Commit Graph

37650 Commits

Author SHA1 Message Date
David Goulet
602dcd8e37 hs-v2: Only log once the connection warning to v2
Closes #40474

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-06 13:22:02 -04:00
David Goulet
f0d1240a07 hs-v2: Only log once the connection warning to v2
Closes #40474

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-06 13:20:22 -04:00
David Goulet
cdbf756b90 cc: Fix 32bit arithmetic to actually be 64bit
Coverity report: CID 1492322

________________________________________________________________________________________________________
*** CID 1492322:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/src/core/or/congestion_control_flow.c: 399 in circuit_process_stream_xon()
393       }
394
395       log_info(LD_EDGE, "Got XON: %d", xon->kbps_ewma);
396
397       /* Adjust the token bucket of this edge connection with the drain rate in
398        * the XON. Rate is in bytes from kilobit (kpbs). */
>>>     CID 1492322:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "xon_cell_get_kbps_ewma(xon) * 1000U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
399       uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000;
400       if (rate == 0 || INT32_MAX < rate) {
401         /* No rate. */
402         rate = INT32_MAX;
403       }
404       token_bucket_rw_adjust(&conn->bucket, (uint32_t) rate, (uint32_t) rate);

Fixes #40478

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-05 13:47:49 -04:00
c
6ada3be8f1 net: Reject invalid characters in port ranges
Fixes issue #22469 where port strings such as '0x00' get accepted, not
because the string gets converted to hex, but because the string is
silently truncated past the invalid character 'x'. This also causes
issues for strings such as '0x01-0x02' which look like a hex port range,
but in reality gets truncated to '0', which is definitely not what a
user intends.

Warn and reject such port strings as invalid.

Also, since we're throwing that "malformed port" warning a lot in the
function, wrap it up in a nice goto.

Fixes #22469
2021-10-04 15:19:16 -04:00
David Goulet
3c13886317 changes: Fix file for ticket 40182
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 15:02:32 -04:00
David Goulet
e4e88c4b2e Merge branch 'tor-gitlab/mr/228' 2021-10-04 14:59:04 -04:00
David Goulet
4046b9f3ee edge: Remove wrong bug warn when processing pending streams
The connection_ap_attach_pending() function processes all pending
streams in the pending_entry_connections list. It first copy the pointer
and then allocates a brand new empty list.

It then iterates over that copy pointer to try to attach entry
connections onto any fitting circuits using
connection_ap_handshake_attach_circuit().

That very function, for onion service, can lead to flagging _all_
streams of the same onion service to be put in state RENDDESC_WAIT from
CIRCUIT_WAIT. By doing so, it also tries to remove them from the
pending_entry_connections but at that point it is already empty.

Problem is that the we are iterating over the previous
pending_entry_connections which contains the streams that have just
changed state and are no longer in CIRCUIT_WAIT.

This lead to this bug warning occuring a lot on busy services:

  May 01 08:55:43.000 [warn] connection_ap_attach_pending(): Bug:
  0x55d8764ae550 is no longer in circuit_wait. Its current state is
  waiting for rendezvous desc. Why is it on pending_entry_connections?
  (on Tor 0.4.4.0-alpha-dev )

This fix is minimal and basically allow a state to be not CIRCUIT_WAIT
and move on to the next one without logging a warning. Because the
pending_entry_connections is emptied before processing, there is no
chance for a streams to be stuck there forever thus it is OK to ignore
streams not in the right state.

Fixes #34083

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 14:11:18 -04:00
David Goulet
1873d4c14c Merge branch 'tor-gitlab/mr/444' 2021-10-04 10:49:27 -04:00
David Goulet
7005046bd2 changes: Add file for ticket 40450 (prop324)
Closes #40450

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:54 -04:00
David Goulet
bfd69655af cc: Add comments and clean up some syntax
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:50 -04:00
Mike Perry
322f213210 Turn cell queue watermark limits into consensus params.
This allows us to have quicker reaction to blocked orconns as
a congestion signal.
2021-10-04 10:45:46 -04:00
Mike Perry
e9038dc5f2 Add a max cwnd consensus parameter and clamp. 2021-10-04 10:45:46 -04:00
Mike Perry
6dae9903b1 Turn orconn watermarks into consensus parameters.
Tuning these may reduce memory usage and latency.
2021-10-04 10:45:46 -04:00
Mike Perry
98be8634fa Turn CircEWMA tick len into consensus parameter.
This will assist tuning of CircEWMA in Shadow and Live.
2021-10-04 10:45:46 -04:00
Mike Perry
5e17f8acab Support time-based half-closed connection handling.
Since we no longer use stream SENDMEs for congestion control, we must now use
time to decide when data should stop arriving on a half-closed stream.
2021-10-04 10:45:46 -04:00
David Goulet
bd0aabe20f oom: Consider edge connections as well
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:46 -04:00
Mike Perry
58aca27265 MAKEFILE: Add flow control files to makefile 2021-10-04 10:45:46 -04:00
Mike Perry
0422eb26a7 Prop#324: Hook up flow control 2021-10-04 10:45:46 -04:00
Mike Perry
a89a71cd7b Prop#324: Stream flow control functions 2021-10-04 10:45:46 -04:00
David Goulet
0b376a9e82 trace: Add congestion control BDP update tracepoints
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:46 -04:00
David Goulet
896c16c3b1 Add lttng trace support.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:46 -04:00
David Goulet
819b69244a Support rate limiting of edge connections reads.
We only need to rate limit reading on edges for flow control, as per the rate
that comes in the XON from the other side. When we rate limit reading from the
edge source to this rate, we will only deliver that fast to the other side,
thus satisfying its rate request.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:46 -04:00
Mike Perry
ca7f5c05a6 Prop#324: Add fields to edge connection. 2021-10-04 10:45:46 -04:00
David Goulet
ef7a64e3b8 hs-v2: Disable version 2 HSPOST and HSFETCH command
Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 11:18:08 -04:00
David Goulet
59bae7cbee hs-v2: Disable version 2 directory
Relay do not accept both stores and lookups of version 2 descriptor.
This effectively disable version 2 HSDir supports for relays.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:46:17 -04:00
David Goulet
ff3ac02702 hs-v2: Disable version 2 introduction point
Upon receiving a v2 introduction request, the relay will close the
circuit and send back a tor protocol error.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:40:19 -04:00
David Goulet
765bdb9c33 hs-v2: Disable version 2 service
The minimum service version is raised from 2 to 3 which effectively
disable loading or creating an onion service v2.

