summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-08-28 16:02:04 -0400
committerNick Mathewson <nickm@torproject.org>2018-08-28 16:02:04 -0400
commit48632455a5bd679d5f97c5137f24f91e564abad6 (patch)
treee723bcde6858825b41c7dfc2b8def8e05779c9c7 /src
parentb1d32a92239ae1727e22b592ac1908b616ba869a (diff)
parent8f13c3d3ed842d8db13bcf9ca6393dbe8e5781e3 (diff)
downloadtor-48632455a5bd679d5f97c5137f24f91e564abad6.tar.gz
tor-48632455a5bd679d5f97c5137f24f91e564abad6.zip
Merge branch 'bug26367_035_01'
Diffstat (limited to 'src')
-rw-r--r--src/app/config/config.c64
-rw-r--r--src/app/config/or_options_st.h14
-rw-r--r--src/core/or/channel.c7
-rw-r--r--src/core/or/channelpadding.c16
-rw-r--r--src/core/or/channelpadding.h2
-rw-r--r--src/core/or/circuitbuild.c96
-rw-r--r--src/core/or/circuitbuild.h8
-rw-r--r--src/core/or/circuitstats.c8
-rw-r--r--src/core/or/circuituse.c42
-rw-r--r--src/core/or/connection_edge.c12
-rw-r--r--src/core/or/or.h4
-rw-r--r--src/feature/dircache/directory.c6
-rw-r--r--src/feature/rend/rendclient.c37
-rw-r--r--src/feature/rend/rendclient.h3
-rw-r--r--src/feature/rend/rendcommon.c22
-rw-r--r--src/feature/rend/rendmid.c2
-rw-r--r--src/test/test_channelpadding.c73
-rw-r--r--src/test/test_hs.c75
-rw-r--r--src/test/test_options.c52
19 files changed, 35 insertions, 508 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 105c408614..339f8e2475 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -174,7 +174,6 @@ static config_abbrev_t option_abbrevs_[] = {
PLURAL(AuthDirRejectCC),
PLURAL(EntryNode),
PLURAL(ExcludeNode),
- PLURAL(Tor2webRendezvousPoint),
PLURAL(FirewallPort),
PLURAL(LongLivedPort),
PLURAL(HiddenServiceNode),
@@ -598,8 +597,8 @@ static config_var_t option_vars_[] = {
OBSOLETE("Support022HiddenServices"),
V(TestSocks, BOOL, "0"),
V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"),
- V(Tor2webMode, BOOL, "0"),
- V(Tor2webRendezvousPoints, ROUTERSET, NULL),
+ OBSOLETE("Tor2webMode"),
+ OBSOLETE("Tor2webRendezvousPoints"),
OBSOLETE("TLSECGroup"),
V(TrackHostExits, CSV, NULL),
V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
@@ -1698,8 +1697,7 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
routerset_needs_geoip(options->ExcludeExitNodes) ||
routerset_needs_geoip(options->ExcludeNodes) ||
routerset_needs_geoip(options->HSLayer2Nodes) ||
- routerset_needs_geoip(options->HSLayer3Nodes) ||
- routerset_needs_geoip(options->Tor2webRendezvousPoints);
+ routerset_needs_geoip(options->HSLayer3Nodes);
if (routerset_usage && reason_out) {
*reason_out = "We've been configured to use (or avoid) nodes in certain "
@@ -1882,27 +1880,6 @@ options_act(const or_options_t *old_options)
"in a non-anonymous mode. It will provide NO ANONYMITY.");
}
-#ifdef ENABLE_TOR2WEB_MODE
-/* LCOV_EXCL_START */
- // XXXX This should move into options_validate()
- if (!options->Tor2webMode) {
- log_err(LD_CONFIG, "This copy of Tor was compiled to run in "
- "'tor2web mode'. It can only be run with the Tor2webMode torrc "
- "option enabled.");
- return -1;
- }
-/* LCOV_EXCL_STOP */
-#else /* !(defined(ENABLE_TOR2WEB_MODE)) */
- // XXXX This should move into options_validate()
- if (options->Tor2webMode) {
- log_err(LD_CONFIG, "This copy of Tor was not compiled to run in "
- "'tor2web mode'. It cannot be run with the Tor2webMode torrc "
- "option enabled. To enable Tor2webMode recompile with the "
- "--enable-tor2web-mode option.");
- return -1;
- }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
/* If we are a bridge with a pluggable transport proxy but no
Extended ORPort, inform the user that they are missing out. */
if (server_mode(options) && options->ServerTransportPlugin &&
@@ -2164,8 +2141,6 @@ options_act(const or_options_t *old_options)
options->HSLayer2Nodes) ||
!routerset_equal(old_options->HSLayer3Nodes,
options->HSLayer3Nodes) ||
- !routerset_equal(old_options->Tor2webRendezvousPoints,
- options->Tor2webRendezvousPoints) ||
options->StrictNodes != old_options->StrictNodes) {
log_info(LD_CIRC,
"Changed to using entry guards or bridges, or changed "
@@ -3307,23 +3282,12 @@ options_validate_single_onion(or_options_t *options, char **msg)
options->NATDPort_set ||
options->DNSPort_set ||
options->HTTPTunnelPort_set);
- if (rend_service_non_anonymous_mode_enabled(options) && client_port_set &&
- !options->Tor2webMode) {
+ if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) {
REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
"an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
"revert HiddenServiceNonAnonymousMode to 0.");
}
- /* If you run a hidden service in non-anonymous mode, the hidden service
