deep, deep thanks to Taylor for reminding me to test this!)
2020-03-14 14:17:37 -04:00
Nick Mathewson
ab2e66ccdc Add a test for crypto_pk_asn1_decode_private maxbits. 2020-03-14 14:17:13 -04:00
Nick Mathewson
be064f77b9 Revise TROVE-2020-002 fix to work on older OpenSSL versions.
Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.
2020-03-14 13:38:53 -04:00
MrSquanchee
1a9cbc5bb4
Get all default flags from port_cfg_new()
Now port_cfg_new() returns all default flags and
port_parse_config() acts on defaults returned by port_cfg_new()
that is uses the default port_cfg_t object returned by port_cfg_new()
and modifies them later according to the port specifications in
configuration files
Might close tor#32994.
2020-03-14 20:18:42 +10:00
Nick Mathewson
d17108a187 Bump to 0.3.5.10 2020-03-13 16:56:31 -04:00
Nick Mathewson
7f0ad3343e Bump to 0.4.1.9 2020-03-13 16:56:22 -04:00
Nick Mathewson
2c1a49c464 Bump to 0.4.2.7. 2020-03-13 16:56:06 -04:00
Nick Mathewson
b2e543bfe7 Merge branch 'maint-0.3.5' into maint-0.4.1 2020-03-13 16:46:16 -04:00
Nick Mathewson
6ed2c9e5fa Merge branch 'maint-0.4.1' into maint-0.4.2 2020-03-13 16:46:16 -04:00
Nick Mathewson
b9d71f3848 Merge remote-tracking branch 'tor-github/pr/1693/head' into maint-0.3.5 2020-03-13 16:46:09 -04:00
Nick Mathewson
b504942331 Merge remote-tracking branch 'tor-github/pr/1718/head' into maint-0.4.2 2020-03-13 16:42:47 -04:00
teor
9cf7839df7
config: Improve some comments
Document the namelen argument to port_cfg_new().

Fix a typo in a comment in port_cfg_line_extract_addrport().

Comment-only changes.
2020-03-13 18:53:48 +10:00
teor
cc2fb91ea5
connection: Stop forcing some ports to prefer IPv6
Stop forcing all non-SOCKSPorts to prefer IPv6 exit connections.
Instead, prefer IPv6 connections by default, but allow users to change
their configs using the "NoPreferIPv6" port flag.

Fixes bug 33608; bugfix on 0.4.3.1-alpha.
2020-03-13 12:28:19 +10:00
Nick Mathewson
8bc4822ba6 Merge branch 'maint-0.4.3' 2020-03-12 13:45:06 -04:00
Nick Mathewson
3e42004e54 Merge branch 'ticket33361_035_01_squashed' into maint-0.4.3 2020-03-12 13:42:42 -04:00
Nick Mathewson
8dc7ad1275 Fix unit tests that look at contactinfo logs. 2020-03-12 13:42:17 -04:00
Nick Mathewson
9ca7900e17 Merge branch 'maint-0.4.3' 2020-03-12 12:46:12 -04:00
Nick Mathewson
e03bb35f90 Merge branch 'ticket33361_035_01_squashed' into maint-0.4.3
Conflicts:
        src/app/config/config.c
2020-03-12 12:45:56 -04:00
David Goulet
b755a489bd config: Warn if ContactInfo is not set
Closes #33361

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-12 12:43:00 -04:00
Nick Mathewson
eed196f122 Merge branch 'bug33032_042' into bug33032_043 2020-03-11 10:35:47 -04:00
Nick Mathewson
554b805093 Merge branch 'bug33032_041' into bug33032_042 2020-03-11 10:35:47 -04:00
Nick Mathewson
55055396cc Merge branch 'maint-0.4.1' into bug33032_041 2020-03-11 10:35:46 -04:00
Nick Mathewson
5721ec22d8 pem_decode(): Tolerate CRLF line endings
Fixes bug 33032; bugfix on 0.3.5.1-alpha when we introduced our own
PEM decoder.
2020-03-11 10:35:17 -04:00
David Goulet
df3f2bd9aa hs-v3: Log reasons why service can't upload descriptor
When a service can not upload its descriptor(s), we have no logs on why. This
adds logging for each possible reason for each descriptors.

That logging is emitted every second so it is rate limited for each reason and
per descriptor.

Closes #33400

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-11 15:32:11 +02:00
David Goulet
894ff2dc84 dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.

However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.

This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.

Fixes #33491

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-10 14:45:13 -04:00
Nick Mathewson
f0646919af Bump to 0.4.3.3-alpha. 2020-03-10 10:28:09 -04:00
David Goulet
05aab3fd21 Merge branch 'maint-0.4.3' 2020-03-10 09:14:44 -04:00
rl1987
f89c32ccd0 Document poll_interval_tv in procmon.c 2020-03-10 09:13:22 -04:00
David Goulet
2d53168511 Merge branch 'tor-github/pr/1723' 2020-03-09 10:36:05 -04:00
Steven Engler
4b964ef5b2
Update comment in router_differences_are_cosmetic()
Descriptor differences are cosmetic if 2 hours has passed,
not 12 hours (see ticket 33573).
2020-03-09 10:13:36 -04:00
David Goulet
6684c6e17f Merge branch 'tor-github/pr/1751' 2020-03-09 09:33:05 -04:00
Neel Chauhan
7d673e70b0 Remove the ClientAutoIPv6ORPort option 2020-03-09 09:33:00 -04:00
Neel Chauhan
53e2292c05 Space out the line.key/line.value in test_policy_summary_helper_family_flags() 2020-03-08 17:12:28 -07:00
rl1987
dcb75f00e1 Disable parts of test_protover_all_supported() that cause fatal exceptions when ALL_BUGS_ARE_FATAL 2020-03-06 19:25:54 +02:00
rl1987
0732513f16 Also skip dir/purpose_needs_anonymity_returns_true_by_default when ALL_BUGS_ARE_FATAL 2020-03-06 19:25:54 +02:00
rl1987
3db65bc218 Skip test_new_route_len_unhandled_exit() when ALL_BUGS_ARE_FATAL 2020-03-06 17:55:21 +02:00
Nick Mathewson
9dc946ba67 Add a config_lines_partition() function to help with LINELIST_V.
This function works a little bit like strsep(), to get a chunk of
configuration lines with a given header.  We can use this to make
hidden service config easier to parse.
2020-03-05 10:13:50 -05:00
Nick Mathewson
ba8d71d9c3 Merge remote-tracking branch 'tor-github/pr/1774/head' 2020-03-05 09:10:24 -05:00
Nick Mathewson
8e5c75e896 Merge remote-tracking branch 'tor-github/pr/1772/head' 2020-03-05 09:09:16 -05:00
Nick Mathewson
7177eeddf1 Merge branch 'maint-0.4.3' 2020-03-05 08:48:40 -05:00
Nick Mathewson
686494f0f7 Merge branch 'clang_format_prep_3' 2020-03-05 08:23:32 -05:00
Roger Dingledine
29542ccdcc Remove surprising empty line in info-level cbt log
Fixes bug 33531; bugfix on 0.3.3.1-alpha.
2020-03-04 13:45:34 -05:00
George Kadianakis
edc0bf5089 Merge branch 'tor-github/pr/1763' 2020-03-03 14:35:31 +02:00
Nick Mathewson
a5bc08579f shared_random: Improve fallback for client no-live-consensus case.
In this case, when we're looking for the voting interval, we should
try looking at the _latest_ consensus if we have one.  When we're
looking for the start of the current voting period, we can use our
existing fallback logic without complaint, since the voting interval
code will already have given us a reasonable voting interval, and we
want to have a round starting time based on the current time.
2020-03-03 14:35:01 +02:00
Nick Mathewson
9a7b10e23f Comment updates from review. 2020-03-03 14:35:01 +02:00
Nick Mathewson
1b66b39699 Make voting_schedule.h work correctly when dirauth-mode is disabled. 2020-03-03 14:35:01 +02:00
Nick Mathewson
9fb18756df Stop using all dirauth-only options in shared_random_client.c
This is not as clean a patch as I would like: see the comment on
ASSUME_AUTHORITY_SCHEDULING. This issue here is that the unit tests
sometimes assume that we are going to be looking at the dirauth
options and behaving like a dirauth, but without setting the options
to turn is into one.

