Commit Graph

27144 Commits

Author SHA1 Message Date
David Goulet
01c4abc2d4 conn: Properly close MetricsPort socket on EOF
Handle the EOF situation for a metrics connection. Furthermore, if we failed
to fetch the data from the inbuf properly, mark the socket as closed because
the caller, connection_process_inbuf(), assumes that we did so on error.

Fixes #40257

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-08 14:26:45 -05:00
Nick Mathewson
0efc1e6372 40274: Add a changes file and make the same change with FD_CLOEXEC 2021-02-08 12:39:12 -05:00
Nick Mathewson
d21ad8a78d Merge remote-tracking branch 'tor-github/pr/2128/head' 2021-02-08 12:14:58 -05:00
Nick Mathewson
56f1cab9c1 Don't log supported-protover warnings if consensus is older than Tor.
Previously we would warn in this case... but there's really no
justification for doing so, and it can only cause confusion.

Fixes bug #40281; bugfix on 0.4.0.1-alpha.
2021-02-08 11:52:53 -05:00
David Goulet
685c4866ac relay: Look at the omit IPv6 flag when publishing
In two instances we must look at this flag:

1. When we build the descriptor so the IPv6 is NOT added to the descriptor in
   case we judge that we need to omit the address but still publish.

2. When we are deciding if the descriptor is publishable. This flags tells us
   that the IPv6 was not found reachable but we should still publish.

Fixes #40279

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-08 11:51:45 -05:00
Nick Mathewson
8d80126eee Remove DirCache=1 from list of supported versions.
Closes #40221
2021-02-08 11:40:35 -05:00
David Goulet
841ee4641e relay: Fix Coverity warning for unchecked returned value
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-08 11:09:29 -05:00
Nick Mathewson
576e248bc2 Merge remote-tracking branch 'tor-gitlab/mr/278' 2021-02-08 10:44:58 -05:00
Nick Mathewson
90add50550 Merge branch 'bug40249_squashed' 2021-02-08 10:31:30 -05:00
Neel Chauhan
2391c60c5c Add stream ID to ADDRMAP control event 2021-02-08 10:23:41 -05:00
George Kadianakis
177b535e72 Another round of unittest massaging for tor!212. 2021-02-08 15:58:06 +02:00
George Kadianakis
16915ec515 Fix broken unittest from tor!212 .
Be more careful with memory management in the test.
2021-02-08 15:30:50 +02:00
George Kadianakis
d4255253b0 Merge remote-tracking branch 'tor-gitlab/mr/212' 2021-02-08 13:03:07 +02:00
Alexander Færøy
07ca2a8ee9 Merge branch 'maint-0.4.5' 2021-02-05 17:17:05 +00:00
Alexander Færøy
3496804827 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-05 17:17:05 +00:00
Alexander Færøy
af9107aff2 Fix Windows build.
While trying to resolve our CI issues, the Windows build broke with an
unused function error:

   src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
   defined but not used [-Werror=unused-function]

We solve this by moving the `#if !defined(_WIN32)` test above the
`unprivileged_port_range_start()` function defintion such that it is
included in its body.

This is an unreviewed commit.

See: tor#40275
2021-02-05 17:12:52 +00:00
Alexander Færøy
7a152997fe Merge branch 'maint-0.4.5' 2021-02-05 16:05:57 +00:00
Alexander Færøy
0a40892e8c Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-05 16:05:57 +00:00
Alexander Færøy
6578a3e865 Merge branch 'tor-gitlab/mr/292_squashed' into maint-0.4.4 2021-02-05 16:04:53 +00:00
Alexander Færøy
67aefd5520 Only check for bindable ports if we are unsure if it will fail.
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.

See: tor#40275
2021-02-05 16:04:21 +00:00
Neel Chauhan
d103466282 Add missing newline between get_all_possible_sybil() and version_from_platform() 2021-02-03 14:07:01 -08:00
Nick Mathewson
f3ba71bbee bump to 0.4.4.7-dev 2021-02-03 13:39:03 -05:00
Nick Mathewson
21317c9229 Bump to 0.3.5.13-dev. 2021-02-03 13:37:28 -05:00
Neel Chauhan
22f55fdb2a Document REND_V3_AUTH flag 2021-02-03 10:25:46 -08:00
David Goulet
22941c5299 Merge branch 'maint-0.4.5' 2021-02-03 09:35:50 -05:00
David Goulet
44b4aa82aa nodelist: Remove merge artefact
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 09:35:45 -05:00
David Goulet
970d49f11b Merge branch 'maint-0.4.5' 2021-02-03 09:11:15 -05:00
David Goulet
9e91bb31cc Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-03 09:11:15 -05:00
David Goulet
61e38deb56 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 09:11:14 -05:00
David Goulet
890a9e89ba Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 09:11:14 -05:00
David Goulet
f322ea3fa8 Merge branch 'ticket40269_035_01' into maint-0.3.5 2021-02-03 09:11:09 -05:00
David Goulet
6f95cdf87e Remove unused addr_port_set code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 09:11:01 -05:00
David Goulet
1b298e1863 Merge branch 'maint-0.4.5' 2021-02-03 08:58:17 -05:00
David Goulet
a0b3e9116d Merge branch 'maint-0.4.4' into maint-0.4.5 2021-02-03 08:58:02 -05:00
David Goulet
eda81ea27e Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 08:56:38 -05:00
David Goulet
cc5d5a5d1e Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 08:56:38 -05:00
David Goulet
a3cef41fc3 Merge branch 'ticket40270_035_01' into maint-0.3.5 2021-02-03 08:56:30 -05:00
David Goulet
903bfc4eca Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 08:54:40 -05:00
David Goulet
e50648582b Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 08:54:40 -05:00
David Goulet
c2cee6c780 node: Move reentry set to use a digestmap_t
Any lookup now will be certain and not probabilistic as the bloomfilter.

Closes #40269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:54:02 -05:00
David Goulet
59f1a41a7f relay: Send back CONNECTION_REFUSED on reentry
The TORPROTOCOL reason causes the client to close the circuit which is not
what we want because other valid streams might be on it.

Instead, CONNECTION_REFUSED will leave it open but will not allow more streams
to be attached to it. The client then open a new circuit to the destination.

