Commit Graph

23364 Commits

Author SHA1 Message Date
George Kadianakis
56a45eb409 Disable current padding machines.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
George Kadianakis
926fc93be5 Concentrate all TOR_USEC_PER_SEC definitions in a single header file.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
George Kadianakis
dd04917851 Use the new probability distribution code in WTF-PAD.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
2019-01-02 15:25:55 +02:00
George Kadianakis
2ccf326837 Implement and test probability distributions used by WTF-PAD.
This project introduces the prob_distr.c subsystem which implements all the
probability distributions that WTF-PAD needs. It also adds unittests for all of
them.

Code and tests courtesy of Riastradh.

Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
Mike Perry
8ad497bb57 Config option to specify specific MiddleNodes.
Hope is this will make it easier to test on the live tor network.

Does not need to be merged if we don't want to, but will come in handy
for researchers.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:25:55 +02:00
George Kadianakis
a336d816a6 Circuit padding tests.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:25:55 +02:00
Mike Perry
d62340018c Add relay crypto mock points for tests.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:35 +02:00
Mike Perry
9aaf72ea58 Circuit padding implementation.
This implements all of the event handling, state machines, and padding
decisions for circuit padding.

I recommend reviewing this after you look at the call-in points into it from
the rest of Tor.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:31 +02:00
Mike Perry
7be71903da Circuit padding cell event callbacks.
These callbacks allow the padding state machines to react to various types of
sent and received relay cells.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:27 +02:00
Mike Perry
43701e1ebe Circuit padding machine creation events.
These event callbacks allow circuit padding to decide when to attempt to
launch and negotiate new padding machines, and when to tear old ones down.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:23 +02:00
Mike Perry
4ca1df6b32 Add padding negotiation trunnel output.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:20 +02:00
Mike Perry
659a4f06d4 Circuit padding ProtoVer plumbing.
This helps us to determine if a middle node can pad to us or not.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:16 +02:00
Mike Perry
70e9245f6f Initialize circuit padding machines and global state.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:13 +02:00
Mike Perry
2f7b5a2d44 Hook up circuit padding to circuit_t.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:09 +02:00
Mike Perry
2a24e21fb0 Circuit padding header.
This is a good code review start point, to get an overview of the interfaces
and types used in circuit padding.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:09:37 +02:00
Mike Perry
3ba7581129 Provide a smartlist reverse-order traversal.
We need this for padding negotiation so that we can have later machine
revisions supercede earlier ones.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:09:13 +02:00
Kris Katterjohn
c11247e957 Fix a buffer overflow in setup_cfg() in src/test/test_voting_flags.c
signed_descriptor_digest has a length of DIGEST_LEN but the memset
used to fill it used DIGEST256_LEN.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2018-12-23 17:46:08 -06:00
Nick Mathewson
99713b176b Merge branch 'maint-0.3.5' 2018-12-21 15:42:58 -05:00
Nick Mathewson
a9eec33649 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-21 15:42:57 -05:00
Nick Mathewson
70dd6d07bb Merge branch 'orconn-tracker_squashed' 2018-12-21 14:22:11 -05:00
Taylor Yu
f0f971409a Add tests for bootstrap tracker
Part of ticket 27617.
2018-12-21 14:15:35 -05:00
Taylor Yu
85542ee5a0 The big bootstrap phase redefinition
Redefine the set of bootstrap phases to allow display of finer-grained
progress in the early connection stages of connecting to a relay.

This includes adding intermediate phases for proxy and PT connections.

Also add a separate new phase to indicate obtaining enough directory
info to build circuits so we can report that independently of actually
initiating an ORCONN to build the first application circuit.
Previously, we would claim to be connecting to a relay when we had
merely finished obtaining directory info.

Part of ticket 27167.
2018-12-21 14:15:35 -05:00
Taylor Yu
936c93e562 Hook up control_event_bootstrap() to btrack_orconn
Replace a few invocations of control_event_bootstrap() with calls from
the bootstrap tracker subsystem.  This mostly leaves behavior
unchanged.  The actual behavior changes come in the next commit.

Part of ticket 27167.
2018-12-21 14:15:35 -05:00
Taylor Yu
9d29abb34e Add a comment about bto_update_best. 2018-12-21 14:15:21 -05:00
Nick Mathewson
fd58e5e498 Fix priority on process subsystem level: it uses "net" 2018-12-21 14:12:20 -05:00
Nick Mathewson
ab4395d082 Merge branch 'ticket28847' 2018-12-21 13:26:47 -05:00
Alexander Færøy
bc836d559d Don't initialize the process module manually in tests.
It's not longer needed for us to initialize the process module in tests.

See: https://bugs.torproject.org/28847
2018-12-21 13:26:38 -05:00
Alexander Færøy
2322b56389 Fix typo in time_sys.h. 2018-12-21 13:26:38 -05:00
Alexander Færøy
cf4b3dbd44 Use the subsystem list to initialize and shutdown process module.
This patch makes the process module use the subsystem list for
initializing and shutting down.

See: https://bugs.torproject.org/28847
2018-12-21 13:26:38 -05:00
David Goulet
2420e84ba4 mainloop: Reactivate the linked connection event with a non empty list
Linked connections aren't woken up by libevent due to I/O but rather
artificially so we can, by chunks, empty the spooled object(s).

Commit 5719dfb48f (in 0.3.4.1-alpha) made it
that the schedule_active_linked_connections_event would be only called once at
startup but this is wrong because then we would never go through again the
active linked connections.

Fortunately, everytime a new linked connection is created, the event is
activated and thus we would go through the active list again. On a busy relay,
this issue is mitigated by that but on a slower relays or bridge, a connection
could get stuck for a while until a new directory information request would
show up.

Fixes #28717, #28912
2018-12-21 11:25:23 -05:00
Taylor Yu
b0ae6a332a Add bootstrap tracker subsystem
Add a tracker for bootstrap progress, tracking events related to
origin circuit and ORCONN states.  This uses the ocirc_event and
orconn_event publish-subscribe subsystems.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
b0f974633a Add LD_BTRACK log domain for bootstrap tracker
Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
a0b4fa1f16 Add origin circuit event pubsub system
Add a publish-subscribe subsystem to publish messages about changes to
origin circuits.

Functions in circuitbuild.c and circuitlist.c publish messages to this
subsystem.

Move circuit event constants out of control.h so that subscribers
don't have to include all of control.h to take actions based on
messages they receive.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
271b50f54a Add ORCONN event pubsub system
Add a publish-subscribe subsystem to publish messages about changes to
OR connections.

connection_or_change_state() in connection_or.c and
control_event_or_conn_event() in control.c publish messages to this
subsystem via helper functions.

Move state constants from connection_or.h to orconn_state.h so that
subscribers don't have to include all of connection_or.h to take
actions based on changes in OR connection state.  Move event constants
from control.h for similar reasons.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
308dde0c38 Remove unused old_state var in connection_or.c
connection_or_change_state() saved an old_state to pass to
channel_tls_handle_state_change_on_orconn(), which promptly cast it to
void.  Remove this unused variable and parameter.
2018-12-20 17:54:49 -06:00
Nick Mathewson
e4109020e9 Merge remote-tracking branch 'tor-github/pr/609' 2018-12-20 16:42:35 -05:00
Alexander Færøy
ab0d7d2dd4 Escape the PT K/V data before sending it to the logger.
See: https://bugs.torproject.org/28846
2018-12-20 19:05:50 +01:00
Nick Mathewson
5c85ba3077 Merge remote-tracking branch 'tor-github/pr/608' 2018-12-20 11:42:26 -05:00
Nick Mathewson
22c5ad682c Add base32 to the round-trip fuzzer 2018-12-20 08:37:04 -05:00
Alexander Færøy
01819faaba Remove Process initializer/shutdown function from main.c.
See: https://bugs.torproject.org/28847
2018-12-20 14:36:59 +01:00
Nick Mathewson
a517daa56f base32_decode(): Return number of bytes written on success.
This makes it consistent with base64_decode().

