Commit Graph

36795 Commits

Author SHA1 Message Date
Nick Mathewson
9b390a556e Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-19 12:53:52 -05:00
Nick Mathewson
e3a5482681 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-19 12:53:52 -05:00
Nick Mathewson
b7f886beb4 Merge remote-tracking branch 'tor-gitlab/mr/163' into maint-0.4.3 2021-01-19 12:53:44 -05:00
Nick Mathewson
faf7b550e7 Merge remote-tracking branch 'tor-gitlab/mr/143' into maint-0.3.5 2021-01-19 12:53:30 -05:00
Nick Mathewson
6c1bc570cf Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-19 12:49:31 -05:00
Nick Mathewson
4c82c2d1d4 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-19 12:49:22 -05:00
Nick Mathewson
a22bfe04bc Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-19 12:45:07 -05:00
Nick Mathewson
2d5b21598e Merge remote-tracking branch 'tor-gitlab/mr/259' into maint-0.3.5 2021-01-19 12:44:59 -05:00
Alexander Færøy
13cf964453 Remove unnecessary non-fatal assertion.
This patch removes a call to `tor_assert_nonfatal()` if
`extend_info_from_node()` returns NULL. This is unnecessary as we
already handle the case where `info` is NULL in the next `if (!info) {
... }` block in the code.

See: tor#32666.
2021-01-19 17:08:01 +00:00
Nick Mathewson
f79a31f6d5 Merge remote-tracking branch 'tor-gitlab/mr/260' into maint-0.4.5 2021-01-19 12:02:21 -05:00
Nick Mathewson
f8cf2546ea Merge remote-tracking branch 'tor-gitlab/mr/258' into maint-0.4.5 2021-01-19 11:59:58 -05:00
David Goulet
691c717187 Revert "IPv6 sybil: consider addresses in the same /64 to be equal."
This reverts commit d07f17f676.

We don't want to consider an entire routable IPv6 network as sybil if more
than 2 relays happen to be on it. For path selection it is very important but
not for selecting relays in the consensus.

Fixes #40243
2021-01-15 12:57:57 -05:00
David Goulet
f0c29f0883 relay: Don't BUG() if we can't find authority descriptor
We can end up trying to find our address from an authority while we don't have
yet its descriptor.

In this case, don't BUG() and just come back later.

Closes #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 10:02:03 -05:00
David Goulet
743a5ef2b3 relay: Don't flag that we published if descriptor build fails
In case building the descriptor would fail, we could still flag that we did in
fact publish the descriptors leading to no more attempt at publishing it which
in turn makes the relay silent for some hours and not try to rebuild the
descriptor later.

This has been spotted with #40231 because the operator used a localhost
address for the ORPort and "AssumeReachable 1" leading to this code path where
the descriptor failed to build but all conditions to "can I publish" were met.

Related to #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 09:42:56 -05:00
David Goulet
8230d2ba3b configure: Don't print disable option for module that can't be disabled
This is currently for the dircache module that can not be disabled by itself,
it is only disabled from the relay module.

Thus, we should not print in the configure summary the disable option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 09:25:46 -05:00
David Goulet
e5a0c739d4 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-13 10:38:05 -05:00
David Goulet
61ee17eb1e Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-13 10:38:05 -05:00
David Goulet
17eb635532 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-13 10:38:05 -05:00
David Goulet
7a82fbfdab gitignore: Add Linux core file patterns
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-13 10:37:56 -05:00
Nick Mathewson
fa8ecf8820 Better fix for #40241 (--enable-all-bugs-are-fatal and fallthrough)
This one should work on GCC _and_ on Clang.  The previous version
made Clang happier by not having unreachable "fallthrough"
statements, but made GCC sad because GCC didn't think that the
unconditional failures were really unconditional, and therefore
_wanted_ a FALLTHROUGH.

This patch adds a FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL macro that
seems to please both GCC and Clang in this case: ordinarily it is a
FALLTHROUGH, but when ALL_BUGS_ARE_FATAL is defined, it's an
abort().