- * loses anonymity, even if SOCKSPort / Tor2web mode isn't used. */
- if (!rend_service_non_anonymous_mode_enabled(options) &&
- options->RendConfigLines && options->Tor2webMode) {
- REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a "
- "hidden service. Please remove all HiddenServiceDir lines, or use "
- "a version of tor compiled without --enable-tor2web-mode, or use "
- "HiddenServiceNonAnonymousMode.");
- }
-
if (rend_service_allow_non_anonymous_connection(options)
&& options->UseEntryGuards) {
/* Single Onion services only use entry guards when uploading descriptors;
@@ -3793,26 +3757,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
REJECT("CircuitsAvailableTimeout is too large. Max is 24 hours.");
}
-#ifdef ENABLE_TOR2WEB_MODE
- if (options->Tor2webMode && options->UseEntryGuards) {
- /* tor2web mode clients do not (and should not) use entry guards
- * in any meaningful way. Further, tor2web mode causes the hidden
- * service client code to do things which break the path bias
- * detector, and it's far easier to turn off entry guards (and
- * thus the path bias detector with it) than to figure out how to
- * make a piece of code which cannot possibly help tor2web mode
- * users compatible with tor2web mode.
- */
- log_notice(LD_CONFIG,
- "Tor2WebMode is enabled; disabling UseEntryGuards.");
- options->UseEntryGuards = 0;
- }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
- if (options->Tor2webRendezvousPoints && !options->Tor2webMode) {
- REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode.");
- }
-
if (options->EntryNodes && !options->UseEntryGuards) {
REJECT("If EntryNodes is set, UseEntryGuards must be enabled.");
}
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 627b39aea3..8ef01f80e7 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -262,14 +262,6 @@ struct or_options_t {
int AllDirActionsPrivate; /**< Should every directory action be sent
* through a Tor circuit? */
- /** Run in 'tor2web mode'? (I.e. only make client connections to hidden
- * services, and use a single hop for all hidden-service-related
- * circuits.) */
- int Tor2webMode;
-
- /** A routerset that should be used when picking RPs for HS circuits. */
- routerset_t *Tor2webRendezvousPoints;
-
/** A routerset that should be used when picking middle nodes for HS
* circuits. */
routerset_t *HSLayer2Nodes;
@@ -543,9 +535,9 @@ struct or_options_t {
* of fixed nodes? */
int UseEntryGuards_option;
/** Internal variable to remember whether we're actually acting on
- * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or
- * Single Onion Service, it is always false, otherwise we use the value of
- * UseEntryGuards_option. */
+ * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
+ * it is always false, otherwise we use the value of UseEntryGuards_option.
+ * */
int UseEntryGuards;
int NumEntryGuards; /**< How many entry guards do we try to establish? */
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index 476f31d5b4..0c204ddfb6 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1882,13 +1882,6 @@ channel_do_open_actions(channel_t *chan)
if (!get_options()->ConnectionPadding) {
/* Disable if torrc disabled */
channelpadding_disable_padding_on_channel(chan);
- } else if (get_options()->Tor2webMode &&
- !networkstatus_get_param(NULL,
- CHANNELPADDING_TOR2WEB_PARAM,
- CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) {
- /* Disable if we're using tor2web and the consensus disabled padding
- * for tor2web */
- channelpadding_disable_padding_on_channel(chan);
} else if (rend_service_allow_non_anonymous_connection(get_options()) &&
!networkstatus_get_param(NULL,
CHANNELPADDING_SOS_PARAM,
diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
index b8cfd33d50..1a8f8209d0 100644
--- a/src/core/or/channelpadding.c
+++ b/src/core/or/channelpadding.c
@@ -52,8 +52,6 @@ static int consensus_nf_conntimeout_clients;
static int consensus_nf_pad_before_usage;
/** Should we pad relay-to-relay connections? */
static int consensus_nf_pad_relays;
-/** Should we pad tor2web connections? */
-static int consensus_nf_pad_tor2web;
/** Should we pad rosos connections? */
static int consensus_nf_pad_single_onion;
@@ -141,11 +139,6 @@ channelpadding_new_consensus_params(networkstatus_t *ns)
consensus_nf_pad_relays =
networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
- consensus_nf_pad_tor2web =
- networkstatus_get_param(ns,
- CHANNELPADDING_TOR2WEB_PARAM,
- CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1);
-
consensus_nf_pad_single_onion =