Closes #40270

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:52:48 -05:00
David Goulet
36b51a1c71 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-02-03 08:51:37 -05:00
David Goulet
0f8195406e Merge branch 'maint-0.3.5' into maint-0.4.3 2021-02-03 08:51:36 -05:00
David Goulet
98590621bb relay: Double the size of the relay reentry set
This is to minimize false positive and thus deny reentry to Exit connections
that were in reality not re-entering. Helps with overall UX.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:51:00 -05:00
David Goulet
ce3af5dd59 relay: Follow consensus parameter for network reentry
Obey the "allow-network-reentry" consensus parameters in order to decide to
allow it or not at the Exit.

Closes #40268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03 08:50:56 -05:00
George Kadianakis
0ba0d738a8 Merge remote-tracking branch 'tor-gitlab/mr/279' 2021-02-02 15:25:22 +02:00
Helge Deller
8ea00c85cb Fix testcases regarding O_NONBLOCK on parisc/hppa architecture
On the parisc/hppa architecture, the O_NONBLOCK constant can be either
000200000 or 000200004, depending on the Linux kernel and glibc version
on which the binary is running.
Background of this can be read in this upstream Linux kernel patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75ae04206a4d0e4f541c1d692b7febd1c0fdb814

The tor testcases fail because of this, because function
fd_is_nonblocking() checks hard against the O_NONBLOCK value, while it's
sufficient if it would only check if one of the bits is set.

Fix this trivial issue by just comparing if the returned file descriptor flag
and'ed with O_NONBLOCK is non-zero.

As reference, a failing build on parisc/hppa can be seen here:
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=hppa&ver=0.4.4.6-1%2Bb1&stamp=1612225628&raw=0
2021-02-02 12:20:13 +01:00
Nick Mathewson
40eeb63b5e bump to 0.4.5.5-rc-dev 2021-02-01 16:14:07 -05:00
David Goulet
6bde42b4de Merge branch 'maint-0.4.5' 2021-02-01 14:10:06 -05:00
David Goulet
ed373eaa8d Merge branch 'tor-gitlab/mr/289' into maint-0.4.5 2021-02-01 14:09:58 -05:00
David Goulet
387d1d8835 relay: Send back CONNECTION_REFUSED on reentry
The TORPROTOCOL reason causes the client to close the circuit which is not
what we want because other valid streams might be on it.

Instead, CONNECTION_REFUSED will leave it open but will not allow more streams
to be attached to it. The client then open a new circuit to the destination.

Closes #40270

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 12:45:32 -05:00
David Goulet
627e7d6625 Remove unused addr_port_set code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 12:28:29 -05:00
David Goulet
bd4a3f64a1 node: Move reentry set to use a digestmap_t
Any lookup now will be certain and not probabilistic as the bloomfilter.

Closes #40269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 12:22:23 -05:00
David Goulet
385fda038f Merge branch 'maint-0.4.5' 2021-02-01 09:24:38 -05:00
David Goulet
838e07be9d relay: Double the size of the relay reentry set
This is to minimize false positive and thus deny reentry to Exit connections
that were in reality not re-entering. Helps with overall UX.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 09:04:50 -05:00
David Goulet
2c3c30e58f relay: Follow consensus parameter for network reentry
Obey the "allow-network-reentry" consensus parameters in order to decide to
allow it or not at the Exit.

Closes #40268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-01 08:56:27 -05:00
David Goulet
b2434d30d2 Merge branch 'tor-gitlab/mr/285' into ticket2667_044_01 2021-01-29 14:54:21 -05:00
David Goulet
705fd37875 Merge branch 'tor-gitlab/mr/284' into ticket2667_043_01 2021-01-29 14:51:38 -05:00
David Goulet
ec9575944a Merge branch 'maint-0.4.5' 2021-01-29 14:40:56 -05:00
George Kadianakis
46efbcb116 test: Add test for exits blocking reentry to the network
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:28:56 -05:00
Roger Dingledine
632688c797 exit: Deny re-entry into the network
Exit relays now reject exit attempts to known relay addresses + ORPort and
also to authorities on the ORPort and DirPort.

Closes #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:28:54 -05:00
David Goulet
8dda7bfdb8 relay: Add bloomfiter of relay address + {OR|Dir}Port
In order to deny re-entry in the network, we now keep a bloomfilter of relay
ORPort + address and authorities ORPort + address and DirPort + address
combinations.

So when an Exit stream is handled, we deny anything connecting back into the
network on the ORPorts for relays and on the ORPort+DirPort for the
authorities.

Related to #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:28:51 -05:00
George Kadianakis
9eba65bd8b test: Add test for exits blocking reentry to the network
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
Roger Dingledine
93ac6ec4d3 exit: Deny re-entry into the network
Exit relays now reject exit attempts to known relay addresses + ORPort and
also to authorities on the ORPort and DirPort.

Closes #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
David Goulet
f26950fa7a relay: Add bloomfiter of relay address + {OR|Dir}Port
In order to deny re-entry in the network, we now keep a bloomfilter of relay
ORPort + address and authorities ORPort + address and DirPort + address
combinations.

So when an Exit stream is handled, we deny anything connecting back into the
network on the ORPorts for relays and on the ORPort+DirPort for the
authorities.

