Commit Graph

28377 Commits

Author SHA1 Message Date
Jim Newsome
d224961609 hs_service: don't force high intro point rotation for TestingTorNetwork
This was previously added to facilitate testing intro point rotation
with chutney. However, the implementation is problematic since it forces
excessive rotation whenever TestingTorNetwork is enabled, and can't be
adjusted or disabled.

Alternatives for testing intro point rotation include:
 * Using shadow to "fast forward" time
 * Overriding the consensus parameters hs_intro_min_lifetime and
   hs_intro_max_lifetime.

Fixes #40922
2024-03-14 09:36:59 -05:00
Jim Newsome
4fc43ebdee In router_is_active, don't require non-zero bandwidthcapacity
This check was originally added in 962765a3, with the intent of
preventing relays with 0 measured bandwidth from being listed in the
consensus (part of fixing #13000).

Currently, that decision and other relevant places effectively use
`dirserv_get_credible_bandwidth_kb`, which prefers bwauth-measured
bandwidth over the self-reported `bandwidthcapacity`, making this check
mostly redundant.

i.e. this change should only affect behavior when the relay has uploaded
a descriptor with `bandwidthcapacity=0` *and* we have a non-zero
measured bandwidth, in which case we'll still trust the measured
bandwidth. This is what we want when bootstrapping a network (e.g. for
testing), since it allows us to initialize bandwidths using a bandwidth
authority file.

A relay can still cause `router_is_active` to return false by setting
the hibernate flag.

Also see discussion in #40917.

Fixes #40917.
2024-03-07 12:39:40 -06:00
Alexander Færøy
a5d53ce416 Merge branch 'document-read-until-eof' into 'main'
make read_file_to_str_until_eof doc more explicit

Closes #40852

See merge request tpo/core/tor!799
2024-02-28 16:56:24 +00:00
Alexander Færøy
72ac1de514 Merge branch 'maint-0.4.8' 2024-02-28 16:52:56 +00:00
trinity-1686a
e913de1bc6 make read_file_to_str_until_eof doc more explicit
the sz_out param is set to what was read (i.e not including the final
NULL the function adds for convenience), but could be understood to
be set to what was read+1 (including the NULL terminator)
2024-02-18 12:44:45 +01:00
David Goulet
b0b943a161 Merge branch 'bug40911' into 'main'
Make two 1-bit fields unsigned

Closes #40911

See merge request tpo/core/tor!796
2024-02-08 19:41:22 +00:00
Sebastian Hahn
4c0e9f1418 Make two 1-bit fields unsigned
This should be a completely harmless warning as we only check whether
the fields are true or false.

Closes #40911.
2024-02-01 19:45:04 +01:00
Sebastian Hahn
4db6ab5c18 Update test strings 2024-02-01 17:16:17 +01:00
Sebastian Hahn
1abc9a3bd3 dirauth: Warn when failing to post during a vote
The only way to figure out that posting a vote or signatures to another
dirauth failed is by counting how many success messages there are on
notice level, and noticing that it is fewer than the number of
configured dirauths.

Closes #40910.
2024-02-01 10:34:30 +01:00
David Goulet
42215d6432 Merge branch 'tor-gitlab/mr/791' 2024-01-30 11:47:53 -05:00
Alexander Færøy
824a0c4665 Merge branch 'ticket40816_049_01' into 'main'
metrics: Add new relay metrics to MetricsPort

Closes #40816

See merge request tpo/core/tor!793
2024-01-30 16:24:55 +00:00
David Goulet
4a94d0394e Merge branch 'maint-0.4.8' 2024-01-30 10:57:02 -05:00
David Goulet
fbca1df9dd dirauth: Reject 0.4.7.x series at the authority level
Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-01-30 10:56:16 -05:00
juga
56819b0a50 bwauth: Allow "node_id" KeyValue without "$"
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.

Closes #40891
2024-01-30 10:47:13 -05:00
David Goulet
5a5ca444c8 metrics: Add new relay metrics to MetricsPort
This commit adds the total number of DROP cell seen, the total number of
DESTROY cell received and the total number of protocol violation that lead to a
circuit close.

Closes #40816

Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-01-30 10:13:09 -05:00
nonameformee
50b564da18 dirauth: Reject 0.4.7.x series at the authority level 2023-12-10 10:36:48 +00:00
David Goulet
4d7ca89fc3 Merge branch 'maint-0.4.8' 2023-12-08 13:45:36 -05:00
Tor CI Release
4c97dc1626 fallbackdir: Update list generated on December 08, 2023 2023-12-08 13:45:00 -05:00
Tor CI Release
ad22b60ff1 Update geoip files to match ipfire location db, 2023/12/08. 2023-12-08 13:44:45 -05:00
David Goulet
64e6458c87 Merge branch 'maint-0.4.8' 2023-12-08 13:26:16 -05:00
David Goulet
6fbbcdde35 Merge remote-tracking branch 'mikeperry-private/bug40897' into maint-0.4.8 2023-12-08 13:19:40 -05:00
Alexander Færøy
ae11abfe92 Merge branch 'maint-0.4.8' 2023-12-07 21:38:32 +00:00
Alexander Færøy
1b1f6e8574 Merge remote-tracking branch 'origin/merge-requests/776' into maint-0.4.8 2023-12-07 21:38:03 +00:00
Mike Perry
cc52f7e5b7 Bug 40897 Bug Bounty: Double the number of max conflux circs
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.

This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...

Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.

This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.

Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
2023-12-07 18:37:30 +00:00
Mike Perry
03778a0f34 Bug 40897: Add more checks to free paths
Similar double-frees would be caught earlier by these, so long as the pointers
remain nulled out.
2023-12-07 18:37:30 +00:00
Mike Perry
d02eb4502a Bug 40897: Move safety check to proper location and give it error handling. 2023-12-07 18:37:26 +00:00
David Goulet
d07810a3c9 Merge branch 'fix-bridge-exit-warn' into 'main'
Fix bridge exit warn

Closes #40884

See merge request tpo/core/tor!783
2023-11-22 15:02:14 +00:00
David Goulet
0ea2e15d84 Merge branch 'did-sanity-memmem' into 'main'
add sanity check in tor_memmem

Closes #40854

See merge request tpo/core/tor!785
2023-11-22 15:01:03 +00:00
Alexander Færøy
45c1a36acb Merge branch 'eol-config-no-spurious-warn' into 'main'
don't warn for empty RecommendedServerVersion

Closes #40888

See merge request tpo/core/tor!787
2023-11-21 18:04:38 +00:00
juga
d8aa699253 bwauth: Allow "node_id" KeyValue without "$"
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.

Closes #40891
2023-11-21 10:43:36 -05:00
trinity-1686a
635220734d don't warn for empty RecommendedServerVersion 2023-11-16 19:15:25 +01:00
trinity-1686a
f2ddfdd50e add sanity check in tor_memmem
it's believed most libc already have those, but just in case, it can't
hurt
2023-11-15 02:01:34 +01:00
trinity-1686a
8fafdca11e
don't warn when ExitRelay is set to 0 2023-11-12 18:24:33 +01:00
David Goulet
7703c94756 Merge branch 'maint-0.4.8' 2023-11-09 09:24:22 -05:00
Tor CI Release
825aa705b1 fallbackdir: Update list generated on November 09, 2023 2023-11-09 09:23:59 -05:00
Tor CI Release
f822f24599 Update geoip files to match ipfire location db, 2023/11/09. 2023-11-09 09:23:54 -05:00
David Goulet
12723de00b Merge branch 'maint-0.4.8' 2023-11-09 09:17:51 -05:00
David Goulet
be751a46e3 Merge branch 'ticket40883_048_01' into maint-0.4.8 2023-11-09 09:14:19 -05:00
David Goulet
525a1cfb70 Merge branch 'maint-0.4.8' 2023-11-09 09:10:58 -05:00
David Goulet
6df27ae953 Merge branch 'tor-gitlab/mr/778' into maint-0.4.8 2023-11-09 09:10:52 -05:00
David Goulet
83aecca561 hs: Always check if the hs_ident is available when processing a cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-08 11:17:48 -05:00
David Goulet
e62b8bce5a hs: Fix assert in hs_metrics_update_by_ident()
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.

This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.

This fixes TROVE-2023-006 for which its severity is considered high.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-07 13:50:28 -05:00
David Goulet
8257cd10f3 Merge branch 'maint-0.4.8' 2023-11-03 09:41:12 -04:00
Tor CI Release
f1df34193b Update geoip files to match ipfire location db, 2023/11/03. 2023-11-03 09:38:29 -04:00
Tor CI Release
ea6d6568e7 fallbackdir: Update list generated on November 03, 2023 2023-11-03 09:38:21 -04:00
David Goulet
bd8915ad8d Merge branch 'maint-0.4.8' 2023-11-03 09:04:27 -04:00
David Goulet
24dc829b9a Merge branch 'maint-0.4.7' into maint-0.4.8 2023-11-03 09:04:27 -04:00
Alexander Færøy
7aa496a2e0 Fix TROVE-2023-004: Remote crash when compiled against OpenSSL
Fixes #40874

Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03 08:52:38 -04:00
Mike Perry
6bfadc7a5d Bug 40876: Extra logging 2023-11-01 19:57:08 +00:00
Mike Perry
d7f14a54fb Bug 40876: Don't reduce primary list for temporary restrictions 2023-11-01 19:57:07 +00:00