Commit Graph

1665 Commits

Author SHA1 Message Date
David Goulet
b72f5da03d Merge branch 'tor-github/pr/994'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-07 08:02:39 -04:00
Nick Mathewson
3c2648bbda Move "relay" and "router" periodic callbacks out of mainloop.c
(Some of these callbacks are specific to the OR module, so now it's
time to have an or_sys and or_periodic.)
2019-05-06 16:35:39 -04:00
Nick Mathewson
b394b5b2af Create a relay subsystem and move the shutdown functions there 2019-05-06 16:25:09 -04:00
George Kadianakis
4060b7623d Revert "Hiding crypt_path_t: Create a constructor for crypt_path_t."
This reverts commit ab8b80944967ee5a6a0c45dbf61839cf257bfe44.
2019-05-03 18:15:26 +03:00
George Kadianakis
58fbbc1409 Hiding crypt_path_t: Rename some functions to fit the crypt_path API.
Some of these functions are now public and cpath-specific so their name should
signify the fact they are part of the cpath module:

assert_cpath_layer_ok -> cpath_assert_layer_ok
assert_cpath_ok -> cpath_assert_ok
onion_append_hop -> cpath_append_hop
circuit_init_cpath_crypto -> cpath_init_circuit_crypto
circuit_free_cpath_node -> cpath_free
onion_append_to_cpath -> cpath_extend_linked_list
2019-05-03 18:15:26 +03:00
George Kadianakis
f5635989b0 Hiding crypt_path_t: Create a constructor for crypt_path_t.
We are using an opaque pointer so the structure needs to be allocated on the
heap. This means we now need a constructor for crypt_path_t.

Also modify all places initializing a crypt_path_t to use the constructor.
2019-05-03 18:15:11 +03:00
George Kadianakis
f74a80dc3b Hiding crypt_path_t: Move init functions to crypt_path.c.
This commit only moves code.
2019-05-03 18:15:00 +03:00
David Goulet
b3492d53c3 Merge branch 'tor-github/pr/984'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-03 10:56:12 -04:00
Nick Mathewson
9c3aa22740 Remove some now-needless dirauth includes 2019-05-02 09:22:13 -04:00
Nick Mathewson
a45413e7d5 Make keypin.c dirauth-only 2019-05-02 09:22:13 -04:00
Nick Mathewson
31fb4a7845 Make the bwauth.c module dirauth-only. 2019-05-02 09:22:13 -04:00
Nick Mathewson
6f42efaa59 Move voteflags.[ch] to become dirauth only.
For various reasons, this was a nontrivial movement.  There are
several places in the code where we do something like "update the
flags on this routerstatus or node if we're an authority", and at
least one where we pretended to be an authority when we weren't.
2019-05-02 09:22:13 -04:00
Nick Mathewson
996f7c75ba Make the reachability.c module dirauth-only. 2019-04-30 15:00:08 -04:00
Nick Mathewson
857bfc7033 Make the process_descs.c module dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
853942b71e Make the recommend_pkg file dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
295feeb093 Replace all remaining tor_mem_is_zero() with fast_mem_is_zero() 2019-04-30 14:49:05 -04:00
Nick Mathewson
0034f10956 Use safe_mem_is_zero in a few more places.
I don't believe any of these represent a real timing vulnerability
(remote timing against memcmp() on a modern CPU is not easy), but
these are the ones where I believe we should be more careful.
2019-04-30 14:45:58 -04:00
Taylor Yu
68caca58a8 Clean up formatting after Coccinelle
Clean up some minor formatting quirks after the Coccinelle run.
2019-04-30 13:18:46 -05:00
Taylor Yu
983452e221 Run Coccinelle for control.c refactor 2019-04-30 13:18:46 -05:00
Taylor Yu
769eb07a7a Manually fix some control replies
Manually fix up some reply-generating code that the Coccinelle scripts
won't match.  Some more complicated ones remain -- these are mostly
ones that accumulate data to send, and then call connection_buf_add()
or connection_write_str_to_buf() directly.
2019-04-30 13:18:46 -05:00
Taylor Yu
61976a4b1c Factor out control reply output
Create a set of abstractions for controller commands and events to
output replies to the control channel.  The control protocol has a
relatively consistent SMTP-like structure, so it's helpful when code
that implements control commands and events doesn't explicitly format
everything on its own.
2019-04-30 13:18:46 -05:00
Taylor Yu
482437754a Add clarifying comments to control_proto.c
Refer to control-spec.txt grammar productions in comments in
control_proto.c for clarity.
2019-04-30 13:18:46 -05:00
Taylor Yu
8e7316bae4 Split reply formatting out of control_fmt.c
Split the core reply formatting code out of control_fmt.c into
control_proto.c.  The remaining code in control_format.c deals with
specific subsystems and will eventually move to join those subsystems.
2019-04-30 13:18:46 -05:00
Taylor Yu
965c2064da Correct file name in doxygen comment 2019-04-30 13:18:46 -05:00
George Kadianakis
847fc3280d Merge branch 'maint-0.4.0' 2019-04-30 19:26:30 +03:00
George Kadianakis
e1d4e2badb Merge branch 'tor-github/pr/978' into maint-0.4.0 2019-04-30 19:26:14 +03:00
George Kadianakis
d885ed867f Merge branch 'tor-github/pr/937' 2019-04-30 19:21:46 +03:00
George Kadianakis
9084a90b00 Merge branch 'tor-github/pr/936' 2019-04-30 19:21:15 +03:00
George Kadianakis
a44aca5453 Merge branch 'tor-github/pr/993' 2019-04-30 19:13:57 +03:00
George Kadianakis
86f8dfe419 Merge branch 'tor-github/pr/983' 2019-04-30 19:13:30 +03:00
David Goulet
43c119fedb Merge branch 'tor-github/pr/980'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-30 11:50:36 -04:00
Nick Mathewson
b7cc631d23 Rename and clarify some functions for periodic events
When we tell the periodic event manager about an event, we are
"registering" that event.  The event sits around without being
usable, however, until we "connect" the event to libevent.  In the
end, we "disconnect" the event and remove its libevent parts.

Previously, we called these operations "add", "setup", and
"destroy", which led to confusion.
2019-04-30 11:14:59 -04:00
Nick Mathewson
b5a62b1ef5 Move dirauth periodic events into dirauth module.
Closes ticket 30294.
2019-04-30 11:14:59 -04:00
Nick Mathewson
821dd54586 Merge branch 'bug30316_035' into bug30316_040
Fixes conflicts and also moves bandwidth-file-digest.
2019-04-29 14:34:03 -04:00
Nick Mathewson
0ab4dc7ef7 Move bandwidth-file-headers line to appear in the correct vote section
Fixes bug 30316; bugfix on 0.3.5.1-alpha.
2019-04-29 14:31:09 -04:00
Nick Mathewson
806539b40a Use fast check for missing id in node_is_a_configured_bridge()
Fixes bug 30308; bugfix on 0.3.5.1-alpha.
2019-04-26 11:19:46 -04:00
Nick Mathewson
650b94ebc1 Use a linear algorithm to subtract two nodelists.
The nodelist_idx for each node_t serves as a unique identifier for
the node, so we can use a bitarray to hold all the excluded
nodes, and then remove them from the smartlist.

Previously use used smartlist_subtract(sl, excluded), which is
O(len(sl)*len(excluded)).

We can use this function in other places too, but this is the one
that showed up on the profiles of 30291.

Closes ticket 30307.
2019-04-26 11:04:44 -04:00
Nick Mathewson
1d44ac9acd Make nodelist_get_list() return a const pointer. 2019-04-26 10:36:49 -04:00
Nick Mathewson
efeb101b96 Merge remote-tracking branch 'tor-github/pr/889' 2019-04-25 20:25:34 -04:00
Nick Mathewson
36b4fc7437 Merge remote-tracking branch 'tor-github/pr/922' 2019-04-25 20:08:39 -04:00
Nick Mathewson
a5cced2b7a Extract keyword argument checking from argument parsing. 2019-04-25 14:13:03 -04:00
Nick Mathewson
a0299cd240 In control command api, rename "object" to "cmddata"
This makes it match control-spec.txt.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ff9ba7d6c4 expand CMD_FL_WIPE to wipe the parsed arguments too 2019-04-25 14:13:03 -04:00
Nick Mathewson
88d22b898e Simplify handler logic in control_cmd.c
Now that the legacy handlers are gone, we can simplify the
structures and macros here.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ddd33d39c7 Port the authenticate and authchallenge commands to the new parser
These two presented their own challenge, because of their use of
QString, and their distinguished handling of quoted versus
non-quoted values.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ba05324242 Move and rename decode_escaped_string()
This function decodes something different from the usual c-escaped
format.

It is only used in controller authorization.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0c0b869ba4 Use the new controller command parser for EXTENDCIRCUIT.
This command does not fit perfectly with the others, since its
second argument is optional and may contain equal signs.  Still,
it's probably better to squeeze it into the new metaformat, since
doing so allows us to remove several pieces of the old
command-parsing machinery.
2019-04-25 14:13:03 -04:00
Nick Mathewson
95afdb005c Use new parser logic for SETCONF/RESETCONF code.
Here we get to throw away a LOT of unused code, since most of the
old parsing was redundant with kvline.
2019-04-25 14:13:03 -04:00
Nick Mathewson
d8b3ec865d Update more controller commands, now that we have kvline support 2019-04-25 14:13:03 -04:00
Nick Mathewson
9471391694 Add kvline support to controller command parser.
This should let us handle all (or nearly all) of the remaining
commands.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0841a69357 Allow kvlines in control commands. 2019-04-25 14:13:03 -04:00
Nick Mathewson
01b07c548b Use parsing code for the simpler controller commands.
(This should be all of the command that work nicely with positional
arguments only.)

Some of these commands should probably treat extra arguments as
incorrect, but for now I'm trying to be careful not to break
any existing users.
2019-04-25 14:13:03 -04:00
Nick Mathewson
dbfe1a14e4 When parsing a multiline controller command, be careful with linebreaks
The first line break in particular was mishandled: it was discarded
if no arguments came before it, which made it impossible to
distinguish arguments from the first line of the body.

To solve this, we need to allocate a copy of the command rather than
using NUL to separate it, since we might have "COMMAND\n" as our input.