Related to #2667

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29 14:19:17 -05:00
David Goulet
ea38016202 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:46:31 -05:00
David Goulet
79cb47cfc2 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:46:31 -05:00
David Goulet
9556276f07 Merge branch 'tor-gitlab/mr/50' into maint-0.3.5 2021-01-28 12:46:24 -05:00
David Goulet
be81ecba3a Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:42:31 -05:00
David Goulet
f058db1f3d Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:42:31 -05:00
David Goulet
290007e3c4 Merge branch 'tor-gitlab/mr/239' into maint-0.3.5 2021-01-28 12:42:26 -05:00
David Goulet
a3f2bc8f13 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:36:42 -05:00
David Goulet
f3da5f88d7 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:36:42 -05:00
David Goulet
02bd135cb1 Merge branch 'tor-gitlab/mr/243' into maint-0.3.5 2021-01-28 12:36:35 -05:00
David Goulet
1887231afb Merge branch 'tor-gitlab/mr/256' into maint-0.4.4 2021-01-28 12:12:01 -05:00
David Goulet
5c89197c9f Merge branch 'tor-gitlab/mr/255' into maint-0.4.3 2021-01-28 12:11:33 -05:00
David Goulet
1bdccc03a9 Merge branch 'tor-gitlab/mr/254' into maint-0.3.5 2021-01-28 12:10:39 -05:00
David Goulet
6186288eb6 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:08:20 -05:00
David Goulet
045db909c2 Merge remote-tracking branch 'tor-gitlab/mr/140' into maint-0.3.5 2021-01-28 12:08:14 -05:00
David Goulet
737cd79c42 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-28 12:04:42 -05:00
David Goulet
a17be1b5b6 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-28 12:04:42 -05:00
David Goulet
c6fb26695b Merge remote-tracking branch 'tor-gitlab/mr/186' into maint-0.3.5 2021-01-28 12:04:37 -05:00
Nick Mathewson
26a07287a4 Bump to 0.4.5.5-rc 2021-01-28 11:20:01 -05:00
Nick Mathewson
f8fea8b979 Bump to 0.4.4.7 2021-01-28 11:19:00 -05:00
Nick Mathewson
c3ed4b2e56 Bump to 0.4.3.8. 2021-01-28 11:18:13 -05:00
Nick Mathewson
3ebf75993f Bump to 0.3.5.13. 2021-01-28 11:17:32 -05:00
Neel Chauhan
a82b4eb305 src/core/mainloop: Put brackets around IPv6 addresses in log messages 2021-01-27 08:23:39 -08:00
David Goulet
a634f6b64c dos: Move config options within the subsystem
Closes #40261

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 10:37:36 -05:00
David Goulet
fd5a72078c dos: Add DoS subsystem to manager list
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:50:27 -05:00
Nick Mathewson
b019c83853 Merge branch 'maint-0.4.5' 2021-01-27 09:36:39 -05:00
Nick Mathewson
3c0d398847 Merge branch 'mr_274_squashed' into maint-0.4.5 2021-01-27 09:36:29 -05:00
David Goulet
f03047332c relay: Log if we can't find an address for configured ORPort
Everytime we try to discover an address we want to publish, emit a log notice
if we are unable to find it even though an ORPort was configured for it.

Because the function can be called quite often, we rate limit that notice to
every hour so it gets annoying just enough so the operator fixes that.

Related to #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
David Goulet
2e600019ea relay: Don't trigger an address discovery without an ORPort
We would before do an address discovery and then a lookup in the cache if not
found which is now simplified by calling relay_find_addr_to_publish() directly
which does all those combined.

Furthermore, by doing so, we won't trigger an address discovery every minute
if we have no ORPort configured for the family.

Fixes #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
David Goulet
b4220a09b7 relay: Simplify IPv6 discovery when building descriptor
Now that relay_find_addr_to_publish() checks if we actually have an ORPort, we
can simplify the descriptor building phase for IPv6.

This also avoid triggering an IPv6 discovery if the IPv4 can't be found in the
first place.

Related to #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
David Goulet
b4f4af6ec5 relay: Skip address discovery if no ORPort is found
In other words, if we don't have an ORPort configured for a specific family
(IPv4/v6), we don't bother doing address discovery.

Related to #40254

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-27 09:36:17 -05:00
George Kadianakis
05a7624266 Merge remote-tracking branch 'tor-gitlab/mr/272' 2021-01-27 15:47:10 +02:00
George Kadianakis
dbbd603313 Merge remote-tracking branch 'tor-gitlab/mr/248' 2021-01-27 15:43:01 +02:00
George Kadianakis
a7ca089343 Merge remote-tracking branch 'tor-gitlab/mr/247' 2021-01-27 15:39:29 +02:00
Nick Mathewson
37ea6cd9eb Fix a subtle memory leak in test_exorport.c
This is a _subtle_ bug introduced by d1494d14, which resolved
connections that was allocated in the extorport/handshake test.  So
how did the connection get freed?  Our test was set up so that every
extorport connection would get the same ext_or_id.  Two connections
couldn't have the same ext_or_id, and if they did, one would get
freed.  This meant that the _next_ connection to be constructed in
the test would cause the previous connection to become closeable,
even if it hadn't been closeable before.

But when we applied d149d14, we stopped making it so our code
enforced this uniqueness, and thereby make it so we _weren't_
freeing this connection in the tests.

Closes #40260; bug not in any released version of Tor.
2021-01-26 16:58:27 -05:00
Nick Mathewson
af5250b1df bump to 0.4.5.4-rc-dev 2021-01-22 11:55:17 -05:00
Nick Mathewson
5eef63aa71 Bump to 0.4.5.4-rc 2021-01-22 09:49:09 -05:00
Hello71
2e76b02401 path: fix directory special case 2021-01-22 13:19:52 +00:00
MarkusK
62f5114c09 Add IPv6 to mdfnet fallbackdirs 2021-01-22 07:50:47 +01:00
George Kadianakis
74cfe3611f Merge branch 'maint-0.4.5' 2021-01-22 00:21:21 +02:00
George Kadianakis
4cbd22f1a7 Merge branch 'mr/251' into maint-0.4.5 2021-01-22 00:21:09 +02:00
David Goulet
9be33755ef Merge branch 'maint-0.4.5' 2021-01-21 14:58:39 -05:00
David Goulet
c54f4b81da Merge branch 'tor-gitlab/mr/270' into maint-0.4.5 2021-01-21 14:58:31 -05:00
Roger Dingledine
633b68bfe2 log more during consensus voting process
Give more visibility to directory authority operators during the consensus
voting process.