This isn't an issue for actually running Tor, as far as I can tell
with chutney.
2020-03-03 14:35:01 +02:00
Neel Chauhan
2ef2fef711 Correct spacing in dns_launch_correctness_checks() 2020-02-26 15:48:45 -08:00
Nick Mathewson
6472d9cfdf Run "make autostyle" 2020-02-26 16:45:33 -05:00
Nick Mathewson
c81cb588db Allow unlinkat() in the seccomp2 sandbox
Closes ticket 33346.
2020-02-26 15:17:12 -05:00
Nick Mathewson
2c792d1e0e In typed_var_kvassign, include config names in error messages.
This should improve the usability of our configuration error messages.
2020-02-26 14:18:40 -05:00
Nick Mathewson
7e7aff9b6a confmgt: when a units value is invalid, include a meaningful error.
Part of 33460.
2020-02-26 13:03:10 -05:00
Nick Mathewson
b133325a3e confmgt: when an int/enum value is invalid, say which values are ok.
Part of 33460.
2020-02-26 13:02:28 -05:00
Nick Mathewson
11adf0f46f Merge remote-tracking branch 'tor-github/pr/1750/head' 2020-02-25 12:58:23 -05:00
Nick Mathewson
7777f1df49 Dirauth-specific function to get voting interval. 2020-02-24 10:55:06 -05:00
Nick Mathewson
d865a50296 Extract most of dirauth_sched_get_next_valid_after_time()
Most of this function was about recreating a voting schedule on
demand if it didn't exist yet or was not up-to-date.  I've made that
into its own function.
2020-02-24 10:13:07 -05:00
Nick Mathewson
4fb6d8675f Rename voting_schedule_*() functions.
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        voting_schedule_recalculate_timing dirauth_sched_recalculate_timing \
        voting_schedule_get_start_of_next_interval voting_sched_get_start_of_interval_after \
        voting_schedule_get_next_valid_after_time dirauth_sched_get_next_valid_after_time
2020-02-24 10:07:09 -05:00
Nick Mathewson
b7ba558f56 Move one voting schedule fn into networkstatus.c
The 'voting_schdule_get_start_of_next_interval' function isn't
actually dirauth-specific.
2020-02-24 10:04:01 -05:00
Nick Mathewson
e1cf10ceb7 Move voting_schedule.[ch] to src/feature/dirauth/ 2020-02-24 10:00:51 -05:00
Nick Mathewson
d4d5d9d1d1 Merge branch 'ticket33316_squashed' 2020-02-24 07:49:45 -05:00
Nick Mathewson
e067cb426a Move process subsystem after evloop.
Process uses evloop, and so should be initialized after it.
2020-02-24 07:49:39 -05:00
Nick Mathewson
63b7dabdea Merge ocirc and orconn events into or subsystem.
Pubsub events are not supposed to have their own subsystems; they're
supposed to be part of a parent subsystem.
2020-02-24 07:49:39 -05:00
Nick Mathewson
2e5d555c0e Initialize all subsystems during the unit tests
Previously we had initialized only the library subsystems.  This
made it hard to write some tests, and encouraged people to put their
subsystems at a level lower than they really belonged at.  Instead,
it probably just makes sense to initialize everything before we
start the tests.

Without this fix, 33316 breaks our tests because of raising the
level of the ocirc/orconn events.
2020-02-24 07:49:39 -05:00
Nick Mathewson
90524de0b2 Move winprocess_sys into a new low-level hardening module
This code was in our process module, but it doesn't belong there:
process is for launching and monitoring subprocesses, not for
hardening the current process.

This change lets us have our subsystem init order more closely match
our dependency order.
2020-02-24 07:49:39 -05:00
Nick Mathewson
caa392a73a Merge remote-tracking branch 'tor-github/pr/1685/head' 2020-02-24 07:45:20 -05:00
George Kadianakis
93cb8072be Final touches to #32709 based on Nick's feedback.
- Fix a bug and add unittest.
- Add changes file.
- Add man page entry.
2020-02-24 12:15:35 +02:00
Nick Mathewson
84f2e28204 Use PRIu64 and TOR_PRIuSZ, to fix 32-bit build error. 2020-02-20 20:49:38 -05:00
Nick Mathewson
ce9eeefbcc Make direclient_dump_total_dls() respect SafeLogging and pass tests.
Don't dump totals with anonymous purposes.  Additionally, don't dump
headers that have nothing underneath them.
2020-02-20 12:26:32 -05:00
Nick Mathewson
66bbdadbbe Merge branch 'extract_routerkeys_squashed' 2020-02-20 10:41:12 -05:00
Nick Mathewson
1d068625dd Move relay_handshake.[ch] into src/feature/relay, and make it optional 2020-02-20 10:41:06 -05:00
Nick Mathewson
e425ffc637 Disable routerkeys.c with --disable-relay-mode. 2020-02-20 10:41:06 -05:00
Nick Mathewson
09fb7987c5 Merge branch 'maint-0.4.3' 2020-02-20 08:50:18 -05:00
Nick Mathewson
f733b8acd6 Merge remote-tracking branch 'tor-github/pr/1719/head' into maint-0.4.3 2020-02-20 08:48:17 -05:00
Nick Mathewson
d559ca3d5a Move router_reset_reachability() into correct header, add a stub
Without this, -O0 builds fail, which is a sign that LTO builds may
fail too.
2020-02-20 08:36:40 -05:00
Nick Mathewson
5149c100ed run "make autostyle" 2020-02-20 08:33:40 -05:00
Nick Mathewson
b9cc4cc50a Merge branch 'ticket4631_squashed' 2020-02-20 08:17:47 -05:00
teor
bed3b292ad dirvote: Improve the posted vote log message
Cleanup after 4631.
2020-02-20 08:17:37 -05:00
Nick Mathewson
dd4fa9b468 Extract relay-only handshake code into its own file.
This is not the only relay-only handshake code, but it is most of
such code that is in connection_or.c.
2020-02-19 19:11:57 -05:00
Nick Mathewson
a65efa7e83 Merge branch 'extract_relay_dns' 2020-02-19 13:58:53 -05:00
Nick Mathewson
65b75ef3d5 Merge branch 'extract_ext_orport' 2020-02-19 13:55:18 -05:00
Nick Mathewson
defd941fe7 Make dns_cancel_pending_resolve() STATIC.
It is not called by anything outside of the tests and dns.c.
2020-02-19 12:30:09 -05:00
Nick Mathewson
f739aa7962 Remove assert_all_pending_dns_resolves_ok().
It hasn't been used since 2009.
2020-02-19 12:27:49 -05:00
Nick Mathewson
51b470dbc8 dns.h: label functions that are only used inside feature/relay 2020-02-19 12:17:13 -05:00
Nick Mathewson
9b21a5d254 Note module-local functions in ext_orport.h
Since these are only used inside the feature/relay module, they
don't need stubs.
2020-02-19 12:12:00 -05:00
Nick Mathewson
df6191f620 Make connection_or_get_by_ext_or_id() testing-only
Apparently it is only used by the unit tests: tor doesn't want it at
all.