networkstatus_get_param(ns,
CHANNELPADDING_SOS_PARAM,
@@ -740,15 +733,6 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_WONTPAD;
}
- if (options->Tor2webMode && !consensus_nf_pad_tor2web) {
- /* If the consensus just changed values, this channel may still
- * think padding is enabled. Negotiate it off. */
- if (chan->padding_enabled)
- channelpadding_disable_padding_on_channel(chan);
-
- return CHANNELPADDING_WONTPAD;
- }
-
if (rend_service_allow_non_anonymous_connection(options) &&
!consensus_nf_pad_single_onion) {
/* If the consensus just changed values, this channel may still
diff --git a/src/core/or/channelpadding.h b/src/core/or/channelpadding.h
index 7eddbdbe2d..7f8cfd4cc7 100644
--- a/src/core/or/channelpadding.h
+++ b/src/core/or/channelpadding.h
@@ -13,8 +13,6 @@
#include "trunnel/channelpadding_negotiation.h"
-#define CHANNELPADDING_TOR2WEB_PARAM "nf_pad_tor2web"
-#define CHANNELPADDING_TOR2WEB_DEFAULT 1
#define CHANNELPADDING_SOS_PARAM "nf_pad_single_onion"
#define CHANNELPADDING_SOS_DEFAULT 1
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index e22ddabde3..5c3d209448 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -408,10 +408,10 @@ onion_populate_cpath(origin_circuit_t *circ)
* edge cases. */
tor_assert(circuit_get_cpath_len(circ));
if (circuit_can_use_tap(circ)) {
- /* Circuits from clients to intro points, and hidden services to
- * rend points do not support ntor, because the hidden service protocol
- * does not include ntor onion keys. This is also true for Tor2web clients
- * and Single Onion Services. */
+ /* Circuits from clients to intro points, and hidden services to rend
+ * points do not support ntor, because the hidden service protocol does
+ * not include ntor onion keys. This is also true for Single Onion
+ * Services. */
return 0;
}
@@ -824,7 +824,6 @@ circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
* accordingly.
* Note that TAP handshakes in CREATE cells are only used for direct
* connections:
- * - from Tor2web to intro points not in the client's consensus, and
* - from Single Onions to rend points not in the service's consensus.
* This is checked in onion_populate_cpath. */
static void
@@ -1985,98 +1984,11 @@ choose_good_exit_server_general(router_crn_flags_t flags)
return NULL;
}
-#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-/* The config option Tor2webRendezvousPoints has been set and we need
- * to pick an RP out of that set. Make sure that the RP we choose is
- * alive, and return it. Return NULL if no usable RP could be found in
- * Tor2webRendezvousPoints. */
-STATIC const node_t *
-pick_tor2web_rendezvous_node(router_crn_flags_t flags,
- const or_options_t *options)
-{
- const node_t *rp_node = NULL;
- const int need_desc = (flags & CRN_NEED_DESC) != 0;
- const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
- const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
-
- smartlist_t *whitelisted_live_rps = smartlist_new();
- smartlist_t *all_live_nodes = smartlist_new();
-
- tor_assert(options->Tor2webRendezvousPoints);
-
- /* Add all running nodes to all_live_nodes */
- router_add_running_nodes_to_smartlist(all_live_nodes,
- 0, 0, 0,
- need_desc,
- pref_addr,
- direct_conn);
-
- /* Filter all_live_nodes to only add live *and* whitelisted RPs to
- * the list whitelisted_live_rps. */
- SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
- if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) {
- smartlist_add(whitelisted_live_rps, live_node);
- }
- } SMARTLIST_FOREACH_END(live_node);
-
- /* Honor ExcludeNodes */
- if (options->ExcludeNodes) {
- routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes);
- }
-
- /* Now pick randomly amongst the whitelisted RPs. No need to waste time
- doing bandwidth load balancing, for most use cases
- 'whitelisted_live_rps' contains a single OR anyway. */
- rp_node = smartlist_choose(whitelisted_live_rps);
-
- if (!rp_node) {
- log_warn(LD_REND, "Could not find a Rendezvous Point that suits "
- "the purposes of Tor2webRendezvousPoints. Choosing random one.");
- }
-
- smartlist_free(whitelisted_live_rps);
- smartlist_free(all_live_nodes);
-
- return rp_node;
-}
-#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
-
/* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
static const node_t *
pick_rendezvous_node(router_crn_flags_t flags)
{
const or_options_t *options = get_options();
-
-#ifdef ENABLE_TOR2WEB_MODE
- /* We want to connect directly to the node if we can */
- router_crn_flags_t direct_flags = flags;
- direct_flags |= CRN_PREF_ADDR;
- direct_flags |= CRN_DIRECT_CONN;