Fixes ticket 29984.
2019-04-25 14:13:03 -04:00
Nick Mathewson
f18b7dc473 Extract the argument-splitting part of control.c's parser
This is preliminary work for fixing 29984; no behavior has changed.
2019-04-25 14:13:03 -04:00
Nick Mathewson
de70eebc65 Start on a command-parsing tool for controller commands.
There _is_ an underlying logic to these commands, but it isn't
wholly uniform, given years of tweaks and changes.  Fortunately I
think there is a superset that will work.

This commit adds a parser for some of the most basic cases -- the
ones currently handled by getargs_helper() and some of the
object-taking ones.  Soon will come initial tests; then I'll start using
the parser.

After that, I'll expand the parser to handle the other cases that come
up in the controller protocol.
2019-04-25 14:13:03 -04:00
George Kadianakis
974c2674eb Merge branch 'maint-0.4.0' 2019-04-25 15:47:07 +03:00
George Kadianakis
a39789a02c Merge branch 'tor-github/pr/960' into maint-0.4.0 2019-04-25 15:46:45 +03:00
Alexander Færøy
0429072495 Lower log level of unlink() errors in networkstatus_set_current_consensus().
In this patch we lower the log level of the failures for the three calls
to unlink() in networkstatus_set_current_consensus(). These errors might
trigger on Windows because the memory mapped consensus file keeps the
file in open state even after we have close()'d it. Windows will then
error on the unlink() call with a "Permission denied" error.

The consequences of ignoring these errors is that we leave an unused
file around on the file-system, which is an easier way to fix this
problem right now than refactoring networkstatus_set_current_consensus().

See: https://bugs.torproject.org/29930
2019-04-25 01:59:37 +02:00
teor
3d89f0374a
hs_config: Allow Tor to be configured as an IPv6-only v3 single onion service
Part of #23588.
2019-04-24 17:29:18 +10:00
Neel Chauhan
b65f8c419a
Add firewall_choose_address_ls() and hs_get_extend_info_from_lspecs() tests 2019-04-24 17:28:38 +10:00
Neel Chauhan
2618347657
Use fascist_firewall_choose_address_ls() in hs_get_extend_info_from_lspecs() 2019-04-24 17:28:34 +10:00
Nick Mathewson
8bea0c2fa3 Rename outvar to follow _out convention. 2019-04-23 14:14:17 -04:00
Nick Mathewson
475ac11bc1 Merge remote-tracking branch 'tor-github/pr/935' 2019-04-23 14:11:04 -04:00
Neel Chauhan
2ab19a48c2 Initialize rate_limited in hs_pick_hsdir() to false 2019-04-19 09:50:54 -04:00
Neel Chauhan
efde686aa5 Only set rate_limited in hs_pick_hsdir() if rate_limited_count or responsible_dirs_count is greater than 0 2019-04-19 09:21:20 -04:00
Neel Chauhan
144bc5026e Initialize rate_limited to false in directory_get_from_hs_dir() 2019-04-19 09:17:29 -04:00
Neel Chauhan
943559b180 Make rate_limited and is_rate_limited a bool 2019-04-19 08:33:00 -04:00
teor
231036a110
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-04-19 12:00:41 +10:00
George Kadianakis
78223ab0fc Merge branch 'tor-github/pr/938' 2019-04-18 13:23:32 +03:00
George Kadianakis
d867b7ae1d Merge branch 'maint-0.4.0' 2019-04-18 13:22:23 +03:00
George Kadianakis
6a179b1072 Merge branch 'tor-github/pr/891' into maint-0.4.0 2019-04-18 13:21:59 +03:00
Nick Mathewson
950d890f77 In warn_if_nul_found, log surrounding context.
We need to encode here instead of doing escaped(), since fwict
escaped() does not currently handle NUL bytes.

Also, use warn_if_nul_found in more cases to avoid duplication.
2019-04-15 15:33:09 -04:00
Nick Mathewson
0c42ddf28c fixup! Even more diagnostic messages for bug 28223.
Use TOR_PRIuSZ in place of %zu.
2019-04-15 15:21:18 -04:00
Neel Chauhan
cc87acf29b Remove unused get_options() 2019-04-14 14:51:42 -04:00
Nick Mathewson
e9ca904dbf Define two more commands as wipe-after-parse. 2019-04-12 08:33:27 -04:00
Nick Mathewson
f3bd0240a6 Add assertions for correct input to handle_control_command. 2019-04-12 08:33:27 -04:00
Nick Mathewson
d1f5957c4e Improve handling of controller commands
Use a table-based lookup to find the right command handler.  This
will serve as the basement for several future improvements, as we
improve the API for parsing commands.
2019-04-12 08:33:27 -04:00
George Kadianakis
7b386f2356 Merge branch 'tor-github/pr/908' 2019-04-12 13:47:08 +03:00
Neel Chauhan
398c736230 Remove unused variable in fmt_serverstatus.c 2019-04-11 22:11:27 -04:00
Neel Chauhan
994b8ba424 Update networkstatus_getinfo_by_purpose() comment 2019-04-11 21:36:38 -04:00
Neel Chauhan
14d7008045 Stop setting routers as running in list_server_status_v1() 2019-04-11 21:30:48 -04:00
Neel Chauhan
c07d854772 Remove callback for setting bridges as running 2019-04-11 21:28:35 -04:00
Neel Chauhan
4172dcaa62 Move code for setting bridges as running to voteflags.c 2019-04-11 20:44:30 -04:00
Nick Mathewson
66b07e7ec1 Add an assertion to num_ntors_per_tap().
This should please coverity, and fix CID 1415721.  It didn't
understand that networkstatus_get_param() always returns a value
between its minimum and maximum values.
2019-04-11 18:44:10 -04:00
Nick Mathewson
96e310911f Add an assertion to compute_weighted_bandwidths()
This should please coverity, and fix CID 1415722.  It didn't
understand that networkstatus_get_param() always returns a value
between its minimum and maximum values.
2019-04-11 18:41:38 -04:00
Nick Mathewson
55690d05bd Add an assertion to pathbias_get_scale_ratio()
This should please coverity, and fix CID 1415723.  It didn't understand
that networkstatus_get_param() always returns a value between its
minimum and maximum values.
2019-04-11 18:38:59 -04:00
Nick Mathewson
7c98105d56 On failure to create extend info for an introduction point, don't leak.
This is CID 1438152.  No backport needed: this path is already
inside a BUG() guard.
2019-04-11 17:35:19 -04:00
Neel Chauhan
011307dd5f Make repeated/rate limited HSFETCH queries fail with QUERY_RATE_LIMITED 2019-04-11 15:21:17 -04:00
teor
ce9b101574
bwauth: update measured bandwidth file comments
We forgot to update function header comments and code comments when we
made changes in 0.3.5.1-alpha and later.

Closes 30112.
2019-04-10 15:57:54 +10:00
teor
3d45079c27
Merge branch 'maint-0.4.0' 2019-04-09 11:36:59 +10:00
teor
92e8bdf296
Merge remote-tracking branch 'tor-github/pr/892' into maint-0.4.0 2019-04-09 11:35:41 +10:00
teor
ce5e38642d crypto_format: Remove the return value from ed25519_signature_to_base64()
Also remove all checks for the return value, which were redundant anyway,
because the function never failed.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
e3124fef54 crypto_format: Remove the return value from curve25519_public_to_base64()
And fix the documentation on the function: it does produce trailing
"="s as padding.

Also remove all checks for the return value, which were redundant anyway,
because the function never failed.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
7d513a5d55 crypto_format: Remove the return values from digest256_to_base64()
... and ed25519_public_to_base64(). Also remove all checks for the return
values, which were redundant anyway, because the functions never failed.

Part of 29960.
2019-04-05 15:17:19 +10:00
Nick Mathewson
0e7b34354a Merge branch 'maint-0.4.0' 2019-04-04 20:27:04 -04:00
Nick Mathewson
d016bbaa7d Merge branch 'bug29959_040_squashed' into maint-0.4.0 2019-04-04 20:26:47 -04:00
teor
8e961b2174 bwauth: Actually include the bandwidth-file-digest in authority votes
Fixes bug 29959; bugfix on 0.4.0.2-alpha.
2019-04-04 20:26:09 -04:00
Neel Chauhan
d4d77b277e Stop setting bridges running in networkstatus_getinfo_by_purpose() 2019-04-03 15:27:33 -04:00
Nick Mathewson
5613968d57 Improve logging for 28614.
When we fixed 28614, our answer was "if we failed to load the
consensus on windows and it had a CRLF, retry it."  But we logged
the failure at "warn", and we only logged the retry at "info".

Now we log the retry at "notice", with more useful information.

Fixes bug 30004.
2019-04-03 14:30:56 -04:00
Nick Mathewson
99b87d7ca4 Even more diagnostic messages for bug 28223.
Try to figure out _where exactly_ we are first encountering NULs in
microdescriptors, and what we are doing when that happens.
2019-04-03 13:53:06 -04:00
George Kadianakis
0b6769a99e Merge branch 'maint-0.4.0' 2019-04-03 17:59:46 +03:00
Nick Mathewson
367dd9cf02 30001: Fix a race condition in test_dir_handle_get.c
Previously we used time(NULL) to set the Expires: header in our HTTP
responses.  This made the actual contents of that header untestable,
since the unit tests have no good way to override time(), or to see
what time() was at the exact moment of the call to time() in
dircache.c.

This gave us a race in dir_handle_get/status_vote_next_bandwidth,
where the time() call in dircache.c got one value, and the call in
the tests got another value.

I'm applying our regular solution here: using approx_time() so that
the value stays the same between the code and the test.  Since
approx_time() is updated on every event callback, we shouldn't be
losing any accuracy here.