I've opened a new ticket (33383) to we if we should remove this
whole feature.
2020-02-19 12:11:23 -05:00
Nick Mathewson
7b6e81f8e6 Merge branch 'extract_selftest' 2020-02-19 11:58:17 -05:00
teor
15192f88c0
dirvote: Remove an incorrect log message
Cleanup after 4631.
2020-02-19 11:09:21 +10:00
teor
4dd594d33c
Merge remote-tracking branch 'tor-github/pr/1744' 2020-02-19 10:09:29 +10:00
teor
6e76570ede
Makefile: Tweak the test-network* chuttney networks
In "make test-network", add tests for single onion services v2 and v3.

In "make test-network-all", test onion services v2 and v3 in the same
network.

Part of 33334.
2020-02-19 09:29:02 +10:00
Steven Engler
9a68eca3a7 Small changes to scheduler comments and state changes
Tries to make some of the comments in scheduler.c easier to follow,
and simplifies a couple of the scheduler channel state changes.
2020-02-18 13:56:58 -05:00
Nick Mathewson
e85f46b7be Do not build selftest.c when running relay mode is disabled. 2020-02-18 13:31:33 -05:00
Nick Mathewson
a1a3a4d585 Make ext_orport.c relay-mode-only. 2020-02-18 13:23:50 -05:00
Nick Mathewson
1f958b6020 Move ext_orport identifier map into ext_orport.c
There's no need to move the declarations: those were already in
ext_orport.h.

This shrinks connection_or.c a little.
2020-02-18 13:10:57 -05:00
Nick Mathewson
8ce15933e5 Move some declarations into proto_ext_or.h
They are for functions declared in that file.
2020-02-18 13:07:33 -05:00
Nick Mathewson
eb07166eb8 Make sure callers can handle NULL ext-or auth cookie filename 2020-02-18 12:55:57 -05:00
Nick Mathewson
c43a245292 Disable dns.c when relay mode is disabled.
This saves about 1% for me on a binary compiled without relay mode.

Closes ticket 33366.
2020-02-18 12:46:10 -05:00
Nick Mathewson
1f06f494c8 Move DNS TTL manipulation code to src/core/or
This removes a dependency from the client code on feature/relay.
2020-02-18 12:08:29 -05:00
Nick Mathewson
dcbc45e6b2 Replace identifiers related to clipping DNS ttls.
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        MIN_DNS_TTL_AT_EXIT MIN_DNS_TTL \
        MAX_DNS_TTL_AT_EXIT MAX_DNS_TTL \
        dns_clip_ttl clip_dns_ttl
2020-02-18 12:00:24 -05:00
Nick Mathewson
93af83e16a Remember dirctory bw usage, and log it in the heartbeat
Closes ticket 32720.
2020-02-18 11:25:18 -05:00
George Kadianakis
975102869a Fix issues pointed out by Nick.
- Loose the asserts on num_pkeys.
- Straighten some dangling &.
- Fix some unpredictable memcpys.
2020-02-18 12:37:34 +02:00
teor
f298706326
dirauth: Update disabled dirvote_add_vote()
Update the function that handles directory authority votes when the
dirauth module is disabled.

Part of 4631.
2020-02-18 13:23:33 +10:00
teor
8b5b574a81
dirauth: Refactor dirvote_add_vote()
Refactor dirvote_add_vote() by splitting some code out into static
functions.

Cleanup after 4631.
2020-02-18 13:23:27 +10:00
teor
56f715d300
test/dir: Add specific tests for late vote rejection
Part of 4631.
2020-02-18 13:23:23 +10:00
teor
2b7eec7590
test/dir: Update the tests for late vote rejection
Part of 4631.
2020-02-18 12:44:50 +10:00
Roger Dingledine
acb5b0d535
Don't accept posted votes after :52:30
If we receive via 'post' a vote from a dir auth after the
fetch_missing_votes cutoff, that means we didn't get it by the time we
begin the "fetching missing votes from everybody else" phase, which means
it is very likely to cause a consensus split if we count it. Instead,
we reject it.

But we still allow votes that we fetch ourselves after that cutoff.

This is a demo branch for making progress on #4631.

I've been running it on moria1 and it catches and handles real buggy
behavior from directory authorities, e.g.

Jan 28 15:59:50.804 [warn] Rejecting vote from 199.58.81.140 received at 2020-01-28 20:59:50; our cutoff for received votes is 2020-01-28 20:52:30
Jan 28 15:59:50.805 [warn] Rejected vote from 199.58.81.140 ("Vote received too late, would be dangerous to count it").
Jan 29 01:52:52.667 [warn] Rejecting vote from 204.13.164.118 received at 2020-01-29 06:52:52; our cutoff for received votes is 2020-01-29 06:52:30
Jan 29 01:52:52.669 [warn] Rejected vote from 204.13.164.118 ("Vote received too late, would be dangerous to count it").
Jan 29 04:53:26.323 [warn] Rejecting vote from 204.13.164.118 received at 2020-01-29 09:53:26; our cutoff for received votes is 2020-01-29 09:52:30
Jan 29 04:53:26.326 [warn] Rejected vote from 204.13.164.118 ("Vote received too late, would be dangerous to count it").
2020-02-18 12:44:41 +10:00
teor
da280a4309 Makefile: Add an IPv6 mixed chutney network
This network is used in make test-network-all and test-network-ipv6.

