Commit Graph

36951 Commits

Author SHA1 Message Date
David Goulet
d0053fdfb5 hs: Improve warning for bad service version
Now that we don't have version 2, it gives us:

  [warn] HiddenServiceVersion must be between 3 and 3, not 2.

This commit changes it to:

  [warn] HiddenServiceVersion must be 3, not 2.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:23 -04:00
David Goulet
3dd4b3316d changes: Add file for ticket 40476
Closes #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:23 -04:00
David Goulet
48e6e0843b test: Don't run HSv2 Chutney test networks
Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:23 -04:00
David Goulet
1589e6bf28 test: Fix unit tests after disabling version 2
Some tests were removed because they were testing something not usable
anymore.

Some tests remains to make sure that things are indeed disabled.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:22 -04:00
David Goulet
fb0c949df6 hs-v2: Disable version 2 HSPOST and HSFETCH command
Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:22 -04:00
David Goulet
7a15296c43 hs-v2: Disable version 2 directory
Relay do not accept both stores and lookups of version 2 descriptor.
This effectively disable version 2 HSDir supports for relays.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:22 -04:00
David Goulet
e284b9f779 hs-v2: Disable version 2 introduction point
Upon receiving a v2 introduction request, the relay will close the
circuit and send back a tor protocol error.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:13:08 -04:00
David Goulet
471149b651 hs-v2: Disable version 2 service
The minimum service version is raised from 2 to 3 which effectively
disable loading or creating an onion service v2.

As for ADD_ONION, for version 2, a 551 error is returned:

  "551 Failed to add Onion Service"

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:11:12 -04:00
David Goulet
ed4d6a0030 hs-v2: Disable SOCKS connection for v2 addresses
This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:08:05 -04:00
David Goulet
adcb094cb6 Merge branch 'tor-gitlab/mr/392' into maint-0.4.5 2021-10-06 15:45:13 -04:00
David Goulet
065ebd10c2 Merge branch 'tor-gitlab/mr/393' into maint-0.4.5 2021-10-06 15:41:12 -04:00
David Goulet
a53c949dcf Merge branch 'tor-gitlab/mr/420' into maint-0.4.5 2021-10-06 15:35:30 -04:00
David Goulet
f0d1240a07 hs-v2: Only log once the connection warning to v2
Closes #40474

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-06 13:20:22 -04:00
David Goulet
0dbb2f53b9 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-09-13 13:34:44 -04:00
Alexander Færøy
fcef8e3f75 Only check for bindable ports if we are unsure if it will fail.
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.

See: tor#40275
2021-09-13 18:33:27 +02:00
Alexander Færøy
12b64845ae Use Debian bullseye for our hardened build. 2021-09-13 18:13:10 +02:00
Alexander Færøy
84d6f977e7 Force amd64 for CI builds. 2021-09-13 18:08:49 +02:00
David Goulet
cac612af42 dir: Do not flag non-running failing HSDir
When a directory request fails, we flag the relay as non Running so we
don't use it anymore.

This can be problematic with onion services because there are cases
where a tor instance could have a lot of services, ephemeral ones, and
keeps failing to upload descriptors, let say due to a bad network, and
thus flag a lot of nodes as non Running which then in turn can not be
used for circuit building.

This commit makes it that we never flag nodes as non Running on a onion
service directory request (upload or fetch) failure as to keep the
hashring intact and not affect other parts of tor.

Fortunately, the onion service hashring is _not_ selected by looking at
the Running flag but since we do a 3-hop circuit to the HSDir, other
services on the same instance can influence each other by removing nodes
from the consensus for path selection.

This was made apparent with a small network that ran out of nodes to
used due to rapid succession of onion services uploading and failing.
See #40434 for details.

Fixes #40434

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-17 13:27:14 -04:00
David Goulet
da9ff3936d Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-16 16:34:19 -04:00
David Goulet
18f2a7c012 Bump version to -dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-16 16:34:10 -04:00
David Goulet
a8ce645ab0 Bump version to -dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-16 16:33:58 -04:00
Alexander Færøy
903c578119 Always teardown capture of logs in CAPTURE().
This will hopefully solve an issue where our gmtime related tests are
failing on 32-bit builds.
2021-08-16 15:27:38 +00:00
Alexander Færøy
78712990ab Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-16 13:58:32 +00:00
Alexander Færøy
b07cd2ee90 Use debian:buster instead of debian:stable for now. 2021-08-16 13:57:56 +00:00
Nick Mathewson
b2d6fed3e9 Disable message checking for some 32-bit tests about timegm failure.
Since we merged 40383, we don't expect these to give the same
warning on every platform.
2021-08-16 09:48:08 -04:00
Nick Mathewson
1ec4c7b34a Make the version 0.4.5.10, not 0.4.5.10-dev. 2021-08-16 08:18:57 -04:00
Nick Mathewson
1667e122de Merge branch 'maint-0.3.5' into maint-0.4.5
"ours" to avoid version bump
2021-08-16 08:18:09 -04:00
Nick Mathewson
2984fba97a Make the version 0.3.6.16, not 0.3.6.16-dev. 2021-08-16 08:17:59 -04:00
David Goulet
ca249131b0 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-13 09:44:53 -04:00
David Goulet
041a0a362f Update version to 0.3.5.16
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-13 09:43:44 -04:00
David Goulet
685b3e4383 Update version to 0.4.5.10
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-13 09:42:52 -04:00
David Goulet
33abeeab94 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-12 12:13:25 -04:00
Alexander Færøy
eca5b62213 Update GeoIP files to match IPFire location DB as per 2021/08/12. 2021-08-12 15:38:11 +00:00
Alexander Færøy
81635ec577 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-11 13:15:58 +00:00
Alexander Færøy
7e0971d868 Merge remote-tracking branch 'tor-gitlab/mr/417' into maint-0.3.5 2021-08-11 13:15:35 +00:00
Alexander Færøy
c48d1c3f7c Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-11 13:14:26 +00:00
George Kadianakis
fe5a9db1e6 Disable ed25519-donna's batch verification.
Fixes bug 40078.