Fixes bug 30001. Bug introduced in fb4a40c32c4a7e5; not in any
released Tor.
2019-04-03 10:16:18 -04:00
teor
194b25f0c7
dircache: Refactor handle_get_next_bandwidth() to use connection_dir_buf_add()
Implements ticket 29897.
2019-03-29 17:26:30 +10:00
George Kadianakis
989b6325d6 Merge branch 'tor-github/pr/842' 2019-03-26 16:41:07 +02:00
George Kadianakis
d11976b8bd Merge branch 'tor-github/pr/709' 2019-03-26 15:34:54 +02:00
George Kadianakis
2790ee3685 Merge branch 'maint-0.4.0' 2019-03-26 15:16:37 +02:00
George Kadianakis
06951cb3fc Merge branch 'tor-github/pr/847' into maint-0.4.0 2019-03-26 15:16:21 +02:00
teor
0642650865
Merge branch 'maint-0.4.0' 2019-03-26 19:16:06 +10:00
teor
4258728d56
Merge remote-tracking branch 'tor-github/pr/852' into maint-0.4.0 2019-03-26 19:15:46 +10:00
juga0
892b918b66
bwauth: remove declaring args, they are now in use 2019-03-26 17:41:13 +10:00
juga0
7627134743
bwauth: increment bw file cache lifetime
Increment bw file cache lifetime when serving it by HTTP.
And add a constant to define that lifetime.
2019-03-26 17:41:02 +10:00
juga0
4d3502e45b
bwauth: check and use compression serving bw file 2019-03-26 17:40:58 +10:00
juga0
b75e2539f9
bwauth: check if a bw file could be read
Before serving it by HTTP.
2019-03-26 17:40:54 +10:00
juga0
ee09e5d7ea
bwauth: use flag to do not warn when file is missing
Use flag to do not warn when the bandwidth file is missing trying
to serve it by http.
Also remove double space in the assignement.
2019-03-26 17:40:50 +10:00
juga0
3eacae42b2
Serve bandwidth file used in the next vote
When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve this
bandwidth file at /tor/status-vote/next/bandwidth.z.
2019-03-26 17:40:45 +10:00
teor
3d38d0ca24
Merge branch 'maint-0.4.0' 2019-03-26 16:57:04 +10:00
teor
828033001b
Merge remote-tracking branch 'tor-github/pr/848' into maint-0.4.0 2019-03-26 16:56:45 +10:00
teor
b76ae3898d
Merge branch 'ticket29806_035_squashed_merged' into ticket29806_040_squashed_merged 2019-03-26 11:48:52 +10:00
Nick Mathewson
61cebb2035 Minimize the includes in control.c 2019-03-25 14:14:56 -04:00
Nick Mathewson
2917ecaa97 Split command-handling and authentication from control.c 2019-03-25 14:06:56 -04:00
Nick Mathewson
4754e9058b Split getinfo handling into a new control_getinfo.c 2019-03-25 12:49:24 -04:00
Nick Mathewson
a49f506e05 Split all controller events code into a new control_events.c
Also, split the formatting code shared by control.c and
control_events.c into controller_fmt.c.
2019-03-25 12:11:59 -04:00
teor
d4d541c53c
Merge remote-tracking branch 'tor-github/pr/785' 2019-03-25 14:01:20 +10:00
teor
15900ab70f
Merge remote-tracking branch 'tor-github/pr/819' 2019-03-22 13:10:47 +10:00
teor
3adb689fbc
Merge branch 'ticket29806_034_squashed' into ticket29806_035_squashed_merged
Copy and paste the vote=0 code from the old src/or/dirserv.c
to the new src/feature/dirauth/bwauth.c.
2019-03-21 12:04:30 +10:00
George Kadianakis
bc64fb4e33
circpad: Don't pad if Tor is in dormant mode.
This is something we should think about harder, but we probably want dormant
mode to be more powerful than padding in case a client has been inactive for a
day or so. After all, there are probably no circuits open at this point and
dormant mode will not allow the client to open more circuits.

Furthermore, padding should not block dormant mode from being activated, since
dormant mode relies on SocksPort activity, and circuit padding does not mess
with that.
2019-03-21 10:29:04 +10:00
teor
41cd05562f
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-03-20 09:48:03 +10:00
Nick Mathewson
677384e276 Merge branch 'maint-0.4.0' 2019-03-15 08:59:30 -04:00
Nick Mathewson
1547fd99a6 Merge branch 'bug28656_035_squashed' into maint-0.4.0 2019-03-15 08:59:19 -04:00
teor
532f4c9103 Stop logging a BUG() warning when tor is waiting for exit descriptors
Fixes bug 28656; bugfix on 0.3.5.1-alpha.
2019-03-15 08:57:28 -04:00
Nick Mathewson
065b74fa36 Fix all nonconformant headers' guard macros. 2019-03-12 15:20:22 -04:00
Nick Mathewson
61adcb22c5 Merge branch 'bug23576-041-rebased-squashed' 2019-03-12 11:10:01 -04:00
teor
680b2afd84 hs: abolish hs_desc_link_specifier_dup()
The previous commits introduced link_specifier_dup(), which is
implemented using trunnel's opaque interfaces. So we can now
remove hs_desc_link_specifier_dup().

Cleanup after bug 22781.
2019-03-12 11:09:53 -04:00
teor
bb98bc8562 hs: abolish hs_desc_link_specifier_t
The previous commits for 23576 confused hs_desc_link_specifier_t
and link_specifier_t. Removing hs_desc_link_specifier_t fixes this
confusion.

Fixes bug 22781; bugfix on 0.3.2.1-alpha.
2019-03-12 11:09:53 -04:00
Nick Mathewson
1c9b629284 Merge branch 'maint-0.4.0' 2019-03-12 11:03:47 -04:00
Nick Mathewson
9c9214f2c9 Merge remote-tracking branch 'tor-github/pr/776' into maint-0.4.0 2019-03-12 11:03:37 -04:00
David Fifield
4578c3eb21 Set TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports too.
Closes #25614.
2019-03-05 15:24:31 +01:00
George Kadianakis
fe2552ad65 Merge branch 'tor-github/pr/739' 2019-03-04 18:52:19 +02:00
Nick Mathewson
d5f6137547 Merge branch 'maint-0.4.0' 2019-02-28 11:22:06 -05:00
Nick Mathewson
dc19d65c3b Merge remote-tracking branch 'tor-github/pr/728' into maint-0.4.0 2019-02-28 11:20:26 -05:00
Neel Chauhan
c142e3d1e6 Set CIRCLAUNCH_NEED_UPTIME in rend_service_relaunch_rendezvous() on a hs_service_requires_uptime_circ() 2019-02-27 17:37:10 -05:00
David Goulet
2a44ee9b8c Merge branch 'maint-0.4.0' 2019-02-26 11:25:16 -05:00
David Goulet
a5dd41b9af Merge branch 'tor-github/pr/638' into maint-0.4.0 2019-02-26 11:24:43 -05:00
Alexander Færøy
aa360b255b Fix crash bug in PT subsystem.
This patch fixes a crash bug (assertion failure) in the PT subsystem
that could get triggered if the user cancels bootstrap via the UI in
TorBrowser. This would cause Tor to call `managed_proxy_destroy()` which
called `process_free()` after it had called `process_terminate()`. This
leads to a crash when the various process callbacks returns with data
after the `process_t` have been freed using `process_free()`.

We solve this issue by ensuring that everywhere we call
`process_terminate()` we make sure to detach the `managed_proxy_t` from
the `process_t` (by calling `process_set_data(process, NULL)`) and avoid
calling `process_free()` at all in the transports code. Instead we just
call `process_terminate()` and let the process exit callback in
`managed_proxy_exit_callback()` handle the `process_free()` call by
returning true to the process subsystem.

See: https://bugs.torproject.org/29562
2019-02-26 15:43:09 +01:00
George Kadianakis
57d33b5786 Merge branch 'tor-github/pr/698' 2019-02-26 12:35:14 +02:00
George Kadianakis
7fbfdf2af7 Merge branch 'tor-github/pr/611' 2019-02-26 12:33:23 +02:00
Nick Mathewson
69238ca2da Merge remote-tracking branch 'tor-github/pr/646' 2019-02-24 17:17:16 -05:00
Neel Chauhan
df8ad64735 When a DirAuth checks reachability on itself and has IPv6, mark it as reachable 2019-02-22 13:36:02 -05:00
David Goulet
a30f17f72f Merge branch 'tor-github/pr/696' 2019-02-20 11:29:55 -05:00
Roger Dingledine
249319ec5d fix typos from #28614 2019-02-20 10:32:47 -05:00
teor
51f59f213e router: Add some missing #endif comments 2019-02-19 21:54:30 +10:00
teor
0c0f215822 routerkeys: Log failures at info-level in make_tap_onion_key_crosscert() 2019-02-19 21:54:13 +10:00
teor
8e5df40018 test_dir: Test rsa + ed25519 extrainfo creation and parsing
Also fix a missing mock in rsa-only parsing.
2019-02-19 21:44:41 +10:00
teor
53b49d1a35 test_dir: Unit tests for RSA-only router and extrainfo descriptor creation
Tests 29017 and 29018.
2019-02-19 21:44:40 +10:00
teor
a9f852a0f6 router: Document the additional config and state used to dump descriptors
Also, explicitly state when routerinfos and extra-infos are signed.
And tidy up some other comments.

Preparation for testing 29017 and 20918.
2019-02-19 21:43:07 +10:00
teor
a1f8558628 router: Move extrainfo signing into its own function
This refactoring improves the structure of router_build_fresh_descriptor().

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
9cab988696 router: eliminate router_update_info_send_unencrypted()
Remove router_update_info_send_unencrypted(), and move its code into the
relevant functions.

Then, re-use an options pointer.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
af0a43be2c router: eliminate tiny router_build_fresh_descriptor() static functions
Remove some tiny static functions called by router_build_fresh_descriptor(),
and move their code into more relevant functions.

Then, give router_update_{router,extra}info_descriptor_body identical layouts.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
a65c101973 router: check for NULL in router_build_fresh_descriptor() static functions
Make sure that these static functions aren't passed NULL.
If they are, log a BUG() warning, and return an error.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
f19b64dce9 router: refactor router_build_fresh_descriptor() static function interfaces
Tidy the arguments and return values of these functions, and clean up their
memory management.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:36 +10:00
teor
6c5a506cdb router: split router_build_fresh_descriptor() into static functions
Split the body of router_build_fresh_descriptor() into static functions,
by inserting function prologues and epilogues between existing sections.

Write a new body for router_build_fresh_descriptor() that calls the new
static functions.

Initial refactor with no changes to the body of the old
router_build_fresh_descriptor(), except for the split.

Preparation for testing 29017 and 20918.
2019-02-19 19:05:43 +10:00
teor
a798bd40fb stats: Stop reporting statistics when ExtraInfoStatistics is 0
When ExtraInfoStatistics is 0, stop including bandwidth usage statistics,
GeoIPFile hashes, ServerTransportPlugin lines, and bridge statistics
by country in extra-info documents.