Closes ticket 28913.
2018-12-20 08:36:25 -05:00
Alexander Færøy
f7e175db57 Forward declare smartlist_t in process.h
This allows other libraries to include process.h without including
the smartlist_t headers first.

See: https://bugs.torproject.org/28847
2018-12-20 14:36:04 +01:00
Nick Mathewson
973a5db808 Merge remote-tracking branch 'tor-github/pr/445' 2018-12-20 07:53:57 -05:00
Alexander Færøy
7762088967 No need to log ordinary EOF conditions as LOG_WARN.
Let's not use log_warn() when a pipe is closed under what should be
considered normal conditions.

See: https://bugs.torproject.org/28179
2018-12-20 13:12:53 +01:00
Alexander Færøy
412fbe9f17 Make example CancelIoEx() code use CancelIo().
This patch changes the CancelIoEx() example code to use CancelIo(),
which is available for older versions of Windows too. I still think the
kernel handles this nicely by sending broken pipes if either side
closes the pipe while I/O operations are pending.

See: https://bugs.torproject.org/28179
2018-12-20 13:11:24 +01:00
Alexander Færøy
f58e597d42 Handle ERROR_BROKEN_PIPE in completion routines.
Handle `ERROR_BROKEN_PIPE` from ReadFileEx() and WriteFileEx() in
process_win32_stdin_write_done() and
process_win32_handle_read_completion() instead of in the early handler.
This most importantmly makes sure that `reached_eof` is set to true when
these errors appears.

See: https://bugs.torproject.org/28179
2018-12-20 13:04:49 +01:00
Alexander Færøy
36e24782f8 Remember to set reached_eof when our handles are reporting errors.
This patch adds some missing calls to set `reached_eof` of our handles
when various error conditions happens or when we close our handle (which
happens at `process_terminate()`.

See: https://bugs.torproject.org/28179
2018-12-20 13:02:22 +01:00
Alexander Færøy
c6e041e3d8 Handle errors even after success from ReadFileEx() and WriteFileEx().
This patch adds some additional error checking after calls to
ReadFileEx() and WriteFileEx(). I have not managed to get this code to
reach the branch where `error_code` is NOT `ERROR_SUCCESS`, but MSDN
says one should check for this condition so we do so just to be safe.

See: https://bugs.torproject.org/28179
2018-12-20 12:57:20 +01:00
Alexander Færøy
44586a89ef Delay checking process for termination until both stdout and stderr are closed.
This patch makes us delay checking for whether we have an exit code
value (via GetExitCodeProcess()) until both stdout and stderr have been
closed by the operating system either by the process itself or by
process cleanup after termination.

See: https://bugs.torproject.org/28179
2018-12-20 12:53:28 +01:00
Alexander Færøy
1d8dcb416c Remember to close the child process' ends of the pipes.
This prevents us from leaking the HANDLE for stdout, stderr, and stdin.

See: https://bugs.torproject.org/28179
2018-12-20 12:47:04 +01:00
Alexander Færøy
fe2f4f3ec5 Remember to check for whether we actually did exit in tests.
See: https://bugs.torproject.org/28179
2018-12-20 12:45:52 +01:00
Alexander Færøy
4efe4cc2f9 Add support for STATUS messages from Pluggable Transports.
This patch adds support for the new STATUS message that PT's can emit
from their standard out. The STATUS message uses the `config_line_t` K/V
format that was recently added in Tor.

See: https://bugs.torproject.org/28846
2018-12-20 03:55:02 +01:00
Alexander Færøy
426c52b377 Use K/V parser to handle LOG messages for pluggable transports.
This patch changes the LOG pluggable transport message to use the recent
K/V parser that landed in Tor. This allows PT's to specify the log
severity level as well as the message. A mapping between the PT log
severity levels and Tor's log serverity level is provided.

See: https://bugs.torproject.org/28846
2018-12-20 03:41:28 +01:00
Nick Mathewson
1c47459e5a Merge branch 'maint-0.3.5' 2018-12-19 15:36:08 -05:00
Nick Mathewson
b7018b1a24 Merge branch 'ticket28883_035' into maint-0.3.5 2018-12-19 15:36:03 -05:00
Nick Mathewson
ed0bc85ed0 Merge branch 'ticket28853' 2018-12-18 18:59:56 -05:00
Nick Mathewson
bb091da1e7 Merge branch 'ticket28839_v2_squashed' 2018-12-18 18:59:05 -05:00
Nick Mathewson
7113a339dc Avoid a needless decode/re-encode step in assigning onion keys
Previously we had decoded the asn.1 to get a public key, and then
discarded the asn.1 so that we had to re-encode the key to store it
in the onion_pkey field of a microdesc_t or routerinfo_t.

Now we can just do a tor_memdup() instead, which should be loads
faster.
2018-12-18 18:58:08 -05:00
Nick Mathewson
0556942284 Use a single path for all PEM-like objects in get_next_token()
Previously, we would decode the PEM wrapper for keys twice: once in
get_next_token, and once later in PEM decode.  Now we just do all of
the wrapper and base64 stuff in get_next_token, and store the
base64-decoded part in the token object for keys and non-keys alike.

This change should speed up parsing slightly by letting us skip a
bunch of stuff in crypto_pk_read_*from_string(), including the tag
detection parts of pem_decode(), and an extra key allocation and
deallocation pair.

Retaining the base64-decoded part in the token object will allow us
to speed up our microdesc parsing, since it is the asn1 portion that
we actually want to retain.
2018-12-18 18:58:08 -05:00
Nick Mathewson
372df7a630 Merge branch 'maint-0.3.5' 2018-12-18 13:56:22 -05:00
Nick Mathewson
26bbeb298d Merge branch 'bug28612_squashed' into maint-0.3.5 2018-12-18 13:55:57 -05:00
Nick Mathewson
1c2abea30a Call run_tor_main_loop() in ntmain.c, rather than do_main_loop().
Fixes bug 28612; bugfix on 0.3.5.3-alpha.
2018-12-18 13:55:08 -05:00
Nick Mathewson
0af0f78dff Merge branch 'maint-0.3.5' 2018-12-18 13:52:39 -05:00
Nick Mathewson
702fd6f0f2 Merge branch 'ticket28881_035' into maint-0.3.5 2018-12-18 13:52:36 -05:00
Nick Mathewson
4894d44ab8 Always initialize addr in parse_port_config()
It was always analyzed before use, but scan-build wasn't able to
persuade itself of that.

Closes ticket 28881.
2018-12-18 13:52:25 -05:00
Nick Mathewson
a3e6f2467b Merge remote-tracking branch 'tor-github/pr/595' 2018-12-18 13:51:21 -05:00
Alexander Færøy
ca7a2ecc51 Avoid breaking the event loop prematurely.
This patch makes sure that we terminate the event loop from the event
loop timer instead of directly in the process' exit handler. This allows
us to run the event loop an additional time to ensure that the SleepEx()
call on Windows is called and the data from stdout/stderr is delivered
to us.

Additionally we ensure that we don't try to read or write data from a
Unix process that have been terminated in the main loop, since its file
descriptors are closed at that time.