Closes ticket 40245.
2021-01-21 13:46:56 -05:00
Roger Dingledine
9e6064ec35 dir auths write consensuses to disk after creation
This step happens after we make each consensus flavor, and before we
worry about sigs or anything. That way if Tor crashes, or if we fail to
get enough sigs, we still have a chance to know what consensus we wanted
to make.
2021-01-21 13:46:56 -05:00
Nick Mathewson
b2536c97f9 Merge branch 'maint-0.4.5' 2021-01-21 13:40:46 -05:00
Roger Dingledine
0b00f79c82 log more about testing incoming relay descriptors 2021-01-21 13:39:13 -05:00
Nick Mathewson
3d952b461d Merge remote-tracking branch 'tor-gitlab/mr/269' into maint-0.4.5 2021-01-21 13:37:21 -05:00
Nick Mathewson
2243fc3ad1 Merge branch 'maint-0.4.5' 2021-01-21 13:19:49 -05:00
Nick Mathewson
71fd30b75a Introduce a new bridge_has_invalid_transport() function.
In addition to simplifying callsites a little, this function gives
correct behavior for bridges without a configured transport.
2021-01-21 13:17:16 -05:00
Nick Mathewson
9390e2bf83 Merge remote-tracking branch 'tor-gitlab/mr/268' into maint-0.4.5 2021-01-21 13:10:16 -05:00
David Goulet
8a27860720 Merge branch 'maint-0.4.5' 2021-01-21 12:27:34 -05:00
David Goulet
7b102d53e3 Merge branch 'tor-gitlab/mr/265' into maint-0.4.5 2021-01-21 12:27:27 -05:00
David Goulet
7692f443d4 config: Remove Bridge <-> ClientTransportPlugin validation
This validation was only done if DisableNetwork was off because we would use
the global list of transports/bridges and DisableNetwork would not populate
it.

This was a problem for any user using DisableNetwork which includes Tor
Browser and thus leading to the Bug() warning.

Without a more in depth refactoring, we can't do this validation without the
global list.

The previous commit makes it that any connection to a bridge without a
transport won't happen thus we keep the security feature of not connecting to
a bridge without its corresponding transport.

Related to #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-20 15:56:19 -05:00
David Goulet
09c6d03246 bridge: Don't initiate connection without a transport
Don't pick the bridge as the guard or launch descriptor fetch if no transport
is found.

Fixes #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-20 15:55:50 -05:00
Alexander Færøy
c38c36e5f1 Limit the number of items in the consdiffmgr on Windows.
This patch limits the number of items in the consensus diff cache to 64
on the Windows platform. Hopefully, this will allow us to investigate a
smarter fix while avoiding the situation reported in tor#24857 where
Windows relay operators report Tor using 100% CPU.

See: tor#24857
2021-01-20 16:33:17 +00:00
Nick Mathewson
9a0a91dc23 Merge branch 'maint-0.4.5' 2021-01-19 15:21:07 -05:00
Nick Mathewson
18654b629f Merge remote-tracking branch 'tor-gitlab/mr/266' into maint-0.4.5 2021-01-19 15:20:54 -05:00
Nick Mathewson
b0af4ddc7c Merge branch 'maint-0.4.5' 2021-01-19 13:20:43 -05:00
Nick Mathewson
27ee12836d Merge remote-tracking branch 'tor-gitlab/mr/261' into maint-0.4.5 2021-01-19 13:20:31 -05:00
David Goulet
9321ddf3a1 config: Prioritize port with explicit address
When selecting the first advertised port, we always prefer the one with an
explicit address.

Closes #40246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-19 13:07:49 -05:00
David Goulet
938623004b relay: Keep all ORPorts that are on different ports
We used to actually discard ORPorts that were the same port and same family
but they could have different address.

Instead, we need to keep all different ORPorts so we can bind a listener on
each of them. We will publish only one of these in our descriptor though.

Related to #40246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-19 13:07:49 -05:00
Nick Mathewson
b7f886beb4 Merge remote-tracking branch 'tor-gitlab/mr/163' into maint-0.4.3 2021-01-19 12:53:44 -05:00
Nick Mathewson
faf7b550e7 Merge remote-tracking branch 'tor-gitlab/mr/143' into maint-0.3.5 2021-01-19 12:53:30 -05:00
Nick Mathewson
5f53e013cd Merge branch 'maint-0.4.5' 2021-01-19 12:49:31 -05:00
Nick Mathewson
6c1bc570cf Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-19 12:49:31 -05:00
Nick Mathewson
4c82c2d1d4 Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-19 12:49:22 -05:00
Nick Mathewson
a22bfe04bc Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-19 12:45:07 -05:00
Alexander Færøy
13cf964453 Remove unnecessary non-fatal assertion.
This patch removes a call to `tor_assert_nonfatal()` if
`extend_info_from_node()` returns NULL. This is unnecessary as we
already handle the case where `info` is NULL in the next `if (!info) {
... }` block in the code.

See: tor#32666.
2021-01-19 17:08:01 +00:00
Nick Mathewson
4961645254 Merge branch 'maint-0.4.5' 2021-01-19 12:02:28 -05:00
David Goulet
691c717187 Revert "IPv6 sybil: consider addresses in the same /64 to be equal."
This reverts commit d07f17f676.

We don't want to consider an entire routable IPv6 network as sybil if more
than 2 relays happen to be on it. For path selection it is very important but
not for selecting relays in the consensus.

Fixes #40243
2021-01-15 12:57:57 -05:00
David Goulet
f0c29f0883 relay: Don't BUG() if we can't find authority descriptor
We can end up trying to find our address from an authority while we don't have
yet its descriptor.

In this case, don't BUG() and just come back later.

Closes #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 10:02:03 -05:00
David Goulet
743a5ef2b3 relay: Don't flag that we published if descriptor build fails
In case building the descriptor would fail, we could still flag that we did in
fact publish the descriptors leading to no more attempt at publishing it which
in turn makes the relay silent for some hours and not try to rebuild the
descriptor later.

This has been spotted with #40231 because the operator used a localhost
address for the ORPort and "AssumeReachable 1" leading to this code path where
the descriptor failed to build but all conditions to "can I publish" were met.

Related to #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-14 09:42:56 -05:00
Nick Mathewson
fa8ecf8820 Better fix for #40241 (--enable-all-bugs-are-fatal and fallthrough)
This one should work on GCC _and_ on Clang.  The previous version
made Clang happier by not having unreachable "fallthrough"
statements, but made GCC sad because GCC didn't think that the
unconditional failures were really unconditional, and therefore
_wanted_ a FALLTHROUGH.

This patch adds a FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL macro that
seems to please both GCC and Clang in this case: ordinarily it is a
FALLTHROUGH, but when ALL_BUGS_ARE_FATAL is defined, it's an
abort().