Fixes bug 29018; bugfix on 0.2.4.1-alpha (and earlier versions).
2019-02-19 19:01:44 +10:00
teor
361738c964 Merge branch 'bug29017-033' into bug29017-master-merge 2019-02-19 18:59:16 +10:00
Roger Dingledine
94f7e53d04 fix a bootstrapping string typo
introduced in 85542ee5

next step is to fix it in torspec too
2019-02-17 16:56:13 -05:00
George Kadianakis
9bfe4ed6dd Merge branch 'tor-github/pr/536' into maint-0.3.5 2019-02-14 17:39:34 +02:00
juga0
ec7da50ab4 dirvote: Add the bandwidth file digest in the vote 2019-02-13 12:26:00 +00:00
juga0
28490fa23e test: Add test to get the digest of a bw file 2019-02-13 12:26:00 +00:00
juga0
fc3e90a7b6 bwauth: Add function to get the digest of a bw file 2019-02-13 12:26:00 +00:00
David Goulet
95e5f8fe03 Merge branch 'tor-github/pr/671' 2019-02-12 13:02:30 -05:00
Nick Mathewson
72b978c3a5 On windows, if we fail to load a consensus and it has a CRLF, retry.
Fixes bug 28614; bugfix on 0.4.0.1-alpha when we started mmapping
the consensus.
2019-02-12 12:57:33 -05:00
rl1987
4c10221332 Use compress_dir_buf_add() function in a few places 2019-02-09 16:46:31 +02:00
Nick Mathewson
7f59b9fb1f Merge branch 'maint-0.3.5' 2019-02-08 08:37:46 -05:00
Nick Mathewson
ab65347819 Merge branch 'ticket29040_1_changes' into maint-0.3.5 2019-02-08 08:37:43 -05:00
teor
6170d3fcf1 hs: Onion services put IPv6 addresses in service descriptors
Rewrite service_intro_point_new() to take a node_t. Since
node_get_link_specifier_smartlist() supports IPv6 link specifiers,
this refactor adds IPv6 addresses to onion service descriptors.

Part of 23576, implements 26992.
2019-01-31 07:53:22 +01:00
teor
cdda3dc484 hs: Move get_lspecs_from_node to nodelist.c
Also:
* rename to node_get_link_specifier_smartlist
* rewrite to return a smartlist
* add link_specifier_smartlist_free

Part of 23576.
2019-01-30 15:15:41 +01:00
Nick Mathewson
bbd893d6bd Write consensus files in binary mode
This will help us out on windows now that we mmap files.  Fixes part
of ticket 28614.
2019-01-29 16:18:41 +01:00
Neel Chauhan
c985940de9 Add version 3 onion service support to HSFETCH 2019-01-24 10:22:41 -05:00
Suphanat Chunhapanya
238a9080c6 hs-v3: add an option param to safe log functions
We add an option param to safe_str and safe_str_client because in
some case we need to use those functions before global_options is set.
2019-01-24 04:31:18 +07:00
Suphanat Chunhapanya
8de735f068 hs-v3: fix use after free in client auth config
We accidentally use `auth` after freeing it in
client_service_authorization_free. The way to solve it is to
free after using it.
2019-01-24 04:31:07 +07:00
Nick Mathewson
adeeb8841e Merge branch 'maint-0.3.5' 2019-01-23 11:18:14 -05:00
rl1987
712a622fce Log an HSDesc we failed to parse at Debug loglevel 2019-01-23 10:37:10 -05:00
Nick Mathewson
d1af4d65df Merge branch 'maint-0.3.5' 2019-01-18 12:25:08 -05:00
Nick Mathewson
a8580a6836 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-01-18 12:25:08 -05:00
Nick Mathewson
f632335feb Fix users of base32_decode to check for expected length in return.
Also, when we log about a failure from base32_decode(), we now
say that the length is wrong or that the characters were invalid:
previously we would just say that there were invalid characters.

Follow-up on 28913 work.
2019-01-17 13:32:19 -05:00
Nick Mathewson
77712a5fa2 Merge remote-tracking branch 'tor-github/pr/645' 2019-01-17 12:04:50 -05:00
Nick Mathewson
2f683465d4 Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
Nick Mathewson
efe55b8898 Bump copyright date to 2019. 2019-01-16 12:32:32 -05:00
Nick Mathewson
b169c8c14f Merge remote-tracking branch 'asn-github/adaptive_padding-final' 2019-01-14 14:48:00 -05:00
Nick Mathewson
691dec5d46 Merge branch 'maint-0.3.5' 2019-01-14 14:02:42 -05:00
rl1987
9d9e71824c Rework rep_hist_log_link_protocol_counts() 2019-01-14 14:01:55 -05:00
Alexander Færøy
59a88b3c3a Rename TYPE to TRANSPORT in PT STATUS messages.
See: https://bugs.torproject.org/28181
2019-01-14 18:35:13 +01:00
Nick Mathewson
d21fa48cac Merge branch 'maint-0.3.5' 2019-01-11 18:53:24 -05:00
Nick Mathewson
efd765a948 Merge remote-tracking branch 'tor-github/pr/563' into maint-0.3.5 2019-01-11 18:53:18 -05:00
Nick Mathewson
2f0e187191 Merge remote-tracking branch 'tor-github/pr/627' 2019-01-09 15:46:14 -05:00
Nick Mathewson
578a93bbbc Merge branch 'ticket28843' 2019-01-09 09:49:25 -05:00
Nick Mathewson
d890ec29aa Merge branch 'maint-0.3.5' 2019-01-09 09:35:40 -05:00
rl1987
380ae2b74b Stop logging 'Your Guard' in circpathbias.c 2019-01-09 09:35:36 -05:00
Nick Mathewson
3df1d29d9b Merge branch 'bug28591_035_squashed' 2019-01-09 09:33:31 -05:00
teor
44db455cc8 Dir: allow directory mirrors to serve future consensuses
When Tor's clock is behind the clocks on the authorities, allow Tor to
serve future consensuses.

Fixes bug 28654; bugfix on 0.3.0.1-alpha.
2019-01-09 09:32:28 -05:00
Nick Mathewson
f9a7701ff1 Merge branch 'ticket28856_v2' 2019-01-09 08:46:40 -05:00
Taylor Yu
7e75311714 Fix typo in bootstrap message
The message for the "ap_conn_proxy" bootstrap status tag was missing
some text.  Fixes bug 28929.  Bug not in any released Tor.
2019-01-04 17:27:28 -06:00
Nick Mathewson
98a1b8770c Merge branch 'maint-0.3.5' 2019-01-03 21:34:43 -05:00
Nick Mathewson
c75cf802d3 Merge branch 'ticket28879' into maint-0.3.5 2019-01-03 21:34:35 -05:00
Nick Mathewson
a7cbbf279e Merge branch 'ticket28852' 2019-01-03 21:31:08 -05:00
rl1987
dbf1725a13 Completely remove 'GETINFO status/version/num-{concurring,versioning}' 2019-01-03 10:36:38 +02:00
George Kadianakis
926fc93be5 Concentrate all TOR_USEC_PER_SEC definitions in a single header file.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
Mike Perry
8ad497bb57 Config option to specify specific MiddleNodes.
Hope is this will make it easier to test on the live tor network.

Does not need to be merged if we don't want to, but will come in handy
for researchers.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:25:55 +02:00
Mike Perry
659a4f06d4 Circuit padding ProtoVer plumbing.
This helps us to determine if a middle node can pad to us or not.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:16 +02:00
Mike Perry
70e9245f6f Initialize circuit padding machines and global state.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:13 +02:00
Taylor Yu
85542ee5a0 The big bootstrap phase redefinition
Redefine the set of bootstrap phases to allow display of finer-grained
progress in the early connection stages of connecting to a relay.

This includes adding intermediate phases for proxy and PT connections.

Also add a separate new phase to indicate obtaining enough directory
info to build circuits so we can report that independently of actually
initiating an ORCONN to build the first application circuit.
Previously, we would claim to be connecting to a relay when we had
merely finished obtaining directory info.

Part of ticket 27167.
2018-12-21 14:15:35 -05:00
Taylor Yu
936c93e562 Hook up control_event_bootstrap() to btrack_orconn
Replace a few invocations of control_event_bootstrap() with calls from
the bootstrap tracker subsystem.  This mostly leaves behavior
unchanged.  The actual behavior changes come in the next commit.

Part of ticket 27167.
2018-12-21 14:15:35 -05:00
Taylor Yu
9d29abb34e Add a comment about bto_update_best. 2018-12-21 14:15:21 -05:00
Taylor Yu
b0ae6a332a Add bootstrap tracker subsystem
Add a tracker for bootstrap progress, tracking events related to
origin circuit and ORCONN states.  This uses the ocirc_event and
orconn_event publish-subscribe subsystems.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
a0b4fa1f16 Add origin circuit event pubsub system
Add a publish-subscribe subsystem to publish messages about changes to
origin circuits.

Functions in circuitbuild.c and circuitlist.c publish messages to this
subsystem.

Move circuit event constants out of control.h so that subscribers
don't have to include all of control.h to take actions based on
messages they receive.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
271b50f54a Add ORCONN event pubsub system
Add a publish-subscribe subsystem to publish messages about changes to
OR connections.

connection_or_change_state() in connection_or.c and
control_event_or_conn_event() in control.c publish messages to this
subsystem via helper functions.

Move state constants from connection_or.h to orconn_state.h so that
subscribers don't have to include all of connection_or.h to take
actions based on changes in OR connection state.  Move event constants
from control.h for similar reasons.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Alexander Færøy
ab0d7d2dd4 Escape the PT K/V data before sending it to the logger.
See: https://bugs.torproject.org/28846
2018-12-20 19:05:50 +01:00
Nick Mathewson
a517daa56f base32_decode(): Return number of bytes written on success.
This makes it consistent with base64_decode().

Closes ticket 28913.
2018-12-20 08:36:25 -05:00
Alexander Færøy
4efe4cc2f9 Add support for STATUS messages from Pluggable Transports.
This patch adds support for the new STATUS message that PT's can emit
from their standard out. The STATUS message uses the `config_line_t` K/V
format that was recently added in Tor.

See: https://bugs.torproject.org/28846
2018-12-20 03:55:02 +01:00
Alexander Færøy
426c52b377 Use K/V parser to handle LOG messages for pluggable transports.
This patch changes the LOG pluggable transport message to use the recent
K/V parser that landed in Tor. This allows PT's to specify the log
severity level as well as the message. A mapping between the PT log
severity levels and Tor's log serverity level is provided.

See: https://bugs.torproject.org/28846
2018-12-20 03:41:28 +01:00
Nick Mathewson
bb091da1e7 Merge branch 'ticket28839_v2_squashed' 2018-12-18 18:59:05 -05:00
Nick Mathewson
7113a339dc Avoid a needless decode/re-encode step in assigning onion keys
Previously we had decoded the asn.1 to get a public key, and then
discarded the asn.1 so that we had to re-encode the key to store it
in the onion_pkey field of a microdesc_t or routerinfo_t.

