Commit Graph

9674 Commits

Author SHA1 Message Date
David Goulet
b404f085ad hs-v2: Add deprecation warning for service
If at least one service is configured as a version 2, a log warning is emitted
once and only once.

Closes #40003

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-10-07 08:38:23 -04:00
Nick Mathewson
0e2e517019 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-10-07 08:35:18 -04:00
Neel Chauhan
884cad3edf Make HSFETCH take the decoded length into account, not the base32 one 2020-10-07 08:35:12 -04:00
Nick Mathewson
3e9fa5a029 Merge branch 'maint-0.3.5' into maint-0.4.3 2020-10-07 08:29:31 -04:00
Nick Mathewson
5f5587ee50 Merge remote-tracking branch 'tor-gitlab/mr/77' into maint-0.3.5 2020-10-07 08:29:23 -04:00
Nick Mathewson
701a1936fa Merge branch 'maint-0.3.5' into maint-0.4.3 2020-10-07 08:26:04 -04:00
Nick Mathewson
ad7ffa5240 Merge remote-tracking branch 'tor-gitlab/mr/79' into maint-0.3.5 2020-10-07 08:25:55 -04:00
Nick Mathewson
98e14720b5 Merge remote-tracking branch 'tor-github/pr/1661/head' into maint-0.3.5 2020-10-07 08:14:46 -04:00
Nick Mathewson
9587512578 Merge branch 'maint-0.3.5' into maint-0.4.3 2020-10-07 08:10:08 -04:00
Nick Mathewson
968b6c30c1 Merge remote-tracking branch 'tor-gitlab/mr/43' into maint-0.3.5 2020-10-07 08:09:59 -04:00
Nick Mathewson
8505dd5e37 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-10-07 08:08:02 -04:00
Nick Mathewson
9029444482 Merge branch 'maint-0.3.5' into maint-0.4.3 2020-10-07 08:08:01 -04:00
Nick Mathewson
e0e0ef713e Merge remote-tracking branch 'tor-gitlab/mr/137' into maint-0.3.5 2020-10-07 08:07:53 -04:00
Nick Mathewson
8a561fc5bf Merge branch 'maint-0.3.5' into maint-0.4.3 2020-10-07 08:05:40 -04:00
Nick Mathewson
84a5bd48e2 Merge remote-tracking branch 'tor-gitlab/mr/103' into maint-0.3.5 2020-10-07 08:05:31 -04:00
Nick Mathewson
b5a88e8d47 Merge branch 'maint-0.3.5' into maint-0.4.3 2020-10-07 08:01:37 -04:00
Nick Mathewson
ed6a328297 Merge branch 'mr_124_squashed' into maint-0.3.5 2020-10-07 08:00:59 -04:00
Nick Mathewson
c5ba8b6221 Parallelize src/test/test into chunks.
First, we introduce a flag to teach src/test/test to split its work
into chunks.  Then we replace our invocation of src/test/test in our
"make check" target with a set of 8 scripts that invoke the first
8th of the tests, the second 8th, and so on.

This change makes our "make -kj4 check" target in our hardened
gitlab build more than twice as fast, since src/test/test was taking
the longest to finish.

Closes 40098.
2020-10-07 08:00:49 -04:00
George Kadianakis
438aba6c0b Merge branch 'maint-0.4.4' into master 2020-10-07 13:42:57 +03:00
George Kadianakis
a914ac5d7c Merge remote-tracking branch 'tor-gitlab/mr/154' into maint-0.4.4 2020-10-07 13:32:17 +03:00
George Kadianakis
84e825598a Merge branch 'maint-0.4.4' into master 2020-10-07 13:29:16 +03:00
George Kadianakis
149b7a2418 Merge remote-tracking branch 'tor-gitlab/mr/163' into maint-0.4.4 2020-10-07 13:29:00 +03:00
Alexander Færøy
5f61e19d8a Expose TOR_PT_OUTBOUND_BIND_ADDRESS_{V4,V6} to Pluggable Transports.
This patch adds support for exposing the environment variables
`TOR_PT_OUTBOUND_BIND_ADDRESS_V4` and `TOR_PT_OUTBOUND_BIND_ADDRESS_V6` to
Pluggable Transport proccesses. These two values will contain the IPv4
and IPv6 address that the user have specified in torrc that they wish
the PT to use for all outgoing IP packets.