Closes 33334.
2020-02-17 14:55:05 +10:00
teor
85eb170923 Makefile: Add v3 onion services to the mixed network
This network is used in make test-network-all and test-network-ipv4.

Part of 33334.
2020-02-17 14:54:24 +10:00
teor
f231827946
Merge remote-tracking branch 'tor-github/pr/1731' 2020-02-17 13:49:23 +10:00
teor
334469cc39
Merge branch 'bug33195_master' into ticket33280_master
Conflicts:
* Keep the changes from ticket33280_master
2020-02-17 13:46:09 +10:00
Nick Mathewson
a6509cb867 Merge remote-tracking branch 'tor-github/pr/1727/head' 2020-02-14 08:20:21 -05:00
Nick Mathewson
a010dbf94c Merge branch 'maint-0.4.3' 2020-02-14 08:17:16 -05:00
Nick Mathewson
a79841fd83 Merge branch 'ticket33290_v2_042' into maint-0.4.3 2020-02-14 08:16:22 -05:00
Nick Mathewson
393bbd823e Merge branch 'ticket33290_v2_041' into ticket33290_v2_042 2020-02-14 08:16:01 -05:00
Nick Mathewson
c1649ab015 Wipe the entire hashent structure, not just the first sizeof(void*) 2020-02-14 08:15:37 -05:00
teor
ed1ee2001f
dirvote: Update the comments for required protocols
Add doxygen comments to the new recommended and required subprotocol
version strings.

Add a warning to the required protocol documentation, because requiring
the wrong protocols can break the tor network. Also reference
proposal 303: When and how to remove support for protocol versions.

Part of 33285.
2020-02-14 12:49:38 +10:00
teor
98899f20ad
mainloop: Explain local connections better
Some connections aren't counted for statistics or accounting,
because they have been specifically configured by the user to
local addresses.

Comment-only change.

Closes 33201.
2020-02-14 10:13:00 +10:00
Nick Mathewson
691d271b2e Re-order thread initialization to follow logging, and remove a comment.
lib/log no longer uses lib/thread; lib/log only uses lib/lock, which
is at a lower level.
2020-02-13 12:55:05 -05:00
Nick Mathewson
67d59d7d1f Re-order most subsystems to correspond to dependency order. 2020-02-13 12:53:15 -05:00
Nick Mathewson
1ab7c05231 Merge branch 'maint-0.4.3' 2020-02-13 10:47:43 -05:00
Nick Mathewson
baeff46d36 Merge branch 'ticket33290_v2_042' into ticket33290_v2_043
Conflicts:
	src/core/or/circuitmux_ewma.c
2020-02-13 09:21:47 -05:00
Nick Mathewson
fd1686c7d8 Merge branch 'ticket33290_v2_041' into ticket33290_v2_042 2020-02-13 09:12:48 -05:00
Nick Mathewson
fff1054d17 Before freeing ewma objects, use memwipe instead of resetting magic. 2020-02-13 09:11:35 -05:00
teor
02f494360a
Makefile: Use chutney's latest default network
Use bridges+hs-v23 for "make test-network",
rather than using chutney's old default.

This change requires a recent version of chutney,
because the old bridges+hs-v23 did not work.
(See chutney's 33302 for details.)

Closes 28208.
2020-02-13 13:00:18 +10:00
teor
9d352028e6
Makefike: Add an IPv6 test to test-network
The IPv6 test only runs if IPv6 is available.

Also, explicitly use the bridges+hs-v2 network for the IPv4-only test.
This network was chutney's default as of January 2020.

Closes 33300.
2020-02-13 13:00:15 +10:00
teor
e849881d3a Run "make autostyle"
But only take the changes that were caused by the rest of the 33087
branch.

Part of 33087.
2020-02-13 09:28:21 +10:00
Nick Mathewson
e231d84dd5 Merge branch 'maint-0.4.3' 2020-02-12 18:26:08 -05:00
Nick Mathewson
d0c3350218 Run "make autostyle". 2020-02-12 18:25:51 -05:00
Nick Mathewson
80e3dc4727 Use more memory poisoning and better asserts around ewma code
Attempt to diagnose 32464; fixes 33290.
2020-02-12 14:17:19 -05:00
teor
8a23393eda
log: Stop duplicating error file fds
Since we're not closing these fds, they don't need to be duplicated
any more.

Cleanup after 33087.
2020-02-13 00:01:47 +10:00
teor
3d1ef3b6f8
err/log: Stop closing stderr and stdout during shutdown
Closing these file descriptors can hide sanitiser logs.

Instead, flush the logs before tor exits, using fsync().
Some Windows environments don't have fsync(), so we check
for it at compile time.

Fixes bug 33087; bugfix on 0.4.1.6.
2020-02-13 00:00:41 +10:00
teor
4fed49e0dd protover: Sort tor's supported protocol versions
As recommended by the tor directory specification.

Fixes bug 33285; bugfix on 0.4.0.1-alpha.
2020-02-12 22:15:17 +10:00
teor
14cb337e80 test/protover: Test hard-coded protover sorting
Make sure that the following hard-coded protocol version lists are
sorted:
  * supported protocols
  * recommended relay and client protocols
  * required relay and client protocols

This test currently fails, because the supported protocols are not
sorted.

Tests for 33285.
2020-02-12 22:07:26 +10:00
teor
64bb6e622d dirvote: Reorder required protocol lists
Use a consistent order, because the current order is going to trip
someone up eventually.

Preparation for 33285.
2020-02-12 22:06:11 +10:00
teor
78051c8808 dirvote: Move required protos into private header
Move the recommended and required protocol version lists into the
private section of the dirvote header, and turn them into macros.

Preparation for 33285.
2020-02-12 22:03:19 +10:00
teor
bc493ce0f2
protover: Update a comment about protover parsing
Comment-only change.
2020-02-12 20:59:25 +10:00
teor
c8242e4c0a
err/log: Stop closing stderr and stdout during shutdown
Closing these file descriptors can hide sanitiser logs.

Fixes bug 33087; bugfix on 0.4.1.6.
2020-02-12 19:18:07 +10:00
teor
e0ea7407a4
Merge remote-tracking branch 'tor-github/pr/1725' into maint-0.4.3 2020-02-12 14:14:11 +10:00
David Goulet
88489cd290
hs-v3: Remove BUG() that can occur normally
Fixes #28992

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-12 14:09:40 +10:00
teor
ff52205362
Merge branch 'maint-0.4.1' into maint-0.4.2 2020-02-12 12:22:04 +10:00
teor
5298113da9
Merge branch 'maint-0.3.5' into maint-0.4.1 2020-02-12 12:21:57 +10:00
Alexander Færøy
b9c7c61ea5
Lowercase the BridgeDistribution value from torrc in descriptors.
This patch ensures that we always lowercase the BridgeDistribution from
torrc in descriptors before submitting it.