Now we can just do a tor_memdup() instead, which should be loads
faster.
2018-12-18 18:58:08 -05:00
Nick Mathewson
0556942284 Use a single path for all PEM-like objects in get_next_token()
Previously, we would decode the PEM wrapper for keys twice: once in
get_next_token, and once later in PEM decode.  Now we just do all of
the wrapper and base64 stuff in get_next_token, and store the
base64-decoded part in the token object for keys and non-keys alike.

This change should speed up parsing slightly by letting us skip a
bunch of stuff in crypto_pk_read_*from_string(), including the tag
detection parts of pem_decode(), and an extra key allocation and
deallocation pair.

Retaining the base64-decoded part in the token object will allow us
to speed up our microdesc parsing, since it is the asn1 portion that
we actually want to retain.
2018-12-18 18:58:08 -05:00
Nick Mathewson
c61cd5775c Revert "Log bootstrap tag names"
This reverts commit 1b855af5e3.
2018-12-18 08:09:43 -05:00
Nick Mathewson
e969d9c6b4 Merge branch 'ticket28179_squashed' into ticket28179_squashed_merged 2018-12-17 16:41:01 -05:00
Alexander Færøy
651cdd05b7 Add an additional space when we check for the PROTO_LOG handler.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
cacdd29087 Use const char * instead of char * for line parameter for process callbacks.
This patch changes the type definition of the process callbacks to use
`const char *` instead of `char *`.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ec2ae3ed8b Change EVENT_TRANSPORT_LOG to EVENT_PT_LOG.
This patch changes our EVENT_TRANSPORT_LOG event to be EVENT_PT_LOG. The
new message includes the path to the PT executable instead of the
transport name, since one PT binary can include multiple transport they
sometimes might need to log messages that are not specific to a given
transport.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
5585cbd08f Change the Process exit_callback to return bool.
This patch changes our process_t's exit_callback to return a boolean
value.  If the returned value is true, the process subsystem will call
process_free() on the given process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ccc1963890 Move remaining code from subprocess.{h,c} to more appropriate places.
This patch moves the remaining code from subprocess.{h,c} to more
appropriate places in the process.c and process_win32.c module.

We also delete the now empty subprocess module files.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
f7d13425fc Delete old process_handle_t code.
This patch removes the old process_handle_t code. Everything should by
now be using the process_t interface.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e3ceaebba2 Add support for logging messages from pluggable transports.
This patch adds support for the "LOG" protocol message from a pluggable
transport. This allows pluggable transport developers to relay log
messages from their binary to Tor, which will both emit them as log
messages from the Tor process itself, but also pass them on via the
control port.

See: https://bugs.torproject.org/28180
See: https://bugs.torproject.org/28181
See: https://bugs.torproject.org/28182
2018-12-17 16:39:28 -05:00
Alexander Færøy
bfb94dd2ca Use process_t for managed proxies.
This patch makes the managed proxy subsystem use the process_t data
structure such that we can get events from the PT process while Tor is
running and not just when the PT process is being configured.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Nick Mathewson
16199a54a2 Check hostname before using it in send_resolved_hostname_cell()
Also, turn an absent hostname into a BUG(), not a crash.

Found by scan-build.

Closes ticket 28879; bugfix on 0.1.2.7-alpha
2018-12-17 09:15:37 -05:00
Nick Mathewson
a0fad3981e Replace use of strcmp_len() with new mem_eq_token().
The strcmp_len() function was somewhat misconceived, since we're
only using it to test whether a length+extent string is equal to a
NUL-terminated string or not.  By simplifying it and making it
inlined, we should be able to make it a little faster.

(It *does* show up in profiles.)

Closes ticket 28856.
2018-12-17 09:03:04 -05:00
Nick Mathewson
9dc53bc68f Remove a needless memset() in get_token_arguments()
I believe we originally added this for "just in case" safety, but it
isn't actually needed -- we never copy uninitialized stack here.
What's more, this one memset is showing up on our startup profiles,
so we ought to remove it.

Closes ticket 28852.
2018-12-14 14:48:12 -05:00
Nick Mathewson
6dc90d290d Use 25% less RAM for base64-encoded directory objects
We were allocating N bytes to decode an N-byte base64 encoding,
when 3N/4 would have been enough.
2018-12-14 13:51:51 -05:00
Nick Mathewson
4bc3983f64 Add a DROPOWNERSHIP controller command to undo TAKEOWNERSHIP.
Closes ticket 28843.
2018-12-13 19:35:02 -05:00
Nick Mathewson
f8dac5c900 Merge branch 'maint-0.3.5' 2018-12-13 19:01:29 -05:00
Nick Mathewson
94a7998158 Merge remote-tracking branch 'tlyu-github/ticket28731-035' into maint-0.3.5 2018-12-13 18:57:00 -05:00
Nick Mathewson
b915b6cd21 Merge remote-tracking branch 'github/prop297' 2018-12-11 09:44:57 -05:00
Nick Mathewson
ce501a529f Merge remote-tracking branch 'catalyst-github/ticket27402' 2018-12-11 09:37:41 -05:00
Taylor Yu
1b855af5e3 Log bootstrap tag names
Add the bootstrap tag name to the log messages, so people
troubleshooting connection problems can look up a symbol instead of a
number.  Closes ticket 28731.
2018-12-10 17:22:28 -06:00
Nick Mathewson
46a321fbdd Merge branch 'maint-0.3.5' 2018-12-05 10:25:12 -05:00
Nick Mathewson
967efc0d28 Merge remote-tracking branch 'tor-github/pr/546' into maint-0.3.5 2018-12-05 10:23:28 -05:00
Nick Mathewson
1eb3719a62 Merge remote-tracking branch 'public/prop298' 2018-12-05 09:43:03 -05:00
Nick Mathewson
1f95e80351 Merge branch 'prop293_squashed' 2018-12-05 09:24:51 -05:00
Nick Mathewson
a2f81b644b Write tests for mark_my_descriptor_dirty_if_too_old() 2018-12-05 09:24:45 -05:00
Nick Mathewson
ca4b86f90a Merge remote-tracking branch 'tor-github/pr/508' 2018-12-05 08:19:02 -05:00
David Goulet
cec616a0c8 hs-v3: Don't BUG() if descriptor is found on SOCKS connection retry
When retrying all SOCKS connection because new directory information just
arrived, do not BUG() if a connection in state AP_CONN_STATE_RENDDESC_WAIT is
found to have a usable descriptor.

There is a rare case when this can happen as detailed in #28669 so the right
thing to do is put that connection back in circuit wait state so the
descriptor can be retried.

Fixes #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
43bd4d7509 hs-v3: Add the helper function mark_conn_as_waiting_for_circuit
This helper function marks an entry connection as pending for a circuit and
changes its state to AP_CONN_STATE_CIRCUIT_WAIT. The timestamps are set to
now() so it can be considered as new.

No behaviour change, this helper function will be used in next commit.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
00b59d9281 conn: Use connection_ap_mark_as_waiting_for_renddesc()
Use the helper function connection_ap_mark_as_waiting_for_renddesc()
introduced in previous commit everywhere in the code where an AP connection
state is transitionned to AP_CONN_STATE_RENDDESC_WAIT.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:10:00 -05:00
Nick Mathewson
417a324a85 Make input argument const in set_routerstatus_from_routerinfo. 2018-12-03 12:34:29 -05:00
Nick Mathewson
32213fa9ad Keep list of dirauth flags in sync between dirvote.c and fuzz_vrs.c
Suggested by Teor on PR
2018-12-03 12:18:45 -05:00
Nick Mathewson
8221b5d587 Merge remote-tracking branch 'tor-github/pr/559' 2018-12-02 19:38:40 -05:00
teor
612b21b8ea
comment: replace cached-routers with cached-descriptors
cached-routers has been gone for a long time
2018-12-03 10:19:34 +10:00
Nick Mathewson
2b2b97484a Merge branch 'ticket27490a_squashed' 2018-12-01 20:32:18 -05:00
Neel Chauhan
822cb93cab Add new option ClientAutoIPv6ORPort to switch between IPv4 and IPv6 OR ports 2018-12-01 14:55:57 -05:00
Nick Mathewson
51d94cea33 Merge branch 'maint-0.3.5' 2018-12-01 11:26:55 -05:00
Nick Mathewson
7e9985b75a Merge remote-tracking branch 'tor-github/pr/536' 2018-12-01 11:24:02 -05:00
Taylor Yu
7685f8ad35 Use table lookup for bootstrap_status_to_string
It also no longer distinguishes the case of internal-only paths, which
was often wrong anyway.  Closes ticket 27402.
2018-11-30 16:54:01 -06:00
Taylor Yu
1fe6507d29 Split bootstrap event reporting out of control.c
Part of ticket 27402.
2018-11-30 16:49:44 -06:00
Neel Chauhan
d18a167ff3 sr: Switch from tor_assert() to BUG()
Closes #19566

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-30 12:16:18 -05:00
teor
7a45bc74a4 Dir: when Tor's clock is behind, use a future consensus to bootstrap
When Tor's clock is behind the clocks on the authorities, allow Tor to
bootstrap successfully.

Fixes bug 28591; bugfix on 0.2.0.9-alpha.
2018-11-29 00:50:24 +10:00
Alexander Færøy
2a3eef4404 Remove unused int pid member of managed_proxy_t.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Nick Mathewson
7d8e0cc9ab Merge branch 'dormant_v2_squashed' 2018-11-26 16:33:31 -05:00
Nick Mathewson
02843c4a4e Test for check_network_participation_callback() 2018-11-26 16:32:40 -05:00
Nick Mathewson
881b85cf32 Treat the StaleDesc flag as making our descriptor dirty.
Relay side of prop293.
2018-11-25 10:12:20 -05:00
Nick Mathewson
36f808c936 Vote on the StaleDesc flag from prop293
The StaleDesc flag tells relays that they need to upload a new
descriptor soon, or they will drop out of the consensus.
2018-11-25 10:05:13 -05:00
Nick Mathewson
7da06e43da No longer exit for missing required protocolversions on an old consensus
Specifically, if the consensus is older than the (estimted or
measured) release date for this version of tor, we assume that the
required versions may have changed in between that consensus and
this release.

Implements ticket 27735 and proposal 297.
2018-11-24 20:44:37 -05:00
Nick Mathewson
05dee063c8 Emit router families in canonical form
This patch has routers use the same canonicalization logic as
authorities when encoding their family lists.  Additionally, they
now warn if any router in their list is given by nickname, since
that's error-prone.