Fixes bug 40241 again.  Bugfix on earlier fix for 40241, which was
merged into maint-0.3.5 and forward, and released in 0.4.5.3-rc.
2021-01-13 09:54:43 -05:00
David Goulet
c5817a0daf m4: Change LIBS order of TOR_SEARCH_LIBRARY()
Some gcc versions do explode if the order of the linker flags are not correct.
One issue was statically building OpenSSL which would require that "-lssl
-lcrypto" be put _before_ the "-lpthread -ldl" flags.

I have not such problem with GCC 10 but does with GCC 9.

Closes #33624

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-13 09:52:10 -05:00
George Kadianakis
c931eae981 Merge branch 'mr/252' into maint-0.4.5 2021-01-13 16:01:11 +02:00
Nick Mathewson
4d6d3b3c05 Remove BUG() when checking TOO_MANY_OUTDATED_DIRSERVERS.
Fixes bug #40234; bugfix on 0.3.2.5-alpha.
2021-01-13 16:00:54 +02:00
Nick Mathewson
01be7cc535 Bump to 0.4.5.3-rc-dev 2021-01-12 16:08:07 -05:00
David Goulet
9b59ede8d3 Merge branch 'ticket40237_044_01' into ticket40237_045_01 2021-01-12 10:55:21 -05:00
David Goulet
b3652f2104 Merge branch 'ticket40237_043_01' into ticket40237_044_01 2021-01-12 10:54:31 -05:00
David Goulet
0485c7ddba tests: Fix unit tests after merge of #40237 2021-01-12 10:50:01 -05:00
David Goulet
60da5d6222 Merge branch 'ticket40237_035_01' into ticket40237_043_01 2021-01-12 10:46:25 -05:00
David Goulet
04b0263974 hs-v3: Require reasonably live consensus
Some days before this commit, the network experienced a DDoS on the directory
authorities that prevented them to generate a consensus for more than 5 hours
straight.

That in turn entirely disabled onion service v3, client and service side, due
to the subsystem requiring a live consensus to function properly.

We know require a reasonably live consensus which means that the HSv3
subsystem will to its job for using the best consensus tor can find. If the
entire network is using an old consensus, than this should be alright.

If the service happens to use a live consensus while a client is not, it
should still work because the client will use the current SRV it sees which
might be the previous SRV for the service for which it still publish
descriptors for.

If the service is using an old one and somehow can't get a new one while
clients are on a new one, then reachability issues might arise. However, this
is a situation we already have at the moment since the service will simply not
work if it doesn't have a live consensus while a client has one.

Fixes #40237

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-12 09:46:35 -05:00
Nick Mathewson
ca6ccd372f Reject obsolete router/extrainfo descs more quietly.
Thanks to proposal 315 / ticket #30132, more fields are now
required in these documents.  But ancient Tors that try to upload
obsolete documents were causing the authorities to log warnings
about missing fields, and to do so very spammily.

We now detect the missing fields before tokenizing, and log at
debug.  This is a bit of ugliness, but it's probably a safer choice
than making _all_ unparseable-desc warnings into debug-level logs.

I'm looking at identity-ed25519 in extrainfos and proto in
routerdescs because they were (I believe) the latest-added fields in
Tor's history: any Tor that lacks them will also lack the other
newly required fields.

Fixes bug #40238; bugfix on 0.4.5.1-alpha.
2021-01-11 14:50:40 -05:00
Nick Mathewson
5a822b462a Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-11 14:37:29 -05:00
Nick Mathewson
d1f4741606 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-11 14:37:29 -05:00
Nick Mathewson
4b39f46a61 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-11 14:37:28 -05:00
Nick Mathewson
6c0f15500b Merge branch 'ticket40241_035' into maint-0.3.5 2021-01-11 14:37:14 -05:00
Nick Mathewson
ccdbbae4ec Fix warnings in current debian-hardened CI.
We're getting "fallback annotation annotation in unreachable code"
warnings when we build with ALL_BUGS_ARE_FATAL. This patch fixes
that.

Fixes bug 40241.  Bugfix on 0.3.5.4-alpha.
2021-01-11 14:25:56 -05:00
Nick Mathewson
edc9fda4f5 Increment version to 0.4.5.3-rc 2021-01-11 12:48:00 -05:00
David Goulet
aae9a05a01 relay: Log address suggested by directory authorities
If we get an address suggestion from a directory authority and we have no
address configured or discovered, log it at notice level so the operator can
learn what address will be used by Tor.