See: https://bugs.torproject.org/32753
2020-02-12 12:21:41 +10:00
George Kadianakis
9892cc3b12 Merge branch 'tor-github/pr/1707' 2020-02-11 18:42:22 +02:00
David Goulet
40a321659a hs-v3: Remove BUG() that can occur normally
Fixes #28992

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 18:40:55 +02:00
David Goulet
f0964628e6 Merge branch 'ticket33029_042_01' into ticket33029_043_03
Conflicts:
	doc/tor.1.txt
	src/app/config/config.c
	src/app/config/or_options_st.h
	src/core/mainloop/connection.h

Between 042 and 043, the dirauth options were modularized so this merge commit
address this by moving the AuthDirRejectUncompressedRequests to the module
along with a series of accessors.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 10:30:29 -05:00
David Goulet
7b4d9fabef dirauth: Rename function for better clarity
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 10:15:23 -05:00
David Goulet
33414e5494 test: Add unit test for connection_dir_is_global_write_low()
Part of #33029

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 10:15:04 -05:00
David Goulet
6d9113d2f6 dirauth: Resume sending 503 directory error code
Authorities were never sending back 503 error code because by design they
should be able to always answer directory requests regardless of bandwidth
capacity.

However, that recently backfired because of a large number of requests from
unknown source using the DirPort that are _not_ getting their 503 code which
overloaded the DirPort leading to the authority to be unable to answer to its
fellow authorities.

This is not a complete solution to the problem but it will help ease off the
load on the authority side by sending back 503 codes *unless* the connection
is from a known relay or an authority.

Fixes #33029

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:58:28 -05:00
David Goulet
735aa208b1 dirauth: Add option AuthDirRejectRequestsUnderLoad
This controls the previous feature added that makes dirauth send back a 503
error code on non relay connections if under bandwidth pressure.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:57:05 -05:00
David Goulet
bd4f4cb5f0 dirlist: Add configured trusted dir to the nodelist address set
The configured, within the torrc or hardcoded, directory authorities addresses
are now added to the nodelist address set.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:35:54 -05:00
David Goulet
4152c349b4 nodelist: Helper to add an address to the nodelist address set
We separate v4 and v6 because we often use an IPv4 address represented with
a uint32_t instead of a tor_addr_t.

This will be used to also add the trusted directory addresses taken from the
configuration.

The trusted directories from the consensus are already added to the address
set from their descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:35:50 -05:00
David Goulet
872f95ca06 mainloop: Modernize a bit connection_dir_is_global_write_low()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:35:46 -05:00
David Goulet
c1e0ac63b8 mainloop: Remove unused parameter from connection_dir_is_global_write_low()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:35:40 -05:00
David Goulet
ee55823a11 mainloop: Rename global_write_bucket_low()
That function is only used to test the global bucket write limit for a
directory connection.

It should _not_ be used for anything else since that function looks to see if
we are a directory authority.

Rename it to something more meaningful. No change in behavior at this commit,
only renaming.

Part of #33029

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-11 09:34:55 -05:00
Nick Mathewson
384a771fcc Merge branch 'ticket32362_squashed' 2020-02-11 08:47:19 -05:00
Neel Chauhan
777d90fa23 Check for leading zeros in tor_inet_aton() 2020-02-11 08:47:13 -05:00
Nick Mathewson
71d96cefc0 Update to 0.4.4.0-alpha-dev 2020-02-10 19:43:54 -05:00
Nick Mathewson
5d56c1f4b2 Update to 0.4.3.2-alpha-dev 2020-02-10 19:42:31 -05:00
George Kadianakis
901ed35709 Make n_subcredentials a size_t .
Based on David's review.
2020-02-11 02:13:40 +02:00
Nick Mathewson
eb8841cd95 Merge branch 'bug33104_041' 2020-02-10 14:23:13 -05:00
Nick Mathewson
0c90fc37ec Merge branch 'maint-0.4.1' into maint-0.4.2 2020-02-10 14:17:10 -05:00
Nick Mathewson
71c49f7356 Merge branch 'maint-0.4.0' into maint-0.4.1 2020-02-10 14:17:10 -05:00
Nick Mathewson
d9144700af Merge branch 'maint-0.4.2' 2020-02-10 14:17:10 -05:00
Nick Mathewson
f3fa22bf1b Merge branch 'maint-0.3.5' into maint-0.4.0 2020-02-10 14:17:09 -05:00
Nick Mathewson
dab0b1c3a7 bump to 0.4.3.2-alpha 2020-02-10 13:37:59 -05:00
Nick Mathewson
99d044d553 Fix a Rust compilation warning; resolve bug 33212. 2020-02-10 13:32:09 -05:00
Nick Mathewson
d9e211ab70 Use semicolons after HT_PROTOTYPE and HT_GENERATE. 2020-02-10 12:54:43 -05:00
Nick Mathewson
a9cc4ce0eb ht.h: Require a semicolon after HT_PROTOTYPE and HT_GENERATE[2] 2020-02-10 12:54:06 -05:00
Nick Mathewson
b2c3cb1b26 Add tests for control_event_signal. 2020-02-10 11:38:36 -05:00
teor
5e6021bdae
stats: Fix a function comment typo in rephist.c
Comment-only change.
2020-02-10 15:58:25 +10:00
Nick Mathewson
fbc1eaa0af Try to shorten an #error in address.c 2020-02-06 17:21:34 -05:00
Nick Mathewson
1651f92c16 Break CONNECTION_TESTCAE_ARG across multiple lines 2020-02-06 17:21:34 -05:00
Nick Mathewson
8a5a1600cd Extract verbatim table in uname.c 2020-02-06 17:06:12 -05:00
Nick Mathewson
7036ed3471 Fix a couple more long warning lines
These are not a problem with 2-space indentation, but cocci will
start getting confused when clang-format wraps them with 4-space
indentation.
2020-02-06 16:25:56 -05:00
Nick Mathewson
6076adde25 circuitbuild: expect bug message that clang-format will generate.
clang-format wants to put no space here, so we need to tell the test
to expect a lack of a space.
2020-02-06 15:34:06 -05:00
Nick Mathewson
99a5aecbc7 Wrap columnar tables in "clang-format off/on"
These tables have aligned comments, so we don't want clang-format to
mess with them.
2020-02-06 14:54:04 -05:00
Nick Mathewson
06a6130666 Use parentheses to avoid mis-indentations of stringified macro args
clang-format sometimes thinks that "#name" should be written as
"#     name" if it appears at the start of a line.  Using () appears
to suppress this, while confusing Coccinelle.
2020-02-06 14:54:04 -05:00
Nick Mathewson
6104c407e0 maps: do not include _ as part of expected prefix in macros.
Doing this makes our macro usage a little clear IMO, and also avoids
having to use an unadorned "new" within a macro.  (Clang-format
seems to think that "new" means we're doing C++, and so it generates
some output that checkSpace.pl doesn't care for.)
2020-02-06 14:54:04 -05:00
Nick Mathewson
87b71a692a Remove senseless CHECK_PRINTF()s from util_bug.c
These belong in util_bug.h (and they already are there).