Fixes bug 40241 again.  Bugfix on earlier fix for 40241, which was
merged into maint-0.3.5 and forward, and released in 0.4.5.3-rc.
2021-01-13 09:54:43 -05:00
George Kadianakis
cd1468d56b Merge branch 'maint-0.4.5' 2021-01-13 16:01:41 +02:00
George Kadianakis
c931eae981 Merge branch 'mr/252' into maint-0.4.5 2021-01-13 16:01:11 +02:00
Nick Mathewson
4d6d3b3c05 Remove BUG() when checking TOO_MANY_OUTDATED_DIRSERVERS.
Fixes bug #40234; bugfix on 0.3.2.5-alpha.
2021-01-13 16:00:54 +02:00
George Kadianakis
cc30c09f7c Merge branch 'mr/236' 2021-01-13 15:23:54 +02:00
Nick Mathewson
fb3704b459 New consensus method to find bwweightscale & maxunmeasuredbw correctly.
Our original code for parsing these parameters out of our list of
parameters pre-dated us having the
dirvote_get_intermediate_param_value() function... and it was buggy.
Specifically, it would reject any " ... K=V ..." value
where there were additional unconverted characters after the V, and
use the default value instead,

We haven't run into this yet because we've never voted for
bwweightscale to be anything besides the default 10000, or
maxunmeasuredbw to be anything besides the default 20.

This requires a new consensus method because it is a change in how
consensuses are computed.

Fixes bug 19011; bugfix on 0.2.2.10-alpha.
2021-01-13 15:23:27 +02:00
Nick Mathewson
01be7cc535 Bump to 0.4.5.3-rc-dev 2021-01-12 16:08:07 -05:00
George Kadianakis
42e95c8d85 Merge branch 'maint-0.4.5' 2021-01-12 18:05:32 +02:00
David Goulet
9b59ede8d3 Merge branch 'ticket40237_044_01' into ticket40237_045_01 2021-01-12 10:55:21 -05:00
David Goulet
b3652f2104 Merge branch 'ticket40237_043_01' into ticket40237_044_01 2021-01-12 10:54:31 -05:00
David Goulet
0485c7ddba tests: Fix unit tests after merge of #40237 2021-01-12 10:50:01 -05:00
David Goulet
60da5d6222 Merge branch 'ticket40237_035_01' into ticket40237_043_01 2021-01-12 10:46:25 -05:00
David Goulet
04b0263974 hs-v3: Require reasonably live consensus
Some days before this commit, the network experienced a DDoS on the directory
authorities that prevented them to generate a consensus for more than 5 hours
straight.

That in turn entirely disabled onion service v3, client and service side, due
to the subsystem requiring a live consensus to function properly.

We know require a reasonably live consensus which means that the HSv3
subsystem will to its job for using the best consensus tor can find. If the
entire network is using an old consensus, than this should be alright.

If the service happens to use a live consensus while a client is not, it
should still work because the client will use the current SRV it sees which
might be the previous SRV for the service for which it still publish
descriptors for.

If the service is using an old one and somehow can't get a new one while
clients are on a new one, then reachability issues might arise. However, this
is a situation we already have at the moment since the service will simply not
work if it doesn't have a live consensus while a client has one.

Fixes #40237

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-12 09:46:35 -05:00
Nick Mathewson
ca6ccd372f Reject obsolete router/extrainfo descs more quietly.
Thanks to proposal 315 / ticket #30132, more fields are now
required in these documents.  But ancient Tors that try to upload
obsolete documents were causing the authorities to log warnings
about missing fields, and to do so very spammily.

We now detect the missing fields before tokenizing, and log at
debug.  This is a bit of ugliness, but it's probably a safer choice
than making _all_ unparseable-desc warnings into debug-level logs.

I'm looking at identity-ed25519 in extrainfos and proto in
routerdescs because they were (I believe) the latest-added fields in
Tor's history: any Tor that lacks them will also lack the other
newly required fields.

Fixes bug #40238; bugfix on 0.4.5.1-alpha.
2021-01-11 14:50:40 -05:00
Nick Mathewson
9c268b66ba Merge branch 'maint-0.4.5' 2021-01-11 14:46:13 -05:00
Nick Mathewson
5a822b462a Merge branch 'maint-0.4.3' into maint-0.4.4 2021-01-11 14:37:29 -05:00
Nick Mathewson
d1f4741606 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-01-11 14:37:29 -05:00
Nick Mathewson
4b39f46a61 Merge branch 'maint-0.3.5' into maint-0.4.3 2021-01-11 14:37:28 -05:00
Nick Mathewson
ccdbbae4ec Fix warnings in current debian-hardened CI.
We're getting "fallback annotation annotation in unreachable code"
warnings when we build with ALL_BUGS_ARE_FATAL. This patch fixes
that.

Fixes bug 40241.  Bugfix on 0.3.5.4-alpha.
2021-01-11 14:25:56 -05:00
Nick Mathewson
edc9fda4f5 Increment version to 0.4.5.3-rc 2021-01-11 12:48:00 -05:00
Roger Dingledine
ee0a27293e fix typos and whitespace 2021-01-10 13:29:50 -05:00
Neel Chauhan
3d993d4d85 Do not require a valid torrc for 2021-01-06 10:41:27 -08:00
Neel Chauhan
1811bded77 Downgrade the severity of a few rendezvous circuit-related warnings. 2020-12-24 11:32:03 -08:00
David Goulet
e7da681034 Merge branch 'maint-0.4.5' 2020-12-21 14:55:44 -05:00
David Goulet
aae9a05a01 relay: Log address suggested by directory authorities
If we get an address suggestion from a directory authority and we have no
address configured or discovered, log it at notice level so the operator can
learn what address will be used by Tor.

Fixes #40201

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-21 14:41:52 -05:00
Nick Mathewson
ad00da663e Merge branch 'mr_240_squashed' into maint-0.4.5 2020-12-21 13:25:52 -05:00
Nick Mathewson
cce7d1edaf Merge branch 'mr_240_squashed' 2020-12-21 13:23:42 -05:00
David Goulet
f4cbcde2da test: Fix memleak in test/load_stats_file
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-21 13:18:20 -05:00
Karsten Loesing
5dd6304f36 Fix timestamp parser in new load_stats_file.
The previous parser only considered stats files _starting_ with the
timestamp tag, not stats files having the timestamp tag in a later
position. While this applies to all current stats files, a future
stats file might look differently. Better to fix the function now than
be surprised in another 9 years from now.