It is important to note here that it is up to the indvidual Pluggable
Transport if they are willing to honor these values or ignore them
completely.

One can test this feature using the following dummy PT written in POSIX
shell script:

    #!/bin/sh

    echo "LOG SEVERITY=warning MESSAGE=\"Value for IPv4: ${TOR_PT_OUTBOUND_BIND_ADDRESS_V4}\""
    echo "LOG SEVERITY=warning MESSAGE=\"Value for IPv6: ${TOR_PT_OUTBOUND_BIND_ADDRESS_V6}\""

    while true ; do
        sleep 1
    done

with the following entries in your torrc:

    OutboundBindAddressPT 203.0.113.4
    OutboundBindAddress 203.0.113.5
    OutboundBindAddressPT 2001:db8::4
    OutboundBindAddress 2001:db8::5

See: https://bugs.torproject.org/5304
2020-10-06 09:30:11 -04:00
Daniel Pinto
304ae473ca Fix %include bug with pattern with */ on glibc < 2.19 #40141
Fix bug where %including a pattern ending in */ would include
files and folders (instead of folders only) in versions of
glibc < 2.19.
2020-10-03 04:10:52 +01:00
Nick Mathewson
f5ddc45647 Merge branch 'bug40133_035' into bug40133_043 2020-09-28 10:37:14 -04:00
Nick Mathewson
79d7773968 Merge branch 'maint-0.3.5' into bug40133_035 2020-09-28 10:35:12 -04:00
Nick Mathewson
5c9b4a0060 Remove support for old android "logcat" API
This is apparently obsolete; syslog is modern instead.  If users
have an android log configured, given them a syslog if we can.

Closes #32181.
2020-09-23 12:33:58 -04:00
Nick Mathewson
ca16433eb7 Update changes file 2020-09-23 12:09:27 -04:00
vnepveu
43672f9fca Implement IPv6 sybil protection.
[This is a squashed patch for ticket 7193, based on taking a "git
   diff" for the original branch, then applying it with "git apply
   -3".  I earlier attempted to squash the branch with "git rebase",
   but there were too many conflicts. --nickm]
2020-09-23 11:30:15 -04:00
David Goulet
beffad8529 Merge branch 'maint-0.3.5' into maint-0.4.3 2020-09-22 13:47:08 -04:00
David Goulet
b6429430c6 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-09-22 13:47:08 -04:00
David Goulet
3f8201f229 Merge branch 'maint-0.4.4' 2020-09-22 13:47:08 -04:00
David Goulet
4dbbc000b5 Merge branch 'tor-gitlab/mr/145' 2020-09-22 13:39:55 -04:00
David Goulet
faf89ec6c2 srv: Remove spammy debug log
Fixes #40135

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-09-22 11:06:34 -04:00
Nick Mathewson
88d99fc1bd Fix warnings when using two unusual options together.
The option `--enable-all-bugs-are-fatal` when used with
`--disable-module-relay` caused GCC to warn about functions that
it thought should be labeled noreturn.

I've tried a couple of approaches, but disabling the warning on
these functions seems to be the best approach.

Fixed #40129; bugfix on 0.4.4.1-alpha.
2020-09-22 10:07:14 -04:00
Alexander Færøy
485990641b Merge remote-tracking branch 'tor-gitlab/mr/137' 2020-09-18 14:51:54 +00:00
Nick Mathewson
781ab9eea4 Add flag for whether an OR conn "counts" for bootstrap tracking
We set this flag if we've launched the connection in order to
satisfy an origin circuit, or when we decide the connection _would_
satisfy an origin circuit.  These are the only or_connections we
want to consider for bootstrapping: other or_connections are opened
because of client EXTEND requests, and they may succeed or fail
because of the clients' confusion or misconfiguration.

Closes #25061.
2020-09-18 10:03:57 -04:00
David Goulet
2ddbfc64af Merge branch 'maint-0.3.5' into maint-0.4.3 2020-09-18 09:45:25 -04:00
David Goulet
2e3603d96d Merge branch 'maint-0.4.3' into maint-0.4.4 2020-09-18 09:45:25 -04:00
David Goulet
e8a4482335 Merge branch 'maint-0.4.4' 2020-09-18 09:45:25 -04:00
Nick Mathewson
7945e075a4 Fix underflow in rend_cache/free_all test.
We already fixed these in #40099 and #40125.