Their presence made clang-format misindent these functions in a way
that checkSpace.pl dislikes.
2020-02-06 14:54:04 -05:00
Nick Mathewson
efa5020a9c log_test_helpers: remove semicolons from end of macros
We want our code to require semicolons after use of these macros,
so that our code formatters and/or analysis tools don't get
confused.
2020-02-06 14:54:04 -05:00
Nick Mathewson
60f01da78e Use smaller CPP error messages
Clang-format wants to split these messages across multiple lines,
which confuses the heck out of coccinelle.
2020-02-06 14:54:04 -05:00
Nick Mathewson
e9b663beaf onion_queue.c: use TAILQ_HEAD less confusingly.
When we use macro inline, clang-format likes to break it in the
middle, which makes checkSpace get confused.
2020-02-06 14:33:05 -05:00
Nick Mathewson
9feeb4cf97 prob_distr: use "clang-format off" to avoid wide lines for URLs 2020-02-06 14:33:05 -05:00
Nick Mathewson
98fdc3e41a Use a compile-time assert in control_events.h
(The original idiom here led clang-format to generating a too-wide line.)
2020-02-06 14:33:05 -05:00
Nick Mathewson
21f45197a2 Merge branch 'bug33103' 2020-02-06 08:28:25 -05:00
David Goulet
a8456d2a11 test: Missing hs_init() in some hs_control tests
Without the hs_init(), the caches are not initialized and the previous commit
was causing an assert due to the missing caches.

But regardless of that, those tests were not initializing but were calling
hs_free_all().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-06 12:54:54 +02:00
David Goulet
9278a24729 hs-v3: Remove descriptor when we remove client authorization
When the ONION_CLIENT_AUTH_REMOVE command is given to tor, now also remove the
descriptor associated with the client authorization credentials.

Fixes #33148

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-06 12:54:54 +02:00
Nick Mathewson
56c54a66bd Fix a memory leak in handling GETINFO.
Fixes bug 33103; bugfix on 0.4.3.1-alpha.
2020-02-05 19:18:32 -05:00
Nick Mathewson
1a375c3b19 Merge branch 'trove_2020_002_035' into trove_2020_002_041
Resolved Conflicts:
	src/feature/dirparse/parsecommon.c
2020-02-05 12:06:24 -05:00
Nick Mathewson
f160212ee8 When parsing tokens, reject early on spurious keys. 2020-02-05 11:57:31 -05:00
Nick Mathewson
9e1085c924 When parsing, reject >1024-bit RSA private keys sooner.
Private-key validation is fairly expensive for long keys in openssl,
so we need to avoid it sooner.
2020-02-05 11:11:35 -05:00
George Kadianakis
2a5e641cfe Merge branch 'tor-github/pr/1704' 2020-02-04 13:09:41 +01:00
George Kadianakis
6c749bf38c Merge branch 'tor-github/pr/1700' 2020-02-04 13:06:00 +01:00
teor
ff52051754
address: Fix comments in address.h
And improve inline function spacing, and function declaration
spacing.

Comment-only change.
2020-02-04 14:36:04 +10:00
David Goulet
08f31e405d hs-v3: Purge ephemeral client auth on NEWNYM
Fixes #33139.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-03 11:58:43 -05:00
David Goulet
1bf377f4b6 Merge branch 'tor-github/pr/1687' 2020-01-30 14:06:09 -05:00
David Goulet
f07d8a1a92 Merge branch 'tor-github/pr/1692' 2020-01-30 13:53:32 -05:00
David Goulet
a1dec44723 Merge branch 'tor-github/pr/1697' 2020-01-30 13:48:36 -05:00
Nick Mathewson
49cffee635 bump to 0.4.2.6-dev 2020-01-30 11:19:16 -05:00
Nick Mathewson
7afb95d3e3 Bump to 0.4.1.8-dev 2020-01-30 11:18:50 -05:00
David Goulet
e4245e2a6b hs-v2: Turn logs into protocol warning
All of those can be triggered remotely so change them to protocol warnings.

Fixes #32706

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-30 11:14:50 -05:00
Nick Mathewson
af76b9dcc6 Merge branch 'bug32673_035' 2020-01-30 09:58:23 -05:00
Nick Mathewson
9ea0c0bfcd Merge branch 'bug33093_logging_035' 2020-01-30 09:55:40 -05:00
Nick Mathewson
2a1f8ea2e7 Do not set "once" when calling tor_bug_occurred_ from BUG().
The "once" flag makes tor_bug_occurred_() say that future instances
of the warning will be suppressed -- but that's not something that
BUG() does.  Fixes bug 33095; bugfix on 0.4.1.1-alpha.
2020-01-30 09:43:34 -05:00
Nick Mathewson
7bd671811e Rewrite control_event_signal() to use signal_table.
When we added the ACTIVE and DORMANT virtual signals, we taught the
signal command to handle them, but we didn't teach SIGNAL event to
report them.

To solve this problem and prevent it from recurring, this patch
revises the implementation of control_event_signal() to use the same
signal_table that handle_control_signal() uses.  This way, the two
controller commands can't become out of sync.

Fixes bug 33104; bugfix on 0.4.0.1-alpha.
2020-01-30 09:29:07 -05:00
Nick Mathewson
f470b863a0 Bump version to 0.4.2.6 2020-01-29 19:44:29 -05:00
Nick Mathewson
ec7f99e6ef bump to 0.4.1.8 2020-01-29 19:42:24 -05:00
teor
7b6be02a92
Merge branch 'maint-0.4.1' into maint-0.4.2 2020-01-30 07:55:12 +10:00
teor
6b392c333a
Merge branch 'maint-0.4.0' into maint-0.4.1 2020-01-30 07:55:05 +10:00
teor
65825018c7
Merge branch 'maint-0.3.5' into maint-0.4.0 2020-01-30 07:54:58 +10:00
teor
9b0b2aef80
Merge remote-tracking branch 'tor-github/pr/1634' into maint-0.4.1 2020-01-30 07:54:39 +10:00
teor
41d52e9cd8
Merge remote-tracking branch 'tor-github/pr/1614' into maint-0.3.5 2020-01-30 07:53:53 +10:00
Nick Mathewson
2985a6018f buf_read_from_tls: Return ERROR_MISC, not WANTWRITE, on BUG().
Fixes bug 32673; bugfix on 0.3.0.4-alpha.  We introduced these
checks in ee5471f9aa to help diagnose 21369, but we used "-1"
when "TOR_TLS_ERROR_MISC" would have been correct.  Found by opara.

I don't think that this is actually getting triggered in the wild,
but if it were, it could cause nasty behavior: spurious
WANTREAD/WANTWRITE returns have a way of turning into CPU-eating
busy-loops.
2020-01-29 08:50:03 -05:00
Nick Mathewson
1f163fcbde Change BUG() messages in buf_flush_to_tls() to IF_BUG_ONCE()
We introduced these BUG() checks in b0ddaac074 to prevent a
recurrence of bug 23690.  But there's a report of the BUG() message
getting triggered and filling up the disk.  Let's change it to
IF_BUG_ONCE().

