Commit Graph

23182 Commits

Author SHA1 Message Date
Mike Perry
917f8beb54 Add CBT unit test for Xm and alpha estimation. 2021-02-18 11:21:25 -06:00
Mike Perry
a0690f079d Update documentation for the number of modes for Xm estimator. 2021-02-18 11:21:25 -06:00
Mike Perry
d16b3d12a1 Bug 34088: Remove max timeout calculation and warning.
With the maximum likelihood estimator for alpha from #40168, we no longer need
max_time to calculate alpha.
2021-02-18 11:21:25 -06:00
Mike Perry
ed9d60cb92 Fix Xm mode calculation to properly average N=10 modes.
This is still fast enough. ~100usec on my laptop with 1000 build times.
2021-02-18 11:21:25 -06:00
Mike Perry
406400a74d Lower circuit build time bin width to 10ms.
50ms is not enough resolution. CBT can be as low as 80ms in datacenter
clients close to their relays.
2021-02-18 11:21:25 -06:00
Mike Perry
86acd4d940 Log circuit timeout in milliseconds 2021-02-18 11:21:25 -06:00
Mike Perry
c90b0cb6fb Raise the circuit close time quantile to 99.
This should allow us to more accurately estimate pareto parameters
without relying on "right-censorship" of circuit build timeout values.
2021-02-18 11:21:25 -06:00
Mike Perry
761dd9f2ab Lower min circ timeout from 1.5s to bin width (10ms) 2021-02-18 11:21:25 -06:00
Mike Perry
37b2159150 Completely ignore abandoned circs from circ timeout calc
This prevents the timeout curve from getting spread out as much, resulting in
more accurate timeout values for quantiles from 60-80.
2021-02-18 11:21:25 -06:00
Nick Mathewson
21317c9229 Bump to 0.3.5.13-dev. 2021-02-03 13:37:28 -05:00
David Goulet
f322ea3fa8 Merge branch 'ticket40269_035_01' into maint-0.3.5 2021-02-03 09:11:09 -05:00
David Goulet
6f95cdf87e Remove unused addr_port_set code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 09:11:01 -05:00
David Goulet
a3cef41fc3 Merge branch 'ticket40270_035_01' into maint-0.3.5 2021-02-03 08:56:30 -05:00
David Goulet
c2cee6c780 node: Move reentry set to use a digestmap_t
Any lookup now will be certain and not probabilistic as the bloomfilter.

Closes #40269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:54:02 -05:00
David Goulet
59f1a41a7f relay: Send back CONNECTION_REFUSED on reentry
The TORPROTOCOL reason causes the client to close the circuit which is not
what we want because other valid streams might be on it.

Instead, CONNECTION_REFUSED will leave it open but will not allow more streams
to be attached to it. The client then open a new circuit to the destination.

Closes #40270

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:52:48 -05:00
David Goulet
98590621bb relay: Double the size of the relay reentry set
This is to minimize false positive and thus deny reentry to Exit connections
that were in reality not re-entering. Helps with overall UX.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:51:00 -05:00
David Goulet
ce3af5dd59 relay: Follow consensus parameter for network reentry
Obey the "allow-network-reentry" consensus parameters in order to decide to
allow it or not at the Exit.

Closes #40268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:50:56 -05:00
George Kadianakis
9eba65bd8b test: Add test for exits blocking reentry to the network
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
Roger Dingledine
93ac6ec4d3 exit: Deny re-entry into the network
Exit relays now reject exit attempts to known relay addresses + ORPort and
also to authorities on the ORPort and DirPort.

Closes #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
David Goulet
f26950fa7a relay: Add bloomfiter of relay address + {OR|Dir}Port
In order to deny re-entry in the network, we now keep a bloomfilter of relay
ORPort + address and authorities ORPort + address and DirPort + address
combinations.

So when an Exit stream is handled, we deny anything connecting back into the
network on the ORPorts for relays and on the ORPort+DirPort for the
authorities.