This patch fixes #40126.  Bugfix on 0.2.8.1-alpha.
2020-09-17 14:04:54 -04:00
Nick Mathewson
404c224c71 Merge branch 'maint-0.4.4' 2020-09-17 13:56:40 -04:00
Nick Mathewson
078194ecaf Merge branch 'maint-0.3.5' into maint-0.4.3 2020-09-17 13:56:40 -04:00
Nick Mathewson
54cd2578ef Merge branch 'maint-0.4.3' into maint-0.4.4 2020-09-17 13:56:40 -04:00
David Goulet
47f1d19f8e test: Increment rend cache allocation before freeing
The rend_cache/entry_free was missing the rend cache allocation increment
before freeing the object.

Without it, it had an underflow bug:

  Sep 17 08:40:13.845 [warn] rend_cache_decrement_allocation(): Bug: Underflow
  in rend_cache_decrement_allocation (on Tor 0.4.5.0-alpha-dev
  7eef9ced61)

Fixes #40125

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-09-17 13:00:23 -04:00
Nick Mathewson
5d1d7afcd3 Use the correct SIGNED_KEY_TYPE value for signing->link certs
Our code was using [01] as for the key type of signed->link certs,
which was incorrect.  The value should be [03], to indicate that the
value as the SHA256 of an x.509 cert.

Fortunately, nothing cares about this value, so there shouldn't be
compatibility issues.

Fixes bug 40124; bugfix on 0.2.7.2-alpha.
2020-09-17 08:42:25 -04:00
Nick Mathewson
7d6986b6a4 Remove changes files that will appear in 0.4.4.5 2020-09-14 14:23:13 -04:00
Nick Mathewson
020e8e41c6 Resolve a compilation warning in test_connection.c
Instead of casting an enum to a void and back, use a string --
that's better C anyway.

Fixes bug 40113; bugfix on 0.2.9.3-alpha.
2020-09-14 11:50:38 -04:00
David Goulet
12c7583126 Merge branch 'maint-0.4.4' 2020-09-08 11:14:12 -04:00
George Kadianakis
85a1e6c601 statistics: Properly count all rendezvous cells (avoid undercounting).
tl;dr We were not counting cells flying from the client to the service, but we
were counting cells flying from the service to the client.

When a rendezvous cell arrives from the client to the RP, the RP forwards it to
the service.

For this to happen, the cell first passes through command_process_relay_cell()
which normally does the statistics counting. However because the `rend_circ`
circuit was not flagged with `circuit_carries_hs_traffic_stats` in
rend_mid_rendezvous(), the cell is not counted there.

Then the cell goes to circuit_receive_relay_cell() which has a special code
block based on `rend_splice` specifically for rendezvous cells, and the cell
gets directly passed to `rend_circ` via a direct call to
circuit_receive_relay_cell(). The cell never passes through
command_process_relay_cell() ever again and hence is never counted by our
rephist module.

The fix here is to flag the `rend_circ` circuit with
`circuit_carries_hs_traffic_stats` so that the cell is counted as soon as it
hits command_process_relay_cell().

Furthermore we avoid double-counting cells since the special code block of
circuit_receive_relay_cell() makes us count rendezvous cells only as they enter
the RP and not as they exit it.

Fixes #40117.
2020-09-07 13:30:21 +03:00
David Goulet
ea339227c2 conn: Remove assert on new listener connection when retrying
Opening a new listener connection can fail in many ways like a bind()
permission denied on a low port for instance.

And thus, we should expect to handle an error when creating a new one instead
of assert() on it.

To hit the removed assert:

  ORPort 80
  KeepBindCapabilities 0

Start tor. Then edit torrc:

  ORPort <some-IP>:80

HUP tor and the assert is hit.

Fixes #40073

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-09-01 10:01:21 -04:00
Alexander Færøy
3c884bc9e0 Merge remote-tracking branch 'tor-gitlab/mr/136' 2020-08-26 22:15:04 +00:00
George Kadianakis
d4f3cfe99a Merge branch 'mr/113' 2020-08-25 20:37:04 +03:00
David Goulet
20a990cea3 ci: Add tracing build to Gitlab CI
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-08-25 10:38:48 -04:00
Nick Mathewson
75772ea096 Validate address more carefully when checking self-reachability
Previously, we would treat *any* incoming circuit on a non-local
channel as meaning that our ORPort was reachable.  With this patch,
we make sure that the address that the peer _says_ we have is the
same as the one we're trying to advertise right now.

