Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit. Also, it's reason is changed before closing it so we
don't report again an intro point failure and trigger an extra HS fetch.
Fixes#14224
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit.
Fixes#14224
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
This fixes a bug where we'd fetch different replicas of the same
descriptor for a down hidden service over and over, until we got lucky
and fetched the same replica twice in a row.
Fixes bug 14219; bugfix on 0.2.0.10-alpha.
(Patch from Roger; commit message and changes file by Nick.)
We've started to hit the limit here. We introduced the limit in
0.1.2.5-alpha. This fixes bug 14261, but we should have a smarter way
to not actually do the behavior this permits. See #14267 for a ticket
about fixing that.
This incidentally makes unix SocksSocket support all the same options
as SocksPort.
This patch breaks 'SocksSocket 0'; next will restore it.
Resolves 14254.
Previously I used one queue per worker; now I use one queue for
everyone. The "broadcast" code is gone, replaced with an idempotent
'update' operation.
The solution I took is to not free a circuit with a pending
uncancellable work item, but rather to set its magic number to a
sentinel value. When we get a work item, we check whether the circuit
has that magic sentinel, and if so, we free it rather than processing
the reply.
To avoid having diffs turn out too big, I had replaced some unneeded
ifs and fors with if (1), so that the indentation would still work out
right. Now I might as well clean those up.
This way we can use the linux eventfd extension where available.
Using EVFILT_USER on the BSDs will be a teeny bit trickier, and will
require libevent hacking.
Also, re-enable the #if'd out condition-variable code.
Work queues are going to make us hack on all of this stuff a bit more
closely, so it might not be a terrible idea to make it easier to hack.
The trick here is to apply mapaddress first, and only then apply
automapping. Otherwise, the automap checks don't get done.
Fix for bug 7555; bugfix on all versions of Tor supporting both
MapAddress and AutoMap.
When tor is configured with --enable-bufferevents, the build fails
because compat_libevent.h makes use of the macro MOCK_DECL() which
is defined in testsupport.h, but not included. We add the include.
There were following problems:
- configure.ac wrongly checked for defined HAVE_SYSTEMD; this
wasn't working, so the watchdog code was not compiled in.
Replace library search with explicit version check
- sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env;
this means only first "watchdog ping" was delivered, each
subsequent one did not have socket to be sent to and systemd
was killing service
- after those fixes, enable Watchdog in systemd unit with one
minute intervals
If running under systemd, send back information when reloading
configuration and gracefully shutting down. This gives administator
more information about current Tor daemon state.
If running under systemd, notify the supervisor about current PID
of Tor daemon. This makes systemd unit simpler and more robust:
it will do the right thing regardless of RunAsDaemon settings.
Check for a missing option value in parse_virtual_addr_network
before asserting on the NULL in tor_addr_parse_mask_ports.
This avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]]
when no value follows the option.
Bugfix on 0.2.3 (de4cc126cb on 24 November 2012), fixes#14142.
apparantly, "pragma GCC diagnostic push/pop" don't exist with older versions.
Fixes bug in 740e592790f570c446cbb5e6d4a77f842f75; bug not in any
released Tor.
Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
but keep the default at 30 seconds.
Reduces the hidden service bootstrap to 25 seconds from around 45 seconds.
Change the default src/test/test-network.sh delay to 25 seconds.
Closes ticket 13401.
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.
Partial fix for bug 14067.
Check that tor generates new keys, and overwrites the empty key files.
Test that tor generates new keys when keys are missing (existing
behaviour).
Test that tor does not overwrite key files that already contain data
(existing behaviour).
Tests fixes to bug 13111.
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later. Bugfix
on 0.2.1.8-alpha.
Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times. Bugfix on 0.2.0.3-alpha.
When I made time parsing more strict, I broke the
EntryGuardDownSince line, which relied on two concatenated ISO times
being parsed as a single time.
Fixes bug 14136. Bugfix on 7984fc1531. Bug not in any released
version of Tor.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.
Fixes bug 14129. Bugfix on 0d20fee2fb, which was in 0.0.7rc1.
jowr found the bug. cypherpunks wrote the fix. I added the log
message and removed the assert.
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."
Closes 12485.
If we decide not to use a new guard because we want to retry older
guards, only close the locally-originating circuits passing through
that guard. Previously we would close all the circuits.
Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in. But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.
Fixes bug 9286.
If we're not a relay, we ignore it.
If it's set to 1, we obey ExitPolicy.
If it's set to 0, we force ExitPolicy to 'reject *:*'
And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.
Fixes ticket 10067
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them. That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.
Fixes bug 13397; bugfix on 0.2.3.11-alpha.
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything." But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.
Instead, let "." remain ".", and treat it specially when we're
checking for a match.
Fixes bug 12509; bugfix on 0.2.0.1-alpha.
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit. With this option set, only
a RELAY_DONE cell is sent.
Closes ticket #14084.
Supposedly there are a decent number of applications that "support"
IPv6 and SOCKS5 using the FQDN address type. While said applications
should be using the IPv6 address type, allow the connection if
SafeSocks is not set.
Bug not in any released version.
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13924.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.
If a future consensus contains Exits, exit circuits may become available.
Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.
Consequential change from #13718.
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.
The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.
Exit Circuits:
Predicted Exit Circuits
User Traffic Circuits
Most AP Streams
Circuits Marked Exit
Build Timeout Circuits (with exits)
Internal Circuits:
Hidden Service Server Circuits
Hidden Service Client Circuits
Hidden Service AP Streams
Hidden Service Intro Point Streams
Circuits Marked Internal
Build Timeout Circuits (with no exits)
Other Circuits?
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.
When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)
This assists in bootstrapping a testing Tor network.
Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.
Used by #13718 and #13814.
count_usable_descriptors now uses named exit_only values:
USABLE_DESCRIPTOR_ALL
USABLE_DESCRIPTOR_EXIT_ONLY
Add debug logging code for descriptor counts.
This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.
This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *
This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).
Discovered as part of #13718.
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.
This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.
Fixes#13667.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it. Let's make sure that doesn't happen.
Closes ticket 14041
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13963.
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)
Fix code that assumes larger interval values.
This assists in quickly bootstrapping a testing
Tor network.
Fixes bugs 13718 & 13823.
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.
This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
Document why we divide it by two.
Check for > 0 instead of nonzero for success, since that's what the
manpage says.
Allow watchdog timers greater than 1 second.
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.
This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.
This patch is released under the same license as the original file as
long as the author is credited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.
This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.
Prevents any fallout from bug 14013.
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.
Fixes bug 14001.
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.
A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.
A log buffer is sized 10024 rather than 10240.
Fixes bug 14001.
The two statistics are:
1. number of RELAY cells observed on successfully established
rendezvous circuits; and
2. number of .onion addresses observed as hidden-service
directory.
Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.
Notably, no statistics will be gathered on clients or services, but
only on relays.
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.
Furthermore, a controller event is triggered where the former did not.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