This commit also adds a test case for such future stats, and it fixes
stats file paths in newly added unit tests.
2020-12-21 13:18:20 -05:00
David Goulet
c934fced31 relay: Report the entire content of a stats file
It turns out that 9 years ago, we stopped appending data into stats file and
rather overwrite everytime we have new stats (see commit
a6a127c833)

The load_stats_file() function was still thinking that we could have the same
line many times in the file which turns out to be false since 9 years ago.
However, that did not cause problem until IPv6 connection stats came along
which introduced a new line in conn-stats: "ipv6-conn-bi-direct ...".

Before, that file contained a single line starting with the tag
"conn-bi-direct".  That very tag appears also in the IPv6 tag (see above) so
the load_stats_file() function would consider that the IPv6 line as the last
tag to be appeneded to the file and fail to report the line above (for IPv4).
It would actually truncate the IPv6 line and report it (removing the "ipv6-"
part).

In other words, "conn-bi-direct" was not reported and instead
"ipv6-conn-bi-direct" was used without the "ipv6-" part.

This commit refactors the entire function so that now it looks for a
"timestamp tag" to validate and then if everything is fine, returns the entire
content of the file. The refactor simplifies the function, adds logging in
case of failures and modernize it in terms of coding standard.

Unit tests are also added that makes sure the loaded content matches the
entire file if timestamp validation passes.

Fixes #40226

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-21 13:18:20 -05:00
Alexander Færøy
db5f7b4250 Merge remote-tracking branch 'tor-gitlab/mr/211' 2020-12-18 14:22:23 +00:00
Alexander Færøy
b645fbdb54 Merge remote-tracking branch 'tor-gitlab/mr/207' 2020-12-18 14:19:24 +00:00
David Goulet
5527aef56f Merge branch 'maint-0.4.5' 2020-12-17 08:25:29 -05:00
David Goulet
d45354d5ea Merge branch 'tor-gitlab/mr/243' into maint-0.4.5 2020-12-17 08:25:18 -05:00
George Kadianakis
d89974c5c6 Fix Keccak undefined behavior on exotic platforms.
Bug reported and diagnosed in:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975977

Fixes bug #40210.
2020-12-17 13:49:17 +02:00
Alexander Færøy
0bd4cd8101 Merge remote-tracking branch 'tor-gitlab/mr/230' 2020-12-16 20:55:03 +00:00
Alexander Færøy
66597b9291 Merge branch 'maint-0.4.5' 2020-12-16 20:39:01 +00:00
Alexander Færøy
5a2d01ae57 Merge branch 'tor-gitlab/mr/234' into maint-0.4.5 2020-12-16 20:38:23 +00:00
David Goulet
ee6ad0e592 config: Catch missing Bridge for ClientTransportPlugin
When making sure we have a Bridge line with a ClientTransportPlugin, we
now check in the managed proxy list and so we can catch any missing
ClientTransportPlugin for a Bridge line.

Fixes #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-16 20:37:57 +00:00
David Goulet
1430d5ff63 Merge branch 'maint-0.4.5' 2020-12-15 11:58:22 -05:00
David Goulet
4a77aa6e82 Merge branch 'tor-gitlab/mr/239' into maint-0.4.5 2020-12-15 11:58:13 -05:00
George Kadianakis
c731a4efec Merge remote-tracking branch 'tor-gitlab/mr/205' into maint-0.4.5 2020-12-15 16:28:49 +02:00
George Kadianakis
c05ae61f26 Merge remote-tracking branch 'tor-gitlab/mr/205' 2020-12-15 16:28:04 +02:00
Nick Mathewson
c4fe66e342 Socks5: handle truncated client requests correctly
Previously, our code would send back an error if the socks5 request
parser said anything but DONE.  But there are other non-error cases,
like TRUNCATED: we shouldn't send back errors for them.

This patch lowers the responsibility for setting the error message
into the parsing code, since the actual type of the error message
will depend on what problem was encountered.

Fixes bug 40190; bugfix on 0.3.5.1-alpha.
2020-12-14 10:14:03 -05:00
George Kadianakis
04b271af9f Merge remote-tracking branch 'tor-gitlab/mr/232' 2020-12-11 15:56:13 +02:00
Nick Mathewson
ce1c3c6898 Fix a typo in coverage builds.
We should be using TOR_STATIC_LDFLAGS, not TOR_STATIC_LDFALGS.

Bug not in any released version of Tor.
2020-12-09 13:31:34 -05:00
Nick Mathewson
2bfb76b927 Merge branch 'mr_224_squashed' 2020-12-09 10:03:45 -05:00
Alexander Færøy
ed3f46a385 Announce URL to bridge status page when starting Tor as a bridge relay.
This patch makes Tor announce the relay specific bridge status page URL
when Tor is starting up before bootstrap occours.

See: tor#30477
2020-12-09 10:03:11 -05:00
Daniel Pinto
bd0046c9ec Avoid sandbox bug warning when unglobbing patterns #40094
Adds a more user-friendly error message when the configuration is
reloaded and a new %include is added that makes its unglobbing
access files/folders not allowed by the seccomp sandbox.
2020-12-08 15:00:43 -05:00
Nick Mathewson
baef0843a4 Fix a couple of documentation comments related to #40094 2020-12-08 14:59:28 -05:00
David Goulet
6e83a52077 Merge branch 'maint-0.4.5' 2020-12-08 14:51:43 -05:00
David Goulet
e74f168bb4 relay: Avoid log reachability test for bandwidth test circuit
Fixes #40205

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-08 14:51:31 -05:00
Neel Chauhan
8a2910461b Reinstate add_onion_helper_add_service() test, validate auth clients before adding them 2020-12-08 11:24:27 -08:00
Neel Chauhan
65d60a16d9 Remove unused NULL check in hs_service_add_ephemeral(), mention we take ownership of auth_clients_v3 2020-12-08 10:47:05 -08:00
George Kadianakis
f280c171e2 Merge branch 'mr/233' 2020-12-08 16:54:18 +02:00
Nick Mathewson
558aaf1c32 Command-line arguments: be better at detecting absent optional args.
Previously, "--list-fingerprint --quiet" was an error.  Now, the
handler for optional arguments to "--list-fingerprint" can tell that
"--quiet" is a flag, not an argument.