This patch also adds some long-overdue tests for family formatting.
2018-11-24 16:35:58 -05:00
Nick Mathewson
f82eb6269f Extract get_declared_family() into its own function.
This will help as we refactor it.
2018-11-24 12:11:40 -05:00
Nick Mathewson
0a0c612b79 Add a consensus method in which md families get canonicalized.
Implements prop298. Closes ticket 28266.
2018-11-24 12:01:09 -05:00
Nick Mathewson
d29e3a02d5 Add a function to canonicalize nodefamilies per prop298
This is the same as the regular canonical nodefamily format, except
that unrecognized elements are preserved.
2018-11-24 10:53:38 -05:00
Nick Mathewson
0e9a963b6b Revise nodefamily.c to match proposal 298
Prop298 says that family entries should be formatted with
$hexids in uppercase, nicknames in lower case, $hexid~names
truncated, and everything sorted lexically.  These changes implement
that ordering for nodefamily.c.

We don't _strictly speaking_ need to nodefamily.c formatting use
this for prop298 microdesc generation, but it seems silly to have
two separate canonicalization algorithms.
2018-11-24 10:30:15 -05:00
teor
cebc39bcd5
Test: make unit tests use a reasonably live consensus
Cleanup after 24661.
2018-11-22 16:54:46 +10:00
teor
657618ba9b
Entry Nodes: Mark outdated dirservers in reasonably live consensuses
Fixes bug 28569; bugfix on Tor 0.3.2.5-alpha.
2018-11-22 16:54:34 +10:00
teor
d1ac5613fc
Entry Nodes: Use a reasonably live consensus to select guards
Fixes bug 24661; bugfix on 0.3.0.1-alpha.
2018-11-22 16:54:22 +10:00
Nick Mathewson
34cadefe34 Merge branch 'maint-0.3.5' 2018-11-20 09:04:35 -05:00
Taylor Yu
0489288aa2 Update control_free_all() for #27169
Reset the added bootstrap tracking state introduced by ticket 27169.
Fixes bug 28524; bugfix on 0.3.5.1-alpha.
2018-11-19 15:48:08 -06:00
Nick Mathewson
48b08f0592 Merge branch 'ticket27359_v2_squashed' 2018-11-19 08:26:49 -05:00
Nick Mathewson
4f9548f893 Expose more nodelist.c functions to tests 2018-11-19 08:26:10 -05:00
Nick Mathewson
426c9561c5 Use nodefamily_t in microdescriptors.
Closes ticket 27359.
2018-11-19 08:26:10 -05:00
Nick Mathewson
83be4d2bbd Backend for compact node-family representation.
This representation is meant to save memory in microdescriptors --
we can't use it in routerinfo_t yet, since those families need to be
encoded losslessly for directory voting to work.

This representation saves memory in three ways:
   1. It uses only one allocation per family.  (The old way used a
      smartlist (2 allocs) plus one strdup per entry.)
   2. It stores identity digests in binary, not hex.
   3. It keeps families in a canonical format, memoizes, and
      reference-counts them.

Part of #27359.
2018-11-19 08:26:10 -05:00
Nick Mathewson
35558c39dd Merge remote-tracking branch 'dgoulet/ticket27471_035_02' into maint-0.3.5 2018-11-16 08:57:56 -05:00
Nick Mathewson
2c15b65381 Make the NET_PARTICIPANT role dependent on user activity
This patch implements all of 28337, except for the part where we
turn off the role if we've been idle for a long time.
2018-11-15 11:17:22 -05:00
Nick Mathewson
4bf79fa4fa Turn second_elapsed_callback into a normal periodic event. 2018-11-15 11:17:22 -05:00
Nick Mathewson
303e5c70e0 Move the responsibility for delayed shutdown into the mainloop
This is part of 28422, so we don't have to call
consider_hibernation() once per second when we're dormant.

This commit does not remove delayed shutdown from hibernate.c: it
uses it as a backup shutdown mechanism, in case the regular shutdown
timer mechanism fails for some reason.
2018-11-15 11:17:22 -05:00
Nick Mathewson
a0380b705d Move control_per_second_events() into a callback with its own role
Part of making extra-dormant mode work; closes ticket 28421.
2018-11-15 11:17:22 -05:00
Nick Mathewson
f6b8c7da66 Move buffers.c out of lib/containers to resolve a circularity. 2018-11-14 16:07:03 -05:00
Nick Mathewson
cec58ae55c Merge branch 'maint-0.3.5' 2018-11-14 07:56:52 -05:00
Nick Mathewson
a58b19465d Merge remote-tracking branch 'teor/bug28441-035' into maint-0.3.5 2018-11-14 07:56:48 -05:00
Nick Mathewson
586c3a7c90 Merge branch 'maint-0.3.5' 2018-11-14 07:42:56 -05:00
teor
16ca6fdfdb
log: stop talking about the Named flag in log messages
Clients have ignored the Named flag since 0.3.2.

Fixes bug 28441; bugfix on 0.3.2.1-alpha.
2018-11-14 18:16:34 +10:00
teor
a7aa3f76ec
comment: Fix a typo in nodes_in_same_family() 2018-11-14 18:06:05 +10:00
David Goulet
342f2b1873 Merge branch 'tor-github/pr/501' 2018-11-13 10:48:23 -05:00
David Goulet
8fb318860e Merge branch 'maint-0.3.5' 2018-11-13 10:43:03 -05:00
David Goulet
6f2151be9a Merge branch 'tor-github/pr/487' into maint-0.3.5 2018-11-13 10:37:25 -05:00
Neel Chauhan
ec93385cb2 Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" should be "usable" 2018-11-13 10:33:51 -05:00
Nick Mathewson
bf4f55a13d Merge branch 'subsystems' 2018-11-09 15:01:49 -05:00
Nick Mathewson
8e3bae566a Merge branch 'maint-0.3.5' 2018-11-07 16:27:26 -05:00
Nick Mathewson
212bd9778b Make the hibernate.c changes for systemd compile. 2018-11-07 16:27:20 -05:00
Nick Mathewson
8020d6fb05 Merge remote-tracking branch 'tor-github/pr/464' 2018-11-06 15:33:25 -05:00
Nick Mathewson
ba28704b29 Merge branch 'maint-0.3.5' 2018-11-06 15:22:11 -05:00
Nick Mathewson
c60f3ea607 Merge remote-tracking branch 'tor-github/pr/474' into maint-0.3.5 2018-11-06 15:21:45 -05:00
Nick Mathewson
6e7ff8cba0 Move the code that knows our tor version into a lowest-level lib 2018-11-05 09:22:02 -05:00
Nick Mathewson
674ef53a7e Add a warning if we can't write networkstatus-bridges
Fixes CID 1440818.
2018-11-02 13:32:43 -04:00
Nick Mathewson
18a4eaf5c1 Avoid mmap leak if we get a consensus diff we can't use.
Fixes CID 1440819; bug not in any released Tor.
2018-11-02 13:30:55 -04:00
Nick Mathewson
865514e66e Merge branch 'ticket28100_squashed' 2018-11-02 13:19:24 -04:00
Alex Xu (Hello71)
1b75de85b3 Don't overwrite the Content-Type when compressing 2018-11-02 13:19:14 -04:00
Fernando Fernandez Mancera
f60607ee96 Improve log message in hs_service.c
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-11-01 12:40:52 +02:00
Nick Mathewson
383b44553c Merge branch 'ticket24393_036_01_squashed' 2018-10-31 11:07:15 -04:00
Nick Mathewson
988d4903a3 Merge branch 'networkstatus_mmap' into networkstatus_mmap_merge 2018-10-31 09:04:12 -04:00
Nick Mathewson
a182301152 Fix memory leak (#28257, CID 1440805). 2018-10-31 08:30:48 -04:00
Neel Chauhan
067b16eae2 Check IPv6 subnets as well as IPv4 subnets where possible when choosing client paths 2018-10-30 15:02:43 -04:00
David Goulet
aa1ae1343a Merge branch 'maint-0.3.5' 2018-10-30 11:44:14 -04:00
David Goulet
488969fe9c Merge branch 'tor-github/pr/438' into maint-0.3.5 2018-10-30 11:43:54 -04:00
David Goulet
124c43704c Merge branch 'maint-0.3.5' 2018-10-30 11:37:44 -04:00
David Goulet
95559279e1 Merge branch 'tor-github/pr/415' into maint-0.3.5 2018-10-30 11:36:36 -04:00
David Goulet
cdb065d6b2 Merge branch 'maint-0.3.5' 2018-10-30 10:55:10 -04:00
Neel Chauhan
82b3a02302 Detect the onion service version and then check for invalid options unless we have set HiddenServiceVersion 2018-10-30 10:48:56 -04:00
Nick Mathewson
30d853a906 Merge remote-tracking branch 'tor-github/pr/425' 2018-10-30 09:16:55 -04:00
Nick Mathewson
fda8b5de78 Merge branch 'maint-0.3.5' 2018-10-29 15:57:31 -04:00
George Kadianakis
5c2212c734 HSv3: Correctly memwipe client auth keystream.
Wipe the whole thing, not just the size of the pointer.
2018-10-26 14:55:17 +03:00
rl1987
b7edfcbf6b In configured_nameserver_address, check if tor_addr_from_sockaddr succeeded 2018-10-26 10:26:47 +03:00
Nick Mathewson
e9ff3e7d4a Merge branch 'bug28202_033' into bug28202_035 2018-10-25 09:16:08 -04:00
Nick Mathewson
594140574e Fix remaining cases of using consensus without a len parameter.
(Thanks to cyberpunks for noting two of them!)
2018-10-24 11:06:34 -04:00
George Kadianakis
a614731144 Documentation: Move the hs_service_descriptor_t elements around.
Move the elements around to concentrate mutable and immutable elements
together. This commit changes no code, check with --color-moved.
2018-10-23 16:43:54 +03:00
George Kadianakis
df78fb2451 Documentation: Document which descriptor elements are (im)mutable. 2018-10-23 16:43:54 +03:00
George Kadianakis
29c194e022 Func rename: Make it clear that update_all_descriptors() does intro points.
With the new refresh_service_descriptor() function we had both
refresh_service_descriptor() and update_service_descriptor() which is basically
the same thing.

This commit renames update_service_descriptor() to
update_service_descriptor_intro_points() to make it clear it's not a generic
refresh and it's only about intro points.