-
- /* The user wants us to pick specific RPs. */
- if (options->Tor2webRendezvousPoints) {
- const node_t *tor2web_rp = pick_tor2web_rendezvous_node(direct_flags,
- options);
- if (tor2web_rp) {
- return tor2web_rp;
- }
- }
-
- /* Else, if no direct, preferred tor2web RP was found, fall back to choosing
- * a random direct node */
- const node_t *node = router_choose_random_node(NULL, options->ExcludeNodes,
- direct_flags);
- /* Return the direct node (if found), or log a message and fall back to an
- * indirect connection. */
- if (node) {
- return node;
- } else {
- log_info(LD_REND,
- "Unable to find a random rendezvous point that is reachable via "
- "a direct connection, falling back to a 3-hop path.");
- }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
return router_choose_random_node(NULL, options->ExcludeNodes, flags);
}
diff --git a/src/core/or/circuitbuild.h b/src/core/or/circuitbuild.h
index 9f5d99c2a5..0c6f2f6ce5 100644
--- a/src/core/or/circuitbuild.h
+++ b/src/core/or/circuitbuild.h
@@ -93,14 +93,10 @@ STATIC int
onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
int is_hs_v3_rp_circuit);
-#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-enum router_crn_flags_t;
-STATIC const node_t *pick_tor2web_rendezvous_node(
- enum router_crn_flags_t flags,
- const or_options_t *options);
+#if defined(TOR_UNIT_TESTS)
unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
-#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
+#endif /* defined(TOR_UNIT_TESTS) */
#endif /* defined(CIRCUITBUILD_PRIVATE) */
diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c
index 63cd21540d..9ebf618b45 100644
--- a/src/core/or/circuitstats.c
+++ b/src/core/or/circuitstats.c
@@ -113,8 +113,7 @@ get_circuit_build_timeout_ms(void)
* 2. If the torrc option LearnCircuitBuildTimeout is false.
* 3. If we are a directory authority
* 4. If we fail to write circuit build time history to our state file.
- * 5. If we are compiled or configured in Tor2web mode
- * 6. If we are configured in Single Onion mode
+ * 5. If we are configured in Single Onion mode
*/
int
circuit_build_times_disabled(const or_options_t *options)
@@ -136,7 +135,7 @@ circuit_build_times_disabled_(const or_options_t *options,
int config_disabled = !options->LearnCircuitBuildTimeout;
int dirauth_disabled = authdir_mode(options);
int state_disabled = did_last_state_file_write_fail() ? 1 : 0;
- /* LearnCircuitBuildTimeout and Tor2web/Single Onion Services are
+ /* LearnCircuitBuildTimeout and Single Onion Services are
* incompatible in two ways:
*
* - LearnCircuitBuildTimeout results in a low CBT, which
@@ -148,12 +147,11 @@ circuit_build_times_disabled_(const or_options_t *options,
*
* If we fix both of these issues someday, we should test
* these modes with LearnCircuitBuildTimeout on again. */
- int tor2web_disabled = rend_client_allow_non_anonymous_connection(options);
int single_onion_disabled = rend_service_allow_non_anonymous_connection(
options);
if (consensus_disabled || config_disabled || dirauth_disabled ||
- state_disabled || tor2web_disabled || single_onion_disabled) {
+ state_disabled || single_onion_disabled) {
#if 0
log_debug(LD_CIRC,
"CircuitBuildTime learning is disabled. "
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index a3b9eb1713..0f2b1ede32 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -863,8 +863,7 @@ static time_t last_expired_clientside_circuits = 0;
/**
* As a diagnostic for bug 8387, log information about how many one-hop
* circuits we have around that have been there for at least <b>age</b>
- * seconds. Log a few of them.
- * Ignores Single Onion Service intro and Tor2web redezvous circuits, they are
+ * seconds. Log a few of them. Ignores Single Onion Service intro, it is
* expected to be long-term one-hop circuits.
*/
void
@@ -889,13 +888,6 @@ circuit_log_ancient_one_hop_circuits(int age)
(circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
continue;
- /* Tor2web deliberately makes long term one-hop rend connections,
- * particularly when Tor2webRendezvousPoints is used. We only ignore
- * active rend point connections, if we take a long time to rendezvous,
- * that's worth logging. */
- if (rend_client_allow_non_anonymous_connection(options) &&
- circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
- continue;
ocirc = CONST_TO_ORIGIN_CIRCUIT(circ);
if (ocirc->build_state && ocirc->build_state->onehop_tunnel) {
@@ -1999,18 +1991,16 @@ circuit_should_use_vanguards(uint8_t purpose)
* Return true for the set of conditions for which it is OK to use
* a cannibalized circuit.