See: https://bugs.torproject.org/28179
2018-12-18 13:35:29 -05:00
Nick Mathewson
bf71dce01a Bump version to 0.3.5.6-rc-dev 2018-12-18 13:33:49 -05:00
Nick Mathewson
c61cd5775c Revert "Log bootstrap tag names"
This reverts commit 1b855af5e3.
2018-12-18 08:09:43 -05:00
Nick Mathewson
d8f41c2870 Bump to 0.3.5.6-rc 2018-12-18 08:04:04 -05:00
rl1987
c659603ac5 Unit test to check that we can parse NETINFO cell with unsupported address type 2018-12-18 12:11:33 +02:00
rl1987
c92c0cbc9f Actually allow unrecognized address types in NETINFO cell
Ignore the address value instead of failing with error condition in case
unrecognized address type is found.
2018-12-18 12:10:08 +02:00
Nick Mathewson
8a01f0eaab lib/process may include lib/buf. 2018-12-17 17:58:49 -05:00
Nick Mathewson
4ad59bfbc2 Update location of buffers.h 2018-12-17 17:01:50 -05:00
Nick Mathewson
e969d9c6b4 Merge branch 'ticket28179_squashed' into ticket28179_squashed_merged 2018-12-17 16:41:01 -05:00
Alexander Færøy
c8b8b15f0e Ensure that line_size >= 1 before trying to trim input string.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
651cdd05b7 Add an additional space when we check for the PROTO_LOG handler.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
fab22509d7 Make Windows process event timer API available for dormant interface.
This patch changes the API of the Windows backend of the Process
subsystem to allow the dormant interface to disable the Process event
timer.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
a33a77d9cd Document the format of process_t::arguments.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
0d796cce17 Use errno directly if we are not reading/writing from/to a socket.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
cacdd29087 Use const char * instead of char * for line parameter for process callbacks.
This patch changes the type definition of the process callbacks to use
`const char *` instead of `char *`.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ec2ae3ed8b Change EVENT_TRANSPORT_LOG to EVENT_PT_LOG.
This patch changes our EVENT_TRANSPORT_LOG event to be EVENT_PT_LOG. The
new message includes the path to the PT executable instead of the
transport name, since one PT binary can include multiple transport they
sometimes might need to log messages that are not specific to a given
transport.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
5585cbd08f Change the Process exit_callback to return bool.
This patch changes our process_t's exit_callback to return a boolean
value.  If the returned value is true, the process subsystem will call
process_free() on the given process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
22cb3c6ce9 Call close() on stdin/stdout/stderr in process_terminate().
Call close() on all process handles after we have called kill(pid,
SIGTERM).

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
bc6983afed Use run_main_loop_until_done() for process_t tests.
This patch changes the slow process_t tests to use
run_main_loop_until_done() instead of do_main_loop() since
do_main_loop() initializes a lot of subsystem callbacks that we don't
need to run in our tests.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
6e508e9eb4 Fix tests on kqueue() based platforms.
This patch disables fork()'ing of the slow process tests. This fixes the
tests on the MacOS and other kqueue() based platforms.

Without this patch the main loop exits eearly with EBADF as error.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ccc1963890 Move remaining code from subprocess.{h,c} to more appropriate places.
This patch moves the remaining code from subprocess.{h,c} to more
appropriate places in the process.c and process_win32.c module.

We also delete the now empty subprocess module files.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
f7d13425fc Delete old process_handle_t code.
This patch removes the old process_handle_t code. Everything should by
now be using the process_t interface.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
289ed0849d Add tests for process environment functionality of process_t.
This patch adds tests for the process_environment_t interaction in
process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
9b6a10a26f Add slow test for process_t for main loop interaction.
This patch adds test cases for process_t which uses Tor's main loop.
This allows us to test that the callbacks are actually invoked by the
main loop when we expect them.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e3ceaebba2 Add support for logging messages from pluggable transports.
This patch adds support for the "LOG" protocol message from a pluggable
transport. This allows pluggable transport developers to relay log
messages from their binary to Tor, which will both emit them as log
messages from the Tor process itself, but also pass them on via the
control port.

See: https://bugs.torproject.org/28180
See: https://bugs.torproject.org/28181
See: https://bugs.torproject.org/28182
2018-12-17 16:39:28 -05:00
Alexander Færøy
bfb94dd2ca Use process_t for managed proxies.
This patch makes the managed proxy subsystem use the process_t data
structure such that we can get events from the PT process while Tor is
running and not just when the PT process is being configured.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ad4cc89c5d Add "PT" log domain.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
b0d268a822 Add process_reset_environment() to the Process subsystem.
This patch adds a new function that allows us to reset the environment
of a given process_t with a list of key/value pairs.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
4f611a1df7 Add process_terminate().
This patch adds support for process termination to the Process
subsystem.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
338137221c Make sure we call process_notify_event_exit() as the last thing in different callbacks.
This patch makes sure that we call process_notify_event_exit() after we
have done any modifications we need to do to the state of a process_t.
This allows application developers to call process_free() in the
exit_callback of the process.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e982fb1dae Add documentation for the is_socket and error argument of read_to_chunk().
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
89393a77e5 Add process_get_pid() to the Process subsystem.
This patch adds support for getting the unique process identifier from a
given process_t. This patch implements both support for both the Unix
and Microsoft Windows backend.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
bb784cf4f3 Add Windows backend for the Process subsystem.
This patch adds support for Microsoft Windows in the Process subsystem.

Libevent does not support mixing different types of handles (sockets,
named pipes, etc.) on Windows in its core event loop code. This have
historically meant that Tor have avoided attaching any non-networking
handles to the event loop. This patch uses a slightly different approach
to roughly support the same features for the Process subsystem as we do
with the Unix backend.

In this patch we use Windows Extended I/O functions (ReadFileEx() and
WriteFileEx()) which executes asynchronously in the background and
executes a completion routine when the scheduled read or write operation
have completed. This is much different from the Unix backend where the
operating system signals to us whenever a file descriptor is "ready" to
either being read from or written to.

To make the Windows operating system execute the completion routines of
ReadFileEx() and WriteFileEx() we must get the Tor process into what
Microsoft calls an "alertable" state. To do this we execute SleepEx()
with a zero millisecond sleep time from a main loop timer that ticks
once a second.  This moves the process into the "alertable" state and
when we return from the zero millisecond timeout all the outstanding I/O
completion routines will be called and we can schedule the next reads
and writes.

The timer loop is also responsible for detecting whether our child
processes have terminated since the last timer tick.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
2e957027e2 Add Unix backend for the Process subsystem.
This patch adds the Unix backend for the Process subsystem. The Unix
backend attaches file descriptors from the child process's standard in,
out and error to Tor's libevent based main loop using traditional Unix
pipes. We use the already available `waitpid` module to get events
whenever the child process terminates.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
35509978dd Add new Process subsystem.
This patch adds a new Process subsystem for running external programs in
the background of Tor. The design is focused around a new type named
`process_t` which have an API that allows the developer to easily write
code that interacts with the given child process. These interactions
includes:

- Easy API for writing output to the child process's standard input
  handle.
- Receive callbacks whenever the child has output on either its standard
  output or standard error handles.
- Receive callback when the child process terminates.

We also support two different "protocols" for handling output from the
child process. The default protocol is the "line" protocol where the
process output callbacks will be invoked only when there is complete
lines (either "\r\n" or "\n" terminated). We also support the "raw"
protocol where the read callbacks will get whatever the operating system
delivered to us in a single read operation.

This patch does not include any operating system backends, but the Unix
and Windows backends will be included in separate commits.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Taylor R Campbell
ed71e1e89c Create a temporary directory for tor's DataDirectory in test_rebind.
Fixes #28562.