Closes 20165. Bugfix on 4f5192b280 in 0.1.0.1-rc, when
reachability self-tests were first introduced.
2020-08-25 16:02:59 +03:00
George Kadianakis
cc4e42ee32 Merge remote-tracking branch 'tor-gitlab/mr/115' 2020-08-25 15:43:00 +03:00
David Goulet
6dc0b04319 Merge branch 'maint-0.4.4' 2020-08-25 08:23:06 -04:00
George Kadianakis
53cd1c9710 Avoid guard-related warning when upgrading from 043 to 044.
Fixes #40105.
2020-08-25 15:09:57 +03:00
George Kadianakis
4b9ed14d9b Merge remote-tracking branch 'tor-gitlab/mr/108' 2020-08-25 15:02:04 +03:00
George Kadianakis
935160ce86 Merge branch 'maint-0.4.4' 2020-08-25 14:51:23 +03:00
George Kadianakis
1397a86bbd Merge remote-tracking branch 'tor-gitlab/mr/130' into maint-0.4.4 2020-08-25 14:51:05 +03:00
George Kadianakis
36203e8894 Merge branch 'maint-0.4.4' 2020-08-20 14:34:56 +03:00
Neel Chauhan
6e37086f85 v3 control: Persist ONION_CLIENT_AUTH_ADD client name 2020-08-20 14:34:21 +03:00
David Goulet
f5c9f6d432 hs: Don't overwrite DoS parameters on circuit with consensus params
Turns out that the HS DoS defenses parameters were overwritten by the
consensus parameters everytime a new consensus would arrive.

This means that a service operator can still enable the defenses but as soon
as the intro point relay would get a new consensus, they would be overwritten.
And at this commit, the network is entirely disabling DoS defenses.

Fix this by introducing an "explicit" flag that indicate if the
ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid
using the consenus at once.

We are not bumping the protover HSIntro value for this because 0.4.2.x series
is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We
are confident that a backport and then upgrade path to the latest 0.4.4.x
stable coming up soon is enough to mitigate this problem in the coming months.

It avoids the upgrade path on the service side by keeping the requirement for
protover HSIntro=5.

Fixes #40109

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-08-19 09:47:34 -04:00
George Kadianakis
4e3f55fba1 Merge branch 'maint-0.4.4' 2020-08-19 13:56:34 +03:00
George Kadianakis
b1b0079675 Merge branch 'mr/124' into maint-0.4.4 2020-08-19 13:55:07 +03:00
Nick Mathewson
974abdf632 Parallelize src/test/test into chunks.
First, we introduce a flag to teach src/test/test to split its work
into chunks.  Then we replace our invocation of src/test/test in our
"make check" target with a set of 8 scripts that invoke the first
8th of the tests, the second 8th, and so on.

This change makes our "make -kj4 check" target in our hardened
gitlab build more than twice as fast, since src/test/test was taking
the longest to finish.

Closes 40098.
2020-08-19 13:46:50 +03:00
David Goulet
1089ac6f22 Merge branch 'tor-gitlab/mr/126' 2020-08-18 08:56:27 -04:00
David Goulet
80d2376f33 Merge branch 'maint-0.4.4' 2020-08-18 08:49:07 -04:00
David Goulet
deea196370 Merge branch 'tor-gitlab/mr/121' into maint-0.4.4 2020-08-18 08:49:01 -04:00
Daniel Pinto
ebaa1a1d23 Make options_init_from_torrc smaller #40102
Split implementation of several command line options from
options_init_from_torrc into smaller isolated functions.
2020-08-14 16:01:02 +01:00
Nick Mathewson
563f8610fd Revise trac.torproject.org urls to refer to gitlab replacements.
Closes #40101.
2020-08-14 09:21:28 -04:00
Nick Mathewson
7915b651d9 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-08-13 14:20:39 -04:00
Nick Mathewson
ef18fb56c9 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-08-13 14:20:39 -04:00
Nick Mathewson
8669ace2fb Merge branch 'maint-0.4.4' 2020-08-13 14:20:39 -04:00
Nick Mathewson
45d9830493 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-08-13 14:20:39 -04:00
Nick Mathewson
e151442037 Merge remote-tracking branch 'tor-gitlab/mr/62' 2020-08-12 14:37:21 -04:00
Nick Mathewson
f9bb49d870 Fix allocation counting in clean_v2_descs_as_dir test.
Without this fix, running this test on its own would fail.