Fixes bug 33093; bugfix on 0.3.2.2-alpha.
2020-01-29 08:31:22 -05:00
teor
c8ba2c4730
mainloop: Simplify ip_address_changed()
Simplify ip_address_changed() by removing redundant checks
(all exits are relays, and need to rebuild their descriptor when their
IP addresses change).

Rewrite the function comment, and rename the argument, so the function
is easier to understand and use.

Closes 33091.
2020-01-29 18:23:38 +10:00
teor
d873674fb3
connection: Improve function comments
Improve the function comments on connection_finished_connecting(),
to describe what the function actually does.

Part of 33091.
2020-01-29 18:22:21 +10:00
cclauss
3208a74f90 Use print() function in both Python 2 and Python 3 2020-01-28 01:38:54 +01:00
George Kadianakis
ba99287d13 Write unittest that covers cases of INTRODUCE1 handling.
Also fix some memleaks of other OB unittests.
2020-01-28 01:08:41 +02:00
George Kadianakis
635f58bad2 Introduce an hs_ob_free_all() function. 2020-01-28 01:07:51 +02:00
George Kadianakis
0133169481 Allow clients to connect to the instance even with OB enabled.
We do this by including the instance's subcredentials to the list of
subcredentials that are used during INTRO2 decryption.
2020-01-28 01:07:51 +02:00
George Kadianakis
c731988cb2 Unify INTRO2 handling codepaths in OB and normal cases.
Now we use the exact same INTRO2 decrypt logic regardless of whether the
service is an OB instance or not.

The new get_subcredential_for_handling_intro2_cell() function is responsible
for loading the right subcredentials in either case.
2020-01-28 01:07:51 +02:00
George Kadianakis
da15feb0d3 Refresh OB keys when we build a new descriptor.
We now assign OB subcredentials to the service instead of computing them on the
spot. See hs_ob_refresh_keys() for more details.
2020-01-28 01:07:28 +02:00
Taylor Yu
76a8a734c9 tests for ticket 33039 2020-01-24 12:20:52 -06:00
Taylor Yu
f7a2b98674 fix leak in GETCONF
Fix a memory leak introduced by refactoring of control reply
formatting code.  Fixes bug 33039; bugfix on 0.4.3.1-alpha.
2020-01-24 12:20:47 -06:00
Nick Mathewson
e34d963c44 Bump to 0.4.3.1-alpha-dev 2020-01-22 20:30:46 -05:00
David Goulet
21d0d81d82 Merge branch 'tor-github/pr/1677' 2020-01-22 14:32:30 -05:00
Alexander Færøy
35721b38e4 Lower log level of standard error messages from PT's.
This patch lowers the log level of error messages from PT processes from
warning to debug.

See: https://bugs.torproject.org/33005
2020-01-22 14:32:13 -05:00
teor
08efb28743
dir_connection_t: Explain dirconn_direct better
Direct connections can use a DirPort or ORPort.
Indirect connections must use a multi-hop Tor circuit.

Comment-only changes.
2020-01-22 09:27:40 +10:00
Nick Mathewson
e144134294 Bump to 0.4.3.1-alpha 2020-01-21 12:33:05 -05:00
Nick Mathewson
942543253a Use time-invariant conditional memcpy to make onionbalance loop safer 2020-01-21 10:31:36 -05:00
Nick Mathewson
4269ab97c6 Add a function to maybe memcpy() a value, in constant time. 2020-01-21 10:31:36 -05:00
Nick Mathewson
b6250236a2 Pass multiple subcredentials all the way down to hs_ntor.
This approach saves us a pair of curve25519 operations for every
subcredential but the first.  It is not yet constant-time.

I've noted a few places where IMO we should refactor the code so
that the complete list of subcredentials is passed in earlier.
2020-01-21 10:31:36 -05:00
Nick Mathewson
46e6a4819a Define a variant of hs_ntor that takes multiple subcredentials. 2020-01-21 10:31:29 -05:00
Nick Mathewson
bd0efb2702 Remove a dead BUG() check. 2020-01-21 10:31:29 -05:00
Nick Mathewson
4532c7ef6a Turn hs_subcredential_t into a proper struct. 2020-01-21 10:31:29 -05:00
David Goulet
7c18860c3e test: Add HS onion balance tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:31:29 -05:00
David Goulet
faada6af8d hs-v3: Implement hs_ob_service_is_instance()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:31:29 -05:00
David Goulet
780e498f76 hs-v3: Code improvement for INTRO2 MAC validation
Pointed by nickm during the review of #32709.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:31:29 -05:00
David Goulet
02f1caa583 hs-v3: Validate INTRO2 cells for onion balance
Closes #32709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:31:29 -05:00
David Goulet
ef28afa255 hs-v3: Add the Onion Balance config file option
At this commit, the service reads the config file and parse it to finally set
the service config object with the options.

Part of #32709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:31:29 -05:00
George Kadianakis
f1498e75dd hs-v3: Extract INTRO2 key computation to its own function.
Part of #32709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:28:26 -05:00
David Goulet
16a201e703 hs-v3: Implement hs_parse_address_no_log()
The hs_parse_address() can not be used without an options_t object existing
since on error it uses the escaped_safe_str() that looks at the options.

This new function won't log and returns an error message in case of failure
that can then be used to log.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-01-21 10:28:26 -05:00
David Goulet
ff93133403 Merge branch 'tor-github/pr/1675' 2020-01-20 10:47:49 -05:00
David Goulet
ca8b90a843 Merge branch 'tor-github/pr/1668' 2020-01-20 10:44:03 -05:00
teor
bf2a399fc0
config: Make clients tell dual-stack exits they prefer IPv6
Make Tor clients tell dual-stack exits that they prefer IPv6
connections.

This change is equivalent to setting the PreferIPv6 flag on
SOCKSPorts (and most other listener ports). Tor Browser has
been setting this flag for some time, and we want to remove a
client distinguisher at exits.

Also update the man page, putting all the IP flags in their
non-default forms.

Closes ticket 32637.
2020-01-20 16:36:58 +10:00
teor
b23b8fa4a1
Merge remote-tracking branch 'tor-github/pr/1673' 2020-01-20 15:52:40 +10:00
teor
af30be9515
test/nodelist: Remove ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD
When we removed obsolete consensus methods in 32695, we also
removed ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD, so we need to
remove it from the routerstatus format tests.