While here, put the argument count test and usage message _before_ we
attempt to read from sys.argv.
2018-12-17 10:32:28 -05:00
Nick Mathewson
315c21d2e2 test_rebind: wait for tor to timeout, even if it is logging a lot
Fixes bug 28883; bugfix on 0.3.5.4-alpha.
2018-12-17 09:53:17 -05:00
Nick Mathewson
ce3d501040 Fix null-pointer-deref warning from scan-build in test_hs_service.c 2018-12-17 09:28:33 -05:00
Nick Mathewson
d58a597a55 Fix dead assignment warning in test_hs_service.c 2018-12-17 09:28:08 -05:00
Nick Mathewson
f50558ce8c Fix dead-assignment warning in test_shared_random.c 2018-12-17 09:27:40 -05:00
Nick Mathewson
82fb40c8dc Fix dead-assignment warnings in test_config.c
Found by scan-build.
2018-12-17 09:26:57 -05:00
Nick Mathewson
16199a54a2 Check hostname before using it in send_resolved_hostname_cell()
Also, turn an absent hostname into a BUG(), not a crash.

Found by scan-build.

Closes ticket 28879; bugfix on 0.1.2.7-alpha
2018-12-17 09:15:37 -05:00
Nick Mathewson
29254812a3 Remove strcmp_len(): it is now unused
(See 28856.)
2018-12-17 09:04:25 -05:00
Nick Mathewson
a0fad3981e Replace use of strcmp_len() with new mem_eq_token().
The strcmp_len() function was somewhat misconceived, since we're
only using it to test whether a length+extent string is equal to a
NUL-terminated string or not.  By simplifying it and making it
inlined, we should be able to make it a little faster.

(It *does* show up in profiles.)

Closes ticket 28856.
2018-12-17 09:03:04 -05:00
rl1987
5b2acbec0e Refrain from closing connection if found one unrecognized address in NETINFO cell 2018-12-16 10:19:37 +02:00
rl1987
3bec371d04 Refrain from hardcoding address length and type in netinfo.trunnel 2018-12-16 10:05:35 +02:00
Nick Mathewson
3dd1f064a7 Rewrite the core of parse_short_policy() to be faster.
The old implementation did some funky out-of-order lexing, and
tended to parse every port twice if the %d-%d pattern didn't match.

Closes ticket 28853.
2018-12-14 16:07:10 -05:00
Nick Mathewson
9dc53bc68f Remove a needless memset() in get_token_arguments()
I believe we originally added this for "just in case" safety, but it
isn't actually needed -- we never copy uninitialized stack here.
What's more, this one memset is showing up on our startup profiles,
so we ought to remove it.

Closes ticket 28852.
2018-12-14 14:48:12 -05:00
Nick Mathewson
6dc90d290d Use 25% less RAM for base64-encoded directory objects
We were allocating N bytes to decode an N-byte base64 encoding,
when 3N/4 would have been enough.
2018-12-14 13:51:51 -05:00
Nick Mathewson
3c35c0d441 Add a function to provide an upper bound on base64 decoded length 2018-12-14 13:51:51 -05:00
Nick Mathewson
cf7342ab6f Add a benchmark for parsing a microdescriptor 2018-12-14 13:51:51 -05:00
Rob Jansen
325348b360 allow any value for HearbeatPeriod in testing Tor networks 2018-12-14 09:22:23 -05:00
Nick Mathewson
4bc3983f64 Add a DROPOWNERSHIP controller command to undo TAKEOWNERSHIP.
Closes ticket 28843.
2018-12-13 19:35:02 -05:00
Nick Mathewson
f8dac5c900 Merge branch 'maint-0.3.5' 2018-12-13 19:01:29 -05:00
Nick Mathewson
94a7998158 Merge remote-tracking branch 'tlyu-github/ticket28731-035' into maint-0.3.5 2018-12-13 18:57:00 -05:00
Nick Mathewson
041e9235c1 Lower the loop_max constant in curve25519_basepoint_spot_check()
The point of this function is to make sure that the ed25519-based
implementation of curve25519_basepoint() actually works when we
start tor, and use the regular fallback implementation if it
doesn't.  But it accounts for 9% of our startup time in the case
when we have directory information, and I think it's safe to make
the test shorter.  After all, it has yet to find any actual bugs in
curved25519_scalarmult_basepoint_donna() on any platforms.

Closes ticket 28838.
2018-12-13 11:26:09 -05:00
Nick Mathewson
69264f96f3 Merge branch 'dormant_persist_squashed' 2018-12-13 08:26:10 -05:00
Nick Mathewson
e3b7fd2a81 Unit tests for back-end functions for persistent dormant state 2018-12-13 08:25:54 -05:00
Nick Mathewson
b5c04173c8 Change interaction between dormant mode and clock jumps.
When the clock jumps, and we have a record of last user activity,
adjust that record.  This way if I'm inactive for 10 minutes and
then the laptop is sleeping for an hour, I'll still count as having
been inactive for 10 minutes.

Previously, we treat every jump as if it were activity, which is
ridiculous, and would prevent a Tor instance with a jumpy clock from
ever going dormant.
2018-12-13 08:25:54 -05:00
Nick Mathewson
4afc6b172a Merge branch 'ticket28755_v2_squashed' 2018-12-12 11:07:38 -05:00
Nick Mathewson
845e8dbe59 Fuzzing module for various string operations, currently focusing on
encoding and decoding.

There are bunches of places where we don't want to invest in a full
fuzzer, but we would like to make sure that some string operation
can handle all its possible inputs.  This fuzzer uses the first byte
of its input to decide what to do with the rest of the input.  Right
now, all the possibilities are decoding a string, and seeing whether
it is decodeable.  If it is, we try to re-encode it and do the whole
thing again, to make sure we get the same result.

This turned up a lot of bugs in the key-value parser, and I think it
will help in other cases too.

Closes ticket 28808.
2018-12-12 11:07:08 -05:00
Nick Mathewson
f0a8664677 Add code to parse K=V lines into config_line_t format.
Closes ticket 28755
2018-12-12 11:07:08 -05:00
Nick Mathewson
b915b6cd21 Merge remote-tracking branch 'github/prop297' 2018-12-11 09:44:57 -05:00
Nick Mathewson
6506b1ee9f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-12-11 09:41:05 -05:00
Nick Mathewson
e1273d7d1b Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-11 09:41:05 -05:00
Nick Mathewson
27e4269929 Merge branch 'maint-0.3.5' 2018-12-11 09:41:05 -05:00
Nick Mathewson
c1f9191581 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-12-11 09:41:04 -05:00
Nick Mathewson
ce501a529f Merge remote-tracking branch 'catalyst-github/ticket27402' 2018-12-11 09:37:41 -05:00
Taylor Yu
1b855af5e3 Log bootstrap tag names
Add the bootstrap tag name to the log messages, so people
troubleshooting connection problems can look up a symbol instead of a
number.  Closes ticket 28731.
2018-12-10 17:22:28 -06:00
teor
4991b29311 Fallbacks: Update the hard-coded fallback list in December 2018
Merge Phoul's two lists into teor's list.

Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
January 2018 (of which ~115 were still functional), with a list of
157 fallbacks (92 new, 65 existing, 85 removed) generated in
December 2018.

Closes ticket 24803.
2018-12-10 17:02:19 +10:00
teor
78e177d622 Fallbacks: Update the hard-coded fallback list in December 2018
Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
January 2018 (of which ~115 were still functional), with a list of
148 fallbacks (89 new, 59 existing, 91 removed) generated in
December 2018.

Closes ticket 24803.
2018-12-07 16:43:10 +10:00
Nick Mathewson
2ccb9e9444 Merge branch 'maint-0.3.5' 2018-12-06 09:26:34 -05:00
Nick Mathewson
c1f86f7492 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-06 09:26:33 -05:00
Nick Mathewson
c4f7953d8b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-12-06 09:26:32 -05:00
Nick Mathewson
00341d97f3 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-12-06 09:26:32 -05:00
Karsten Loesing
57798eb1cb Update geoip and geoip6 to the December 5 2018 database. 2018-12-05 21:02:39 +01:00
Nick Mathewson
46a321fbdd Merge branch 'maint-0.3.5' 2018-12-05 10:25:12 -05:00
Nick Mathewson
967efc0d28 Merge remote-tracking branch 'tor-github/pr/546' into maint-0.3.5 2018-12-05 10:23:28 -05:00
Nick Mathewson
1eb3719a62 Merge remote-tracking branch 'public/prop298' 2018-12-05 09:43:03 -05:00
Nick Mathewson
1f95e80351 Merge branch 'prop293_squashed' 2018-12-05 09:24:51 -05:00
Nick Mathewson
a2f81b644b Write tests for mark_my_descriptor_dirty_if_too_old() 2018-12-05 09:24:45 -05:00
Nick Mathewson
00509aaafa Merge remote-tracking branch 'tor-github/pr/553' 2018-12-05 08:28:54 -05:00
Nick Mathewson
ca4b86f90a Merge remote-tracking branch 'tor-github/pr/508' 2018-12-05 08:19:02 -05:00
Nick Mathewson
c01507a5fe remember why we are doing getsockopt() 2018-12-05 08:14:21 -05:00
David Goulet
cec616a0c8 hs-v3: Don't BUG() if descriptor is found on SOCKS connection retry
When retrying all SOCKS connection because new directory information just
arrived, do not BUG() if a connection in state AP_CONN_STATE_RENDDESC_WAIT is
found to have a usable descriptor.

There is a rare case when this can happen as detailed in #28669 so the right
thing to do is put that connection back in circuit wait state so the
descriptor can be retried.

Fixes #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
43bd4d7509 hs-v3: Add the helper function mark_conn_as_waiting_for_circuit
This helper function marks an entry connection as pending for a circuit and
changes its state to AP_CONN_STATE_CIRCUIT_WAIT. The timestamps are set to
now() so it can be considered as new.

No behaviour change, this helper function will be used in next commit.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
00b59d9281 conn: Use connection_ap_mark_as_waiting_for_renddesc()
Use the helper function connection_ap_mark_as_waiting_for_renddesc()
introduced in previous commit everywhere in the code where an AP connection
state is transitionned to AP_CONN_STATE_RENDDESC_WAIT.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:10:00 -05:00
David Goulet
d0682fe0f1 conn: Add an helper to mark a connection as waiting for an HS descriptor
The transition for a connection to either become or go back in
AP_CONN_STATE_RENDDESC_WAIT state must make sure that the entry connection is
_not_ in the waiting for circuit list.

This commit implements the helper function
connection_ap_mark_as_waiting_for_renddesc() that removes the entry connection
from the pending list and then change its state. This code pattern is used in
many places in the code where next commit will remove this code duplication to
use this new helper function.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:00:08 -05:00
Nick Mathewson
4f55884315 Add an option to start tor in dormant mode for the first time. 2018-12-04 12:08:24 -05:00
Nick Mathewson
b25b8150c2 Remember in our state file how long we've spent since user activity
Rather than initializing the "Dormant" status to "off" and the "last
activity" count to "now", initialize them based on our state file:
stay dormant if we were dormant, or remember the amount of time
we've spent inactive.
2018-12-04 11:59:11 -05:00
Nick Mathewson
31a6d9f499 Add tests for parsing each routerstatus flag. 2018-12-03 13:40:08 -05:00
Nick Mathewson
92af8e5113 Add a framework for testing set_routerstatus_from_routerinfo().
Additionally, use it to test that is_staledesc is set correctly.

Eventually we'll want to test all the other flags, but I'm aiming
for only adding coverage on the changed code here.
2018-12-03 13:22:23 -05:00
Nick Mathewson
417a324a85 Make input argument const in set_routerstatus_from_routerinfo. 2018-12-03 12:34:29 -05:00
Nick Mathewson
32213fa9ad Keep list of dirauth flags in sync between dirvote.c and fuzz_vrs.c
Suggested by Teor on PR
2018-12-03 12:18:45 -05:00
rl1987
db9ab3754a Print error message we get from socket.connect_ex when it fails 2018-12-03 14:49:33 +02:00
rl1987
25f3b82445 More logging for #28229 2018-12-03 14:40:37 +02:00
rl1987
9369152aae Check that new listener connection is actually listening 2018-12-03 14:28:32 +02:00
Nick Mathewson
0d9dc13e08 Merge remote-tracking branch 'tor-github/pr/544' 2018-12-02 19:50:04 -05:00
Nick Mathewson
8221b5d587 Merge remote-tracking branch 'tor-github/pr/559' 2018-12-02 19:38:40 -05:00
teor
612b21b8ea
comment: replace cached-routers with cached-descriptors
cached-routers has been gone for a long time
2018-12-03 10:19:34 +10:00
Nick Mathewson
0015d00842 Use tor_strdup() in place of malloc+strncpy+terminate. 2018-12-01 20:46:06 -05:00
Nick Mathewson
8accf71c44 Merge remote-tracking branch 'tor-github/pr/556' 2018-12-01 20:35:38 -05:00
Nick Mathewson
2b2b97484a Merge branch 'ticket27490a_squashed' 2018-12-01 20:32:18 -05:00
Neel Chauhan
ad031b64ce Add regression test for ClientAutoIPv6ORPort 2018-12-01 14:55:57 -05:00
Neel Chauhan
81f2828d67 In fascist_firewall_use_ipv6(), say we can use IPv6 if ClientAutoIPv6ORPort is 1 2018-12-01 14:55:57 -05:00
Neel Chauhan
822cb93cab Add new option ClientAutoIPv6ORPort to switch between IPv4 and IPv6 OR ports 2018-12-01 14:55:57 -05:00
rl1987
353d2a091d Fix coverage build 2018-12-01 14:31:17 -05:00
rl1987
39e158db36 tor-resolve: Rework SOCKS5 response parsing with trunnel 2018-12-01 14:31:17 -05:00
rl1987
8b9d6581f6 tor-resolve: Rework SOCKS5 method negotiation client part with trunnel 2018-12-01 14:31:17 -05:00
rl1987
1051969a1d tor-resolve: parse SOCKS4a reply 2018-12-01 14:31:17 -05:00
rl1987
d49baa77b5 Allow socks4_server_reply version to be 0 (for tor-resolve) 2018-12-01 14:31:17 -05:00
rl1987
83af6d6149 tor-resolve: Use trunnel code for SOCKS5 request generation 2018-12-01 14:31:17 -05:00
rl1987
30582b940e tor-resolve: link tor-resolve binary with trunnel lib 2018-12-01 14:31:17 -05:00
rl1987
a2bb172225 tor-resolve: generate SOCKS4a request with trunnel 2018-12-01 14:31:17 -05:00
Nick Mathewson
701eaef980 Move net.inet.ip.random_id code to lib/net/ 2018-12-01 11:36:03 -05:00
Nick Mathewson
d4d4a4b2dd Merge remote-tracking branch 'tor-github/pr/527' 2018-12-01 11:30:53 -05:00
Nick Mathewson
51d94cea33 Merge branch 'maint-0.3.5' 2018-12-01 11:26:55 -05:00
Nick Mathewson
1a97379e5e Merge remote-tracking branch 'tor-github/pr/554' into maint-0.3.5 2018-12-01 11:26:52 -05:00
Nick Mathewson
7e9985b75a Merge remote-tracking branch 'tor-github/pr/536' 2018-12-01 11:24:02 -05:00
Nick Mathewson
af9dc12fab Merge branch 'maint-0.3.5' 2018-12-01 11:20:10 -05:00
rl1987
945c4dfda0 Also log a Tor log entry when it has a substring we are waiting for 2018-12-01 11:18:03 -05:00
rl1987
4c4ed413ee 1 ms. resolution for Tor logs 2018-12-01 11:18:03 -05:00
rl1987
0bb25931dc Log everything from tor down to debug loglevel 2018-12-01 11:18:03 -05:00
rl1987
320f5f30b3 In test_rebind.py, log stuff with timestamps 2018-12-01 11:18:03 -05:00
Nick Mathewson
e3a19b1c78 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-12-01 11:15:09 -05:00
Nick Mathewson
cf3f7753c3 Merge branch 'maint-0.3.5' 2018-12-01 11:15:09 -05:00
Nick Mathewson
e82023d2f7 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-01 11:15:09 -05:00
Taylor Yu
7685f8ad35 Use table lookup for bootstrap_status_to_string
It also no longer distinguishes the case of internal-only paths, which
was often wrong anyway.  Closes ticket 27402.
2018-11-30 16:54:01 -06:00
Taylor Yu
1fe6507d29 Split bootstrap event reporting out of control.c
Part of ticket 27402.
2018-11-30 16:49:44 -06:00
Neel Chauhan
d18a167ff3 sr: Switch from tor_assert() to BUG()
Closes #19566