Commit changes no code.
2018-10-23 16:43:54 +03:00
cypherpunks
f874ab2640 dircache: make dirauths reject non UTF-8 descriptors and extrainfo
Ticket #27367.
2018-10-23 00:33:51 +00:00
David Goulet
81c466c34a hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-22 16:34:41 -04:00
Roger Dingledine
7aa9fc1637 clean up a tor2web comment 2018-10-21 23:46:09 -04:00
rl1987
98cef6807e Exclude test and a supporting function when evdns_base_get_nameserver_addr() is not available 2018-10-20 20:34:08 +03:00
rl1987
d827902cb1 Unit test for DNS fallback in configure_nameservers 2018-10-20 20:34:08 +03:00
rl1987
91fa12aedc Fallback to local DNS when no other nameservers are known 2018-10-20 20:34:08 +03:00
Nick Mathewson
62401812c7 Merge remote-tracking branch 'dgoulet/ticket27471_035_02' 2018-10-18 13:01:41 -04:00
David Goulet
9ba16c4d03 hs-v3: Close client intro circuits if the descriptor is replaced
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.

Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).

The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.

Closes #27471.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
56f713b8a4 hs-v3: Always generate the descriptor cookie
It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 11:46:07 -04:00
Nick Mathewson
0a41d17c15 Merge branch 'ticket27549_035_01_squashed' 2018-10-18 10:16:30 -04:00
David Goulet
3a8f32067d hs-v3: Consolidate descriptor cookie computation code
Both client and service had their own code for this. Consolidate into one
place so we avoid duplication.

Closes #27549

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 10:16:07 -04:00
Taylor Yu
7f6c0fce46 Merge branch 'bug27800-034' into bug27800-035 2018-10-17 16:00:11 -05:00
Roger Dingledine
df78a2730c merge in some fixes i found in a sandbox 2018-10-17 13:56:41 -04:00
Neel Chauhan
f93ee8e4c4 Fix typo in comment for hs_cell_parse_introduce2() 2018-10-16 10:59:42 -04:00
Nick Mathewson
11161395af Merge branch 'maint-0.3.4' 2018-10-15 12:52:54 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
df2b46d18c Remove a double-newline and improve a comment 2018-10-14 15:33:39 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
67351f6724 Merge remote-tracking branch 'tor-github/pr/380' 2018-10-12 11:39:37 -04:00
Neel Chauhan
3cc089ce59 Add newline between hs_client_get_random_intro_from_edge() and hs_client_receive_introduce_ack() 2018-10-05 19:54:26 -04:00
Nick Mathewson
43211c3a0c Merge remote-tracking branch 'public/bug27893' 2018-10-01 12:12:33 -05:00
Nick Mathewson
c4e29001c4 Fix a bug where we would crash on --version.
Bug not in any released Tor.

test-stem would have caught this.
2018-10-01 12:01:51 -05:00
Nick Mathewson
886dc8b0a5 Remove routerparse include from files that dont use it 2018-10-01 11:35:11 -05:00
Nick Mathewson
d199348664 Remove versions.h include from routerparse.h 2018-10-01 11:22:47 -05:00
Nick Mathewson
5f9839ee42 Remove unused headers from routerparse.c 2018-10-01 11:17:33 -05:00
Nick Mathewson
35db3f8162 Extract addr-policy parsing code. 2018-10-01 11:17:19 -05:00
Nick Mathewson
95e2eb9083 Move summarize_protover_flags to versions.c 2018-10-01 10:48:55 -05:00
Nick Mathewson
4201203845 extract networkstatus parsing to its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
cd23903427 Pull detached-signatures code into dirauth. 2018-10-01 10:46:00 -05:00
Nick Mathewson
2be35f4d61 Split microdescriptor parser into its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
aff5bf5464 Remove addr_policy_assert_ok() as unused 2018-10-01 00:09:00 -05:00
Nick Mathewson
3100831762 Remove dump_distinct_digest_count()
It was disabled-by-default for ages, and it no longer compiles. I
think it's safe to call it obsolete.
2018-10-01 00:09:00 -05:00
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb012d7941 Merge remote-tracking branch 'tor-github/pr/329' 2018-09-14 09:22:23 -04:00
Nick Mathewson
b67f3b751a Merge branch 'ticket27247' 2018-09-14 09:14:12 -04:00
Nick Mathewson
88c9730817 Re-order includes to expose intptr_t to tor_api_internal.h 2018-09-14 07:11:37 -04:00
Nick Mathewson
83b8a76f0c Fix a shadowed-global warning in geoip.c
Bugfix on 5ab2110eb6b4ae9082430081cb2800018cf0dcd6; bug not in any
released Tor.
2018-09-13 17:48:33 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
rl1987
1e77376e1a Avoid calling node_get_all_orports() from node_is_a_configured_bridge()
All node_get_all_orports() does is allocate and return a smartlist
with at most two tor_addr_port_t members that match ORPort's of
node configuration. This is harmful for memory efficiency, as it
allocates the same stuff every time it is called. However,
node_is_a_configured_bridge() does not need to call it, as it
already has all the information to check if there is configured
bridge for a given node.

The new code is arranged in a way that hopefully makes each succeeding
linear search through bridge_list less likely.
2018-09-13 16:38:33 -04:00
Mike Perry
80ffedd3ca Control port call to emit a CIRC_BW event for a single circuit.
This commit only moves code. No functionality has been changed.
2018-09-13 17:44:56 +00:00
Nick Mathewson
787da5185c Merge remote-tracking branch 'onionk/strcmpstart1' 2018-09-13 13:30:53 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
bfc847255a Merge remote-tracking branch 'dgoulet/ticket27545_035_01' 2018-09-12 10:18:11 -04:00
cypherpunks
cb9fa3b04c nodelist: fix docs for networkstatus_read_cached_consensus_impl
Fix on c12d2cb2dc.
2018-09-12 14:13:03 +00:00
cypherpunks
ab91302fd0 nodelist: use strcmpstart() instead of strncmp()
in rend_parse_v2_service_descriptor.
Fix on c58675ca72
2018-09-12 14:03:06 +00:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk".
Implements 27244, and should save a bunch of RAM on clients.
2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
2018-09-11 11:43:26 -04:00
Suphanat Chunhapanya
57c82b74b4 hs-v3: Shuffle the list of authorized clients
This commit makes it that the authorized clients in the descriptor are in
random order instead of ordered by how they were read on disk.

Fixes #27545

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-11 11:23:49 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end
This is part of #27244, so that we can safely mmap consensus
documents.
2018-09-11 11:16:50 -04:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
672620901b hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 15:04:22 -04:00
Taylor Yu
687bf3ea64 Track bootstrap phase independently of progress
Track bootstrap phase (enumerated by bootstrap_status_t) independently
from the bootstrap progress (which can represent intermediate
progress).  This allows control_event_bootstrap_problem() to avoid
doing a linear search through the bootstrap progress space to find the
current bootstrap phase.
2018-09-10 13:18:32 -05:00
Taylor Yu
5733d3f71f Refactor control_event_bootstrap_core() more
Eliminate a few conditional expressions in
control_event_bootstrap_core() by overwriting the status parameter.
2018-09-10 13:18:32 -05:00
Taylor Yu
15c24d669f Refactor control_event_bootstrap() somewhat
Move the mostly-invariant part of control_event_boostrap() into a
helper control_event_bootstrap_core().  The helper doesn't modify any
state beyond doing logging and control port notifications.
2018-09-10 13:18:32 -05:00
Taylor Yu
e2988e044d Deindent much of control_event_bootstrap 2018-09-10 13:18:32 -05:00
Taylor Yu
eee62e13d9 Make control_event_bootstrap() return void
Simplify control_event_bootstrap() by making it return void again.  It
is currently a fairly complicated function, and it's made more
complicated by returning an int to signal whether it logged at NOTICE
or INFO.

The callers conditionally log messages at level NOTICE based on this
return value.  Change the callers to unconditionally log their verbose
human-readable messages at level INFO to keep NOTICE logs less
cluttered.

This partially reverts the changes of #14950.
2018-09-10 13:18:32 -05:00
George Kadianakis
34a2cbb249 Address coverity warnings (CID 1439133/1439132).
>>>>    CID 1439133:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.

>>>>    CID 1439132:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.
2018-09-10 16:54:19 +03:00
Nick Mathewson
33a0c619a8 Do not store cached_dir_t for consensus in RAM if not a dircache.
There are three reasons we use a cached_dir_t to hold a consensus:
  1. to serve that consensus to a client
  2. to apply a consensus diff to an existing consensus
  3. to send the consensus to a controller.

But case 1 is dircache-only.  Case 2 and case 3 both fall back to
networkstatus_read_cached_consensus().  So there's no reason for us
to store this as a client.  Avoiding this saves about 23% of our RAM
usage, according to our experiments last month.

This is, semantically, a partial revert of e5c608e535.

Fixes bug 27247; bugfix on 0.3.0.1-alpha.
2018-09-07 19:48:56 -04:00
Nick Mathewson
95060eacae Use networkstatus_read_cached_consensus() for GETINFO
We already had fallback code for "dir/status-vote/current/consensus"
to read from disk if we didn't have a cached_dir_t available.  But
there's a function in networkstatus_t that does it for us, so let's
do that.
2018-09-07 19:48:56 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
7e91eb83d8 Merge branch 'maint-0.3.4' 2018-09-07 08:45:10 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
e95b13f8ce Merge remote-tracking branch 'ageis/control-getinfo-uptime' 2018-09-06 09:30:55 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00
David Goulet
d9bfc9e2e3 fixup! hs: Learn service version by trying to load the keys 2018-08-28 08:36:28 -04:00
Nick Mathewson
7217bdacb5 Merge remote-tracking branch 'tor-github/pr/289' 2018-08-24 12:57:18 -04:00
Nick Mathewson
622231ce2e Merge remote-tracking branch 'teor/bug27237' 2018-08-24 12:44:46 -04:00
Nick Mathewson
b1d0fa04fb Merge branch 'maint-0.3.4' 2018-08-24 12:35:26 -04:00
Nick Mathewson
08a1619e7f Merge branch 'maint-0.3.4' 2018-08-24 12:05:39 -04:00
Nick Mathewson
f36b3faa75 Merge branch 'maint-0.3.4' 2018-08-24 08:32:33 -04:00
teor
7a5896d5d4
Bootstrap: try harder to get descriptors in non-exit test networks
Use the mid weight for the third hop when there are no exits.