Fixes bug 40099. Bugfix on ade5005853 in 0.2.8.1-alpha.
2020-08-12 14:25:46 -04:00
Nick Mathewson
06c31b1b79 Remove changes files that have also appeared in 0.4.4 releases. 2020-08-12 08:51:43 -04:00
George Kadianakis
347f87ae9d Merge branch 'maint-0.4.4' 2020-08-12 13:47:59 +03:00
George Kadianakis
5a1918d7e7 Merge remote-tracking branch 'tor-gitlab/mr/107' into maint-0.4.4 2020-08-12 13:47:34 +03:00
George Kadianakis
c591a0d246 Merge branch 'maint-0.4.4' 2020-08-12 13:23:33 +03:00
George Kadianakis
8e9edb93be Merge remote-tracking branch 'tor-gitlab/mr/104' into maint-0.4.4 2020-08-12 13:23:08 +03:00
Nick Mathewson
a02002dc99 Lower the minimum value for MaxMemInQueues to 64 MB for relays.
For clients, there is no minimum value; in both cases, we warn if
the value seems too low.

Closes ticket 24308.
2020-08-11 17:01:49 -04:00
Nick Mathewson
d76f8457f3 Merge remote-tracking branch 'tor-gitlab/mr/119' into maint-0.4.4 2020-08-11 12:40:02 -04:00
Nick Mathewson
11961f0bc5 Merge remote-tracking branch 'tor-gitlab/mr/119' 2020-08-11 12:39:30 -04:00
Nick Mathewson
e4ef3c61f7 Merge branch 'maint-0.4.4' 2020-08-11 11:03:25 -04:00
Nick Mathewson
2a7e71c956 Fix "run_check_subsystem_order.sh" to use $PYTHON.
Previously it just used /usr/bin/env/python, which would fail if we
only had a "python3" binary.

Fixes bug 40095; bugfix on 0.4.4.1-alpha.
2020-08-11 11:01:31 -04:00
George Kadianakis
b705cfa024 Merge remote-tracking branch 'tor-gitlab/mr/111' 2020-08-11 15:12:43 +03:00
George Kadianakis
b46942d37f Merge remote-tracking branch 'tor-gitlab/mr/109' 2020-08-11 15:09:12 +03:00
George Kadianakis
b8003fbe99 Merge branch 'maint-0.4.4' 2020-08-11 14:54:26 +03:00
George Kadianakis
ab9c35f043 Merge remote-tracking branch 'tor-gitlab/mr/102' into maint-0.4.4 2020-08-11 14:53:03 +03:00
George Kadianakis
9316ca9f06 Remove a BUG() that could normally trigger in edge-cases. 2020-08-11 14:42:18 +03:00
Nick Mathewson
3eb9331133 Merge remote-tracking branch 'tor-gitlab/mr/110' 2020-08-10 14:51:12 -04:00
Nick Mathewson
24c721de37 Log number of inbound/outbound ipv4/6 conns as part of heartbeat
Closes #29113
2020-08-07 10:45:29 -04:00
Nick Mathewson
afb6ff1739 Validate ed25519 keys and canonicity from circuit_n_conn_done()
Fixes bug 40080. Bugfix on 0.2.7.2-alpha.
2020-08-06 15:59:28 -04:00
Nick Mathewson
dcf5753a83 Changes file for 18106 2020-08-05 16:37:39 -04:00
George Kadianakis
afd88ee87f Merge remote-tracking branch 'tor-gitlab/mr/88' 2020-08-05 14:57:20 +03:00
Neel Chauhan
d1413e04f8 ipv6: Specialize GETINFO address interface for v4 and v6 2020-08-04 13:59:49 -07:00
Nick Mathewson
d89c1799af manual: Describe Sandbox more accurately.
Closes #23378
2020-08-04 14:06:25 -04:00