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-30 12:16:18 -05:00
David Goulet
a51dad4272 test: Fix a warning underflow in rend_cache/clean
Because the test is adding entries to the "rend_cache" directly, the
rend_cache_increment_allocation() was never called which made the
rend_cache_clean() call trigger that underflow warning:

rend_cache/clean: [forking] Nov 29 09:55:04.024 [warn] rend_cache_decrement_allocation(): Bug: Underflow in rend_cache_decrement_allocation (on Tor 0.4.0.0-alpha-dev 2240fe63feb9a8cf)

The test is still good and valid.

Fixes #28660

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-29 10:02:50 -05:00
teor
7a45bc74a4 Dir: when Tor's clock is behind, use a future consensus to bootstrap
When Tor's clock is behind the clocks on the authorities, allow Tor to
bootstrap successfully.

Fixes bug 28591; bugfix on 0.2.0.9-alpha.
2018-11-29 00:50:24 +10:00
teor
bd29b3531a Dir: Refactor ns expiry check to remove duplicate code
Instead of checking NS_EXPIRY_SLOP, use
networkstatus_consensus_reasonably_live().

Preparation for 28591.
2018-11-29 00:50:16 +10:00
Alexander Færøy
2b41b857bd Add LD_PROCESS as log domain.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
31b3a6577c Add buf_flush_to_pipe() and buf_read_from_pipe().
This patch adds two new functions: buf_flush_to_pipe() and
buf_read_from_pipe(), which makes use of our new buf_flush_to_fd() and
buf_read_from_fd() functions.

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
771930b84c Refactor buf_read_from_socket() into buf_read_from_fd().
This patch refactors buf_read_from_socket() into buf_read_from_fd(), and
creates a specialized function for buf_read_from_socket(), which uses
buf_read_from_fd().

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
c71f9df07b Refactor buf_flush_to_socket() into buf_flush_to_fd().
This patch refactors buf_flush_to_socket() into buf_flush_to_fd() and
creates a specialization function for buf_flush_to_socket() that makes
use of buf_flush_to_fd().

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
340260281a Refactor flush_chunk() to work on pipes as well as sockets.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
5f26ae833e Refactor read_to_chunk() such that it supports both pipes and sockets.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
2a3eef4404 Remove unused int pid member of managed_proxy_t.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Nick Mathewson
8a15d0f69b Merge branch 'maint-0.3.5' 2018-11-26 17:25:28 -05:00
Nick Mathewson
feb41b7c30 Merge remote-tracking branch 'teor/bug28096-035-squashed' into maint-0.3.5 2018-11-26 17:24:41 -05:00
Nick Mathewson
c292e505ff Merge remote-tracking branch 'tor-github/pr/539' 2018-11-26 17:22:37 -05:00
Nick Mathewson
fc1ad9ab65 Merge remote-tracking branch 'tor-github/pr/495' 2018-11-26 17:17:40 -05:00
Nick Mathewson
7d8e0cc9ab Merge branch 'dormant_v2_squashed' 2018-11-26 16:33:31 -05:00
Nick Mathewson
02843c4a4e Test for check_network_participation_callback() 2018-11-26 16:32:40 -05:00
Nick Mathewson
55512ef022 Test netstatus.c tracking of user participation status 2018-11-26 16:32:40 -05:00
Nick Mathewson
3743f79695 Add options to control dormant-client feature.
The DormantClientTimeout option controls how long Tor will wait before
going dormant.  It also provides a way to disable the feature by setting
DormantClientTimeout to e.g. "50 years".

The DormantTimeoutDisabledByIdleStreams option controls whether open but
inactive streams count as "client activity".  To implement it, I had to
make it so that reading or writing on a client stream *always* counts as
activity.

Closes ticket 28429.
2018-11-26 16:32:40 -05:00
David Goulet
d37dbb09c2 hs-v3: Do not close RP circuits when deleting an ephemeral service
Bug reported on tor-dev@ and here is the detail explanation of the issue:
https://lists.torproject.org/pipermail/tor-dev/2018-November/013558.html

Fixes bug #28619

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-26 14:45:53 -05:00
rl1987
e92f900191 Try silencing Coverity false positive CID 1441482
Bugfix on 469f47ef8dc8b18104108f0437c860ec88fca6ad; bug not in any released
Tor version.
2018-11-26 17:35:32 +02:00
Nick Mathewson
881b85cf32 Treat the StaleDesc flag as making our descriptor dirty.
Relay side of prop293.
2018-11-25 10:12:20 -05:00
Nick Mathewson
36f808c936 Vote on the StaleDesc flag from prop293
The StaleDesc flag tells relays that they need to upload a new
descriptor soon, or they will drop out of the consensus.
2018-11-25 10:05:13 -05:00
Nick Mathewson
7da06e43da No longer exit for missing required protocolversions on an old consensus
Specifically, if the consensus is older than the (estimted or
measured) release date for this version of tor, we assume that the
required versions may have changed in between that consensus and
this release.

Implements ticket 27735 and proposal 297.
2018-11-24 20:44:37 -05:00
Nick Mathewson
05dee063c8 Emit router families in canonical form
This patch has routers use the same canonicalization logic as
authorities when encoding their family lists.  Additionally, they
now warn if any router in their list is given by nickname, since
that's error-prone.

This patch also adds some long-overdue tests for family formatting.
2018-11-24 16:35:58 -05:00
Nick Mathewson
f82eb6269f Extract get_declared_family() into its own function.
This will help as we refactor it.
2018-11-24 12:11:40 -05:00
Nick Mathewson
0a0c612b79 Add a consensus method in which md families get canonicalized.
Implements prop298. Closes ticket 28266.
2018-11-24 12:01:09 -05:00
Nick Mathewson
d29e3a02d5 Add a function to canonicalize nodefamilies per prop298
This is the same as the regular canonical nodefamily format, except
that unrecognized elements are preserved.
2018-11-24 10:53:38 -05:00
Nick Mathewson
0e9a963b6b Revise nodefamily.c to match proposal 298
Prop298 says that family entries should be formatted with
$hexids in uppercase, nicknames in lower case, $hexid~names
truncated, and everything sorted lexically.  These changes implement
that ordering for nodefamily.c.