*
- * Don't cannibalize for onehops, or tor2web, or certain purposes.
+ * Don't cannibalize for onehops, or certain purposes.
*/
static int
circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
int has_extend_info,
- int onehop_tunnel,
- int need_specific_rp)
+ int onehop_tunnel)
{
- /* Do not try to cannibalize if this is a one hop circuit, or
- * is a tor2web/special rp. */
- if (onehop_tunnel || need_specific_rp) {
+ /* Do not try to cannibalize if this is a one hop circuit. */
+ if (onehop_tunnel) {
return 0;
}
@@ -2059,7 +2049,6 @@ circuit_launch_by_extend_info(uint8_t purpose,
origin_circuit_t *circ;
int onehop_tunnel = (flags & CIRCLAUNCH_ONEHOP_TUNNEL) != 0;
int have_path = have_enough_path_info(! (flags & CIRCLAUNCH_IS_INTERNAL) );
- int need_specific_rp = 0;
/* Keep some stats about our attempts to launch HS rendezvous circuits */
if (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
@@ -2075,20 +2064,11 @@ circuit_launch_by_extend_info(uint8_t purpose,
return NULL;
}
- /* If Tor2webRendezvousPoints is enabled and we are dealing with an
- RP circuit, we want a specific RP node so we shouldn't canibalize
- an already existing circuit. */
- if (get_options()->Tor2webRendezvousPoints &&
- purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
- need_specific_rp = 1;
- }
-
/* If we can/should cannibalize another circuit to build this one,
* then do so. */
if (circuit_should_cannibalize_to_build(purpose,
extend_info != NULL,
- onehop_tunnel,
- need_specific_rp)) {
+ onehop_tunnel)) {
/* see if there are appropriate circs available to cannibalize. */
/* XXX if we're planning to add a hop, perhaps we want to look for
* internal circs rather than exit circs? -RD */
@@ -2485,16 +2465,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
else
new_circ_purpose = desired_circuit_purpose;
-#ifdef ENABLE_TOR2WEB_MODE
- /* If tor2Web is on, then hidden service requests should be one-hop.
- */
- if (options->Tor2webMode &&
- (new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
- new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) {
- want_onehop = 1;
- }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
/* Determine what kind of a circuit to launch, and actually launch it. */
{
int flags = CIRCLAUNCH_NEED_CAPACITY;
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index c51e428000..ab3c14d2c3 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1842,18 +1842,6 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
return -1;
}
-#ifdef ENABLE_TOR2WEB_MODE
- /* If we're running in Tor2webMode, we don't allow anything BUT .onion
- * addresses. */
- if (options->Tor2webMode) {
- log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
- "or IP address %s because tor2web mode is enabled.",
- safe_str_client(socks->address));
- connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
- return -1;
- }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
/* socks->address is a non-onion hostname or IP address.
* If we can't do any non-onion requests, refuse the connection.
* If we have a hostname but can't do DNS, refuse the connection.
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 9aca030c74..f0cef06011 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -101,10 +101,6 @@ struct curve25519_public_key_t;
#define cell_t tor_cell_t
#endif
-#ifdef ENABLE_TOR2WEB_MODE
-#define NON_ANONYMOUS_MODE_ENABLED 1
-#endif
-
/** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
#define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
diff --git a/src/feature/dircache/directory.c b/src/feature/dircache/directory.c
index 888a7c1939..de0bcdbfa7 100644
--- a/src/feature/dircache/directory.c
+++ b/src/feature/dircache/directory.c
@@ -803,10 +803,8 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
* allowed by the firewall.
*
* (When Tor uploads and downloads a hidden service descriptor, it uses
- * DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
- * So this code will only modify the address for Tor2Web's HS descriptor
- * fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
- * HSDirs denying service by rejecting descriptors.)
+ * DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS,
+ * to avoid HSDirs denying service by rejecting descriptors.)
*/
/* Initialise the OR / Dir addresses */
diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c
index 9f62156eb9..2c4cec65b1 100644
--- a/src/feature/rend/rendclient.c
+++ b/src/feature/rend/rendclient.c
@@ -449,12 +449,7 @@ directory_get_from_hs_dir(const char *desc_id,
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
const rend_data_v2_t *rend_data;
-#ifdef ENABLE_TOR2WEB_MODE
- const int tor2web_mode = get_options()->Tor2webMode;
- const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS;
-#else
const int how_to_fetch = DIRIND_ANONYMOUS;
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
tor_assert(desc_id);
tor_assert(rend_query);
@@ -1223,35 +1218,3 @@ rend_parse_service_authorization(const or_options_t *options,
}
return res;
}
-
-/* Can Tor client code make direct (non-anonymous) connections to introduction
- * or rendezvous points?
- * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is
- * configured in Tor2web mode. */
-int
-rend_client_allow_non_anonymous_connection(const or_options_t *options)
-{
- /* Tor2web support needs to be compiled in to a tor binary. */
-#ifdef NON_ANONYMOUS_MODE_ENABLED
- /* Tor2web */
- return options->Tor2webMode ? 1 : 0;
-#else
- (void)options;
- return 0;
-#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */
-}
-
-/* At compile-time, was non-anonymous mode enabled via
- * NON_ANONYMOUS_MODE_ENABLED ? */
-int
-rend_client_non_anonymous_mode_enabled(const or_options_t *options)
-{
- (void)options;
- /* Tor2web support needs to be compiled in to a tor binary. */
-#ifdef NON_ANONYMOUS_MODE_ENABLED
- /* Tor2web */
- return 1;
-#else
- return 0;
-#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */
-}
diff --git a/src/feature/rend/rendclient.h b/src/feature/rend/rendclient.h
index e41faa4932..0d27d63e65 100644
--- a/src/feature/rend/rendclient.h
+++ b/src/feature/rend/rendclient.h
@@ -47,8 +47,5 @@ rend_service_authorization_t *rend_client_lookup_service_authorization(
const char *onion_address);
void rend_service_authorization_free_all(void);
-int rend_client_allow_non_anonymous_connection(const or_options_t *options);
-int rend_client_non_anonymous_mode_enabled(const or_options_t *options);
-
#endif /* !defined(TOR_RENDCLIENT_H) */
diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c
index 5bf9477446..8cb5fd91e6 100644
--- a/src/feature/rend/rendcommon.c
+++ b/src/feature/rend/rendcommon.c
@@ -979,37 +979,27 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
/* Is this a rend client or server that allows direct (non-anonymous)
* connections?
- * Clients must be specifically compiled and configured in this mode.
- * Onion services can be configured to start in this mode.
- * Prefer rend_client_allow_non_anonymous_connection() or
- * rend_service_allow_non_anonymous_connection() whenever possible, so that
- * checks are specific to Single Onion Services or Tor2web. */
+ * Onion services can be configured to start in this mode for single onion. */
int
rend_allow_non_anonymous_connection(const or_options_t* options)
{
- return (rend_client_allow_non_anonymous_connection(options)
- || rend_service_allow_non_anonymous_connection(options));
+ return rend_service_allow_non_anonymous_connection(options);
}
/* Is this a rend client or server in non-anonymous mode?
- * Clients must be specifically compiled in this mode.
- * Onion services can be configured to start in this mode.
- * Prefer rend_client_non_anonymous_mode_enabled() or
- * rend_service_non_anonymous_mode_enabled() whenever possible, so that checks
- * are specific to Single Onion Services or Tor2web. */
+ * Onion services can be configured to start in this mode for single onion. */
int
rend_non_anonymous_mode_enabled(const or_options_t *options)
{
- return (rend_client_non_anonymous_mode_enabled(options)
- || rend_service_non_anonymous_mode_enabled(options));
+ return rend_service_non_anonymous_mode_enabled(options);
}
/* Make sure that tor only builds one-hop circuits when they would not
* compromise user anonymity.
*
- * One-hop circuits are permitted in Tor2web or Single Onion modes.
+ * One-hop circuits are permitted in Single Onion modes.
*
- * Tor2web or Single Onion modes are also allowed to make multi-hop circuits.
+ * Single Onion modes are also allowed to make multi-hop circuits.
* For example, single onion HSDir circuits are 3-hop to prevent denial of
* service.