Part of 20218.
2020-01-20 15:51:30 +10:00
teor
3851128e88
Merge branch 'ticket20218_rebased_squashed' into ticket20218_merged
* ticket 32695 removed networkstatus_consensus_has_ipv6(),
  keep that change in master.
* ticket 20218 modifies the function name and comment for
  routerstatus_has_visibly_changed(), keep that change
  in ticket20218_rebased_squashed.
2020-01-20 15:50:54 +10:00
Nick Mathewson
4541289f2a
Rename test to match new identifier. 2020-01-20 15:48:52 +10:00
Nick Mathewson
e2637214f2
split a wide line 2020-01-20 15:48:49 +10:00
Nick Mathewson
152cbf2a59
Rename routerstatus_has_changed to routerstatus_has_visibly_changed
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        routerstatus_has_changed routerstatus_has_visibly_changed

It was generated with --no-verify, since it introduces a wide line.
I'll fix it in a subsequent commit.
2020-01-20 15:48:45 +10:00
Nick Mathewson
c3633e6b29
Update routerstatus_has_changed tests.
Now they also check whether output of routerstatus_format_entry()
has changed.
2020-01-20 15:48:41 +10:00
Nick Mathewson
702a753cf3
Add unit test for routerstatus_has_changed() 2020-01-20 15:48:25 +10:00
teor
0b82b5ee42
Merge remote-tracking branch 'tor-github/pr/1671' 2020-01-20 15:40:42 +10:00
Nick Mathewson
5086b16055 Merge remote-tracking branch 'tor-github/pr/1529' 2020-01-17 08:49:56 -05:00
Nick Mathewson
c8b6392b4e Initialize publish/subscribe code when running as an NT service.
Fixes bug 32778; bugfix on 0.4.1.1-alpha.
2020-01-17 08:41:52 -05:00
Nick Mathewson
d7a22160f5 Revert "Restore feature where nt-services detect non-"run_tor" modes."
This reverts commit 5c240db0bf.
2020-01-17 08:39:49 -05:00
Nick Mathewson
7f03ba06d8 Merge branch 'ticket32806' 2020-01-17 08:37:33 -05:00
Nick Mathewson
6d2b9c9631 Remove some dead checks
The only code that could set these options to be negative was in the
unit tests.
2020-01-17 08:31:22 -05:00
Nick Mathewson
648e1afc33 fix a stray asterisk in a comment 2020-01-17 08:25:09 -05:00
Nick Mathewson
abd9ae48ac Merge branch 'ticket32487_squashed_and_merged' 2020-01-17 07:50:50 -05:00
Nick Mathewson
01fdc3240f Merge branch 'ticket32695_squashed' 2020-01-16 16:42:01 -05:00
Nick Mathewson
ceacda44f1 Remove functions that checked for pre-ipv6 consensus.
We no longer need or need to test:
  * node_awaiting_ipv6()
  * networkstatus_consensus_has_ipv6().
2020-01-16 16:41:53 -05:00
Nick Mathewson
8d94bcbf8c Remove routerstatus_format_entry() consensus_method argument as unused 2020-01-16 16:41:53 -05:00
Nick Mathewson
441a048a3a Remove support for now-obsolete consensus methods before 28.
Closes ticket 32695.
2020-01-16 16:41:53 -05:00
Nick Mathewson
60a0d7d1e8 expose routerstatus_has_changed to unit tests. 2020-01-16 12:14:12 -05:00
Victor Nepveu
594e5ce635 Refactor routerstatus_has_changed function
- Check all fields that might change in a routerstatus
- Document the refactoring

Signed-off-by: Victor Nepveu <victor.nepveu@imt-atlantique.net>
2020-01-16 10:39:15 -05:00
Nick Mathewson
17c63ff9f6 Merge remote-tracking branch 'tor-github/pr/1663' 2020-01-16 10:24:39 -05:00
Nick Mathewson
3c89622e39 Merge branch 'ticket32487_squashed' into ticket32487_squashed_and_merged
Resolved conflicts in src/core/include.am
2020-01-16 07:57:37 -05:00
Nick Mathewson
efb301c86c Document why dircache is not included in --list-modules 2020-01-16 07:48:17 -05:00
Nick Mathewson
a623a49777 Add have_module_dircache(). 2020-01-16 07:48:17 -05:00
Nick Mathewson
5cff1ce84b Turn several functions from stubs into macros
This may help the compiler eliminate deadcode.
2020-01-16 07:48:17 -05:00
Nick Mathewson
6ba4b5e5da Rename dirclient_modes.h identifiers to start with dirclient_
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        directory_must_use_begindir dirclient_must_use_begindir \
        directory_fetches_from_authorities dirclient_fetches_from_authorities \
        directory_fetches_dir_info_early dirclient_fetches_dir_info_early \
        directory_fetches_dir_info_later dirclient_fetches_dir_info_later \
        directory_too_idle_to_fetch_descriptors dirclient_too_idle_to_fetch_descriptors
2020-01-16 07:48:17 -05:00
Nick Mathewson
8d1f31190e Move directory_must_use_begindir() to dirclient_modes.[ch] 2020-01-16 07:48:17 -05:00
Nick Mathewson
773bcf5629 Move dirclient-related functions out of dirserv, and reenable them
I had incorrectly identified these functions as dircache-only, when
in fact they apply to everyone who acts a directory client.
2020-01-16 07:48:17 -05:00
Nick Mathewson
8a0c739467 Disable feature/dircache files when dircache module is disabled.
To make Tor still work, we define a minimal dircache_stub.c file
that defines the entry points to the module that can actually be
seen by the compiler when we're building with dircache and relay
disabled.
2020-01-16 07:48:17 -05:00
Nick Mathewson
6e12a8f047 Use dir_conn_clear_spool() in connection.c.
This is cleaner than iterating over the spool.
2020-01-16 07:48:17 -05:00
Nick Mathewson
fe8156dbc2 Move dirserv_get_routerdescs() to control_getinfo.c
This function had some XXX comments indicating (correctly) that it
was not actually used by the dirserver code, and that only the
controller still used it.
2020-01-16 07:48:17 -05:00
Nick Mathewson
4cf15ee015 Move dir_split_resource_into_spoolable() to dircache module.
Only directory caches actually need to spool things.
2020-01-16 07:48:17 -05:00
teor
fb541ffca3
Merge branch 'maint-0.4.0' into maint-0.4.1 2020-01-16 10:00:40 +10:00
teor
026f068bb3
Merge branch 'maint-0.3.5' into maint-0.4.0 2020-01-16 10:00:32 +10:00
teor
19954cffd7
Merge remote-tracking branch 'tor-github/pr/1513' into maint-0.3.5 2020-01-16 09:57:27 +10:00
Alexander Færøy
ca9a5390ff Don't escape the bridge distribution value.
We already check if there are invalid values in
check_bridge_distribution_setting() and reject the value if that is the
case. We can therefore only have strings of [A-Z] | [a-z] | [0-9] | '-'
| '_' here which is according to the directory specification.

See: https://bugs.torproject.org/32753
2020-01-15 23:41:58 +00:00
teor
f3cbc26bdd
add_c_file: Fix "control line not preceded by a blank line"
Fix dirauth and relay module include.am add_c_file.py
"control line not preceded by a blank line" errors.

Also remove a duplicate ADD_C_FILE: SOURCES in the relay module.

Obviously correct fixes to already-reviewed code.
2020-01-16 09:38:26 +10:00