We don't _strictly speaking_ need to nodefamily.c formatting use
this for prop298 microdesc generation, but it seems silly to have
two separate canonicalization algorithms.
2018-11-24 10:30:15 -05:00
Taylor R Campbell
997a8b0ca7 Create a temporary directory for tor's DataDirectory in test_rebind.
Fixes #28562.

While here, put the argument count test and usage message _before_ we
attempt to read from sys.argv.
2018-11-23 12:51:39 -05:00
teor
805f75182a Entry Nodes: Test on reasonably live consensuses
As well as live consensuses.

Tests for 24661.
2018-11-22 17:47:12 +10:00
teor
390112d07e Entry Nodes: refactor tests to use macros
Part of 24661.
2018-11-22 17:46:52 +10:00
teor
3741f9e524
Fix a comment typo in test_hs_common.c 2018-11-22 16:56:06 +10:00
teor
cebc39bcd5
Test: make unit tests use a reasonably live consensus
Cleanup after 24661.
2018-11-22 16:54:46 +10:00
teor
657618ba9b
Entry Nodes: Mark outdated dirservers in reasonably live consensuses
Fixes bug 28569; bugfix on Tor 0.3.2.5-alpha.
2018-11-22 16:54:34 +10:00
teor
d1ac5613fc
Entry Nodes: Use a reasonably live consensus to select guards
Fixes bug 24661; bugfix on 0.3.0.1-alpha.
2018-11-22 16:54:22 +10:00
teor
ffc7b81b5d
Test: Fix memory leaks and missing unmocks in entry guard tests
test_entry_guard_outdated_dirserver_exclusion leaks memory, and is
missing some unmocks.

Fixes 28554; bugfix on 0.3.0.1-alpha.
2018-11-22 16:42:32 +10:00
Nick Mathewson
469f47ef8d Fix a fun heisenbug in memoize_protover_flags()
After we clear the protover map for getting full, we need to
re-create it, since we are about to use it.

This is a bugfix for bug 28558. It is a bugfix for the code from
ticket 27225, which is not in any released Tor.  Found by Google
OSS-Fuzz, as issue 11475.
2018-11-21 07:56:33 -05:00
Nick Mathewson
34cadefe34 Merge branch 'maint-0.3.5' 2018-11-20 09:04:35 -05:00
Taylor Yu
0489288aa2 Update control_free_all() for #27169
Reset the added bootstrap tracking state introduced by ticket 27169.
Fixes bug 28524; bugfix on 0.3.5.1-alpha.
2018-11-19 15:48:08 -06:00
Fabian Keil
71651ea4aa Complain if net.inet.ip.random_id is not set on FreeBSD-based servers
Apparently a couple of operators haven't gotten the memos [0] yet
and it looks like FreeBSD's default value will not change any time
soon [1].

[0]:
https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.html
https://lists.torproject.org/pipermail/tor-relays/2014-November/005687.html
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195828

[1]:
https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041942.html
2018-11-19 16:28:00 +01:00
Nick Mathewson
8183640ada Merge branch 'maint-0.3.5' 2018-11-19 10:18:57 -05:00
Alexander Færøy
3260914db0 Add missing library to build tor-print-ed-signing-cert.
To succesful compile tor-print-ed-signing-cert.exe on Windows we
sometimes need to include the @TOR_LIB_GDI@ library.

See: https://bugs.torproject.org/28485
2018-11-19 10:18:44 -05:00
Nick Mathewson
48b08f0592 Merge branch 'ticket27359_v2_squashed' 2018-11-19 08:26:49 -05:00
Nick Mathewson
0e762c0cf5 Test new functions in nodelist.c 2018-11-19 08:26:10 -05:00
Nick Mathewson
4f9548f893 Expose more nodelist.c functions to tests 2018-11-19 08:26:10 -05:00
Nick Mathewson
aa1d767e6b Aim for 100% test coverage on nodefamily.c 2018-11-19 08:26:10 -05:00
Nick Mathewson
426c9561c5 Use nodefamily_t in microdescriptors.
Closes ticket 27359.
2018-11-19 08:26:10 -05:00
Nick Mathewson
83be4d2bbd Backend for compact node-family representation.
This representation is meant to save memory in microdescriptors --
we can't use it in routerinfo_t yet, since those families need to be
encoded losslessly for directory voting to work.

This representation saves memory in three ways:
   1. It uses only one allocation per family.  (The old way used a
      smartlist (2 allocs) plus one strdup per entry.)
   2. It stores identity digests in binary, not hex.
   3. It keeps families in a canonical format, memoizes, and
      reference-counts them.

Part of #27359.
2018-11-19 08:26:10 -05:00
rl1987
411780d563 Make ROUTERLIST_PRUNING_INTERVAL 1 hr. 2018-11-17 10:19:25 +02:00
Nick Mathewson
942c2da48e Bump to 0.3.5.5-alpha-dev 2018-11-16 11:32:04 -05:00
Nick Mathewson
35558c39dd Merge remote-tracking branch 'dgoulet/ticket27471_035_02' into maint-0.3.5 2018-11-16 08:57:56 -05:00
Nick Mathewson
c9906cc3f6 Bump to 0.3.5.5-alpha 2018-11-16 08:28:45 -05:00
Nick Mathewson
fe1fb4b0c3 Merge remote-tracking branch 'public/ticket27686_034' into maint-0.3.4 2018-11-15 17:01:54 -05:00
Nick Mathewson
80a6228aac Merge branch 'bug25573-034-typefix' into maint-0.3.4 2018-11-15 16:58:16 -05:00
Nick Mathewson
15e752e6b1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-15 16:54:56 -05:00
Nick Mathewson
cbe04d4550 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-11-15 16:54:16 -05:00
Nick Mathewson
63312e0299 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-15 16:47:25 -05:00
Nick Mathewson
aebe8a82c9 Merge branch 'bug26913_033' into maint-0.3.3 2018-11-15 16:47:22 -05:00
Nick Mathewson
8569166c70 Merge remote-tracking branch 'public/bug24104_029_squashed' into maint-0.2.9
Resolved conflicts with the 26269 fix in 015fcd0e11.
2018-11-15 16:43:50 -05:00
Nick Mathewson
1e6ffeaeaa Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-15 16:37:41 -05:00
Nick Mathewson
34e4d5a783 Merge remote-tracking branch 'dgoulet/bug27550_033_01' into maint-0.3.3 2018-11-15 16:37:02 -05:00
Nick Mathewson
31cc0d2c0b Merge branch 'maint-0.3.5' 2018-11-15 16:11:29 -05:00
Nick Mathewson
4b6b58ed8e Merge branch 'bug27740_035_fix' into maint-0.3.5 2018-11-15 16:11:06 -05:00
Nick Mathewson
53ccdb6945 Make sure that we are always a net participant when being a server
Otherwise, if we're dormant, and we set ORPort, nothing makes us become
non-dormant.
2018-11-15 11:17:27 -05:00
Nick Mathewson
2f28cd1dc8 Rename and fix docs on FLUSH_ON_DISABLE
Also rename "...flush_and_disable()" to "...schedule_and_disable()"
2018-11-15 11:17:22 -05:00
Nick Mathewson
d0e6abd087 Reset dormancy status when the clock jumps. 2018-11-15 11:17:22 -05:00
Nick Mathewson
ce6209cee4 Add a periodic event to become dormant.
This event makes us become dormant if we have seen no activity in a
long time.