*/
diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c
index 22cd6c3435..0fd6516eaa 100644
--- a/src/feature/rend/rendmid.c
+++ b/src/feature/rend/rendmid.c
@@ -237,7 +237,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
}
/* Check if we are configured to accept established rendezvous cells from
- * client or in other words tor2web clients. */
+ * client or in other words Tor2Web clients. */
if (channel_is_client(circ->p_chan) &&
dos_should_refuse_single_hop_client()) {
/* Note it down for the heartbeat log purposes. */
diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c
index 5d696b8b80..de673de543 100644
--- a/src/test/test_channelpadding.c
+++ b/src/test/test_channelpadding.c
@@ -406,81 +406,12 @@ test_channelpadding_killonehop(void *arg)
setup_mock_consensus();
setup_mock_network();
- /* Do we disable padding if tor2webmode or rsos are enabled, and
- * the consensus says don't pad? */
-
- /* Ensure we can kill tor2web and rsos padding if we want. */
- // First, test that padding works if either is enabled
- smartlist_clear(current_md_consensus->net_params);
- channelpadding_new_consensus_params(current_md_consensus);
+ /* Do we disable padding if rsos is enabled, and the consensus says don't
+ * pad? */
monotime_coarse_t now;
monotime_coarse_get(&now);
- tried_to_write_cell = 0;
- get_options_mutable()->Tor2webMode = 1;
- monotime_coarse_add_msec(&client_relay3->next_padding_time, &now, 100);
- decision = channelpadding_decide_to_pad_channel(client_relay3);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
- tt_assert(client_relay3->pending_padding_callback);
- tt_int_op(tried_to_write_cell, OP_EQ, 0);
-
- decision = channelpadding_decide_to_pad_channel(client_relay3);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED);
-
- // Wait for the timer
- new_time += 101*NSEC_PER_MSEC;
- monotime_coarse_set_mock_time_nsec(new_time);
- monotime_set_mock_time_nsec(new_time);
- monotime_coarse_get(&now);
- timers_run_pending();
- tt_int_op(tried_to_write_cell, OP_EQ, 1);
- tt_assert(!client_relay3->pending_padding_callback);
-
- // Then test disabling each via consensus param
- smartlist_add(current_md_consensus->net_params,
- (void*)"nf_pad_tor2web=0");
- channelpadding_new_consensus_params(current_md_consensus);
-
- // Before the client tries to pad, the relay will still pad:
- tried_to_write_cell = 0;
- monotime_coarse_add_msec(&relay3_client->next_padding_time, &now, 100);
- get_options_mutable()->ORPort_set = 1;
- get_options_mutable()->Tor2webMode = 0;
- decision = channelpadding_decide_to_pad_channel(relay3_client);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
- tt_assert(relay3_client->pending_padding_callback);
-
- // Wait for the timer
- new_time += 101*NSEC_PER_MSEC;
- monotime_coarse_set_mock_time_nsec(new_time);
- monotime_set_mock_time_nsec(new_time);
- monotime_coarse_get(&now);
- timers_run_pending();
- tt_int_op(tried_to_write_cell, OP_EQ, 1);
- tt_assert(!client_relay3->pending_padding_callback);
-
- // Test client side (it should stop immediately, but send a negotiate)
- tried_to_write_cell = 0;
- tt_assert(relay3_client->padding_enabled);
- tt_assert(client_relay3->padding_enabled);
- get_options_mutable()->Tor2webMode = 1;
- /* For the relay to receive the negotiate: */
- get_options_mutable()->ORPort_set = 1;
- decision = channelpadding_decide_to_pad_channel(client_relay3);
- tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD);
- tt_int_op(tried_to_write_cell, OP_EQ, 1);
- tt_assert(!client_relay3->pending_padding_callback);
- tt_assert(!relay3_client->padding_enabled);
-
- // Test relay side (it should have gotten the negotiation to disable)
- get_options_mutable()->ORPort_set = 1;
- get_options_mutable()->Tor2webMode = 0;
- tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ,
- CHANNELPADDING_WONTPAD);
- tt_assert(!relay3_client->padding_enabled);
-
- /* Repeat for SOS */
// First, test that padding works if either is enabled
smartlist_clear(current_md_consensus->net_params);
channelpadding_new_consensus_params(current_md_consensus);
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 135df8e9f3..e3599d5720 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -354,76 +354,6 @@ test_hs_desc_event(void *arg)
tor_free(received_msg);
}
-/* Make sure we always pick the right RP, given a well formatted
- * Tor2webRendezvousPoints value. */
-static void
-test_pick_tor2web_rendezvous_node(void *arg)
-{
- or_options_t *options = get_options_mutable();
- const node_t *chosen_rp = NULL;
- router_crn_flags_t flags = CRN_NEED_DESC;
- int retval, i;
- const char *tor2web_rendezvous_str = "test003r";
-
- (void) arg;
-
- /* Setup fake routerlist. */
- helper_setup_fake_routerlist();
-
- /* Parse Tor2webRendezvousPoints as a routerset. */
- options->Tor2webRendezvousPoints = routerset_new();
- options->UseMicrodescriptors = 0;
- retval = routerset_parse(options->Tor2webRendezvousPoints,
- tor2web_rendezvous_str,
- "test_tor2web_rp");
- tt_int_op(retval, OP_GE, 0);
-