Related to #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
David Goulet
9556276f07 Merge branch 'tor-gitlab/mr/50' into maint-0.3.5 2021-01-28 12:46:24 -05:00
David Goulet
290007e3c4 Merge branch 'tor-gitlab/mr/239' into maint-0.3.5 2021-01-28 12:42:26 -05:00
David Goulet
02bd135cb1 Merge branch 'tor-gitlab/mr/243' into maint-0.3.5 2021-01-28 12:36:35 -05:00
David Goulet
1bdccc03a9 Merge branch 'tor-gitlab/mr/254' into maint-0.3.5 2021-01-28 12:10:39 -05:00
David Goulet
045db909c2 Merge remote-tracking branch 'tor-gitlab/mr/140' into maint-0.3.5 2021-01-28 12:08:14 -05:00
David Goulet
c6fb26695b Merge remote-tracking branch 'tor-gitlab/mr/186' into maint-0.3.5 2021-01-28 12:04:37 -05:00
Nick Mathewson
3ebf75993f Bump to 0.3.5.13. 2021-01-28 11:17:32 -05:00
Nick Mathewson
faf7b550e7 Merge remote-tracking branch 'tor-gitlab/mr/143' into maint-0.3.5 2021-01-19 12:53:30 -05:00
Nick Mathewson
fa8ecf8820 Better fix for #40241 (--enable-all-bugs-are-fatal and fallthrough)
This one should work on GCC _and_ on Clang.  The previous version
made Clang happier by not having unreachable "fallthrough"
statements, but made GCC sad because GCC didn't think that the
unconditional failures were really unconditional, and therefore
_wanted_ a FALLTHROUGH.

This patch adds a FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL macro that
seems to please both GCC and Clang in this case: ordinarily it is a
FALLTHROUGH, but when ALL_BUGS_ARE_FATAL is defined, it's an
abort().

Fixes bug 40241 again.  Bugfix on earlier fix for 40241, which was
merged into maint-0.3.5 and forward, and released in 0.4.5.3-rc.
2021-01-13 09:54:43 -05:00
David Goulet
04b0263974 hs-v3: Require reasonably live consensus
Some days before this commit, the network experienced a DDoS on the directory
authorities that prevented them to generate a consensus for more than 5 hours
straight.

That in turn entirely disabled onion service v3, client and service side, due
to the subsystem requiring a live consensus to function properly.

We know require a reasonably live consensus which means that the HSv3
subsystem will to its job for using the best consensus tor can find. If the
entire network is using an old consensus, than this should be alright.

If the service happens to use a live consensus while a client is not, it
should still work because the client will use the current SRV it sees which
might be the previous SRV for the service for which it still publish
descriptors for.

If the service is using an old one and somehow can't get a new one while
clients are on a new one, then reachability issues might arise. However, this
is a situation we already have at the moment since the service will simply not
work if it doesn't have a live consensus while a client has one.

Fixes #40237

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-12 09:46:35 -05:00
Nick Mathewson
ccdbbae4ec Fix warnings in current debian-hardened CI.
We're getting "fallback annotation annotation in unreachable code"
warnings when we build with ALL_BUGS_ARE_FATAL. This patch fixes
that.

Fixes bug 40241.  Bugfix on 0.3.5.4-alpha.
2021-01-11 14:25:56 -05:00
George Kadianakis
d89974c5c6 Fix Keccak undefined behavior on exotic platforms.
Bug reported and diagnosed in:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975977

Fixes bug #40210.
2020-12-17 13:49:17 +02:00
Nick Mathewson
c4fe66e342 Socks5: handle truncated client requests correctly
Previously, our code would send back an error if the socks5 request
parser said anything but DONE.  But there are other non-error cases,
like TRUNCATED: we shouldn't send back errors for them.

This patch lowers the responsibility for setting the error message
into the parsing code, since the actual type of the error message
will depend on what problem was encountered.

Fixes bug 40190; bugfix on 0.3.5.1-alpha.
2020-12-14 10:14:03 -05:00
Nick Mathewson
fcae26adf7 Merge remote-tracking branch 'tor-gitlab/mr/195' into maint-0.3.5 2020-11-16 22:42:15 -05:00
Nick Mathewson
862c44e4ec Bump to 0.3.5.12-dev 2020-11-12 08:11:01 -05:00
Nick Mathewson
665083be9f Bump to 0.3.5.12 2020-11-09 17:12:18 -05:00
Nick Mathewson
52e439c13e Merge remote-tracking branch 'tor-gitlab/mr/189' into maint-0.3.5 2020-11-09 16:13:24 -05:00
Nick Mathewson
31a6a101a0 Handle a change in the implementation of hashlib in Python 3.9
Previously, hashlib.shake_256 was a class (if present); now it can
also be a function.  This change invalidated our old
compatibility/workaround code, and made one of our tests fail.

Fixes bug 40179; bugfix on 0.3.1.6-rc when the workaround code was
added.
2020-11-05 09:34:36 -05:00
Nick Mathewson
c48d25ac8d Fix a previously overstrict log message check.
OpenSSL doesn't seem to report error locations in the same way as
before, which broke one of our tests.

Fixes bug 40170; bugfix on 0.2.8.1-alpha.
2020-10-28 10:47:39 -04:00
Nick Mathewson
2b4a3d07b2 Do not define OPENSSL_VERSION in compat_openssl.h
Apparently it conflicts with definitions elsewhere in Openssl 3.0.0.
2020-10-28 10:32:06 -04:00
Nick Mathewson
d9221968ce Include a more modest openssl header in crypto_openssl_mgt.h
The "engines.h" header has lots of stuff; the "opensslv.h" header
has the version number, which is all we actually need here.

We need to do this because we're about to change this header to
conditionally define OPENSSL_SUPPRESS_DEPRECATED, and it would be
too late to do so if we'd already included "engines.h".
2020-10-28 10:11:42 -04:00
Nick Mathewson
dd63b97288 Implement proposal 318: Limit protovers to 0..63
In brief: we go through a lot of gymnastics to handle huge protover
numbers, but after years of development we're not even close to 10
for any of our current versions.  We also have a convenient
workaround available in case we ever run out of protocols: if (for
example) we someday need Link=64, we can just add Link2=0 or
something.

This patch is a minimal patch to change tor's behavior; it doesn't
take advantage of the new restrictions.

Implements #40133 and proposal 318.
2020-10-14 11:28:37 -04:00
Nick Mathewson
741edf1b45 Merge remote-tracking branch 'tor-github/pr/1827/head' into maint-0.3.5 2020-10-07 09:29:07 -04:00
David Goulet
b404f085ad hs-v2: Add deprecation warning for service
If at least one service is configured as a version 2, a log warning is emitted
once and only once.

Closes #40003

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-10-07 08:38:23 -04:00
Nick Mathewson
5f5587ee50 Merge remote-tracking branch 'tor-gitlab/mr/77' into maint-0.3.5 2020-10-07 08:29:23 -04:00
Nick Mathewson
ad7ffa5240 Merge remote-tracking branch 'tor-gitlab/mr/79' into maint-0.3.5 2020-10-07 08:25:55 -04:00
Nick Mathewson
98e14720b5 Merge remote-tracking branch 'tor-github/pr/1661/head' into maint-0.3.5 2020-10-07 08:14:46 -04:00
Nick Mathewson
968b6c30c1 Merge remote-tracking branch 'tor-gitlab/mr/43' into maint-0.3.5 2020-10-07 08:09:59 -04:00
Nick Mathewson
e0e0ef713e Merge remote-tracking branch 'tor-gitlab/mr/137' into maint-0.3.5 2020-10-07 08:07:53 -04:00
Nick Mathewson
84a5bd48e2 Merge remote-tracking branch 'tor-gitlab/mr/103' into maint-0.3.5 2020-10-07 08:05:31 -04:00