Note that being any kind of a server, or running an onion service,
always counts as being active.

Note that right now, just having an open stream that Tor
did not open on its own (for a directory request) counts as "being
active", so if you have an idle ssh connection, that will keep Tor
from becoming dormant.

Many of the features here should become configurable; I'd like
feedback on which.
2018-11-15 11:17:22 -05:00
Nick Mathewson
2c15b65381 Make the NET_PARTICIPANT role dependent on user activity
This patch implements all of 28337, except for the part where we
turn off the role if we've been idle for a long time.
2018-11-15 11:17:22 -05:00
Nick Mathewson
ccbb36048f write_stats_file() is indeed NET_PARTICIPANT; remove comment. 2018-11-15 11:17:22 -05:00
Nick Mathewson
dc21f1f662 reset_padding_counts is only once per 24h; it can be all. 2018-11-15 11:17:22 -05:00
Nick Mathewson
4bf79fa4fa Turn second_elapsed_callback into a normal periodic event. 2018-11-15 11:17:22 -05:00
Nick Mathewson
303e5c70e0 Move the responsibility for delayed shutdown into the mainloop
This is part of 28422, so we don't have to call
consider_hibernation() once per second when we're dormant.

This commit does not remove delayed shutdown from hibernate.c: it
uses it as a backup shutdown mechanism, in case the regular shutdown
timer mechanism fails for some reason.
2018-11-15 11:17:22 -05:00
Nick Mathewson
e535ec8542 Remove run_scheduled_events() as a separate function.
(There was nothing else in second_elapsed_callbck() that couldn't go
here.)
2018-11-15 11:17:22 -05:00
Nick Mathewson
a0380b705d Move control_per_second_events() into a callback with its own role
Part of making extra-dormant mode work; closes ticket 28421.
2018-11-15 11:17:22 -05:00
Nick Mathewson
db53bfe8f7 Annotate 1/s callback elements with NET_PARTICIPANT status. 2018-11-15 11:17:22 -05:00
Nick Mathewson
b9a88bd53a Add new "ALL" and "NET_PARTICIPANT" roles for periodic events
The previous "ALL" role was the OR of a bunch of other roles,
which is a mistake: it's better if "ALL" means "all".

The "NET_PARTICIPANT" role refers to the anything that is actively
building circuits, downloading directory information, and
participating in the Tor network.  For now, it is set to
!net_is_disabled(), but we're going to use it to implement a new
"extra dormant mode".

Closes ticket 28336.
2018-11-15 11:17:22 -05:00
Nick Mathewson
6d84972eb8 Add a function to schedule a periodic event once, then disable it 2018-11-15 11:17:22 -05:00
Nick Mathewson
2070765c7c Use macros to make the periodic event table less verbose. 2018-11-15 11:17:22 -05:00
teor
44ced9b750 Merge branch 'bug28096-029-squashed' into bug28096-035-squashed
Move the get_uname() changes from src/common/compat.c to
src/lib/osinfo/uname.c
2018-11-15 12:23:29 +10:00
teor
2fbc58cf07 Windows: fix uname on recent Windows versions
Correctly identify Windows 8.1, Windows 10, and Windows Server 2008
and later from their NT versions.

On recent Windows versions, the GetVersionEx() function may report
an earlier Windows version than the running OS. To avoid user
confusion, add "[or later]" to Tor's version string on affected
versions of Windows.

Remove Windows versions that were never supported by the
GetVersionEx() function.

Stop duplicating the latest Windows version in get_uname().

Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.
2018-11-15 12:19:11 +10:00
Nick Mathewson
eaff47352a Make sure sandbox-related getaddrinfo() functions always exist. 2018-11-14 16:12:29 -05:00
Nick Mathewson
e420154ce7 Add an include to main.c 2018-11-14 16:07:36 -05:00
Nick Mathewson
6ca29ea409 Add libtor-buf-testing to build.rs 2018-11-14 16:07:36 -05:00
Nick Mathewson
4ecd5da306 Add .may_include to ext/timeouts. 2018-11-14 16:07:36 -05:00
Nick Mathewson
d32795bb6e Make "ext" participate in may_include.
Also, resolve a circular dependency involving the use of lib/log by
csiphash.c.
2018-11-14 16:07:36 -05:00
Nick Mathewson
e429e31ad1 Normalize .may_include to always have paths, and paths to include 2018-11-14 16:07:35 -05:00
Nick Mathewson
c0a7527eb8 Remove dependency on lib/net from lib/sandbox.
This was trivial, and the easiest way to remove the remaining
.may_include circularities.
2018-11-14 16:07:03 -05:00
Nick Mathewson
f6b8c7da66 Move buffers.c out of lib/containers to resolve a circularity. 2018-11-14 16:07:03 -05:00
Nick Mathewson
c9f9c9bc49 Make memarea use smartlist_core, not container. 2018-11-14 16:07:03 -05:00
Nick Mathewson
12175987fc Merge branch 'maint-0.3.5' 2018-11-14 15:43:49 -05:00
Nick Mathewson
d598d834f5 Merge branch 'ticket27750_034_01_squashed' into maint-0.3.5 2018-11-14 15:43:46 -05:00
David Goulet
c99f220f78 conn: Close the read side of a closing connection when write limit is reached
In conn_close_if_marked(), we can decide to keep a connection open that still
has data to flush on the wire if it is being rate limited on the write side.

However, in this process, we were also looking at the read() side which can
still have token in its bucket and thus not stop the reading. This lead to a
BUG() introduced in 0.3.4.1-alpha that was expecting the read side to be
closed due to the rate limit but which only applies on the write side.

This commit removes any bandwidth check on the read side and simply stop the
read side on the connection regardless of the bucket state. If we keep the
connection open to flush it out before close, we should not read anything.

Fixes #27750

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-14 15:42:52 -05:00
Nick Mathewson
cec58ae55c Merge branch 'maint-0.3.5' 2018-11-14 07:56:52 -05:00
Nick Mathewson
a58b19465d Merge remote-tracking branch 'teor/bug28441-035' into maint-0.3.5 2018-11-14 07:56:48 -05:00
Nick Mathewson
1043532a51 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-14 07:55:07 -05:00
Nick Mathewson
3deb01e1a4 Merge branch 'maint-0.3.5' 2018-11-14 07:55:07 -05:00
Nick Mathewson
eba989bf0e Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-14 07:55:07 -05:00
Nick Mathewson
db3acb3aa3 Work around check-spaces. 2018-11-14 07:54:57 -05:00
Martin Kepplinger
7ba1f39116 libtorrunner: fix memory leak in child() error path
This avoids leaking memory in case libtorrunner's child() function fails.
2018-11-14 07:49:51 -05:00
Nick Mathewson
586c3a7c90 Merge branch 'maint-0.3.5' 2018-11-14 07:42:56 -05:00
teor
16ca6fdfdb
log: stop talking about the Named flag in log messages
Clients have ignored the Named flag since 0.3.2.

Fixes bug 28441; bugfix on 0.3.2.1-alpha.
2018-11-14 18:16:34 +10:00
teor
9daf06d171
comment: circuit_list_path_impl() does not check Named any more 2018-11-14 18:06:14 +10:00
teor
a7aa3f76ec
comment: Fix a typo in nodes_in_same_family() 2018-11-14 18:06:05 +10:00
Nick Mathewson
a6a7a1f3ed Merge branch 'maint-0.3.5' 2018-11-13 16:48:26 -05:00