Previously we would incorrectly detect that ipv6 isn't supported if the
ping binary isn't present (as it may not be in a relatively stripped
down container image), or if ICMP packets aren't permitted (as they
often aren't in containers).
We don't really have a need to run these network tests on non-IPv6
systems, so it makes more sense to just run them unconditionally.
While chutney currently runs tor's chutney test in its own CI,
it's difficult to guarantee the two won't accidentally diverge.
Probably best to use a fixed version here so that we can control
chutney version bumps and avoid surprise breakage in tor's CI.
This will also free us to intentionally make breaking changes in
chutney (though I don't have any immediate plans for any).
Conflux circuit building was ignoring the "predicted ports" feature,
which aims to make Tor stop building circuits if there have been
no user requests lately. This bug led to every idle Tor on the
network building and discarding circuits every 30 seconds, which
added overall load to the network, used bandwidth and battery from
clients that weren't actively using their Tor, and kept sockets open
on guards which added connection padding essentially forever.
Bug went in on commit 39c2927d when we added preemptive conflux circuit
pools.
Fixes bug 40981; bugfix on 0.4.8.1-alpha.
Resources allocated by cpuworker weren't being freed on clean shutdown.
This applies for worker threads, worker thread pool, reply queue, reply
event, ...
This proposal adds new syntax to the SOCKS5 username/password extension scheme,
so that requests with usernames starting with <torS0X> are now reserved.
For C tor, all we need to do is reject every username starting with <torS0X>
unless it is exactly "<torS0X>0".
It turns out that circuit_package_relay_cell() returns 0 in order to drop a
cell but there is a code path, if the circuit queue is full, that also silently
closes the circuit and returns 0.
This lead to Conflux thinking a cell was sent but actually the cell was not and
the circuit was closed leading to the hard assert.
And so this function makes sure that circuit_package_relay_cell() and
append_cell_to_circuit_queue() returns a value that indicate what happened with
the cell and circuit so the caller can make an informed decision with it.
This change makes it that we do NOT enter the Conflux subsystem if the cell is
not queued on the circuit.
Fixes#40921
Signed-off-by: David Goulet <dgoulet@torproject.org>
This was previously added to facilitate testing intro point rotation
with chutney. However, the implementation is problematic since it forces
excessive rotation whenever TestingTorNetwork is enabled, and can't be
adjusted or disabled.
Alternatives for testing intro point rotation include:
* Using shadow to "fast forward" time
* Overriding the consensus parameters hs_intro_min_lifetime and
hs_intro_max_lifetime.
Fixes#40922
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes#40891
This commit adds the total number of DROP cell seen, the total number of
DESTROY cell received and the total number of protocol violation that lead to a
circuit close.
Closes#40816
Signed-off-by: David Goulet <dgoulet@torproject.org>