This only affects flags that take an _optional_ argument, so you can
still put your torrc file in a location starting with "-".

Closes #40223.
2020-12-08 16:53:57 +02:00
David Goulet
2d0a7f2e89 Merge branch 'maint-0.4.5' 2020-12-08 09:15:06 -05:00
David Goulet
c618c4f279 configure: Fix the --enable-static-tor switch
The "-static" compile flag was set globally which means that all autoconf test
were attempting to be built statically and lead to failures of detecting
OpenSSL libraries and others.

This commit adds this flag only to the "tor" binary build.

There is also a fix on where to find libevent.a since it is using libtool, it
is in .libs/.

At this commit, there are still warnings being emitted that informs the user
that the built binary must still be linked dynamically with glibc.

Fixes #40111

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-08 09:14:49 -05:00
Nick Mathewson
a09eb66cc7 Merge remote-tracking branch 'tor-gitlab/mr/219' 2020-12-08 08:19:37 -05:00
Neel Chauhan
599af15159 Fix formatting in comment in parse_port_config() 2020-12-03 20:50:18 -08:00
Neel Chauhan
7d54734900 More logic corrections 2020-12-03 17:40:55 -08:00
Nick Mathewson
6c602026e8 Detect extra bytes in HAProxy inbuf when transitioning to OR handshake
This shouldn't be possible, but let's add it for defense-in-depth.

Closes #40017.
2020-12-02 10:07:26 -05:00
Daniel Pinto
328f38a59f Use atomic ops to access lock_owner in WIN32 tor_mutex_t #17927 2020-11-30 02:54:13 +00:00
Samanta Navarro
2a06b7c3b8 Support Python 3.8 in hs_build_address.py
The Python code is such a nice addition to the documentation and the C
code for better understanding of onion v3 address generation. Straight
to the point and easy to understand.

Unfortunately it did not work with my distribution's Python version. I
have adjusted the code to support Python 3.8 (tested with 3.8.6) and
to still be compatible with Python 2.
2020-11-28 11:38:43 +00:00
Alexander Færøy
7640631539 Fix build on 32-bit Windows.
Currently Tor fails with the following error:

    src/test/test_stats.c: In function ‘test_rephist_v3_onions’:
    src/test/test_stats.c:527:22: error: overflow in implicit constant conversion [-Werror=overflow]
       update_approx_time(10101010101);

This patch changes the constant passed to update_approx_time() to avoid
the overflow in the implicit conversion.

See: tor#40199
2020-11-25 17:16:24 +00:00
Neel Chauhan
be6db23d1d Some test and logic corrections 2020-11-24 20:47:31 -08:00
David Goulet
fd80979786 Merge branch 'tor-gitlab/mr/221' 2020-11-24 10:26:17 -05:00
Roger Dingledine
4f1e38ec8e fix two trivial comment mistakes 2020-11-23 14:08:42 -05:00
Nick Mathewson
2f87b2ab75 bump to 0.4.5.2-alpha-dev 2020-11-23 14:03:53 -05:00
George Kadianakis
eaf814bd50 Constify result of CONST_TO_OR_CIRCUIT. 2020-11-23 13:35:26 +02:00
George Kadianakis
0bd12cfe99 Revert HSv3 stats string formatting to its old %u self.
The rest of rephist.c is doing the same kind of unsigned casting. For example
see rep_hist_format_buffer_stats() and rep_hist_format_exit_stats().

The previous switch to %ld made Appveyor fail:
    https://ci.appveyor.com/project/torproject/tor/builds/36118502
2020-11-23 13:35:26 +02:00
Nick Mathewson
73fb44dcba Bump to 0.4.5.2-alpha. 2020-11-21 15:09:08 -05:00
Neel Chauhan
0522f0e507 Fix ControlSocketsGroupWritable typo 2020-11-21 11:12:07 -08:00
Neel Chauhan
157fe4597e Add tests for bug #40084 2020-11-19 12:00:56 -08:00
Alexander Færøy
9bc0306b8c Merge branch 'maint-0.4.5' 2020-11-19 17:44:00 +00:00
Alexander Færøy
b274e46309 Merge branch 'maint-0.4.4' into maint-0.4.5 2020-11-19 17:44:00 +00:00
Alexander Færøy
77bb4b0838 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-11-19 17:43:59 +00:00
Alexander Færøy
2e7cbd7a9c Merge remote-tracking branch 'tor-gitlab/mr/196' into maint-0.4.3 2020-11-19 17:43:44 +00:00
Alexander Færøy
6ce2550468 Merge branch 'maint-0.4.5' 2020-11-19 17:41:05 +00:00
Nick Mathewson
c4e0b28ecb Merge remote-tracking branch 'tor-gitlab/mr/214' into master 2020-11-19 10:42:04 -05:00
David Goulet
ea52705e4b config: Bridge line with a transport must have a ClientTransportPlugin
Fixes #25528

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-18 11:31:37 -05:00
George Kadianakis
34feedea60 Merge remote-tracking branch 'tor-gitlab/mr/216' 2020-11-18 12:37:02 +02:00
David Goulet
16351d655d sendme: Turn log warning into debug
When sending the stream level SENDME, it is possible the cirucit was marked
for close or any other failures that can occur. These events can occur
naturally.

Fixes #40142

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 13:23:34 -05:00
David Goulet
0921fdf633 Merge branch 'maint-0.4.5' into master 2020-11-17 12:25:56 -05:00
David Goulet
07006785fd Merge branch 'tor-gitlab/mr/203' into maint-0.4.5 2020-11-17 12:25:48 -05:00
Neel Chauhan
bc968097f2 Fix script failures 2020-11-17 11:23:08 -05:00
Neel Chauhan
1588767e65 Allow listing ed25519 fingerprints on the command line 2020-11-17 11:23:08 -05:00
Nick Mathewson
3900b19379 Merge branch 'maint-0.4.5' into master 2020-11-17 10:53:39 -05:00
David Goulet
7c06707750 Merge branch 'tor-gitlab/mr/182' into master 2020-11-17 10:36:05 -05:00
David Goulet
d04a27bed2 config: Really ignore non ORPorts when removing duplicates
The function in charge of removing duplicate ORPorts from our configured ports
was skipping all non ORPorts port but only for the outer loop thus resulting
in comparing an ORPort with a non-ORPort which lead to problems.