As reported by hdevalence our batch verification logic can cause an assert
crash.

The assert happens because when the batch verification of ed25519-donna fails,
the code in `ed25519_checksig_batch()` falls back to doing a single
verification for each signature.

The crash occurs because batch verification failed, but then all signatures
individually verified just fine.

That's because batch verification and single verification use a different
equation which means that there are sigs that can pass single verification
but fail batch verification.

Fixing this would require modding ed25519-donna which is not in scope for
this ticket, and will be soon deprecated in favor of arti and
ed25519-dalek, so my branch instead removes batch verification.
2021-08-11 13:14:05 +00:00
David Goulet
0e60b65f6c fallbackdir: Regenerate list
New list for all stable releases.

Closes #40447

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 09:07:05 -04:00
Alexander Færøy
e7a8c3d127 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-11 13:06:12 +00:00
David Goulet
399518da02 relay: Reduce streaming compression ratio from HIGH to LOW
Fixes #40301

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 12:51:32 +00:00
David Goulet
70d8fb3eab relay: Reduce streaming compression ratio from HIGH to LOW
Fixes #40301

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 12:47:20 +00:00
George Kadianakis
4865eabd18 Merge remote-tracking branch 'tor-gitlab/mr/409' into maint-0.4.5 2021-07-06 13:51:58 +03:00
George Kadianakis
98b9df61f6 Merge branch 'mr/395' into maint-0.4.5 2021-07-06 13:42:29 +03:00
Nick Mathewson
c1d96358d4 Use native timegm when available.
Continue having a tor_gmtime_impl() unit test so that we can detect
any problems in our replacement function; add a new test function to
make sure that gmtime<->timegm are a round-trip on now-ish times.

This is a fix for bug #40383, wherein we ran into trouble because
tor_timegm() does not believe that time_t should include a count of
leap seconds, but FreeBSD's gmtime believes that it should.  This
disagreement meant that for a certain amount of time each day,
instead of calculating the most recent midnight, our voting-schedule
functions would calculate the second-most-recent midnight, and lead
to an assertion failure.

I am calling this a bugfix on 0.2.0.3-alpha when we first started
calculating our voting schedule in this way.
2021-07-06 13:33:05 +03:00
Nick Mathewson
2bc02b2199 Suppress a clang 12 warning about "suspicious concatenation".
My clang doesn't like it when we write code like this:

    char *list[] = {
       "abc",
       "def",
       "ghi"
       "jkl"
    }

It wonders whether we meant to put a comma between "ghi" and "jkl"
or not, and gives a warning.

To suppress this warning (since in this case, we did mean to omit
the comma), we just wrap the two strings in parentheses.

Closes #40426; bugfix on 0.4.0.4-rc.
2021-07-01 13:03:19 -04:00
Nick Mathewson
e60d14bb6b Missing changes file for #40409 2021-06-30 08:14:57 -04:00
Nick Mathewson
fce99957e2 Suppress strict-prototypes warning on NSS pk11pub.h header
We already did this in a couple of places, but there are more that
we didn't get.  This is necessary for systems with versions of
NSS that don't do their prototypes properly.

Fixes #40409; bugfix on 0.3.5.1-alpha.
2021-06-28 09:10:28 -04:00
Alexander Færøy
83483bd4f6 Enable deterministic RNG for address set tests.
This patch enables the deterministic RNG for address set tests,
including the tests which uses address set indirectly via the nodelist
API.

This should prevent random test failures in the highly unlikely case of
a false positive which was seen in tor#40419.

See: tpo/core/tor#40419.
2021-06-25 16:43:10 +00:00
Nick Mathewson
9085508310 Bump to 0.4.5.9-dev 2021-06-14 11:47:41 -04:00
Nick Mathewson
5ab97fa603 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-14 11:47:29 -04:00