As for ADD_ONION, for version 2, a 551 error is returned:

  "551 Failed to add Onion Service"

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:38:08 -04:00
David Goulet
13b2b1108f hs-v2: Disable SOCKS connection for v2 addresses
This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:26:37 -04:00
Mike Perry
33d8974f4d Export the n_ewma function for flow control use. 2021-09-28 21:39:36 +00:00
Mike Perry
8f9cf1ec43 Export a global notion of monotime clock stall/jump.
Monotime clock functionality is a global property, and flow control
also needs to know if it can trust the clock.
2021-09-28 21:39:36 +00:00
Mike Perry
6868f30ced Add trunnel definitions for xon/xoff cells. 2021-09-28 21:26:10 +00:00
Simon South
1a10948260 test: Add sandbox unit tests 2021-09-28 11:06:52 -04:00
Simon South
3bc3a10895 configure.ac: Define ENABLE_COVERAGE macro
Allow conditional compilation based on whether the "--enable-coverage"
configure option was specified.
2021-09-28 11:06:52 -04:00
Simon South
fbf2e7e921 sandbox: Allow use with fragile hardening
When building with --enable-fragile-hardening, add or relax Linux
seccomp rules to allow AddressSanitizer to execute normally if the
process terminates with the sandbox active.

Further resolves issue 11477.
2021-09-28 11:06:50 -04:00
Simon South
352677556e configure.ac: Define ENABLE_FRAGILE_HARDENING macro
Allow conditional compilation based on whether the
"--enable-fragile-hardening" configure option was specified.
2021-09-27 12:13:47 -04:00
Neel Chauhan
b7992d4f79 bwauth: Add AuthDirDontVoteOnDirAuthBandwidth option to avoid giving weights to dirauths 2021-09-27 08:58:00 -07:00
Roger Dingledine
ecb91e75e4 one more pass over the changelog 2021-09-17 11:01:37 -04:00
Nick Mathewson
0877eee18c Run format_changelog. 2021-09-17 10:50:40 -04:00
Nick Mathewson
46094d1ec0 Edit changelog with a few grammar and simplicity fixes. 2021-09-17 10:50:23 -04:00
David Goulet
927f9a12a6 Bump version to 0.4.7.1-alpha
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-17 09:42:45 -04:00
David Goulet
9a7fe5d131 changelog: ChangeLog for 0.4.7.1-alpha release
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-17 09:42:45 -04:00
Nick Mathewson
2c10cc3080 Merge remote-tracking branches 'tor-gitlab/mr/439' and 'tor-gitlab/mr/441' 2021-09-16 08:53:28 -04:00
skaluzka
515ccc4a42
Update Tor's man 1 page
Add few missing periods, convert tabs to spaces.
No new significant content added.

Signed-off-by: skaluzka <skaluzka@protonmail.com>
2021-09-15 19:17:41 +02:00
Neel Chauhan
17ceeb7f92 tor.1 man page: Add mention of fingerprint-ed25519, and clarify differences 2021-09-14 11:10:11 -07:00
David Goulet
f728e09ebe Merge branch 'maint-0.4.5' into maint-0.4.6 2021-09-13 13:34:48 -04:00
David Goulet
7440a38846 Merge branch 'maint-0.4.6' 2021-09-13 13:34:48 -04:00
David Goulet
0dbb2f53b9 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-09-13 13:34:44 -04:00
Guinness
bd68668ac0
Fix changes file 2021-09-13 19:02:23 +02:00
Alexander Færøy
fcef8e3f75 Only check for bindable ports if we are unsure if it will fail.
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.

See: tor#40275
2021-09-13 18:33:27 +02:00
Alexander Færøy
12b64845ae Use Debian bullseye for our hardened build. 2021-09-13 18:13:10 +02:00