For example, tor configured with the following would fail:

  ORPort auto
  DirPort auto

Both end up being the same configuration except that one is a OR listener and
one is a Dir listener. Thus because of the missing check in the inner loop,
they looked exactly the same and thus one is removed.

Fixes #40195

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 09:40:16 -05:00
Nick Mathewson
6c61011781 Merge remote-tracking branch 'tor-gitlab/mr/184' into master 2020-11-17 08:22:44 -05:00
Nick Mathewson
aed2a48c66 Bump version to 0.4.6.0-alpha-dev 2020-11-17 08:01:08 -05:00
Nick Mathewson
b13f32ee97 Merge branch 'ticket40071_045_01_squashed' into master 2020-11-17 07:58:37 -05:00
David Goulet
bc5f26ff70 relay: Launch dummy circuit only when descriptor build fails
First, this commit moves the launch_dummy_circuit_as_needed() function into
relay_find_addr.c and renames it to relay_addr_learn_from_dirauth(). This is
an attempt to centralize anything relate with address discovery in the right
module.

Second, when building a descriptor and we fail to discover our address,
immediately launch a dummy circuit to an authority in an attempt to learn our
descriptor.

It is still only done every 20 minutes even though the descriptor build is
done every minute. We ought to avoid load on the authority and if we can't
learn in the first place our address from them, chances are more things are
wrong.

Related to #40071

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
David Goulet
a5538a3603 relay: Look at our cache when looking for an IP change
Regularly, tor looks if its IP has changed. It does the entire auto discovery
process again. However, it is possible that it does not find anything.

Instead of thinking the IP changed to an unknown address, look at our cache
and see if that value has changed.

The reason for this is because if tor gets its address as a suggestion from a
directory authority, it is because the auto discovery failed and thus that
address should be consider for the IP change check.

Related to #40071

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
David Goulet
4b98140733 relay: Use testing circuit instead of dummy descriptor fetch
Tor now can learn its address from a NETINFO cell coming from an authority.
Thus, instead from launching a dummy descriptor fetch to learn the address
from the directory response (unauthenticated), we simply now launch a one-hop
testing circuit.

Related to #40071

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
Guinness
4382e977f7
Add the compiler name, version and libs used to compile
This changes the behaviour of `tor --version` in such a way.
```console
src/app/tor --version
Tor version 0.4.5.1-alpha-dev (git-46ccde66a97d7985).
Tor is running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.4.5 and Glibc 2.31 as libc.
Tor compiled with GCC version 10.2.0
```

Fixes #32102
2020-11-17 10:43:00 +01:00
Nick Mathewson
41bea71adc Merge remote-tracking branch 'tor-gitlab/mr/197' into master 2020-11-16 22:43:09 -05:00
Nick Mathewson
c79957581e Merge branch 'maint-0.4.4' into master 2020-11-16 22:42:23 -05:00
Nick Mathewson
9001732394 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-11-16 22:42:22 -05:00
Nick Mathewson
7c0778ef7e Merge branch 'maint-0.3.5' into maint-0.4.3 2020-11-16 22:42:22 -05:00
Nick Mathewson
fcae26adf7 Merge remote-tracking branch 'tor-gitlab/mr/195' into maint-0.3.5 2020-11-16 22:42:15 -05:00
Neel Chauhan
8785a75e2f Give a descriptive error message with "tor-gencert --create-identity-key" 2020-11-16 09:35:23 -08:00
Neel Chauhan
af48afe667 Unbreak build 2020-11-16 08:47:12 -08:00
Neel Chauhan
eacf528915 Add support for creating v3 onion services form the control port 2020-11-15 16:02:59 -08:00
David Goulet
d425dbf04a port: Don't ignore ports of a different family
Commit c3a0f75796 added this feature for ORPort
that we ignore any port that is not the family of our default address when
parsing the port. So if port_parse_config() was called with an IPv4 default
address, all IPv6 address would be ignored.

That makes sense for ORPort since we call twice port_parse_config() for
0.0.0.0 and [::] but for the rest of the ports, it is not good since a
perfectly valid configuration can be:

  SocksPort 9050
  SocksPort [::1]:9050

Any non-ORPort only binds by default to an IPv4 except the ORPort that binds
to both IPv4 and IPv6 by default.

The fix here is to always parse all ports within port_parse_config() and then,
specifically for ORPort, remove the duplicates or superseding ones. The
warning is only emitted when a port supersedes another.

A unit tests is added to make sure SocksPort of different family always exists
together.

Fixes #40183

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-13 08:38:22 -05:00
Daniel Pinto
877dbfc056 Use SRWLocks to implement locking on Windows #17927
Replace the Windows locking implementation which used critical
sections with the faster SRWLocks available since Vista.
2020-11-12 19:50:55 +00:00
Neel Chauhan
d1494d140c Remove orconn_ext_or_id_map and related functions 2020-11-12 11:19:21 -08:00
Neel Chauhan
46ccde66a9 Use connection_or_change_state() in v3 handshaking state change 2020-11-12 12:06:34 -05:00
Nick Mathewson
dbc8d2a4e4 When handling includes, detect missing interned strings earlier.
There were three separate places where we were hitting a sandbox Bug
warning before we actually exited.

Fixes #40094; bugfix on 0.3.1.1-alpha when %includes were introduced.
2020-11-12 11:55:55 -05:00
Samanta Navarro
4a0cd79588 Fix typos.
Typos found with codespell.

Please keep in mind that this should have impact on actual code
and must be carefully evaluated:

src/core/or/lttng_circuit.inc
-    ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+    ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)
2020-11-12 11:44:09 -05:00
Nick Mathewson
ffa7b15950 Deliberately close OR connections if proxies leave extra data
We already did this, but we did it by accident, which is pretty
risky: if we hadn't, then our code would have treated extra data in
the inbuf as having been transmitted as TLS-authenticated data.

Closes ticket 40017; Found by opara.
2020-11-12 11:07:33 -05:00
Nick Mathewson
f2168d28f7 Fake the current time when we're loading TEST_DESCRIPTORS.
Fixes bug 40187; bugfix on 0.4.5.1-alpha.
2020-11-12 09:28:27 -05:00