Fixes #40201

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-21 14:41:52 -05:00
Nick Mathewson
ad00da663e Merge branch 'mr_240_squashed' into maint-0.4.5 2020-12-21 13:25:52 -05:00
David Goulet
f4cbcde2da test: Fix memleak in test/load_stats_file
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-21 13:18:20 -05:00
Karsten Loesing
5dd6304f36 Fix timestamp parser in new load_stats_file.
The previous parser only considered stats files _starting_ with the
timestamp tag, not stats files having the timestamp tag in a later
position. While this applies to all current stats files, a future
stats file might look differently. Better to fix the function now than
be surprised in another 9 years from now.

This commit also adds a test case for such future stats, and it fixes
stats file paths in newly added unit tests.
2020-12-21 13:18:20 -05:00
David Goulet
c934fced31 relay: Report the entire content of a stats file
It turns out that 9 years ago, we stopped appending data into stats file and
rather overwrite everytime we have new stats (see commit
a6a127c833)

The load_stats_file() function was still thinking that we could have the same
line many times in the file which turns out to be false since 9 years ago.
However, that did not cause problem until IPv6 connection stats came along
which introduced a new line in conn-stats: "ipv6-conn-bi-direct ...".

Before, that file contained a single line starting with the tag
"conn-bi-direct".  That very tag appears also in the IPv6 tag (see above) so
the load_stats_file() function would consider that the IPv6 line as the last
tag to be appeneded to the file and fail to report the line above (for IPv4).
It would actually truncate the IPv6 line and report it (removing the "ipv6-"
part).

In other words, "conn-bi-direct" was not reported and instead
"ipv6-conn-bi-direct" was used without the "ipv6-" part.

This commit refactors the entire function so that now it looks for a
"timestamp tag" to validate and then if everything is fine, returns the entire
content of the file. The refactor simplifies the function, adds logging in
case of failures and modernize it in terms of coding standard.

Unit tests are also added that makes sure the loaded content matches the
entire file if timestamp validation passes.

Fixes #40226

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-21 13:18:20 -05:00
David Goulet
d45354d5ea Merge branch 'tor-gitlab/mr/243' into maint-0.4.5 2020-12-17 08:25:18 -05:00
George Kadianakis
d89974c5c6 Fix Keccak undefined behavior on exotic platforms.
Bug reported and diagnosed in:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975977

Fixes bug #40210.
2020-12-17 13:49:17 +02:00
Alexander Færøy
5a2d01ae57 Merge branch 'tor-gitlab/mr/234' into maint-0.4.5 2020-12-16 20:38:23 +00:00
David Goulet
ee6ad0e592 config: Catch missing Bridge for ClientTransportPlugin
When making sure we have a Bridge line with a ClientTransportPlugin, we
now check in the managed proxy list and so we can catch any missing
ClientTransportPlugin for a Bridge line.

Fixes #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-16 20:37:57 +00:00
Alexander Færøy
b83777f7b2 Merge remote-tracking branch 'tor-gitlab/mr/238' into maint-0.4.5 2020-12-16 20:31:10 +00:00
Alexander Færøy
7998ea2f18 Merge remote-tracking branch 'tor-gitlab/mr/237' into maint-0.4.5 2020-12-16 20:29:03 +00:00
David Goulet
4a77aa6e82 Merge branch 'tor-gitlab/mr/239' into maint-0.4.5 2020-12-15 11:58:13 -05:00
George Kadianakis
c731a4efec Merge remote-tracking branch 'tor-gitlab/mr/205' into maint-0.4.5 2020-12-15 16:28:49 +02:00
Nick Mathewson
c4fe66e342 Socks5: handle truncated client requests correctly
Previously, our code would send back an error if the socks5 request
parser said anything but DONE.  But there are other non-error cases,
like TRUNCATED: we shouldn't send back errors for them.

This patch lowers the responsibility for setting the error message
into the parsing code, since the actual type of the error message
will depend on what problem was encountered.

Fixes bug 40190; bugfix on 0.3.5.1-alpha.
2020-12-14 10:14:03 -05:00