Fixes bug 27237; bugfix on 0.2.6.2-alpha.
2018-08-24 12:49:05 +10:00
Nick Mathewson
2ae92ab973 Merge branch 'maint-0.3.4' 2018-08-23 14:26:04 -04:00
David Goulet
e8557ba00d hs: Change default version from 2 to 3
Closes #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:42:23 -04:00
David Goulet
61ad81c36e hs: Learn service version by trying to load the keys
In order to switch the default HS version from 2 to 3, we need tor to be smart
and be able to decide on the version by trying to load the service keys during
configuration validation.

Part of #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:38:28 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00
George Kadianakis
5febea0d54 Fix revision counter bugs caused by bad SRV start time computation.
Bug description: For each descriptor, its revision counter is the OPE
ciphertext of the number of seconds since the start time of its SRV value.
This bug caused us to confuse the SRV start time in the middle of the lifetime
of a descriptor in some edge-cases, which caused descriptor rejects.

Bug cause: The bug occurs when we fetch a 23:00 consensus after
midnight (e.g. at 00:08 when not all dirauths have fetched the latest 00:00
consensus). In that case, the voting schedule (which was used for SRV start
time calculation) would return a valid-after past-midnight, whereas our
consensus would be pre-midnight, and that would confuse the SRV start time
computation which is used by HS revision counters (because we would reset the
start time of SRV, without rotating descriptors).

Bug fix: We now use our local consensus time to calculate the SRV start time,
instead of the voting schedule. The voting schedule does not work as originally
envisioned in this case, because it was created for voting by dirauths and not
for scheduling stuff on clients.
2018-08-22 18:09:47 +03:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Neel Chauhan
aab6aea197 Fix typo in comment for getinfo_helper_current_time() 2018-08-20 11:49:35 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
Neel Chauhan
64d9ea1413
In addrs_in_same_network_family(), choose IP subnet size based on IP type 2018-08-17 13:37:51 +10:00
Nick Mathewson
7e50d43f07 Merge branch 'maint-0.3.4' 2018-08-16 08:37:11 -04:00
Nick Mathewson
61d5bcc1a2 Merge remote-tracking branch 'tor-github/pr/268' 2018-08-11 10:04:04 -04:00
Nick Mathewson
b7ed61167f Merge remote-tracking branch 'tor-github/pr/239' 2018-08-10 12:35:06 -04:00
Nick Mathewson
df444e482b Provide examples of tor_api_get_provider_version() output
At the same time, sternly warn any person thinking about relying on
any particular format too strictly.  If you do this, and your
program breaks, it is your bug, not mine.
2018-08-08 18:10:28 -04:00
Nick Mathewson
159141a8c6 Merge branch 'ticket26947' 2018-08-08 18:07:32 -04:00
rl1987
7a1007861f Print stacktrace when crypto_pk_get_digest() fails in router_build_fresh_descriptor() 2018-08-08 18:56:27 +03:00
rl1987
9c242e950b Consider all routerinfo errors other than "not a server" transient 2018-08-08 18:47:43 +03:00
Neel Chauhan
3a2b5a5bcb Fix typo in control_event_hs_descriptor_content() 2018-08-08 00:12:00 -04:00
Nick Mathewson
c77fe82155 Add API for creating an owning controller FD and passing it to tor_main 2018-08-01 11:01:52 -04:00
Nick Mathewson
9a89450b6d tor_api: Extend tor_api code so it can pass extra arguments to main.
We need this so that the tor_api user can specify some arguments,
while the tor_api implementation adds others.

This implementation detail should not be visible to tor_api users.
2018-08-01 11:01:52 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
772106c6bc Add a new function, tor_api_get_provider_version()
Closes ticket 26947.
2018-07-31 09:18:54 -04:00
Roger Dingledine
fe9f585143 fix wrong word in comment 2018-07-30 22:35:33 -04:00
Nick Mathewson
3a6bd21440 Merge remote-tracking branch 'teor/bug26627_033_merged_master' 2018-07-30 09:01:55 -04:00
Nick Mathewson
13393b2d91 Merge remote-tracking branch 'rl1987/ticket21349_4' 2018-07-30 08:49:49 -04:00
Nick Mathewson
ac9d08f66a Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased' 2018-07-30 08:33:59 -04:00
rl1987
ffdfd39d4f Early bailout from log_addr_has_changed() if running as client 2018-07-26 17:49:27 +03:00
teor
fc4d08e260 Merge branch 'bug26627_033' into bug26627_033_merged_master 2018-07-25 09:17:17 +10:00
rl1987
042d22c8d1 Split select_entry_guard_for_circuit() 2018-07-21 18:38:33 +03:00
rl1987
e6c51a056c Make entry_guards_update_primary() shorter 2018-07-21 18:38:33 +03:00
rl1987
86549c0d9e Split sampled_guards_update_from_consensus() into subfunctions 2018-07-21 18:38:33 +03:00
Nick Mathewson
9ae3597540 Tweak assertion in get_time_period_length() for coverity
This is another attempt to fix 1437668.  The assertion here should
be safe, since the rules of networkstatus_get_param() keep the value
it returns in range.
2018-07-20 11:02:07 -04:00
Nick Mathewson
583df33e20 Merge branch 'maint-0.3.4' 2018-07-20 10:42:29 -04:00
Nick Mathewson
c1092e9aab Merge remote-tracking branch 'ahf-github/bugs/26780' 2018-07-19 12:22:39 -04:00
Nick Mathewson
23811052fe Add some missing includes and struct declarations. 2018-07-18 15:12:18 -04:00
Nick Mathewson
61e080e24a Merge branch 'maint-0.3.4' 2018-07-18 15:09:28 -04:00
Nick Mathewson
e2b744ce38 Merge branch 'bug25552_ope_squashed' 2018-07-17 16:19:32 -04:00
Neel Chauhan
32db806dfa Teach the OOM handler about the DNS cache 2018-07-17 09:19:27 -04:00
Kevin Gallagher
4ba26f95d5 control: Add new 'uptime' message to GETINFO
Sends the Tor controller the uptime in seconds.
Highly useful for monitoring purposes.
2018-07-16 19:19:10 -07:00
Neel Chauhan
d807ca1b01 Add and use dns_cache_total_allocation() 2018-07-16 17:19:53 -04:00
teor
79f249e786 dirauth: Handle V3BandwidthsFile failure modes according to the new spec
If an authority is not configured with a V3BandwidthsFile, this line
SHOULD NOT appear in its vote.

If an authority is configured with a V3BandwidthsFile, but parsing
fails, this line SHOULD appear in its vote, but without any headers.

Part of 3723, implements the spec in 26799.
2018-07-16 14:43:49 +00:00
juga0
9773311b20 Add keyval header, that was moved to other file 2018-07-16 14:43:49 +00:00
juga0
8164534f46 Ensure that bw_file_headers is not bigger than max 2018-07-16 14:43:49 +00:00
juga0
87fc409a70 Replace bwlist by bw_file and terminator condition
If bandwidth file terminator is found, set end of headers flag
and do not store the line.
If it is not, parse a relay line and check whether it is a header
line.
2018-07-16 14:43:49 +00:00
juga0
f906d9be11 Replace bwlist by bw_file
and add bw file terminator constant
2018-07-16 14:43:49 +00:00
juga0
d79c65772b Rename bwlist to bw_file and banwidth to
bandwidth-file
2018-07-16 14:43:49 +00:00
juga0
6d8bc12583 Free bw_list_headers in networstatus_t 2018-07-16 14:43:49 +00:00
juga0
106eb08d27 Add bw_file_headers to networkstatus_t 2018-07-16 14:43:49 +00:00
juga0
f0a4a5f726 Check that the header is key_value
to avoid interpreting as headers extra lines that are not key_values
2018-07-16 14:43:49 +00:00
juga0
086060e138 Do not add bw file line to the vote
when there are not bw file headers lines.
2018-07-16 14:43:49 +00:00
juga0
e5dd46beab Add the Bandwidth List file headers to votes
* add bwlist_headers argument to dirserv_read_measured_bandwidth
  in order to store all the headers found when parsing the file
* add bwlist_headers to networkstatus_t in order to store the
  the headers found by the previous function
* include the bandwidth headers as string in vote documents
* add test to check that dirserv_read_measured_bandwidth generates
  the bwlist_headers
2018-07-16 14:43:48 +00:00
Alexander Færøy
c9de65f966 Add checks in get_net_param_from_list() for valid output domain.
This patch adds two assertions in get_net_param_from_list() to ensure
that the `res` value is correctly within the range of the output domain.

Hopefully fixes Coverity CID #1415721, #1415722, and #1415723.

See: https://bugs.torproject.org/26780
2018-07-13 12:43:57 +02:00
Nick Mathewson
f45107e7de Rename crypto.c to crypto_cipher.c (since that's all it still has.) 2018-07-11 14:12:36 -04:00
Nick Mathewson
12a1ada158 Move the initialization and cleanup parts of crypto.c
These are now part of crypto_init.c.  The openssl-only parts now
live in crypto_openssl_mgt.c.

I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
537092cdbb Merge branch 'ticket26223' 2018-07-10 20:18:28 -04:00
Nick Mathewson
391ef5e42c Explain why we use raw_free with getdelim result. 2018-07-10 20:16:37 -04:00
Nick Mathewson
e7f5f48d68 Rename torlog.[ch] to log.[ch]
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
a2c44a7a7e Isolate resolve.h usage in the modules that really need it.
(Almost none of Tor should actually need to touch the platform resolver.)
2018-07-10 13:36:45 -04:00
Nick Mathewson
951d59d706 Use tor_getline() in dirserv.c to remove its upper line limit.
Closes ticket 26223.
2018-07-10 10:36:49 -04:00
Nick Mathewson
6574d4bd27 Refactor dirserv_read_measured_bandwidths to have a single exit point 2018-07-10 10:36:49 -04:00
Nick Mathewson
19f2057d49 Fix some lingering windows compilation issues from Jenkins.
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
e7463be39b Merge branch 'maint-0.3.4' 2018-07-09 10:16:51 -04:00
Nick Mathewson
83de46eb25 Changes file and comment for 25928. 2018-07-09 10:16:48 -04:00
Nick Mathewson
7746b071d8 Merge remote-tracking branch 'gsomlo/gls-single-da' 2018-07-09 09:59:46 -04:00
Nick Mathewson
667a6e8fe9 Whoops. Protover.[ch] belong in src/core/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
ef486e3c02 Fix every include path changed in the previous commit (automated)
I am very glad to have written this script.
2018-07-05 17:15:50 -04:00
Nick Mathewson
63b4ea22af Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
2018-07-05 17:15:50 -04:00