- /* Pick rendezvous point. Make sure the correct one is
- picked. Repeat many times to make sure it works properly. */
- for (i = 0; i < 50 ; i++) {
- chosen_rp = pick_tor2web_rendezvous_node(flags, options);
- tt_assert(chosen_rp);
- tt_str_op(chosen_rp->ri->nickname, OP_EQ, tor2web_rendezvous_str);
- }
-
- done:
- routerset_free(options->Tor2webRendezvousPoints);
-}
-
-/* Make sure we never pick an RP if Tor2webRendezvousPoints doesn't
- * correspond to an actual node. */
-static void
-test_pick_bad_tor2web_rendezvous_node(void *arg)
-{
- or_options_t *options = get_options_mutable();
- const node_t *chosen_rp = NULL;
- router_crn_flags_t flags = CRN_NEED_DESC;
- int retval, i;
- const char *tor2web_rendezvous_str = "dummy";
-
- (void) arg;
-
- /* Setup fake routerlist. */
- helper_setup_fake_routerlist();
-
- /* Parse Tor2webRendezvousPoints as a routerset. */
- options->Tor2webRendezvousPoints = routerset_new();
- retval = routerset_parse(options->Tor2webRendezvousPoints,
- tor2web_rendezvous_str,
- "test_tor2web_rp");
- tt_int_op(retval, OP_GE, 0);
-
- /* Pick rendezvous point. Since Tor2webRendezvousPoints was set to a
- dummy value, we shouldn't find any eligible RPs. */
- for (i = 0; i < 50 ; i++) {
- chosen_rp = pick_tor2web_rendezvous_node(flags, options);
- tt_ptr_op(chosen_rp, OP_EQ, NULL);
- }
-
- done:
- routerset_free(options->Tor2webRendezvousPoints);
-}
-
/* Make sure rend_data_t is valid at creation, destruction and when
* duplicated. */
static void
@@ -1046,11 +976,6 @@ struct testcase_t hs_tests[] = {
NULL, NULL },
{ "hs_desc_event", test_hs_desc_event, TT_FORK,
NULL, NULL },
- { "pick_tor2web_rendezvous_node", test_pick_tor2web_rendezvous_node, TT_FORK,
- NULL, NULL },
- { "pick_bad_tor2web_rendezvous_node",
- test_pick_bad_tor2web_rendezvous_node, TT_FORK,
- NULL, NULL },
{ "hs_auth_cookies", test_hs_auth_cookies, TT_FORK,
NULL, NULL },
{ "single_onion_poisoning_create_dir_none", test_single_onion_poisoning,
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 71d2193d1f..56b7f3cf0f 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -2459,36 +2459,6 @@ test_options_validate__circuits(void *ignored)
}
static void
-test_options_validate__tor2web(void *ignored)
-{
- (void)ignored;
- int ret;
- char *msg;
- options_test_data_t *tdata = NULL;
-
- free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "Tor2webRendezvousPoints 1\n");
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, -1);
- tt_str_op(msg, OP_EQ,
- "Tor2webRendezvousPoints cannot be set without Tor2webMode.");
- tor_free(msg);
-
- free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "Tor2webRendezvousPoints 1\nTor2webMode 1\n");
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, 0);
- tor_free(msg);
-
- done:
- policies_free_all();
- free_options_test_data(tdata);
- tor_free(msg);
-}
-
-static void
test_options_validate__rend(void *ignored)
{
(void)ignored;
@@ -2601,13 +2571,11 @@ test_options_validate__single_onion(void *ignored)
tt_ptr_op(msg, OP_EQ, NULL);
free_options_test_data(tdata);
- /* Test that SOCKSPort must come with Tor2webMode if
- * HiddenServiceSingleHopMode is 1 */
+ /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"SOCKSPort 5000\n"
"HiddenServiceSingleHopMode 1\n"
"HiddenServiceNonAnonymousMode 1\n"
- "Tor2webMode 0\n"
);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
tt_int_op(ret, OP_EQ, -1);
@@ -2622,7 +2590,6 @@ test_options_validate__single_onion(void *ignored)
"SOCKSPort 0\n"
"HiddenServiceSingleHopMode 1\n"
"HiddenServiceNonAnonymousMode 1\n"
- "Tor2webMode 0\n"
);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
tt_int_op(ret, OP_EQ, 0);
@@ -2632,27 +2599,13 @@ test_options_validate__single_onion(void *ignored)
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"SOCKSPort 5000\n"
"HiddenServiceSingleHopMode 0\n"
- "Tor2webMode 0\n"
- );
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, 0);
- tt_ptr_op(msg, OP_EQ, NULL);
- free_options_test_data(tdata);
-
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "SOCKSPort 5000\n"
- "HiddenServiceSingleHopMode 1\n"
- "HiddenServiceNonAnonymousMode 1\n"
- "Tor2webMode 1\n"
);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
tt_int_op(ret, OP_EQ, 0);
tt_ptr_op(msg, OP_EQ, NULL);
free_options_test_data(tdata);
- /* Test that a hidden service can't be run with Tor2web
- * Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
- * Tor2webMode requires a compilation #define */
+ /* Test that a hidden service can't be run in non anonymous mode. */
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"HiddenServiceNonAnonymousMode 1\n"
"HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
@@ -4257,7 +4210,6 @@ struct testcase_t options_tests[] = {
LOCAL_VALIDATE_TEST(path_bias),
LOCAL_VALIDATE_TEST(bandwidth),
LOCAL_VALIDATE_TEST(circuits),
- LOCAL_VALIDATE_TEST(tor2web),
LOCAL_VALIDATE_TEST(rend),
LOCAL_VALIDATE_TEST(single_onion),
LOCAL_VALIDATE_TEST(accounting),
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion